User Tools
course_netsec_2016
Differences
This shows you the differences between two versions of the page.
|
course_netsec_2016 [2019/03/27 18:10] bruno.crispo@unitn.it |
course_netsec_2016 [2021/01/29 11:58] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Network Security ====== | ||
| - | This course is offered at the University of Trento by the [[security_group|security group]] in the framework of the [[https://masterschool.eitdigital.eu/programmes/cse/|Cyber Security track]] of the [[https://www.eitdigital.eu/|European Institute of Innovation and Technology (EIT Digital)]] Master School programme. | ||
| - | |||
| - | See the [[teaching_activities|UniTrento CSE track page]] for further information. | ||
| - | |||
| - | ===== Course description ===== | ||
| - | |||
| - | This course focuses on technological and infrastructural security aspects of computer networks. In this course we are interested in both defensive and attacking aspects of network security. | ||
| - | |||
| - | The course will be divided in two major “chunks”. | ||
| - | |||
| - | The first part of the course recall some aspects of network protocols relevant to the course. We will then dive in different models of the attackers, different types of vulnerabilities, and attacks. Further, we will explore the use (and limits) of defensive technologies such as firewalls and IDSs. | ||
| - | |||
| - | The second part will be characterized mostly by laboratory activities. Students will organize in small groups (2-3 people each) and choose a topic among those presented in class (e.g. IDS evasion, Web vulnerabilities, Buffer overflows, Packet sniffing, etc.) and build a laboratory for the other students to attend. Each group works on its own. At the end of the semester, one group at a time presents its work to the rest of the students and guides them through the laboratory activity. The goal of these laboratories is to reproduce in class the work of each group. Each group will have to produce a final report on the built laboratory activity, and give in a DVD with all the relevant material to reproduce the exercise. | ||
| - | |||
| - | ===== Examination ===== | ||
| - | |||
| - | |||
| - | The final examination will consist of a written exam on the theoretical aspects of the course (20/30), and on the quality of the final report and laboratory activity (15/30). | ||
| - | |||
| - | ===== Prerequisites ===== | ||
| - | |||
| - | |||
| - | Students of this course should know the bases of network protocols and client/server interaction. | ||
| - | |||
| - | ===== Program ===== | ||
| - | |||
| - | |||
| - | **PART 1** | ||
| - | |||
| - | * Introduction | ||
| - | * Network security foundamentals | ||
| - | * Attacker Models | ||
| - | * Network aspects | ||
| - | * TCP/IP protocol 101 | ||
| - | * Channel crypto | ||
| - | * HTTPS/SSL/TLS | ||
| - | * IPSEC | ||
| - | * Vulnerabilities | ||
| - | * Configuration vulnerabilities and attack surfaces | ||
| - | * Web Vulnerabilities | ||
| - | * Vulnerabilities in software | ||
| - | * Attacks | ||
| - | * Network attacks | ||
| - | * Malware | ||
| - | * Drive-by downloads & exploit kits | ||
| - | * Botnets | ||
| - | * Defensive technologies | ||
| - | * System hardening | ||
| - | * Firewalls | ||
| - | * IDSs | ||
| - | * Advanced memory techniques | ||
| - | * Privacy in networks | ||
| - | * Honest-but-curious attackers | ||
| - | * Tracking/fingerprinting | ||
| - | * Applications of crypto | ||
| - | * VPNs/TOR | ||
| - | |||
| - | **PART 2** | ||
| - | |||
| - | * Student laboratories | ||
| - | |||
| - | ===== Course Schedule ===== | ||
| - | |||
| - | * Monday - room A07 - 11:00-13:00 | ||
| - | * Wednesday - room A207 - 09:00-11:00 | ||
| - | |||
| - | |||
| - | ^ Date ^ Topic ^ Slides ^ Support material ^ | ||
| - | |15/02/2016|Intro to course|{{:teaching:netsec:2016:netsec_intro.pdf|}}{{:teaching:netsec:2016:01-netsec_sec_foundations.pdf|}}|{{:teaching:netsec:2016:reflections.pdf|Reflections on Trusting Trust}}| | ||
| - | |17/02/2016|Security of Network protocols - IP| {{:teaching:netsec:2016:02-netsec_network_aspects-ip.pdf|}} |Added traceroute as explained in class (slide 46). Specified L2 address in slide 21.| | ||
| - | |22/02/2016|Security of Network protocols - TCP|{{:teaching:netsec:2016:02-netsec_network_aspects-tcp.pdf|}}|Added info on [.] notation in tcpdump.| | ||
| - | |24/02/2016|Security of Net. protocols - Application Layer| {{:teaching:netsec:2016:02-netsec_network_aspects-applayer.pdf|}} |{{:teaching:netsec:2016:netdemo:demo_scripts.tar.gz|}} | | ||
| - | |29/02/2016|Crypto|{{:teaching:netsec:2016:03-netsec_crypto.pdf|}}| [[http://www.acm.org/media-center/2016/march/turing-award-2015]]| | ||
| - | |02/03/2016|Vulnerabilities & attack surfaces| {{:teaching:netsec:2016:04-netsec_vulnerabilities.pdf|}}| {{:teaching:netsec:2016:arora-impact_of_vuln_disclosure.pdf|Arora-Impact of vulnerability disclosure and patch availability}}, {{:teaching:netsec:2016:miller-legitimate_vulnerability_market.pdf|Miller-The legitimate vulnerability market}}, [[http://phrack.org/issues/49/14.html]]| | ||
| - | |07/03/2016|Vulnerabilities (b)|{{:teaching:netsec:2016:04-netsec_vulnerabilities-b.pdf|}}| [[http://onlinelibrary.wiley.com/doi/10.1002/asi.20779/full]]; {{:teaching:netsec:2016:moore-phishing.pdf|Moore-Current state of phishing attack and defence}}; {{:teaching:netsec:2016:acquisti-hyperbolic_discounting.pdf|Acquisti-Infosec attitudes and behavior}}; {{:teaching:netsec:2016:netsec_lab_activities.pdf|Lab activities and topics (subject to change until wednesday the 9th)}}| | ||
| - | |09/03/2016|Vulnerability scoring|{{:teaching:netsec:2016:05-netsec_cvss_intro.pdf|}}|{{:teaching:netsec:2016:cvss_v3_metric_definitions.docx|CVSS v3 Metric Definitions}}; {{:teaching:netsec:2016:lab_topics-final.pdf|Final Lab Topics}}| | ||
| - | |14/03/2016|Vuln Scoring class exercise|{{:teaching:netsec:2016:06-netsec_cvss_exercise.pdf|}}| | ||
| - | |16/03/2016|Attacks - malware|{{:teaching:netsec:2016:07-netsec_malware.pdf|}}|[[http://www.sciencedirect.com/science/article/pii/S1389128612003568]]; {{:teaching:netsec:2016:stone-gross_-_analysis_of_a_botnet_takeover.pdf|Stone-Gross - Analysis of a botnet takeover}}| | ||
| - | |21/03/2016|Attacks - web attacks| {{:teaching:netsec:2016:08-netsec_webattacks.pdf|}}| {{:teaching:netsec:2016:kanich_-_spamalytics.pdf|}}; {{:teaching:netsec:2016:kotov_-_exploit_kits.pdf|}}; {{:teaching:netsec:2016:provos-_iframes_point_to_us.pdf|}}; {{:teaching:netsec:2016:studer-_coremelt.pdf|}}; {{:teaching:netsec:2016:argyraki_-_network_capabilities.pdf|}}| | ||
| - | |23/03/2016|Attacks - economy and infrastructure|{{:teaching:netsec:2016:09-netsec_cybercrime_economy.pdf|}}| {{:teaching:netsec:2016:gier-manufacturing_compromise.pdf|}}; {{:teaching:netsec:2016:thomas-framing_dependencies_underground_commoditization.pdf|}}; {{:teaching:netsec:2016:allodi-then_and_now.pdf|}} (16Mb PDF)| | ||
| - | |28/03/2016|Easter (suspended)| | ||
| - | |30/03/2016|Defensive tech - Network defense Sys hardening - Auth+Static FW| {{:teaching:netsec:2016:10-netsec_syshardening-fw.pdf|}}| | ||
| - | |04/03/2016|Defensive tech - Network defense Sys hardening - Stateful/App FWs|{{:teaching:netsec:2016:11-netsec_syshardening-appfw.pdf|}}| {{:teaching:netsec:2016:firewall_configuration_errors.pdf|}}| | ||
| - | |06/04/2016|Classes suspended| | ||
| - | |11/04/2016|IDSs + Vuln Mngmt + Lab notes|{{:teaching:netsec:2016:12-netsec_syshardening_vuln_mngmt.pdf|}} Lab: {{:teaching:netsec:2016:12b-netsec_lab_notes.pdf|}}| {{:teaching:netsec:2016:allodi-comparing_vulnerability_exploits.pdf|}}; {{:teaching:netsec:2016:axelsson-base_rate_fallacy.pdf|}}; {{:teaching:netsec:2016:nayak-some_vulnerabilities_are_different_than_others.pdf|}}; Sections 1-3 only: {{:teaching:netsec:2016:allodi-heavy_tails_of_vuln_exploitation.pdf|}}| | ||
| - | |13/04/2016|Malware Lab: exploit kits | {{:teaching:netsec:2016:13_-_netsec_ekits_lab.pdf|}} [53MB]| | ||
| - | |18/04/2016|Privacy in networks|{{:teaching:netsec:2016:14-netsec_privacy.pdf|}} |{{:teaching:netsec:2016:arnbak-httpsmarketcollapse.pdf|}}| | ||
| - | |20/04/2016|Student Labs - T2: DoS attacks| {{:teaching:netsec:2016:netseclab_-_t2g5.pdf|MORNING session}} - {{:teaching:netsec:2016:BCnetseclab_-_t2g6.pdf|AFTERNOON session}} | {{:teaching:netsec:2016:BCdos_report_-_group_5.pdf|Morning report: G5}} - {{:teaching:netsec:2016:denial-of-service-team-6-report.pdf|Afternoon report: G6}}| | ||
| - | |25/04/2016|Liberazione (suspended)| | ||
| - | |27/04/2016|Student Labs - T3: MitM|{{:teaching:netsec:2016:BCg4_-_mitm.pdf|MORNING session}} - {{:teaching:netsec:2016:BCg1-mitm_attacks_v1.3.pdf|AFTERNOON session}}| {{ :teaching:netsec:2016:labphotos:27apr.jpeg?direct&200 |}}{{:teaching:netsec:2016:BCg4_-_mitm_report.pdf|Morning report: G4}} - {{:teaching:netsec:2016:BCnetwork_security_lab_report_-_group_1.pdf|Afternoon report: G1}}+{{:teaching:netsec:2016:BCg1_attachments.zip|Afternoon attachments: G1}} | | ||
| - | |02/05/2016|Student Labs - T4 DNS cache poisoning| {{:teaching:netsec:2016:BCg15_t4.pdf|MORNING session}} - {{:teaching:netsec:2016:BCslide_g14_t4.pdf|AFTERNOON session}} | click to get proper image orientation {{ :teaching:netsec:2016:labphotos:2may.jpeg?direct&200 |}} {{:teaching:netsec:2016:BCreport-group15_report.pdf|Morning report.}} - {{:teaching:netsec:2016:BCreport-netsecgroup14.pdf|Afternoon report}}| | ||
| - | |04/05/2016|Student Labs - T5 Kaminsky Attack|{{:teaching:netsec:2016:BCkaminskyattack_group21_.pdf|MORNING session}} - {{:teaching:netsec:2016:BCpresentazione_labg19.odp|AFTERNOON session}}| {{ :teaching:netsec:2016:labphotos:4may.jpeg?direct&200 |}} {{:teaching:netsec:2016:BCkaminsky_attack_report_group21.pdf|Morning report}} - {{:teaching:netsec:2016:BCreportkamniskylabg19.pdf|Afternoon report}}| | ||
| - | |09/05/2016|Student Labs - T6 XSS + phishing +CSRF| MORNING: session moved to 12/05/2016 - {{:teaching:netsec:2016:BCgroup9_presentation_final2.pdf|AFTERNOON session}} | {{:teaching:netsec:2016:reports:t6:BCnetsec_final_paper_g9.pdf|Afternoon report}}| | ||
| - | |11/05/2016|Student Labs - T7 BoF| {{:teaching:netsec:2016:bufferoverflowlabg10.pdf|MORNING session}} - {{:teaching:netsec:2016:lab07_group13_bof.pdf|AFTERNOON session}} | {{ :teaching:netsec:2016:labphotos:11may.jpeg?direct&200 |}} {{:teaching:netsec:2016:reports:t7:report_buffer_overflow_group10.pdf|Morning report}} -{{:teaching:netsec:2016:reports:t7:bof_repor_group_13_topic_7_.pdf|Afternoon report}} | | ||
| - | |12/05/2016|Student Labs - EXTRA T6 XSS + phishing +CSRF| {{:teaching:netsec:2016:BCgroup20_handout.pdf|Extra session (substitues 09/05/16 morning session)}}| {{:teaching:netsec:2016:reports:t6:BCgroup20_report.pdf|Extra Session report}}| | ||
| - | |16/05/2016|Student Labs - T8 SQLi + defenses| {{:teaching:netsec:2016:slides:t8:g7:BCgroup7_topic8.pdf|MORNING session}} - AFTERNOON session: {{:teaching:netsec:2016:slides:t8:g17:BClab1.pdf|1}}, {{:teaching:netsec:2016:slides:t8:g17:BClab2.pdf|2}}, {{:teaching:netsec:2016:slides:t8:g17:BClab_3.pdf|3}}|{{ :teaching:netsec:2016:labphotos:16may.jpeg?direct&200 |}} {{:teaching:netsec:2016:reports:t8:BCreport_group7_sqli.pdf|Morning report}} -{{:teaching:netsec:2016:reports:t8:g17:BCsql_lab_report.pdf|Afternoon report}}| | ||
| - | |18/05/2016|Student Labs - T9 FW Stateless| {{:teaching:netsec:2016:slides:t9:BCfirewall_stateless-2.pdf|MORNING Session}} - {{:teaching:netsec:2016:slides:t9:BCfirewall_implementation_stateless_-2.pdf|AFTERNOON Session}}| {{ :teaching:netsec:2016:labphotos:18may.jpeg?direct&200 |}} {{:teaching:netsec:2016:reports:t9:BCg23_report-_network-security-lab.pdf|Morning report}} - {{:teaching:netsec:2016:reports:t9:BCgroup16-firewallreport.pdf|Afternoon report}}| | ||
| - | |23/05/2016|Student Labs - T10 FW Stateful| {{:teaching:netsec:2016:slides:t10:BCnetwork_security_project-2.pdf|MORNING Session}} - {{:teaching:netsec:2016:slides:t10:BC10_-_stateful.pdf|AFTERNOON Session}} +{{:teaching:netsec:2016:slides:t10:BCiptablescheatsheet.pdf|cheatsheet}}|{{ :teaching:netsec:2016:labphotos:23may.jpeg?direct&200 |}} {{:teaching:netsec:2016:reports:t10:BCstateful_firewall-final-report.pdf|Morning report}} {{:teaching:netsec:2016:reports:t10:BCreport_statefulfirewalls-group18-afternoon.pdf|Afternoon report}} | | ||
| - | |25/05/2016|Student Labs - T11 NIDS - Snort| {{:teaching:netsec:2016:slides:t11:BCgroup8-snort-lab.pdf|MORNING Session}} - {{:teaching:netsec:2016:slides:t11:BCgroup2_-_ids_snort.pdf|AFTERNOON Session}}|{{ :teaching:netsec:2016:labphotos:25may.jpeg?direct&200 |}} {{:teaching:netsec:2016:reports:t11:BCgroup8_snort_lab_report.pdf|Morning report}} - {{:teaching:netsec:2016:reports:t11:BCnetworksecuritysnortreport.pdf|Afternoon report}} | | ||
| - | |30/05/2016|Student Labs -T12 NIDS - Bro| {{:teaching:netsec:2016:slides:t12:BCg22.pdf|MORNIG Session}} - {{:teaching:netsec:2016:slides:t12:g3.pdf|AFTERNOON Session}} | {{ :teaching:netsec:2016:labphotos:30may.jpeg?direct&200 |}} {{:teaching:netsec:2016:reports:t12:relation_netsec_lab.pdf|Afternoon report}}| | ||
course_netsec_2016.txt · Last modified: 2021/01/29 10:58 (external edit)
Page Tools
