Download Communication systems 17th lecture (last)

Communication
systems
17th lecture (last)
Chair of Communication Systems
Department of Applied Sciences
University of Freiburg
2006
1 | 57
Communication systems
administrational stuff
●
●
●
Last lecture for this semester
Friday is written exam starting at 11am sharp, Room 03-026
in this building (attic, end of stairs)
–
We gave some hints in last practical course on Tuesday
–
Please bring a fountain/ballpin pen with you (seats, tables,
writing paper are provided by us)
Grades in oral or written exams will be sent to the
examinations office (an will be available there beginning of
winter term)
–
If you need a special printed paper – please tell us/send an
email, so we could prepare it – it will be available at the
secretaries of the computing department
2 | 57
Communication systems
administrational stuff – seminar next semester
●
Professorship will held a block seminar on “Security, trust
and law in the Internet” next winter in cooperation with
MPICC (dept. of Prof. Sieber)
–
Unfortunately the faculty was not able to held the central
infrormation block on available seminars soon enough
–
We expect written seminar papers for the end of October, the
three seminar dates are on Friday/Saturday end of November,
beginning of December
–
Seminar could be taken for the field of specialization #6
–
Topics like SPAM, cracking, phishing, etc. will be covered
–
Seminar is in german only!
–
More information on the several topics could be found on the
homepage
3 | 57
Freiburg Embedded Systems Talks
Academia meets Industry
Vorträge:
16.-18. Oktober 2006
Workshops:
19.-20. Oktober 2006
Festveranstaltung mit Live-Musik:
Referenten (Auszug):
– Prof. Dr.-Ing. Dr. h.c. Rolf Isermann
– Prof. Dr. Leonhard Michael Reindl
– Prof. Dr. Wilhelm Schäfer
– Prof. Dr.-Ing. Peter Woias
– Prof. Dr. Hans-Joachim Wunderlich
16. Oktober 2006, ab 18:00 Uhr
Themen:
Veranstaltungsort:
11. Fakultät, Gebäude 101
Weitere Informationen:
http://festami.informatik.uni-freiburg.de
– Softwaretechnik
– Rekonfigurierbarkeit / Fehlertoleranz
– Wireless / Low-Power
– Sensor-Networks
4 | 57
Freiburg Embedded Systems Talks
Academia meets Industry
Vorträge:
16.-18. Oktober 2006
Workshops:
19.-20. Oktober 2006
Festveranstaltung mit Live-Musik:
Referenten (Auszug):
– Prof. Dr.-Ing. Dr. h.c. Rolf Isermann
– Prof. Dr. Leonhard Michael Reindl
– Prof. Dr. Wilhelm Schäfer
– Prof. Dr.-Ing. Peter Woias
– Prof. Dr. Hans-Joachim Wunderlich
16. Oktober 2006, ab 18:00 Uhr
Themen:
Veranstaltungsort:
11. Fakultät, Gebäude 101
Weitere Informationen:
http://festami.informatik.uni-freiburg.de
– Softwaretechnik
– Rekonfigurierbarkeit / Fehlertoleranz
– Wireless / Low-Power
– Sensor-Networks
Für Studierende und Mitarbeiter ist die Teilnahme kostenlos!
5 | 57
Communication systems
Last lecture – SIP and H323
●
We talked on and demonstrated (in the practical course) SIP
– session initialization protocol and H.323 (both might be part
of the written exam questions)
–
Telephony over IP networks
–
Only session setup
–
compression, packet transport left to other services like RTP
and RTCP
–
the latter define container and control protocols for multimedia
data streams
–
H.323 – standard developed by Telcos - ITU
–
SIP – internet standard, thus they differ definitely in their
designs
6 | 57
Communication systems
this lecture – security in computer networks
●
●
●
●
We leave the area of telephony and talk of a complete
different field again
The topic of this lecture will NOT asked in exam questions :)
After some overview on the several network layers
–
IP v4 and v6 on the third OSI layer (network)
–
TCP, UDP on the fourth OSI layer (transport)
–
and several protocols for the underlying first and second layer
(physical and data link layer)
“security” is a very broad topic not only connected to
networks but many other aspects of computers
7 | 57
Communication systems
this lecture – security in computer networks
●
●
●
●
●
This lecture – short introduction into problems of open
networks, types and points of possible attacks
–
more than introduction is not possible
–
whole lectures may be held on that topic
Security measures do not focus on a single network layer
Different measures try to solve different problems that might
occur
There is no single measure, which will solve all security
issues at once
There will evolve new types of attacks and new types of
counter measures
8 | 57
Communication systems
network insecurity – simple packet snapshot (pract. course)
9 | 57
Communication systems
network insecurity
●
●
●
IP packets are easily readable (if provided with the proper
tools)
e.g. ethereal can provide the user/network administrator
–
with a graphical userinterface for interpreting packets
–
can grab all packets visible to a machine (promiscous mode in
LANs like ethernets)
–
can sort out TCP streams (check which packets are part of a
certain communication)
–
can interpret most of protocol packets
You should be familiar with this tool (and others like
tcpdump) from the several practical courses
10 | 57
Communication systems
network insecurity
●
●
●
why packets are as easily readable?
all communication has to follow standards – otherwise no
communication would be possible (think of people talk in different
languages with each other)
even not open protocols, like certain implementations of windows
network service are interpretable – such the samba service is
developed through trial-and-error and reverse engineering
●
such: no security by obscurity!!
●
in the beginning of "The Internet”
–
very few participants in networks
–
very few computers connected to each other
–
very few people with deep understanding of networking
–
not many network analyzation tools available (for free)
11 | 57
Communication systems
network insecurity
●
●
●
●
restricted computing power of connected machines
–
protocols should be very simple and should not impose high loads
on the machine
–
encryption technologies were not common knowledge / restricted for
export ("strategic technology”)
and: simplicity of TCP/IP protocol suite helped the rapid growth of
the Internet and fast adaptation for the different operating
systems
by now: the Internet is one of base technologies for information
exchange and communication
wide range of businesses directly depend on this network (online
shops, auctions, b2b, games, advertisements, porn sites, ... :-))
12 | 57
Communication systems
network insecurity
●
inner and intra firm communication moves from the classic
communication media telephone and fax over to mail and similar
technologies
–
sending and reception of a wide range of digital objects
–
e.g. with the “melissa” virus you could observe employees
entering their offices at eight and leaving them at half past
nine (no mail and online communication was available – most
MS operated networks)
–
production and development heavily depend on networks –
most information between firms is directly interchanged
between databases over the net
–
in the future: move of telecommunications into IP networks to
avoid duplicated infrastructure and cut communication costs
13 | 57
Communication systems
network insecurity
●
networks could be attacked on all layers
●
layer 1 and 2
●
–
e.g. ARP spoofing in broadcast networks for man-in-themiddle attack, redirection of default gateway traffic over the
attackers host (fifth lecture)
–
“dialer” programs – redirection of internet traffic over costly
dial-in lines (attack is of course induced via web applications,
trojan horses, ...)
layer 3
–
IP spoofing – forging of IP addresses for good or malicious
reasons (explained later) for motivation of IPsec
–
attacking router protocols, e.g. RIP (II) for redirecting traffic in
LANs
14 | 57
Communication systems
network insecurity
●
networks could be attacked on all layers
●
layer 1 and 2
–
rather simple within WLANs (unguided media with no distinct
boundaries):
●
●
spamming with corrupt packets or simply noise (microwave
oven) – frequency band is rendered unusable
breaking the weak WEP algorithm
–
e.g. ARP spoofing in broadcast networks for man-in-themiddle attack, redirection of default gateway traffic over the
attackers host (earlier lecture)
–
“dialer” programs – redirection of internet traffic over costly
dial-in lines (attack is of often initiated via web applications,
trojan horses, ...)
15 | 57
Communication systems
network insecurity
●
layer 4
–
very simple to send unsolicited UDP packets – connectionless
service (such spoof protocols like SNMP, DHCP, DNS, ...)
–
take over open TCP connections – grab an open telnet, mail, http
session to use an authenticated session to a remote host
–
TCP syn attacs (open as many TCP connections as possible from
different hosts and leave them in open state without further
communication – type of distributed denial of service DdoS)
–
dynamic routing protocols (drop in replacement for TCP or UDP)
have their weaknesses too ...
16 | 57
Communication systems
network insecurity
●
application layers (layer 5 – 7)
–
SPAM attack on productivity in every organization, network /
overload mail boxes to stop reception of further email
–
redirection of users/traffic through modification of DNS replies,
DNS caches
–
crack passwords to gain access to accounts, databases ...
–
by now: so called “bot-nets”
●
●
groups of computers corrupted by some worm or system /
service weakness
waiting for special incoming packets for distributed denial
of service (DDoS) attacks, SPAM relaying, file exchange,
...
17 | 57
Communication systems
network security measures
●
different security measures for different network layers and
protocols
–
application layers: e.g. PGP for mail – end-to-end mail
encryption - advantages:
●
PGP/GnuPG available for many OS / mail clients
●
independent of admin permissions of the underlying OS
●
–
key ring could be put to USB stick (or similar) and
deployed on more than one machine
disadvantages:
●
●
available for mail / filesystem encryption only
mail header (and all protocols below), end-to-end
communication visible to every one along the route
18 | 57
Communication systems
network security measures
●
Transport layer as an extension to service protocols put
between TCP and higher level protocol
–
Secure socket layer (SSL: initially developed by Netscape to
secure http connections to allow secure applications
prerequisite for online shopping, homebanking, ...)
–
Transport layer security (TLS, or SSL v3) – modern version of
SSL
19 | 57
Communication systems
network security measures
–
by now implemented to a wide range of TCP applications
●
Web: https – port 443
●
Mailboxes: imap4 – imaps, port 993
●
Hierarchical database: ldap – ldaps, port 636
–
OpenSSL – open source implementation of the SSL
library
–
SSL requires certificate authorities (CA) to really know
how the communication partner is
●
●
–
hierarchical structures of trust are rather costly
information of CA has to be put into application, e.g. Web
browser
Rather strong requirement in the rather “unregulated”
Internet
20 | 57
Communication systems
network security measures
–
Advantages of SSL/TLS:
●
●
●
●
●
●
Library functions which could be relatively easily applied to
every TCP application
Freely available for all common OS
Relatively wide spread through use with HTTP
communication
Relatively mature (some security flaws where detected and
fixed)
For not SSL enabled / rather old applications or protocols
secure tunnels via SSH (secure shell) could be
established
Some certificate authorities are available
21 | 57
Communication systems
network security measures
–
Disadvantages of SSL/TLS:
●
●
●
Not available for applications using UDP (or more difficult
to apply), no SSH tunnels possible
Incompatibilities with/of older versions of SSL
CA are rather expensive and not really compatible with
each other
–
–
e.g. University of Freiburg uses some CA but would
pay extra money to enable every virtual web / mail host
to use authorized certificate (e.g. examine the
certificate of the mail server ...)
Every CA has to be known to the web browsers and
protocols using SSL
22 | 57
Communication systems
network security measures
–
By now many universities and scientific organizations use the
services of DFN CA
●
●
–
This CA is available free of charge to the members of that
network
The Root certificate is integrated into the popular open
source browsers (of course not into IE – M$ will most
probably charge for that :-))
There is a more “general” solution to link encryption and
authentication than SSL/TLS
23 | 57
Communication systems
network security measures
–
Network layer: IP sec protocol
–
Mostly in parallel to the SSL development need for secured IP
connections was stated
–
IETF created work group which should backport IP v6 security
features to IP v4 networks
●
Many participants in that workgroup
●
Long processes
●
Many incompatibilities between different vendors
24 | 57
Communication systems
network security measures
–
Data link layer: PPTP or L2TP
–
PPTP (point-to-point-tunneling-protocol) is a Microsoft
development for security enhancements to the PPP
–
PPP allows to transport more than one network layer protocol
(e.g. IPX) beside IP
–
PPTP was cracked some years ago – some security issues
not solved ...
–
PPTP is available to other operating systems too
–
L2TP (layer-2-tunneling-protocol) is prepared for adding
security features too – but some issues not solved
–
For layer 2 tunneling OpenVPN (open source project available
for OS with tun/tap network device)
25 | 57
Communication systems
network security measures
–
OpenVPN uses the SSL library to encrypt traffic, could be
used for securing layer 2 and IP connections
–
Uses UDP packets for easy crossing of masquerading routers
–
Could deploy TCP connections, connections over HTTP
proxies too
–
Disadvantages: only point-to-point connections by now
●
●
–
need to setup of several connection endpoints on a server
with the older 1.N versions
multipoint connections to the same server port would be
available with the 2.0 version
Not an officially standardized protocol, but in broad use in
many setups
26 | 57
Communication systems
network security measures – summary
27 | 57
Communication systems
network insecurity – address spoofing
●
●
●
Talked on ARP and ARP spoofing earlier this lecture /
practical course
–
Without authentication it is impossible to say which
communication partner generated a certain packet
–
Same problem on higher layers too
Same problems with WEP (lecture on Wireless LAN), layer 2
security measures ...
IP spoofing is creation of IP packets using some other IP
address as source
28 | 57
Communication systems
IP insecurity – IP spoofing
●
●
IP source and destination addresses could be easily modified (you
have only to recompute the headers checksum after it)– e.g.
useful for IP masquerading (hide whole networks behind a masq.
router – common technique for home LANs)
Tools to do so: iptables (Linux firewall package - example given in
one of the practical courses), wincap, sendpacket, raw socket, ...
29 | 57
Communication systems
IP insecurity – IP spoofing
●
●
forging source IP address causes responses to be misdirected,
meaning that no normal network connection might be created
originates in packet switched type of IP networks
IP routing is done on a hop by hop basis
● delivery route is determined by the routers that participate in
the delivery process
● routers use the “destination IP” address in order to forward
packets through the Internet, but “ignore” the source address
field – point of attack for IP spoofing
or asymmetric routing – packet is sent out on one interface and
received over another
●
●
30 | 57
Communication systems
IP insecurity – IP address spoofing in special scenarios
●
prerequisite for some type of SAT connections (incoming via
SAT, outgoing via Modem / ISDN)
●
●
●
user makes request using return channel
ISP receives data from Internet and sends it out through
satellite
user receives data through satellite receiver (card)
31 | 57
Communication systems
IP sec – IP v4 insecurity
●
●
●
●
IP v4 does not implement any security (easy IP spoofing, easy
rewriting of packets, no encryption)
As we will see firewalls does not secure outgoing or inbound
traffic but shields the internal LAN
For secure communication over an insecure network (not
because of lost packets or connections - but special agencies
listening on routers and wires) encryption will be needed
If hosts in an secured internetwork should interoperate as easily
as in the classical Internet a standard for secure communication
is needed
32 | 57
Communication systems
IP sec – IP v4 insecurity
●
●
●
IP and transportation headers must be easily readable for routers
and network engines
But packet payload is easily readable too, if the proper tools for
analysis are applied (i.e. Ethereal)
Example of HTTP post packet (login to a wellknown free mail
provider: ID and password could be identified without problem)
33 | 57
Communication systems
IP sec - overview
●
IP level security -> IPsec
●
IPSEC is Internet Protocol SECurity
●
●
●
The level above the network layer is the place where IPsec was
put - No alteration to the IP was needed, simply the transportation
protocol was interchanged (or and additional security header
introduced)
It uses strong cryptography to provide both authentication and
encryption services
–
Authentication ensures that packets are from the right sender
and have not been altered in transit
–
Encryption prevents unauthorized reading of packet contents
Topic covered in other lectures: Telematics/Internet-Working
34 | 57
Communication systems
IP sec – VPNs
●
It allows multiple access for e.g. teleworkers to the company LAN
●
Without VPN
●
–
costly separate infrastructure would be needed
–
often inflexible
Construction of a VPN
–
connection of all participating parties to the internet
–
VPN client asks for secure connection from the server
–
authentication via username/password, shared secret, key
cards ...
–
after validation tunnel is set up with special IP routes
35 | 57
Communication systems
IP sec – VPN problems
●
●
Problems with VPN gateways
–
gateway machines reachable over the public internet
–
could be attacked for break-in, denial of service
–
security could be increased through combination of
authentication methods
Security at tunnel end point
–
split tunnel – unencrypted interface to the internet needed
(transport medium for encrypted traffic)
–
user machine is not secured against attacks from the internet
–
“hardened tunnel” - no connection/routing to the local LAN is
allowed, user end point machine obtains a private IP from the
internal network
36 | 57
Communication systems
network security – other directions to look
●
●
●
●
●
By now we discussed encryption and authentication measures put
to different protocol layers to improve security
We ensure this way, that nobody can read/alter the packets of a
communication during transit
We do not secure a machine that way – vulnerability to attacks,
DoS have to be abated some other way
Completely other path of thought
–
not to protect own traffic from sniffing ...
–
but allow or block traffic at gateway, router, end system ...
Traffic / packet filtering on different levels is another concept to
increase security – parts of it will be discussed next part of lecture
...
37 | 57
Communication systems
network security – “the magic device”: firewall
●
●
●
●
Take a completely new track now ...
Firewalls are traffic / packet filters that operate on different layers
of our OSI protocol stack
Try for a definition: “A Firewall is a network security device
designed to restrict access to resources (information or services)
according to a security policy”
Important remark is to be made here:
–
Firewalls are not a “magic solution” to network security
problems, nor are they a complete solution for remote attacks
or unauthorized access to data!!
–
Firewalls could be circumvented in several ways and may
increase the complexity of network and this way decrease the
level of security!
38 | 57
Communication systems
network security – firewalls
●
●
●
●
A Firewall is a often a network security device, but can be or
simply is implemented directly into the end systems
It serves to connect two parts of a network a control the traffic
(data) which is allowed to flow between them
Often installed between an entire organization's network and the
Internet
A Firewall is always the single path of communication between
protected and unprotected networks
–
Of course there are special cases of multiple Firewalls, redundant
connections, fault-tolerant failover etc.
–
A Firewall can only filter traffic which passes through it
–
If traffic can get to a network by other means, the Firewall cannot
block it
39 | 57
Communication systems
network security – firewalls
●
●
Types of firewalling concepts:
–
(MAC / ethernet frame filter)
–
Packet filter
–
Circuit-level proxy
–
Stateful packet filter
–
Application-level proxy
Filtering on data link layer
–
ethernet packets contain source and destination addresses: MAC
–
allow only frames to be delivered from known sources, block frames
with unknown MACs
40 | 57
Communication systems
network security – firewalls
●
Filtering on network layer
–
Source & destination IP addresses
●
Source address
●
Destination address
●
Both are numerical – it is not easy for a Firewall to deal
with machine or domain names
– e.g. www.hotmail.com
Request: client = source, server = destination
●
Response: server = source, client = destination
–
41 | 57
Communication systems
network security – firewalls
●
Filtering on transport level
–
This is where we deal with (mostly) TCP and UDP port
numbers
●
e.g.: 25 SMTP – sending email (TCP)
●
110 POP3 – collecting email (TCP)
●
143 IMAP – collecting email (TCP)
●
389 LDAP – directory service (TCP)
●
636 LDAPS – TLS secured directory service (TCP)
●
80 HTTP – web pages (TCP)
●
443 HTTPS – secure web pages (TCP)
●
53 DNS – name lookups (UDP)
●
68, 69 DHCP – dynamic end system IP config (UDP)
42 | 57
Communication systems
network security – firewalls
●
●
Most Firewalls and their administrators assume that the port
number defines the service – not necessarily
–
who could stop me from sending or receiving mail over the
HTTP port
–
who could stop users from tunneling all their IP traffic over an
open port (AOL left UDP 53 completely open for DNS traffic
some year ago :-))
Here we get major problem: If users are blocked from using a
service and try to avoid the blocking firewall they might find a way
through – the admin still thinks all is fine with the network, but the
situation might be even worse than without firewall at all ...
43 | 57
Communication systems
network security – firewalls
●
Layer 7 – Application
–
There is where we find all the 'interesting' stuff ...
●
Web requests
●
Images
●
Executable files
●
Viruses
●
Email addresses
●
Email contents
●
Usernames
●
Passwords
44 | 57
Communication systems
network security – firewalls
●
●
●
●
packet filter – a special router that have the ability to throw packets
away independently of network congestion
Examines TCP/IP headers of every packet going through the
Firewall, in either direction
Choice of whether to allow or block packet based on:
–
(MAC source & destination)
–
IP source & destination addresses (layer 3)
–
TCP / UDP source & destination ports (layer 4)
Stateful filter
–
Same as a packet filter, except initial packets in one direction
are remembered, and replies are automatically allowed fo
–
Simpler rules than simple port based packet filter
45 | 57
Communication systems
network security – firewalls
●
●
Packet filter use rules specify which packets are allowed through
the Firewall, and which are dropped
–
Rules must allow for packets in both directions
–
Rules may specify source / destination IP addresses, and
source / destination TCP / UDP port numbers
–
Certain (common) protocols are very difficult to support
securely (e.g. FTP, IRC, SIP, ...)
–
Low level of security
Stateful packet filter
–
Packet filter which understands requests and replies (e.g.: for
TCP: SYN, SYN-ACK, ACK)
46 | 57
Communication systems
network security – firewalls
●
Stateful packet filter
–
Rules need only specify packets in one direction (from client to
server – the direction of the first packet in a connection)
–
Replies and further packets in the communication are
automatically processed
–
Supports wider range of protocols than simple packet filter (eg:
FTP, IRC, H323)
–
Medium-high level of security
47 | 57
Communication systems
network security – firewalls
●
Layer-7 proxy server – application level proxy
–
Client and server in one box
–
For every supported application protocol
●
●
●
SMTP, POP3, HTTP, SSH, FTP, NNTP, Q3A, ...
–
Packets are received and processed by server
–
New packets generated by client
Prevents the need for direct network connection of clients, no
client packet is directly routed into the Internet, no packet from
Internet is directly handed to the client
Special proxy protocol supported by many applications which
offers authentication: socks5
48 | 57
Communication systems
network security – firewalls
●
Complete server & client implementation in one box for every
protocol which can be expected through it
●
Client connects to Firewall
●
Firewall validates request
●
Firewall connects to server
●
Response comes back through Firewall and is also processed
through client/server
●
Large amount of processing per connection
●
High level of security
●
And: lot of funny stuff could be tried with filtering (SPAM, Ads,
porno sites, ...)
49 | 57
Communication systems
network security – firewall taxonomy
●
●
Packet filters, circuit-level proxies and stateful packet filters are like
telephone call-barring by number
–
block or allow mobile calls
–
block or allow international calls
–
block or allow 0190/0900 calls
–
from different internal extensions
Application level proxy is like telephone call monitoring by listening
to the conversations
–
conversations may still be encoded, or in a foreign language !!
50 | 57
Communication systems
network security – “personal” firewalls
●
●
●
Applications which run on Windows machines
–
commonest home PCs
–
often insecure
–
increasingly connected using ADSL etc.
Packet filter (sometimes stateful)
Learn which applications are permitted to make what type of
connections outbound
●
Block inbound access except replies
●
But nobody nows exactly
–
how personal firewalls are bound to Windows network stack
–
how firewalls could be disabled by malicious applications
51 | 57
Communication systems
firewalls - conclusion
●
Firewalls control network traffic to and from the protected network
●
Can allow / block access to services (both internal and external)
●
Can enforce authentication before allowing access to services
●
Can monitor traffic in/out of network
●
Firewalls typically defend a protected network against an attacker,
who tries to access vulnerable services which should not be
available from outside the network
52 | 57
Communication systems
firewalls - conclusion
●
●
Firewalls are also used to restrict internal access to external
services, for many different reasons:
–
security (don't want people downloading and installing
unknown applications)
–
productivity (don't want people wasting time on non-work
related websites etc)
–
cost (many Internet connections, e.g.: Dial-Up are charged by
data transferred – ensure this is all necessary)
But firewalls could mislead to total control and monitoring
–
or distract admins from more important security issues ...
53 | 57
Communication systems
conclusion of the lecture
●
●
Gave a broad overview on network related issues with focus on IP
and digital telephony networks
Defined a model for network protocol layering
–
talked on network layer: IP v4 / v6
–
routing on this layer
–
DNS as a helper application for the convinience of the Internet
users
–
physical and data link layer – several lower layer protocols
and techniques for transportation of bitstreams
–
encoding digital data into analogous signals
54 | 57
Communication systems
conclusion of the lecture – OSI layers and examples
55 | 57
Communication systems
conclusion of the lecture
●
Many topics were not or rather short covered
●
Range of lectures which focus on
●
–
network security
–
network programming
–
dynamic networks and routing protocols
–
network applications
–
...
Courses of the professorship next semester
–
Interdisz. seminar as introduced beginning of lecture ...
–
Special practical course on OpenSource PBX Asterisk (SIP,
mobile telephony, ...) at Summercampus2006: 16th - 19th of
August
56 | 57
Communication systems
end for today and this semester!!
●
●
Thanks to our hiwis
–
Rui Zhou
–
Ahmad Abdul Majeed and Christoph Hanke
Helping preparation of practical courses
–
Discussing and defining excercises
–
Correcting excercises
–
Preparing services and tools
–
...
●
Have nice summer holidays!!
●
See you tomorrow :-))
57 | 57