1. General information
Course:
SECURITY IN COMPUTING SYSTEMS
Code:
42357
Type:
CORE COURSE
ECTS credits:
6
Degree:
346 - DEGREE IN COMPUTER SCIENCE AND ENGINEERING
Academic year:
2019-20
Center:
604 - SCHOOL OF COMPUTER SCIENCE AND ENGINEERING (AB)
Group(s):
13
Year:
4
Duration:
First semester
Main language:
Spanish
Second language:
English
Use of additional languages:
English Friendly:
Y
Web site:
Bilingual:
N
Lecturer:
JOSE LUIS MARTINEZ MARTINEZ
- Group(s):
13
Building/Office
Department
Phone number
Email
Office hours
ESII-1.C.11
SISTEMAS INFORMÁTICOS
2294
joseluis.martinez@uclm.es
Publicada en la página de la ESII.
Se atenderá cualquier día y hora previa cita a través del mail
2. Pre-Requisites
Mandatory subject for the Technology Specific Information Technology Subject, it is advisable to have completed the Basic Training modules and the Common module to the Computing Branch (Modules I and II). It is therefore recommended to have clear the basic concepts of interconnection networks and configuration of networked devices (Networks I and Networks II), and programming concepts and operating systems.
3. Justification in the curriculum, relation to other subjects and to the profession
This subject is integrated in the subject of Technologies and Information Systems of the curriculum. Computer security is a common competence in all the Computer Engineering plans, included in the White Paper and in all IEEE / ACM curricular recommendations. Safety is a specific competence, but it affects all subjects in the curriculum. The weak link principle states that a computer system is as safe as its most vulnerable point. This necessarily translates into a multidisciplinary subject, where aspects of very low level and aspects of very high level are considered. The IT Engineer must be aware of the plurality of problems that affect security, to be able to make the appropriate decisions of design, operation or maintenance.
4. Degree competences achieved in this course
| Course competences | |
|---|---|
| Code | Description |
| INS2 | Organising and planning skills. |
| INS5 | Argumentative skills to logically justify and explain decisions and opinions. |
| PER2 | Ability to work in multidisciplinary teams. |
| SIS1 | Critical thinking. |
| SIS3 | Autonomous learning. |
| SIS4 | Adaptation to new scenarios. |
| SIS5 | Creativity. |
| TI7 | Ability to understand, apply, and manage the reliability and safety of digital systems. |
5. Objectives or Learning Outcomes
| Course learning outcomes | |
|---|---|
| Description | |
| Configuration of secure networks using firewalls and virtual private networks. | |
| Knowledge about the latest techniques in transaction security, as well as current legislation regarding data protection. | |
| Design of security and contingency plans in Data Processing Centers (DPCs). | |
| Management of security in computing systems. | |
| Identification of vulnerabilities in the computer system, analyze and classify attacks. | |
| Use of encryption and cryptography techniques to protect information. | |
| Additional outcomes | |
| Not established. |
6. Units / Contents
-
Unit 1: Introduction
-
Unit 1.1: Presentation
-
Unit 1.2: Introduction to Information Security
-
-
Unit 2: Ethical Hacking
-
Unit 2.1: Footprinting & Open Source Inteligence
-
Unit 2.2: Fingerprinting & Enumeration
-
Unit 2.3: Access Attacks
-
Unit 2.4: NavajaNegra Conference
-
Unit 2.5: Attack of data networks and social engineering
-
Unit 2.6: Exploiting vulnerabilities
-
Unit 2.7:
-
-
Unit 3: Web Auditory
-
Unit 3.1: OWASP & Proxy Web
-
Unit 3.2: XSS
-
Unit 3.3: CSRF+LFI+RFI+CLI
-
Unit 3.4: SQLi
-
Unit 3.5: Blind SQLi and Sqlmap
-
Unit 3.6:
-
7. Activities, Units/Modules and Methodology
| Training Activity | Methodology | Related Competences (only degrees before RD 822/2021) | ECTS | Hours | As | Com | R | Description * |
| Class Attendance (theory) [ON-SITE] | Combination of methods | TI7 | 0.96 | 24 | Y | N | Y | |
| Class Attendance (practical) [ON-SITE] | Practical or hands-on activities | TI7 | 1.2 | 30 | Y | N | Y | |
| Project or Topic Presentations [ON-SITE] | Group Work | INS2 INS5 PER2 SIS1 SIS3 SIS4 SIS5 | 0.12 | 3 | Y | N | N | |
| Final test [ON-SITE] | Assessment tests | INS5 SIS1 | 0.2 | 5 | Y | Y | Y | |
| Writing of reports or projects [OFF-SITE] | Group Work | INS2 INS5 PER2 SIS1 SIS3 SIS4 SIS5 | 0.8 | 20 | Y | N | Y | |
| Study and Exam Preparation [OFF-SITE] | Self-study | INS2 INS5 PER2 SIS1 SIS3 SIS4 SIS5 TI7 | 2.56 | 64 | Y | N | Y | |
| On-line Activities [OFF-SITE] | Assessment tests | INS2 SIS4 | 0.16 | 4 | Y | N | Y | |
| Total: | 6 | 150 | ||||||
| Total credits of in-class work: 2.48 | Total class time hours: 62 | |||||||
| Total credits of out of class work: 3.52 | Total hours of out of class work: 88 | |||||||
As: Assessable training activity Com: Training activity of compulsory overcoming R: Rescheduling training activity
8. Evaluation criteria and Grading System
| Grading System | |||
| Evaluation System | Face-to-Face | Self-Study Student | Description |
| Progress Tests | 50.00% | 0.00% | |
| Final test | 25.00% | 0.00% | |
| Final test | 25.00% | 0.00% | |
| Total: | 100.00% | 0.00% | |
Evaluation criteria for the final exam:
[MODALITY WITH CONTINUOUS EVALUATION]
-Theory:
- Theoretical Final Examination: 25% (Minimum score: 4 points, Compensable with the tests of the continuous assessment)
-Practices:
- Practical Laboratory Final Exam: 25% (Minimum score: 4 points) Compensable with the tests of the continuous evaluation
-Continuous assessment:
Test Evaluables: 40% A test of 10 V / F questions will be carried out at the end of each sub-topic.
- Job:
- Practical work defended in class: 10%
[MODALITY WITHOUT CONTINUOUS EVALUATION]
-Theory:
- Final Exam: 50% (Minimum score: 4 points, Compensable with the practical part)
-Practices:
- Final Exam of Practices: 50% (Minimum score: 4 points, Compensable with the theory part)
In both modalities, each part is saved for the extraordinary call if it exceeds 5
The student who does not pass all the minimum required tests (minimum score of 4 both in the theory and practical exam) in the subject will appear as a failure and will have a final grade corresponding to the average grade between the theory and practice exam. In case the average of approved, will have a note of suspense, 4.
-Theory:
- Theoretical Final Examination: 25% (Minimum score: 4 points, Compensable with the tests of the continuous assessment)
-Practices:
- Practical Laboratory Final Exam: 25% (Minimum score: 4 points) Compensable with the tests of the continuous evaluation
-Continuous assessment:
Test Evaluables: 40% A test of 10 V / F questions will be carried out at the end of each sub-topic.
- Job:
- Practical work defended in class: 10%
[MODALITY WITHOUT CONTINUOUS EVALUATION]
-Theory:
- Final Exam: 50% (Minimum score: 4 points, Compensable with the practical part)
-Practices:
- Final Exam of Practices: 50% (Minimum score: 4 points, Compensable with the theory part)
In both modalities, each part is saved for the extraordinary call if it exceeds 5
The student who does not pass all the minimum required tests (minimum score of 4 both in the theory and practical exam) in the subject will appear as a failure and will have a final grade corresponding to the average grade between the theory and practice exam. In case the average of approved, will have a note of suspense, 4.
Specifications for the resit/retake exam:
In the extraordinary call only the final theory exam and the practical case in the laboratory can be recovered, the test and work notes are kept from the ordinary one. If the student wishes, it can be presented according to the format WITH OR WITHOUT CONTINUOUS EVALUATION MODALITY, that is, with or without taking into account the results of the continuous evaluation.
Specifications for the second resit / retake exam:
Same as the extraordinary
9. Assignments, course calendar and important dates
| Not related to the syllabus/contents | |
|---|---|
| Hours | hours |
| Project or Topic Presentations [PRESENCIAL][Group Work] | 3 |
| Final test [PRESENCIAL][Assessment tests] | 5 |
| Writing of reports or projects [AUTÓNOMA][Group Work] | 20 |
| On-line Activities [AUTÓNOMA][Assessment tests] | 4 |
| Unit 1 (de 3): Introduction | |
|---|---|
| Activities | Hours |
| Class Attendance (theory) [PRESENCIAL][Combination of methods] | 4 |
| Study and Exam Preparation [AUTÓNOMA][Self-study] | 2 |
| Unit 2 (de 3): Ethical Hacking | |
|---|---|
| Activities | Hours |
| Class Attendance (theory) [PRESENCIAL][Combination of methods] | 4 |
| Class Attendance (practical) [PRESENCIAL][Practical or hands-on activities] | 10 |
| Study and Exam Preparation [AUTÓNOMA][Self-study] | 24 |
| Unit 3 (de 3): Web Auditory | |
|---|---|
| Activities | Hours |
| Class Attendance (theory) [PRESENCIAL][Combination of methods] | 10 |
| Class Attendance (practical) [PRESENCIAL][Practical or hands-on activities] | 18 |
| Study and Exam Preparation [AUTÓNOMA][Self-study] | 24 |
| Global activity | |
|---|---|
| Activities | hours |
10. Bibliography and Sources
| Author(s) | Title | Book/Journal | Citv | Publishing house | ISBN | Year | Description | Link | Catálogo biblioteca |
|---|---|---|---|---|---|---|---|---|---|
| Estándares de la serie ISO/IEC | www.aenor.es, www.iso.org y www.iso27000.es | ||||||||
| Catherine Paquet | Implemeting Cisco IOS Network Security | Cisco Press | 2009 | ||||||
| Fundamentos de Seguridad en Redes | Fundamentos de Seguridad en Redes | Cisco Press | 2008 | ||||||
| Kurose, J., Ross, K. | Redes de Computadores. Un enfoque descendente basado en Internet | Pearson Education | 2003 | ||||||
| Michael Walkings, Kevin Wallace | CCNA Security Official Exam Certification Guide | Cisco Press | 2008 | ||||||
| William Stallings | Computer security. Principles and Practice | Pearson International Edition | 2008 | ||||||
| William Stallings | Fundamentos de seguridad en redes | Pearson Prentice Hall | 2003 | ||||||
| varios | Colección Pack Completa | 0xword | Colección de varios ejemplares | http://0xword.com/es/ |