PRACTICAL NETWORK DEFENSE 2023-24

Overview

The course explains the fundamentals of the methods and tools for protecting computer networks. Particular attention is paid to the practical application of the concepts learned: commonly-seen threats arising from the use of particular protocols in networked computer systems, mechanisms commonly used by intruders and designers of malware to compromise a computer system's security, the fundamental mechanisms used for the detection of intrusion attempts in computer systems.

At the end of the course, students will be able to monitor network traffic, apply a security policy, perform a network scan, and search for vulnerabilities in a computer network. Students will develop the ability to select the appropriate firewall rules to protect a network, select the most appropriate mechanisms to protect a networked computer system and make the most appropriate design choices to implement a "defense in depth" strategy using isolated networks and dedicated tools (VPN, proxy and firewall).

Students will develop the analytical skills necessary to evaluate different alternatives during the design process of a computer network, with particular reference to the evaluation of the architectural choices and related risks and to the security objectives that the system wants to pursue.

Students will learn how to document their choices, also through the use of automated reporting tools. They will also have acquired the ability to prepare presentations related to specific scientific topics.

The concepts acquired during the course will provide students with a solid knowledge base to deepen the technical aspects further, explore the alternatives not dealt with for time reasons, and autonomously keep themselves informed on the continuous developments and updates of network security and protection.

We will alternate theory with practice, touching with hands the more known and spread tools related to the defense of networks. For this reason, this will be an "experimental" class: don't be too angry if something goes wrong during our lab sessions... Mistakes make you wiser!

Arguments (tentative)

• Network hardening: This topic covers ways to help the network defend itself from unauthorized access.

• Defense in depth: This topic introduces the idea that defenses must be layered.

• Implementing IDS/IPS: This topic covers intrusion detection and prevention services. These services audit the network traffic.

• Implementing firewalls and virtual private networks (VPNs): This topic covers installing and using firewalls and virtual private networks.

• Honeypots and honeynets: This topic introduces the idea of providing intentionally vulnerable networks and devices in isolated networks so that they can be watched and analyzed as they are attacked.

• Network monitoring: This topic covers the tools and techniques for monitoring network devices and their associated logs.

• Network traffic analysis: This topic covers the tools and techniques for capturing and analyzing the packets flowing through the network.

• Minimizing exposure (attack surface and vectors): This topic covers the tools and techniques for finding and mitigating vulnerabilities by looking at potential weaknesses.

• Network access control (internal and external): This topic covers tools and techniques for limiting the flow of packets based on rules based on packet content.

• Perimeter networks (demilitarized zones or DMZs) / Proxy Servers: This topic covers tools and techniques for implementing Defense in Depth using isolated networks and special servers.

• Network policy development and enforcement: This topic covers the creation of policies that provide guidance and requirements for the services provided by the network, along with the measures to be used to see that the policies are followed.

• Network operational procedures: This topic discusses creating procedures to operate the network.

• Network attacks (e.g., session hijacking, man-in-the-middle): This topic covers the tools and techniques used to test the network by actually attempting to exploit vulnerabilities.

Activities

• We will use the Katharà virtual network simulator during the lectures: https://www.kathara.org/. The students can find a ready-made virtual machine to be imported into a VM manager in our classroom section.

• The students will do most of the activities and assignments in a virtual infrastructure, where they can practice with the most common open-source tools for protecting the networks. We will use Opnsense firewalls, Kali virtual machines, a Graylog log manager, and a Greenbone vulnerability assessment platform, among others.

Class Schedule: First year, second semester.

We are starting lectures on 29/02/2024. The lectures will be on

• lab 15 at Tiburtina labs, Via Tiburtina, 205 (see map) on Thursday

• aula 3 in Viale del Castro Laurenziano, 7 (see map) on Friday

Exam RULES

1. All the rules are applied both to full-time and part-time students.

2. Four (4) mandatory assignments + full written exam + on-demand oral exam for students with a written exam >= 27

Assignment rules

1. Assignments are group activities in which techniques and tools are applied during class.

2. Assignments do not have a hand-in date but must be handed in before taking the written exam.

3. Assignments are evaluated as A, B, or C and provide an increment to the final grade of the written exam (up to +3 points).

Written exam rules

1. A written exam is valid for one year and supersedes any other written exam done previously.

Classroom

We will use Google Classroom for announcements, discussions, and material sharing. The enrollment code will be published during the first lectures and available on request later.