Course detail

Security and Computer Networks

FIT-IBSAcad. year: 2024/2025

The course will holistically address secure communication at all layers of the TCP/IP stack. This will include basic knowledge of cryptography, DNS and mail protocol security, TLS/SSL certificates and frameworks, comparison of HTTP and HTTPS, possibly TELNET and SSH, the concept of VPN and its implementation in the form of IPsec, OpenVPN, WireGuard, overlay networks such as Tor and I2P, link layer attacks such as ARP spoofing, MAC flooding and defenses against them, the concept of AAA and its implementation in the form of RADIUS and 802.1x, cryptocurrencies such as Bitcoin.

Language of instruction

Czech

Number of ECTS credits

Mode of study

Not applicable.

Guarantor

Ing. Vladimír Veselý, Ph.D.

Department

Department of Information Systems (UIFS)

Entry knowledge

  • Basic skills of operation systems Unix/Windows, virtualization (VirtualBox) and containerization (Docker, LXC)
  • Ability to read study texts in English (standards, RFC documents).
  • The architecture of computer networks (ISO/OSI, TCP/IP).
  • Overview of link layer protocols and network layer protocols.

Rules for evaluation and completion of the course

Mid-term exam and project realization.

Exam prerequisites: Students need to earn at least a half of all points during the semester.

Aims

The goal of this course is to inform students about the basic principles of network and systems security and relevant protocols and standards. Students are learned to design and manage security technologies.
Student is able to configure secure communication between computers. They have an overview of authentication principles and secure network services and they are able to manage them: SSH, VPN, email services, etc. They have an overview of security technologies used in wireless networks. Students are able to design and implement secure communication. Students are able to read standards and use them for project implementation.

Study aids

Not applicable.

Prerequisites and corequisites

Basic literature

Not applicable.

Recommended reading

Anderson, Ross J.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons Inc, 2001, ISBN 0-471-38922-6.
Kurose, James F.: Computer networking : a top-down approach. 7th ed., Pearson, Essex, 2017, ISBN 978-1-292-15359-9
Stallings, W.: Network security essentials : applications and standards. Hoboken, 2016, 978-0-13-452733-8.

Elearning

eLearning: currently opened course

Classification of course in study plans

  • Programme BIT Bachelor's 2 year of study, summer semester, elective
  • Programme BIT Bachelor's 2 year of study, summer semester, elective

Type of course unit

 

Lecture

26 hod., compulsory

Teacher / Lecturer

Ing. Matěj Grégr, Ph.D.
Ing. Vladimír Veselý, Ph.D.
Mgr. Kamil Malinka, Ph.D.
Ing. Kamil Jeřábek, Ph.D.
Ing. Jan Pluskal, Ph.D.

Syllabus

  1. Introduction, course organization, TCP/IP stack and technologies relevant to the course, containerization.

  2. Securing network communications on L7+L4: Cryptography 101, certificates, PKI, TLS/SSL (tutorial about Let's Encrypt and HTTP readability vs. HTTPS unreadability)

  3. Securing network communications on L7: DNS and DoH (tutorial on running DNS server with DoH and white/blacklisting like AdGuard, PiHole)

  4. Securing network communications on L7: Email communication and DKIM, SPF, DMARC, reputation systems (tutorial on running your own mail server)

  5. Securing network communications on L3: Tunneling and VPNs, primarily site-to-site VPNs like GRE, IPsec (tutorial how to connect two sites)

  6. Securing network communications on L3: primarily remote-access VPNs like OpenVPN, Wireguard (create your own OpenVPN/Wireguard server)

  7. Securing network communications on L3: Overlay networks like Tor, I2P
    (tutorial on Tor Browser)

  8. Network communication security on L2: Port security, DHCP
    spoofing/snooping, ARP MitM/Dynamic ARP inspection (tutorial on port security)

  9. Securing network communications on L2: WiFi (WPA123,
    WPS, protected management frames)

  10. Securing network communications on access: Telnet vs. SSH, AAA,
    RADIUS, 802.1x (tutorial on RADIUS authentication)

  11. Securing network authentication: LDAP, OAuth, JWT (single-sign on solution demonstration)

  12. Secure network design principle (invited lecture Security@FIT)

  13. Financial security: Bitcoin 101 (demo-training on something with
    cryptocurrencies) + Recap

Laboratory exercise

6 hod., optionally

Teacher / Lecturer

Ing. Vladimír Veselý, Ph.D.

Syllabus

Each lecture will conclude with a mini-demonstration of the technology. A concise manual for each of these mini-demonstration will be available on the faculty Git, where the goal of the project will be to try out everything shown using other implementations of the same technology.

Project

7 hod., compulsory

Teacher / Lecturer

Ing. Vladimír Veselý, Ph.D.

Syllabus

The aim of the project is to demonstrate the acquisition of knowledge about securing communication at different TCP/IP layers. Within the individual project, the student will perform the following tasks on his/her device: registering his/her own DNS domain and deploying his/her own DNS server supporting DoH, deploying a simple HTTPS-secured web presence in the domain and mail server, setting up a remote-site VPN and securing his/her own local LAN and WiFi infrastructure against unauthorized access. The project will be submitted in the form of a detailed report including configuration and other files including testing/proofing of individual points. There will be an optional defense at the end of the project and an ad hoc lab exercise in between.

Elearning

eLearning: currently opened course