Network security (2021/2022)
Scientific Disciplinary Sector (SSD)
INF/01 - INFORMATICS
The teaching is organized as follows:
The course aims to present the main methodologies and technologies to ensure the security of computer networks and, more generally, distributed information systems. At the end of the course, the student must demonstrate to be able to know the main theoretical and applicative notions for the design, the practical implementation and the formal analysis of tools and protocols for the security of distributed networks and distributed information systems. This knowledge will allow the student to compare different techniques of network protection and choose between them the most appropriate according to the context of use and to make the most appropriate design choices when defining a new computer network. The student will then be able to continue his/her studies in the field of network security and distributed information system in autonomy, studying autonomously and presenting in clear way new vulnerabilities in computer networks and the related solutions adopted to mitigate their effects
Frontal Teaching (36 hours)
- Cybersecurity, Information Security, and Network Security
- The OSI Security Architecture
- Network Security
- Trust and Trustworthiness
2) Symmetric encryption
- Symmetric Encryption Principles
- Symmetric Block Encryption Algorithms
- Random and Pseudorandom Numbers
- Stream Ciphers and RC4
- Cipher Block Modes of Operation
3) Public-Key Cryptography and Message Authentication
- Approaches to Message Authentication
- Secure Hash Functions
- Message Authentication Codes
- Public-Key Cryptography Principles
- Public-Key Cryptography Algorithms
- Digital Signatures
4) Cryptographic Key Management and distribution
- Symmetric Key Distribution Using Symmetric Encryption
- Symmetric Key Distribution Using Asymmetric Encryption
- Distribution of Public Keys
- X.509 Certificates
- Public-Key Infrastructure
5) User Authentication
- Remote User-Authentication Principles
- Remote User-Authentication Using Symmetric Encryption
- Remote User-Authentication Using Asymmetric Encryption
- Federated Identity Management
6) Transport-Level Security
- Web Security Considerations
- Transport Layer Security
- Secure Shell (SSH)
7) Wireless Network Security
- Wireless Security
- Mobile Device Security
- Wireless Lan Overview
- IEEE 802.11i Wireless Lan Security
8) Electronic Mail Security
- Internet Mail Architecture
- Email Formats
- Email Threats and Comprehensive Email Security
- DNS-Based Authentication of Named Entities
- Sender Policy Framework
- Domainkeys Identified Mail
- Domain-Based Message Authentication, Reporting, and Conformance
9) IP Security
- IP Security Overview
- IP Security Policy
- Encapsulating Security Payload
- Combining Security Associations
- Internet Key Exchange
10) Network Endpoint Security
- Intrusion Detection Systems
- Malicious Software
- Distributed Denial of Service Attacks.
Laboratory (12 hours):
- Sockets and network connections
* Introduction to network connections, socket management
* Writing a port scanner in Python. Hints to the nmap tool.
- Network traffic analysis:
* Popular packet filtering systems (firewalls). Introduction to Netcat, Wireshark and tcpdump.
* Network layer limits as a defense tool for application layer attacks.
- ARP tables, ARP spoofing and DoS attacks
* Physical addresses and ARP protocol, ARP tables and ARP spoofing attacks. The concept of ARP poisoning. The Ettercap tool. How ARP-based spoofing attacks are detected and risk mitigation.
* Hints on HTTP header striping modes. SSLStrip and Bettercap tool.
* Case study: SYN flood attacks (half-open-attack) and impact mitigation methods: limiting the resources absorbed by the attack using network tools.
* Implementation of IPS system for brute force attacks on ftp credentials and in the case of port scanning. IPS prototype writing via the iptables firewall and Linux shell. The OSSEC IPS.
- ICS Security
Security of Industrial Control Systems (ICSs). Shodan.io. The Stuxnet attack. Replication of attacks on industrial system controllers.
- Detection of anomalies in network traffic:
* Netfilter extensions for connection status matching (new, established, related and invalid), types of addresses (unspec, local prohibit, unicast, broadcast), comments, limits and the concept of burst, filters at the MAC address level, use of the firewall to mitigate ARP spoofing attacks.
* Major web application vulnerabilities arising from the network layer.
Visualizza la bibliografia con Leganto, strumento che il Sistema Bibliotecario mette a disposizione per recuperare i testi in programma d'esame in modo semplice e innovativo.
Examination consists of:
- an oral examination on the topics dealt with during frontal lessons;
- a project on subject related to the lab.
The final vote comes from the average of the evaluations obtained in the oral test and in the discussion of the project.