Introduction to

Computer Security

• Can explain the terms confidentiality, integrity and the basic concepts behind these terms. 
• Can enlist and explain the ten security principles by Saltzer and Schroeder. 
• Can describe weak and strong passwords.

• Can explain the concepts of assurance, authenticity and anonymity with examples.
• Can enlist and explain some threats and attacks.
• Can define the access control models and can describe some mechanisms to implement them.

•  Can explain the basic principles of symmetric and asymmetric cryptography. 
• Can explain one-time pad encryption, its good and bad properties and its applications to modern cryptography.
• Can describe the basic structure of AES.
• Can perform addition and exponentiation in modular arithmetic.
• Can enlist some standard hash function and their properties.

•  Can construct linear congruental pseudo random number generators and can explain methods to increase the security of random number generators. 
• Can explain the weaknesses of AES.
• Can describe and analyse (security, tolerance to communication errors, performance) the modes of operation of block ciphers.
• Can encipher and decipher messages using RSA with given parameters and small numbers.
• Can explain what is needed for efficient implementation of RSA.
• Can demonstrate the Diffie-Hellman key exchange with small numbers and can describe the man-in-the-middle-attack against it.
• Can describe the desirable properties of hash functions.
• Can explain the RSA signature scheme.

Operating System

Security

• Can set and intepret the permissions for Unix files. 
• Can describe the role of monitoring, management and event logging in the computer security.
• Can explain the concept and motivation of password salt. 
• Can explain the concepts of statically linked, dynamically linked, dynamic linkin library (DLL), DLL injection with its good and bad aspects.
• Can give simple examples of buffer overflow attacks.

• Can describe security issues related to the boot sequence, boot device hierarchy and hibernation.
• Can describe some attacks on virtual memory.
• Can explain the password authentication in Windows and Unix-based systems.
• Can explain with examples the use of the setuid bit.
• Can describe the use of file descriptors and their possible vulnerabilities.
• Can describe stack-based and heap-based buffer overflows.

Malicious Software

• Can describe insider attacks and defenses against them.
• Can classify viruses and describe the features that form the foundation for defenses.

• Can describe, in general terms, trojan horses, worms, rootkits, botnets, adware, and spyware. 
• Can explain the countermeasures against malware.

• Can describe the ARP and IP spoofing attacks and preventive means against them. 
• Can describe packet sniffing and methods to prevent it.
• Can describe various kind of denial-of-service attacks.
• Can describe the properties of stateless and stateful firewalls and can draw typical firewall configurations.

• Can explain various TCP session hijacking methods and countermeasures against them. 
• Can explain SYN flood attacks and optimistic TCP ACK attacks and defenses against them.
• Can describe DNS attacks and defenses against them, including DNSSEC.
• Can explain the functioning of SSH and IPSec.
• Can explain VPNs and tunneling and some risks in allowing them.
• Can explain the basic principles on which intrusion detection is based.

• Can define a certificate and an extended validation certificate.
• Can analyse the security concerns of cookies.
• Can explain the idea of the sandbox.
• Can describe safe-browsing practices and can use built-in browser security methods.

•  Can describe the functioning of the public key infrastructure.
• Can describe HTTP session hijacking, phishing, and click-jacking and defenses against them.
• Can explain possible vulnerabilities in media content, especially in the context of Adobe Flash, Java Applets, and Active X.
• Can explain XSS and CSRF attacks and defenses against them.
• Can explain server-side script inclusion vulnerabilities.
• Can describe SQL injection attacks with examples, and defenses against server-side attacks.