NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus"

Transcription

1 NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus CSCI Network Security and Perimeter Protection CATALOG DESCRIPTION This course will cover infrastructure security issues. Network operating systems and network architectures will be discussed together with the respective security related issues. The students will learn about the threats to computer networks through exploitation of weaknesses in the design of network infrastructure and security flaws in the network infrastructure protocols. Issues related to the security of content and applications such as , DNS, web servers will be discussed. Security techniques including intrusion detection, forensics, cryptography, authentication and access control are analysed. Developments in IPSEC, transport protocols, secure mail, directory services, and multimedia services are discussed. Prerequisites: CSCI 345. Corequisite: CSCI 385 or equivalent. Semester: Fall 2012 Instructor: Bill Mihajlovic Class meeting: Th 8:35 11:15 PM Office hours: Th 7:35 8:35 PM COURSE OBJECTIVES: To introduce the students to operation and performance oriented computer networks design with security threats and network defense related theory and technology. MEASURABLE STUDENT LEARNING OUTCOMES: After successful completion of this course, the students will be able to: 1. Define and implement defense in depth network security strategy. 2. Design secure computer network in layers bounded by security perimeters. 3. Select matching data filtering method for each perimeter of the network defense system. 4. Distribute redundant dynamic firewalls to achieve better network security. 5. Install and configure Linux based router and firewall. 6. Compare network activity monitoring syslog facility in PIX firewall and UNIX data collection server. 7. Use existing VPN protocols 8. Identify, position and configure relevant perimeter protection devices using network authentication, authorization and accounting (AAA) protocols. 9. Analyze and evaluate network perimeter security, estimate possible threats and propose applicable security solutions. 10. Specify standard security management policy and accountability structure.

2 TOPICS The Essentials of Network Perimeter Security - Perimeter Security Fundamentals (Chapter 1) Definitions Perimeter Definition Border Routers Firewalls Intrusion Detection Systems Intrusion Prevention Systems Virtual Private Networks Software Architecture DMZ Defense-in-Depth Components o The Perimeter o The Internal Network o The Human Factor - Packet Filtering (Chapter 2) TCP/IP Primer: How Packet Filtering Works TCP and UDP Ports TCP s Three-way Handshake Cisco Routers as Packet Filters IPChains CISCO ACLs Effective Uses of Packet-Filtering Devices Egress Filtering Shortcomings of Packet Filtering Dynamic Packet Filtering and the Reflexive Access List - Stateful Firewalls (Chapter 3) How Does a Stateful Firewall Work The Concept of State Stateful Filtering and Stateful Inspection - Proxy Firewalls (Chapter 4) Fundamentals of Proxying Pros and Cons of Proxy Firewalls Types of Proxies Tools for Proxying - Security Policy (Chapter 5) Firewalls Are Policy How to Develop Policy Perimeter Considerations Fortifying the Security Perimeter - The Role of a Router (Chapter 6) The Router as a Perimeter Device The Router as a Security Device Router Hardening - Virtual Private Networks (Chapter 7) VPN Basics Advantages and Disadvantages of VPNs IPSec Basics

3 Other VPN Protocols: PPTP and L2TP - Network Intrusion Detection (Chapter 8) Network Intrusion Detection Basics The Roles of Network IDS in a Perimeter Defense IDS Sensor Placement - Host Hardening (Chapter 9) The Need for Host Hardening Removing or Disabling of Unnecessary Programs Limiting Access to Data and Configuration Files Controlling User and Privileges Maintaining Host Security Logs Applying Patches Additional Hardening Guidelines - Host Defense Components (Chapter 10) Hosts and the Perimeter Antivirus Software Host-Based Firewalls Host-Based Intrusion Detection Challenges of Host Defense Components - Intrusion Prevention Systems (Chapter 11) What Is IPS? IPS Limitations NIPS Host-Based Intrusion Prevention Systems Designing a Secure Network Perimeter - Fundamentals of Secure Perimeter Design (Chapter 12) Gathering Design Requirements Design Elements for Perimeter Security - Separating Resources (Chapter 13) Security Zones Common Design Elements VLAN-Based Separation - Wireless Network Security (Chapter 14) Fundamentals Securing Wireless Networks Auditing Wireless Security - Software Architecture (Chapter 15) Software Architecture and Network Defense How Software Architecture Affects Network Defense Software Component Placement Identifying Potential Software Architecture Issues Software Testing Network Defense Design Recommendations - VPN Integration (Chapter 16) Secure Shell Secure Sockets Layer Remote Desktop Solutions IPSec Other VPN Considerations - Tuning the Design for Performance (Chapter 17)

4 Performance and Security Network Security Design Elements That Impact Performance Impact of Encryption Using Load Balancing to Improve Performance Mitigating the Effects of DoS Attacks - Sample Designs (Chapter 18) Review of Security Design Criteria Maintaining and Monitoring Perimeter Security - Maintaining a Security Perimeter (Chapter 19) System and Network Monitoring Incident Response Accommodating Change - Network Log Analysis (Chapter 20) The Importance of Network Log Files Log Analysis Basics Analyzing Router Logs Analyzing Network Firewall Logs Analyzing Host-Based Firewall and IDS L - Troubleshooting Defense Components (Chapter 21) The Process of Troubleshooting Troubleshooting Rules of Thumb The Troubleshooter's Toolbox - Assessment Techniques (Chapter 22) Roadmap for Assessing the Security of Your Network Planning Reconnaissance Network Service Discovery Vulnerability Discovery Verification of Perimeter Components Remote Access Exploitation Results Analysis and Documentation - Design Under Fire (Chapter 23) The Hacker Approach to Attacking Networks Adversarial Review Practical Designs - A Unified Security Perimeter: The Importance of Defense in Depth (Chapter 24) Example of Defense-in-Depth Architecture Absorbent Perimeters Defense in Depth with Information

5 COURSE REQUIREMENTS Class Participation Regular attendance and class participation will be graded. Attendance A student is expected to attend each class session on a regular and punctual Policy from the basis in order to obtain the educational benefits, which each meeting affords. NYIT Catalog Students shall be informed by their instructors exactly how often they will be allowed to be late or absent during the semester. Students who exceed these limits may be withdrawn from the course by the instructor. In the event of a student s absence from a test, the instructor will generally determine whether the student will be allowed to make up the work that was missed. Lack of Academic Dishonesty Late work Reading Class Participation Homework Term Paper or Term Project Examinations: Final Grade Incomplete: I grade Withdrawal: W grade preparation is not an adequate excuse for missing an examination. Academic dishonesty, use of consultants at exam time, copying exams or plagiarizing homework assignments will result in an F grade on the exam or assignment. If it occurs more than once, the course grade will be F. Late homework assignments will be accepted only during the initial three weeks of the semester. All late homework assignments will be subject of the 10% penalty. There are no exceptions for any reasons. Reading assignments should be completed prior to the first class of the week in which they are assigned. Attendance, class participation, discussions and class interaction will be graded, contributing 10% to the final grade score. Homework assignments will be graded, contributing 10% to the final grade score. Term paper or term project on the assigned topic will be graded as 10% of the final grade score. There will be 3 quizzes each contributing 10% to the final grade score. In addition there will be one midterm exam plus the final cumulative examination, which will cover the entire semester's work, each contributing 20% to the final grade score. Missed examination will be graded as 0. All quizzes and examinations are taken in class. Final grade reflects overall performance and achievements and is based on the weighted average of the individual scores mentioned above, referred to as the final grade score. A grade of incomplete, I, can by given by the instructor after consultation with the Department Chair. It is used when a student, because of some unavoidable circumstance, has been unable to complete all assigned work for the course. The instructor must document that the student s work is passing at this point and the student must agree to complete the missing work. A grade of I will become an F in the following situation: I is given in the fall semester and not made up by the end of the following summer. I is given in the spring semester and not made up by the end of the following fall. Students who miss six (6) classes will be withdrawn from the class. Students can withdraw up to the 8 th week of the semester and receive a grade of W. After the 8 th week deadline, a student may withdraw and receive a W only if the student is passing the course. Otherwise, a student withdrawing after the 8 th week will receive a grade of WF.

6 COURSE OUTLINES: Textbook: Stephen Northcutt, Lenny Zeltser, Scott Wintters, Karen Kent, Ronald W Ritchney Inside Network Perimeter Security, Sams Publishing, 2nd edition, 2005, ISBN: References: [1] Nagananand Doraswamy, Dan Harkins, IPSec, The New Security Standard for the Internet, Intraanets, and Virtual Private Networks, Prentice Hall PTR, 1999, ISBN: [2] Saadat Malik, Network Security Principles and Practicies, Cisco Press, 2003, ISBN [3] By Alex Noordergraaf, Minimizing the Solaris Operating Environment for Security, White paper, Sun Microsystems, CSCI Network Security and Perimeter Protection Week Topic Reading Assignments 1 The Essentials of Network Perimeter Ch.1, Assignment 1: Defense in depth. Security, Security Zones and Perimeters [2]Ch.2 2 IP Network Protocols, Packet Filtering, Stateteful Firewalls Ch.2, 3 Assignment 2: IP Spoofing. IP Fragmentation attacks. 3 PIX Firewall Programming and Admin Account Management, IOS Firewalls, Safeguarding Against DOS Attack. [2]Ch.8,9 Assignment 3: Configuration of a router IOS for basic packet filtering. 4 Non Stateful, Circuit Level Firewall, Proxy Firewall 5 Device Security, Secure Routing and Secure LAN Switching, PIX Firewall NAT & DHCP 6 DMZ, Host Hardening, Defense Components and Bastion Host protection, Host Hardening. 7 Network Intrusion Detection and Prevention Systems, Network Extrusion Detection 8 Midterm Exam. 9 Inspecting Traffic and Network Activity Logging, PIX syslog Facility Programming Ch.4 Ch.6 [2]Ch.3,4,5 Ch.9, 10 [3] Ch.8, 11 [2]Ch.14, 15 Ch.20 Assignment 4: Configuration of a router IOS for statefull packet filtering. Assignment 5: Programming NAT & DHCP on PIX Firewall Project: DMZ design. Assignment 7: High level proxy monitoring data traffic. Project: Programming syslog Facility on PIX Firewall and UNIX data collection server. Assignment 10: Identification & analysis of VPN devices. 10 VPN Protocols, GRE, L2TP, Ch.7, [2] Ch.11, IPSec Protocols, ESP, AH and IKE. [1] Ch.3, 4, 7 Assignment 11: Host based configuring of IPsec. 12 Network Access Control, Authentication, [2] Ch.16, 17, Assignment 12: Configuring IOS Authorization and Accounting AAA 18 of a firewall to perform AAA Protocols, RADIUS and TACACS+ activities. 13 Building Secure Connectivity, Firewall Availability with Failover, Firewall Load Balancing. Network, Security Policies. Troubleshooting and Auditing Network Security Implementations with Tuning of 14 Design for Performance. 15 Final Exam Ch.5, 12, 13 Ch.17, 21 Term Project: Secure Network Design. Assignment 14: Network security auditing.

7

NETWORK SECURITY (W/LAB) Course Syllabus

NETWORK SECURITY (W/LAB) Course Syllabus 6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information

More information

CISCO IOS NETWORK SECURITY (IINS)

CISCO IOS NETWORK SECURITY (IINS) CISCO IOS NETWORK SECURITY (IINS) SEVENMENTOR TRAINING PVT.LTD [Type text] Exam Description The 640-553 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification.

More information

Cisco Certified Security Professional (CCSP)

Cisco Certified Security Professional (CCSP) 529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination

More information

Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router Firewalls. Intrusion Detection Systems

Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router Firewalls. Intrusion Detection Systems Course Overview Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router s IPSec 3002 IKE 515 CA s Intrusion Detection Systems 4210 VPNs Routers 2 The security threats section will cover

More information

642 552 Securing Cisco Network Devices (SND)

642 552 Securing Cisco Network Devices (SND) 642 552 Securing Cisco Network Devices (SND) Course Number: 642 552 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional, Cisco Firewall Specialist,

More information

Network Access Security. Lesson 10

Network Access Security. Lesson 10 Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.

More information

Network Security and Firewall 1

Network Security and Firewall 1 Department/program: Networking Course Code: CPT 224 Contact Hours: 96 Subject/Course WEB Access & Network Security: Theoretical: 2 Hours/week Year Two Semester: Two Prerequisite: NET304 Practical: 4 Hours/week

More information

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) : Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh Written Exam in Network Security ANSWERS May 28, 2009. Allowed aid: Writing material. Name (in block letters)

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall? What is a Firewall? Computer Security Firewalls fire wall 1 : a wall constructed to prevent the spread of fire 2 usually firewall : a computer or computer software that prevents unauthorized access to

More information

FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE

FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE Form 2A, Page 1 FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE COURSE NUMBER: CTS 2658 COURSE TITLE: PREREQUISITE(S): COREQUISITE(S): Managing Network Security CNT 2210 with grade

More information

This chapter covers the following topics:

This chapter covers the following topics: This chapter covers the following topics: Components of SAFE Small Network Design Corporate Internet Module Campus Module Branch Versus Headend/Standalone Considerations for Small Networks C H A P T E

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0 COURSE OVERVIEW Implementing Secure Converged Wide Area Networks (ISCW) v1.0 is an advanced instructor-led course that introduces techniques and features that enable or enhance WAN and remote access solutions.

More information

(d-5273) CCIE Security v3.0 Written Exam Topics

(d-5273) CCIE Security v3.0 Written Exam Topics (d-5273) CCIE Security v3.0 Written Exam Topics CCIE Security v3.0 Written Exam Topics The topic areas listed are general guidelines for the type of content that is likely to appear on the exam. Please

More information

IINS Implementing Cisco Network Security 3.0 (IINS)

IINS Implementing Cisco Network Security 3.0 (IINS) IINS Implementing Cisco Network Security 3.0 (IINS) COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

CENTRAL TEXAS COLLEGE ITSY 2401 FIREWALLS AND NETWORK SECURITY. Semester Hours Credit: 4 INSTRUCTOR: OFFICE HOURS:

CENTRAL TEXAS COLLEGE ITSY 2401 FIREWALLS AND NETWORK SECURITY. Semester Hours Credit: 4 INSTRUCTOR: OFFICE HOURS: CENTRAL TEXAS COLLEGE ITSY 2401 FIREWALLS AND NETWORK SECURITY Semester Hours Credit: 4 INSTRUCTOR: OFFICE HOURS: I. INTRODUCTION A. Identify elements of firewall design, types of security threats and

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Cisco Certified Security Professional (CCSP) 50 Cragwood Rd, Suite 350 South Plainfield, NJ 07080

Cisco Certified Security Professional (CCSP) 50 Cragwood Rd, Suite 350 South Plainfield, NJ 07080 COURSE SYLLABUS Cisco Certified Security Professional (CCSP) 50 Cragwood Rd, Suite 350 South Plainfield, NJ 07080 Victoria Commons, 613 Hope Rd Building #5, Eatontown, NJ 07724 130 Clinton Rd, Fairfield,

More information

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton

More information

TABLE OF CONTENTS NETWORK SECURITY 2...1

TABLE OF CONTENTS NETWORK SECURITY 2...1 Network Security 2 This document is the exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors

More information

CCNA Security v1.0 Scope and Sequence

CCNA Security v1.0 Scope and Sequence CCNA Security v1.0 Scope and Sequence Last updated April 7, 2011 Target Audience The Cisco CCNA Security course is designed for Cisco Networking Academy students seeking career-oriented, entry-level security

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

Implementing Cisco IOS Network Security v2.0 (IINS)

Implementing Cisco IOS Network Security v2.0 (IINS) Implementing Cisco IOS Network Security v2.0 (IINS) Course Overview: Implementing Cisco IOS Network Security (IINS) v2.0 is a five-day instructor-led course that is presented by Cisco Learning Partners

More information

CIS 156. Firewalls and Intrusion Detection

CIS 156. Firewalls and Intrusion Detection CIS 156 Firewalls and Intrusion Detection Approved: May 6, 2011 EFFECTIVE DATE: Fall 2011 COURSE PACKAGE FORM Team Leader and Members Andra Goldberg, Matt Butcher, Dave White, Steve Sorden Date of proposal

More information

Monfort College of Business Semester Course Syllabus (2015-2016) COURSE PREFIX/TITLE: BACS 382 TCP/IP Network Security Sem. Hrs. 3 Ed.

Monfort College of Business Semester Course Syllabus (2015-2016) COURSE PREFIX/TITLE: BACS 382 TCP/IP Network Security Sem. Hrs. 3 Ed. Monfort College of Business Semester Course Syllabus (2015-2016) COURSE PREFIX/TITLE: BACS 382 TCP/IP Network Security Sem. Hrs. 3 Ed. Cap: 40 CATALOG DESCRIPTION: Prerequisite: BACS 380 or consent of

More information

CCNA Security 2.0 Scope and Sequence

CCNA Security 2.0 Scope and Sequence CCNA Security 2.0 Scope and Sequence Last Updated August 26, 2015 Target Audience The Cisco CCNA Security course is designed for Cisco Networking Academy students seeking career-oriented, entry-level security

More information

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led Certification: ENSA Exam 312-38 Course Description This course looks at the network security in defensive view.

More information

Cisco Certified Network Expert (CCNE)

Cisco Certified Network Expert (CCNE) 529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Network Expert (CCNE) Program Summary This instructor- led program with a combination

More information

642 523 Securing Networks with PIX and ASA

642 523 Securing Networks with PIX and ASA 642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall

More information

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline Course Number: SEC 150 Course Title: Security Concepts Hours: 2 Lab Hours: 2 Credit Hours: 3 Course Description: This course provides an overview of current technologies used to provide secure transport

More information

FIREWALLS & CBAC. philip.heimer@hh.se

FIREWALLS & CBAC. philip.heimer@hh.se FIREWALLS & CBAC philip.heimer@hh.se Implementing a Firewall Personal software firewall a software that is installed on a single PC to protect only that PC All-in-one firewall can be a single device that

More information

SNRS. Securing Networks with Cisco Routers and Switches. Length 5 days. Format Lecture/lab

SNRS. Securing Networks with Cisco Routers and Switches. Length 5 days. Format Lecture/lab Length 5 days Format Lecture/lab Version 3.0 SNRS Course Description SNRS 1.0 is a 5-day, lab-intensive course that provides the knowledge and skills needed to secure Cisco IOS router and switch networks.

More information

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Introduction to Network Security

More information

CIS 4204 Ethical Hacking Fall, 2014

CIS 4204 Ethical Hacking Fall, 2014 CIS 4204 Ethical Hacking Fall, 2014 Course Abstract: The purpose of this course is to provide a basic understanding of computing, networking, programming concepts, and exploitation techniques, as they

More information

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0 ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Fundamental Principles of a Secure Network

More information

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls

More information

Network Security Administrator

Network Security Administrator Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze

More information

Chapter 1 The Principles of Auditing 1

Chapter 1 The Principles of Auditing 1 Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls

More information

Developing Network Security Strategies

Developing Network Security Strategies NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network

More information

Ficha técnica de curso Código: IFCAD111

Ficha técnica de curso Código: IFCAD111 Curso de: Objetivos: Managing Cisco Network Security: Building Rock-Solid Networks Dar a conocer la filosofía CISCO desde el punto de vista de la seguridad y como construir una red solidad. Como hacer

More information

CCNP: Implementing Secure Converged Wide-area Networks

CCNP: Implementing Secure Converged Wide-area Networks CCNP: Implementing Secure Converged Wide-area Networks Cisco Networking Academy Version 5.0 This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document

More information

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates

More information

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls CEN 448 Security and Internet Protocols Chapter 20 Firewalls Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

Chapter 15. Firewalls, IDS and IPS

Chapter 15. Firewalls, IDS and IPS Chapter 15 Firewalls, IDS and IPS Basic Firewall Operation The firewall is a border firewall. It sits at the boundary between the corporate site and the external Internet. A firewall examines each packet

More information

Cisco CCNP 642 825 Implementing Secure Converged Wide Area Networks (ISCW)

Cisco CCNP 642 825 Implementing Secure Converged Wide Area Networks (ISCW) Cisco CCNP 642 825 Implementing Secure Converged Wide Area Networks (ISCW) Course Number: 642 825 Length: 5 Day(s) Certification Exam This course will help you prepare for the following exam: Cisco CCNP

More information

Montgomery College Germantown Campus NW246: Network Defense and Countermeasures Master Course Syllabus

Montgomery College Germantown Campus NW246: Network Defense and Countermeasures Master Course Syllabus Montgomery College Germantown Campus NW246: Network Defense and Countermeasures Master Course Syllabus Course Description: The purpose of this course is to prepare students for Level One of the Security

More information

Ch.9 Firewalls and Intrusion Prevention Systems. Firewall Design Goals

Ch.9 Firewalls and Intrusion Prevention Systems. Firewall Design Goals Ch.9 Firewalls and Intrusion Prevention Systems Firewalls: effective means of protecting LANs Internet connectivity is essential for every organization and individuals introduces threats from the Internet

More information

Implementing Cisco IOS Network Security

Implementing Cisco IOS Network Security Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles

More information

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc. Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim

More information

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013 CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 9 Firewalls and Intrusion Prevention Systems First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Firewalls and Intrusion

More information

Description: Objective: Attending students will learn:

Description: Objective: Attending students will learn: Course: Introduction to Cyber Security Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: In 2014 the world has continued to watch as breach after breach results in millions of

More information

MERCER COUNTY COMMUNITY COLLEGE. Division of Business and Technology NET 240

MERCER COUNTY COMMUNITY COLLEGE. Division of Business and Technology NET 240 MERCER COUNTY COMMUNITY COLLEGE Division of Business and Technology COURSE DESCRIPTION: Course Description: Students learn, in depth, the various network security principles, features, protocols, and implementations

More information

Firewall Environments. Name

Firewall Environments. Name Complliiance Componentt DEEFFI INITION Description Rationale Firewall Environments Firewall Environment is a term used to describe the set of systems and components that are involved in providing or supporting

More information

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT Network Security s Access lists Ingress filtering s Egress filtering NAT 2 Drivers of Performance RequirementsTraffic Volume and Complexity of Static IP Packet Filter Corporate Network The Complexity of

More information

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 6, Nov. 10, 2010 Firewalls, Intrusion Prevention, Intrusion Detection

More information

CH ENSA EC-Council Network Security Administrator Detailed Course Outline

CH ENSA EC-Council Network Security Administrator Detailed Course Outline CH ENSA EC-Council Network Security Administrator Detailed Course Outline Summary Duration Vendor Audience 5 Days hands-on training EC-Council Security Professionals Level Technology Category Advance Ethical

More information

Track 2: Introductory Track PREREQUISITE: BASIC COMPUTER EXPERIENCE

Track 2: Introductory Track PREREQUISITE: BASIC COMPUTER EXPERIENCE Anne Arundel Community College Tracks Anne Arundel Community College s computer technologies courses have been organized into 10 suggested tracks. The tracks are arranged to ensure that students have the

More information

InCert Network Security Professional Certificate Description for Candidates

InCert Network Security Professional Certificate Description for Candidates TUT / T. Kelo, J. Koskinen / 04.09.2007 InCert The 2nd handbook Version 1.5 InCert Network Security Professional Certificate Description for Candidates Introduction InCert Network Security Professional

More information

- Introduction to PIX/ASA Firewalls -

- Introduction to PIX/ASA Firewalls - 1 Cisco Security Appliances - Introduction to PIX/ASA Firewalls - Both Cisco routers and multilayer switches support the IOS firewall set, which provides security functionality. Additionally, Cisco offers

More information

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security (640-554)

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security (640-554) CCNA Security Öngereksinimler: CCNA http://www.cliguru.com/ccna Kurs Tanımı: CCNA Security network'ün temellerini anlamış olan katılımcılara network güvenliği hakkında temel bilgi sağlamaya yönelik hazırlanmış

More information

AC 2009-1316: INNOVATIVE NETWORK SECURITY COURSE DEVELOPMENT

AC 2009-1316: INNOVATIVE NETWORK SECURITY COURSE DEVELOPMENT AC 2009-1316: INNOVATIVE NETWORK SECURITY COURSE DEVELOPMENT Hetal Jasani, Northern Kentucky University Dr. Hetal Jasani is an assistant professor in the Department of Computer Science at Northern Kentucky

More information

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs Network Security Ola Lundh ola.lundh@hh.se Schedule/ time-table: landris.hh.se/ (NetwoSec) Course home-page: hh.se/english/ide/education/student/coursewebp ages/networksecurity cisco.netacad.net Packet

More information

8. Firewall Design & Implementation

8. Firewall Design & Implementation DMZ Networks The most common firewall environment implementation is known as a DMZ, or DeMilitarized Zone network. A DMZ network is created out of a network connecting two firewalls; i.e., when two or

More information

Firewalls. Ahmad Almulhem March 10, 2012

Firewalls. Ahmad Almulhem March 10, 2012 Firewalls Ahmad Almulhem March 10, 2012 1 Outline Firewalls The Need for Firewalls Firewall Characteristics Types of Firewalls Firewall Basing Firewall Configurations Firewall Policies and Anomalies 2

More information

Tim Bovles WILEY. Wiley Publishing, Inc.

Tim Bovles WILEY. Wiley Publishing, Inc. Tim Bovles WILEY Wiley Publishing, Inc. Contents Introduction xvii Assessment Test xxiv Chapter 1 Introduction to Network Security 1 Threats to Network Security 2 External Threats 3 Internal Threats 5

More information

CCIE Security Written Exam (350-018) version 4.0

CCIE Security Written Exam (350-018) version 4.0 CCIE Security Written Exam (350-018) version 4.0 Exam Description: The Cisco CCIE Security Written Exam (350-018) version 4.0 is a 2-hour test with 90 110 questions. This exam tests the skills and competencies

More information

TABLE OF CONTENTS NETWORK SECURITY 1...1

TABLE OF CONTENTS NETWORK SECURITY 1...1 Network Security 1 This document is the exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors

More information

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..

More information

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus Department of Computer & Information Sciences CSCI-445: Computer and Network Security Syllabus Course Description This course provides detailed, in depth overview of pressing network security problems

More information

CCNA Security v1.0 Scope and Sequence

CCNA Security v1.0 Scope and Sequence CCNA Security v1.0 Scope and Sequence Last updated June 18, 2009 Note: The English version of this course is scheduled to be generally available in July 2009. Target Audience The Cisco CCNA Security course

More information

Computer Network Engineering

Computer Network Engineering 226 Computer Network Engineering Computer Network Engineering Degrees, Certificates and Awards Associate in Science: Computer Network Engineering Certificate of Achievement: Computer Network Engineering

More information

Classic IOS Firewall using CBACs. 2012 Cisco and/or its affiliates. All rights reserved. 1

Classic IOS Firewall using CBACs. 2012 Cisco and/or its affiliates. All rights reserved. 1 Classic IOS Firewall using CBACs 2012 Cisco and/or its affiliates. All rights reserved. 1 Although CBAC serves as a good foundation for understanding the revolutionary path toward modern zone based firewalls,

More information

Firewalls. Chapter 3

Firewalls. Chapter 3 Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border

More information

Networking: EC Council Network Security Administrator NSA

Networking: EC Council Network Security Administrator NSA coursemonster.com/uk Networking: EC Council Network Security Administrator NSA View training dates» Overview The EC-Council's NSA certification looks at network security from a defensive view. The NSA

More information

ICAB4236B Build security into a virtual private network

ICAB4236B Build security into a virtual private network ICAB4236B Build security into a virtual private network Release: 1 ICAB4236B Build security into a virtual private network Modification History Not Applicable Unit Descriptor Unit descriptor This unit

More information

Chapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010

Chapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010 Cryptography and Network Security Chapter 22 Fifth Edition by William Stallings Chapter 20 Firewalls The function of a strong position is to make the forces holding it practically unassailable On O War,

More information

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

Securing Networks with Cisco Routers and Switches 1.0 (SECURE) Securing Networks with Cisco Routers and Switches 1.0 (SECURE) Course Overview: The Securing Networks with Cisco Routers and Switches (SECURE) 1.0 course is a five-day course that aims at providing network

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall

More information

Computer Security DD2395

Computer Security DD2395 Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasak12/ Fall 2012 Sonja Buchegger buc@kth.se Lecture 9 Firewalls (maybe start on Multilevel Security) DD2395 Sonja Buchegger

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

MCSE. 50 Cragwood Rd, Suite 350 South Plainfield, NJ 07080. Victoria Commons, 613 Hope Rd Building #5, Eatontown, NJ 07724

MCSE. 50 Cragwood Rd, Suite 350 South Plainfield, NJ 07080. Victoria Commons, 613 Hope Rd Building #5, Eatontown, NJ 07724 COURSE SYLLABUS MCSE Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (Exam 70-293) Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure

More information

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1 Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches

More information

Secure Network Design: Designing a DMZ & VPN

Secure Network Design: Designing a DMZ & VPN Secure Network Design: Designing a DMZ & VPN DMZ : VPN : pet.ece.iisc.ernet.in/chetan/.../vpn- PPTfinal.PPT 1 IT352 Network Security Najwa AlGhamdi Introduction DMZ stands for DeMilitarized Zone. A network

More information

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004 SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004 Introduction: A computer firewall protects computer networks from unwanted intrusions which could compromise confidentiality

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

HARFORD COMMUNITY COLLEGE 401 Thomas Run Road Bel Air, MD 21015 Course Outline

HARFORD COMMUNITY COLLEGE 401 Thomas Run Road Bel Air, MD 21015 Course Outline HARFORD COMMUNITY COLLEGE 401 Thomas Run Road Bel Air, MD 21015 Course Outline CIS 210 COURSE NUMBER: CIS 210 COURSE NAME: MEETING PLACE: Random On-Line DIVISION: Business, Computing & Applied Technology

More information

ICANWK406A Install, configure and test network security

ICANWK406A Install, configure and test network security ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with

More information

Internet infrastructure. Prof. dr. ir. André Mariën

Internet infrastructure. Prof. dr. ir. André Mariën Internet infrastructure Prof. dr. ir. André Mariën (c) A. Mariën 31/01/2006 Topic Firewalls (c) A. Mariën 31/01/2006 Firewalls Only a short introduction See for instance: Building Internet Firewalls, second

More information

ELEN 689: Topics in Network Security: Firewalls. Ellen Mitchell Computing and Information Services 20 April 2006

ELEN 689: Topics in Network Security: Firewalls. Ellen Mitchell Computing and Information Services 20 April 2006 ELEN 689: Topics in Network Security: Firewalls Ellen Mitchell Computing and Information Services 20 April 2006 Firewall Historically: a wall constructed to prevent the spread of fire Firewall Function

More information

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000 Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business

More information

Outline (Network Security Challenge)

Outline (Network Security Challenge) Outline (Network Security Challenge) Security Device Selection Internet Sharing Solution Service Publishing 2 Security Device Selection Firewall Firewall firewall: An introduction to firewalls A firewall

More information

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,

More information

Architecture Overview

Architecture Overview Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and

More information

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those

More information

The Risks that Pen Tests don t Find. OWASP 13 April 2012. The OWASP Foundation http://www.owasp.org

The Risks that Pen Tests don t Find. OWASP 13 April 2012. The OWASP Foundation http://www.owasp.org The Risks that Pen Tests don t Find 13 April 2012 Gary Gaskell Infosec Services gaskell@infosecservices.com 0438 603 307 Copyright The Foundation Permission is granted to copy, distribute and/or modify

More information

IPv6 Security. Scott Hogg, CCIE No. 5133 Eric Vyncke. Cisco Press. Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA

IPv6 Security. Scott Hogg, CCIE No. 5133 Eric Vyncke. Cisco Press. Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA IPv6 Security Scott Hogg, CCIE No. 5133 Eric Vyncke Cisco Press Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA Contents Introduction xix Chapter 1 Introduction to IPv6 Security 3 Reintroduction

More information