Lecture: Network Security

You want to know how today´s attacks against networks work? You want to learn about countermeasures and how to secure your network? Then this is your lecture! The lecture introduces actual threats on and attacks against computer networks (e.g. worms, bot-nets). You will gain a practical insight into their functioning and damage potential. During the lecture, you will be hacking systems yourself, but also learn about security protocols and state-of-the-art defense measures, including Intrusion Detection Systems and Honeypots. So, if you are interested in network security and willing to work, we would be happy to see you in the first lecture.

Course:

Exercises:

Other:

  • Term: Master Computer Science, Diploma (Graduate)
  • Requirements: Content of "High Performance Networking" is prerequisite. Basic programming skills (see below).
  • Faculty: MA-INF 3201; Media Informatics; old DPO: B,C; new DPO: B
  • Effort: 2.0 L + 2.0 E / 6CP(MA); 4CP(B-IT MI); 4CP(Diplom)
  • Follow-up/Side-events: A seminar will take place at the end of the lecture period. Subsequent to lectures "Data Communication and Internet Technology" and "Network Security" participating in a lab is possible.

Announcements

The first lecture will be held on Thu, April 18th 2013! The first exercise will take place on April 25th 2013!

Remarks

Required Programming Skills

The lecture Network Security teaches security from a very practical point of view. This includes hands-on exercises, hacks and the development of countermeasures. For students participating in the lecture it is mandatory to have basic programming skills. We are providing a self-test, which shows the level of your skills and tells you if you are capable to deal with the practical tasks.

Application for an account in the Network Security Lab

To apply for an account in the Network Security Lab, please write an e-mail to Rafael Uetz. Your e-mail should contain your full name and your usual unix/windows login name used in the university network. With your application, you also accept the Terms of Use.

Slides and Presentations

Access to the files requires a username and a password. Both will be announced in the first lecture.

ChapterPDF-Files

0 – Preface

Slides 1-23 (1.318.656 Bytes)

1 – Introduction

  • Internet history: ARPAnet and security
  • Security Risks
  • Spoofing
  • Brute Force Attacks
  • Denial of Service
  • MANET attacks
  • and many more…
Slides 1-24 (425.225 Bytes)

2 – Attack Overview

Protocol Attacks
  • TCP Refresher
  • Session Hijacking
  • TCP DoS Attacks
  • The RST Attack
  • DNS Spoofing
Slides 1-35 (1.531.012 Bytes)

3 – Attack Vector SQL Injection

Slides 1-19 (243.278 Bytes)

4 – Cryptography Basics & Networking Applications

Encryption
  • symmetric, asymmetric, hybrid encryption
  • stream ciphers, block ciphers
Integrity Protection
  • Hash functions
  • HMAC
Authentication
  • Certificates
  • Certificate Authorities
Application: PGP
Slides 1-73 (756.322 Bytes)

5 – Building Secure Channels

Authentication and Encryption

  • Authentication and Encryption
  • Authenticated Encryption Schemes
  • CBC Weakness
  • Security of Authenticated Encryption Schemes

Key Management

  • Common Threats for Key Exchange
  • Countermeasures
  • Key Hierarchy
  • Attacks on Protocols

undefinedSlides 1-27 (402.880 Bytes)

6 – Authentication

Authentication Protocols

  • Authentication Overview
  • Basic Authentication Protocols
  • RADIUS

Authentication Frameworks

  • EAP and IEEE 802.1x
  • Application to WLAN Security

undefinedSlides 1-43 (612.933 Bytes)

7 – Network Infrastructure

Network Infrastructure and Management

  • Network Management Concepts
  • SNMP

Layer 2 Security

  • Layer 2 Overview
  • Spanning Tree Operation and Security
  • VLAN Concepts and Management
  • VLAN Security
  • ARP, DHCP Security

undefinedSlides 1-34 (366.574 Bytes)

8 – Firewalls

Cisco Access Control Lists

  • Stateless filtering = Standard and Extended ACL
  • Dynamic filtering = Reflexive ACL
  • Stateful filtering = Context-Based ACL
  • Cisco like ACL can be found in many network devices
  • ACL typically processed in wire speed

UNIX iptables

  • Non-intuitive scheme of chains and tables
  • Fixed workflow through chains
  • Flexibility achieved by calling tables in chains

Network Address Translation (NAT)

  • Address pooling and masquerading
  • Load balancing
  • Examples with iptable

undefinedSlides 1-40 (729.457 Bytes)

9 – Internet Worms

  • Worms and Viruses
  • Internet Worms: History
  • Worm Examples
  • Worm Simulation
  • Worm Detection

undefinedSlides 1-61 (746.584 Bytes)

10 – Botnets

undefinedSlides 1-17 (363.273 Bytes)

11 – Attack Vector Buffer Overflow

undefinedSlides 1-37 (659.112 Bytes)

Assignment Sheets

The PDF files can be viewed and printed with Acrobat Reader. The program is undefinedavailable for free and installed on nearly all hosts of the institute.

Information on Tutorials/Exercises: undefinedPresentation [PDF] from 18.04.2013

Information on "SecLab", our security laboratory: undefinedInformation Sheet [PDF] from 18.04.2013

Publication DatePDF-fileSupplementary MaterialFurther InformationSubmission DeadlineScheduled Exercise
18.04.2013undefinedSheet 124.04.2013 23:59:59 CEST25.04.2013 15:00
25.04.2013undefinedSheet 2undefinedattack-trace.pcap01.05.2013 23:59:59 CEST02.05.2013 15:00
02.05.2013undefinedSheet 313.05.2013 23:59:59 CEST16.05.2013 15:00
16.05.2013undefinedSheet 4

03.06.2013 23:59:59 CEST

06.06.2013 15:00
06.06.2013undefinedSheet 517.06.2013 23:59:59 CEST20.06.2013 15:00
20.06.2013undefinedSheet 601.07.2013 23:59:59 CEST04.07.2013 15:00
04.07.2013undefinedSheet 715.07.2013 23:59:59 CEST18.07.2013 15:00