Study programme competencies |
Code
|
Study programme competences
|
A3 |
CE3 - Knowledge of the legal and technical standards used in cybersecurity, their implications in systems design, in the use of security tools and in the protection of information |
A4 |
CE4 - To understand and to apply the methods and tools of cybersecurity to protect data and computers, communication networks, databases, computer programs and information services |
A5 |
CE5 - To design, deploy and operate a security management information system based on a referenced methodology |
A8 |
CE8 - Skills for conceive, design, deploy and operate cybersecurity systems |
A9 |
CE9 - Ability to write clear, concise and motivated projects and work plans in the field of cybersecurity |
A11 |
CE11 - Ability to collect and interpret relevant data the field of computer and communications security |
A13 |
CE13 - Ability for analysing, detecting and eliminating software vulnerabilities and malware capable to exploit those in systems or networks |
B2 |
CB2 - Students will be able to apply their knowledge and their problem-solving ability in new or less familiar situations, within a broader context (or in multi-discipline contexts) related to their field of specialization |
B5 |
CB5 - Students will apprehend the learning skills enabling them to study in a style that will be selfdriven and autonomous to a large extent |
B6 |
CG1 - To have skills for analysis and synthesis. To have ability to project, model, calculate and design solutions in the area of information, network or system security in every application area |
B7 |
CG2 - Ability for problem-solving. Ability to solve, using the acquired knowledge, specific problems in the technical field of information, network or system security |
B8 |
CG3 - Capacity for critical thinking and critical evaluation of any system designed for protecting information, any information security system, any system for network security or system for secure communication |
B10 |
CG5 - Students will have ability to apply theoretical knowledge to practical situations, within the scope of infrastructures, equipment or specific application domains, and designed for precise operating requirements |
C3 |
CT3 - Ability to include sustainability principles and environmental concerns in the professional practice. To integrate into projects the principle of efficient, responsible and equitable use of resources |
C4 |
CT4 - Ability to ponder the importance of information security in the economic progress of society |
Learning aims |
Learning outcomes |
Study programme competences |
To identify the different vulnerabilities that affect an operating system |
|
BJ2 BJ5 BJ6 BJ7 BJ10
|
|
To understand how the vulnerabilities work and how the O.S. can be protected from them |
AJ8
|
BJ2 BJ5 BJ6 BJ7 BJ10
|
|
To configure an O.S so that we minimize its exposure to threats, minimizing the risk of getting it compromised |
AJ3 AJ4 AJ5 AJ8 AJ9 AJ11 AJ13
|
BJ2 BJ5 BJ6 BJ7 BJ8
|
CJ3 CJ4
|
Contents |
Topic |
Sub-topic |
Introduction to H.O.S. |
The concept of hardening an operating system. Vulnerabilities. Hardening during installation, post installation and maintenance. |
Boot procedure hardening |
Physycal system security. Hardening the Firmware (BIOS, UEFI). Hardening the Boot Loader |
Hardening user acounts |
Identifying and eliminating non used accounts. Limiting user privileges. Group Policies. Hardening authentification. Forcing Password policies |
Hardening File Systems |
File system permissions and protections. Quotas. Locking system directories. Encryption. Limiting access to devices |
Hardening applications |
Identifying and eliminating non used applications. Identifying connections and eliminating apps/packeges providing unwanted connections. Limiting applications provileges. Excuting in secure enviroments: container based execution, SELinux... |
Hardening network |
Identify and eliminate unwanted connections/services. Packet filetring |
Monitoring and maintenance |
System monitoring. Logs. Securing logs. Identifying possible threats. Security patches. |
Planning |
Methodologies / tests |
Competencies |
Ordinary class hours |
Student’s personal work hours |
Total hours |
Introductory activities |
A8 A11 A13 B6 |
1 |
2 |
3 |
Guest lecture / keynote speech |
A3 A4 A11 A13 B5 B6 B8 B10 C3 |
16 |
32 |
48 |
Problem solving |
A3 A4 A5 B2 B5 B7 B8 B10 C3 |
5 |
15 |
20 |
Laboratory practice |
A4 A5 A8 A9 A11 A13 B2 B5 B6 B7 B8 B10 C3 |
16 |
16 |
32 |
Objective test |
A3 A4 A5 A8 A9 A11 A13 B2 B5 B6 B7 B8 B10 C3 C4 |
2 |
20 |
22 |
|
Personalized attention |
|
0 |
|
0 |
|
(*)The information in the planning table is for guidance only and does not take into account the heterogeneity of the students. |
Methodologies |
Methodologies |
Description |
Introductory activities |
Introductory activities to get the students acquainted with O.S. vulnerabilities and their defence against them |
Guest lecture / keynote speech |
The student will attend to the lectures given by the teacher about how to minimize the chance of having usable vulnerabilities in the different parts of an O.S.: boot procedure, user accounts, network connections,,, |
Problem solving |
Problems and short practical questions to consolidate the contents presented in the master classes. |
Laboratory practice |
Lab assignments diealing with securing the different parts of real world operating systems. Both UNIX (linux) and windows types will be considered |
Objective test |
Test about the fundamental contents of the subject |
Personalized attention |
Methodologies
|
Guest lecture / keynote speech |
Problem solving |
Laboratory practice |
|
Description |
Although lab assignments,and problem solving will be dealt with mostly in the allocated lab/room hours, the teacher will be available to help with any question arising from these items in a individualized basis.
The same will stand for the concepts exposed during the keynote speeches |
|
Assessment |
Methodologies
|
Competencies |
Description
|
Qualification
|
Objective test |
A3 A4 A5 A8 A9 A11 A13 B2 B5 B6 B7 B8 B10 C3 C4 |
Questions related to the knowledge acquired.
Questions that involve reasoning over the knowledge acquired
Questions that involve practical problem-solving on real world O.S. Hardening |
50 |
Laboratory practice |
A4 A5 A8 A9 A11 A13 B2 B5 B6 B7 B8 B10 C3 |
Control of the labs assignments and evaluation of the results achieved. |
50 |
|
Assessment comments |
|
Sources of information |
Basic
|
Núñez, Ángel (). Windows Server 2016: Administración, seguridad y operaciones. 0xWord
Gris, Myriam (2017). Windows 10. ENI
De los Santos, Sergio (). Máxima Seguridad en Windows: Secretos Técnico. 0xWord
Salvy, Pierre (2017). Windows 10 : despliegue y gestión a través de los servicios de empresa. ENI
Yuri Diogenes, Erdal Ozkaya (2018). Cybersecurity - Attack and Defense Strategies. Packt Publishing
García, Carlos. González, Pablo (). Hacking Windows: Ataques a sistemas y redes Microsoft. 0xWord
Carlos Álvarez Martín y Pablo González Pérez 0xWord (2016). Hardening de servidores GNU / Linux (3a Edicion). 0xWord
James Turnbull (2008). Hardening Linux . Apress
Donald A. Tevault (2018). Mastering Linux Security and Hardening. Packt Publishing
Tajinder Kalsi (2018). Practical Linux Security Cookbook: Secure your Linux environment from modern-day attacks with practical recipes, 2nd Edition. Packt Publishing
Deman, Thierry (2018). Windows Server 2016 : Administración avanzada. ENI
Aprea, Jean-François (2017). Windows Server 2016 : Arquitectura y Administración de los servicios de dominio Active Directory. ENI
Bonnet, Nicolas (2017). Windows Server 2016 : las bases imprescindibles para administrar y configurar su servido. ENI |
|
Complementary
|
|
|
Recommendations |
Subjects that it is recommended to have taken before |
|
Subjects that are recommended to be taken simultaneously |
|
Subjects that continue the syllabus |
|
|