Annotation

---

The main goal of the course is to provide students with knowledge and skills in the field of technology and tools for applying information security techniques. Issues related to ensuring the confidentiality, integrity and availability of information are addressed. Attention is paid to the principles of computer and network security, risk assessment, the concepts of trust. Modern network models and solutions from the position of network and information security are analyzed to achieve an optimal ratio of modularity, resilience, flexibility, security and easy management. Types of attacks and malicious code against information security are considered, as well as techniques and means for their blocking - systems for recognizing and preventing attacks. Techniques for protection of databases and Web applications are presented.

Content

---

1. Concepts of risk, threats, vulnerabilities and attacks. International security standards.

2. Authentication, Authorization and Accounting (AAA). Access control.

3. Principles of security in design. Model of the smallest privileges and isolation.

4. End-to-end security. Deep protection. Data validation.

5. Creating secure code.

6. Threats and attacks against security. Malware (malware, spyware, botnets, rootkits).

7. Web security model. Browser security.

8. Session management and authentication. HТTPS protocol. XSS. CSRF.

9. Customer security. Cookie security. Plug-in security.

10. Vulnerabilities in database applications. SQL injection.

11. Server security. Web Application Firewall.

12. Organization of archives. Models. Principles.

13. Network attacks. Types of attacks - Denial of Service (DoS), Distributed DoS, "Social Engineering" and Phishing.

14. Secure network architectures. Security in communication channels and routing protocols. Secure DNS. Insulation.

15. Security in cloud infrastructures.