The course aims to present the main methodologies and technologies to ensure the security of computer networks and, more generally, distributed information systems. At the end of the course, the student must demonstrate to be able to know the main theoretical and applicative notions for the design, the practical implementation and the formal analysis of tools and protocols for the security of distributed networks and distributed information systems. This knowledge will allow the student to compare different techniques of network protection and choose between them the most appropriate according to the context of use and to make the most appropriate design choices when defining a new computer network. The student will then be able to continue his/her studies in the field of network security and distributed information system in autonomy, studying autonomously and presenting in clear way new vulnerabilities in computer networks and the related solutions adopted to mitigate their effects
Frontal Teaching (44 hours)
- Introduction to Information Security
- Classical Security Properties (Confidentiality, Integrity, Availability, Accountability, Authentication)
- Goals, risks, attacks
- Symmetric and asymmetric key cryptography
- The problem of the distribution of secret keys
- Integrity of messages and message authentication
- Trust certificates and templates
- Public Key Infrastructure
- Public Key Infrastructure Study Cases (X.509, PGP)
- Classic cryptographic protocols for key exchange
- Taxonomy of attacks for classic cryptographic protocols
- Techniques for designing correct cryptographic protocols
- Network security protocols at different levels
- Case Studies (Kerberos, Security Socket Layer SSL, Internet Key Exchange IKE, IP Security IPSec)
- Privacy and anonymity
- Anonymity policies, technical problems, implementation mechanisms (pseudonyms and proxies)
- Case Studies (Mix Networks, Crowds, Onions networks, TOR)
- Firewalls (packet filter, stateful, application level, circuit level)
- Intruders and Intrusion Detection Systems.
Laboratory (12 hours):
--Network Traffic Analysis:
* Most commonly used firewall filtering systems. Introduction to Netcat, Wireshark, and tcpdump.
* Writing a port scanner in Python. Hints on the nmap tool.
* Physical Addresses and ARP Protocol, ARP Tables, and ARP spoofing attacks. The concept of ARP poisoning. The Ettercap tool. Attachment detection methods based on spoofing and risk mitigation.
* Hints on String Strips HTTP.Tool SSLStrip and Bettercap Headers.
* Network layer limits as a defense tool for attacks at the application level.
- Anomalies detected in network traffic:
* Log Logging for Attack Detection. Hints about how IPS and Intrusion Prevention Systems (IPSs) and Intrusion Detection Systems (IDSs) are configured based on logs.
* Typical network layer configuration errors and consequent higher-level risks. The major vulnerabilities of web based networking (A5: security misconfiguration, A6: sensitive data exposure), theft of authentication credentials, session tokens, and sensitive information in general. Examples using ARP poisoning techniques.
* The Linux Netfilter firewall: default functionality and operating modes, tables, chains, rules, targets, and policies. QoS (Quality of Service) hints and use for connections that require special latency guarantees. Hints on how to optimize filtering rules to help them work.
* Netfilter extensions for connection status (new, established, related, and invalid), address types (unspec, local prohibit, unicast, broadcast), comments, limitations and burst concepts, filters At the MAC address level, using firewall to mitigate ARP spoofing attacks.
- Checking network and IDS filtering configurations:
* Designing an IDS system. Example of activating IDS for a web infrastructure. IPS system implementation for brute force attacks on ftp credentials and port scanning. IPS prototype writing through the iptables firewall and the Linux shell. IPS OSSEC.
* Case study: SYN flood type (half-open-attack) attacks and impaction mitigation methods: limiting the absorbed resources of the attack by means of network tools.
* Security effectiveness considerations through progressive network closures.
* Comparison of Netfilter firewalls with ASA of CISCO (hints) and PF (BSD systems).
* PfSense (community edition) firewall wizard.
* Connecting, port forwarding, and filing rules provided by the OpenWRT firewall for embedded systems.