CryptoWorks21 • Fundamentals of Network Security

In 2013, 2014, 2016, 2017, and 2018 I gave a short course on Fundamentals of Network Security for the CryptoWorks21 program at the University of Waterloo.

Lecture materials and practical exercises from these lectures are below. Lecture 2 provides a nice (in my opinion) one-lecture overview of the basics of cryptography and could act as a good review/refresher.

Lecture 1: Basics of Information Security

Topics: Security architecture and infrastructure; security goals (confidentiality, integrity, availability, and authenticity); threats/vulnerabilities/attacks; risk management

Lecture 1 slides (PDF)

Lecture 2: Cryptographic Building Blocks

Topics: Symmetric crypto: ciphers (stream, block), hash functions, message authentication codes, pseudorandom functions; public key crypto: public key encryption, digital signatures, key agreement.

Lecture 2 slides (PDF)

Lecture 3: Network Security Protocols

Topics: Overview of networking and PKI; Transport Layer Security (TLS) protocol; overview of SSH, IPsec, Wireless (Tool: Wireshark)

Lecture 3 slides (PDF)

Lecture 4: Offensive and Defensive Network Security

Topics: Offensive: Pen-tester/attack sequence: reconnaissance; gaining access; maintaining access (Tool: nmap); supplemental material: denial of service attacks; Defensive: Firewalls and intrusion detection

Lecture 4 slides (PDF)

Lecture 5: Access Control & Authentication; Web Application Security

Topics: Access control: discretionary/mandatory/role-based; phases. Authentication: something you know/have/are/somewhere you are. Web security: cookies, SQL injection. Supplemental material: passwords.

Lecture 5 slides (PDF)