Credits: 5EC
Motivation: Communication and networking systems are a key enabler for today’s society. This course provides a comprehensive review of the most important concepts, attack and defense methods, and best practices in computer and network security. Its goal is to equip students with the necessary background to understand the functioning of communication systems and services, and to critically reflect upon and improve the security of computer and communication systems.
Synopsis: In this course, students will obtain the knowledge and hands-on experience to secure networking and communication systems. The course will review how common communication systems and services are built, and how various components and services have to work together to provide a working infrastructure. Discussion in the course will not only cover the way things currently are, but following the conversation classroom and constructivist paradigm collaboratively also investigate the reasoning behind existing design decisions as well as exploring the pros and cons of alternative designs, enabling students for a deeper critique of security practices and current and future network designs.
Students will gain both theoretical knowledge and hands-on experience on network attacks and defence methods. They will practice offensive capabilities with existing exploitation and attack suites, learn how to detect issues using active and passive measurements and how to implement proper defences. Knowledge activation and the transfer from theoretical understanding towards practical experience will be further facilitated by students implementing their own attack tools on select topics, as well as conducting measurements on the effectiveness of attack and defence schemes.
As the chain is only as strong as the weakest link, the course extends beyond a security analysis of end user applications and approaches network security from all layers of the networking and system stack. The focus of the course is to obtain an integrated knowledge of the various angles and components which need to be hardened individually to create a globally secure system, and make the bridge from protocols also towards their actual implementations.
Teaching Method: Network Security is taught interactively using the constructivist approach and utilizing PER/CSER-techniques such as peer instruction and the conversational classroom. The classes will focus on the discussion and analysis of networking systems and the collaborative critique of attack and defence strategies, augmented with live demos. Students gain additional hands-on experience using supplemental labs, which are conducted online or at home. The course will include live and online demos and practice sessions in a lab setting and homework.
Learning outcomes: The student will acquire:
- A deep understanding of the way networks and their services are designed, the underlying design decisions, and the interplay between the different components.
- Insights into how networking systems may be disturbed by accidents, disasters and intentional attackers; both existing vectors and future, currently not pursued methods are considered.
- Hands-on experience in using attack tools, and the ability to identify and explain on-going attacks using measurement data.
- Skills and practice to translate understanding of networking systems and their vulnerabilities into concrete self-built attack and defence tools.
- Ability to critique current network defence strategies and build and evaluate multi-layer communication network security.
Lecturers: Dr Apostolis Zarras, Dr Kaitai Liang, and Prof George Smaragdakis (TUD)
Examination: The final grade is composed of three parts: 1) students earn points by completing a series of exercises, implementing and detecting common networking attacks; 2) student independently conduct a literature review essay and independent research project about a network security-related topic (security protocols, network interception techniques, reconnaissance methods, attack vectors, etc.).
Contents: The course will discuss existing current and potential theoretical vulnerabilities of networking systems across all layers, starting from the physical layer to the application layer, review what effects accidents, disasters or intentional perturbations will have and they could be protected against. The topics covered per layer are:
Physical Layer: Intercepting and Wiretapping Traffic, Router Modifications, Network Planning, SLRG, Infrastructure Dependencies
Link Layer: CAM Flooding, VLANs, ARP Spoofing, 802.11, 802.1X, WPAN networks, Mobile communications and Telecom Systems
Network Layer: Network Design Practices and Security Consideration, Remote Reconnaissance, IP Spoofing, Fragmentation and Amplification Attacks, Traffic Interception, VPN, Rogue Network Services, DHCP, DNS Poisioning and DNSSec, Interdomain Security
Transport Layer: TCP attacks, concepts of SSL and TLS and their vulnerabilities
Application Layer: Application Fingerprinting, Intrusion Detection Systems, NG-Firewalls, Exploitation Tools (metasploit, ettercap etc.), L7 vs L4 encryption, side-channel attacks against secure traffic, anonymizing proxies
Core text: Christian Doerr, “Network Security in Theory and Practice”, 2019.