Network Security  2017-2018

EDA491 / DIT071

• NEWS
• TEACHERS
• GENERAL COURSE INFO
• READING MATERIAL
• LECTURES
• LABORATORY WORK
• EXAMINATION

  

News

2018-06-26    Inspection of exams can be done Thursday June 28 at 11:30-12:00 in room EDIT 4128.

                        If you cannot make it this time, the exams will be available at the department's student office on

                        the 4th floor in the EDIT building during office hours (with limitations during the summer). If you

                        have questions, write them in an email and send to me and leave the exam at the student office

                        for me to have another look.

2018-06-15    There will be an opportunity to examine the exams some time during the week starting with June 25
                        (week 26). Details will come!

2018-06-14    Exams for Chalmers students were reported early this week. GU results are delayed due to using a Beta
                        version of Ladok 3 and some problems with it. (Chalmers uses an official release of Ladok 3.)
                        The GU results is expected to be available on Friday or no later than Monday next week.

2018-05-16    Opportunity for traineeship at EURCONTOL lasting minimum 6 months to maximum 12 months to support setting up the European Air Traffic Management Computer Emergency Response Team (EATM-CERT - www.eurocontrol.int/eatm-cert). Work will be done in Brussels. For more info and application, see doc1, doc2, doc3.

2018-05-08    There will be an final lab session on Thursday morning May 24. Please note that this is the only remaining

                       lab session this year, next opportunity will be spring 2019, so use it if you are not finished with your work!

2018-03-22    PingPong pages for lab group registrations is now open. It is also possible to book lab sessions now.

2018-03-20    It seems like books are available from some web shops such as adlibris.com.

2018-03-06    We have just been notified by Cremona that the publisher Pearson Education cannot deliver the course books. The book is recommended (not mandatory) and in the past around 50% have bought the book. We have talked to our library and they will try to purchase some books, however they share the same problem with obtaining them and will likely get just a few copies. The alternative if you want a course book is to try to find one at Amazon or from other bookstores abroad. It is also possible to buy an e-book, for example from Bokus.com (price  364 SEK). It may also be an option to ask older students about borrowing or buying their books. More information will come at the course start.

Teachers

Tomas Olovsson - tomas.olovsson@...   (teacher, course responsible)
Thomas Rosenstatter - thomas.rosenstatter@...   (teaching assistant, main contact for lab-related issues)
Carlo Brunetta - brunetta@...  (teaching assistant)

Georgia Tsaloli - tsaloli@...  (teaching assistant)

Nasser Nowdehi (teaching assistant)

Course information

This course is part of a security specialization offered by the department which consists of four courses:
Computer security, Network security, Language-based security and  Cryptography.
 
We begin the course by looking at weaknesses that have plagued networked systems for years. We then continue with countermeasures like firewalls and security protocols such as SSL/TLS, SSH and IPsec and investigate in detail what makes them secure. The course also gives a survey of cryptographic tools and explains how they can be utilized in protocols and applications, for example how to provide secure user authentication over a public network.

Knowledge about possible threats and countermeasures is important not only for the network security specialist but also for application programmers and everyone else who wants to understand what level of security a system and an application can offer. By knowing the problems, future systems can be designed to be much more secure and reliable than today. 
This course covers the underlying principles and techniques for network and communication security. Practical examples of security problems and principles for countermeasures are given. The course also surveys cryptographic and other tools used to provide security and reviews how these tools are utilized in protocols and applications.

Prerequisites for this course are good knowledge of communication principles and protocols (TCP, IP, ICMP, ARP, etc.). You must have taken at least one communications course before this course. We also recommend that you have taken the course Computer Security which shows how to think regarding security and discusses security issues in a wider perspective. Other relevant courses are Computer Networks and Cryptography which will make some topics easier to understand.

The course consists of a series of lectures and laborative exercises. The laborative exercises focus on network scanning, building firewalls, configuration of an intrusion detection system (IDS) and practical work with analyzing the SSL/TLS protocol. The course ends with a written exam. To pass the course, the exam must be passed and all laborative exercises must be completed.

Reading material

   
The course consists of the following material:
 

Text book

William Stallings: Cryptography and Network Security, seventh edition ISBN 978-1-292-15858-7 or sixth edition ISBN 978-0-273-79335-9. The difference is that in the latest edition chapter 17.3 about TLS does not exist but has been integrated with the rest of the text in chapter 17.

This book is shared with the Cryptography course. The book is to a large extent followed during the lectures, but some topics are missing or not deep enough so additional material is used in some lectures, see reading list below.

The book has a companion web page with student resources and useful links if you want to know more about a subject. There is an errata sheet for the book that you may want to check, and the book also has online chapters that are used in the course. You need the code printed in your book to access them.
 
It is also possible to use the book Network Security Essentials, also by William Stallings. It contains the same chapters but the cryptography part is omitted. Although it is almost half the size, the price is almost the same as for the full book. The book is also available as an e-book, ISBN 978-0-273-79376-2.

 

Mandatory reading

The course book lacks information about certain topics. The following papers are therefore an integral part of the course and will be part of the exam. Some links go to research papers published by IEEE and ACM and can only be downloaded from the Chalmers network. These papers describe interesting and important security aspects and will also introduce you to research papers in the area, and reading such papers will be important for you in your future career. Please not that the list will be updated during the course. Information about future, upcoming, lectures is preliminary and may change.

 

• Introduction: CAPEC - Mitre's web page with different categories/mechanisms of attacks. Look at the different mechanisms (open them) and study the types of attacks that they have identified. Many of them will be further investigated in the course. This is a very good summary of different problems we are up against!
  
  Also look at sectools.org where they list the top 125 network security tools. Many of them will be discussed in the course.
   
• User Authentication: Authentication: Joshua Hill, Bugtraq mailing list, 12 November 2001: An Analysis of the RADIUS Authentication Protocol (ignore 4.2 about protocol improvements). It is a very old paper but still relevant. Read it to see how a protocol is analyzed - it is the methodology that is important although Radius is a widely used protocol.
   
• Network layer security (IP): Security assessment of the IP protocol, RFC 6274, which is created from a paper published by Centre of Protection of National Infrastructure CPNI in the U.K (a slightly older original with nicer formatting  is available here). It is the general understanding that is important and what types of vulnerabilities there are, not the exact details about number of bytes, etc.You can skip chapter 3.13 (options), 3.14 (DiffServ) and 3.15 (ECN) - the last two are only available in the CPNI PDF document.
   
  

• Transport layer security (TCP): Security assessment of the TCP Protocol from CPNI and now an Internet draft (work in progress). The original with nicer formatting can be downloaded from here (read only chapter 5 to 8, 12 and 14). IETF have also published slides summarizing the RFC (voluntary reading).
   
• Firewalls: NAT router security solutions, tips and tricks. A nice web page explaining what security we can expect to get from using a NAT router/gateway as a firewall.
   
• WLANs: The final nail in WEP's coffin (good overview of WEP insecurity and how to analyze a protocol). Copyrighted, only accessible from Chalmers network.
   
• Link layer security: Kiravuo, et.al: A Survey of Ethernet LAN Security, IEEE Communication Surveys & Tutorials, Vol 15, No. 3, 2013.
   
• A report from Symantec summarizing many of the security problems we have seen in this course: A security analysis of Windows Vista's network implementation. Read page 1-11, 16-22, 24-25 and page 28. This paper is a good test that you have understood many of the topics discussed in the course. Although Windows Vista is old, the same protocol stack is used in Windows 10 and it shows the types of mistakes people do when they implement protocols.

   

 

Voluntary reading - if you want to know more about a topic

The reading list below provides more information about some topics for the interested. You don't need to study it for the exam. Some papers may explain things presented at lectures in a different way, something that may be useful for your understanding. And some other topics are just additional reading for the interested. Square bullets are used for published research articles in the field:
 
 
 

Lectures

Lectures will be held:

• Tuesdays 13:15 - 15:00, HC3
• Thursdays 13:15 - 15:00, HC3
• Fridays 13:15 - 15:00, HC3

Not all lecture times will be used, please see the schedule below for exact details.

The table also shows what will be covered during each lecture and will be continuously updated during the course. There will most likely be some day and topic changes so please check the table regularly. Links to slides are placed in this table.

Slides from the lectures will be available for download before the lecture, but please note that minor changes should be expected in the final version placed here shortly after each lecture (fixed typos, etc.)

 

Laboratory work

The course will have four practical lab sessions that are mandatory and worth 1,5 out of the total 7,5 credits for this course. More information can be found in PingPong on the lab home pages.

To book a session in the lab, add your group number to the shared booking list found on the PinPong lab pages. Please be careful to not destroy the document since we all depend on its contents. There is no need to save the document, all changes are applied immediately. You can also send an email to the TA responsible for the labs to request a booking.

There are four lab sessions in the course:


Please note the following:

• All work should be done in groups of two persons (not one, not three).  Register for lab groups in PingPong.
• The work will be done in the department's course lab, room 4225.
• Each assignment can be completed during one lab session provided you are well-prepared and arrive on time. Well prepared means to read the lab PM, understand what tools should be used and complete necessary preparation tasks in the PM before you arrive. There is no time to read the documentation for, for example, nmap or Snort during the lab session and be able to finish the work the same day.
• Teaching assistants must approve your work after each session in order to pass.
• Some work can be done elsewhere, but please note that scanning tools and sniffers may only be used in the lab!

There are several lab sessions with teaching assistants each week. You have to visit one for each assignment:

Course Representatives

We have elected students who will act as student representatives for this course. Please give them feedback during the course about what is good and bad. All comments that can be used to improve the course are welcome. Detailed info for course representatives (and all other interested) can be found at Chalmers web.

Course representatives for 2018 are:

Examination

Signing up for written hall examinations is mandatory. If you haven’t signed up, you will not be able allowed to take the exam and will have to wait until the next re-sit examination period. 

GU students:
You find information about how to and when to sign up on the CSE’s pages on the GU Student Portal:

https://studentportal.gu.se/english/my-studies/cse/Examination/

 
Chalmers students:
You find the information about how to and when to sign up on the Student Portal at Chalmers:
https://student.portal.chalmers.se/en/chalmersstudies/Examinations/Pages/how-to-sign-up.aspx

The examination will be in English and the grades are 3, 4, and 5 (for GU G, VG) and based on the exam. In addition, all laboratory work including the written report must also be passed. No material is allowed at the exam except for an English dictionary in paper form (no electronic aids).

Examination dates are:

Below you can find links to old exams, but please note that in order to save space, the answers provided here are shorter than what is required on the real exam. Make sure that you clearly explain your thoughts, we cannot guess what you intend to say! Also please note that the course contents and focus change somewhat each year, so read older exams with some care!
 
Exam May 2016
Exam Aug 2016
Exam Oct 2016

Exam May 2017
Exam Aug 2017
Exam Oct 2017