Internet security has become part of everyday life where security problems impact practical aspects of our lives. Even though there is a considerable corpus of knowledge about tools and techniques to protect networks, information about what are the actual vulnerabilities and how they are exploited is not generally available. This situation hampers the effectiveness of security research and practice. Understanding the details of network attacks is a prerequisite for the design and implementation of secure systems. This course presents the principal protocols and applications that are used in the Internet today, discussing in detail the related vulnerabilities and how they are exploited. For each vulnerability, possible protection and detection techniques are examined. The course includes a number of practical lab assignments where participants are required to apply their knowledge as well as a discussion of the current research in the field. Students will learn how the security of networks can be violated and how such attacks can be detected and prevented.

The course aims to make the students "security aware" and gain a basic understanding about security issues. For students who are interested in advanced security topics and practical assignments, we offer the Advanced Internet Security class in the winter semester.

Topics
* TCP/IP security (spoofing, hijacking, sequence number guessing, denial-of-service attacks)
* Web security (SQL injection, parameter injection, parameter tampering, etc.)
* Network discovery/vulnerability scanning: techniques and tools (portscans, ping sweeps)
* Cryptography 
* Memory Corruption / Buffer Overflows
* Operational Practices
* Radio Security

Prerequisites
* basic operating system knowledge (Linux/Unix, Windows)
* interest for technical security issues
* good programming knowledge (e.g., Java, Web scripting, HTML advantageous)
* basic database knowledge (SQL)
* basic network knowledge (TCP/IP)

The lecture is held in English. The most up to date information about the lecture (e.g., lecture times, registration) is on the course home page.

 ECTS Breakdown (3 ECTS = 75 hours):

• Lectures (18h)
• Self-studies & Learning for Exams (20h)
• 6 Assignments (35h)
• Exam (2h)

The final grades are calculated with 2/3 from 6 mandatory Challenges
the Student needs to solve during the Semester, plus 1/3 from a written
exam at the end of the Semester. To be able to get a positive grade, at least 50% of the challenges  have to be solved. 

TISS registrations will be imported to the Challenge environment automatically. Please double check your registered Email account. It will be used for correspondence once the Challenges have started.

• basic operating system knowledge (Linux/Unix, Windows)
• interest for technical security issues
• good programming knowledge (e.g., Java, Web scripting, HTML advantageous)
• basic database knowledge (SQL)
• basic network knowledge (TCP/IP)