Since all applications today heavily rely on communication and networks, there is no application security without network security.

This course focuses on network security with a software security viewpoint, and discusses common network attacks and defenses on different OSI layers, with an emphasis on application layer issues, tackling topics like session management or denial of service.

As cryptography is a critical aspect of network security, the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement are also discussed. Instead of presenting an in-depth mathematical and theoretical background, these elements are discussed from a merely practical, engineering perspective, showing typical use-case examples and practical considerations related to the use of crypto, such as public key infrastructures. Security protocols in many different areas of secure communication are introduced, with an in-depth discussion on the most widely-used protocol families such as IPSEC and SSL/TLS.

Finally, typical crypto vulnerabilities are discussed – both related to certain crypto algorithms and cryptographic protocols, such as BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE and similar, as well as the RSA timing attack. In each case, the practical considerations and potential consequences are described for each problem, again, without going into deep mathematical details.

Audience

Network Engineers and Developers

Course Objectives

Participants attending this course will:

§ Understand basic concepts of security, IT security and secure coding

§ Learn about network attacks and defenses at different OSI layers

§ Have a practical understanding of cryptography

§ Understand essential security protocols

§ Understand some recent attacks against cryptosystems

§ Get information about some recent related vulnerabilities

§ Get sources and further readings on secure coding practices

Prequisites

§ Network engineering

§ Basic software development

Outline

§ IT security and secure coding

§ Network security

§ Practical cryptography

§ Security protocols

§ Cryptographic vulnerabilities

§ Knowledge sources