Különbségek

A kiválasztott változat és az aktuális verzió közötti különbségek a következők.

--- tanszek:oktatas:computer_system_security [2022/03/29 09:12]
127.0.0.1 külső szerkesztés
+++ tanszek:oktatas:computer_system_security [2024/02/27 06:54] (aktuális)
superuser [Handouts]
@@ Sor 19: / Sor 19: @@
 ^ Week #     ^ Lecture      ^ Labor          ^
 | Week 1   | Basic concepts    | Labor usage, handouts requirements |
-| Week 2   | Security design principles| Design the security of Neptun system|
+| Week 2   | Security design principles| Functional and architectural design of coding task 1. |
-| Week 3   | Introduction to Kali Linux   | Basic commands        |
+| Week 3   | Security design walkthrough| Functional and architectural design of coding task 2.|
-| Week 4   | Working with Kali Linux    | Introduction to Python|
+| Week 4   | Introduction to Kali Linux   | Basic commands        |
-| Week 5   | Python security tools| Writing Python code        |
+| Week 5   | Working with Kali Linux    | Coding - safe logon and user management |
-| Week 6   | Bank Holiday| Bank Holiday|
+| Week 6   | Python security tools| Coding  - safe document storage        |
-| Week 7   | Malicious code| Virus and malwae checking tools|
+| Week 8   | Bank Holiday| Bank Holiday|
-| Week 8   | Hashing function | Kali password storing functions|
+| Week 9   | Malicious code| Virus and malwae checking tools|
+| Week 10  | Cryptography | Kali password storing functions|
+| Week 11  | Security coding walkthrough | Coding task pre-evaluation |
+| Week 12  | Test | coding task pre-evaluation |
+| Week 13  | Presentations of coding assignments| Presentations of coding assignments |
+| Week 13  | Evaluation| Presentations of coding assignments|
@@ Sor 49: / Sor 54: @@
+===== Task =====
+**Objective:**
+The objective of this task is to design, implement, and analyze a secure file storage system. The system should ensure the confidentiality, integrity, and availability of stored files. Additionally, students are required to explore and implement encryption techniques, access controls, and other security measures to protect sensitive data
+. System Design:
+Define the requirements and functionalities of the secure file storage system.
+Design the architecture, specifying components such as servers, databases, and client interfaces.
+Clearly outline the security objectives (confidentiality, integrity, availability).
+Encryption Implementation:
+. Algorithms:
+Choose a suitable encryption algorithm(s) for securing stored files.
+Implement encryption and decryption mechanisms to protect the confidentiality of files.
+Discuss the key management strategy to securely handle encryption keys.
+. Access Control and Authentication:
+Implement access controls to restrict file access based on user roles and permissions.
+Integrate a robust authentication mechanism to verify the identity of users.
+Consider multi-factor authentication for enhanced security.
+. Audit Trail and Logging:
+Implement logging mechanisms to record user activities and file access.
+Create an audit trail for monitoring and analysis of security incidents.
+Discuss how the audit trail can be used for forensic purposes.
+.Data Integrity and Redundancy:
+Implement mechanisms to ensure the integrity of stored files.
+Explore techniques for redundancy and data backup to ensure availability.
+Discuss the recovery plan in case of data loss or system failure.
+. User Interface and User Experience:
+Develop a user-friendly interface for uploading, downloading, and managing files securely.
+Ensure that the user interface promotes security best practices and guides users on secure behavior.
+.Security Analysis:
+Conduct a thorough security analysis of the implemented system.
+Perform penetration testing to identify vulnerabilities and propose mitigation strategies.
+Provide a detailed report on the overall security posture of the system.
+. Documentation and Presentation:
+Document the entire design and implementation process.
+Prepare a presentation highlighting key features, security measures, and the rationale behind design choices.
+**Evaluation Criteria:**
+__Functionality (30%)__:
+Successful implementation of encryption, access controls, and authentication.
+File upload/download functionality.
+Proper error handling and user feedback.
+__Security Measures (30%):__
+Effectiveness of encryption techniques.
+Robustness of access controls and authentication.
+Quality of logging and audit trail.
+__User Interface (15%)__:
+User-friendly design.
+Clarity in guiding users on secure practices.
+__Security Analysis (15%):__
+Thoroughness of security analysis.
+Effectiveness of mitigation strategies.
+__Documentation and Presentation (10%):__
+Clarity and completeness of documentation.
+Quality of the presentation and ability to articulate key points.
 ===== Handouts =====
@@ Sor 59: / Sor 133: @@
   - {{tanszek:oktatas:week7.pdf|Week 7}}
+===== Test Questions =====
+  - Define computer security
+  - Explain Confidentiality, Integrity and Availability
+  - What are the challenges in Computer Security
+  - Define attack types
+  - Define Threats, Attacks, and Assets
+  - Explain Security Requirements
+  - Explain Fundamental Security Design Principles
+  - Explain Computer Security Strategies
+  - Define the basic concepts of cryptographic algorithms: Plaintext, Encryption algorithm, Secret key, Ciphertext, Decryption algorithm
+  - Explain Message Authentication and Hash Functions
+  - Explain Public-Key Encryption
+  - Explain Digital Signatures and Key Management
+  - How can public-key encryption be used to distribute a secret key?
+  - Explain DES algorithm
+  - Explain AES algorithm
+  - Explain MD5 algorithm
+  - Explain Message Authentication Code
+  - What are Malicious software ? What Harm do they cause ? What are the prevention actions you recommend?
+  - Explain network penetration testing
+  - Define Fundamental Security Design Principles

Institute of Inf. Tech. - Informatikai intézet

Felhasználói eszközök

Eszközök a webhelyen

Különbségek

Eszközök az oldalon