Applied Network Security

Lectures: 30 h

The course last ran: New course

The course runs: Spring 1999

Goals
The aim of this course is to highlight how unauthorized access to computers is accomplished, and to describe a broad range of the solutions for this problem.

Prerequisites
Knowledge of basic computer security (see the undergraduate course on Data Security).

Organization
This course is organized into three parts.

The first part titled Network Security Concepts gives the students the necessary background information in cryptography, networking and network security. It includes a description of the most common attack methods used by intruders to gain unauthorized access to computers. The aim of this part is to ensure that all students have a rea sonable understanding of the problems and concepts before tackling the rest of the course.

The second part of the course titled Kerberos and SESAME gives a description of the Kerberos and SESAME architectures. Kerberos is the well known authentication architecture, with wide spread acceptance in industry. SESAME is a newer architecture based on Kerberos, with additions such as the use of public-key cryptography and an access control service based on role based access control. A significant portion of the course is devoted to SESAME, including de scriptions of how SESAME was used to secure telnet, the BSD rtools, the Remote Procedure Call.

The third part of the course titled Other Security Solutions completes the picture with a descrip tion of the wide range of security technologies available. It begins with a description of more security architectures (Yaksha, KryptoKnight, DCE,...). The differences with the Kerberos and SESAME architectures are outlined. The course will then describe a number of other security solutions (PGP, SMIME, SSL/TLS, SSH, IPSEC, CDSA) that are also commonly being used in the industry to provide security.

Contents
In general network security solutions can be approached from two different angles:

• How to secure specific applications.
• How to build a security architecture to secure the whole network.

In the course both approaches are represented. On the one hand a range of solutions that are ap plication specific is examined. That is these solutions are complete applications that have secu rity built into them and are available as stand-alone products. Electronic mail and remote-login programs are the most common examples of these type of solutions.

On the other hand the security architectures are also investigated. These architectures tackle the network security problem from a different approach. They provide an infrastructure of se curity components that can then be used by application developers to secure their own applica tions. In some cases there are applications that have already been secured to work with the architecture and these might also be available to the public.

Literature
Vandenwauver, M. Practical Intranet Security - An Overview of the State of the Art and Available Technologies, (to appear by Kluwer).
Articles.

Teachers
Mark Vandenwauver (Mark.vandenwauver@esat.kuleuven.ac.be)

Examiner
Nahid Shahmehri (E-mail: nahsh@ida.liu.se).

Schedule
May 1999.

Examination
To be determined later. (preliminary: project work and written report)

Credit
3-4 credits

Page responsible: Director of Graduate Studies