Network Security  2016-2017

EDA491 / DIT071





  

News



2017-06-22    Ph.D. position in vehicular security at KTH in Stockholm now open for applications.
2017-06-20    Inspection of exams can be done Wednesday June 28 at 11:30-12:00 in room EDIT 5128.
                        If you cannot make it this time, the exam is stored in the departments "expedition" where you can
                        review it during their opening hours. If there are any questions, please just send me an email.
                        Have a nice summer :-)
2017-05-23    The last page on the exam will look like this and contain information which may be useful
2017-05-18    Final catch-up session in the lab: Tuesday, May 23, 17:15 - 21:00
2017-05-16    Lectures will continue as scheduled. There is some slack in the remaining lectures and it should be
                        possible to catch up with the missing material without scheduling another lecture.
2017-05-11    Due to a cold and lost voice, today's lecture has to be cancelled. Sorry for that!
2017-03-23    Slide #6 (Rainbow tables) was missing in lecture 2 - if you downloaded slides before lecture, please update.
2017-02-07    Change: no lecture Friday week 1 (spare lecture used instead)


Teachers


Tomas Olovsson - tomas.olovsson@...   (teacher, course responsible)
Aljoscha Lautenbach - aljoscha@...   (teaching assistant, main contact for lab-related issues)
Boel Nelson -  boeln@...  (teaching assistant)
Thomas Rosenstatter - thomas.rosenstatter@ ...   (teaching assistant)
Charalampos Stylianopoulos - chasty@...  (teaching assistant)
Carlo Brunetta brunetta@...  (teaching assistant
Nasser Nowdehi  (teaching assistant)



Course information


This course is part of a security specialization offered by the department which consists of four courses:
Computer security, Network security, Language-based security and  Cryptography.
 
We begin the course by looking at weaknesses that have plagued networked systems for years. We then continue with countermeasures like firewalls and security protocols such as SSL/TLS, SSH and IPsec and investigate in detail what makes them secure. The course also gives a survey of cryptographic tools and explains how they can be utilized in protocols and applications, for example how to provide secure user authentication over a public network.

Knowledge about possible threats and countermeasures is important not only for the network security specialist but also for application programmers and everyone else who wants to understand what level of security a system and an application can offer. By knowing the problems, future systems can be designed to be much more secure and reliable than today. 
This course covers the underlying principles and techniques for network and communication security. Practical examples of security problems and principles for countermeasures are given. The course also surveys cryptographic and other tools used to provide security and reviews how these tools are utilized in protocols and applications.

Prerequisites for this course are good knowledge of communication principles and protocols (TCP, IP, ICMP, ARP, etc.). You must have taken at least one communications course before this course. We also recommend that you have taken the course Computer Security which shows how to think regarding security and discusses security issues in a wider perspective. Other relevant courses are Computer Networks and Cryptography which will make some topics easier to understand.

The course consists of a series of lectures and laborative exercises. The laborative exercises focus on network scanning, building firewalls, configuration of an intrusion detection system (IDS) and practical work with analyzing the SSL/TLS protocol. The course ends with a written exam. To pass the course, the exam must be passed and all laborative exercises must be completed.


Reading material

   
The course consists of the following material:
 
 

Text book


BookWilliam Stallings: Cryptography and Network Security, seventh edition ISBN 978-1-292-15858-7 or sixth edition ISBN 978-0-273-79335-9. The main difference is that in the latest edition chapter 17.3 about TLS does not exist but has been integrated with the rest of the text in chapter 17.

This book is shared with the Cryptography course. The book is to a large extent followed during the lectures, but some topics are missing or not deep enough so additional material is used in some lectures, see reading list below.

The book has a companion web page with student resources and useful links if you want to know more about a subject. There is an errata sheet for the book that you may want to check, and the book also has online chapters that are used in the course. You need the code printed in your book to access them.
 
It is also possible to use the book Network Security Essentials, also by William Stallings. It contains the same chapters but the cryptography part is omitted. Although it is almost half the size, the price is almost the same as for the full book.

 

Mandatory reading


The course book lacks information about certain topics. The following papers are therefore an integral part of the course and will be part of the exam. Some links go to research papers published by IEEE and ACM and can only be downloaded from the Chalmers network. These papers describe interesting and important security aspects and will also introduce you to research papers in the area, and reading such papers will be important for you in your future career. Please not that the list will be updated during the course. Information about future, upcoming, lectures is preliminary and may change.

     

 

Voluntary reading - if you want to know more about a topic


The reading list below provides more information about some topics for the interested. You don't need to study it for the exam. Some papers may explain things presented at lectures in a different way, something that may be useful for your understanding. And some other topics are just additional reading for the interested. Square bullets are used for published research articles in the field:
 
Authentication:
 
Cryptography:

Tools:
 
Weaknesses:

Firewalls:

SSL/TLS, SSH:

IPsec
:

WLAN:

Link-level security, DNSsec, etc.:

Remote access:

Security, general:

News announcements and security magazines. These resources can be useful for you in the future:
 
 

Lectures


Lectures will be held:


Not all lecture times will be used, please see the schedule below for exact details. The table also shows what will be covered during each lecture and will be continuously updated during the course. There will most likely be some day and topic changes so please check the table regularly. Links to slides are placed in this table.

Slides from the lectures will be available for download before the lecture, but please note that minor changes should be expected in the final version placed here shortly after each lecture (fixed typos, etc.)


Lecture Week Day Topic Additional
reading
Notes and
links to slides

1
 
1
(w.12)
Tue Course introduction
Network security, general concepts

Course info
1. Intro Network Security

2
 
1 Thu User authentication, Radius yes Chapter 15
2. User authentication

3
 
2 Tue Cryptography: Symmetric/asymmetric cryptosystems, hash functions, etc.
Chapter 14, 10.1,
If you have taken the cryptography course, you may want to skip this lecture.
3. Cryptography

4
 
2 Thu Network layer security: IP, ICMP yes
4. Network layer security

 
5
 
2 Fri Transport layer security: TCP, UDP yes 5. Transport layer security

6
 
3 Tue DoS and DDoS attacks
Chapter 21.11 (online): DDoS
6. DoS attacks

7
 
3 Thu Firewalls
Chapter 23: Firewalls, online chapter (Chapter 9 in the Computer
 Security course-book is identical)

 w.15-16
Easter


8
 
4
(w.17)
Tue
Firewalls cont'd: Main border,
NAT and personal firewalls
SSL/TLS introduction.
yes  7. Firewalls

9
  
4 Fri (!) SSL/TLS cont'd
Chapter 17: SSL/TLS
8. SSL/TLS
 
10
 
5 Tue 802.11 WLAN security: WEP yes Chapter 18 WLAN
9. WLAN
11
  
5  
Thu
 
WLAN Security: 802.11i, WPA, WPA2
Secure Shell (SSH)

Chapter 16.3: 802.1x
Chapter 17.4: Secure Shell (SSH)
10. SSH

12
  
6 Tue IDS Systems, Kerberos
Chapter 22.2: IDS systems
Chapter 15.1-4: Kerberos
11. IDS Systems
12. Remote Authentication

13
 
6 Thu
(Kerberos, cont'd)
(IPsec)


 
14
 
7 Tue Kerberos, IPsec yes Chapter 20: IPsec
13. IPsec

15
 
7 Thu Link-level security, switches and VLANs. VPN systems

Chapter 16.1-2
14. Link-level security
Chapter 16.4-8
15. VPN systems and network architecture

16
 
7 Fri Guest lecture. Vesa Virta from FRA will talk about their work and do a live demonstration of network attacks.



17
 
8 Tue VPN systems and network architecture.
Course summary, old exams
yes  16. Course summary


 

Laboratory work


The course will have four practical lab sessions that are mandatory and worth 1,5 out of the total 7,5 credits for this course. More information can be found in PingPong on the lab home pages.

To book a session in the lab, edit the shared booking list by following this link. Please be careful to not destroy the document since we all depend on its contents. There is no need to save the document, all changes are applied immediately. Also note that there are four pages, one per week. You can also send an email to the TA responsible for the labs to request a booking.

There are four lab sessions in the course:

  1. Using a network scanning tool (nmap) to see how a system responds and Wireshark to see how scanning is done. This assignment must be done in the lab since scanning and sniffing is not allowed on any other networks.
     
  2. Configuration of a Linux firewall using Netfilter / IPtables. You will configure some services such as web, DNS, ftp, etc., and also see how it can keep state of TCP connections. Your configuration will also be tested using nmap to see that it works as intended. Your configuration and results should after the lab session be summarized in a written report.
     
  3. The third assignment will be to work with SSL/TLS and to generate certificates. After the session, you should understand what level of security SSL/TLS and certificates give and what is required to set up a secure communication channel between a client and a server. This work can be done in the lab or elsewhere if you prefer.
     
  4. The fourth assignment will be to work with Snort, an IDS system and configure it to trigger alarms when suspicious traffic is found on the network.

Please note the following:



There are three lab sessions with teaching assistants each week. You have to visit one for each assignment:


Monday 08:00 - 11:45 Tuesday 17:15 - 21:00 Thursday 08:00 - 11:45
 
Week 3


LAB 1 - nmap
LAB 1 - nmap LAB 1 - nmap
Easter


 
Week 4

 
LAB 2 - Firewalls LAB 2 - Firewalls LAB 2 - Firewalls




 
Week 6

 
LAB 3 - SSL/TLS
LAB 3 - SSL/TLS LAB 3 - SSL/TLS
 
Week 7

 
LAB 4 - IDS systems LAB 4 - IDS systems LAB 4 - IDS systems




Course Representatives


We have elected students who will act as student representatives for this course. Please give them feedback during the course about what is good and bad. All comments that can be used to improve the course are welcome. Detailed info for course representatives (and all other interested) can be found at Chalmers web.

Course representatives for 2017 are:
Claudia Castillo                 MPALG        clacas@student...
Oscar Aspestrand            MPCOM       asoscar@student...
Artur Niederfahrenhorst    Erasmus     arturn@student...
Joel Andersson                 MPCSN       joeland@student...



Examination


The examination will be in English and, as always, you have to register for the exam. The grades are 3, 4, and 5 (for GU G, VG) and based on the exam. In addition, all laboratory work including the written report must also be passed. No material is allowed at the exam except for an English dictionary in paper form (no electronic aids).

Examination dates are:
 
Below you can find links to old exams, but please note that in order to save space, the answers provided here are shorter than what is required on the real exam. Make sure that you clearly explain your thoughts, we cannot guess what you intend to say! Also please note that the course contents and focus change somewhat each year, so read older exams with some care!
 
Exam June 2015
Exam Aug  2015
Exam April 2016

Exam May 2016
Exam Aug 2016
Exam Oct 2016

Exam May 2017
Exam Aug 2017
Exam Oct 2017