NETWORK SECURITY

The course explores the security aspects of the most used network protocols, with attention to the link, network and transport layers of the ISO/OSI stack.
These topics are essential for a career in the ICT sector, because networks are pervasive tools that impact any application, in terms of performance, security and data privacy.
It is therefore essential to possess knowledge and skills in this sector both for those who want to pursue a career in security analysis and for those who will work at higher levels of the protocol stack, but must still be aware of the problems that lower levels introduce.
The vulnerabilities that the protocols possess, and any countermeasures will be analysed. The course takes place with a hands-on approach, trying to reproduce known vulnerabilities in virtualized environments.
In the context of the specific educational objectives of the Degree Course, the course aims to provide the ability to apply knowledge and understanding to the safety requirements (functional and non-functional) of interconnected systems.

At the end of the course the student will be acknowledged on:
- known vulnerabilities in network protocols
- possible countermeasures
- some key tools to implement security services on networks

He will also have acquired the necessary skills to:
- avoid configuration errors in the management of communication networks
- perform security tests to check for network-level vulnerabilities
- configure some basic security services
- implement security protocols avoiding the introduction of known vulnerabilities.

A basic knowledge of:
- programming (imperative programming in C or Python and scripting)
- computer networks: TCP/IP stack, ARP/DNS/IP/TCP protocol
- cryptography: hash functions, symmetric and public/private key encryption

The topics of the course will be the following ones (note, the program is not hardcoded, it can be changed based on the interests of the students and on the availability of new information):

Attacks:
- Layer II and III: ARP spoofing, IP packets sniffing and spoofing
- Layer IV: attacks to TCP, SYN Floods, TCP reset and session hijacking.
- DNS attacks: birthday attack.
- Attacks to the Internet Routing

Countermeasures:
- Firewalls: introduction to IPTables/Netfilter
- Virtual Private Networks
- The Tor protocol
- Setting up a Layer II authentication: EAP + RADIUS + 802.1X. The case of wireless authentication.

Bonus topics (if time allows):
- Network robustness metrics from graph theory

Compared to the Security course of the three-year degree, the course deals with completely separate topics, relating to the lowest layers of the protocol stack. Compared to the Computer Networks course of the three-year degree it presents themes that are addressed with more depth in the security aspects.

The course is based on material provided by the professor ant on the book:
Wenliang Du, Internet Security: A Hands-on Approach 3rd Edition (ISBN: 978-17330039-6-4)

The course can be passed in two ways:
- a written exam + an oral presentation by a single student of a scientific paper or technical document describing security techniques.
- a written exam + a project. The project will be carried out by the students and will be the subject of a presentation by the group of students.

The essay contains closed-ended questions and open-ended questions. The first ones will verify the student's knowledge about protocols and security mechanisms (5/30 of the grade), the open questions will pose broader problems and verify the student's ability to interpret complex network and interaction contexts between the various protocols involved in an exchange of information (10/30)
The remaining (15/30) can be passed with a group project that will evaluate the students' ability to put some of the acquired skills into practice, or a presentation of a technical and scientific article, which will evaluate the ability to interpret complex technical specifications, and elements of innovation.

Participation in laboratory lessons can guarantee bonus points (2 points) through the delivery of periodic reports.

oral

18: the student is able to answer specific questions on known vulnerabilities, and to analyze systems of limited complexity that involve the interaction of multiple network components. He/she was able to develop a proof of concept of the techniques illustrated in class or to present a technical article of low complexity.
19-25: the student is able to answer specific questions on known vulnerabilities, and to correctly analyze complex systems that involve the interaction of multiple network components. He/she was able to design a verification system for a complex system, to implement and study the performance of an attack, or to present a scientific technical article of medium methodological difficulty.
25-30L: the student is able to answer specific questions on known vulnerabilities, and to correctly analyze complex systems that involve the interaction of multiple network components, even with dependencies between levels. He was able to design an experiment that extends known vulnerabilities, studies unknown aspects, or implements an attack/defense system with hints of originality. Alternatively, he is able to present a technical scientific article of high methodological difficulty

Frontal lessons and lab lessons. The course has a strong hands-on component in which the students use virtualized environments to reproduce the vulnerabilities.