Internet security has become part of everyday life where security problems impact practical aspects of our lives. Even though there is a considerable corpus of knowledge about tools and techniques to protect networks, information about what are the actual vulnerabilities and how they are exploited is not generally available. This situation hampers the effectiveness of security research and practice. Understanding the details of network attacks is a prerequisite for the design and implementation of secure systems. This course presents the principal protocols and applications that are used in the Internet today, discussing in detail the related vulnerabilities and how they are exploited. For each vulnerability, possible protection and detection techniques are examined. The course includes a number of practical lab assignments where participants are required to apply their knowledge as well as a discussion of the current research in the field. Students will learn how the security of networks can be violated and how such attacks can be detected and prevented.

The course aims to make the students "security aware" and gain a basic understanding about security issues. For students who are interested in advanced security topics and practical assignments, we offer the Advanced Internet Security class in the winter semester.

Topics
* TCP/IP security (spoofing, hijacking, sequence number guessing, denial-of-service attacks)
* Web security (SQL injection, parameter injection, parameter tampering, etc.)
* Network discovery/vulnerability scanning: techniques and tools (portscans, ping sweeps)
* Distributed systems security
* Firewalls and traffic filtering
* Intrusion Detection Systems
* Buffer Overflows
* Operational Practices
* Architectural Principles and Testing

Prerequisites
* basic operating system knowledge (Linux/Unix, Windows)
* interest for technical security issues
* good programming knowledge (e.g., Java, Web scripting, HTML advantageous)
* basic database knowledge (SQL)
* basic network knowledge (TCP/IP, VO and UE Computer Networks, VO and UE Verteilte Systeme is recommended)

The lecture is held in English. The most up to date information about the lecture (e.g., lecture times, registration) is on the course home page.

 ECTS Breakdown (3 ECTS = 75 hours):

• Lectures (18h)
• Self-studies & Learning for Exams (20h)
• up to 6 Assignments (35h)
• Exam (2h)

The final grades are calculated with half from 5 mandatory Challenges
the Student needs to solve during the Semester, plus half from a written
exam at the end of the Semester. Both need to be solved with at least 50% score.
There is one optional Challenge to additionally get points for a better
grade.

TISS registrations will be imported to the Challenge environment automatically. Please double check your registered Email account. It will be used for correspondence once the Challenges have started.

• basic operating system knowledge (Linux/Unix, Windows)
• interest for technical security issues
• good programming knowledge (e.g., Java, Web scripting, HTML advantageous)
• basic database knowledge (SQL)
• basic network knowledge (TCP/IP, VO and UE Computer Networks is recommended, VO and UE Verteilte Systeme is a must!)