The set of topics in this course are listed below. Click on their links to see details such as: lecture notes, chapters from textbooks, links to interesting websites, and videos of the lecture.
What is computer and network security? Security attacks, services and mechanisms. Security companies, organisations and websites.
Many security mechanisms rely on cryptographic techniques, such as encryption, authentication, hash functions, signatures and random numbers. This topic gives an overview of this techniques, focussing on examples, rather than theory.
Checking human users are who they say they are is a key component of most IT systems. This topic focusses on passwords: how they are used, strategies for secure usage and their weaknesses.
Access control aims to prevent unauthorized usage of computer resources. File based access control in Linux will be used as an example.
A general classification of malicious software, or malware, including viruses, worms, zombies and rootkits.
Computer systems should be available for normal users to use. A DoS attack makes the system unavailable. Typically DoS attacks are difficult to prevent.
One common method for preventing attacks and malware entering a network is using a firewall. This topic describes different types of firewalls and uses Linux iptables as an example in configuring a firewall.
We look at a range of technologies used in securing networks, and specifically communications across the Internet. Examples technologies include HTTPS and digital certificates.
A common attack on computer systems today is on websites. Attackers take advantage of flaws in publicly available web sites to gain access to unauthorized data and systems. Examples include SQL injection, XSS and CSRF.
General methods for securing communications across the Internet, including secure email as an example.
A selection of privacy issues and technologies related to privacy, such as cookies, VPNs and Tor.