Course details

Security and Computer Networks

IBS Acad. year 2024/2025 Summer semester 4 credits

The course will holistically address secure communication at all layers of the TCP/IP stack. This will include basic knowledge of cryptography, DNS and mail protocol security, TLS/SSL certificates and frameworks, comparison of HTTP and HTTPS, possibly TELNET and SSH, the concept of VPN and its implementation in the form of IPsec, OpenVPN, WireGuard, overlay networks such as Tor and I2P, link layer attacks such as ARP spoofing, MAC flooding and defenses against them, the concept of AAA and its implementation in the form of RADIUS and 802.1x, cryptocurrencies such as Bitcoin.

Guarantor

Veselý Vladimír, Ing., Ph.D. (DIFS)

Course coordinator

Grégr Matěj, Ing., Ph.D. (DIFS)

Language of instruction

Czech, English

Completion

Credit+Examination (written)

Time span

  • 26 hrs lectures
  • 6 hrs laboratories
  • 7 hrs projects

Assessment points

  • 60 pts final exam
  • 20 pts mid-term test
  • 20 pts projects

Department

Department of Information Systems (UIFS)

Lecturer

Grégr Matěj, Ing., Ph.D. (DIFS)
Jeřábek Kamil, Ing., Ph.D. (DIFS)
Malinka Kamil, Mgr., Ph.D. (DITS)
Pluskal Jan, Ing., Ph.D. (DIFS)
Veselý Vladimír, Ing., Ph.D. (DIFS)

Instructor

Veselý Vladimír, Ing., Ph.D. (DIFS)

Learning objectives

The goal of this course is to inform students about the basic principles of network and systems security and relevant protocols and standards. Students are learned to design and manage security technologies.
Student is able to configure secure communication between computers. They have an overview of authentication principles and secure network services and they are able to manage them: SSH, VPN, email services, etc. They have an overview of security technologies used in wireless networks. Students are able to design and implement secure communication. Students are able to read standards and use them for project implementation.

Recommended prerequisites

Prerequisite knowledge and skills

  • Basic skills of operation systems Unix/Windows, virtualization (VirtualBox) and containerization (Docker, LXC)
  • Ability to read study texts in English (standards, RFC documents).
  • The architecture of computer networks (ISO/OSI, TCP/IP).
  • Overview of link layer protocols and network layer protocols.

Study literature

  • Kurose, James F.: Computer networking : a top-down approach. 7th ed., Pearson, Essex, 2017, ISBN 978-1-292-15359-9
  • Stallings, W.: Network security essentials : applications and standards. Hoboken, 2016, 978-0-13-452733-8.
  • Anderson, Ross J.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons Inc, 2001, ISBN 0-471-38922-6.

Syllabus of lectures

  1. Introduction, course organization, TCP/IP stack and technologies relevant to the course, containerization.

  2. Securing network communications on L7+L4: Cryptography 101, certificates, PKI, TLS/SSL (tutorial about Let's Encrypt and HTTP readability vs. HTTPS unreadability)

  3. Securing network communications on L7: DNS and DoH (tutorial on running DNS server with DoH and white/blacklisting like AdGuard, PiHole)

  4. Securing network communications on L7: Email communication and DKIM, SPF, DMARC, reputation systems (tutorial on running your own mail server)

  5. Securing network communications on L3: Tunneling and VPNs, primarily site-to-site VPNs like GRE, IPsec (tutorial how to connect two sites)

  6. Securing network communications on L3: primarily remote-access VPNs like OpenVPN, Wireguard (create your own OpenVPN/Wireguard server)

  7. Securing network communications on L3: Overlay networks like Tor, I2P
    (tutorial on Tor Browser)

  8. Network communication security on L2: Port security, DHCP
    spoofing/snooping, ARP MitM/Dynamic ARP inspection (tutorial on port security)

  9. Securing network communications on L2: WiFi (WPA123,
    WPS, protected management frames)

  10. Securing network communications on access: Telnet vs. SSH, AAA,
    RADIUS, 802.1x (tutorial on RADIUS authentication)

  11. Securing network authentication: LDAP, OAuth, JWT (single-sign on solution demonstration)

  12. Secure network design principle (invited lecture Security@FIT)

  13. Financial security: Bitcoin 101 (demo-training on something with
    cryptocurrencies) + Recap

Syllabus of laboratory exercises

Each lecture will conclude with a mini-demonstration of the technology. A concise manual for each of these mini-demonstration will be available on the faculty Git, where the goal of the project will be to try out everything shown using other implementations of the same technology.

Syllabus - others, projects and individual work of students

The aim of the project is to demonstrate the acquisition of knowledge about securing communication at different TCP/IP layers. Within the individual project, the student will perform the following tasks on his/her device: registering his/her own DNS domain and deploying his/her own DNS server supporting DoH, deploying a simple HTTPS-secured web presence in the domain and mail server, setting up a remote-site VPN and securing his/her own local LAN and WiFi infrastructure against unauthorized access. The project will be submitted in the form of a detailed report including configuration and other files including testing/proofing of individual points. There will be an optional defense at the end of the project and an ad hoc lab exercise in between.

Progress assessment

Mid-term exam and project realization.

Exam prerequisites: Students need to earn at least a half of all points during the semester.

Schedule

DayTypeWeeksRoomStartEndCapacityLect.grpGroupsInfo
Mon laboratory *) 2., 3., 4., 5., 6., 7., 8., 9., 10., 12., 13. of lectures C304 13:0014:5020 2BIA 2BIB 3BIT xx Veselý
Mon lecture 1., 13. of lectures G202 15:0016:5080 2BIA 2BIB 3BIT xx Grégr
Mon lecture 2., 4., 5., 6., 7., 8., 9. of lectures G202 15:0016:5080 2BIA 2BIB 3BIT xx Veselý
Mon lecture 2025-02-24 G202 15:0016:5080 2BIA 2BIB 3BIT xx Jeřábek
Mon lecture 2025-04-14 G202 15:0016:5080 2BIA 2BIB 3BIT xx Pluskal
Mon lecture 2025-04-28 G202 15:0016:5080 2BIA 2BIB 3BIT xx Malinka
It is not possible to register this class in Studis. (Some exercises may be opened later if needed, but this is not guaranteed.)

Course inclusion in study plans

  • Programme BIT, 2nd year of study, Elective
  • Programme BIT (in English), 2nd year of study, Elective
Back to top