module specification

CT7157 - Hardening Network Infrastructure (2017/18)

Module specification Module approved to run in 2017/18
Module title Hardening Network Infrastructure
Module level Masters (07)
Credit rating for module 20
School School of Computing and Digital Media
Total study hours 200
 
152 hours Guided independent study
48 hours Scheduled learning & teaching activities
Assessment components
Type Weighting Qualifying mark Description
In-Course Test 10%   In-Class Tests
Practical Examination 40%   Theory Unseen Examination (2 hours)
Unseen Examination 50%   Practical Unseen Examination (2 hours)
Running in 2017/18
Period Campus Day Time Module Leader
Spring semester North Friday Afternoon

Module summary

This module is in two main parts, the first part is based on the CCNA Security, one of the Cisco Networking Academy Programme courses. The second part is Security Controls which are tools that you implement to protect the confidentiality, integrity, and availability of important assets and data. This part of the module covers areas of regulation, compliance and best practices in ensuring that critical data and resources are protected and available for authorised use.

The Cisco CCNA Security curriculum provides a next step for individuals who want to enhance their CCNA-level skill set and help meet the growing demand for network security professionals. The curriculum provides an introduction to the core security concepts and skills needed for the installation, troubleshooting, and monitoring of network devices to maintain the integrity, confidentiality, and availability of data and devices. CCNA Security helps prepare students for entry-level security career opportunities and the globally recognized Cisco CCNA Security certification.
This course is a hands-on, career-oriented e-learning solution with an emphasis on practical experience to help students develop specialized security skills, along with critical thinking and complex problem solving skills. CCNA Security is a blended curriculum with both online and classroom learning. Students who enrol in CCNA Security are expected to have CCNA-level networking concepts knowledge and skills, along with basic PC and Internet navigation skills.
In Security Controls part, Students are introduced to auditing and evaluation tools used to assess and validate security posture of a network and are given exposure to network threats and vulnerabilities.
Students will assess the baseline security and configuration features required to secure network devices.

Module aims

1. To provide a firm understanding of Security Policy design and management.
2. To introduce students to security technologies, products and solutions and skills required to initiate and implement security controls.
3. To provide students with practical experience of configuring firewalls and router security
4. To discuss VPN implementation using routers and firewalls
5. To introduce concepts of Intrusion Detection
6. To explain the implementation of AAA (Authentication, Authorisation and Accounting and to evaluate and apply security tools and to gain hands-on practical experience
7. To develop a comprehensive understanding of security policies and various IT governance frameworks in the context of data networks.

Syllabus

Overview of Network Security, Basic Router and Switch Security, Router ACLs and CBAC, Router AAA Security, Router Intrusion Detection, Monitoring and Management, Router Site-to-site VPN, Router, Router Remote Access VPN and Cisco Adaptive Security Appliance (ASA)
Introduction to Network Security Controls,
Information Security Governance and Frameworks
Auditing Tools and Techniques,
Auditing Cisco Security Solutions,
Security Policy,
Security Compliance and Management.
Understanding of the professional, legal, social and ethical framework regarding Information Security

Learning and teaching

Module is delivered once a weekly in a four-hour session. Usually two-hour lecture is followed by two hours of laboratory work. Students are provided with access to the on-line curriculum (Netacad or WebLearn) and are encouraged to read the material prior to lecture sessions. On the completion of lectures on specific topics students take regular in class tests for which they get an automated and/or in-person feedback. Lectures are heavily supported by hands-on relevant laboratory work such as Device Audit and Hardening, AAA and Site-to-Site VPN configurations. Students are encouraged to keep a logbook and record the summary of their practical work for reflective learning.

Learning outcomes

On successful completion of this module students will be able to:
LO1. Explain, appraise network security terminology, and security vulnerabilities and security policies;
LO2. Critically evaluate and configure security technology for testing and monitoring (e.g. firewall);
LO3. Implement AAA and IDS using Cisco routers and designing and managing a secure network;
LO4. Identify, understand and appreciate the knowledge of governance/frameworks and standards of information and network security including the related professional, legal, social and ethical issues;
LO5. Appraise and analyse security policies and network security posture;
LO6. Investigate and  create a  systematic and independent examination of network infrastructure for vulnerabilities and threats;

Assessment strategy

A series of in-class tests: will assess students’ learning on a continuous basis and will facilitate formative feedback and diagnostic assessment opportunities (LO1 to 6 at varying level)
Theory Examination: This will assess students’ knowledge of security policy, procedures and standards. Students need to summarize and critically discuss security controls and domains used for security assessment (LO1, 4 & 5)
Practical Examination:  This will assess the students’ ability to respond to a design requirement configure routers switches and firewall devices to achieve the design spec.
The reassessment strategy for the in-class tests will involve one consolidated test. (LO2, 3 & 6)

Bibliography

All course material for the first part of the module is available on-line for registered students on http://netacad.com with usernames and passwords.

C Paquet.(2012), “Implementing Cisco IOS Network Security (IINS): (CCNA Security exam 640-554) (Authorized Self-Study Guide)”,2nd Ed., Cisco Press. (Core)


Chris Jackson (2010), “Network Security Auditing”, Cisco Press ISBN-10: 1-58705-352-7 (Core)

Sean Wilkins, Trey Smith (2011), “CCNP Security Secure 642-637 Official Cert Guide”,
Cisco Press ISBN-10: 1-58714-280-5

John R. Vacca (2009), “Computer and Information Security Handbook”, 1st Edition. Morgan Kaufmann.