ICT Security Basics from Trust to Blockchain - Opinto-opas

No prerequisites.

- The basic concepts of data security. CIA (confidentiality, integrity, availability). Confrontation. The attacker's perspective and pentest. What does ICT security involve? The most effective, common and successful techniques for attacking businesses.
- Low hanging fruit, defender’s perspective. Basic ICT security tools. ICT security with ulterior tools. Possible additional issues: easy attacks in practice.
- Encryption. Importance of CIA. How to decrypt encryption? When does encryption need not be broken? Symmetric and asymmetric encryption. Seals. Two-sided authentication. Traffic measurement intelligence.
- Practical encryption techniques. Email encryption with PGP. Public Key Infrastructure. Decentralised and centralised trust. TLS CA vs. PGP PKI trust.
- Modern encryption techniques. Anonymous networks, TOR. Virtual private networks and their substitutes. Encrypted, decentralised distributed file sharing within an organisation.
- Block chains
- Cryptocurrency

The student knows the concepts of information security at a basic level, can use the required tools individually by following instructions in a book, has returned homework, but failed to complete all tasks due to recurring situations, which have prevented the continuation of study.

The student is familiar with the basic concepts of information security and is able to explain in a general way, for example, how they can be used as tools; can use the tools in normal situations and is able to identify examples of how to apply security principles to everyday personal and business life.

The student understands the basic concepts of information security and the tools to be used in that relationship; identifies examples of the use of basic concepts – also within new situations; is able to solve simple problem situations and use new features that have been added to familiar tools; can identify threats to security and is able to put them in context and is able to initiate the improvement of personal and business security by applying principles found in to day-to-day data knowledge security.

When the implementation type of the course is contact, online or blended it is required that the student is present during those teaching hours that are marked in the study schedule. If you are absent more than 25%, your grade will be lowered by one. If you are absent more than 50%, the course is failed.

No replacements.

ONLINE: Fully remote, mandatory participation to classes.

- Teaching in video conference
- Independent study, reading, summarizing, solving technical tasks and reporting, giving feedback to fellow students
- The assessment of one’s own learning 1 h
- Studying includes classes and exercises

Online course, fully remote. Requires active participation to classes in video conference, at the time marked in the timetable.

To participate, you'll need Internet connection, headphones, camera and a computer where you can install Linux on a virtual machine (with instructions). To be able to discuss pentest techniques, you must accept course rules.

Articles, videos and book chapters provided by teacher. Software is mostly free open source software used in the industry, with the aim of providing a fully licensed copy to student's use even after the course.

For example

- Schneier 2015: Applied Cryptography
- Santos et al 2017: Security Penetration Testing - The Art of Hacking Series
- MITRE: ATT&CK Enterprise Matrix.
- Felten et al 2015: Bitcoin and Cryptocurrency Technologies
- Schneier 1999: Modeling security threats
- Cryptopals
- Debian 11 Bullsyeye non-free
- Metasploitable
- Karvinen 2022: Cracking Passwords with Hashcat

Previous homework, student feedback, reading lists on https://terokarvinen.com/2021/trust-to-blockchain-2022/

Please note that this is not a penetration testing course, even if some of the exercises demonstrate similar techniques. If you want to learn penetration testing, have the time and technical background, consider my non-masters level course "Tunkeutumistestaus" in addition to this course.

Reading list is likely to change during the course. Paid content behind paywalls could be available for free using Haaga-Helia student access.

Many participants are usually already working in the field, which hopefully leads to interesting discussions. No matter if you're a CEO, CIO, helpdesk worker (or not working with IT at all), you're welcome here.

Pasila Campus

No exam.

English

Likely international participation. It's possible to publish homework reports to talk to international audience. Course material is developed by authors from many countries, and some technical tools are multinational FOSS (Free, open source software) projects.

24.10.2022 - 16.12.2022

- Active participation in the classes, including discussions and technical tasks - Presentation - Homework, including reporting technical tasks - Cross evaluation of reports and giving helpful feedback to fellow students

13.06.2022 - 21.10.2022

In course homepage, updated during the course.

- Organizing. Overview of the course. Fundamentals vs common attacks.
- Adversarial situation. The most common ways to attack companies
- Encryption. CIA tirad in encryption. Symmetric and asymmetric encryption.
- Hashing. Two way authentication.
- Practical encryption technieques.
- New applications for encryption.
- Bitcoin and cryptocurrencies. Incentives. Consensus.

MAICTE
MAICTF
EVENING
MADIGE
MADIGF
EXCH
ONLINE

Tero Karvinen

15 - 25

Homework reports, active participation in classes, cross evaluation, presentations.

BUTEM Degree Programme in Business Technologies, ATBUM Degree Programme in Aviation and Tourism Business, LEBUM Degree Programme in Leading Business Transformation

0.00 cr

H-5