(9)-Structure C
1.
Name of Course
2.
Course Code
3.
4.
Name(s) of academic staff
Rationale for the inclusion of the course/module in the programme
Network Security
GSEC5014
Core Module
Network security has assumed increasing importance at this era of electronic connectivity with its viruses and hackers, electronic eavesdropping, and electronic fraud. The explosive development in computer systems and their interconnections via networks has increased the dependence of both organizations and individuals on the information stored and communicated using these systems, which made network security of a vital interest.
Semester 1 / Year 2 5.
Semester and Year offered
6.
Total Student Learning
Time (SLT)
L = Lecture
T = Tutorial
P = Practical
O= Others
7.
Credit Value
Face to Face
L
42
T
14
P
/
O
112
Total Guided and Independent Learning
Independent study=112 hours
Total =168
4
42 Hours of Lecture
14 Hours of Tutorial
None 8.
Prerequisite (if any)
9.
Objectives:
The subject is to provide a comprehensive reference to the most cutting-edge security products and methodologies available to networking professionals today. The subject will provide the students with the necessary understanding, knowledge, and skills to implement current, state-of-the-art network security technologies to ensure secure communications throughout the network infrastructure. Furthermore, throughout the course the students will be exposed to the current related development and research topics.
10.
Learning outcomes:
By the end of the subject, students should be able to:
 Demonstrate a deep understanding of the fundamental security concepts

Understand the network Access Control and authorized and unauthorized activities

Develop an Understanding of ACL Processing
 Understand Device Security and the Device Security Policy
 Identify the basic Security Features on Switches
 Understand Securing Layer 2 and Port-Level Traffic Controls

Develop an understanding of Layer 2 Security Best Practices

Deal with Cisco IOS Firewall

Recognize Router-Based Firewall Solution
 Recognize Cisco Firewalls: Appliance and Module
 Identify the basic elements of Attack Vectors and Mitigation Techniques

Understand Context-Based Access Control (CBAC)

Demonstrate a deep understanding Identity Security and Access Management
 Develop solid knowledge of Data Privacy, Security Monitoring, and Security Management

11.
Transferable Skills:
Literature and data searching skills
Independent study and self learning skills
Technical writing and presentation skills
Oral/Written Communication skills
Critical thinking and problem solving skills
Time and Self-management skills
Teamwork skills
Independent research skills
Analysis and decision-making skills
IT skills
12.
Teaching-learning and assessment strategy
A variety of teaching and learning strategies are used throughout the course, including:

Classroom lessons. Lectures and Power Point presentations

Tutorials
 Hands-on Laboratory Sessions
 brainstorming
 Lecturer-led problem-solving sessions

Solving assigned problems in groups and individually
 collaborative and co-operative learning;
 Independent study.
Assessment strategies include the following:
 Performance Assessment (Project, participation, Assigned exercises)
 Lecturer Observation

Quizzes, tests, and examinations
13.
Synopsis:
The subject with an easy-to-follow approach will cover most of security knowledge needed to implement end-to-end security solutions. The subject covers a great deal of the knowledge related to the Cisco network security portfolio. The subject discusses development and research topics in addition to the thirteen topics that will be introducing the fundamental security concepts, and covering identity security and access management. Data Privacy, Security
Monitoring, and Security Management will be covered as development and research topics.
14.
Mode of Delivery:

Classroom lessons. Lectures and Presentations

Tutorial sessions: Practice exercises
 Hands-on Laboratory Sessions
15.
Assessment Methods and Types:
The assessment for this course will be based on the following:
Coursework
 Midterm test

Assignment

Project
Final Examination
10%
10%
30%
Assessment
50%
50%
100%
16.
Mapping of the course/module to the Programme Aims
A1
5
A2
4
A3
3
A4
4
17.
Mapping of the course/module to the Programme Learning Outcomes
LO1
4
LO2
3
LO3
3
LO4
4
LO5
3
18.
A5
3
LO6
3
Content outline of the course/module and the SLT per topic
Details
A6
3
LO7
3
SLT
A7
2
LO8
3

L T P O
Overview of Network Security

Fundamental Questions for Network Security

Transformation of the Security Paradigm

Principles of Security—The CIA Model

Policies, Standards, Procedures, Baselines, Guidelines

Security Models

Perimeter Security

Security in Layers

Security Wheel
Access Control

Traffic Filtering Using ACLs

IP Address Overview

Subnet Mask Versus Inverse Mask Overview

ACL Configuration

Understanding ACL Processing

Types of Access Lists
Device Security

Device Security Policy

Hardening the Device

Securing Management Access for Security Appliance

Device Security Checklist
Security Features on Switches

Securing Layer 2

Port-Level Traffic Controls

Private VLAN (PVLAN)

Access Lists on Switches

Spanning Tree Protocol Features

Dynamic Host Configuration Protocol (DHCP) Snooping

IP Source Guard

Dynamic ARP Inspection (DAI)

Advanced Integrated Security Features on High-End
Catalyst Switches

Control Plane Policing (CoPP) Feature

CPU Rate Limiters

Layer 2 Security Best Practices
3 1 0 8 12
3 1 0 8 12
3 1 0 8 12
3 1 0 8 12

Cisco IOS Firewall

Router-Based Firewall Solution

Context-Based Access Control (CBAC)

CBAC Functions

How CBAC Works

CBAC-Supported Protocols

Configuring CBAC

IOS Firewall Advanced Features

Zone-Based Policy Firewall (ZFW)
Cisco Firewalls: Appliance and Module

Firewalls Overview

Hardware Versus Software Firewalls

Cisco PIX 500 Series Security Appliances

Cisco ASA 5500 Series Adaptive Security Appliances

Cisco Firewall Services Module (FWSM)

Firewall Appliance Software for PIX 500 and ASA 5500

Firewall Appliance OS Software

Firewall Modes

Stateful Inspection

Application Layer Protocol Inspection

Adaptive Security Algorithm Operation

Security Context

Security Levels

Redundant Interface

IP Routing

Network Address Translation (NAT)

Controlling Traffic Flow and Network Access

Modular Policy Framework (MPF)

Cisco AnyConnect VPN Client

Redundancy and Load Balancing

Firewall "Module" Software for Firewall Services
Module (FWSM)

Firewall Module OS Software

Network Traffic Through the Firewall Module

Installing the FWSM

Router/MSFC Placement

Configuring the FWSM
Attack Vectors and Mitigation Techniques

Vulnerabilities, Threats, and Exploits

Mitigation Techniques at Layer 3

Mitigation Techniques at Layer 2

Security Incident Response Framework
3 1 0 8 12
3 1 0 8 12
3 1 0 8 12

Development and research topics

Presents and discusses a set of research / development topics 3 1 0 8 12
Securing Management Access

AAA Security Services

Authentication Protocols

Implementing AAA

Configuration Examples
Cisco Secure ACS Software and Appliance

Cisco Secure ACS Software for Windows

Advanced ACS Functions and Features

Configuring ACS

Cisco Secure ACS Appliance
Multifactor Authentication

Identification and Authentication

Two-Factor Authentication System

Cisco Secure ACS Support for Two-Factor
Authentication Systems
Layer 2 Access Control

Trust and Identity Management Solutions

Identity-Based Networking Services (IBNS)

IEEE 802.1x

Deploying an 802.1x Solution

Implementing 802.1x Port-Based Authentication
Wireless LAN (WLAN) Security

Wireless LAN (WLAN)

WLAN Security

Mitigating WLAN Attacks

Cisco Unified Wireless Network Solution
Network Admission Control (NAC)

Building the Self-Defending Network (SDN)

Network Admission Control (NAC)

Cisco NAC Appliance Solution

Cisco NAC Framework Solution
Total SLT
3 1 0 8 12
3 1 0 8 12
3 1 0 8 12
3 1 0 8 12
3 1 0 8 12
3 1 0 8 12
168

19.
Main references supporting the course:
1.
Yusuf Bhaiji, “Network Security Technologies and Solutions (CCIE Professional Development Series)”. Cisco
Press, 2008.
Additional references supporting the course:
1.
William Stallings. “Network Security Essentials: Applications and Standards (4th Edition)”, Prentice Hall, 2010.
2.
William Stallings. “Cryptography and Network Security: Principles and Practice (5th Edition)”. Prentice Hall,
2010.
3.
Ross J. Anderson. “Security Engineering: A Guide to Building Dependable Distributed Systems”, Wiley, 2008.
4.
Gary McGraw. “Software Security: Building Security In”, Addison-Wesley Professional, 2006.
20.
Other additional information
All materials will be available to the students online.