Table of Contents

Network Security

This course is offered at the University of Trento by the security group in the framework of the Cyber Security track of the European Institute of Innovation and Technology (EIT Digital) Master School programme.

See the UniTrento CSE track page for further information.

Course description

This course focuses on technological and infrastructural security aspects of computer networks. In this course we are interested in both defensive and attacking aspects of network security.

The course will be divided in two major “chunks”.

The first part of the course recall some aspects of network protocols relevant to the course. We will then dive in different models of the attackers, different types of vulnerabilities, and attacks. Further, we will explore the use (and limits) of defensive technologies such as firewalls and IDSs.

The second part will be characterized mostly by laboratory activities. Students will organize in small groups (2-3 people each) and choose a topic among those presented in class (e.g. IDS evasion, Web vulnerabilities, Buffer overflows, Packet sniffing, etc.) and build a laboratory for the other students to attend. Each group works on its own. At the end of the semester, one group at a time presents its work to the rest of the students and guides them through the laboratory activity. The goal of these laboratories is to reproduce in class the work of each group. Each group will have to produce a final report on the built laboratory activity, and give in a DVD with all the relevant material to reproduce the exercise.

Examination

The final examination will consist of a written exam on the theoretical aspects of the course (20/30), and on the quality of the final report and laboratory activity (15/30).

Prerequisites

Students of this course should know the bases of network protocols and client/server interaction.

Program

PART 1

PART 2

Course Schedule

Date Topic Slides Support material
15/02/2016Intro to coursenetsec_intro.pdf01-netsec_sec_foundations.pdfReflections on Trusting Trust
17/02/2016Security of Network protocols - IP 02-netsec_network_aspects-ip.pdf Added traceroute as explained in class (slide 46). Specified L2 address in slide 21.
22/02/2016Security of Network protocols - TCP02-netsec_network_aspects-tcp.pdfAdded info on [.] notation in tcpdump.
24/02/2016Security of Net. protocols - Application Layer 02-netsec_network_aspects-applayer.pdf demo_scripts.tar.gz
29/02/2016Crypto03-netsec_crypto.pdf http://www.acm.org/media-center/2016/march/turing-award-2015
02/03/2016Vulnerabilities & attack surfaces 04-netsec_vulnerabilities.pdf Arora-Impact of vulnerability disclosure and patch availability, Miller-The legitimate vulnerability market, http://phrack.org/issues/49/14.html
07/03/2016Vulnerabilities (b)04-netsec_vulnerabilities-b.pdf http://onlinelibrary.wiley.com/doi/10.1002/asi.20779/full; Moore-Current state of phishing attack and defence; Acquisti-Infosec attitudes and behavior; Lab activities and topics (subject to change until wednesday the 9th)
09/03/2016Vulnerability scoring05-netsec_cvss_intro.pdfCVSS v3 Metric Definitions; Final Lab Topics
14/03/2016Vuln Scoring class exercise06-netsec_cvss_exercise.pdf
16/03/2016Attacks - malware07-netsec_malware.pdfhttp://www.sciencedirect.com/science/article/pii/S1389128612003568; Stone-Gross - Analysis of a botnet takeover
21/03/2016Attacks - web attacks 08-netsec_webattacks.pdf kanich_-_spamalytics.pdf; kotov_-_exploit_kits.pdf; provos-_iframes_point_to_us.pdf; studer-_coremelt.pdf; argyraki_-_network_capabilities.pdf
23/03/2016Attacks - economy and infrastructure09-netsec_cybercrime_economy.pdf gier-manufacturing_compromise.pdf; thomas-framing_dependencies_underground_commoditization.pdf; allodi-then_and_now.pdf (16Mb PDF)
28/03/2016Easter (suspended)
30/03/2016Defensive tech - Network defense Sys hardening - Auth+Static FW 10-netsec_syshardening-fw.pdf
04/03/2016Defensive tech - Network defense Sys hardening - Stateful/App FWs11-netsec_syshardening-appfw.pdf firewall_configuration_errors.pdf
06/04/2016Classes suspended
11/04/2016IDSs + Vuln Mngmt + Lab notes12-netsec_syshardening_vuln_mngmt.pdf Lab: 12b-netsec_lab_notes.pdf allodi-comparing_vulnerability_exploits.pdf; axelsson-base_rate_fallacy.pdf; nayak-some_vulnerabilities_are_different_than_others.pdf; Sections 1-3 only: allodi-heavy_tails_of_vuln_exploitation.pdf
13/04/2016Malware Lab: exploit kits 13_-_netsec_ekits_lab.pdf [53MB]
18/04/2016Privacy in networks14-netsec_privacy.pdf arnbak-httpsmarketcollapse.pdf
20/04/2016Student Labs - T2: DoS attacks MORNING session - AFTERNOON session Morning report: G5 - Afternoon report: G6
25/04/2016Liberazione (suspended)
27/04/2016Student Labs - T3: MitMMORNING session - AFTERNOON session Morning report: G4 - Afternoon report: G1+Afternoon attachments: G1
02/05/2016Student Labs - T4 DNS cache poisoning MORNING session - AFTERNOON session click to get proper image orientation Morning report. - Afternoon report
04/05/2016Student Labs - T5 Kaminsky AttackMORNING session - AFTERNOON session Morning report - Afternoon report
09/05/2016Student Labs - T6 XSS + phishing +CSRF MORNING: session moved to 12/05/2016 - AFTERNOON session Afternoon report
11/05/2016Student Labs - T7 BoF MORNING session - AFTERNOON session Morning report -Afternoon report
12/05/2016Student Labs - EXTRA T6 XSS + phishing +CSRF Extra session (substitues 09/05/16 morning session) Extra Session report
16/05/2016Student Labs - T8 SQLi + defenses MORNING session - AFTERNOON session: 1, 2, 3 Morning report -Afternoon report
18/05/2016Student Labs - T9 FW Stateless MORNING Session - AFTERNOON Session Morning report - Afternoon report
23/05/2016Student Labs - T10 FW Stateful MORNING Session - AFTERNOON Session +cheatsheet Morning report Afternoon report
25/05/2016Student Labs - T11 NIDS - Snort MORNING Session - AFTERNOON Session Morning report - Afternoon report
30/05/2016Student Labs -T12 NIDS - Bro MORNIG Session - AFTERNOON Session Afternoon report