About this course

We are living in a time where many aspects of our lives are influenced by computers, and with devices and systems getting connected, proper network security is of the utmost importance. Existing IT systems need to be hardened to withstand a new threat landscape, and security has to become an integral part of everything that is newly developed. In this course, you learn the principles of network and communication security, covering secure design across the entire networking stack starting from securing the flow of bits and network hardware to detection and control at the application layer. You will learn the concepts and fundamental reasoning behind today’s security designs, review common threats to today’s networks, and understand specific detection and mitigation techniques.

ET4397IN Network Security covers

  • basic risk management techniques to evaluate the threat profile of an organization and its network,
  • strategies the adversaries use to get in,
  • vulnerabilities of networking protocols at the physical, link, network, transport and application layer,
  • the background to evaluate and design you own security solutions,
  • attacks and defense techniques in both theory and practice.

This course targets MSc students in the computer science, electrical engineering, telecom, embedded systems, and computer engineering programs. As prerequisite, a prior course on computer networks is expected.

Course Components

In-class demos
Evaluation: The course will be conducted as a mix of interactive lectures and demos. Your final grade is 60% from the exams and 40% from the weekly homeworks. It is possible to substitute the exam by completing your own network security-related mini project throughout the quarter. See the syllabus PDF for details.

Course Content

The following shows the topics discussed in ET4397IN, the material that is additionally covered in CS4155 is marked in blue:

Physical Layer Security

How are telecom networks made? Protection strategies for cables, wireless links and physical installations. Network resilience planning strategies of network operators to withstand disasters and solve infrastructure dependencies. Benefits and limits of physical layer security: or how the bad guys can still tap into communication; Secure (network) device lifecycle management

Link Layer Security

How the Ethernet link layer works and why it is so insecure! Switch design and switch protocols. Port security, VLANs. The 802.11 protocol suite, WEP and WPS. WPA2, WPS, 802.1X port-based network access control, 802.1AE MAC security. The security of GSM and telecom networks.

Network Layer

Best network design practices. How to do network reconnaissance. Address spoofing and associated network attacks. Hijacking the DNS system and effective detection and protection techniques. Secure and Covert Tunnels. IPSec. The policy origin of the Internet and how it influences the deployment of controls. BGP, RPKI and BGPSec.

Transport Layer

Reconnaissance and attacks using the TCP protocol. Secure Sockets Layer and Chains of Trust. Certificate transparency and selected SSL/TLS attacks.

Application and Web Security

Using software vulnerabilities to gain system access. Finding adversaries with Intrusion Detection Systems and Honeypots. Theory and Practice of Firewalls. Security of E-Mail and VoIP, telephony, and messager security protocols.


Meta-data leakages of network protocols. Mix networks and onion routing

Risk Incident Management

Developing a risk management plan. Cyber threat intelligence management and integration. Network incident response and fundamentals of bsiness continuity management.

...enriched with many case studies, demos and hands-on exercises:

Physical Layer: tap into copper and fiber optic cables, wireless signal recovery and emulation

Link Layer: Detect and protect against CAM Table Attacks, 5 ways to compromize a WiFi network, IMSI Catchers and how to intercept GSM calls

Network Layer: Perform network reconnaissance, secure a DNS system against attacks, DDoS filtering

Transport Layer: Detect attackers exploiting heart bleed

Application Layer: See and analyze the real-time (!) attack traffic against TU - what sticks in our TU honeypot, determining the content of an SSL-encrypted web session (unpublished research), build a backdoor into a random number generator and read the content of encrypted traffic