184.216 Internet Security
Vorlesung mit Uebung (2.0)

Christian Platzer, Paolo Milani Comparetti, and Clemens Kolbitsch

For correspondence, send a mail to inetsec@iseclab.org

Markus "Hex Cypher" Kammerstetter (InetSec 2 Master Guru)

1. 29.06.2009 The oral exam has been moved to the Freihaus, HS6 (where we held the lecture). The date is still 07.07.2009, 10:30. Please come on time, or you may not be able to take the exam.
   People who are not happy with their grade for the written exam may come to the oral exam to try to do better. Note that if you do worse than the written exam you may end up getting a worse grade instead.
2. 24.06.2009 The oral exam is scheduled for 07.07.2009 10:30 at the Automation Systems Institute. Registration via TUWIS is required.
3. 18.06.2009 To reduce the time-factor during the exam, we decided to extend the exam duration to 75 minues!
4. 03.06.2009 Announced challenge 6 'Stack Buffer Overflow'. Happy stack-smashing!
5. 23.05.2009 Lecture on May 26th has been moved to June 3rd. Sorry for the short notice!
6. 12.05.2009 Announced challenge 5 'Man in the middle'. Happy mitming ;-)
7. 12.05.2009 Many students experienced submission problems. Thus, we extend the deadline for challenge 4 to Wednesday (May 13th) 3:00 am.
8. 04.05.2009 The written exam will be on 23.06.2009, starting at 10:30 in FH HS6
9. 02.05.2009 Unjustifiable memory consumption of some submitted scanners forced us to update the specifications for challenge 4. Be sure to check your code before submitting!
10. 28.04.2009 Announced challenge 4 'Virus Scanner'. Happy scanning!
11. 24.03.2009 Announced challenge 3 'Command Injection'. Happy injecting!
12. 24.03.2009 Announced challenge 2 'SQL Injection'. Happy stealing!
13. 24.03.2009 Due to weak passwords (see slides, p. 3 of lecture 5), we had to lock 2 accounts on bandit. If you cannot log into your account any longer, please contact us!
14. 25.03.2009 Announced lecture dates and standings for Challenge 1.
15. 24.03.2009 Announced challenge 1. Use your lab accounts to access the site. Happy puzzling!
16. 27.02.2009 Announced lecture dates and registration time.
17. 23.02.2009 The web site for the SS 2009 semester will be updated by the beginning of March.

Internet security has become part of everyday life where security problems impact practical aspects of our lives. Even though there is a considerable corpus of knowledge about tools and techniques to protect networks, information about what are the actual vulnerabilities and how they are exploited is not generally available. This situation hampers the effectiveness of security research and practice. Understanding the details of network attacks is a prerequisite for the design and implementation of secure systems.

This course presents the principal protocols and applications that are used in the Internet today, discussing in detail the related vulnerabilities and how they are exploited. For each vulnerability, possible protection and detection techniques are examined. The course includes a number of practical lab assignments where participants are required to apply their knowledge as well as a discussion of the current research in the field. Students will learn how the security of networks can be violated and how such attacks can be detected and prevented.

The course aims to make the students "security aware" and gain a basic understanding about security issues. For students who are interested in advanced security topics and practical assignments, we offer the Advanced Internet Security class in the winter semester.