Description:

The students will gain theoretical and practical knowledge and experience in the area of current security threats in computer networks, specifically about detection and defense. The course explains basic pricipals of security monitoring, packet-based and flow-based analysis, in order to detect anomalies and suspicious network traffic. The course focuses on explanation and practical examples of various mechanisms of securing network infrastructure and detection in real time. The course covers general principals of handling detected security events (i.e. incident handling and incident response).

Contents:

1. Introduction, Selected Network Protocols and Their Security Weaknesses
2. Network attacks 1 (Introduction)
3. Network attacks 2 ((D)DoS, Scanning, Brute-Force)
4. Network attacks 3 (Covert Channels, MitM, Poisoning, L7 threats)
5. Remote Access
6. Active Defense, Cyber Deception
7. Data mining
8. Statistical methodology for anomaly detection
9. Intrusion Detection Systems
10. Incident response
11. Penetration testing
12. Reserved (Social Engineering)

Seminar contents:

1. ARP Man-in-the-Middle (MitM) and Scapy
2. (Distributed) Denial of Service
3. Packet-Based Network Analysis
4. Flow-Based Network Analysis
5. Network Scanning and Vulnerability testing

Recommended literature:

1. Stallings, W. : Cryptography and Network Security: Principles and Practice (7th Edition). Pearson, 2016. ISBN 978-0134444284.
2. Stallings, W. : Cryptography and Network Security: Principles and Practice (5th Edition). Prentice Hall, 2010. ISBN 0-13-869017-0.
3. Anderson, R. : Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, 2008. ISBN 0470068523.
4. Mitnick, K. D. - Simon, W. L. - Wozniak, K. W. : The Art of Deception: Controlling the Human Element of Security. Wiley, 2003. ISBN 076454280X.
5. Kaufman, Ch. - Perlman, R. - Speciner, M. : Network Security, Private Communication in a Public World (2nd Edition). Prentice Hall, 2002. ISBN 0130460192.

Keywords:

computer network, security, anomaly detection, packet-based analysis, flow-based analysis, security incident handling

Abbreviations used:

Semester:

• W ... winter semester (usually October - February)
• S ... spring semester (usually March - June)
• W,S ... both semesters

Mode of completion of the course:

• A ... Assessment (no grade is given to this course but credits are awarded. You will receive only P (Passed) of F (Failed) and number of credits)
• GA ... Graded Assessment (a grade is awarded for this course)
• EX ... Examination (a grade is awarded for this course)
• A, EX ... Examination (the award of Assessment is a precondition for taking the Examination in the given subject, a grade is awarded for this course)

Weekly load (hours per week):

• P ... lecture
• C ... seminar
• L ... laboratory
• R ... proseminar
• S ... seminar