KARATINA UNIVERSITY

COMPUTER SCIENCE AND INFORMATICS DEPARTMENT

Course Code: COM 462E
Course Title: Network Security
Lecturer: Peter N. Njuguna
Contact: pnjuguna@karu.ac.ke

CONTACT HOURS: 4 HRS

COM 462E: NETWORK SECURITY

Course Purpose
The purpose of the course is to orient students to advanced concepts in network security.
Course Learning Outcomes
At the end of the course, the student should be able to:

Course Content
Theory and practice of computer security, security aspects of the web and Internet. Surveys on
cryptographic tools used to provide security, such as shared key encryption (DES, 3DES, RC-
4/5/6, etc.); public key encryption, key exchange, and digital signature (Diffie-Hellmann, RSA, DSS, etc.).
Reviews how these tools are utilized in the internet protocols and applications such as SSL/TLS, IPSEC,
Kerberos, PGP, S/MIME, SET, and others (including wireless). System security issues, such as viruses,
intrusion, and firewalls.
Mode of Delivery
The course will be conducted using lectures, case studies and group presentations.
Instructional Materials and Equipment
The course delivery requires audio-visual devices, computers with internet services, journals, newspapers,
chalk/pens, whiteboard markers, whiteboards/ blackboards, flip charts and learning centers.
Course Assessment

Page 1 of 5
 The course will be assessed as follows:
Continuous Assessment Tests 20% Practical
Based Assessment 10% Final Examination
70% Total 100%
Course Textbook and Journal
1. Anderson, R. (2008). Security Engineering, 2nd ed. Wiley.
2. Kaufman, C., Perlman, R. & Speicher, M. (1995). Network Security – Private Communication in a
Public World. New Jersey: Prentice Hall, Englewood Cliffs.
3. Schneider, B. (1996). Applied Cryptography, 2nd ed. John Wiley.

Course Outline

WEEK TOPIC SUB TOPIC

1 Network Security - - Introduction

Overview - Physical Network
- Wired & Wireless Networks
- Vulnerabilities & Attacks
- Network Protocol
- TCP/IP Protocol
- DNS Protocol
- ICMP Protocol
-
2 - Goals of Network Security
- Achieving Network Security
- Security Mechanisms at Networking Layers
-
3 Network Security - - Introduction
Application Layer - E-mail Security
- E-mail Infrastructure
- Multipurpose Internet Mail Extensions (MIME)
- E-Mail Security Services
- One-to-One E-mail
- One-to-Multiple Recipients E-mail
- One-to-Distribution List E-mail
- Pretty Good Privacy (PGP)
- PGP Certificate
-

Page 2 of 5
4 - Secure Multipurpose Internet Mail Extension (S/MIME)
- Employability of S/MIME
- DNS Security
- Vulnerability of Standard DNS
- DNSSEC Defined
-
5 Network Security - - Introduction
Transport Layer - Need for Transport Layer Security
- Philosophy of TLS Design
- Why TLS is Popular?
- Secure Socket Layer (SSL)
- Brief History of SSL
- Salient Features of SSL
- Architecture of SSL
- Functions of SSL Protocol Components
- Establishment of SSL Session
- Resuming a Disconnected Session
- SSL Session Keys
- TLS Protocol
- Comparison of TLS and SSL Protocols
- Secure Browsing – HTTPS
- HTTPS Defined
- Working of HTTPS
- Use of HTTPS
- Secure Shell Protocol (SSH)
- SSH Defined
- SSH Services
- Security at Transport Layer - Benefits & Limitations
-
6 - CAT 1
-
7 Network Security - - Introduction
Network Layer - Security in Network Layer
- Features of Internet Protocol Security (IPsec)
- Security Functions provided by the IPsec
- Virtual Private Network
- Overview of IPsec
- Operations Within IPsec
- IPsec Communication Modes
- Transport Mode
- Tunnel Mode
-
8 - IPsec Protocols
- Authentication Header
Page 3 of 5
 - Encapsulation Security Protocol (ESP)
- Security Associations (SA) in IPsec
- Parameters of SA
- Security Administrative Databases
- Security Association Database
- Security Policy Database
-
9 Network Security – - Introduction
- Security Concerns in Data Link Layer - Common Attacks
Data Link Layer
o Address Resolution Protocol (ARP)
o MAC Flooding
o Port Stealing
o Dynamic Host Configuration Protocol (DHCP)
Attacks
o Other Attacks
- Securing Ethernet LANs
- Port Security
- DHCP Snooping
- Preventing ARP Spoofing
- Securing Spanning Tree Protocol
- Spanning Tree Protocol
- Attacks on STP
- Preventing Attacks on STP
- Securing Virtual LAN
- Virtual Local Area Network
- Attack on VLAN & Prevention Measures
- Switch Spoofing
- Double Tagging
- Securing Wireless LAN
- Attacks in Wireless LAN
- Security Measures in Wireless LAN
- Wired Equivalent Privacy (WEP)
- 802.11i Protocol
- Wi-Fi Protected Access (WPA)
- Wi-Fi Protected Access 2 (WPA2)

10 Network Security – - Introduction

- Securing Access to Network Devices
Access Control
- User Authentication and Authorization
- Password Based Authentication
- Centralized Authentication Methods
- Access Control Lists
-

Page 4 of 5
11 - CAT 2
-
12 Network Security – - Introduction
- Types of Firewall
Firewalls
- Stateless & Stateful Packet Filtering Firewall
- Application Gateways
- Circuit-Level Gateway
- SOCKS
- Firewall Deployment with DMZ
- Intrusion Detection / Prevention System
- Difference between IDS and IPS
- Types of IDS
13 Network Security – - Introduction
- Role of Network in Business
Critical Necessity
- Benefits of Networks
- Necessity for Network Security
- Importance of Network Security for Business
-
-
-
14 - Revision

15 - EXAM

16 - EXAM

H.O.D:_____________________________ Sign:_____________ Date:____________________

Classrep Name:_____________________ Sign:_____________ Date:____________________

Lecturer Name:_____________________Sign:_____________ Date:____________________

Page 5 of 5