|Thursday||2:30 PM - 5:30 PM||lesson||Lecture Hall I|
|Friday||11:30 AM - 1:30 PM||lesson||Lecture Hall C|
The course objective is to present the main methodologies and technologies to ensure the security of computer networks and distributed IT systems in general. At the end of the course, each student must demonstrate to know the main theoretical and applied concepts for the design, implementation and formal analysis of tools and protocols for network security and the security of distributed IT systems.
Frontal Teaching (44 hours)
- Introduction to Information Security
- Classical Security Properties (Confidentiality, Integrity, Availability, Accountability, Authentication)
- Goals, risks, attacks
- Symmetric and asymmetric key cryptography
- The problem of the distribution of secret keys
- Integrity of messages and message authentication
- Trust certificates and templates
- Public Key Infrastructure
- Public Key Infrastructure Study Cases (X.509, PGP)
- Classic cryptographic protocols for key exchange
- Taxonomy of attacks for classic cryptographic protocols
- Techniques for designing correct cryptographic protocols
- Network security protocols at different levels
- Case Studies (Kerberos, Security Socket Layer SSL, Internet Key Exchange IKE, IP Security IPSec)
- Privacy and anonymity
- Anonymity policies, technical problems, implementation mechanisms (pseudonyms and proxies)
- Case Studies (Mix Networks, Crowds, Onions networks, TOR)
- Firewalls (packet filter, stateful, application level, circuit level)
- Intruders and Intrusion Detection Systems.
Laboratory (12 hours):
--Network Traffic Analysis:
* Most commonly used firewall filtering systems. Introduction to Netcat, Wireshark, and tcpdump.
* Writing a port scanner in Python. Hints on the nmap tool.
* Physical Addresses and ARP Protocol, ARP Tables, and ARP spoofing attacks. The concept of ARP poisoning. The Ettercap tool. Attachment detection methods based on spoofing and risk mitigation.
* Hints on String Strips HTTP.Tool SSLStrip and Bettercap Headers.
* Network layer limits as a defense tool for attacks at the application level.
- Anomalies detected in network traffic:
* Log Logging for Attack Detection. Hints about how IPS and Intrusion Prevention Systems (IPSs) and Intrusion Detection Systems (IDSs) are configured based on logs.
* Typical network layer configuration errors and consequent higher-level risks. The major vulnerabilities of web based networking (A5: security misconfiguration, A6: sensitive data exposure), theft of authentication credentials, session tokens, and sensitive information in general. Examples using ARP poisoning techniques.
* The Linux Netfilter firewall: default functionality and operating modes, tables, chains, rules, targets, and policies. QoS (Quality of Service) hints and use for connections that require special latency guarantees. Hints on how to optimize filtering rules to help them work.
* Netfilter extensions for connection status (new, established, related, and invalid), address types (unspec, local prohibit, unicast, broadcast), comments, limitations and burst concepts, filters At the MAC address level, using firewall to mitigate ARP spoofing attacks.
- Checking network and IDS filtering configurations:
* Designing an IDS system. Example of activating IDS for a web infrastructure. IPS system implementation for brute force attacks on ftp credentials and port scanning. IPS prototype writing through the iptables firewall and the Linux shell. IPS OSSEC.
* Case study: SYN flood type (half-open-attack) attacks and impaction mitigation methods: limiting the absorbed resources of the attack by means of network tools.
* Security effectiveness considerations through progressive network closures.
* Comparison of Netfilter firewalls with ASA of CISCO (hints) and PF (BSD systems).
* PfSense (community edition) firewall wizard.
* Connecting, port forwarding, and filing rules provided by the OpenWRT firewall for embedded systems.
|William Stallings||Cryptography and Network Security: Principles and Practice (7th Edition) (Edizione 7)||Prentice Hall||2016||ISBN-10: 0134444280|
|William Stallings||Network Security Essentials: Applications and Standards (6th Edition) (Edizione 6)||Prentice Hall||2017||ISBN-10: 013452733X|
Examination consists of:
- an oral examination on the topics dealt with during frontal lessons;
- a project on subject related to the lab.
The final vote comes from the average of the evaluations obtained in the oral test and in the discussion of the project.