ICT Networking and security

Transcription

1 Post-academic course in ICT ICT Networking and security First component of a new broad ICT course Part I: Communication networks, January March 2008 Module 1: Fixed Networks Module 2: Multimedia Networks Module 3: Wireless Networks Module 4: etom Cases Part II: Security, April June 2008 Module 1: Security Basics Module 2: Security Applications Module 3: Advanced Security Configuration Module 4: Organisational Aspects Module 5: Legal Aspects Cases Business version! Extra large scale business version available via live streaming video see inside Obtain a Ghent University certificate Scientific Coordination Prof. dr. ir. Eric Laermans Prof. dr. ir. Piet Demeester Prof. dr. ir. Ingrid Moerman INSTITUUT VOOR PERMANENTE VORMING

2 introduction ICT in Continuing Education: the IVPV success story By the end of the previous century, the IVPV together with Agoria challenged the shortage in ICT-specialists by setting up a large scale IT course. For one or two evenings per week, around 2000 employees throughout Belgium and Europe faithfully attended the videoconferences organised by the Flemish universities. Many participants took exams on one or more modules, and received a university certificate. The course was a true milestone for industry, and gave a new élan to many ICT-experts. Today Agoria teaches us that again there is a growing shortage in ICT-specialists. The IVPV picks up the Agoria inquiry, and revitalizes a new large scale ICT course. As always, the course is demand driven, and the content has been set up in close collaboration with industry. Why this course? The evolution in the world of communication networks in the last decades has been rapid and thorough. We evolved from traditional, fixed telephone networks, well controlled by clearly identified operators of the user itself in the form of some spyware leaking precious information to the hacker who planted the piece of malware. Furthermore, as users and enterprises rely more and more on their network infrastructure to do business, the consequences of successful attacks have to mobile, pervasive, more open and ever more complex IP-based networks. The share of voice communication in total network traffic has dwindled, while the amount of data communication over IP-networks from new applications as file transfer, , Web, etc. has steadily risen. Even within mobile networks, data communication is taking an ever larger share with new technologies as UMTS. Today, these new data networks even compete with the The ICT Networking & security course is the first part of a large scale international ICT course organised by the Institute of Continuing Education at Ghent University. In total, five parts will be organised dealing with Multimedia (Part II), Software Engineering (Part III), Operating Systems & ICT System Management (Part IV) and Databases (Part V). All parts are scheduled within If you want to be updated about the following parts, send an to info@ivpv.ugent.be become orders of magnitude more devastating. The second objective of this course is to allow to understand which security functions and mechanisms exist, how they can be used and implemented to achieve acceptably secure communications. Who should attend? This course is aimed at people with some technological background, although they need not be experts in ICT. Only the advanced lab sessions older more traditional networks for the telephone service, as Voice-over-IP has become a fierce competitor to the historical from the fourth module of the second part require a suffi- cient experience to start. telephone operators. This course aims to present the underlying technologies of this relatively new reality. Post-academic Course Certificate granted by the Ghent University Originally, networks were typically tightly controlled by welldefined operators. Attacks against those networks were sometimes possible, allowing the hacker This programme is part of the Ghent University post-academic courses. To receive a post-academic certificate granted by Ghent University for Part I and/or to pass the bill of his communications to the victim of the hacking, but the amplitude of the attacks and their damage were generally rather limited. The openness of contemporary networks, especially IP-based networks, and the complexity and vulnerability of contemporary terminals (computers or advanced mobile devices), means that much more attention has to be spent on the Extra business edition! Follow this course worldwide. For companies interested in this course, a live streaming video of the lectures via the Internet will be available to attend locally at your business sites worldwide. Some of the lab sessions can also be organised locally in your company. For more information, contact us at: ivpv@ugent.be Part II, one should at least attend modules 1, 2 and 3 of part I and/or modules 1, 2 and 4 of part II, and successfully take exams for these. The exam will normally take place at the end of September Example questions, giving a precise idea of what can be asked at the exam, will be given in advance. Course certificates are a personal merit: participants who aspire a certificate cannot security of these networks. Attacks can come from anywhere, be replaced, others can. at any time. The attack could even originate from the terminal

3 programme Program Part I: Communication networks Module 1: Fixed Networks The basis of most contemporary fixed networks is the TCP/IP protocol stack. The objective of this module is to discuss in more detail the several layers of this stack, starting with the application layer and ending with the data link layer. At the application layer, we shall deal with the most common protocols for Web (HTTP), (SMTP, POP), file transfer (FTP),... One level lower in the protocol stack, at the transport layer, we find the well known TCP and UDP. The transport layer itself relies on the underlying network layer, where the Internet Protocol (IP) is used. At this point routing and network management tools like OSPF, BGP, ICMP, NAT, DHCP,... will also be discussed. Finally, we end with the data link layer protocols such as Ethernet or PPP. The theory from this module will be illustrated by a series of 4 lab sessions which will give the course members hands-on experience about the operation of basic IP applications, network protocols and basic network configuration. Teachers: Piet Demeester, Andy Van Maele (Lab sessions) Organisation: 3 plenary sessions theory + 4 group sessions lab exercises Reference book: Computer networking - A top-down approach featuring the internet, 4th Edition by James F. Kurose & Keith W. Ross Module 2: Multimedia Networks The second module of this part about communication networks deals with multimedia networks and the specific network requirements multimedia implies. It is in this module that we shall discuss important concepts as quality of service (QoS), multicast and the next generation of the Internet Protocol (IPv6), which offers new possibilities that are unavailable in less advanced networks and are useful for the reliable transmission of multimedia data. Voice-over-IP will be considered as a typical multimedia application. Other, more advanced, techniques that will also be dealt with are SIP (used to support Voice-over-IP), MPLS (used to support QoS),... The theory is complemented by a series of 3 lab sessions where experience will be acquired with the nature of video traffic, by configuring a network to support QoS and with SIP. Teachers: Piet Demeester, Andy Van Maele (Lab sessions) Organisation: 2 plenary sessions theory + 3 group sessions lab exercises Reference book: Computer networking - A top-down approach featuring the internet, 4th Edition by James F. Kurose & Keith W. Ross Module 3: Wireless Networks Two different kinds of wireless networks are dealt with in this module. On the one hand, we shall consider mobile communication systems relying on large cellular infrastructures, like GSM and UMTS. But the main accent of this module will lie on less institutional wireless technologies like WiMAX (wide area networks), WLAN (local networks), Bluetooth and Zigbee (personal networks) and even RFID (tagging). Teacher: Ingrid Moerman Organisation: 3 plenary sessions theory Reference book: Mobile Communications, 2 nd edition by Jochen Schiller Module 4: etom The first part is concluded by a session about etom, which is to the telecommunication industry what ITIL is to the information technology industry: a framework of best practice approaches to deliver high quality services. It deals with the more organisational, rather than technical, aspects of telecommunication networks. Teacher: Filip De Turck Organisation: 1 plenary session theory Extra module: Cases This module contains 1 session with 4 cases to give an overall illustration of the course topics. Subscription is free and automatically included. Organisation: 1 group session lab exercises Program Part II: Security Module 1: Security Basics What does information security mean? Which functions can be realised? Why do we need security? These are the questions that should be answered in the first session of this module. The main basic objectives of information security are discussed: confidentiality, authentication, data-integrity, non-repudiation and availability. We shall show what may happen if insufficient measures are taken to achieve these properties and how people with bad intentions can undermine these objectives to gain an advantage. Besides these basic security concepts, this module also deals with the concrete basic mechanisms that can be used to achieve the desired security objectives. The basic principles of conventional and asymmetric encryption, hash functions, message authentication codes, time stamps, certificates, PKI,... are explained, without plunging into the mathematical details underlying these complex techniques. Biometric techniques will also be shortly discussed here, both with their advantages and their shortcomings. Teacher: Eric Laermans Organisation: 2 plenary sessions theory Reference book: Cryptography and Network Security, Principles and Practices, 4th edition by William Stallings *1 session = 2 lectures/labs of 1.5 hr. Module 2: Security Applications Once the basic building blocks are well understood, we shall try to understand how they are used to achieve security in communication networks, at the different levels of the protocol stack: at application layer (PGP, S/MIME, SSH,...), at the transport layer (TLS/SSL) or at the network layer (IPSec). Related to these secure protocols, we shall also explain how they can be used to create VPN s. The use of these cryptographic security techniques alone is not sufficient to guarantee

4 teachers the security of computer or communication systems. System security measures protecting against malware and other intrusions are also essential. This is why we shall also discuss malware protection, firewalls and intrusion detection systems. And finally, as wireless networks are particularly open and vulnerable to attacks, we deal with the specific security measures for wireless networks: from the defective WEP to the improved WPA and WPA2. A demonstration session will illustrate the potential risks in networks, especially in WEP secured wireless local networks. The theory presented in this module is also complemented by two lab sessions about the principles of network security and about the configuration and vulnerability of a basic wireless local network secured by WEP. Teachers: Eric Laermans, Andy Van Maele (Lab sessions) Organisation: 5 plenary sessions theory + 2 group sessions lab exercises Reference book: Cryptography and Network Security, Principles and Practices, 4th edition by William Stallings Module 3: Advanced security configuration To those who are already more familiar with ICT and security, this module is devoted to the more advanced practical aspects of information security. In a series of 4 lab sessions, hands-on experience will be obtained in advanced PC security, authentication services with a RADIUS server and advanced security aspects of wireless networks. Teacher: Andy Van Maele Organisation: 1 plenary session theory + 4 group sessions lab exercises Module 4: Organisational aspects Security is not just a matter of technology. The organisational aspects certainly are not less important. In this module, we shall see how information security can be organised within a company: how security policies are designed and implemented and how a company can respond to security incidents. Attention will also be given to the control and auditing of security policies, for which CobiT is an important standard. Teacher: Marc Vael Organisation: 2 plenary sessions theory Module 5: Legal aspects The security part of this course concludes with a last module about the legal aspects of security. What activities (hacking, identity theft,...) can be considered illegal? What are the legal measures against computer crime? Another important legal aspect of information security is the protection of personal data (of customers or employees). This module also discusses the obligations a company has to achieve an acceptable level of information security. Besides protection against attacks, we also deal with the legal framework for electronic signatures and e-commerce. Teacher: Jos Dumortier Organisation: 1 plenary session theory Scientific Coordination > Prof. dr. ir. Eric Laermans > Prof. dr. ir. Piet Demeester > Prof. dr. ir. Ingrid Moerman Teachers > Piet Demeester > Jos Dumortier ICRI, KULeuven, IBBT > Filip De Turck > Eric Laermans > Ingrid Moerman > Marc Vael Executive Director at Protiviti Belgium, Brussels > Andy Van Maele This course is organised as a cooperation between the Institute for Continuing Education (IVPV) of Ghent University and the Interdisciplinary institute for BroadBand Technology (IBBT) with the support of Agoria (Belgium employers organisation and trade association). Extra module: Cases This module contains 1 session with 4 cases to give an overall illustration of the course topics. Subscription is free and automatically included. INSTITUUT VOOR PERMANENTE VORMING

5 subscription form Preferably via OR by using this form: Return completed and signed form (use capitals): Name: Mr. / Ms. First Name: Private address Street: Number: Zip: City: Country: Telephone: Company: Function: Company address Street: Number: Zip: City: Country: Telephone: Fax: VAT nr: Invoice: company I will pay e Date: private by means of employer/employee training cheques Signature: Your address data are incorporated by the IVPV in a database in order to be able to keep you informed of our activities and programmes. In accordance with the law from 8/12/1992 safeguarding personal privacy with respect to the processing of personal data, you are entitled to examine, correct or cancel this information kept by the IVPV. Part I: Communication Networks Module 1: Fixed Networks 1100 Module 2: Multimedia Networks 800 Module 3: Wireless Networks 500 Module 4: etom 200 Modules 1 4 together 2100 Part II: Security Module 1: Security Basics 330 Module 2: Security Applications 1100 Module 3: Advanced Security Configuration 800 Module 4: Organisational Aspects 330 Module 5: Legal Aspects 200 Modules 1 5 together 2200 All modules Part I & II 3900 Reference books Computer networking - A top-down approach featuring the internet, Participation Fee The participation fee includes the tuition fee, course notes, soft drinks, coffee and sandwiches. Payment occurs after reception of the invoice. All invoices are due in thirty days. All fees are exempt of VAT; eventual transfer rates are at the expense of the participant. Reference books are billed directly by the bookshop. Special prices apply for UGent employees and members of Ghent University Association (Consult the website from within the Ghent University/Association network). Group Reduction When participant(s) of a company subscribe for the equivalent of the complete course, a reduction of 20% is given to all additional subscriptions of the same company, even on single modules. Invoicing is then done by one company invoice. For larger numbers of subscriptions, additional reductions could be envisaged: please contact the IVPV-secretariat. Training cheques ( Opleidingscheques BEA ) Ghent University has been recognised as an official training supplier within the framework of the training cheques of the Flemish Community. Thereby you can save on the participation fee of this training ( For employers we refer to (authorisation ID: DV.O ) 4 th edition by James F. Kurose & Keith W. Ross (reference work for Part I, modules 1 and 2): e 50,26 (incl. VAT). Cryptography and Network Security, Principles and Practices, 4 th edition by William Stallings (reference work for Part II, modules 1 and 2): e 65,72 (incl. VAT). Mobile Communications, 2 nd edition by Jochen Schiller (reference work for Part I, module 3): e 63,02 (incl. VAT).

6 practical info Practical Information The programme consists of different modules. Each module can be followed separately. Plenary sessions (theory) are organised as follows: > 18h00-19h30: session 1 > 19h30-20h00: sandwich break > 20h00-21h30: session 2 Location > Plenary sessions (theory): Ghent University, Institute for Continuing Education, Campus Engineering Faculty, Building Magnel (nr. 904), Technologiepark, 9052 Zwijnaarde, Belgium > Lab sessions:, Zuiderpoort Office Park, Gaston Crommenlaan 8, B-9050 Gent-Ledeberg, Belgium Language English is used in all presentations, lab exercises and documentation, so a good knowledge of this language is necessary. Cancellation Policy > Cancellation should be done in writing (either letter or fax); > Cancellation can be done on individual modules or on full subscriptions; > When cancelling up to 10 days before the start of the course/module, an administrative fee of 25% on the requested payback is due; > When cancelling less than 10 days before the start of the module, the full fee is due; Information and Documentation More detailed information about the course in general or on particular modules can be found on the course website: The IVPV secretariat can also be contacted: Institute for Continuing Education Els Van Lierde Technologiepark 913, 9052 Zwijnaarde Tel: , fax: ivpv@ugent.be Scheduling & Participation Fee Part I: Communication Networks Theory Lab* Fee** Module 1: Fixed Networks 10/01/08, 17/01/08, 24/01/08 12/01/08, 19/01/08, /01/08, 02/02/08 Module 2: Multimedia Networks 31/01/08, 13/02/08 16/02/08, 23/02/08, 1/03/ Module 3: Wireless Networks 21/02/08, 28/02/08, 6/03/ Module 4: etom 13/03/ Extra Module: Cases 20/03/08 Included Part II: Security Theory Lab* Fee** Module 1: Security Basics 10/04/08, 17/04/ Module 2: Security Applications 24/04/08, 30/04/08, 8/05/08, 17/05/08, 24/05/ /05/08, 22/05/08 Module 3: Advanced Security Configuration 29/05/08 31/05/08, 7/06/08, /06/08, 21/06/08 Module 4: Organisational Aspects 5/06/08, 12/06/ Module 5: Legal Aspects 19/06/ Extra Module: Cases 26/06/08 Included Part I: all modules together 2100 Part II all modules together 2200 Part I & II, all modules 3900 Scriptics * Extra lab sessions will be organised if necessary This schedule may be subject to modification ** Exempt of VAT. Eventual transfer rates are at the expense of the participant.