10 years 9 years

Topic for this first lecture were introduction to the group project process, we had already selected topics, and the remaining groups had to select group coordinators and we discussed all the formal requirements. We were then asked to prepare a project management plan for Easter, and we were introduced to the Cisco curriculum (CCNA Security material).

Next we did an overview of how our society is networked. The things I wrote down as important aspects were:

  • Crypto: weakened by time, read paper EUcrypt.pdf (2011-2012)
  • Crypto export restrictions history in U.S.
  • Secure communication, but the end nodes are still vulnerable
  • Medieval fortress security model and today's interconnected reality
  • Privacy vs security (democracy vs crime disclosure and protection of citizens)
  • Information dominance (APT) and Mandiant 2013 report
  • Man-Machine and Machine-Machine interfaces. ATM authenticate itself to humans
  • FBI report 80% of cases with support from insiders
  • Attack sophistication up and skill level required down
  • "Qui Buono": who benefits from this?
  • Model of different attacks (8 types)
    1. Confidentiality
    2. Integrity
    3. Non repudiation of origin
    4. Non repudiation of receipt (difficult) (isn't it simly "signing back"?)
    5. Insertion
    6. Replay
    7. Deletion
    8. Masquerade (difficult)

The next day we did a repetition quiz, and talked more about the network technology

  • Network protocols (OSI model, TCP/IPv4 and IPv6, frame/packet/segment)
  • Different kinds of malware
  • Wiretapping laws in U.S.
  • Recover time vs damage/resilience