|
184.216 Internet Security
Vorlesung mit Uebung (2.0)
Lecturers
Tutors
News
- 14.10.2005 The exam on the 18th of October will take place in FH HS 1.
- 20.07.2005 There is an exam scheduled for the 18th of
October. You need to register between 04.10.2005 and 14.10.2005 via TUWIS. The exact
exam location will be announced on the web site (here) and posted on TUWIS
after the registration period ends.
- 19.07.2005 The exam results for the exam on the 28th of
June have been released.
- 18.07.2005 The exam results will be announced here this
week.
- 02.07.2005 InetSec has ended. Respects to everyone who
took part and invested time. Have nice summer holidays!
- 27.06.2005 The exam will take place in two lecture rooms
tomorrow: FH HS 6 and Informatik HS (TREITL). Please make sure that you go to the correct lecture room. These students are in Inf HS. These students are in FS HS 6.
- 21.06.2005 Detailed information about the exam (and
further exams in the next semester) has been posted as news in TUWIS. Please login to TUWIS and make sure that you read it.
- 09.06.2005 Challenge 6 is online.
- 02.06.2005 Challenge 5 is online.
- 30.05.2005 Because of the unexpected maintenance of
the servers during the weekend, Challenge 5 will be announced on Thursday
(instead of Tuesday as originally announced).
- 30.05.2005 The lab servers are online again. Please let us
know if you experience any difficulties.
- 27.05.2005 The lab servers will be offline during the week
end (until Monday morning) because of maintenance reasons. Because of this,
the deadline of Challenge 4 has been extended for 2 days.
- 25.05.2005 Joe Pichlmayr, The CEO of Ikarus Software (the only Austrian anti-virus company) will give an invited talk about viruses in the lecture on 21.06.2005.
- 21.05.2005 The exam date is 28.06.2005,
14:00-16:00, Inf HS (or FH 6, depending on the
number of registrations). You need to
register for the exam. Registration will be possible after the 15th of June in
TUWIS.
- 19.05.2005 Challenge 5 will be announced after the lecture
on 31.05.
- 16.05.2005 The lab machines bandit and
gangsta were briefly halted due to a "denial of service" kind of
submission "attack". Please remember that our lab resources are limited and don't
use the grading slaves as a debugger. That's lame. You can't solve a challenge
by "brute force".
- 10.05.2005 Challenge 4 is online.
- 06.05.2005 Challenge 4 will be announced after the lecture
on 10.05.
- 26.04.2005 Challenge 3 is online.
- 22.04.2005 Challenge 3 will be announced after the lecture
on 26.04.
- 19.04.2005 Challenge 2 is online.
- 19.04.2005 Registration ends today after the lecture.
- 17.04.2005 Challenge 2 will be announced after the lecture
on 19.04.
- 11.04.2005 Current ratings are online.
- 06.04.2005 Challenge 1 is online.
- 05.04.2005 The InetSec registration has started. You can
register using this link. Registration
ends on 19th of April.
- 05.04.2005 The InetSec Lab will start on the 6th
of April.
- 15.03.2005 There were some requests so the slides
will be made available on this web site one day before the lecture (best
effort :-)) -- You should in any case see them here before the lecture.
- 01.03.2005 The lecture will begin on the 8th of March (Vorbesprechung). Information about the registration for the lab will be announced in the first lecture.
- 14.02.2005 The lecture times and the details of the course will be announced at the beginning of the semester (1st of March) on this web site.
Abstract
Internet security has become part of everyday life where
security problems impact practical aspects of our
lives. Even though there is a considerable corpus of knowledge about
tools and techniques to protect networks, information about what are
the
actual vulnerabilities and how they are exploited is not generally
available. This situation hampers the effectiveness of security
research and practice. Understanding the details of network attacks is
a prerequisite for the design and implementation of secure systems.
This course presents the principal protocols and applications
that are used in the Internet today, discussing in detail the related
vulnerabilities and how they are exploited. For each vulnerability,
possible protection and detection techniques are examined. The course
includes a number of practical lab assignments where participants are
required to
apply their knowledge as well as a discussion of the
current research in the field. Students will learn how the security of
networks can be violated and how such attacks can be detected and
prevented.
The course aims to make the students "security aware" and gain a basic
understanding about security issues. For students who are
interested in advanced security topics and practical assignments, we offer the
Internet Security 2 class in the winter semester.
Topics
- TCP/IP security (spoofing, hijacking, sequence number
guessing, denial-of-service attacks)
- Web security (SQL injection, parameter injection,
parameter tampering, etc.)
- Network discovery/vulnerability scanning: techniques and
tools (portscans, ping sweeps)
- Distributed systems security
- Firewalls and traffic filtering
- Intrusion Detection Systems
- Buffer Overflows
- Operational Practices
- Architectural Principles and Testing
Prerequisites
- basic operating system knowledge (Linux/Unix, Windows)
- interest for technical security issues
- good programming knowledge (e.g., Java, Web scripting, HTML advantageous)
- basic database knowledge (SQL)
- basic network knowledge (TCP/IP, VO and UE Computer Networks is recommended, VO and UE
Verteilte Systeme is a must!)
Location
FH HS 6
Dates and Times
Tuesdays, 14:00-15:00
Slides
Here are the slides of the lecture for download.
(You might find this document useful for understanding the TCP/IP part of the lecture.)
If you want to print more
than one slide on a page, use the printer settings. Under Linux, you can start
kghostview, for example, and click on the print properties. Then you can choose multiple "pages per sheet". Under Windows, there is a similar choice.
21.06.2005 Viruses and Worms, Invited Talk by Joe Pichlmayr, Ikarus
Software (download slides)
14.06.2005 Operational Practices (download slides)
07.06.2005 Buffer Overflows (download slides)
31.05.2005 Testing (download slides)
24.05.2005 Cyptography/Cryptanalysis (download slides)
10.05.2005 Design and Architectural Principles (download slides)
03.05.2005 Internet Application Security (download slides)
26.04.2005 Web Security Part 2 (download slides)
19.04.2005 Web Security Part 1 (download slides)
12.04.2005 TCP/IP Attacks Part 2 (download slides)
05.04.2005 TCP/IP Attacks Part 1 (download slides)
15.03.2005 Security and Networking Basics (download slides)
08.03.2005 Introduction (Vorbesprechung) (download slides)
Practical Challenges (Assignments)
This year, the students will "need" to solve a set of practical challenges
(assignments) in the lab part of the course. The practical part of the course aims to prepare the students for more
advanced topics and programming done in the Internet Security 2 course.
For more information on the challenges and the grading, check this page.
Examination
Written exam (English). About 15 questions, 60 minutes time, no course material allowed.
Here are the results for the exam on 28.06.2005.
There is an exam scheduled for the 18th of October.
You need to register between 04.10.2005 and 14.10.2005 via TUWIS. The exact
exam location will be announced on the web site (here) and posted on TUWIS
after the registration period ends.
If you do not do the exam until WS 2006, the challenge points you gained become
invalid. There will be at least one written exam during the winter semester.
In urgent cases, the exam can also be done orally. You need to contact us.
Further Reading
You might find these documents helpful for further reading and understanding of the
course contents:
TCP/IP Introduction
Registration
Registration is over.
Last Modified: Fri Oct 14 06:11:40 CEST 2005
|
|
|