| Course Code | 263-4640-00L |
| Language | English |
| Instructors |
Prof. Dr. Adrian Perrig [AP] Dr. Thomas Dübendorfer [TD] (Email) Dr. Stefan Frei [SF] |
| Teaching Assistants |
Daniele Asoni [DA] Sam Hitz [SH] Steve Matsumoto [SM] |
| Lectures | Tuesday 10:15-11:55, ETF C1 |
| Guest Talks and Exercise Sessions | Tuesday 9:15-10:00, ETF C1 |
| Lab | Use your laptop and log into https://www.hacking-lab.com/. Solve the challenges of our NetSec event online at any time you want. Teams of five students will create one new challenge per team. |
| Office Hours | Monday 13:00-15:00, CAB F 86.2 (from Oct 5th) |
| Grading | You must pass the exam to get credit points |
| Course Website | http://tinyurl.com/netsec-hs15 |
| Course Slides/Readers (SVN) | Use your n.ethz account to access the slides and readers in the SVN: https://svn.inf.ethz.ch/svn/perrig/netsec/teaching/netsec-2015/students/ |
| 19.9.2015 | Lecture video recordings: http://www.video.ethz.ch/lectures/d-itet/2015/autumn/263-4640-00L. |
| 15.9.2015 | Students must sign and submit the legal use declaration for this course no later than 22.9.2015. German: PDF Word English: PDF Word |
| Date | Guest or Exercise | Lecture | Lab |
|---|---|---|---|
| Week 1, 15.09.2015 | Dr. David Barrera, ETH Zurich: Computer Networks Refresher Slides: PDF |
Introduction, Insecurity, and Risk [SF]; Hacking Lab Introduction [SM] Slides: Introduction, Hacking Lab |
Get Hacking-Lab account, join event and set up access |
| Week 2, 22.09.2015 | E1: Insecurity and Basics [SH] | Identity and Authentication [TD] | Do one step-by-step example |
| Week 3, 29.09.2015 | Emilia Kasper, Google: "TLS Certificate Security" | Firewalls, IDS, and NAT traversal [AP] | No new challenges |
| Week 4, 6.10.2015 | Maxim Raya, Credit Suisse: "Network Security at Credit Suisse" | DNS Security [SF] | No new challenges |
| Week 5, 13.10.2015 | Christof Jungo, Head Security Architecture at Swisscom: "Trusted Computing at Swisscom" |
Secure Channels: Principles, VPN, SSH [TD] Availability and DoS [TD] |
No new challenges |
| Week 6, 20.10.2015 | Vincent Lenders, Armasuisse: "Next-generation Air Traffic Control: Overview and Security Issues" | Session State; SQL Injection [SF] | nmap, Wireshark, and DNS |
| Week 7, 27.10.2015 | Raphael M. Reischuk, Network Security Group: "SCION" | TLS Part 1 [AP] | Session state and SQL injection |
| Week 8, 3.11.2015 | E2: DNS [DA] | TLS Part 2 [AP] | No new challenges |
| Week 9, 10.11.2015 | Ivano Somaini, Compass Security AG: "Social Engineering" | Cross-Site Scripting (XSS) [TD] | 2300: XSS Wargame Guestbook 2301: Second Order Injection 2662: XSS Shell |
| Week 10, 17.11.2015 | E3: Application Security [DA] | Malware [TD] | 2652: Web 2.0 Worm Development 2663: JavaScript Malware Analysis 5028: Conficker Attack 5104: Virus Total |
| Week 11, 24.11.2015 | Serge Droz, SWITCH: "Switch CERT" | Malware Development and Demo; Botnets [SF] | No new challenges |
| Week 12, 1.12.2015 | E4: XSS, Malware/Bots [SH] | Email Spam [TD] | No new challenges |
| Week 13, 8.12.2015 | Candid Wuest, Principal Threat Researcher, Symantec: "Malware Analysis and Prevention" | Security Ecosystem; Evasion Modelling, Detection Failures, and Endpoint Security [SF] | TBD |
| Week 14, 15.12.2015 | David McLaughlin, ETH Zurich: "Spam Fighting at ETH" |
Case Study: Security Online Ticket Shop [TD] Full Disclosure Debate, Wrap-Up [AP] |
TBD (some challenges to help you prepare for the exam) |