Tomas
Olovsson -
tomas.olovsson @ chalmers...
Pierre Kleberger - pk @ chalmers... (lab assistant, main contact for lab-related
issues)
Laleh Pirzadeh - laleh.pirzadeh @ chalmers... (lab assistant)
This course covers the underlying principles and techniques for network and communication security. Practical examples of security problems and principles for countermeasures are given. The course also surveys cryptographic and other tools used to provide security and reviews how these tools are utilized in protocols and applications.
Practical
applications of the techniques and principles are given. It surveys
cryptographic and other tools used to provide security and reviews how
these tools are utilized in protocols and applications. The course will
give the necessary knowledge to critically analyze and design secure
networks.
Recommended
prerequisites are the courses "Internet Technology" and "Cryptography"
although a good understanding of communications and protocols may be
enough.
Text book: William Stallings:
Cryptography and Network Security, Fifth edition. ISBN
0-13-705632-X. The same book will be used in the
Cryptography course. The
book will be followed to a large extent
during the lectures.
If you have an older edition, check
this
page
for
differences (there are no big differences).
The
book has a companion
web
page with useful links if you want to know more about a
subject.
The book also has online
chapters that are used in the course. You need the code
printed in
your book to access it.
An
alternative may be
to use the book Network Security Essentials, also
by William
Stallings. It contains almost the same chapters except for the
cryptography part. Although thinner, the price may be higher than the
ordinary course book.
The
course consists of
the following material:
- Course book
- Mandatory resources and articles listed below
- Material presented at lectures such as slides
- Reading related to the lab work
- ...
The reading list below provides more information about some topics for the interested. You don't need to study it for the exam. Some papers may explain things found on slides and presented at lectures in a different way which may be useful for your understanding. And some other topics are just additional reading for the very interested...
- ...
Lectures will be held:
- Mondays (not all, see below) 10:00 - 11:45 in HC4
- Wednesdays 13:15 - 15:00 in HC4 (HA1 week 2 and 5)
- Fridays 13:15 - 15:00 in HC4
The
following table
shows what
will be covered during each lecture.
The
table will be continuously updated during the course.
Also
please
note that the
slides provided before a lecture may
change - the final version
is
placed here after the lecture.
Lecture |
Week |
Day |
Topic |
Notes/slides |
||
1 |
1 |
Mon |
Course
introduction |
Chapter 1:
overview, types of
attacks |
||
2 |
1 |
Wed |
User
authentication |
* An analysis of the Radius protocol |
||
3 |
1 |
Fri |
Cryptography:
Symmetric/asymmetric crypto systems, X.509 certificates |
If
you
have
taken
the
crypto
course,
you
may
want
to
skip
this
lecture. |
||
4 |
2 |
Mon |
Identity management. Attack methods: network and port scanning, fingerprinting. |
Chapter 15.5: Identity
management. Chapter 1: Attack methods. Additional reading material for lecture 6 also describes various scan methods. |
||
5 |
2 |
Wed |
Security in
network layer: IP |
* Security
assessment of IP |
||
6 |
2 |
Fri |
Security in
transport
layer: TCP,
UDP, ICMP |
* Security
assessment
of
TCP (see reading instructions above) |
||
7 |
3 |
Wed |
DoS and DDoS
attacks |
Chapter 21.5:
DDoS (chapter 8
in Computer Security book better) |
||
8 |
3 |
Fri |
Firewalls |
Chapter 22: Firewalls (chapter
9 in
Computer Security book identical). |
||
9 |
4 |
Wed |
Screening
routers,
NAT
and
personal
firewalls |
* NAT router
security |
||
|
10 |
4 |
Fri |
SSL/TLS, cont'd |
SSL important for lab 3. |
|
11 |
5 |
Mon |
Guest
lecture
cancelled,
sorry. No lecture this day! |
|||
12 |
5 |
Wed |
802.11
WLAN
security,
WEP |
Chapter
17.1-2:
WLAN * Final nail in WEP's coffin |
||
13 |
5 |
Fri |
WLAN
Security,
cont'd:
802.1x,
WPA,
WPA2 |
Chapter 16.5: Secure Shell (SSH) * Understanding SSH port forwarding |
||
14 |
6 |
Mon |
Kerberos |
Chapter
14+15:
Kerberos
and
auth. Chapter 20.2: IDS systems |
||
15 |
6 |
Wed |
IPsec |
Chapter
19: IPsec |
||
16 |
6 |
Fri |
Spare,
no
lecture! |
|||
17 |
7 |
Mon |
Link-level
security:
VLAN |
|
||
18 |
7 |
Wed |
Guest
lecture:
CSE
firewall |
*
Security analysis of Windows Vista CSE firewall |
The
course will have
four practical lab sessions that are mandatory and
worth 1,5 hp/hec out of the total 7,5 hp/hec credits
for this
course.
More
information can be found on the lab home pages.
There
are four
lab sessions in the course:
- Using a network scanning tool (nmap) to see how a system responds and Wireshark to see how scanning is done. This assignment must be done in the lab since scanning and sniffing is not allowed on any other networks.
- Configuration of a Linux firewall using IPtables. You will configure some services such as web, DNS, ftp, etc., and also see how it can keep state of TCP connections. Your configuration will also be tested using nmap to see that it works as intended.
- The third assignment will be to work with SSL and to generate certificates. After the session, you should understand what level of security SSL and certificates give and what is required to set up a secure communication channel between a client and a server. This work can be done in the lab or elsewhere if you prefer.
- The fourth assignment will be to work with Snort, an IDS system and configure it to trigger alarms when suspicious traffic is found on the network.
Please note the following:
- All work should be done in groups of two persons (not one, not three). Register for lab groups in the student portal.
- The work will be done in the department's course lab, room 4220 and the lab can hold 20 groups at a time. Lists for bookings will be available during the lectures.
- Each assignment/experiment can be completed during one lab session provided you are well-prepared and arrive on time.
Well prepared means to read the lab PM and complete necessary tasks found in the PM before you arrive.
Note that the teaching assistants must approve your work in order to pass!
- Some work can be done elsewhere, but please note that scanning tools and sniffers may only be used in the lab!
- The lab will be available from week #3 to week #6 (see the table below).
There are three lab sessions with teaching assistants each week, you should visit one per week:
LAB 1:
nmap
Week 3: Monday 13-17
Week 3: Wednesday 17-21 Week 3: Friday 8-12
LAB 2:
Firewalls
Week 4: Monday 13-17 Week 4: Wednesday 17-21 Week 4: Friday 8-12
LAB 3:
SSL
Week 5: Monday 13-17 Week 5: Wednesday 17-21 Week 5: Friday 8-12
LAB 4:
IDS systems
Week 6: Monday 13-17 Week 6: Wednesday 17-21
Week 6: Friday 8-12
We have elected two students who will act as student representatives for this course. Please give them feedback during the course about what is good and bad. All comments that can be used to improve the course are welcome. Detailed info (for course representatives and the interested) can be found here.
Course representatives 2011 are:
...TBD...
The examination will be in English and, as always, you have to register for the exam.
No material is allowed at the exam except for an English dictionary in paper form (no electronic aids).
Examination dates are:
- December 13, 2010 at 14:00 - 18:00 in M building. Last date to register is November 26.
- April 26, 2011 at 14:00 - 18:00 in V building. Last date to register is April 11.
- August 25, 2011 at 8:30 - 12:30 in V building. No registration needed.
There are some old exams available, but please note that in order to save space, the answers provided here are much shorter than required on the real exam. Make sure that you clearly explain your thoughts, we can not guess what you intend to say!
Also please note that the course contents and focus change somewhat each year, so read older exams with care!