Internet Security (Wintersemester 2021/2022)

Lecturer: Dr. Feng Cheng (Internet-Technologien und -Systeme) , Daniel Köhler (Internet-Technologien und -Systeme) , Leonard Marschke (Internet-Technologien und -Systeme)

General Information

• Weekly Hours: 4
• Credits: 6
• Graded: yes
• Enrolment Deadline: 01.10.2021 - 22.10.2021
• Teaching Form: Lecture / Exercise
• Enrolment Type: Compulsory Elective Module
• Course Language: English
• Maximum number of participants: 30

Programs, Module Groups & Modules

Description

The lecture "Internet Security" shall be seen as a door-opener in the field of network and Internet security. You will learn and understand basic principles and approaches of cyber attack and defense.

This lecture does not teach you (students) about being a Hacker. Instead, it will teach you how to investigate and prevent possible vulnerabilities in (IT-) systems. You will further be enabled to determine which consequences a failure of a certain system has or which consequences a lack of thorough preparation may put upon a security system or an organization as a whole. In contrast to the last years Internet Security lecture, we will focus much more on practical parts and exercises. Both types of Internet Security are running in an alternate mode, so next year there will be the more theoretical oriented Internet Security lecture like done in the last year.

We are trying to give the lecture in an interesting and interactive manner. As it is only the second time the lecture runs in a similar to this format, we are highly appreciating any feedback or other suggestions! During the whole semester, we will be available to help you with the exercises as we are often in the exercise rooms to help you out.

As we plan this lecture in a highly interactive manner, we have a capacity limit of students we can serve with our resources. We will try our best to allow everyone to particiapte in this course. Therefore, if you would like to joint the lecture, we would like to invite you to our Telegram group. By joining this channel, we can get an approximation on how many students are interested and for how many students we have to organize capacity. Also, you will be able to get in contact with other interested students as well as with the tutors (us).

Topics Covered

• Motivation & Types of Cyber Attacks
• Enablers & Vulnerabilities - Human and Technical
• Malware - What's a Virus, Worm, Trojan...
• Software Security - Reverse Engineering
• Operating Systems and their Security Mechanisms
• Sandboxing and Virtualization
• "Think like Hackers"
  • Reconnaissance
  • Application Security
• Update Distribution - Risks & Challenges
• "Being the Blue Team"
  • Network Security
  • Intrusion Detection
  • Risk Analysis
• Cryptography
• Law, Ethics & Remarks

This lecture is a prerequisite for continuing your studies with Cops and Robbers in the next semester, which provides you with even more insights into cybersecurity topics in a team based manner.

Requirements

To be able to survive in the world of technical specifications, applications, protocols and requirements, a proper understanding of its fundamentals is needed. 

This understanding has been provided in the recommended Lecture Internet- und WWW-Technologien.

If you think you might have received the qualifications for participation in another way, feel free to reach out to us to discuss.

During the lecture you will need knowledge of several programming languages like Python, C and Assembly. Additionally, you will need to be able to configure networks and have a good understanding of the different layers of a typical network as well as related Linux tools.

As we are aware that not all students do have this knowledge already, we will provide a recap of the most important topics of the lecture Internet- und WWW-Technologien. Additionally, will introduce you to the languages Python, C and Assembly accordingly. Please expect that students not already familiar with those languages and tools will have a slightly higher workload in those first weeks.

In order to solve the practical exercises you will need a Linux (VM) running on your laptop. Some exercises also might be solvable by using a Mac, but we cannot guarantee that in all cases. Especially when using the new ARM based Macs, we cannot guarantee that all exercises will be solvable. We recommend using a Kali Linux or similar pentesting Linux distribution in a VM or bare metal.

If you have any concerns about these requirement, please contact us as early as possible. Then, we can take a look and adjust our plans accordingly.

Literature

• Meinel/Sack: Grundlagen der Digitalen Kommunikation
• Meinel/Sack: Internetworking - Technische Grundlagen und Anwendungen
• Tanenbaum: Computer Networks
• Stallings/Brown: Computer Security: Principles and Practice
• Cheswick/Bellovin/Rubin: Firewalls and internet security. Repelling the Wily Hacker
• Kaufman/Perlman/Speciner: Network Security: Private Communication in a Public World
• Egan/Mather: Executive Guide to Information Security: Threats, Challenges, and Solutions
• Stuttard/Pinto: The Web Application Hacker's Handbook - Discovering and Exploiting Security Flaws
• Koziol/Litchfield/Aitel/Anley/Eren/Mehta/Hassel: The Shellcoder's Handbook - Discovering and Exploiting Security Holes

In general, it is great if you are interested in the topic of cybersecurity. If you did not already attend, we recommend the events of the Cybersecurity Club at the HPI.

Learning

This lecture will consist of highly interactive sessions requiring student's participation. In those sessions, we will be providing you with understanding of theoretical backgrounds and the underlying technologies. The new knowledge shall then be applied in practical, hands-on sessions.

To achieve a high level of interactivity during our sessions, we will prefer a full in-person lecture at the HPI. If this is not possible due to regulations regarding Covid-19, we will do an online only lecture.

During the lecture, you will have to solve multiple practical exercises. If the lecture is done in-person, you will have to be at the HPI to solve those exercises. Specifically, we will designate one or two rooms at the main building of the HPI, where you will be able to solve the exercises. If we have to do an online format, you will be provided with a VPN access.

Typically, we will have one lecture per week. Additionally, there will be an exercise session where we will present new tasks, discuss about past tasks or students present their findings.

Examination

The evaluation of this lecture is most probably split into two different parts:

• Theoretical Exam (about 40%)
• Practical Exam (about 60%)

By those means of evaluation we want to identify that the student understands the theoretical background and is able to apply practical skills in real world scenarios.

 

To obtain examination admission, you need to fulfil the following requirements: 50% of points in every group of two consecutive assignments and attend at least 75% of all lecture sessions.

The Theoretical Exam will be a 90 minutes long written exam (either in person or online), which tests the theoretical understanding. It will be worth about 40% of the final mark.

The Practical Exam is a day long (exact time span to be defined) exam where you will be provided with a real world scenario. In this scenario, students can show their practical skills learned in the exercises. It will be worth about 60% of the final mark.

Both Theoretical and Practical Exam will be at the end of the semester but not on the same day.

Dates

• Important: The first lecture (27th October) will be in HS2!
• Lecture/Exercise:
  • Group Red: every week on Wednesday at 9:15 a.m. (H.2-57/58) and Friday 1:30 p.m (Computer graphics pool: H.E-11/12/13).
  • Group Orange: every week on Wednesday at 3:15 p.m. (H.2-57/58) and Friday 8:45 a.m (Computer graphics pool: H.E-11/12/13).
• The exams:
  • Theoretical exam (written): 9 a.m., on 23.02.2022 (HS 1/2/3)
  • Practical exam (hands-on): 11.03.2022 (time slot / place: tbd)
• Every week we will have specific timeslots where tutors will be available to help with the practical exercises (H.E-11/12/13)
  • Monday 3:15p.m. - 4:45p.m.
  • Monday 5:00p.m. - 6:30p.m.
  • Tuesday 1:30p.m. - 3:00p.m.
  • Wednesday 11:00a.m. - 12:30a.m.
  • Thursday 11:00a.m. - 12:30a.m.
  • Thursday 1:30p.m. - 3:00p.m.

Zurück