Network Security  2017-2018

EDA491 / DIT071



2018-06-26    Inspection of exams can be done Thursday June 28 at 11:30-12:00 in room EDIT 4128.
                        If you cannot make it this time, the exams will be available at the department's student office on
                        the 4th floor in the EDIT building during office hours (with limitations during the summer). If you
                        have questions, write them in an email and send to me and leave the exam at the student office
                        for me to have another look.

2018-06-15    There will be an opportunity to examine the exams some time during the week starting with June 25
                        (week 26). Details will come!

2018-06-14    Exams for Chalmers students were reported early this week. GU results are delayed due to using a Beta
                        version of Ladok 3 and some problems with it. (Chalmers uses an official release of Ladok 3.)
                        The GU results is expected to be available on Friday or no later than Monday next week.

2018-05-16    Opportunity for traineeship at EURCONTOL lasting minimum 6 months to maximum 12 months to support setting up the European Air Traffic Management Computer Emergency Response Team (EATM-CERT - Work will be done in Brussels. For more info and application, see doc1, doc2, doc3.

2018-05-08    There will be an final lab session on Thursday morning May 24. Please note that this is the only remaining
                       lab session this year, next opportunity will be spring 2019, so use it if you are not finished with your work!

2018-03-22    PingPong pages for lab group registrations is now open. It is also possible to book lab sessions now.

2018-03-20    It seems like books are available from some web shops such as

2018-03-06    We have just been notified by Cremona that the publisher Pearson Education cannot deliver the course books. The book is recommended (not mandatory) and in the past around 50% have bought the book. We have talked to our library and they will try to purchase some books, however they share the same problem with obtaining them and will likely get just a few copies. The alternative if you want a course book is to try to find one at Amazon or from other bookstores abroad. It is also possible to buy an e-book, for example from (price  364 SEK). It may also be an option to ask older students about borrowing or buying their books. More information will come at the course start.


Tomas Olovsson - tomas.olovsson@...   (teacher, course responsible)
Thomas Rosenstatter - thomas.rosenstatter@...   (teaching assistant, main contact for lab-related issues)
Carlo Brunetta - brunetta@...  (teaching assistant)
Georgia Tsaloli - tsaloli@...  (teaching assistant)
Nasser Nowdehi (teaching assistant)

Course information

This course is part of a security specialization offered by the department which consists of four courses:
Computer security, Network security, Language-based security and  Cryptography.
We begin the course by looking at weaknesses that have plagued networked systems for years. We then continue with countermeasures like firewalls and security protocols such as SSL/TLS, SSH and IPsec and investigate in detail what makes them secure. The course also gives a survey of cryptographic tools and explains how they can be utilized in protocols and applications, for example how to provide secure user authentication over a public network.

Knowledge about possible threats and countermeasures is important not only for the network security specialist but also for application programmers and everyone else who wants to understand what level of security a system and an application can offer. By knowing the problems, future systems can be designed to be much more secure and reliable than today. 
This course covers the underlying principles and techniques for network and communication security. Practical examples of security problems and principles for countermeasures are given. The course also surveys cryptographic and other tools used to provide security and reviews how these tools are utilized in protocols and applications.

Prerequisites for this course are good knowledge of communication principles and protocols (TCP, IP, ICMP, ARP, etc.). You must have taken at least one communications course before this course. We also recommend that you have taken the course Computer Security which shows how to think regarding security and discusses security issues in a wider perspective. Other relevant courses are Computer Networks and Cryptography which will make some topics easier to understand.

The course consists of a series of lectures and laborative exercises. The laborative exercises focus on network scanning, building firewalls, configuration of an intrusion detection system (IDS) and practical work with analyzing the SSL/TLS protocol. The course ends with a written exam. To pass the course, the exam must be passed and all laborative exercises must be completed.

Reading material

The course consists of the following material:

Text book

BookWilliam Stallings: Cryptography and Network Security, seventh edition ISBN 978-1-292-15858-7 or sixth edition ISBN 978-0-273-79335-9. The difference is that in the latest edition chapter 17.3 about TLS does not exist but has been integrated with the rest of the text in chapter 17.

This book is shared with the Cryptography course. The book is to a large extent followed during the lectures, but some topics are missing or not deep enough so additional material is used in some lectures, see reading list below.

The book has a companion web page with student resources and useful links if you want to know more about a subject. There is an errata sheet for the book that you may want to check, and the book also has online chapters that are used in the course. You need the code printed in your book to access them.
It is also possible to use the book Network Security Essentials, also by William Stallings. It contains the same chapters but the cryptography part is omitted. Although it is almost half the size, the price is almost the same as for the full book. The book is also available as an e-book, ISBN 978-0-273-79376-2.


Mandatory reading

The course book lacks information about certain topics. The following papers are therefore an integral part of the course and will be part of the exam. Some links go to research papers published by IEEE and ACM and can only be downloaded from the Chalmers network. These papers describe interesting and important security aspects and will also introduce you to research papers in the area, and reading such papers will be important for you in your future career. Please not that the list will be updated during the course. Information about future, upcoming, lectures is preliminary and may change.



Voluntary reading - if you want to know more about a topic

The reading list below provides more information about some topics for the interested. You don't need to study it for the exam. Some papers may explain things presented at lectures in a different way, something that may be useful for your understanding. And some other topics are just additional reading for the interested. Square bullets are used for published research articles in the field:






Link-level security, DNSsec, etc.:

Remote access:

Security, general:

News announcements and security magazines. These resources can be useful for you in the future:


Lectures will be held:

Not all lecture times will be used, please see the schedule below for exact details.

The table also shows what will be covered during each lecture and will be continuously updated during the course. There will most likely be some day and topic changes so please check the table regularly. Links to slides are placed in this table.

Slides from the lectures will be available for download before the lecture, but please note that minor changes should be expected in the final version placed here shortly after each lecture (fixed typos, etc.)

Lecture SP week Day Topic Additional
Notes and
links to slides
Tue Course introduction
Network security, general concepts

0. Course information
1. Intro to network security

1 Thu Network layer security: IP, ICMP yes 2 Network layer security

1 Fri Transport layer security: TCP, UDP yes 3.Transport layer security

2 Tue DoS and DDoS attacks
Chapter 21.11 (online): DDoS
4 DoS attacks


(w. 15)
Tue Firewalls
Chapter 23: Firewalls, online chapter (Chapter 9 in the Computer  Security course-book is identical)
5. Firewalls

4 Tue Firewalls cont'd: Main border FW, NAT. yes 6. There are no slides numbered #6 - it seems like I cannot count...

4 Thu Cryptography: Symmetric/asymmetric cryptosystems, hash functions, HMAC, etc.
Chapter 14, 10.1
If you have taken the cryptography course, you may want to skip this lecture.
7. Cryptography

SSL/TLS yes Chapter 17: SSL/TLS

5 Tue Guest Lecture:
Vesa Virta from FRA, the National Defence Radio Establishment demonstrates live hacking!

5 Thu User authentication, Radius
Chapter 15
9. User authentication
802.11 WLAN security: WEP yes Chapter 18 WLAN
10. WLAN

(w. 18)
Thu WLAN Security: 802.11i, WPA, WPA2
Secure Shell (SSH)

Chapter 16.3: 802.1x
Chapter 17.4: Secure Shell (SSH)
11. SSH
6 Fri IDS Systems, Kerberos
Chapter 22.2: IDS systems
Chapter 15.1-4: Kerberos
12. IDS Systems
13. Remote authentication

7 Tue Kerberos, IPsec
yes Chapter 20: IPsec
14. IPsec

8 Tue Link-level security, switches and VLANs.
VPN systems and network design.

Chapter 16.1-2 and 4-8
15. Link-level security

8 Thu VPN systems and network design, cont'd.
Course summary, old exams
yes 16. VPN systems and network design
17. Course summary
9 Tue Spare - will not be used.


Laboratory work

The course will have four practical lab sessions that are mandatory and worth 1,5 out of the total 7,5 credits for this course. More information can be found in PingPong on the lab home pages.

To book a session in the lab, add your group number to the shared booking list found on the PinPong lab pages. Please be careful to not destroy the document since we all depend on its contents. There is no need to save the document, all changes are applied immediately. You can also send an email to the TA responsible for the labs to request a booking.

There are four lab sessions in the course:

  1. Using a network scanning tool (nmap) to see how a system responds and Wireshark to see how scanning is done. This assignment must be done in the lab since scanning and sniffing is not allowed on any other networks.
  2. Configuration of a Linux firewall using Netfilter / IPtables. You will configure some services such as web, DNS, ftp, etc., and also see how it can keep state of TCP connections. Your configuration will also be tested using nmap to see that it works as intended. Your configuration and results should after the lab session be summarized in a written report.
  3. The third assignment will be to work with SSL/TLS and to generate certificates. After the session, you should understand what level of security SSL/TLS and certificates give and what is required to set up a secure communication channel between a client and a server. This work can be done in the lab or elsewhere if you prefer.
  4. The fourth assignment will be to work with Snort, an IDS system and configure it to trigger alarms when suspicious traffic is found on the network.

Please note the following:

There are several lab sessions with teaching assistants each week. You have to visit one for each assignment:

Monday 08:00 - 11:45 Tuesday 17:15 - 21:00 Thursday 08:00 - 11:45 Friday 08:00 - 11:45
Week 3 (15)
April 9-13

LAB 1 - nmap LAB 1 - nmap

Week 4
April 16-20
LAB 1 - nmap LAB 2 - Firewalls LAB 2 - Firewalls
Week 5 (17)
April 23-27

LAB 2 - Firewalls LAB 3 - SSL/TLS LAB 3 - SSL/TLS LAB 3 - SSL/TLS
Week 8 (20)
May 14-18
LAB 4 - IDS systems LAB 4 - IDS systems LAB 4 - IDS systems

Course Representatives

We have elected students who will act as student representatives for this course. Please give them feedback during the course about what is good and bad. All comments that can be used to improve the course are welcome. Detailed info for course representatives (and all other interested) can be found at Chalmers web.

Course representatives for 2018 are:
MPCSN   Reza Esmaeili
MPCSN   Emelie Ekenstedt
MPSOF   Neda Farhand
MPALG    Shruthi Dinakaran


Signing up for written hall examinations is mandatory. If you haven’t signed up, you will not be able allowed to take the exam and will have to wait until the next re-sit examination period. 

GU students:
You find information about how to and when to sign up on the CSE’s pages on the GU Student Portal:

Chalmers students:

You find the information about how to and when to sign up on the Student Portal at Chalmers:

The examination will be in English and the grades are 3, 4, and 5 (for GU G, VG) and based on the exam. In addition, all laboratory work including the written report must also be passed. No material is allowed at the exam except for an English dictionary in paper form (no electronic aids).

Examination dates are:

Below you can find links to old exams, but please note that in order to save space, the answers provided here are shorter than what is required on the real exam. Make sure that you clearly explain your thoughts, we cannot guess what you intend to say! Also please note that the course contents and focus change somewhat each year, so read older exams with some care!
Exam May 2016
Exam Aug 2016
Exam Oct 2016

Exam May 2017
Exam Aug 2017
Exam Oct 2017

Exam May 2018
Exam Aug 2018
Exam Oct 2018