Network & Computer Security (Reti e Sicurezza Informatica)

Professor: Giovambattista Ianni - http://www.gibbi.com

Office hours and Exams registration: Monday 15:00-17:00

Teaching assistant: Davide Fuscà Office hours: by appointment

Facebook Group.

General information

• Detailed course description sheet here/qui

News

• None, at the moment.

Projects assignments

• Project assignments 2015

• Project assignments 2014

• Project assignments 2013

• Project assignments 2012

• Project assignments 2011

• Project assignments 2010

Teaching Material

Introductory lecture - Download (Last update: Oct 2020)

Cryptography and Digital signature

• All slide sets from the book "Criptography and Network Security" download Symmetric Cryptography - Download (Last update: Oct 2021)

• Laboratory Session 1 (symmmetric cryptography) - Download (Last update: Oct 2020)

  • Laboratory Session 2 (steganography) - Download (Last update: Oct 2020)

  DES Encryption - Download (Last update: Oct 2021)

• AES Encryption - Download (Last update: Oct 2021)

• Block Cipher Modes - Download (Last update: Oct 2021)

• Random Numbers and stream ciphers - Download (Last update: May 2025)

• Asymmetric Encryption - Download (Last update: Oct 2021)

• Diffie-Helmann like key exchange - Download (Last update: Oct 2021)

• Cryptographic Hash Functions - Download (Last update: Oct 2021)

• Key Distribution and PKI - Download (Last update: Dec 2020)

• SSL+TLS infrastructure

Layer 2 Security

Security of Layer 2 Links - Download (Last update: May 2025)

• IT (old version 2012 in Italian)

• WLAN technologies and security

• Most popular MITM attacks on layer 2

Layer 2 & 3: Virtual Private Networks

Info = <class 'urllib2.HTTPError'> HTTP Error 404: Not Found <traceback object at 0xa19852c><-->Line = 54URL = https://www.mat.unical.it/ianni/RSI-Web/slides/VPN.ppt

• VPN with SSH Tunneling

• Linux VPN Technical Analysis

• How to setup a PPTP/GRE server on Linux

• How to setup a L2TP/IPSec server on Linux -

  • IPV6 - here and here

  • IPSec - IT - EN

  • IPSec HOWTO

• Common VPN security flaws

Layer 4 & 5 Security

• HTTP authentication, Cookies & Privacy - IT - EN

• SSL+TLS infrastructure Laboratory: OpenSSL in practice - Download (Last update: Oct 2020)

• How to configure an Apache server with a SSL certificate - Download

• Firewall IT - EN

Laboratory sessions

• Laboratory session 1 - primaParte.pdf secondaParte.pdf

• Solution of laboratory session 1 - 1 2

• Laboratory session of 24 March 2011 -esercizio1.pdf esercizio2.pdf

• Laboratory session of April 3d 2013 - PKI and SSL

• Laboratory session of April 16th, 2013, Aircrack - WEP EN - IT Aircrack - WPA - Download (Last update: Oct 2020)

• Ettercap MITM - Download (Last update: Oct 2020)

• SSL-Attack (HeartBleed) - Download (Last update: Oct 2020)

• SSL Attack (SSLStrip) - Download (Last update: Oct 2020)

• Netkit EN - ITA.

  Ip-Address - Download (Last update: Oct 2020)

  • HERE - Download (Last update: Oct 2020)

  • Partial solution

• Instructions on how to build a SSH VPN on the above lab
  Client - Download (Last update: Oct 2020)

  • Server - Download (Last update: Oct 2020)

  Info = <class 'urllib2.HTTPError'> HTTP Error 404: Not Found <traceback object at 0xa1a075c><-->Line = 54URL = https://www.mat.unical.it/ianni/RSI-Web/laboratorio/NETKIT-VPN/ipsec/ipsec.txt Info = <class 'urllib2.HTTPError'> HTTP Error 404: Not Found <traceback object at 0xa1a08ec><-->Line = 54URL = https://www.mat.unical.it/ianni/RSI-Web/laboratorio/NETKIT-VPN/ipsec/ipsec-fullconf.txt

• Laboratory IPsec

  - Info = <class 'urllib2.HTTPError'> HTTP Error 404: Not Found <traceback object at 0xa1a09dc><-->Line = 54URL = https://www.mat.unical.it/ianni/RSI-Web/laboratorio/exploit-exercise/exploit-exercise.rar

• Laboratory session of 12 April 2011 -esercitazione_12_aprile_2011.zip

• Laboratory session of 20 April 2011 -appunti_esercitazione_20_4_2011.txt

• Laboratory session of 3 May 2011 - labRSIclean.tar.gz

• Laboratory session of 18 May 2011 - esercitazione_18_maggio_2011_new.tar.gz

Host security and other selected topics

• DB Security - IT - EN

• Physical Security - download

• Software integrity, buffer overflow, SQL injection - http://www.mat.unical.it/ianni/storage/SoftSecSQLInj.ppt

• Windows Internals and its security - download

• Rule-based IDSs: Snort

• A CWE-22 simple exploit script

• Kerberos - IT - EN

• Malware analysis - here

• Demo of Functions for accessing the registry & Software integrity - here Password storage, MSChap-v2, SRP - Download (Last update: May 2025)

How to install Netkit

• Netkit consists of three files that are here.

• Then apply the patch 2 as described here

• Netkit web site - http://www.netkit.org/

WebGoat Solution

• Access Control Flaws:

  • Using an Access Control Matrix

  • Bypass a Path Based Access Control Scheme

  • Bypass Business Layer Access Control

  • Bypass Data Layer Access Control

• Injection Flaws:

  • Command Injection

  • Numeric SQL Injection

  • Log Spoofing

  • String SQL Injection

  • Modify Data with SQL Injection

  • Add Data with SQL Injection

  • Database Backdoors

  • Blind Numeric SQL Injection

  • Blind String SQL Injection

• XSS:

  • Phishing with XSS

  • LAB: Cross Site Scripting

  • HTTPOnly Test

• Parameter Tampering:

  • Bypass HTML Field Restrictions

  • Exploit Hidden Fields

  • Exploit Unchecked Email

  • Bypass Client Side JavaScript Validation