Teaching code

4S008904

Credits

6

Coordinator

Massimo Merro

Language

Italian

Scientific Disciplinary Sector (SSD)

INF/01 - INFORMATICS

Courses Single

Authorized

Moodle Seminars 0

The teaching is organized as follows:

Learning objectives

The course aims to present the main methodologies and technologies to ensure the security of computer networks and, more generally, distributed information systems. At the end of the course, the student must demonstrate to be able to know the main theoretical and applicative notions for the design, the practical implementation and the formal analysis of tools and protocols for the security of distributed networks and distributed information systems. This knowledge will allow the student to compare different techniques of network protection and choose between them the most appropriate according to the context of use and to make the most appropriate design choices when defining a new computer network. The student will then be able to continue his/her studies in the field of network security and distributed information system in autonomy, studying autonomously and presenting in clear way new vulnerabilities in computer networks and the related solutions adopted to mitigate their effects

Prerequisites and basic notions

Computer networks

Program

Frontal Teaching:
1) Introduction
- Cybersecurity, Information Security, and Network Security
- The OSI Security Architecture
- Cryptography
- Network Security
- Trust and Trustworthiness
- Standards
2) Symmetric encryption
- Symmetric Encryption Principles
- Symmetric Block Encryption Algorithms
- Random and Pseudorandom Numbers
- Stream Ciphers and RC4 - Cipher Block Modes of Operation
3) Public-Key Cryptography and Message Authentication
- Approaches to Message Authentication
- Secure Hash Functions - Message Authentication Codes
- Public-Key Cryptography Principles
- Public-Key Cryptography Algorithms
- Digital Signatures
4) Cryptographic Key Management and distribution
- Symmetric Key Distribution Using Symmetric Encryption
- Symmetric Key Distribution Using Asymmetric Encryption
- Distribution of Public Keys
- X.509 Certificates
- Public-Key Infrastructure
5) User Authentication
- Remote User-Authentication Principles
- Remote User-Authentication Using Symmetric Encryption
- Kerberos
- Remote User-Authentication Using Asymmetric Encryption
- Federated Identity Management
6) Transport-Level Security
- Web Security Considerations
- Transport Layer Security
- HTTPS
- Secure Shell (SSH)
7) Wireless Network Security
- Wireless Security
- Mobile Device Security - Wireless Lan Overview
- IEEE 802.11i Wireless Lan Security
8) Electronic Mail Security
- Internet Mail Architecture
- Email Formats
- Email Threats and Comprehensive Email Security
- S/MIME
- DNSSEC
- DNS-Based Authentication of Named Entities
- Sender Policy Framework
- Domainkeys Identified Mail
- Domain-Based Message Authentication, Reporting, and Conformance
9) IP Security
- IP Security Overview
- IP Security Policy
- Encapsulating Security Payload
- Combining Security Associations
- Internet Key Exchange
10) Network Endpoint Security
- Firewalls
- Intrusion Detection Systems
- Malicious Software
- Distributed Denial of Service Attacks.
-------------------------------------------------------------------------
-------------------------------------------------------------------------
Program of the Lab:
Lesson 1 --- Introduction and Toolkits
Protocols, IP addresses, TCP ports
OSI and TCP/IP models
Creating a client and a server
Introduction to the Docker virtualization framework (installation, writing Dockerfiles, creating images, using images from Docker Hub, running containers, executing commands in containers, and removing containers and images)
Creating and managing Docker networks
Creating and sending arbitrary network packets (Docker)
Using the Netcat tool
Chat examples
Introduction to Wireshark
Graphical packet visualization
Packet analysis with Wireshark, example case with ping
Capture modes
Lesson 2 --- Scapy and Port Scanning
Structure of a network packet: IP header, TCP header, TCP flags, ICMP, UDP, payloads
The Scapy package
Testing packet generation with Scapy
Overview of NAT, to reach a shell over the internet
Introduction to the Ngrok tool
SYN flood attacks (half-open attack) and impact mitigation strategies (reference to the 3-way handshake)
Ping flood attacks
DoS attacks (ping of death)
Creating custom packets using Scapy (Python)
Sending and receiving packets (Docker)
Writing a port scanner in Python using sockets
Improving the port scanner by breaking the 3-way handshake and using flags
Writing a port scanner using Scapy
Port scanning exercise on a Docker container
Introduction to using Nmap
Lesson 3 --- Wireshark
Dissectors for ICMP, FTP, SSH, HTTP, Modbus, and other protocols
Analysis of specific packets with Wireshark
Practical examples of dissector usage
Setting up Wireshark for network capture
Analyzing traffic generated by Scapy
Analyzing what an attacker sees when inspecting network traffic from a custom port scan and an Nmap port scan
HTTP traffic analysis
The Burp Suite tool
Intercepting credentials via Wireshark
SSH tunneling
Use cases for Local Port Forwarding
Remote Port Forwarding
Port forwarding exercises using Docker
Lesson 4 --- ARP Spoofing
Traceroute and network devices
The ARP protocol
Definition and content of the ARP table
How the ARP table works
Examples of ARP table usage
Updating and removing entries from the ARP cache
ARP spoofing and ARP poisoning
Construction and theory of a MITM attack
Other Man-in-the-Middle (MITM) attacks: SSL stripping, Credit Card Skimming, IP spoofing, DNS hijacking
The arpspoof and mitmproxy tools
Practical examples of ARP spoofing and MITM attacks on a Docker network
Detection methods for ARP spoofing-based attacks and risk mitigation
Lesson 5 --- Vehicle Security
Introduction to vehicle security
Difference between switched networks and bus networks
The CAN bus protocol
Priority-based mechanism of the CAN bus system
Setting up the ICSim cluster simulator
Setting up a virtual CAN bus interface
Testing the ICSim simulator
The canutils package
Practical CAN bus packet sniffing
CAN bus fuzzing
Dumping CAN traffic
Replay attacks on CAN bus
Reverse engineering CAN traffic to control unknown vehicle components
Introduction to packet injection attacks
Lesson 6 --- Industrial Control System Security
Security of industrial control systems
Challenges and requirements of OT systems
The Modbus protocol
Shodan.io and how it can be used to identify industrial systems
Exercises with the Censys.com framework
Finding exposed systems on Google using dorks and an introduction to Google dorks
Real-world examples of attacks on industrial control systems
Exercise on understanding a data capture in an OT network using Wireshark
Definition of an industrial control system and its OT network
Common protocols in industrial control systems
Security in industrial control systems
Introduction to OpenPLC for creating software-based PLCs and HMI interfaces
Basic concepts of registers
Installation and configuration of OpenPLC (Docker)
Programming in Ladder Logic and Structured Text
Overview of a real control system, including PLCs, actuators, and sensors
Setting up a basic physical system
Lesson 7 --- Honeypots for Industrial Systems
Introduction to the concept of honeypots
Application of honeypots in ICS environments
Different types of honeypots (High and Low interaction)
Introduction to HoneyICS
Setting up HoneyICS
Testing attacks on the honeypot
Presentation of projects for exams and theses

Bibliography

Didactic methods

Oral exam including discussion of a network security project.

Learning assessment procedures

Examination consists of:
- an oral examination on the topics dealt with during frontal lessons;
- a project on subject related to the lab.

Evaluation criteria

The evaluation will aim at determining the degree of knowledge and the ability to propose solutions in the context of network security

Criteria for the composition of the final grade

The final vote comes from the average of the evaluations obtained in the oral test and in the discussion of the project.

Exam language

Italiano