| Course Code | 263-4640-00L |
| Language | English |
| Instructors |
Prof. Dr. Adrian Perrig [AP] Dr. Thomas Dübendorfer [TD] (Email) Dr. Stefan Frei [SF] |
| Teaching Assistants |
Daniele Asoni [DA] Chen Chen [CC] Ercan Ucan [EU] Raphael Reischuk [RR] Sam Hitz [SH] Tae-Ho Lee [TL] |
| Lectures | Tuesday 10:15-11:55, CAB G 61 |
| Guest Talks and Exercise Sessions | Tuesday 9:15-10:00, CAB G 61 |
| Lab | Use your laptop and log into https://www.hacking-lab.com/. Solve the challenges of our NetSec event online at any time you want. Teams of (up to) five students will create one new challenge per team. |
| Office Hours | By appointment only. Preferred hours: Monday 13:30-15:00, CAB F 86.2. |
| Grading | You must pass the exam to get credit points |
| Course Catalogue Entry | 263-4640-00L Network Security |
| Course Slides/Readers (SVN) | Use your n.ethz account to access the slides and readers in the SVN: https://svn.inf.ethz.ch/svn/perrig/netsec/teaching/netsec-2016/students/ |
| 03.02.2017 | The exam will be on the 04.02.2017 at HIL G 15 |
| 30.09.2016 | Students who have submitted the legal declaration have now access to the following: the student SVN; the video recordings of the lecture; the Hacking Lab course event. The access credentials have been sent out via email. |
| 07.09.2016 | Students must sign and submit the legal use declaration for this course no later than 27.9.2016 (it can be handed in before the lecture). German: PDF Word English: PDF Word |
| Date | Guest or Exercise | Lecture | Lab |
|---|---|---|---|
| Week 1, 20.09.2016 | Computer Networks Refresher [AP] | Introduction, Insecurity, and Risk [SF] Vulnerability Lifecycle [SF] |
Starts on the second week |
| Week 2, 27.09.2016 | E1: Insecurity and Basics [DA] Hacking Lab Introduction [DA] |
Identity and Authentication [TD] | Get Hacking-Lab account, join event and set up access |
| Week 3, 04.10.2016 | Candid Wüest, Principal Threat Researcher, Symantec: "Malware Analysis and Prevention" | Firewalls, IDS, and NAT traversal [AP] | Do one step-by-step example |
| Week 4, 11.10.2016 | Raphael M. Reischuk, Network Security Group: "An Internet Architecture for the 21st Century" | DNS Security [SF] | None |
| Week 5, 18.10.2016 | Vincent Lenders, Armasuisse: "Next-generation Air Traffic Control: Overview and Security Issues" |
Secure Channels: Principles, VPN, SSH [TD] Availability and DoS [TD] |
None |
| Week 6, 25.10.2016 | E2: DoS and Project Demo [SH] | Session State; SQL Injection [SF] |
7010: DNS Host Name Change |
| Week 7, 01.11.2016 | Silvio Oertli, SWITCH: "Switch CERT" | Malware Development and Demo; Botnets [SF] |
2202 Session Fixation Attack 2312 Blind SQL Injection |
| Week 8, 08.11.2016 | E3: DNS and DNSSEC [DA] | Malware [TD] | None |
| Week 9, 15.11.2016 | Sven Vetsch, Redguard: "Real-life Attack Simulations - A Field Report" | Cross-Site Scripting (XSS) [TD] |
2663 Double SQL Injection 5104 Virus Total 2663 JavaScript Malware Analysis |
| Week 10, 22.11.2016 | E4: XSS and Malware [CC] | TLS Part 1 [AP] |
6112 OWASP A2 - XSS 2300 Cross-Site Scripting w/ Client-Side IV |
| Week 11, 29.11.2016 | Michele Spagnuolo and Lukas Weichselbaum, Google: "Breaking Bad Content Security Policies" | TLS Part 2 [AP] | None |
| Week 12, 06.12.2016 | E5: TLS and SQL Injection (skipped) | Email Spam [TD] |
3042 Exploit Heartbleed OpenSSL Vulnerability 7030 Linksys SSL Break |
| Week 13, 13.12.2016 |
Emilia Kasper, Google: "How to Fix TLS PKI Security?" This talk will not be recorded |
Security Ecosystem [SF] Evasion Modelling, Detection Failures, and Endpoint Security [SF] |
None |
| Week 14, 20.12.2016 | David McLaughlin, ETH Zurich: "Mail Filtering at the ETH" |
Case Study: Security Online Ticket Shop [TD] Frontiers in network security research, how to prepare for the final exam, wrap-up [AP] |
TBD (some challenges to help you prepare for the exam) |
