Some of today's most damaging attacks on computer systems involve exploitation of network infrastructure, either as the target of attack or as a vehicle to attack end systems. This course provides an in-depth study of network attack techniques and methods to defend against them.
Learning objective
- Students are familiar with fundamental network-security concepts. - Students can assess current threats that Internet services and networked devices face, and can evaluate appropriate countermeasures. - Students can identify and assess vulnerabilities in software systems and network protocols. - Students have an in-depth understanding of a range of important state-of-the-art security technologies. - Students can implement network-security protocols based on cryptographic libraries.
Content
The course will cover topics spanning four broad themes with a focus on the first two themes: (1) network defense mechanisms such as public-key infrastructures, TLS, VPNs, anonymous-communication systems, secure routing protocols, secure DNS systems, and network intrusion-detection systems; (2) network attacks such as hijacking, spoofing, denial-of-service (DoS), and distributed denial-of-service (DDoS) attacks; (3) analysis and inference topics such as traffic monitoring and network forensics; and (4) new technologies related to next-generation networks.
In addition, several guest lectures will provide in-depth insights into specific current real-world network-security topics.
Prerequisites / Notice
This lecture is intended for students with an interest in securing Internet communication services and network devices. Students are assumed to have knowledge in networking as taught in a communication networks lecture like 252-0064-00L or 227-0120-00L. Basic knowledge of information security or applied cryptography as taught in 252-0211-00L or 263-4660-00L is beneficial, but an overview of the most important cryptographic primitives will be provided at the beginning of the course. The course will involve several graded course projects. Students are expected to be familiar with a general-purpose or network programming language such as C/C++, Go, Python, or Rust.
Competencies
Subject-specific Competencies
Concepts and Theories
assessed
Techniques and Technologies
assessed
Method-specific Competencies
Analytical Competencies
assessed
Decision-making
assessed
Media and Digital Technologies
assessed
Problem-solving
assessed
Project Management
assessed
Social Competencies
Communication
fostered
Cooperation and Teamwork
fostered
Customer Orientation
fostered
Leadership and Responsibility
fostered
Self-presentation and Social Influence
fostered
Sensitivity to Diversity
fostered
Negotiation
fostered
Personal Competencies
Adaptability and Flexibility
fostered
Creative Thinking
assessed
Critical Thinking
assessed
Integrity and Work Ethics
fostered
Self-awareness and Self-reflection
fostered
Self-direction and Self-management
assessed
Performance assessment
Performance assessment information (valid until the course unit is held again)
The performance assessment is offered every session. Repetition possible without re-enrolling for the course unit.
Mode of examination
written 120 minutes
Additional information on mode of examination
75% of the grade is determined by the written exam, 25% of the grade is determined by several graded projects that need to be completed throughout the semester. The precise weight of each project will be announced at the beginning of the semester. Not handing in a project will result in a grade of 1 for that project.
Written aids
No auxiliary material or devices are permitted.
Digital exam
The exam takes place on devices provided by ETH Zurich.
This information can be updated until the beginning of the semester; information on the examination timetable is binding.