Introduction to information systems security - 5MMSDSI

Goal(s)

To present an introduction to securitization of information systems by introducing key concepts and their application in current systems. The domains covered range from securing a private workstation to securing large distributed corporate networks. Topics studied include: fight against viruses and worms, setting virtual private networks, how to preserve authentication and trust in communications, etc.

Content(s)

The module is largely based on the assignments to be made, consisting of fault analysis, the responses needed to limit the impacts (anticipation and reaction), and propose experiments to implement them.

The topics covered in the framed sessions are :

• Introduction to the course, legal warning, assignments presentation.
• Lab : Docker and vagrant, and setting up a security challenge
• Good and bad use of crypto
• Authentication methods
  • Certificates PKI, Kerberos, oauth2, case, SSO
  • PKI Certificate Lab
• Blockchain
• Local vulnerability and good practices
  • identification (3 factors), solutions. Identity theft
  • media confidentiality - encryption / access
  • Access rights and best practices
  • Exploits and answers
  • Hardware flaw, illustration via meltdown and spectrum (if not otherwise processed)
  • Buffer overflow lab
• Network failures and good practices
  • Snort Lab
• WEB security
  • WEB security lab
• Protocol verification
  • Protocol verification lab

Operating systems and concurrent programming