Dates for the next session are not defined yet. For more information or to pre-apply, please contact formcont@unil.ch
Target audience
- Application / software developers, network and system operators
- users,CEOs, CIOs
- CISOs
- CSOs, IT Directors
- Managers, system architects – from all industries
Overview
IT security has over recent years become a crucial consideration for all businesses and organisations across all industries and in both the private and public sectors. As the number of threats is growing, all those involved in IT infrastructure, from the CEO right down to network users, need to keep one step ahead and alert regarding potential threats to their business.
This 5-day course provides a comprehensive overview of the latest IT security issues and what they could mean for your business. Designed to meet the specific training needs of all, the program is modular (one module per day).
Objectives
- Get a full overview of the latest IT security issues
- Understand the problems and main solutions of privacy protection and of wireless network security
- Acquire an understanding of the underlying mathematical principles of information security and developments therein
- Obtain a clear picture of available cryptographic primitives for information security, how to use them, and how to select their parameters
- Learn about what IT professionals must watch out for to develop and deploy secure software
- Get hands-on experience of a few common vulnerabilities and attack scenarios
Topics
- MODULE 1 : COMPUTER SECURITY
- Where threats to IT security come from
- The basics of data protection and recovery
- Fundamentals of authentication, identity and access control management
- Implementation from executive level, down to the basics of safe IT usage from the point of view of a workstation user
- The state of affairs and potential evolution of the field
- MODULE 2: SECURITY FOR WIRELESS NETWORKS AND PRIVACY
Privacy challenges and solutions- Brief history of privacy
- Misconceptions on privacy protection
- Threats to privacy
- Privacy in databases; differential privacy
- Anonymous routing; mix networks; Tor
- Location privacy; mix zones; quantification of location privacy
- Genomic privacy
Security and privacy for mobile networks
- Attacker model in a wireless networking setting
- Security of WiFi networks
- Security of cellular networks
- Security of sensor networks
- Security of multi-hop wireless networks
- MODULE 3: CRYPTOGRAPHY
The three pillars of cryptography- How to interpret and respond in a responsible and cost-effective manner to announcements of the latest developments in the field
- Think about what do cryptanalytic developments actually means for your business.
- Analyse to what extent you need to pay attention to yet another news item about a “breakthrough”
Secure communication and advanced cryptographic protocols
- The three main problems in information security (confidentiality, authentication, integrity); how to use encryption, authentication codes or signatures, and hash functions
- Symmetric cryptography and public-key cryptography – main differences
- Select key lengths and other security parameters
- How to assemble primitives to build secure communicatio
- Connect cryptographic primitives to the problem of trust establishment
- MODULE 4: COMPUTER SECURITY ENGINEERING*
- Technical view of the threats to IT security and the nature of malware
- Overview and classification of the most frequent software blunders that lead to security violations
- Understand how hackers leverage vulnerabilities to attack IT systems, and what attack patterns are most frequent
- Learn about befence measures that exist to prevent, monitor, detect and recover from such attacks
- MODULE 5: COMPUTER SECURITY PRACTICE LAB*
- Play with a small virtual network of Linux servers running various applications
- Observe common vulnerabilities in a practical setting (XSS & CSRF, buffer overflows, command injection, various configuration mistakes)
- Get used to scanning tools to identify possible vulnerabilities and problems
- See how these vulnerabilities get exploited in practice
- Fix vulnerabilities and information leaks
Note :
- Participants should bring their private laptop equipped with minimum: Having VirtualBox installed, or the privileges to install it 1.5 Go free disk space; 256M free memory (not counting host OS consumption). Recommended: 512M free memory; Virtualization-assisted CPU (either Intel VT-X or AMD-V).
Program Director
- Philippe Janson, Adjunct Prof., EPFL, Computer Science & Communication Systems
Instructors
- Day 1 and 4 :
Philippe Janson, Adjunct Prof., EPFL, Computer Science & Communication Systems - Day 2 :
Jean-Pierre Hubaux, Professor, Computer Communications and Application Laboratory - Day 3 :
Arjen Lenstra, Professor, Laboratory for Cryptologic Algorithms - Day 3 :
Serge Vaudenay, Professor, Security and Cryptography Laboratory - Day 5 :
Maxime Augier, Doctoral assistant, Laboratory for Cryptologic Algorithms
Organization
- School of Computer and Communication Sciences (IC), Ecole Polytechnique Fédérale de Lausanne (EPFL)
Certification
A certificate of participation will be delivered at the end of the course.
Course venue
UNIL-EPFL campus,
Lausanne, Switzerland
Registration
Course fee :
Please note that the course fee given is based on the last edition and may be subject to change.
- 5-day course : CHF 3500.-
- Individual modules* : CHF 1000.- per day
* Admission to module 4 : only open to participants having followed module 1, or equivalent training in Computer Security. Admission to module 5 : only open to participants having followed modules 1 and 4, or equivalent training in Computer Security Engineering
Places are limited.
