www.formation-continue-unil-epfl.

ch

5-day course

Practical Computer Security

3 7 February 2014
Target audience
Application / software developers, network and system operators Users,CEOs, CIOs CISOs CSOs, IT Directors Managers, system architects from all industries

Organisation
School of Computer and Communication Sciences (IC), Ecole Polytechnique Fdrale de Lausanne (EPFL)

Overview
IT security has over recent years become a crucial consideration for all businesses and organisations across all industries in both the private and public sectors. As the number of threats is growing, all those involved in IT infrastructure, from the CEO right down to network users, need to keep one step ahead and alert regarding potential threats to their business. This 5-day course provides a comprehensive overview of the latest IT security issues and what they could mean for your business from both theoretical and practical perspectives.

Dates and schedule

3 7 February 2014, from 9 am to 5 pm

Certification
A certificate of participation will be delivered at the end of the course.

Objectives
Get a full overview of the latest IT security issues Understand the problems and main solutions of privacy protection and of wireless network security Acquire an understanding of the underlying mathematical principles of information security and developments therein Obtain a clear picture of available cryptographic primitives for information security, how to use them, and how to select their parameters Learn about what IT professionals must watch out for to develop and deploy secure software Get hands-on experience of a few common vulnerabilities and attack scenarios

Course venue
UNIL-EPFL campus, Lausanne, Switzerland

Practical Computer Security

DAY 1
SECURITY AND PRIVACY BASICS
Morning (09:00 12:30) Phil Janson
COMPUTER SECURITY BASICS Threats, risks, basic principles, and practical limitations Information security basics and protection policies Best practices for executives and end users The state of affairs and potential evolution of the field

DAY 2
SECURITY AND CRYPTOGRAPHY BASICS

DAY 3
SECURITY ENGINEERING & PRACTICE LAB PART I

DAY 4
SECURITY ENGINEERING & PRACTICE LAB PART II

DAY 5
WIRELESS SECURITY AND PRACTICE LAB

Phil Janson
COMPUTER SECURITY BASICS Cryptography deployment and usage Identity and access management

Phil Janson
COMPUTER SECURITY ENGINEERING* Technical view of the threats to IT security and the nature of malware Overview and classification of the most frequent software vulnerabilities that lead to security violations How hackers leverage these to break into IT systems, and what attack patterns are most frequent

Phil Janson
COMPUTER SECURITY ENGINEERING How to defend, prevent, monitor, detect and recover from attacks Best Practices in ensuring secure system and software development, deployment, installation, configuration & operation

Jean-Pierre Hubaux
SECURITY AND PRIVACY FOR MOBILE NETWORKS Attacker model in a wireless networking setting Security of WiFi networks Security of cellular networks Security of sensor networks Security of multi-hop wireless networks Location privacy; mix zones; quantification of location privacy

Afternoon (14:00 17:30) Jean-Pierre Hubaux

PRIVACY CHALLENGES AND SOLUTIONS Brief history of privacy Misconceptions on privacy protection Threats to privacy Privacy in databases; differential privacy Anonymous routing; mix networks; Tor Genomic privacy

Arjen Lenstra
CRYPTOGRAPHY BASICS The three pillars of cryptography (symmetric cryptography, hash functions, and public key cryptosystems): How they are assembled to secure communications What the various security parameters actually mean How the parameter choices have evolved and keep evolving Understanding the risks and the impact of developments What triggers developments

Maxime Augier, Yannis Klonatos

COMPUTER SECURITY PRACTICE LAB* PART I Information Gathering, Forensics: setup a small virtual environments of services use network and vulnerability scanners identify common configuration problems and weaknesses

Maxime Augier, Yannis Klonatos

COMPUTER SECURITY PRACTICE LAB* PART II Application vulnerabilities, Reverse engineering: code injection buffer overflows, stack smashing, breaking improper cryptography usage

Maxime Augier, Yannis Klonatos

COMPUTER SECURITY PRACTICE LAB* PART III Web security: XSS and CSRF exploitation and prevention SQL injections Misc topics (steganography, password cracking)

*Note
Participants should bring their private laptop equipped with minimum: VirtualBox installed, or the privileges to install it 1.5 GB free disk space 256 MB free memory (not counting host OS consumption) Recommended: 512 MB free memory Virtualization-assisted CPU (either Intel VT-X or AMD-V)

Practical Computer Security

Register at Formation Continue UNIL-EPFL.
Registration form available at

www.formation-continue-unil-epfl.ch

Registration
Course fee : CHF 3500.Places are limited.

Application deadline
10 January 2014

Program Director
Philippe Janson Adjunct Prof., Computer Science & Communication Systems

Instructors
Philippe Janson Adjunct Prof., Computer Science & Communication Systems Jean-Pierre Hubaux Professor, Computer Communications and Application Laboratory Arjen Lenstra Professor, Laboratory for Cryptologic Algorithms Maxime Augier Doctoral assistant, Laboratory for Cryptologic Algorithms Yannis Klonatos Doctoral assistant, Data analysis theory and Applications Laboratory

Formation Continue UNIL-EPFL

EPFL - Quartier de lInnovation, Btiment E CH-1015 Lausanne, Suisse Tl.: +41 21 693 71 20 - Fax: +41 21 693 71 30 formcont@unil.ch - www.formation-continue-unil-epfl.ch

Photos: A. Dao; Fotolia.com|nyul, Yuri Arcurs, Rido.