Lecture: Network Security

You want to know how today’s attacks against networks work? You want to learn about countermeasures and how to secure your network? Then this is your lecture! The lecture introduces actual threats on and attacks against computer networks (e.g. worms, bot-nets). You will gain a practical insight into their functioning and damage potential. During the lecture, you will be hacking systems yourself, but also learn about security protocols and state-of-the-art defense measures, including Intrusion Detection Systems and Honeypots. So, if you are interested in network security and willing to work, we would be happy to see you in the first lecture.

Course:

Exercises:

Other:

  • Term: Master Computer Science
  • Requirements: Content of "High Performance Networking" is prerequisite. Basic programming skills (see below).
  • Faculty: MA-INF 3201; B-IT Media Informatics;
  • Effort: 2.0 L + 2.0 E / 6CP(MA); 4CP(B-IT MI);
  • Follow-up/Side-events: A seminar will take place at the end of the lecture period. Subsequent to lectures "Data Communication and Internet Technology" and "Network Security" participating in a lab is possible.

Announcements

The first lecture will be held on Thu, 09.04.2015. The first exercise will be held on Thu, 23.04.2015.

Remarks

Required Programming Skills

The lecture Network Security teaches security from a very practical point of view. This includes hands-on exercises, hacks and the development of countermeasures. For students participating in the lecture it is mandatory to have basic programming skills. We are providing a self-test, which shows the level of your skills and tells you if you are capable to deal with the practical tasks.

Application for an account in the Network Security Lab

Please see "Information on Tutorials/Exercises" below.

Slides and Presentations

ChapterPDF Files

0 – Preface

undefinedSlides 1-22

1 – Introduction

  •  Internet history: ARPAnet and security
  •  Security Risks
  •  Spoofing
  •  Brute Force Attacks
  •  Denial of Service
  •  MANET attacks
  •  and many more...
undefinedSlides 1-25

2 – Attack Overview

Protocol Attacks
  •  TCP Refresher
  •  Session Hijacking
  •  (TCP) DoS Attacks
  •  The RST Attack
  •  DNS Spoofing
undefinedSlides 1-38

3 – Attack Vector SQL Injection

undefinedSlides 1-18

4 – Cryptography

Basics & Networking Applications

Encryption
  • symmetric, asymmetric, hybrid encryption
  • stream ciphers, block ciphers
Integrity Protection
  • Hash functions
  • HMAC
Authentication
  • Certificates
  • Certificate Authorities
Application: PGP

undefinedSlides 1-74

5 – Building Secure Channels

Authenticated Encryption Schemes
  • Provide both Data Origin Authentication and Data Integrity
  • Common schemes have potentially severe security flaws
  • Weakness is most often caused by CBC properties
Key Generation and Key Exchange
  • Three important rules of thumb
  • Downgrade, Denial-of-Service, and Replay-Attack
  • The importance of Nonces
Key Hierarchy and Key Management
  • Deriving Master and Session Keys
  • Typical workflow for key generation with TLS example
Attacks on Protocols
  • Schemes
  • TLS, SSH
undefinedSlides 1-32

 6 – Authentication

Authentication Protocols:
  • Basic authentication protocols like CHAP are still in use.
  • RADIUS is the de facto standard for user authentication.
EAP and IEEE 802.1x:
  • IEEE 802.1x is used to control access at network device level.
  • EAP specifies a general authentication framework.
WLAN Security:
  • EAP-TLS is the prevalent authentication framework in modern WLAN.
undefinedSlides 1-43

 7 – Network Infrastructure

Network Infrastructure and Management
  • Network Management Concepts
  • SNMP
Layer 2 Security
  • Layer 2 Overview
  • Spanning Tree Operation and Security
  • VLAN Concepts and Management
  • VLAN Security
  • ARP, DHCP Security
undefinedSlides 1-34

8 – Firewalls

Cisco Access Control Lists
  • Stateless filtering = Standard and Extended ACL
  • Dynamic filtering = Reflexive ACL
  • Stateful filtering = Context-Based ACL
  • Cisco like ACL can be found in many network devices
  • ACL typically processed in wire speed
UNIX Netfilter
  • Non-intuitive scheme of chains and tables
  • Fixed workflow through chains
  • Flexibility achieved by calling tables in chains
Network Address Translation (NAT)
  • Address pooling and masquerading
  • Load balancing
  • Examples with iptables
undefinedSlides 1-40

9 – Malware spreading

  • Ways to infect computers with malware
  • Internet Worms: History and Examples
  • Social Engineering
  • Drive-by downloads
undefinedSlides 1-66

10 – Botnets

undefinedSlides 1-17

11 – Attack Vector Buffer Overflow

undefinedSlides 1-37

Assignment Sheets

Information on Tutorials/Exercises: undefinedNetSec-Exercises-2015.pdf

Information on "SecLab", our security laboratory: undefinedseclabinfo.pdf

Publication DatePDF FileSupplementary MaterialSubmission DeadlineScheduled Exercise
Thu, 23.04.2015undefinedAssignment Sheet 1undefinedattack-trace.pcapTue, 05.05.2015 23:59:59 CESTThu, 07.05.2015
Thu, 07.05.2015undefinedAssignment Sheet 2
Tue, 19.05.2015 23:59:59 CESTThu, 21.05.2015
Thu, 21.05.2015undefinedAssignment Sheet 3
undefinedsniffer.pyTue, 02.06.2015 23:59:59 CESTWed, 03.06.2015
Thu, 04.06.2015undefinedAssignment Sheet 4
Tue, 16.06.2015 23:59:59 CESTThu, 18.06.2015
Thu, 18.06.2015undefinedAssignment Sheet 5
undefinedtraffic.pcap
undefinedwhat_happened.pcap
Tue, 30.06.2015 23:59:59 CESTThu, 02.07.2015
Thu, 02.07.2015undefinedAssignment Sheet 6none, sheet is voluntaryThu, 16.07.2015