This course is offered at the University of Trento by the security group in the framework of the Cyber Security track of the European Institute of Innovation and Technology (EIT Digital) Master School programme.

See the UniTrento CSE track page for further information.

This course focuses on technological and infrastructural security aspects of computer networks. In this course we are interested in both defensive and attacking aspects of network security.

The course will be divided in two major “chunks”.

The first part of the course recall some aspects of network protocols relevant to the course. We will then dive in different models of the attackers, different types of vulnerabilities, and attacks. Further, we will explore the use (and limits) of defensive technologies such as firewalls and IDSs.

The second part will be characterized mostly by laboratory activities. Students will organize in small groups (2-3 people each) and choose a topic among those presented in class (e.g. IDS evasion, Web vulnerabilities, Buffer overflows, Packet sniffing, etc.) and build a laboratory for the other students to attend. Each group works on its own. At the end of the semester, one group at a time presents its work to the rest of the students and guides them through the laboratory activity. The goal of these laboratories is to reproduce in class the work of each group. Each group will have to produce a final report on the built laboratory activity, and give in a DVD with all the relevant material to reproduce the exercise.

The final examination will consist of a written exam on the theoretical aspects of the course (20/30), and on the quality of the final report and laboratory activity (15/30).

Students of this course should know the bases of network protocols and client/server interaction.

PART 1

• Introduction
  • Network security foundamentals
  • Attacker Models
• Network aspects
  • TCP/IP protocol 101
  • Channel crypto
  • HTTPS/SSL/TLS
  • IPSEC
• Vulnerabilities
  • Configuration vulnerabilities and attack surfaces
  • Web Vulnerabilities
  • Vulnerabilities in software
• Attacks
  • Network attacks
  • Malware
  • Drive-by downloads & exploit kits
  • Botnets
• Defensive technologies
  • System hardening
  • Firewalls
  • IDSs
  • Advanced memory techniques
• Privacy in networks
  • Honest-but-curious attackers
  • Tracking/fingerprinting
  • Applications of crypto
  • VPNs/TOR

PART 2

• Student laboratories

• Monday - room A07 - 11:00-13:00
• Wednesday - room A207 - 09:00-11:00

Date	Topic	Slides	Support material
15/02/2016	Intro to course	netsec_intro.pdf01-netsec_sec_foundations.pdf	Reflections on Trusting Trust
17/02/2016	Security of Network protocols - IP	02-netsec_network_aspects-ip.pdf	Added traceroute as explained in class (slide 46). Specified L2 address in slide 21.
22/02/2016	Security of Network protocols - TCP	02-netsec_network_aspects-tcp.pdf	Added info on [.] notation in tcpdump.
24/02/2016	Security of Net. protocols - Application Layer	02-netsec_network_aspects-applayer.pdf	demo_scripts.tar.gz
29/02/2016	Crypto	03-netsec_crypto.pdf	http://www.acm.org/media-center/2016/march/turing-award-2015
02/03/2016	Vulnerabilities & attack surfaces	04-netsec_vulnerabilities.pdf	Arora-Impact of vulnerability disclosure and patch availability, Miller-The legitimate vulnerability market, http://phrack.org/issues/49/14.html
07/03/2016	Vulnerabilities (b)	04-netsec_vulnerabilities-b.pdf	http://onlinelibrary.wiley.com/doi/10.1002/asi.20779/full; Moore-Current state of phishing attack and defence; Acquisti-Infosec attitudes and behavior; Lab activities and topics (subject to change until wednesday the 9th)
09/03/2016	Vulnerability scoring	05-netsec_cvss_intro.pdf	CVSS v3 Metric Definitions; Final Lab Topics
14/03/2016	Vuln Scoring class exercise	06-netsec_cvss_exercise.pdf
16/03/2016	Attacks - malware	07-netsec_malware.pdf	http://www.sciencedirect.com/science/article/pii/S1389128612003568; Stone-Gross - Analysis of a botnet takeover
21/03/2016	Attacks - web attacks	08-netsec_webattacks.pdf	kanich_-_spamalytics.pdf; kotov_-_exploit_kits.pdf; provos-_iframes_point_to_us.pdf; studer-_coremelt.pdf; argyraki_-_network_capabilities.pdf
23/03/2016	Attacks - economy and infrastructure	09-netsec_cybercrime_economy.pdf	gier-manufacturing_compromise.pdf; thomas-framing_dependencies_underground_commoditization.pdf; allodi-then_and_now.pdf (16Mb PDF)
28/03/2016	Easter (suspended)
30/03/2016	Defensive tech - Network defense Sys hardening - Auth+Static FW	10-netsec_syshardening-fw.pdf
04/03/2016	Defensive tech - Network defense Sys hardening - Stateful/App FWs	11-netsec_syshardening-appfw.pdf	firewall_configuration_errors.pdf
06/04/2016	Classes suspended
11/04/2016	IDSs + Vuln Mngmt + Lab notes	12-netsec_syshardening_vuln_mngmt.pdf Lab: 12b-netsec_lab_notes.pdf	allodi-comparing_vulnerability_exploits.pdf; axelsson-base_rate_fallacy.pdf; nayak-some_vulnerabilities_are_different_than_others.pdf; Sections 1-3 only: allodi-heavy_tails_of_vuln_exploitation.pdf
13/04/2016	Malware Lab: exploit kits	13_-_netsec_ekits_lab.pdf [53MB]
18/04/2016	Privacy in networks	14-netsec_privacy.pdf	arnbak-httpsmarketcollapse.pdf
20/04/2016	Student Labs - T2: DoS attacks	MORNING session - AFTERNOON session	Morning report: G5 - Afternoon report: G6
25/04/2016	Liberazione (suspended)
27/04/2016	Student Labs - T3: MitM	MORNING session - AFTERNOON session	Morning report: G4 - Afternoon report: G1+Afternoon attachments: G1
02/05/2016	Student Labs - T4 DNS cache poisoning	MORNING session - AFTERNOON session	click to get proper image orientation Morning report. - Afternoon report
04/05/2016	Student Labs - T5 Kaminsky Attack	MORNING session - AFTERNOON session	Morning report - Afternoon report
09/05/2016	Student Labs - T6 XSS + phishing +CSRF	MORNING: session moved to 12/05/2016 - AFTERNOON session	Afternoon report
11/05/2016	Student Labs - T7 BoF	MORNING session - AFTERNOON session	Morning report -Afternoon report
12/05/2016	Student Labs - EXTRA T6 XSS + phishing +CSRF	Extra session (substitues 09/05/16 morning session)	Extra Session report
16/05/2016	Student Labs - T8 SQLi + defenses	MORNING session - AFTERNOON session: 1, 2, 3	Morning report -Afternoon report
18/05/2016	Student Labs - T9 FW Stateless	MORNING Session - AFTERNOON Session	Morning report - Afternoon report
23/05/2016	Student Labs - T10 FW Stateful	MORNING Session - AFTERNOON Session +cheatsheet	Morning report Afternoon report
25/05/2016	Student Labs - T11 NIDS - Snort	MORNING Session - AFTERNOON Session	Morning report - Afternoon report
30/05/2016	Student Labs -T12 NIDS - Bro	MORNIG Session - AFTERNOON Session	Afternoon report