Module G: Cybersecurity of information and communication systems

Subject description

Introduction to cybersecurity; overview of security threats and security requirements for networks and services. Security analysis; protective measures; standards, organizations, and authorities in the field of security. 

Cryptographic protection: symmetric and asymmetric algorithms, hash functions, digital signature and key management; certificates; public key infrastructure (PKI). 

Network security: types of threats and attacks (denial of service, spoofing, traffic interception and redirection, message integrity attacks, routing attacks, traffic analysis); network protocol and equipment vulnerabilities; the security of the access, network and transport layers of the TCP/IP stack. Defense mechanisms and protection methods at the interface, network and transport layers; firewalls and traffic filtering. 

Virtual Private Networks (VPNs): security protocols, design, advantages and disadvantages of different approaches. 

Techniques and tools for finding vulnerabilities and detecting intrusions at the network level. Defense mechanisms and countermeasures (network monitoring, intrusion detection, firewalls, anti-spoofing and DoS, honeypots). 

Operational management of network security (e.g., security policies, network access control configuration). 

Security of wireless networks. 

Security in mobile networks. 

Operating system security; user and kernel mode; user rights. Malware and rootkits. System service vulnerabilities and supply chain vulnerabilities (case studies). 

Software security: security of web traffic and web servers; hypertext transfer protocol (HTTP) security; secure SSL/TLS connections; authentication in online services; authentication and digital certificates. Application and browser security; session management; application vulnerabilities and protection (SQL injection, XSS and CSRF attacks); Client-side security (cookies, HTTPS, plugins, user tracking, same-origin policy); Server-side security tools (WAF, rate limiting, SIEM, central logging); Approaches and tools for finding vulnerabilities (e.g., fuzzing). Email security and Secure/Multipurpose Internet Mail Extensions (S/MIME). DNS service security and protection. 

Secure software development practices and life cycle; vulnerability management; software composition analysis. Static Application Security Tests (SAST), Dynamic Application Security Tests (DAST). 

The subject is taught in programs

Objectives and competences

The aim of the course is to give the student a comprehensive overview of the technical aspects of cyber security: security of computer hardware and peripheral equipment; security of the operating system; security of network equipment and network services (based on TCP/IP, typical topologies and architectures); secure software development; typical attack vectors on software systems; technologies to control and protect the security of endpoints and network equipment; and attack analysis. The course will give present a good basis for independent work in the field of planning secure architectures, networks, software and services, thus preparing them for career challenges in the role of an engineer, security analyst or manager. 

Teaching and learning methods

Lectures for theoretical aspects, classroom or laboratory work and teamwork for real-world use case scenarios and problem solving through project work. E-learning.  

Expected study results

After successful completion of the course, students should be able to: 

  • Identify and eliminate bad design and development practices in the design and development of ICT systems 

  • Conduct a security review and penetration testing of an ICT system (software, services, network) and propose mitigations for potential cyberattacks 

  • Design and implement a system for monitoring cyber threats in the ICT environment 

  • Understand the requirements and needs of various stakeholders and organizations in the field of cybersecurity 

Basic sources and literature

  1. Brooks, C. J., Grow, C., Craig, P. A., Short, D., Cybersecurity Essentials, 1st ed., Sybex, 2018 
  2. Kaufman, C., Perlman R., Speciner, M., Perlner, R., Network Security: Private Communication in a Public World, 3rd ed., Addison-Wesley Professional, 2022 
  3. Stallings, W., Cryptography and Network Security: Principles and Practice, 8th ed., ‎Pearson, 2019 
  4. Silberschatz, A., Galvin, P.B., Gagne, G., Operating System Concepts, 10th ed, John Wiley &Sons, 2021 
  5. McGraw, G., Software Security: Building Security In; 1st ed. Addison-Wesley Professional, 2006 
  6. Hoffman, A., Web Application Security: Exploitation and Countermeasures for Modern Web Applications, 1st ed., O'Reilly Media, 2020 

Stay up to date

University of Ljubljana, Faculty of Electrical Engineering Tržaška cesta 25, 1000 Ljubljana

E:  dekanat@fe.uni-lj.si T:  01 4768 411