Lecture: Network Security

You want to know how today’s attacks against networks work? You want to learn about countermeasures and how to secure your network? Then this is your lecture! The lecture introduces actual threats on and attacks against computer networks (e.g. worms, bot-nets). You will gain a practical insight into their functioning and damage potential. During the lecture, you will be hacking systems yourself, but also learn about security protocols and state-of-the-art defense measures, including Intrusion Detection Systems and Honeypots. So, if you are interested in network security and willing to work, we would be happy to see you in the first lecture.




  • Term: Master
  • Requirements: Content of "High Performance Networking" is a prerequisite. Basic programming skills (see below).
  • Faculty: MA-INF 3201; B-IT Media Informatics;
  • Effort: 2.0 L + 2.0 E / 6CP(MA); 4CP(B-IT MI);
  • Follow-up/Side-events: A seminar will take place at the end of the lecture period. Subsequent to lectures "High Performance Networking" and "Network Security" participating in a lab is possible.


The first lecture will be held on Thu, 14.04.2016.

The first exercise will be held on Thu, 28.04.2016.


Required Programming Skills

The lecture Network Security teaches security from a very practical point of view. This includes hands-on exercises, hacks and the development of countermeasures. For students participating in the lecture it is mandatory to have basic programming skills. We are providing a self-test, which shows the level of your skills and tells you if you are capable to deal with the practical tasks.

Application for an account in the Network Security Lab

Please see "Information on Tutorials/Exercises" below.

Slides and Presentations

ChapterPDF Files

0 – Preface

0.5 - Supplement: Recent Security Issues

Slides 1-23

Slides 1-22

1 – Introduction

  •  Internet history: ARPAnet and security
  •  Security Risks
  •  Spoofing
  •  Brute Force Attacks
  •  Denial of Service
  •  MANET attacks
  •  and many more...

Slides 1-26

2 – Attack Overview

Protocol Attacks
  •  TCP Refresher
  •  Session Hijacking
  •  (TCP) DoS Attacks
  •  The RST Attack
  •  DNS Spoofing

Slides 1-21

Slides 22-38

3 – Attack Vector SQL Injection

Slides 1-19

4 – Cryptography

Basics & Networking Applications

  • symmetric, asymmetric, hybrid encryption
  • stream ciphers, block ciphers
Integrity Protection
  • Hash functions
  • HMAC
  • Certificates
  • Certificate Authorities
Application: PGP

Slides 1-74

5 – Building Secure Channels

Authenticated Encryption Schemes
  • Provide both Data Origin Authentication and Data Integrity
  • Common schemes have potentially severe security flaws
  • Weakness is most often caused by CBC properties
Key Generation and Key Exchange
  • Three important rules of thumb
  • Downgrade, Denial-of-Service, and Replay-Attack
  • The importance of Nonces
Key Hierarchy and Key Management
  • Deriving Master and Session Keys
  • Typical workflow for key generation with TLS example
Attacks on Protocols
  • Schemes
  • TLS, SSH

Slides 1-17

 6 – Authentication

Authentication Protocols:
  • Basic authentication protocols like CHAP are still in use.
  • RADIUS is the de facto standard for user authentication.
EAP and IEEE 802.1x:
  • IEEE 802.1x is used to control access at network device level.
  • EAP specifies a general authentication framework.
WLAN Security:
  • EAP-TLS is the prevalent authentication framework in modern WLAN.

Slides 1-22

 7 – Network Infrastructure

Network Infrastructure and Management
  • Network Management Concepts
  • SNMP
Layer 2 Security
  • Layer 2 Overview
  • Spanning Tree Operation and Security
  • VLAN Concepts and Management
  • VLAN Security
  • ARP, DHCP Security

Slides 1-20

8 – Firewalls

Cisco Access Control Lists
  • Stateless filtering = Standard and Extended ACL
  • Dynamic filtering = Reflexive ACL
  • Stateful filtering = Context-Based ACL
  • Cisco like ACL can be found in many network devices
  • ACL typically processed in wire speed
UNIX Netfilter
  • Non-intuitive scheme of chains and tables
  • Fixed workflow through chains
  • Flexibility achieved by calling tables in chains
Network Address Translation (NAT)
  • Address pooling and masquerading
  • Load balancing
  • Examples with iptables

Slides 1-41

9 – Malware spreading

  • Ways to infect computers with malware
  • Internet Worms: History and Examples
  • Social Engineering
  • Drive-by downloads

Slides 1-66

10 – Botnets

Slides 1-16

11 – Attack Vector Buffer Overflow

Slides 1-37

Assignment Sheets

Information on Tutorials/Exercises: undefinedExercise-Organization.pdf

Information on "SecLab", our security laboratory: undefinedseclabinfo.pdf

How to cite correctly: undefinedhow_to_cite_correctly.pdf

Publication DatePDF FileSupplementary MaterialSubmission DeadlineScheduled Exercise
Thu, 14.04.2016undefinedAssignment Sheet 1none: voluntary sheetThu, 28.04.2016
Thu, 28.04.2016undefinedAssignment Sheet 2
undefinedtraffic.pcapTue, 10.05.2016  23:59:59Thu, 12.05.2016
Thu, 12.05.2016undefinedAssignment Sheet 3Tue, 24.05.2016  23:59:59Thu, 02.06.2016
Thu, 26.05.2016undefinedAssignment Sheet 4undefinedsniffer.pyTue, 07.06.2016  23:59:59Thu, 09.06.2016
Thu, 09.06.2016undefinedAssignment Sheet 5Tue, 21.06.2016  23:59:59Thu, 23.06.2016
Thu, 23.06.2016undefinedAssignment Sheet 6
Tue, 05.07.2016  23:59:59Thu, 07.07.2016
Mon, 11.07.2016undefinedAssignment Sheet 7
none: voluntary sheetThu, 21.07.2016