1. The Palestinian eGovernment Academy www.egovacademy.ps Tutorial 5: Information Security Session 0 Outline and MotivationReviewed byProf. David Chadwick and Prof. Hani Ragab Hassan, Kent University, UK PalGov 20111

2. AboutThis tutorial is part of the PalGov project, funded by the TEMPUS IV program of theCommission of the European Communities, grant agreement 511159-TEMPUS-1-2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.psProject Consortium: Birzeit University, Palestine University of Trento, Italy (Coordinator ) Palestine Polytechnic University, Palestine Vrije Universiteit Brussel, Belgium Palestine Technical University, Palestine Universit de Savoie, France Ministry of Telecom and IT, Palestine University of Namur, Belgium Ministry of Interior, Palestine TrueTrust, UK Ministry of Local Government, PalestineCoordinator:Dr. Mustafa JarrarBirzeit University, P.O.Box 14- Birzeit, PalestineTelfax:+972 2 2982935 mjarrar@birzeit.eduPalGov 2011 2 3. Copyright NotesEveryone is encouraged to use this material, or part of it, but should properlycite the project (logo and website), and the author of that part.No part of this tutorial may be reproduced or modified in any form or by anymeans, without prior written permission from the project, who have the fullcopyrights on the material. Attribution-NonCommercial-ShareAlikeCC-BY-NC-SAThis license lets others remix, tweak, and build upon your work non-commercially, as long as they credit you and license their new creationsunder the identical terms.PalGov 2011 3 4. Tutorial 5: Session 0 - ILOsAfter completing this session you will be ableto:Learn about the Security tutorialsessions and content. Learn about the training sessions schedule/content. PalGov 2011 4 5. Tutorial 5:Information SecurityIntroduction to Inf. Security TutorialTutorial Outline: Inf. Security Intended LearningOutcomes and Objectives. Training Sessions OutlinePalGov 20115 6. Tutorial 5: Information SecuritySecurity Intended Learning OutcomesThis tutorial is designed to provide theparticipants with: Understanding of the conceptsunderlying Secure Information Systems. Experience in the use of security toolsand techniques to build secure systems. Hands-on experience in the design andimplementation of secure systems.PalGov 2011 6 7. Tutorial 5: Security Learning Objectives (1) Understand the importance of taking a systems wide approach to maintaining information security, and the balance between risk and expenditure. Have an understanding of the threats facedby computer operating systems,applications and networks (especially theInternet) and the various countermeasuresthat can be used; Have a basic understanding of thealgorithms used inPalGov 2011cryptography; 7 8. Tutorial 5: Security Learning Objectives (2) Understand the motivation, design,operation and management of modernsystems for encryption, authentication,authorization and identification. Have an understanding of the varioustechniques used in identity management; The ability to analyze the informationsecurity requirements of an organization. Skills to use the appropriate softwaretools, techniques and packages toproduce and develop security systems. PalGov 20118 9. Tutorial 5: Security Learning Objectives (3) Be able to make informed choices of theappropriate security measures to put intoplace for a given network, operatingsystem or application; Be able to undertake practical exercisesrelated to securing computer systems; The ability to critically appraise anexisting secure system (from anarchitectural point of view)PalGov 2011 9 10. Tutorial 5: Training Sessions Session 1 : Introduction to E-government security andISO 27000 standards. Session 2: Internet Risks and Attacks Session 3: Authentication Session 4: Authentication Lab Session 5: Certificates and Biometric Authentication Session 6: Certificates and Https Lab Session 7: Firewalls and VPN Session 8: Firewalls and VPN and Biometric Lab Session 9: Federated Identity Management (FIM). Session 10.1: Wireless Security (from session 12) Session 10: Wireless Security Lab Session 11: Access Control Session 12: Auditing and Wireless security PalGov 201110 11. Security Tutorial Time Table / Topics ScheduleRun 1: 21/2/2012 - 11/3/2012 Day 1Tuesday 21 / 2/ 20128:30 - 16:30 Topics ApproxInstructor Number of HoursSessions 0 and 1 : Introduction Security Tutorial outline0.5 Dr. Radwan Tahboub E-governments and security 1.5 Introduction to security and threats (CIA)o Break (5 minutes) ISO 27000 standards. 1.5Lunch Break (20 minutes) Session 2: Internet Risks and Attacks Attacks on Internet Stack (routing, IP, DNS, 1.5 Dr. Mohammad JubranUDP. DOS and DDOS 0.5 o Break (5 minutes) Symmetric and Asymmetric Cryptography. 2.0 PalGov 2011 11 12. Security Tutorial Time Table / Topics ScheduleRun 1: 21/2/2012 - 11/3/2012Day 2 Sunday 26/2/2012 8:30 16:30TopicsApprox NumberInstructor of Hours Session 5: Certificates and Biometric Authentication Dr. Mohammad Jubran PKI and X.509 1 SSL/TLS and IPSEC 1 o Break (5 minutes) Biometric authentication and smart cards.1.5Lunch Break (20minutes)Session 3: Authentication Authentication (symmetric and asymmetric 1.5Dr. Radwan Tahboub One time password)1o Break (5 minutes) Introduction to LDAP 1.5PalGov 2011 12 13. Security Tutorial Time Table / Topics ScheduleRun 1: 21/2/2012 - 11/3/2012 Day 3Tuesday 28/2/20128:30 16:30 Topics ApproxInstructor Number of HoursSession 4: Authentication Lab Install apache and use basic authentication and hashed 1.5 Eng. Ghannam Aljabarypassword files.o Break (5 minutes)Supervised by Basic authentication 1 Dr. Mohammad Jubran Open SSL certificate and certificate authority 1 Lunch Break (20minutes)Session 6: Certificates and HTTPS Lab Apache with LDAP authentications.1 Eng. Ghannam Aljabary SSL practical (basic authentication over SSL,1.5HTTPS) Supervised byo Break (5 minutes)Dr. Mohammad Jubran Install open LDAP1.5 Apache with LDAP authenticationsPalGov 201113 14. Security Tutorial Time Table / Topics ScheduleRun 1: 21/2/2012 - 11/3/2012Day 4 Sunday 4/3/2012 8:30 16:30 Topics ApproxInstructor Number ofHours Session 7: Firewalls and VPN Firewalls1.5 Dr. Nael Salman VPNs 1 o Break (5 minutes) 1 Microsoft Firewall Lunch Break (20minutes)Session 11: Access Control Introduction to Access control 2 Dr. Radwan Tahboubo Break (5 minutes) Database Security at a glance1.5PalGov 201114 15. Security Tutorial Time Table / Topics ScheduleRun 1: 21/2/2012 - 11/3/2012Day 5 Tuesday 6/3/2012 8:30 16:30 TopicsApproxInstructorNumber of Hours Session 9: Introduction to FIM Federated Identity Management. (FIM)Dr. Radwan TahboubLunch Break (20minutes) Session 12: Other Issues Security Auditing 1.5 Dr. Radwan Tahboub o Break (5 minutes) Wireless Security Protocols 2.5PalGov 201115 16. Security Tutorial Time Table / Topics Schedule Run 1: 21/2/2012 - 11/3/2012Day 6 Sunday 11/3/2012 8:30 16:30 Topics ApproxInstructor Number ofHours Session 10: Wireless Lab Wireless Security Access Points1.5 Eng. Ghannam Aljabary o Break (5 minutes) Supervised by Wireless Security Authentication Protocols 2.5 Dr. Radwan Tahboub(WEP, WPA, WPA-RADIUS)Lunch Break (20minutes) Session 8: Firewalls Lab Fingerprints authentications (Demo). 1 Eng. Ghannam Aljabary o Break (5 minutes) Supervised by Firewall installation. 2.0 Dr. Nael Salman PalGov 2011 16 17. Other DaysPlease See the Security TutorialTime Table File in the Drop Box PalGov 2011 17 18. Thanks Radwan TahboubPalGov 2011 18