Lecture: Network Security

You want to know how today´s attacks against networks work? You want to learn about countermeasures and how to secure your network? Then this is your lecture! The lecture introduces actual threats on and attacks against computer networks (e.g. worms, bot-nets). You will gain a practical insight into their functioning and damage potential. During the lecture, you will be hacking systems yourself, but also learn about security protocols and state-of-the-art defense measures, including Intrusion Detection Systems and Honeypots. So, if you are interested in network security and willing to work, we would be happy to see you in the first lecture.




  • Term: Master Computer Science, Diploma (Graduate)
  • Requirements: Content of "High Performance Networking" is prerequisite. Basic programming skills (see below)
  • Faculty: MA-INF 3201; old DPO: B,C; new DPO: B
  • Effort: 2.0 L + 2.0 E
  • Follow-up/Side-events: A seminar will take place at the end of the lecture period. Subsequent to lectures "Data Communication and Internet Technology" and "Network Security" participating in a lab is possible.


some remarks that have been later added to this page.

Examination dates:

26.07.2012 + 27.07.2012 - First Try A
09.08.2012 + 10.08.2012 - First Try B
27.09.2012 + 28.09.2012 - Second Try


12.04.2012: The second lecture on 12.04.2012 will not be held in room II.27 but in HS III.03. This is a temporary change required by the size of the group.

02.04.2012: The first lecture on 05.04.2012 will not be held in room II.27 but in HS III.03a. This is a one-time change required by other activities in the building.

About the lecture

Location: LBH, room II.27

Master: According to the changes 03/2010 of the Master Examination Regulation 2008, this module counts as 2L + 2E with a total of 6 credits.

B-IT Master: only 4 credits.

Diplom/DPO2003: please see the German version of this web page if you plan to participate in this lecture for Diplom [B1].

Required Programming Skills

The lecture Network Security teaches security from a very practical point of view. This includes hands-on exercises, hacks and the development of countermeasures.

For students participating in the lecture it is mandatory to have basic programming skills. We are providing a self-test, which shows the level of your skills and tells you if you are capable to deal with the practical tasks.

Application for an account in the Network Security Lab

To apply for an account in the Network Security Lab, please write an e-mail to Daniel Plohmann.
Your e-mail should contain your full name and your usual unix/windows login name used in the university network.
With your application, you also accept the Terms of Use.

Slides and Presentations

Access to the files requires a username and password. Both will be announced in the first lecture.


0 – Preface

Slides 1-23 (1.686.742 Bytes)
slides 1-9 (750.918 Bytes)
slides 10-23 (948.204 Bytes)

1 – Introduction

  • Internet history: ARPAnet and security
  • Security Risks
  • Spoofing
  • Brute Force Attacks
  • Denial of Service
  • MANET attacks
  • and many more…
Slides 1-23 (350.500 Bytes)

2 – Attack Overview

Protocol Attacks

  • TCP Refresher
  • Session Hijacking
  • TCP DoS Attacks
  • The RST Attack
  • DNS Spoofing
Slides 1-35 (1.514.247 Bytes)
slides 1-28 (653.128 Bytes)
slides 29-35 (871.545 Bytes)

3 – Attack Vector SQL Injection

Slides 1-19 (243.353 Bytes)

4 – Cryptography Basics & Networking Applications

  • symmetric, asymmetric, hybrid encryption
  • stream ciphers, block ciphers
Integrity Protection
  • Hash functions
  • HMAC
  • Certificates
  • Certificate Authorities
Application: PGP
Slides 1-73 (756.905 Bytes)

5 – Security Protocols

Slides 1-26 (266.550 Bytes)

6 – Building Secure Channels

Authenticated Encryption Schemes
  • Provide both Data Origin Authentication and Data Integrity
  • Common schemes have potentially severe security flaws
  • Weakness is most often caused by CBC properties
Key Generation and Key Exchange
  • Three important rules of thumb
  • Downgrade, Denial-of-Service, and Replay-Attack
  • The importance of Nonces
Key Hierarchy and Key Management
  • Deriving Master and Session Keys
  • Typical workflow for key generation with TLS example
Attacks on Protocols
  • Schemes
  • TLS, SSH
Slides 1-27 (353.688 Bytes)

7 – Authentication

Authentication Protocols:
  • Basic authentication protocols like CHAP are still in use.
  • RADIUS is the de facto standard for user authentication.
EAP and IEEE 802.1x:
  • IEEE 802.1x is used to control access at network device level.
  • EAP specifies a general authentication framework.
WLAN Security:
  • EAP-TLS is the prevalent authentication framework in modern WLAN.
Slides 1-43 (531.960 Bytes)

8 – Internet Worms

  • Worms and Viruses
  • Internet Worms: History
  • Worm Examples
  • Worm Simulation
  • Worm Detection
Slides 1-61 (747.182 Bytes)

9 – Botnets

Slides 1-17 (374.706 Bytes)

10 – Firewalls, Part I

Slides 1-20 (590.006 Bytes)

10 – Firewalls, Part II

  • Cisco Access Control Lists
  • UNIX iptables
  • Network Address Translation (NAT)
Slides 1-20 (147.797 Bytes)

11 – Attack Vector Buffer Overflow

Slides 1-37 (659.432 Bytes)

12 – Network Infrastructure

Network Infrastructure and Management
  • Network Management Concepts
  • SNMP
Layer 2 Security
  • Layer 2 Overview
  • Spanning Tree Operation and Security
  • VLAN Concepts and Management
  • VLAN Security
  • ARP, DHCP Security
Slides 1-34 (304.247 Bytes)


Assignment Sheets

The PDF-Files can be viewed and printed with Acrobat Reader. The program is available for free and installed on nearly all hosts of the institute.

Information on Tutorials/Exercises

Information on "SecLab", our security laboratory

publication datePDF-file Supplementary Slides Further InformationSubmission Deadlinescheduled exercise
12.04.2012sheet 1 23.04.2012 - 23:5926.04.2012 - 15:00
26.04.2012sheet 2 07.05.2012 - 23:5910.05.2012 - 15:00
10.05.2012sheet 3 PCAP of Attack Trace21.05.2012 - 23:5924:05.2012 - 15:00
24.05.2012sheet 4


11.06.2012 - 23:5914.06.2012 - 15:00
14.06.2012sheet 5 sherlock.txt25.06.2012 - 23:5928.06.2012 - 15:00
28.06.2012sheet 6 09.06.2012 - 23:5912.06.2012 - 15:00
12.07.2012sheet 7 --------------------