Catalogo dei Corsi di studio

General objectives
The course explains the fundamentals of the methods and tools for the protection of computer networks. Particular attention is paid to the practical application of the concepts learned.

Knowledge and understanding
List commonly-seen threats arising from the use of particular protocols in networked computer systems. Explain mechanisms commonly used by intruders and designers of malware in order to compromise a computer system's security. Explain the basic mechanisms used for the detection of intrusion attempts in computer systems.

Application of knowledge and understanding
At the end of the course students will be able to monitor traffic in networks, apply a security policy, perform a network scan and search for vulnerabilities in a computer network. Students will develop the ability to select the appropriate firewall rules to protect a network, select the most appropriate mechanisms to protect a networked computer system and to make the most appropriate design choices to implement a "defense in depth" strategy, using isolated networks and dedicated tools (VPN, proxy and firewall).

Judgment skills
Students will develop the analytical skills necessary to evaluate different alternatives during the design process of a computer network, with particular reference to the evaluation of the architectural choices and related risks and to the security objectives that the system wants to pursue.

Communication capacity
Students will learn how to document their choices, also through the use of automated reporting tools. They will also have acquired the ability to prepare presentations related to specific scientific topics.

Ability to continue learning in an autonomous way
The concepts acquired during the course will provide students with a solid knowledge base in order to further deepen the more technical aspects, explore the alternatives not dealt with for time reasons and to autonomously keep themselves informed on the continuous developments and updates of network security and protection.

Programme

● Network hardening ​ : This topic covers ways to help the network defend itself from unauthorized access.
● Defense in depth ​ : This topic introduces the idea that defenses must be layered.
● Implementing IDS/IPS ​ : ​ ​ This topic covers intrusion detection and intrusion prevention services. These services audit the network traffic.
● Implementing firewalls and virtual private networks (VPNs) ​ : This topic covers the installation and use of firewalls and virtual private networks.
● Honeypots and honeynets ​ : This topic introduces the idea of providing intentionally vulnerable networks and devices in isolated networks so that they can be watched and analyzed as they are attacked.
● Network monitoring ​ : This topic covers the tools and techniques for monitoring network devices and their associated logs.
● Network traffic analysis ​ : This topic covers the tools and techniques for capturing and analyzing the packets flowing through the network.
● Minimizing exposure (attack surface and vectors) ​ : This topic covers the tools and techniques for finding and mitigating vulnerabilities through looking at potential weaknesses.
● Network access control (internal and external) ​ : This topic covers tools and techniques for limiting the flow of packets based upon rules based on packet content.
● Perimeter networks (also known as demilitarized zones or DMZs) / Proxy Servers ​ : This topic covers tools and techniques for implementing Defense in Depth using isolated networks and special servers.
● Network policy development and enforcement ​ : This topic covers the creation of policies that provide guidance and requirements for the services provided by the network along with the measures to be used to see that the policies are followed.
● Network attacks (e.g., session hijacking, man-in-the-middle) ​ : This topic covers the tools and techniques used to test the network by actually attempting to exploit vulnerabilities.

Adopted texts

● Introduction to Computer Networks and Cybersecurity, Chwan-Hwa (John) Wu, J. David Irwin, 1ed. CRC Press

Bibliography

● Network Security Essentials: Applications and Standards, William Stallings. 6th edition. Pearson ed. ● Practice of Network Security Monitoring, Richard Bejtlich. NoStarch press. ● Network Security Fundamentals, 1st Edition. Cole et al. Wiley Pathways. ● Introduction to Network Security: Theory and Practice, Jie Wang, Zachary A. Kissel. 2nd Edition. Wiley. ● The Network Security Test Lab: A Step-by-Step Guide. Michael Gregg. Wiley.

Prerequisites

Those are not formal but expected prerequisites: -strong computer networking knowledge -knowledge of basic notions of cryptography -knowledge of the Linux environment -knowledge of virtualization

Study modes

Parts of the lectures are theoretical, and parts are practical in labs. There will be the use of a unique virtual environment and also the access to virtual infrastructure in groups. There will be a series of assignments that have to be completed before the exam.

Frequency modes

In person

Exam modes

To properly assess the fulfillment of the learning objectives, students will be evaluated taking into account the following:
1. four mandatory assignments for assessing their ability to apply acquired knowledge and understanding and for assessing their critical and judgment skills;
2. a written exam assessing their learning ability and communication skills.

The four mandatory assignments are planned for the course's 3rd, 5th, 8th, and 10th weeks.
The written exam is structured in 10 (ten) open questions and 20 (twenty) closed multi-choice questions. Open and closed multi-choice questions contribute to the written exam evaluation by 60% and 40%, respectively.

The written exam grade can be incremented (up to +3 points) by the quality of the four mandatory assignment reports.

Exam reservation date start	Exam reservation date end	Exam date
10/10/2022	17/02/2024	20/02/2024
10/10/2022	12/03/2024	27/03/2024
30/05/2024	11/06/2024	14/06/2024
15/06/2024	06/07/2024	09/07/2024
10/10/2022	17/09/2024	20/09/2024