Information Technology Education Department SECUNET Syllabus I.

COURSE IDENTIFICATION Course Title Basic Network Security Course Credit 3 UNITS Course Advanced Networking Concepts Prerequisite Course NONE Corequisite Course The course covers the fundamentals of network security. The extent of coverage is confined to the concepts necessary to provide the students Description with a good working knowledge in network security. Appropriate hacking tools and security tools will be utilized to supplement and complement

the different network security concepts discussed.

II. COURSE OBJECTIVES General Objective To introduce the basic concepts of network security to BSIT Specific Objectives At the end of the course, the students should be able to:

students.

1. Aware of the basic security management concepts. 2. The difference between policies, standards, guidelines, and procedures. 3. Determine the level of threat provided by the intruders. 4. Explain the ways and good practices of network security. 5. Understand some laws pertaining to cyber crimes. 6. Differentiate the level of security and weaknesses in each network. 7. Name network attacks and vulnerabilities. 8. Use some methods of testing for network vulnerabilities. 9. Use some hacking prevention techniques. 10. Understand the Information Technology Infrastructure Library 11. Document company IT Use Policies III. TEXTBOOK(S) AND REFERENCES Textbook(s) Graves, K. (2010).

CEH. United Kingdom: Wiley Pub. Kartalopoulos, S.V (2009). Security of Information and Communication. United Kingdom:Wiley Pub. Basta,A. (2008). Computer Security and Penetration Testing. Thomson. Fourouzan, B.A (2008). Cryptography and Network Security. McGrawHill Gregg, M.C (2008). Build Your Own Lab. Wiley Pub. Ye,N. (2008). Secure Computer and Network System. J.Wiley Pub. Jacobson,D. (2009). 1

References

Introduction to Network Security. CRC.

Module Week 1 Module 1: Orientation, Review of the Course Syllabus Expectations leveling and Classroom Rules Formulation Chapter 1 : Security Management Practices Module 2: Information Security Triad Basic Security Concepts Confidentiality Integrity Availability Module 3: Security Management Security Program Development Security Control Goals Module 4: Information Risk Management Kinds of IRM Countermeasures or Safeguard Security Controls (Functional vs. Assurance) Classification Controls Week 2 Chapter 2: Access Control Module 5: Identity Management

Objectives At the end of the period, the students should be able to: 1. Explain what the course is all about; 2. Recall and agree on expected classroom behavior and procedures. Relive the basic tenets being discussed in the class. 3. Know the basic information about security management concepts 4. The difference between policies, standards, guidelines, and procedures 5. Security awareness concepts 6. Risk Management

Activities/Tasks/Skills/Focus Discussion of the syllabus, review of classroom rules and procedures. Discussion of chapter 1 about Security Management Practices Review on Different kinds of information and database values Practical laboratory on capturing and observing information within the network

Learning Resources Syllabus Reference books Cisco Router Wireshark

Value Focus Determination Perseverance

Assessment/Evaluation Short Quiz Recitation Assignment Laboratory Exercises

At the end of the period, the students should be able to: 1. Understand the threats, vulnerabilities, and risks which are associated with the information

Discussion on how to gain access base on privileges and user account roles as users on the network Familiarization of the basic terms of network security as

Syllabus Reference Books Packet Tracer Net Scan

Determination Knowledge Technical Skills Comprehension Logic

Short Quiz Recitation Seatwork Laboratory Exercise Assignment

Components of Access Control Account Management Module 6: Authentication Password Management and Techniques Types of Biometrics Problems with Biometrics Module 7: Access Control Modules Discretionary Access Control Mandatory Access Control Non Discretionary Access Control Role Based Access Control Week 3 Chapter 3: Telecommunication and Network Security Module 8 - Remote Access Security Management Securing Telecommunication and User Connectivity Remote User Management Issues Module 9 - Intrusion Detection and Response Fundamental Variation on how IDS works Computer Incident and Response Long Quiz Week 4 Continuation of the previous chapter

system 2. Explain and apply the preventive and detective measure that are available to counter them 3. Compare and contrast the different kinds of biometrics as well as how they help to secure the network 4. Explain the role and methods on how Access Control Modules works to secure the network

well as the right usage of password Discussion of the different way on how to secure the system using biometrics Basic alphanumeric password creation and access-list restriction practical laboratory exercise

At the end of the period, the students should be able to: 1. Communications and network security as it relates to voice, data, multimedia, and facsimile transmissions in terms of local area, wide area, and remote access 2. Communications security techniques to prevent, detect, and correct errors so that integrity, availability, and the confidentiality of transactions over networks may be maintained 3. Internet/intranet/extranet in terms of firewalls, routers, gateways and various protocols 4. Communications security management and techniques, which prevent detect, and correct errors so that the transactions over networks may be maintained

Review on how to perform remote management as well as securing the connection Discussion of basic fundamentals of Intrusion Detection System Discussion of Computer Incident and Response Discussion of network attacks and abuses Practical Laboratory in remote connection usage and intrusion detection simulation

Syllabus Reference Books Cisco Routers Packet Tracer WireShark GNS3 Simulator VNC

Determination Knowledge Perseverance Enthusiasm Teamwork

Long Quiz Recitation Seatwork Hands On Lab exercise

Module 10: Back Up Concepts and Methods Kinds of Backup Methods Back Up Concepts and Techniques Common Back up Issues Module 11: Single point of failures Managing Single Point of Failures Module 12: Network Attacks and Abuses Denial of Service Session Hijacking Attack Week 5 Chapter 4: Layered Architecture Model and Firewall Concepts Module 13: OSI Reference Model and TCP/IP Model Seven OSI Reference Model Module 14: OSI Security Service and Management Basic Security Management Security Mechanism Module 15: Firewall Architectures Types of Firewall and Concepts Week 6 Chapter 5- Cryptography Module 16: Cryptography 1. Overview of Cryptography and encryption techniques At the end of the period, the students should be able to: Review of Cryptography History Review of Cryptography key concepts At the end of the period, the students should be able to: 1. Explain the various role of OSI models 2. Compare and Contrast OSI Reference Model and the TCP/IP Model 3. Key Concepts of how firewall works to protect our network Review of the OSI Reference model Review of the TCP/IP Model Discussion of Firewall Architectures Simulation on how firewall works against threats

ACRONIS, Windows System Backup Backtrak

Syllabus Reference Books Firewall Simulator (ice black) Cisco Routers Packet Tracer Wireshark

Determination Knowledge Technical Skills Dedication Teamwork

Short Quiz Seatwork Recitation Practical Exam Hands On Lab Exercise

Syllabus Reference Books Cain and Abel Packet Tracer

Determination Knowledge Technical Skills Dedication

Short Quiz Seatwork Recitation Hands On Lab

Concepts Cryptography Terminology Cryptosystem Development Module 17: Cryptography History Shift Cipher Transposition Cipher Scytale Vigenere Cipher Module 18: Symmetric Cryptography DES Triple DES RC4,RC5,RC6 Blowfish IDEA Symmetric Cons Week 7 Continuation of the previous chapter Module 19: Asymmetric Cryptography Diffie-Helman RSA,DSA El-Gamal Elliptic Curve Cryptosystem Module 20: Encryption Modes Cipher Block Encryption Block Encryption Stream Cipher Week 8 Long Quiz 2 Film Showing : Hackers Wanted

2. Explain the Cryptography Key Fundamentals and History 3. Distinguish the different types of encryption modes

Discussion of the kinds of Cryptography and the different encryption modes Practical Laboratory, Encryption implementation

Wireshark TrueCrypt, CommuniCrypt

Enthusiasm Excitement Logic

Exercise

At the end of the period, the students should be able to: 1. Evaluate students on what they learn on the previous weeks 2. Assess their theoretical skills 3. Assess movies on how ethical hacking affect the community

Assessment of the theoretical capability of the student Film Showing

Syllabus Reference Books Modules Movie

Determination Perseverance Motivation Knowledge Comprehension

Long Quiz Recitation Seatwork Hands On Lab Exercise

Week 9 Chapter 6: Security Architecture Module 21: System Security Architecture Security Architecture Terms and Perimeters Basic Hardware Architecture Module 22: System Security Model State Machine Model Bell-Lapadula Model BIBA Model Latice Model Module 23: Security Modes of Operation Dedicated Security Mode System High Security Mode Week 10 Chapter 7:Business Continuity Planning and Disaster Recovery Planning Module 24: Business Continuity Planning BCP DR Key Concepts Creating a BCP Module 25: Disaster Recovery Management Recovery Planning Warm Site Cold Site Restoration Methods Module 26: Electronic

At the end of the period, the students should be able to: 1. Identify the different computer components as well as their respective functions 2. Methods on how the security models work 3. Understand the system security model in performing protection mechanism against threats

Discussion of the system security architecture Review of the computer components Discussion of the System security model and modes of operation

Syllabus Reference Books Modules Computer Components

Determination Motivation Technical Teamwork

Short Quiz Recitation Seatwork Practical Skills

At the end of the period, the students should be able to: 1. Understand the basic difference between business continuity planning and disaster recovery planning 2. Explain the difference between natural and man made disaster. 3. Identify the four prime Business continuity planning elements 4. Evaluate the steps in creating a disaster recovery plan 5. Explain the five types of disaster recovery plan test 6. Understand and implement the different types of back up plan

Discussion on Business Continuity Planning Review on the Disaster Recovery Management Discussion of Electronic Vaulting and Remote Journaling

Syllabus Reference Books Modules

Determination Motivation Perseverance Teamwork Knowledge

Short Quiz Seatwork Assignment Practical Skills

Vaulting and Remote Journaling Backup Plans and Category Remote Journaling Tape Vaulting Week 11 Chapter 8: Physical Environmental Security Module 27: Physical Security Fundamentals Threats and Physical Security Problems Physical Security Fundamentals Security Zones Module 28: Environmental Issues and Practices Automatic Fire Prevention and Suppression System Perimeter Security Physical IDS Week 12 Chapter 9: Cybercrimes and other Legal Stuff Module 29: Complexities in Cyber Crime Complexities in Cyber Crime Types of Law and key concepts Module 30 : International Protection of Property Software Piracy Different Laws and Regulations Module 31 : Computer Fraud and Abuse At the end of the period, the students should be able to: 1. The elements involved in choosing a secure site and its design and configuration 2. The methods for securing a facility against unauthorized access 3. The methods for securing the equipment against theft of either the equipment or its contained information 4. The environmental and safety measures needed to protect personnel, and the facility and its resources Discussion of the Physical Security Fundamentals Review on the Environmental Issues and Practices Practical Laboratory, Physical Security Syllabus Reference Books Packet Tracer Determination Motivation Teamwork Enthusiasm Technical Knowledge Short Quiz Seatwork Assignment Practical Skills Hands On Lab on Physical Security

At the end of the period, the students should be able to: 1. Understand what laws apply to computer crimes. 2. How to determine if a crime has occurred 3. The basics of conducting an investigation and the liabilities under the law

Discussion of the complexities in cyber crime Review on the international protection of property Discussion on Computer Fraud and Abuse Discussion on Employee Privacy

Syllabus Modules Reference Books Computer Laws

Determination Motivation Technical Knowledge Perseverance

Short Quiz Seatwork Practical Lab Recitation Assignment

Gram Leach Bliley Act of 1999 Federal Privacy Act of 1974 Week 13 Module 32 Employee Privacy Issues Employee Privacy Issues Company Liability Issues Computer Forensic Investigation Investigation and Incident Response Module 33 IT Use Policies Company IT infrastructure and network design At the end of the period, the students should be able to: 1. Evaluate their knowledge acquired through the subject Discussion on legal and privacy issues on IT Discussion on mitigation of risk and response to incidents

Audit a companys network infrastructure Assess and recommends companys network security

Investigate Assess Perseverance Discover EXAM

Week 14 Final Examination

EXAM