Course details
Security and Computer Networks
IBS Acad. year 2024/2025 Summer semester 4 credits
The course will holistically address secure communication at all layers of the TCP/IP stack. This will include basic knowledge of cryptography, DNS and mail protocol security, TLS/SSL certificates and frameworks, comparison of HTTP and HTTPS, possibly TELNET and SSH, the concept of VPN and its implementation in the form of IPsec, OpenVPN, WireGuard, overlay networks such as Tor and I2P, link layer attacks such as ARP spoofing, MAC flooding and defenses against them, the concept of AAA and its implementation in the form of RADIUS and 802.1x, cryptocurrencies such as Bitcoin.
Guarantor
Course coordinator
Language of instruction
Completion
Time span
- 26 hrs lectures
- 6 hrs laboratories
- 7 hrs projects
Assessment points
- 60 pts final exam (30 pts written part, 30 pts test part)
- 20 pts mid-term test (5 pts written part, 15 pts test part)
- 20 pts projects
Department
Lecturer
Jeřábek Kamil, Ing., Ph.D. (DIFS)
Malinka Kamil, doc. Mgr., Ph.D. (DITS)
Pluskal Jan, Ing., Ph.D. (DIFS)
Veselý Vladimír, Ing., Ph.D. (DIFS)
Instructor
Learning objectives
The goal of this course is to inform students about the basic principles of network and systems security and relevant protocols and standards. Students are learned to design and manage security technologies.
Student is able to configure secure communication between computers. They have an overview of authentication principles and secure network services and they are able to manage them: SSH, VPN, email services, etc. They have an overview of security technologies used in wireless networks. Students are able to design and implement secure communication. Students are able to read standards and use them for project implementation.
Recommended prerequisites
Prerequisite knowledge and skills
- Basic skills of operation systems Unix/Windows, virtualization (VirtualBox) and containerization (Docker, LXC)
- Ability to read study texts in English (standards, RFC documents).
- The architecture of computer networks (ISO/OSI, TCP/IP).
- Overview of link layer protocols and network layer protocols.
Study literature
- Kurose, James F.: Computer networking : a top-down approach. 7th ed., Pearson, Essex, 2017, ISBN 978-1-292-15359-9
- Stallings, W.: Network security essentials : applications and standards. Hoboken, 2016, 978-0-13-452733-8.
- Anderson, Ross J.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons Inc, 2001, ISBN 0-471-38922-6.
Syllabus of lectures
- 
Introduction, course organization, TCP/IP stack and technologies relevant to the course, containerization. 
- 
Securing network communications on L7+L4: Cryptography 101, certificates, PKI, TLS/SSL (tutorial about Let's Encrypt and HTTP readability vs. HTTPS unreadability) 
- 
Securing network communications on L7: DNS and DoH (tutorial on running DNS server with DoH and white/blacklisting like AdGuard, PiHole) 
- 
Securing network communications on L7: Email communication and DKIM, SPF, DMARC, reputation systems (tutorial on running your own mail server) 
- 
Securing network communications on L3: Tunneling and VPNs, primarily site-to-site VPNs like GRE, IPsec (tutorial how to connect two sites) 
- 
Securing network communications on L3: primarily remote-access VPNs like OpenVPN, Wireguard (create your own OpenVPN/Wireguard server) 
- 
Securing network communications on L3: Overlay networks like Tor, I2P 
 (tutorial on Tor Browser)
- 
Network communication security on L2: Port security, DHCP 
 spoofing/snooping, ARP MitM/Dynamic ARP inspection (tutorial on port security)
- 
Securing network communications on L2: WiFi, 802.1x (WPA123, 
 WPS, protected management frames)
- 
Securing network communications on access: Telnet vs. SSH, AAA, 
 RADIUS (tutorial on RADIUS authentication)
- Securing network authentication: LDAP, OAuth, JWT (single-sign on solution demonstration)
- 
Secure network design principle (invited lecture Security@FIT) 
- 
Financial security: Bitcoin 101 (demo-training on something with 
 cryptocurrencies) + Recap
Syllabus of laboratory exercises
Each lecture will conclude with a mini-demonstration of the technology. A concise manual for each of these mini-demonstration will be available on the faculty Git, where the goal of the project will be to try out everything shown using other implementations of the same technology.
Syllabus - others, projects and individual work of students
The aim of the project is to demonstrate the acquisition of knowledge about securing communication at different TCP/IP layers. Within the individual project, the student will perform the following tasks on his/her device: registering his/her own DNS domain and deploying his/her own DNS server supporting DoH, deploying a simple HTTPS-secured web presence in the domain and mail server, setting up a remote-site VPN and securing his/her own local LAN and WiFi infrastructure against unauthorized access. The project will be submitted in the form of a detailed report including configuration and other files including testing/proofing of individual points. There will be an optional defense at the end of the project and an ad hoc lab exercise in between.
Progress assessment
Mid-term exam and project realization.
Exam prerequisites: Students need to earn at least a half of all points during the semester.
Course inclusion in study plans
- Programme BIT, 2nd year of study, Elective
- Programme BIT (in English), 2nd year of study, Elective