Hasso-Plattner-Institut25 Jahre HPI
Hasso-Plattner-Institut25 Jahre HPI
 

Netzwerksicherheit (Sommersemester 2021)

Dozent: Prof. Dr. Christian Dörr (Cyber Security - Enterprise Security)

Allgemeine Information

  • Semesterwochenstunden: 4
  • ECTS: 6
  • Benotet: Ja
  • Einschreibefrist: 18.03.2021 - 09.04.2021
  • Lehrform: Lectures and Exercises
  • Belegungsart: Pflichtmodul
  • Lehrsprache: Deutsch

Studiengänge, Modulgruppen & Module

Cybersecurity MA
IT-Systems Engineering MA
  • IT-Systems Engineering
    • HPI-ITSE-K Konstruktion
  • IT-Systems Engineering
    • HPI-ITSE-M Maintenance
  • ISAE: Internet, Security & Algorithm Engineering
    • HPI-ISAE-T Techniken und Werkzeuge
  • ISAE: Internet, Security & Algorithm Engineering
    • HPI-ISAE-K Konzepte und Methoden
  • ISAE: Internet, Security & Algorithm Engineering
    • HPI-ISAE-S Spezialisierung
  • OSIS: Operating Systems & Information Systems Technology
    • HPI-OSIS-T Techniken und Werkzeuge
  • OSIS: Operating Systems & Information Systems Technology
    • HPI-OSIS-K Konzepte und Methoden
  • OSIS: Operating Systems & Information Systems Technology
    • HPI-OSIS-S Spezialisierung
Data Engineering MA

Beschreibung

Today, every aspect of our lives is influenced by computers. As IT systems are pervasively interconnected, proper network security becomes a critical component of IT security.

In this course, you learn the principles of network and communication security, covering secure network design across the entire OSI stack. The lecture will cover security considerations, vulnerabilities and applicable countermeasures starting from securing the flow of bits and physical system hardware up to the detection and control of threats at the application layer.

You will learn the concepts and fundamental reasoning behind today’s security designs, review common threats to today’s networks, and understand specific detection and mitigation techniques. Discussion in the course will not only cover the way things currently are, but following the conversation classroom and constructivist paradigm collaboratively also investigate the reasoning behind existing design decisions as well as exploring the pros and cons of alternative designs, enabling students for a deeper critique of security practices and current and future network designs.

 

Covered topics:

Physical Layer Security
Protection strategies for cables, wireless links and physical installations; Secure (network) device lifecycle management; physical asset control and datacenter security

Link Layer Security
ARP protocol and ARP vulnerabilities; switch design and switch protocols; port security; VLANs; The 802.11 protocol suite from a security perspective (WEP, WPA, WPA2, WPA3, WPS); 802.1X port-based network access control, 802.1AE MAC security; cellular networks

Network Layer
Network design practices; network reconnaissance; IP protocol vulnerabilities such as address spoofing and associated network attacks; security of DNS system, detection of DNS attacks and protection techniques; virtual private networks; covert tunnels; firewall and packet filters; inter-domain routing security

Transport Layer
TCP protocol weaknesses. SSL/TLS; selected SSL/TLS protocol attacks (i.a., heartbleed, drown, poodle); certificate transparency

Application and Web Security
Intrusion detection and prevention systems; honeypots; DDoS mitigation; SSH; security of e-mail, VoIP, telephony, and messenger security protocols.

Metadata security
Traffic analysis; Mix networks and onion routing

Voraussetzungen

To successfully participate in this course, you need a basic knowledge of cryptography. The course will assume and build upon your knowledge of cryptographic primitives, basic cryptographic protocols, block and stream ciphers, block cipher modes of operation, padding and oracles. If you have not taken the cryptography course before, you can get some background reading to lay these foundations.

Lern- und Lehrformen

Lecture and Practical Exercises. (The exercises will be scheduled towards the end of the semester once on-campus education commences again.)
Moodle for the course: https://hpi.de/friedrich/moodle/course/view.php?id=153

Leistungserfassung

Written exam at end of course; successful completion of exercises to be admitted to exam.

Zurück