18-731   Network Security

Course description

• Infrastructure topics such as firewalls, network intrusion detection, secure routing protocols, and recent advances such as software-defined networking
• Network attacks such as denial of service (DoS) and distributed denial-of-service (DDoS) attacks, worm, and virus propagation
• Analysis and inference topics such as network forensics and attack economics
• User-related topics such as authentication, anonymity, and censorship resilience
• New technologies related to next-generation networks
• Cellular and wireless networks

Learning objectives

The goal of this course is to provide learners with an advanced understanding of network security from both theoretical and practical perspectives. By the end of this course, students will be able to:

• Explain common network attacks and identify the possible defense mechanisms for each attack
• Explain the concept of network intrusion systems (NIDS) and network intrusion prevention systems (NIPS)
• Explain concepts related to Firewalls and VPN, and common network protection mechanisms
• Configure both stateless and stateful ACL as well as DMZ firewalls on Cisco routers
• Explain the concept of applied cryptography including, symmetric cryptography and asymmetric cryptography, and cryptographic data integrity algorithms
• Outline the requirements and mechanisms for securing different layers of the network system. Identify the possible threats at each network layer and implement appropriate protection mechanisms
• Configure IPsec, SSL, and TLS on Cisco routers for real-time communication security
• Explain the requirements of network security management including testing, the policy as well as roles and responsibilities

Outcomes

Technical and intellectual skills in:

• Address issues associated with the security of the network
• Assess different network threats and vulnerabilities and describe suitable countermeasures
• Perform basic network and network application penetration testing
• Assessing protocol designs and implementations for threats and vulnerabilities

Content details

• Introduction to network security: What is network security, traditional information security vs. modern-day information security, components of network security, additional concepts in network security
• Overview of networking and security basics: Layering, packet vs. circuit switching, layer 2 basics, basics of routing protocols, approaches to security, cryptography basics
• Layer 2 security: Types of VLANs, the role of VLANs in a network, trunking, configuring VLANS on switches, Spanning Tree Protocol (STP), Spanning Tree Algorithm, BPDU in STP, STP 5-step decision sequence, BPDU attacks, spanning tree manipulation attacks, CAM table overflow attacks
• DHCP security: Introduction to DHCP, characteristics of DHCP, DHCP software elements, DHCP states and procedures, unauthorized port access and mitigation, DHCP spoofing attack, DHCP starvation attack, ARP spoofing attack, IP spoofing attack, VLAN hopping, SYN flood attacks, broadcast storm attacks, mitigations for the attacks covered
• Routing security: Autonomous systems and how BGP routing works, BGP route selection algorithm
• BGP attacks: Prefix theft, AS Path truncation, AS Path alteration, BGP session attacks, instability attacks, TCP-based attacks
• BGP attack mitigations: BGP authentication route filtering, BGP security requirements, secure BGP design overview, route attestations, residual vulnerabilities is S-BGP, current trends – BGP Sec, mutually agreed norms for routing security, examples of routing incidents
• IP security: Requirements of security protocols, why IP security is needed, applications of IP security, benefits of IPSec, IPSec protocols – AH and ESP, IPSec tunnel mode vs. transport mode, how IPSec works – phase 1 and 2, the configuration of IPSec in Packet Tracer
• SSL/TLS: How SSL-TLS works, symmetric and asymmetric cryptography, SSL attacks – bit flipping attacks and mitigations, secret key exchange (Diffie-Hellmann Key exchange), key derivation function, public key sharing, digital, certificates, and signatures
• Software Defined Networking (SDN): Problems addressed by SDN, SDN components – data plane, control plane, OpenFlow Operation, SDN security – threat vectors
• Active sensors: Firewalls, intrusion detection systems, Bro IDS, Snort IDS, algorithmic complexity attacks, NIDS: evasion and normalization, Small TTL attacks, fragmentation overlap attacks, Snort configuration
• DoS and DDoS: Examples of DoS attacks – SYN flood and solutions, Shrew attack, Fallacies with DDoS attacks, why DDoS is hard to tackle, the evolution of DDoS attacks, examples of DDoS attacks – Smurf attacks, Amplification attacks, Mitigations for DDoS attacks – Filtering, Pushback, Traceback
• DNS and DNSSEC: DNS vulnerabilities, DNS attacks: DNS cache poisoning, DNS IP Spoofing
• DNS attack mitigation: Defenses – Split-Split DNS, DNS Security Extensions, Secure DNS query and response, Chain of Trust, Signing a DNS Zone
• Anonymous communications: Mixes and proxies, Chaum Mix, Mixnets, Anonymizing proxy, Onion routing, Tor Network, how to identify and block content, censoring techniques, IP-based blocking, blocking DNS names, flow terminating proxies
• Censorship countermeasures: VPNGate system, Tor network, Telex, Steganography, limitations of countermeasures
• Malware analysis and detection: creating viruses and trojans, malware infection methods, Rootkits, how malware propagates, detection methods for antivirus, Checksum
• Sandbox analysis: Worms – Types, history, propagation, worm detection and defense, malware challenges
• Wireless Network Security: The need for cryptography over the air, WEP encryption, defeating WEP authentication, WPA, WPA 2, WEP vs WPA vs WPA2, GSM network structure, GSM security model, attacks on GSM
• Misc:
  • Side channel attacks
  • Network forensic
  • Next-gen networks
  • Economic impact of cyber attacks
  • Revision

Prerequisites

• Experience with C programming
• Basic Linux commands and operations
• Knowledge of TCP/IP networking

Faculty

Jema David Ndibwile