Internet Security

Vorlesung mit Uebung (3.0 ECTS) - 188.366

News, Dates & Slides

Abstract

Internet security has become part of everyday life where security problems impact practical aspects of our lives. Even though there is a considerable corpus of knowledge about tools and techniques to protect networks, information about what are the actual vulnerabilities and how they are exploited is not generally available. This situation hampers the effectiveness of security research and practice. Understanding the details of network attacks is a prerequisite for the design and implementation of secure systems.

This course presents the principal protocols and applications that are used in the Internet today, discussing in detail the related vulnerabilities and how they are exploited. For each vulnerability, possible protection and detection techniques are examined. The course includes a number of practical lab assignments where participants are required to apply their knowledge as well as a discussion of the current research in the field. Students will learn how the security of networks can be violated and how such attacks can be detected and prevented.

The course aims to make the students "security aware" and gain a basic understanding about security issues. For students who are interested in advanced security topics and practical assignments, we offer the Advanced Internet Security class in the winter term.

This lecture is held as a cooperation between the Secure Systems Lab at the Automation Systems Group (183/1) and the Information and Software Engineering Group (188/1)

Topics

  • TCP/IP security (spoofing, hijacking, sequence number guessing, denial-of-service attacks)
  • Web security (SQL injection, parameter injection, parameter tampering, etc.)
  • Network discovery/vulnerability scanning: techniques and tools (portscans, ping sweeps)
  • Distributed systems security
  • Firewalls and traffic filtering
  • Intrusion Detection Systems
  • Buffer Overflows
  • Operational Practices
  • Architectural Principles and Testing

Prerequisites

  • basic operating system knowledge (Linux/Unix, Windows)
  • interest for technical security issues
  • good programming knowledge (e.g., Java, Web scripting, HTML advantageous)
  • basic database knowledge (SQL)
  • basic network knowledge (TCP/IP, etc)

Modus & Grading

6 challenges (assignments)

We will announce a challenge every couple of weeks that will be open for 13 days for you to solve.
These challenges shall give you some basic hands-on experience in penetration testing and security analysis of software and applications.
We have planned 6 challenges that deal with the lecture's topics and are directly related to the concepts discussed in the lecture part of the course.
The challenges are not necessarily difficult, but may require you to do some research on the Internet and read some documentation. Of course, you also need some patience.

By the way, we are aware that the InetSec environment is not highly secure. It's a time issue ;-) So we trust you that you will not try to break or hack the system. That is not a challenge. Remember that you are the good guy/gal.
We will not tolerate any attacks against our infrastructure.

Examination

At the end of the semester. Registration via TISS.
75 minutes time, no course material allowed.

Grading

The grade you get is best described with the following "python" code:

examPT = your_latest_exam_score_percent*100
challPT = min(num_of_challenges_you_solved*20, 110)
gradePT = (challPT+examPT)/2

if examPT <= 50 or challPT <= 50 or gradePT <= 50:
  return "5"
elif gradePT <= 63:
  return "4"
elif gradePT <= 75:
  return "3"
elif gradePT <= 88:
  return "2"
else:
  return "1"

Staff & Contact

Lecturers

Tutor

Jan Vales

Contact us

If you have questions regarding the lab challenges, please use the TISS Forum to exchange yourself with other students.
Our tutor is reading it on a daily basis and usually quick to answer with help. Please refrain from posting (partial) solutions, as you will spoil the fun for others.
If you think, you need help beyond that, send a mail to inetsec@seclab.tuwien.ac.at

Curricula

  • 033 526 Business Informatics
  • 033 532 Media informatics and Visual Computing
  • 033 533 Medical Informatics
  • 033 534 Software & Information Engineering
  • 066 933 Information & Knowledge Management

Internships & Theses

If you are motivated and looking for a bachelor's or master's thesis, visited our courses and are otherwise also very interested in various security topics, visit the internship and theses pages of Seclab and SBA Research: