Designing of Information Security Tools in Computer Systems and Networks

Major: Computer Systems and Networks
Code of subject: 7.123.01.O.003
Credits: 4.00
Department: Electronic Computing Machines
Lecturer: Associate Professor Yuri Morozov.
Semester: 1 семестр
Mode of study: денна
Мета вивчення дисципліни: To provide students with a clear and systematic understanding of the methods and means of information protection in computer networks, the design of computer networks, as well as the principles of construction of relevant devices and nodes. To acquaint students with modern means of research and design of ZZIKM and to give them the opportunity to gain practical skills in the use of these means.
Завдання: General competences: ZK4. Ability to search, process and analyze information from various sources. ZK7. Ability to make informed decisions. Professional competences: SK3. Ability to design computer systems and networks taking into account objectives, constraints, technical, economic and legal aspects. SK8. The ability to ensure the quality of information technology products and services throughout their life cycle. SK11. The ability to choose effective methods of solving complex computer engineering problems, critically evaluate the obtained results and argue the decisions made.
Learning outcomes: Learning outcomes according to the educational program: PH2. Find the necessary data, analyze and evaluate them. PH8. Apply knowledge of technical characteristics, design features, purpose and rules of operation of software and technical means of computer systems and networks to solve complex problems of computer engineering and related problems. PH10. Search for information in various sources to solve computer engineering problems, analyze and evaluate this information. As a result of studying the academic discipline, the student must be able to demonstrate the following learning outcomes: 1. know the theoretical foundations of information protection in computer networks; 2. know the basics of virtual private networks (VPN); 3. know the principles of organizing network traffic analysis, researching network topology and countering network attacks; 4. know the principles of protecting computer networks using network screens; 5. be able to develop, install and debug combined cryptosystems.
Required prior and related subjects: Computer networks Information security in computer systems System Software
Summary of the subject: The discipline "Designing information protection means in computer systems and networks" aims to develop in students a clear and systematic understanding of methods and means of information protection in computer networks; to provide management and debugging skills, services and information protection services in computer networks. As a result of mastering the study material of the discipline, students should know the general principles of building and functioning of information protection means in computer networks, be able to work with the main services and services of information protection means in computer networks.
Опис: 1. Methods of protecting information in computer networks. 2. OSI reference model and its impact on information protection in computer networks. 3. Analysis and capture of network traffic. The Ethereal package is a protocol analyzer. Packet display filter. 4. Study of network topology. ICMP protocol. TCP scan. Determining available network services. Scan by system call. Scanning with SYN, FIN, ACK flags. XMAS and NULL scanning. 5. Research and detection of vulnerabilities in the system under attack. Implementation of attacks. SMB protocol. 6. Protection of computer networks using network screens (ME). ME components. Packet filter. Shielding agent. Shielding transport. Shielding gateway. Network Shielding Policy. Architecture of ME. The task of ME design. 7. Network Address Translation (NAT) technology. Address vectorization technology. Dynamic Address Technology (DNAT). 8. Attack detection systems (ADS). Signature analysis. Detection of anomalies in system behavior. Local and network attack detection systems. Snort SVA. 9. Virtual Private Networks (VPN). VPN tunneling. Levels of secure channels. Information protection at the channel, network and transport levels. 10. Directory service. LDAP protocol. KERBEROS authentication protocol. 11. Audit of information security of computer networks. Network scanning methods.
Assessment methods and criteria: Written reports on laboratory work, the verbal questioning (40%). Final assessment (60 %, control method, exam): written-verbal form (60%).
Критерії оцінювання результатів навчання: The semester grade is issued on the condition that the student completes the study plan. The semester grade is formed from the results of current monitoring of laboratory work and semester testing. The result of the semester testing is the product of the result of the semester test in the virtual learning environment and the coefficient of the lecture tests in the virtual learning environment. Maximum score in points - 100. Current control - 40. Examination control: written component - 50, verbal component - 10.
Порядок та критерії виставляння балів та оцінок: 100–88 points – (“excellent”) is awarded for a high level of knowledge (some inaccuracies are allowed) of the educational material of the component contained in the main and additional recommended literary sources, the ability to analyze the phenomena being studied in their interrelationship and development, clearly, succinctly, logically, consistently answer the questions, the ability to apply theoretical provisions when solving practical problems; 87–71 points – (“good”) is awarded for a generally correct understanding of the educational material of the component, including calculations, reasoned answers to the questions posed, which, however, contain certain (insignificant) shortcomings, for the ability to apply theoretical provisions when solving practical tasks; 70 – 50 points – (“satisfactory”) awarded for weak knowledge of the component’s educational material, inaccurate or poorly reasoned answers, with a violation of the sequence of presentation, for weak application of theoretical provisions when solving practical problems; 49-26 points - ("not certified" with the possibility of retaking the semester control) is awarded for ignorance of a significant part of the educational material of the component, significant errors in answering questions, inability to apply theoretical provisions when solving practical problems; 25-00 points - ("unsatisfactory" with mandatory re-study) is awarded for ignorance of a significant part of the educational material of the component, significant errors in answering questions, inability to navigate when solving practical problems, ignorance of the main fundamental provisions.
Recommended books: 1. Stallings W. Cryptography and Network Security: Principles and Practice (7th Edition). Pearson, February 2016. 2. Schneier B. Applied Cryptography: Protocols, Algorithms and Source Code in C. Wiley, March 2015. 5. Ємець В., Мельник А., Попович Р. Сучасна криптографія. Основні поняття. Львів: БаК, 2003. 6. Blokdyk G., VPN Third Edition. 5STARCooks, August 2021. 7. Brotherston L., Berlin A. Defensive Security Handbook. O'Reilly, April 2017.
Уніфікований додаток: Lviv Polytechnic National University ensures the realization of the right of persons with disabilities to obtain higher education. Inclusive educational services are provided by the Service of accessibility to learning opportunities "Without restrictions", the purpose of which is to provide permanent individual support for the educational process of students with disabilities and chronic diseases. An important tool for the implementation of the inclusive educational policy at the University is the Program for improving the qualifications of scientific and pedagogical workers and educational and support staff in the field of social inclusion and inclusive education. Contact at: St. Karpinsky, 2/4, 1st floor, room 112 E-mail: Websites:
Академічна доброчесність: The policy regarding the academic integrity of the participants of the educational process is formed on the basis of compliance with the principles of academic integrity, taking into account the norms "Regulations on academic integrity at the Lviv Polytechnic National University" (approved by the academic council of the university on June 20, 2017, protocol No. 35).