IDENTIFYING DATA 2023_24
Subject (*) NETWORK SECURITY Code 17244123
Study programme
Bach. Degree in Telecommunication Systems and Services Engineering (2016)
 Cycle 1st
Descriptors Credits Type Year Period
6 Compulsory Third 2Q
Language
Català
Department Computer Engineering and Mathematics
Coordinator
CASTELLÀ ROCA, JORDI
 E-mail jordi.castella@urv.cat
toni.cortes@urv.cat
cristofol.dauden@urv.cat
Lecturers
CASTELLÀ ROCA, JORDI
CORTÈS MARTÍNEZ, ANTONI
DAUDEN ESMEL, CRISTOFOL
Web http://moodle.urv.cat
General description and relevant information <p> GENERAL DESCRIPTION OF THE SUBJECT: Security is a very important aspect of communication networks. By taking this subject, students understand the functioning and know how to use the main cryptographic tools to provide security to a network (symmetric and asymmetric cryptosystems, and public key infrastructure). These tools are used in the main secure communication protocols. The subject also explains what these protocols are, when and how they can be used. In addition, students learn about the risks of TCP/IP communications, the available vulnerability detection tools and how to use them, and how to configure a system to accept only one type of connections (firewall). Finally, the main intrusion detection tools and techniques for creating a deception system are covered. Students are able to design the security architecture of a computer system. </p>

Competences
Type A Code Competences Specific
 A6 Be able to design, develop, evaluate and ensure the accessibility, ergonomics, usability and security of IT systems, services and applications, and the information that they manage.
 A7 Be able to define, evaluate and select hardware and software platforms for the development and execution of IT systems, services and applications.
 CM5 Have knowledge of administration and maintenance of IT systems, services and applications.
 CM11 Have knowledge of and apply the characteristics, functions and structure of distributed systems, computer networks and the Internet, and the design and implementation of applications based on them.
 CM13 Have knowledge of and apply the tools necessary for the storage, processing and access to information systems, including web-based systems.
Type B Code Competences Transversal
Type C Code Competences Nuclear

Learning outcomes
Type A Code Learning outcomes
 A6 Know the risks of TCP/IP communications.
Know how to design the security architecture of an IT system.
Know how to use the different types of cryptosystems according to the needs.
 A7 Know how to use vulnerability detection tools.
Know how to design the security architecture of an IT system.
 CM5 Know how to configure a firewall.
Know how to configure an intrusion detection system.
Know the techniques for creating a deception system.
Know how to design the security architecture of an IT system.
 CM11 Know how to design the security architecture of an IT system.
Understand the functioning of symmetrical and asymmetrical cryptosystems.
Know how to use the different types of cryptosystems according to the needs.
Understand the functioning of a public key infrastructure.
 CM13 Understand the functioning of a public key infrastructure.
Know the different secure protocols currently used in TCP/IP communications.
Know how to use the secure communication protocols that currently exist.
Type B Code Learning outcomes
Type C Code Learning outcomes

Contents
Topic Sub-topic
1. Cryptographic toolbox. 1.1. Introduction
1.2. Stream encryption
1.3. Block encryption
1.4. Public key encryption
1.5. Digital signatures
1.6. Digital envelope
1.7. Public key infrastructure
1.8. Security devices
2. Secure communication protocols 2.1. Introduction
2.2. Link-level protocols:WEP/WPA/WPA2/WPA3
2.3. Network-level protocols: IPSec
2.4. Transport-level protocols: SSL/TLS/SSH
2.5. Application-level protocols
3. Vulnerabilities and protection 3.1. Introduction
3.2. Eavesdropping and data interception
3.3. Attacks against authentication
3.4. Attacks against denial of service
3.5. Software attacks
3.6. Port scanning
3.7. Vulnerability scanning
3.8. Firewalls
4. Intrusion detection 4.1. Introduction
4.2. Intrusion Detection Systems (IDS)
4.3. SNORT
4.3. Honeypots
4.4. Security consoles
5. Security management 5.1. Information Security Management System (ISMS)
5.2. Implement, monitor, maintain, and improve
5.3. ISO/IEC 27000-series

Planning
Methodologies  ::  Tests
  Competences (*) Class hours
 Hours outside the classroom
 (**) Total hours
Introductory activities
1 0.5 1.5
Lecture
A6
A7
CM5
CM11
CM13
 25 37.5 62.5
IT-based practicals in computer rooms
A6
A7
CM5
CM11
CM13
 28 42 70
Personal attention
2 0 2
 
Extended-answer tests
A6
A7
CM5
CM11
CM13
 4 10 14
 
(*) On e-learning, hours of virtual attendance of the teacher.
(**) The information in the planning table is for guidance only and does not take into account the heterogeneity of the students.

Methodologies
Methodologies
  Description
Introductory activities The professor describes the content of the subject and the evaluation method.
Lecture The students have access to the subject contents and a study plan. In each lecture, the professor explains the content corresponding to the planned session and answers the students' questions. The students are expected to have studied the material beforehand.
IT-based practicals in computer rooms The practical sessions take place in weekly two-hour sessions. At the beginning of each session, a guide is provided, and the necessary concepts to carry out the practice are explained. The students work on the practice in pairs.
Personal attention Laboratory Practices:

Students can consult any doubts with the professor. They can do so during class hours, by visiting the professor's office during consultation hours, through email, using the Moodle platform, or through authorized video conferencing tools arranged beforehand by the URV.

Lecture Session:

Students can consult any doubts with the professor. They can do so during class hours, by visiting the professor's office during consultation hours, through email, using the Moodle platform, or through authorized video conferencing tools arranged beforehand by the URV.

Personalized attention
Description
Laboratory Practices: Students can consult any doubts with the professor. They can do so during class hours, by visiting the professor's office during consultation hours, through email, using the Moodle platform, or with authorized video conferencing tools scheduled in advance by the URV.

Lecture Session: Students can consult any doubts with the professor. They can do so during class hours, by visiting the professor's office during consultation hours, through email, using the Moodle platform, or with authorized video conferencing tools scheduled in advance by the URV.

Assessment
Methodologies Competences Description Weight        
IT-based practicals in computer rooms
A6
A7
CM5
CM11
CM13
 The subject is divided into two blocks, and each block has a practical component. The final grade for the practicals (NP) is calculated as follows:

NP = NP1 * 0.6 + NP2 * 0.4

Practical grade for Block I (NP1): topics 1 and 2

Practical grade for Block II (NP2): topics 3, 4, and 5

-The minimum grade for a practical to be averaged with the others must be 4.

-NP1 and NP2 must be greater than or equal to 5 to pass the corresponding block's practicals. 		0.25
Extended-answer tests
A6
A7
CM5
CM11
CM13
 The subject is divided into two blocks, and the final grade for the development tests (NE) is calculated as follows:

NE = E1 * 0.6 + E2 * 0.4

Exam grade for Block I (E1): topics 1 and 2

Exam grade for Block II (E2): topics 3, 4, and 5

The minimum passing grade for an exam to continue with the Continuous Assessment (AC) is 4. If the grade for either of the two exams (E1 or E2) is below 4, the Continuous Assessment is failed. The subject can only be passed by retaking the failed part in the second assessment period.
Starting from a grade of 4, the exams are weighted averaged and the final grade (NE) must be higher than 5.

The development tests can be conducted on paper or using electronic devices provided by the URV in computerized classrooms. 		0.75
Others   The Final Grade of the Continuous Assessment (NFAC) is calculated as follows:

NFAC = NE * 0.75 + NP * 0.25

Where:
NE represents the final grade for the development tests,
NP represents the final grade for the practical assignments.

The development tests contribute 75% to the final grade, while the practical assignments contribute 25%. By combining these two components with their respective weights, the NFAC is determined, representing the overall grade for the Continuous Assessment.
 
Other comments and second exam session
If students do not follow the Continuous Assessment (AC), if they obtain less than a 4 on one of the exams (E1 or E2), or if they do not pass it (the Final Grade of the Continuous Assessment - NFAC - is less than 5), they can pass the subject in the second call.

Exams:
  • The student only needs to take the exam for the block they have not taken or in which they have obtained a score below 5.
  • The student will have a grade for each block: NE1 (block 1) and NE2 (block 2).
  • The second call exam grade for each block must be equal to or higher than 4 (NE1 >= 4, NE2 >= 4) to calculate the average.
  • The exam grade is calculated the same way as in the AC: NE = 0.6NE1 + 0.4NE2.
Practicals:
  • Practical assignments must be submitted and passed following the same criteria as in the AC.
  • Therefore, the student will have an NP1 and NP2 corresponding to the practical grade for block 1 and block 2, respectively.
  • The practical grade is calculated the same way as in the AC: NP = 0.6NP1 + 0.4NP2.
Final Grade: NF = 0.75NE + 0.25NP.

Considerations:
  • Students are not allowed to bring electronic devices to any of the face-to-face written exams.
  • Development tests can be carried out on paper or using URV electronic devices in computerized classrooms.
  • If, given the health conditions, face-to-face exams cannot be held, they will be conducted online through Moodle questionnaires on the scheduled dates. These questionnaires will contain practical questions, that is, exercises with calculations and reasoning problems. Each exam will have different values or variations of the problem, and therefore, different answers. In other words, no two exams will be the same.
  • The duration of the test will be two hours, and this time limit will be fixed.
In the case of online tests, it is necessary to ensure the identity of the student and that the assessment is individual, so the following procedure will be followed:
  • Access the "URV Online Campus" (Moodle) with the student's credentials about 30 minutes before the test.
  • Then connect to the MS Teams theory classroom (or a video conferencing tool authorized by the URV).
  • When accessing, the camera must be turned on. It will be verified that the student participating in the online test is alone and that the student is the one taking the test.
  • Request a commitment to honest conduct from the student, meaning that the student commits, on their honor, to complete the test without receiving any external help. They will answer the questions without any assistance.
  • Request the student's approval to take the exam with the camera turned on.
  • Turn off the microphones during the test. However, they can be connected if there is a general question to ask or an incident occurs.
  • If dishonest behavior is detected and there is only one connected professor, evidence of the actions will be collected.
  • If the student has a specific question about the exam, they can send it to the professor's mailbox.
  • In case of an incident, efforts will be made to resolve it quickly and increase the response time for affected students.
The students can consult updated information in the Moodle space for the subject.

Sources of information

Basic E.D.Zwicky, S.Cooper, D.B.Chapman, Building Internet Firewalls, 2n Edition, O'Reilly, 2000
Sean Convery, Network Security Architectures, , Cisco Press, 2004
Bruce Schneider, Applied cryptography, , Wiley, 1996
Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone, Handbook of applied cryptography, , CRC Press, 2001
Josep Domingo-Ferrer, Jordi Herrera Joancomartí, Ricardo X. Sànchez del Castillo, Criptografia, , Universitat Oberta de Catalunya, 1999
Jordi Herrera Joancomartí, Joaquín García Alfaro, Xavier Perramón Tornil, Seguretat en Xarxes de Computadors, , Universitat Oberta de Catalunya, 2004

Complementary

Recommendations

Subjects that continue the syllabus
ELECTRONIC COMMERCE SYSTEMS/17234121

Subjects that are recommended to be taken simultaneously
MANAGEMENT OF SYSTEMS AND NETWORKS/17234119

Subjects that it is recommended to have taken before
DISCRETE MATHEMATICS I/17234009
DISCRETE MATHEMATICS II/17234010
DATA NETWORKS/17234118
(*)The teaching guide is the document in which the URV publishes the information about all its courses. It is a public document and cannot be modified. Only in exceptional cases can it be revised by the competent agent or duly revised so that it is in line with current legislation.