13M111ZRM - Advanced Network and System Security

Course specification
Course title		Advanced Network and System Security
Acronym		13M111ZRM
Study programme		Electrical Engineering and Computing
Module
Type of study		master academic studies
Lecturer (for classes)		professor PhD Pavle Vuletić professor PhD Žarko Stanisavljević
Lecturer/Associate (for practice)		asst. MA Mihajlo Ogrizović, electrical and computer engineer professor PhD Pavle Vuletić professor PhD Žarko Stanisavljević
Lecturer/Associate (for OTC)		asst. MA Mihajlo Ogrizović, electrical and computer engineer professor PhD Pavle Vuletić professor PhD Žarko Stanisavljević
ESPB		6.0	Status	elective
Condition		Computer Security, Operating Systems, Computer Networks
The goal		Introducing students to the field of computer system and network intrusion and attack detection and prevention. Teaching students for the work in the field of computer system and network security. Ethical hacking and penetration testing. Understanding key threats and attack vectors on computer and software systems. Practical work on multiple contemporary tools for attack detection and analysis.
The outcome		Students who complete this course will be able to: * understand the methodology of the attacks and intrusions to computer systems and networks * know various types of attack on computer systems and networks * actively use tools for the detection and analysis of the threats and attacks * perform ethical intrusions into the computer systems and networks as a way to analyse system vulnerability
Contents
URL to the subject page		https://rti.etf.bg.edu.rs/rti/ms1zrm/
Contents of lectures		Attacks on computer systems and networks: methodology and phases. Reconnaissance, scanning, enumeration of the computer system and network data. Social engineering. IP, ARP, DNS, BGP attacks, DoS and botnets. Malware, password guessing, SQLi, XSS, OS vulnerability. Tools for system protection: ACL, firewalls, IDS/IPS, honeypot. Anonymity, Tor. Mobile device security. Web frauds. Ethical hacking.
Contents of exercises		Computer system and network reconnaisance, packet and communication session analysis. Network attacks (ARP spoofing, DNS spoofing and other). Computer systems attack (SQL injection, cross site scripting, Eternal Blue, and other). Network security (packet filters, firewalls, honeypot). Log analysis and SIEM. DoS protection. Penetration testing and ethical hacking.
Literature
CEH v10: EC-Council Certified Ethical Hacker Complete Training Guide, Independently published (May 26, 2018) (Original title) Kim P., The Hacker Playbook: Practical Guide To Penetration Testing, CreateSpace Independent Publishing Platform, 2014 (Original title) Diogenes Y., Cybersecurity – Attack and Defense Strategies: Infrastructure security with Red Team and Blue Team tactics, Packt Publishing (January 30, 2018) (Original title)
Number of hours per week during the semester/trimester/year
Lectures	Exercises	OTC	Study and Research	Other classes
2	2	1
Methods of teaching		Lectures, excersises with demos in computer lab, lab excersises, seminars
Knowledge score (maximum points 100)
Pre obligations		Points	Final exam	Points
Activites during lectures			Test paper	40
Practical lessons		40	Oral examination
Projects
Colloquia
Seminars		20