NETWORK SECURITY + LABORATORY (UNIT 1)
LEARNING OUTCOMES OF THE COURSE UNIT
The objective of this course is the study of the main security mechanisms and protocols used for securing communications and for protecting computer networks, to provide basic knowledge of applied cryptograhpy, and to study in depth the main algorithms and protocols for authentication, communication security and network protection.
Familiarity with TCP/IP stack and networking.
COURSE CONTENTS SUMMARY
Cryptography basics and algorithms, authentication mechanisms and digital signature;
Protocols for secure communications;
Main network threats, vulnerabilities, and countermeasures;
Systems for network protections.
 L. Veltri, "Network Security", slides of the course, http://www.tlc.unipr.it/veltri
 W. Stallings, "Cryptography and Network Security: Principles and Practice", Prentice Hall
ASSESSMENT METHODS AND CRITERIA
Two written examinations, at the middle and the end of the course, that complete the exam. Alternatively the exam can be succeeded during regular scheduled examinations. In both cases, the exam is written and composed of multiple choice questions, open answer questions, and some exercises.
Class lessons and exercises. Laboratoy acitvities.
1) Basics of cryptography and authentication mechanisms
Basics of symmetric (classic) cryptography and examples of algorithms (DES, 3DES, AES)
Basics of asymmetric cryptography and examples of algorithms(RSA, Diffie-Hellman, DSA); advantages and disadvantages
Hash and MAC functions (MD5, SHA, HMAC)
Authentication algorithms, based on both symmetric and asymmetric cryptography
Key exchange, agreement, distribution
Digital signature, digital certificates, certification authority, Public Key Infrastructure, standard X.509, PGP (Pretty Good Privacy)
2) Security protocols
Protocols for authentication and key exchange (Kerberos, AAA, RADIUS)
Protocols for secure communications at IP layer (IPSec/AH/ESP), and virtual private networks (VPNs)
Protocols for secure communications at transport (SSL/TLS) and application layer
3) Network vulnerabilities and countermeasures
Vulnerabilities of TCP/IP protocols, attacks and countermeasures (sniffing, network and port scanning, spoofing, flooding, buffer overflow, etc.)
Firewall (packet filtering, ALG, NAT, DMZ), examples of network configurations
Protocols for FW and NAT traversal (STUN e TURN)
Intrusion Detection System (IDS)