logo Insalogo Insa

Internet and Security

Presentation

-   Network interconnection part:

  • In a first part, the course presents the main local area networks interconnection technologies in the Internet (repeater, bridge, router), and details the routing in the Internet (algorithm and protocols RIP, OSPF, BGP) and its evolutions (subnetting and classless routing - CIDR). The ARP, proxy ARP, ICMP and DHCP protocols are also introduced.
  • In a second part, the course presents the concepts and techniques associated with the management of virtual LAN (VLAN) and virtual private networks (VPN), and the management of private IP addresses in the Internet (applicative proxy, NAT).
  • The two major Transport protocols of the Internet (TCP, UDP) are presented in a third part.
  • Finally, the Internet evolutions towards the management of multicast, QoS and mobility requirements are finally introduced and the basic multicast management is detailed.
  • Practical manipulation (labs) of Ethernet and IP networks administration on Linux PC and CISCO equipments are associated to the course.

-   Distributed algorithm part :

  • causality (logical and vectorial clocks),
  • Synchronization by phases (application of the optimal routing)  and by waves (application of the construction of a spanning tree) 
  • Distributed choice (application of the election problem)
  • Distributed mutual exclusion algorithms
  • Detection of the termination
  • Management of the distributed data (illustration of the Quorums theory)

-   Security part :

  • Principles of computer security : properties (confidentiality, integrity, disponibility), authentication, autorisation, security policies, audit, intrusion detection, evaluation
  • Classification of attacks : virus, worms, Trojan horses, etc
  • Network vulnerabilities : main vulnerabilities related to OSI layers 2,3 and 4 (arp spoofing, arp flooding, ip spoofing, IP fragmentation attacks, TCP hijacking, etc)
  • Software vulnerabilities: focus on buffer overflows in the stack.

 

 

 

Organisation:

-   Network interconnection part :

  • course/TD then labs then exam

-   Distributed algorithm part :

  • course/TD then exam

-   Security part : (the network security must be addressed after the network inteconnection part)

  • course then the “Network project” UV then exam

Objectives

-   Network interconnection part:

  • the basic concepts and techniques allowing interconnecting local area networks in the Internet: repeater, bridge, router
  • the basic concepts and techniques allowing interconnecting LAN in the Internet : subnetting, CIDR, VLAN, VPN, applicative proxy, NAT
  • the main protocols of the TCP/IP Internet architecture : UDP, TCP, IP, ARP/proxy ARP, ICMP, DHCP (Note : RIP, OSPF and BGP are briefly introduced).

 

-   Distributed algorithm part:

  • principal characteristics of the distributed systems (asynchronism, distribution of control and the data, absence of common knowledge, dynamicity,…),
  • their specific problems and the difficulty of their solution in a distributed context (mutual exclusion, management of the shared data, distributed choice, diffusion, detection of the termination,…),
  • some generic algorithmic tools allowing to solve them: causality, distributed recursivity (waves)  and distributed  iteration (phases), specific topological structures.

-   Security part:

  • principles of computer security through the properties that characterize it as well as the classification of the major threats and the corresponding countermeasures,
  • main vulnerabilities of computer networks, in particular the Internet network as well as the corresponding countermeasures,
  • main software vulnerabilities as well as some countermeasures.

The student will be able to:

-   Network Interconnection part:

  • do architecture choices allowing to take into account requirements and constraints associated to a LAN interconnection,
  • do basic or complex addressing and routing schemas,
  • set up (administrate) Ethernet and IP networks in the basic and advanced interconnection contexts considered in the course.

 

-   Distributed algorithm part:

  •  solve  generic problems involved in the implementation of systems distributed
  • handle the most general tools allowing to conceptualize them.

-   Security part:

  • analyse a computer network and its applications in order to identify the main vulnerabilities, from software and network point of view

propose corresponding countermeasures to improve the security of the whole system

Form of assessment

The evaluation of outcome prior learning is made as a continuous training during the semester. According ot the teaching, the assessment will be different: as a written exam, an oral exam, a record, a written report, peers review...