How To Pass A Credit Course At Florida State College At Jacksonville

Transcription

1 Form 2A, Page 1 FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE COURSE NUMBER: CTS 2658 COURSE TITLE: PREREQUISITE(S): COREQUISITE(S): Managing Network Security CNT 2210 with grade of C or higher None CREDIT HOURS: 4 CONTACT HOURS/WEEK: 4 CONTACT HOUR BREAKDOWN: Lecture/Discussion: 3 Laboratory: 1 Other : FACULTY WORKLOAD POINTS: 4 STANDARDIZED CLASS SIZE 24 ALLOCATION: CATALOG COURSE DESCRIPTION: This course covers methods of securing SOHO and enterprise-class networks. Topics include teleworker configuration and access, xdsl, cable, employing AAA, encryption, Frame Relay MPLS, site-to-site VPN, remote VPN, strategies used to mitigate network attacks, router and switch hardening, and IOS firewall features. Handson exercises are an integral part of the course. Pre-requisites are CET 2610/CNT 2002 AND CET2615/CNT 2003 with grades of C or higher. SUGGESTED TEXT(S): CCNP ISCW Official Exam Certification Guide, Cisco Press (latest edition) IMPLEMENTATION DATE: Fall Term, 2002 (20031) REVIEW OR MODIFICATION DATE: Fall Term, 2003 (20041) Fall Term, 2005 (20061) Fall Term, 2008 (20091) Fall Term, 2009 (20101) Proposal

2 Form 2A, Page 2 COURSE TOPICS CONTACT HOURS PER TOPIC I. Remote Network Connectivity Requirements 2 II. Teleworker Connectivity (xdsl and Cable) 5 III. VPNs (including GRE and IPSec) 13 IV. MPLS 5 V. Network Device Hardening 13 VI. Threat Defense Features (Firewalls, IDS, IPS) 13 VII. Case Studies 4 VIII. Hands-on Tests 5 60

3 PROGRAM TITLE: IT Security Form 2A, Page 3 COURSE TITLE: Managing Network Security CIP NUMBER: LIST PERFORMANCE STANDARD ADDRESSED: NUMBER(S): TITLES(S): 03.0 Install and configure secure network systems software and utilities-the student will be able to: Discuss the functions of authentication protocols and Virtual Private Networks (VPNs) Install and configure current popular network servers for such services as: Domain Name Service (DNS), Dynamic Host Configuration Protocol (DHCP), , the World Wide Web (WWW), proxy service, etc.) Demonstrate proficiency with Internet structure, organization, and navigation-the student will be able to: Describe common Internet services and port numbers Demonstrate the use of internetworking protocols, including: Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), protocols such as Simple Mail Transfer Protocol (SMTP) and Post Office Protocol (POP3), Telnet, etc.) Demonstrate the use of typical remote access mechanisms such as Telnet Describe the data format and proprietary nature of commonly used Internet file types Demonstrate an understanding of network access control systems and methodology-the student will be able to: Specify by access control mechanisms what users can do, which resources they can access, and what operations they can perform on a system Compare and contrast several access control techniques, including access control lists, discretionary, mandatory, lattice-based, rule-based, and role-based access control Administer computer, group, and user accounts Manage policies, rights, permissions, and passwords for users and/or groups of users Oversee password and PIN selection, management, and control Implement centralized/remote authentication access controls such as RADIUS and TACACS Demonstrate an understanding of the different types of intrusions and the different methods of intrusion detection, including data extraction, sampling, recognition and traffic analysis Monitor the network using various forms of intrusion detection resources to detect attacks Investigate audit trails for signs of network intrusions Perform penetration testing to find weaknesses in the access control systems Describe cryptography concepts, standards, and applications-the student will be able to: Demonstrate an understanding of the encryption/decryption process Demonstrate an understanding of the basic functions involved in key management including creation, distribution, verification, revocation, destruction, storage, recovery, and life span of keys.

4 LIST PERFORMANCE STANDARD ADDRESSED: (Continued) Form 2A, Page 4 NUMBER(S): TITLES(S): Utilize various forms of cryptography, digital certificates, and digital signatures to achieve confidentiality, integrity, authentication, and non-repudiation in an enterprise data communications network Discuss the creation and use of digital certificates and digital signatures to provide authentication of users and verification of data integrity in network communications Employ cryptographic algorithms such as DES, RSA, MD5 and DSA Identify the strengths and weaknesses of cryptographic algorithms and the effects of key length Implement current popular key distribution methods including manual, Kerberos, and Internet Security Association and Key Management Protocol (ISAKMP) Utilize application and network-based protocols such as Secure Socket Layer (SSL), Secure HyperText Transfer Protocol (SHTTP), and Internetworking Protocol Security (IPSEC) Perform telecommunications and network security activities The student will be able to: Utilize protocol layering models such as the Open Systems Interconnection (OSI) model in analyzing network security threats Configure authentication protocol services such as RADIUS/TACACS to provide dial-in authentication and security Employ network monitors and packet sniffers to identify security threats Implement security measures using hardware and software such as firewalls, routers, switches, gateways, and proxies Discuss the security vulnerabilities of the Transmission Control Protocol/Internetworking Protocol (TCP/IP) protocol stack Configure Network Layer security protocols such as Internetworking Protocol Security (IPSEC) Configure Transport Layer security protocols such as Secure Socket Layer (SSL) Utilize Secure Multipurpose Internet Mail Extensions (S/MIME), Secure Socket Layer (SSL) and other Application Layer security protocols Perform connection verification and authentication using Challenge Handshake Authentication Protocol (CHAP) and Password Authentication Protocol (PAP) Demonstrate an understanding of how wide area network serial line protocols such as Frame relay, X.25, High-level Data Link Control (HDLC), Point-to-Point Protocol (PPP) and Integrated Services Digital Network (ISDN), and Digital Subscriber Line (DSL) work Implement secure data communication techniques such as Virtual Private Networks (VPNs), tunneling, Network Address Translation (NAT), and transmission logging Employ alarms and signals to alert network security administrators of intrusions Perform operations and security management practices-the student will be able to: Protect the privacy of personal data Determine what resources, including hardware/software, password files, source code, storage and logs, require protection Utilize monitoring tools and techniques such as trend analysis, traffic analysis and reporting mechanisms.

5 Form 2A, Page 5 LIST PERFORMANCE STANDARD ADDRESSED: (Continued) NUMBER(S): TITLES(S): Implement countermeasures to defend against threats such as fraud, theft, employee sabotage, espionage, terrorism, and hackers Employ applications and systems development security techniques- The student will be able to: Implement features to ensure data and application integrity, security and availability Employ countermeasures to defend against attacks such as brute force and replay attacks.

6 Florida State College At Jacksonville Course Learning Outcomes & Assessment For All College Credit Courses Section 1 COURSE PREFIX AND NUMBER: CTS 2658 SEMESTER CREDIT HOURS: 4 COURSE TITLE: Managing Network Security Section 2 TYPE OF COURSE: (Click on the box to check all that apply) AA Elective AS Required Professional Course College Prep AS Professional Elective AAS Required Professional Course Technical Certificate Other General Education: (For General Education courses, you must also complete Section 3 and Section 7) Section 3 (If applicable) INDICATE BELOW THE DISCIPLINE AREA FOR GENERAL EDUCATION COURSES: Communication Social & Behavioral Sciences Mathematics Natural Sciences Humanities Section 4 INTELLECTUAL COMPETENCIES: Reading Speaking Critical Analysis Quantitative Skills Scientific Method of Inquiry Writing Listening Information Ethical Literacy Judgment Working Collaboratively Section 5 LEARNING OUTCOMES METHOD OF ASSESSMENT Describe and configure teleworker access, including xdsl and cable. Create a Network Security Policy Written Assessment Describe and implement basic Frame-Mode MPLS and MPLS VPN Describe and configure site-to-site IPSEC and GRE VPNs, and remote client VPNs. Describe local and remote network security vulnerabilities, threats, and attacks such as Denial of Services. Describe and implement strategies to combat these threats. Topics and tasks include setting up AAA (Authentication, Authorization, and Accounting), ACLs, CBAC, DHCP, DMZs, NTP, NAT/PAT, SSH, firewalls and device hardening using both CLI and SDM. Also, research and discuss current network security devices and practices including stateful packet filtering and 802.1x. Describe and configure IOS Intrusion Detection Systems, Intrusion Protection Systems, and monitoring systems such as SNMP and syslog. Case Study including IPSEC, GRE, SDM, CLI, Frame-Mode Written and Configured Case Studies (eportfolio MPLS, and implementing security best practices. requirement) Section 6 Name of Person Completing This Form: Kevin Hampton Date: 2/19/2008