CT7157 - Hardening Network Infrastructure (2023/24)
|Module specification||Module approved to run in 2023/24|
|Module title||Hardening Network Infrastructure|
|Module level||Masters (07)|
|Credit rating for module||20|
|School||School of Computing and Digital Media|
|Total study hours||200|
|Running in 2023/24(Please note that module timeslots are subject to change)||
This module is delivered in two main parts, the first part is based on the CCNA Security, one of the Cisco Networking Academy Programme courses. The second part is Security Controls which are tools that you implement to protect the confidentiality, integrity, and availability of important assets and data. This part of the module covers areas of regulation, compliance and best practices in ensuring that critical data and resources are protected and available for authorised use particularly by implementing NewGen Firewall technology.
The Cisco CCNA Security curriculum provides a next step for individuals who want to enhance their CCNA-level skill set and help meet the growing demand for network security professionals. The curriculum provides an introduction to the core security concepts and skills needed for the installation, troubleshooting, and monitoring of network devices to maintain the integrity, confidentiality, and availability of data and devices. CCNA Security helps prepare students for entry-level security career opportunities and the globally recognized Cisco CCNA Security certification.
This course is a hands-on, career-oriented e-learning solution with an emphasis on practical experience to help students develop specialized security skills, along with critical thinking and complex problem-solving skills. CCNA Security is a blended curriculum with both online and classroom learning. Students who enrol in CCNA Security are expected to have CCNA-level networking concepts knowledge and skills, along with basic PC and Internet navigation skills.
In Security Controls part, students are introduced to auditing and evaluation tools used to assess and validate security posture of a network and are given exposure to network threats and vulnerabilities.
Students will assess the baseline security and configuration features required to secure network devices.
Prior learning requirements
Successful completion of level 6 or equivalent.
Overview of Network Security, Basic Router and Switch Security, Router ACLs and CBAC, Router AAA Security, Router Intrusion Detection, Monitoring and Management, Router Site-to-site VPN, Router, Router Remote Access VPN and Cisco Adaptive Security Appliance (ASA)
Introduction to Network Security Controls,
Information Security Governance and Frameworks
Auditing Tools and Techniques,
Auditing Cisco Security Solutions,
Security Compliance and Management.
Understanding of the professional, legal, social and ethical framework regarding Information Security
Balance of independent study and scheduled teaching activity
Module is delivered once a weekly in a four-hour session. Usually two-hour lecture is followed by two hours of laboratory work. Students are provided with access to the on-line curriculum (Netacad or WebLearn) and are encouraged to read the material prior to lecture sessions. On the completion of lectures on specific topics students take regular in class tests for which they get an automated and/or in-person feedback. Lectures are heavily supported by hands-on relevant laboratory work such as Device Audit and Hardening, AAA and Site-to-Site VPN configurations. Students are encouraged to keep a logbook and record the summary of their practical work for reflective learning. Students are required to regularly complete advanced labs to assess theit
On successful completion of this module students will be able to:
LO1. Explain, appraise and critically evaluate network security terminology, vulnerabilities and policies and configure security technology for testing and monitoring
LO2. Implement AAA and IDS using Cisco routers and designing and managing a secure network; and appraise and analyse security policies and network security posture;
LO3. Identify, understand and appreciate the knowledge of governance/frameworks and standards of information and network security including the related professional, legal, social and ethical issues;
LO4. Investigate and create a systematic and independent examination of network infrastructure for vulnerabilities and threats;
A series of in-class tests: will assess students’ learning on a continuous basis and will facilitate formative feedback and diagnostic assessment opportunities (LO1 to 2 at varying level)
Theory Examination: This will assess students’ knowledge of security policy, procedures and standards. Students need to summarize and critically discuss security controls and domains used for security assessment (LO1, 3 & 4)
Practical Examination: This will assess the students’ ability to respond to a design requirement configure routers switches and firewall devices to achieve the design spec. LO2, 3 & 4)
The reassessment strategy for the in-class tests will involve one consolidated test.