Network Security  2014-2015

EDA491 / DIT071



2015-09-14    Inspection of re-exam: Wednesday Sept 16, 11:30 - 12:00 in room EDIT 4128. If you cannot make it this
                        time, you can visit the student office at the department,
room 4482 Mon-Thu during semesters.
                        Your exams are stored there for at least one year.
If you have any questions, leave the exam there
                        (don't take it away)
and send me an email with your question and we will look at it.
2015-07-18    Inspection of exams: Friday June 26 at 11:30-12:00 in room EDIT 5128.
2015-05-26    NOTE: Unfortunately Jonas Abrahamsson has problems to come and give the guest lecture today.
                       I will therefore give the final lecture scheduled for Thursday today as well.
                       The exact same lecture is given on Thursday as scheduled.
2015-05-07    To compensate for computer problems in the lab last Tuesday, we have added Tuesday week 7 to
                        the lab schedule. Book it only if needed, it is the last opportunity to finish the labs this year!
2015-05-05    Make sure you are well prepared for the SSL lab. Then it will take 4 hours, else...  !
2015-03-31    Lab bookings can be done by editing a shared document, see lab section below.
2015-02-10    Pages updated for study year 2014-2015


Tomas Olovsson - tomas.olovsson @ chalmers...  (teacher, course responsible)
Aljoscha Lautenbach - aljoscha @ chalmers...  (lab assistant, main contact for lab-related issues)
Behrooz Sangchoolie -  lab assistant
Johannes Weschke - lab assistant

Course information

This course is part of a security specialization offered by the department which consists of four courses:
Computer security, Network security, Language-based security and  Cryptography.
We begin the course by looking at weaknesses that have plagued networked systems for years. We then continue with countermeasures like firewalls and security protocols such as SSL, SSH and IPsec and investigate in detail what makes them secure. The course also gives a survey of cryptographic tools and explains how they can be utilized in protocols and applications, for example how to provide secure user authentication over a public network.

Knowledge about possible threats and countermeasures is important not only for the network security specialist but also for application programmers and everyone else who wants to understand what level of security a system and an application can offer. By knowing the problems, future systems can be designed to be much more secure and reliable than today. 
This course covers the underlying principles and techniques for network and communication security. Practical examples of security problems and principles for countermeasures are given. The course also surveys cryptographic and other tools used to provide security and reviews how these tools are utilized in protocols and applications.

Prerequisites for this course are good knowledge of communication principles and protocols (TCP, IP, ICMP, ARP, etc.). You must have taken at least one communications course before this course. We also recommend that you have taken the course Computer Security which shows how to think regarding security and discusses security issues in a wider perspective. Other relevant courses are Computer Networks and Cryptography which will make some topics easier to understand.

The course consists of a series of lectures and laborative exercises. The laborative exercises focus on network scanning, building firewalls, configuration of an intrusion detection system (IDS) and practical work with analyzing the SSL protocol. The course ends with a written exam. To pass the course, the exam must be passed and all laborative exercises must be completed.

Reading material

The course consists of the following material:

Text book

BookWilliam Stallings: Cryptography and Network Security, Sixth edition. ISBN 978-0-273-79335-9.  This book is shared with the Cryptography course. The book will be followed to a fairly large extent during the lectures, but additional material will be used for some lectures, see below.

If you have the previous edition of the book (ed. 5), it is still very usable but chapter 16 about Network access control and Cloud security does not exist.

The book has a companion web page with student resources and useful links if you want to know more about a subject. There is also an errata sheet for the book that you may want to check.The book also has online chapters that are used in the course. You need the code printed in your book to access them.

It is also possible to use the book Network Security Essentials, also by William Stallings. It contains almost the same chapters except for the cryptography part which is omitted. Although thinner, the price is almost the same as the ordinary  course book.


Mandatory reading

The course book lacks information about certain topics. The following papers are therefore an integral part of the course and will be part of the exam. Some links go to research papers published by IEEE and ACM and can only be downloaded from the Chalmers network. These papers describe interesting and important security aspects and will also introduce you to research papers in the area, and reading such papers will be important for you in your future career. Please not that the list will be updated during the course. Information about future, upcoming, lectures is preliminary and may change.



Voluntary reading - if you want to know more about a topic

The reading list below provides more information about some topics for the interested. You don't need to study it for the exam. Some papers may explain things presented at lectures in a different way, something that may be useful for your understanding. And some other topics are just additional reading for the interested. If you find other relevant papers you would like to share, please let me know and I will consider them for inclusion!

Scanning and tools:





Link-level security, DNSsec, etc.:

Remote access:

Security, general:

News announcements and security magazines. These resources can be useful for you in the future:


Lectures will be held:

Not all lecture times will be used, please see the schedule below for exact details. The table also shows what will be covered during each lecture and will be continuously updated during the course. There will most likely be some day and topic changes so please check the table regularly. Links to slides are placed in this table.

Slides from the lectures will be available for download before the lecture, but please note that minor changes should be expected in the final version placed here after the lecture (fixed typos, etc.)

Lecture Week Day Topic Additional
Notes and
Links to slides

(w. 13)
Tue Course introduction
Network security, general concepts

Course information
1. Introduction

1 Thu User authentication, Radius yes Chapter 15
2. User authentication

1 Fri Cryptography: Symmetric/asymmetric crypto-systems, hash functions, etc.
Chapter 14
3. Cryptography
If you have taken the cryptography course, you may want to skip this lecture.

2 Tue Identity management
Network layer security: IP, ICMP
yes 4. Network layer security

2 Thu Transport layer security: TCP, UDP yes 5. Transport layer security

(w. 17)
Tue DoS and DDoS attacks   Chapter 21.10 (online): DDoS
6. DoS and DDoS attacks

3 Thu Firewalls   Chapter 23: Firewalls, online chapter (Chapter 9.1-9.5 in the Computer Security course-book is identical)
7. Firewalls

3 Fri Firewalls cont'd: screening routers,
NAT and personal firewalls

4 Tue
SSL/TLS   Chapter 17: SSL/TLS
(important for lab 3)

5 Tue 802.11 WLAN security: WEP yes Chapter 18 WLAN
5 Thu WLAN Security: 802.11i, WPA, WPA2
Secure Shell (SSH)
  Chapter 16.3: 802.1x
Chapter 17.5: Secure Shell (SSH)
10. SSH

(w. 20)
Tue IDS Systems
  Chapter 22.2: IDS systems
Chapter 15.1-4: Kerberos
11. IDS Systems
12. Kerberos

7 Tue
Kerberos, cont'd
   Chapter 20: IPsec
13. IPsec
7 Thu Link-level security, switches and VLANs yes  Chapter 16.1
14. Link-level security

7 Fri VPN systems, Remote access and Cloud security

Chapter 16.4-7
15. VPN and cloud security

8 Tue Guest lecture cancelled.
Course summary, old exams

8 Thu Course summary, old exams (repeated) yes 16. Course summary
Extra: The Logjam attack

8 Fri Spare - not used!


Laboratory work

The course will have four practical lab sessions that are mandatory and worth 1,5 out of the total 7,5 credits for this course. More information can be found in PingPong on the lab home pages.

To book a session in the lab, edit the shared booking list by following this link. Please be careful to not destroy the document since we all depend on its contents. There is no need to save the document, all changes are applied immediately. Also note that there are four pages, one per week. You can also send an email to the TA responsible for the labs to request a booking.

There are four lab sessions in the course:

  1. Using a network scanning tool (nmap) to see how a system responds and Wireshark to see how scanning is done. This assignment must be done in the lab since scanning and sniffing is not allowed on any other networks.
  2. Configuration of a Linux firewall using IPtables. You will configure some services such as web, DNS, ftp, etc., and also see how it can keep state of TCP connections. Your configuration will also be tested using nmap to see that it works as intended. Your configuration and results should after the lab session be summarized in a written report.
  3. The third assignment will be to work with SSL and to generate certificates. After the session, you should understand what level of security SSL and certificates give and what is required to set up a secure communication channel between a client and a server. This work can be done in the lab or elsewhere if you prefer.
  4. The fourth assignment will be to work with Snort, an IDS system and configure it to trigger alarms when suspicious traffic is found on the network.

Please note the following:

There are three lab sessions with teaching assistants each week. You have to visit one for each assignment:

Monday 08:00 - 11:45 Tuesday 17:15 - 21:00 Thursday 08:00 - 11:45
Week 3

(w. 17)  
LAB 1 - nmap
LAB 1 - nmap LAB 1 - nmap
Week 4

LAB 2 - Firewalls LAB 2 - Firewalls LAB 2 - Firewalls
Week 5

Week 6

LAB 4 - IDS systems LAB 4 - IDS systems Holiday

Week 7
LAB 4 - IDS systems  Extra time to compensate for Tuesday week 5 and to catch up if needed.

Course Representatives

We have elected students who will act as student representatives for this course. Please give them feedback during the course about what is good and bad. All comments that can be used to improve the course are welcome. Detailed info for course representatives (and all other interested) can be found at Chalmers web.

Course representatives for 2015 are:
MPALG:      Jockum Svanberg   jockum.svanberg AT gmail...
MPCSN:     Shoga Zerihun         shogaz AT student....
MPCSN:     Marvin Ngoma         ngoma AT student....
GU:             Akram Beygi           gusbeyak AT student....
MPCOM:    Tore Stenbock         stenbock AT student.... 


The examination will be in English and, as always, you have to register for the exam. The grades are 3, 4, and 5 (for GU G, VG) and based on the exam. In addition, all laboratory work including the written report must also be passed. No material is allowed at the exam except for an English dictionary in paper form (no electronic aids).

Examination dates are:

Below you can find links to old exams, but please note that in order to save space, the answers provided here are shorter than what is required on the real exam. Make sure that you clearly explain your thoughts, we cannot guess what you intend to say! Also please note that the course contents and focus change somewhat each year, so read older exams with some care!
Exam May 2013
Exam Aug 2013
Exam Jan 2014

Exam May 2014
Exam Aug 2014
Exam April 2015

Exam June 2015
Exam Aug  2015