module specification

This module consists of two parts. First part is based on CCNA Cybersecurity Operations (Cyber Ops) curriculum delivered through Cisco Networking Academy at the University. The second part is based on Palo Alto Networks PCCSA Cyber Security curriculum delivered through Palo Alto Networks Cyber Security program.
This module is a first step in acquiring the knowledge and skills needed to work as a Security Analyst within a Cybersecurity Operation Centre (SOC) and can be a valuable part of beginning a career in the exciting and growing field of cybersecurity operations. It explores the characteristics of and tactics used by cyber criminals and procedures used by cybersecurity professionals to combat cybercrime.

Through Palo Alto approach to Cyber Security using advanced security hardware, Students learn the importance of network security, the range of threats to network infrastructure both from inside and outside, how these threats work, what vulnerabilities exist in the protocols the threats exploit and mitigations to those attacks. The students will learn that the networks and protocols we rely on, have no inherent security built in and that the multilayer multi-protocol nature of computer networking requires a multi technology multilayer security response.

They will learn prevention methods to both known and unknown attacks and the features of next generation firewalls including user identification, data/url filtering and denial of service prevention. The mitigations will be implemented and tested using Palo alto next generation firewalls.
This module leverages the basic network understanding the student has gained at level 5 from CCNA and complements but also contrasts CCNA security at level 6 by providing an alternative approach to firewall security compared to CISCO ASAs both in terms of technology, configuration, operation and design philosophy. This module is an essential part of the infrastructure security aspect of the degree and can lead to the professional qualification of Palo Alto Networks Certified Cybersecurity Associate (PCCSA). The CCNA Cyber Ops helps prepare students for entry-level cybersecurity career opportunities and is aligned to the Understanding Cisco Cybersecurity Fundamentals (SECFND) and Implementing Cisco Cybersecurity Operations (SECOPS) industry exams leading to the full Cisco CCNA Cybersecurity Operations certification.

This module is a hands-on, career-oriented e-learning solution offering a blended curriculum with both online and classroom learning with an emphasis on practical experience to help students develop specialised Cybersecurity analyst skills, along with critical thinking and complex problem-solving skills. To pass this module with good grades, students are expected to have CCNA-level networking concepts knowledge and skills along with basic PC and internet navigation skills.

Pre-requisite: CT5004 or CT5005 completed
Co-requisite: CT6052

Explains the nature and scope of today’s cybersecurity challenges by exploring the cybersecurity landscape, cyber threats, malware and spamming, and Wi-Fi and advanced threats.
CCNA Cyber Security Operations:
Cybersecurity –The Cybersecurity Sorcery Cube, Cybersecurity Threats, Vulnerabilities, and Attacks, Cybersecurity and the Security Operations Centre.
The art of protecting secret and ensuring integrity, Principles of Network Security, A deeper look at Network Attacks, Protecting the Network, Cryptography and the Public Key Infrastructure.
Endpoint Security and Analysis, Security Monitoring.
Intrusion Data Analysis, Incident Response and Handling.
Palo Alto PCCSA professional:
Initial Palo Alto firewall configuration.
Understanding and implementing Security policies.
Identifying data content and selectively blocking or allowing.
Selectively blocking or allowing URLs.
Inspection and Decryption of data streams.
User identification and attribution.
Collecting and collating threat metrics.
Monitoring and reporting.
High availability and reliability.

Attack types, vulnerabilities and persistent threats.
Zero trust security.
Cloud and virtualised environments and their vulnerabilities.
Network security technologies.
End-point security.
Behavioural analytics, threat intelligence and threat indicator sharing.

Work effectively and responsibly independently and in a small team. Keep a log on technical findings for reflective learning.
Understand the importance of legal compliance.

Learning Outcomes LO 1 - 4

The module is delivered on a weekly basis and includes traditional one-hour lecture augmented with two hours Laboratory work.  Industry approved up to date teaching and learning material for the lectures and labs are available online on www.Netacad.com and Weblearn (VLE) and in pdf format allowing students to read ahead and practice labs at home.  The students will be encouraged to help each other and learn from their mistakes, developing problem solving skills and the ability to implement a specification, test and verify the implementation meets the specification and troubleshoot and problem solve any deviations from the specification. Students keep a logbook and record the summary of their practical work for reflective learning. On-line chapter tests are incorporated for self-paced continuous assessment and reflective learning.

The first formative diagnostic test will be conducted by week 4. The purpose of this formative diagnostic test is check students’ understanding of initial basic concepts and to provide an early feedback mechanism for maximising student’s engagement with the module. Students are expected to keep a laboratory logbook, which will be an integral part of their practical assessment component.

The formative lab based group activity is designed to foster student’s ability to work in a team acting like a “Cybersecurity Analyst” for various vulnerability scenarios, analysing and evaluating typical scenarios through a set of lab activities. Students are expected to maintain a log of all relevant activities such as gather basic information using various tools, Learn about the Exploit, Determine the source of the Malware and Analyse details of the Exploit.

On successful completion of this module students will be able to:

LO1. Demonstrate an understanding of Cybersecurity and how Cybersecurity threats affect individuals and businesses. Articulate various types of threats, network attacks, approaches to network security defence.

LO2 Explain how to configure modern firewalls to mitigate a range of attacks and attack vectors based upon a specification or scenario. Use network monitoring tools and incident response models to identify attacks against network protocols and services. Systematically evaluate network security alerts and explain the types of log files used in security monitoring.

LO3. Contextualise the principles of confidentiality, integrity, and availability as they relate to data states and cybersecurity countermeasures and the impacts of cryptography on network security monitoring.

LO4. Investigate endpoint vulnerabilities, attacks, classify endpoint vulnerability assessment information and tools to generate a malware analysis report and to understand and appreciate the lack of security in cheap consumer grade networking devices and consumer routers.

LO5. Work effectively and responsibly independently and in a small team to demonstrate how network security incidents are handled. Keep a log on technical findings for reflective learning and group discussions. Understand the importance of legal compliance in relation to analysing network traffic and endpoint behaviours.

The two unseen theory examinations (LO1-LO4) are summative assessments to check the theoretical knowledge of the core topics covered through formal lectures/tutorials. Part 1 of the unseen theory examination is related to software infrastructure security (Cisco Cyber Ops), and part 2 related to hardware infrastructure security (PA).

The two unseen practical examination (LO2, LO4, LO5) are summative assessments to check the students’ practical and hands-on skills. Part 1 of the unseen theory examination is related to software infrastructure security (Cisco Cyber Ops), and part 2 related to hardware infrastructure security (PA).

The marks with constructive feedback will be returned to students in-line with University’s guidelines on assessments and feedback.

Core Text:

All course material for CCNA Cybersecurity Operations and Palo Alto PCCSA are available on-line for registered students on http://www.netacad.com and www.paloaltonetworks.com respectively with username and password.

• Charles J. Brooks et al (2018), Cybersecurity Essentials, Sybex, ISBN-13: 978-1119362395
• Cisco Networking Academy (2018), CCNA Cybersecurity Operations Companion Guide, Cisco Press, ISBN-13: 978-1587134395
• Cisco Networking Academy (2018), CCNA Cybersecurity Operations Lab Manual, Cisco Press, ISBN-13: 978-1587134388
• Palo Alto Networks (2018), Palo alto Networks Firewall 8.2 Essentials: configuration and Management Lab Guide
• Palo Alto Networks (2018), Cybersecurity Survival Guide: Principles and Best Practices (3rd ed)

Other Texts:
• Palo Alto Networks, PAN-OS 8.2 Administrator’s Guide
• Joe Antony Sebastin John Francis (2018), Let's Learn Palo Alto NGFW: A Case Study of Checkpoint, Juniper, Cisco, Hacking and Knowing Thyself, ISBN-13: 978-0989867528
Website:
• University Library website: https://student.londonmet.ac.uk/library/
• Subject guides and research support: https://student.londonmet.ac.uk/library/subject
• Palo Alto: https://www.paloaltonetworks.com/

Electronic Databases:
• IEEE Xplore / IET Digital Library (IEL):
https://ieeexplore.ieee.org/Xplore/home.jsp
• Wiley Online Library:
https://0-www-onlinelibrary-wiley-com.emu.londonmet.ac.uk/

Social Media Sources
YouTube: https://www.youtube.com/

Other
Lynda: http://www.lynda.com/