Network Security (ET4397IN)
About this course
We are living in a time where many aspects of our lives are influenced by computers, and with devices and systems getting connected, proper network security is of the utmost importance. Existing IT systems need to be hardened to withstand a new threat landscape, and security has to become an integral part of everything that is newly developed. In this course, you learn the principles of network and communication security, covering secure design across the entire networking stack starting from securing the flow of bits and network hardware to detection and control at the application layer. You will learn the concepts and fundamental reasoning behind today’s security designs, review common threats to today’s networks, and understand specific detection and mitigation techniques.
ET4397IN Network Security covers
- basic risk management techniques to evaluate the threat profile of an organization and its network,
- strategies the adversaries use to get in,
- vulnerabilities of networking protocols at the physical, link, network, transport and application layer,
- the background to evaluate and design you own security solutions,
- attacks and defense techniques in both theory and practice.
This course targets MSc students in the computer science, electrical engineering, telecom, embedded systems, and computer engineering programs. As prerequisite, a prior course on computer networks is expected.
Also available as 10 EC versionIf you want to go deeper in network security, there is also a 10 ECTS course on network security. Running in parallel to this course, CS4155 - Advanced Network Security has 7 hours of lectures and labs per week.
Course ContentThe following shows the topics discussed in ET4397IN, the material that is additionally covered in CS4155 is marked in blue:
Physical Layer Security
How are telecom networks made? Protection strategies for cables, wireless links and physical installations. Network resilience planning strategies of network operators to withstand disasters and solve infrastructure dependencies. Benefits and limits of physical layer security: or how the bad guys can still tap into communication; Secure (network) device lifecycle management
Link Layer Security
How the Ethernet link layer works and why it is so insecure! Switch design and switch protocols. Port security, VLANs. The 802.11 protocol suite, WEP and WPS. WPA2, WPS, 802.1X port-based network access control, 802.1AE MAC security. The security of GSM and telecom networks.
Best network design practices. How to do network reconnaissance. Address spoofing and associated network attacks. Hijacking the DNS system and effective detection and protection techniques. Secure and Covert Tunnels. IPSec. The policy origin of the Internet and how it influences the deployment of controls. BGP, RPKI and BGPSec.
Reconnaissance and attacks using the TCP protocol. Secure Sockets Layer and Chains of Trust. Certificate transparency and selected SSL/TLS attacks.
Application and Web Security
Using software vulnerabilities to gain system access. Finding adversaries with Intrusion Detection Systems and Honeypots. Theory and Practice of Firewalls. Security of E-Mail and VoIP, telephony, and messager security protocols.
Meta-data leakages of network protocols. Mix networks and onion routing
Risk Incident Management
Developing a risk management plan. Cyber threat intelligence management and integration. Network incident response and fundamentals of bsiness continuity management.
...enriched with many case studies, demos and hands-on exercises:Physical Layer: tap into copper and fiber optic cables, wireless signal recovery and emulation
Link Layer: Detect and protect against CAM Table Attacks, 5 ways to compromize a WiFi network, IMSI Catchers and how to intercept GSM calls
Network Layer: Perform network reconnaissance, secure a DNS system against attacks, DDoS filtering
Transport Layer: Detect attackers exploiting heart bleed
Application Layer: See and analyze the real-time (!) attack traffic against TU - what sticks in our TU honeypot, determining the content of an SSL-encrypted web session (unpublished research), build a backdoor into a random number generator and read the content of encrypted traffic