252-0811-00L Applied Security Laboratory
|Semester||Autumn Semester 2020|
|Periodicity||yearly recurring course|
|Language of instruction||English|
|Comment||This only applies to Study Regulations 09: In the Master Programme max. 10 credits can be accounted by Labs on top of the Interfocus Courses. Additional Labs will be listed on the Addendum.|
|252-0811-00 P||Applied Security Laboratory|
Will also be offered via Zoom. If more than 20 students register, the lecturer will communicate the distribution of who will attend the course on site and who will attend from home.”
|Abstract||Hands-on course on applied aspects of information security. Applied|
information security, operating system security, OS hardening, computer forensics, web application security, project work, design, implementation, and configuration of security mechanisms, risk analysis, system review.
|Objective||The Applied Security Laboratory addresses four major topics: operating system security (hardening, vulnerability scanning, access control, logging), application security with an emphasis on web applications (web server setup, common web exploits, authentication, session handling, code security), computer forensics, and risk analysis and risk management.|
|Content||This course emphasizes applied aspects of Information Security. The students will study a number of topics in a hands-on fashion and carry out experiments in order to better understand the need for secure implementation and configuration of IT systems and to assess the effectivity and impact of security measures. This part is based on a book and virtual machines that include example applications, questions, and answers.|
The students will also complete an independent project: based on a set of functional requirements, they will design and implement a prototypical IT system. In addition, they will conduct a thorough security analysis and devise appropriate security measures for their systems. Finally, they will carry out a technical and conceptual review of another system. All project work will be performed in teams and must be properly documented.
|Lecture notes||The course is based on the book "Applied Information Security - A Hands-on Approach". More information: http://www.infsec.ethz.ch/appliedlabbook|
|Literature||Recommended reading includes:|
* Pfleeger, Pfleeger: Security in Computing, Third Edition, Prentice Hall, available online from within ETH
* Garfinkel, Schwartz, Spafford: Practical Unix & Internet Security, O'Reilly & Associates.
* Various: OWASP Guide to Building Secure Web Applications, available online
* Huseby: Innocent Code -- A Security Wake-Up Call for Web Programmers, John Wiley & Sons.
* Scambray, Schema: Hacking Exposed Web Applications, McGraw-Hill.
* O'Reilly, Loukides: Unix Power Tools, O'Reilly & Associates.
* Frisch: Essential System Administration, O'Reilly & Associates.
* NIST: Risk Management Guide for Information Technology Systems, available online as PDF
* BSI: IT-Grundschutzhandbuch, available online
|Prerequisites / Notice||* The lab allows flexible working since there are only few mandatory meetings during the semester. |
* Students must be prepared to spend more than three hours per week to complete the lab assignments and the project. This applies particularly to students who do not meet the recommended requirements given above. Successful participants of the course receive 8 credits as compensation for their effort.
* All participants must sign the lab's charter and usage policy during the introduction lecture.
|Performance assessment information (valid until the course unit is held again)|
|Performance assessment as a semester course|
|ECTS credits||8 credits|
|Type||ungraded semester performance|
|Language of examination||English|
|Repetition||Repetition only possible after re-enrolling for the course unit.|
|Additional information on mode of examination||The deliverables and their contribution towards the semester performance are: |
1) an individual lab journal documenting each student’s work with the book (20%) and
2) the project deliverables which are handed in as a group (80%).
|Main link||Course web page|
|Only public learning materials are listed.|
|No information on groups available.|
|There are no additional restrictions for the registration.|
|Cyber Security Master||Electives||W|
|Computer Science Master||Focus Elective Courses General Studies||W|
|Computer Science Master||Focus Elective Courses Information Security||W|
|Computer Science Master||Practical Work||W|