CTS 1314 - Network Defense and Countermeasures

College of Computer & Information Technology

Credit(s): 3
Contact Hours: 47
Effective Term Summer 2021 (590)

Requisites

Prerequisite CTS 1120 with a minimum grade of C

Course Description

This course will explore concepts of network defense and countermeasures as well as hardware and software required to design, configure and implement secure networks. Security topics covered in this course include firewalls, Intrusion Detection Systems (IDS), Virtual Private Networks (VPN) and policy creation using applicable operating system software, Transmission Control Protocol/Internet Protocol (TCP/IP) packet/signature analysis, and overall system hardening against exploits. Hands-on instruction will include installing the network defense mechanisms and countermeasure applications. Software will be used for collecting, monitoring and auditing various activities; students will analyze threats and intrusions. Multiple business scenarios will be reviewed to determine which security policy provides the most protection at an acceptable level of risk in order to conduct business.

Learning Outcomes and Objectives

  1. The student will explain the concepts of network defense fundamentals by:
    1. identifying the basic components of a layered structure for network defense architecture.
    2. describing objectives of access control methods.
    3. defining concepts of auditing in a network.
    4. identifying the impact of a layered defense on network performance.
    5. describing the five keys of network security.
  2. The student will design firewall(s) for network protection by:
    1. identifying and describing firewall function and implementation methodologies.
    2. creating firewall policy based on provided statements.
    3. creating a rule set to be used with a packet filter.
    4. defining the function of a proxy server.
    5. describing the internal process of clients using proxy server to access the Internet.
    6. describing how a bastion host is included in network security.
    7. describing the function(s) of a honeypot in a network environment.
  3. The student will configure firewall(s) by:
    1. describing firewall implementation practices.
    2. discussing pros and cons of building or buying a firewall for the network.
    3. installing a checkpoint firewall using a specific criteria.
    4. examining the options for firewall monitoring and management.
    5. installing an Information Systems Authentication (ISA) Server as a firewall in a network environment.
    6. analyzing the configuration rule set for Linux Internet Protocol chain (Ipchain) running as a firewall.
    7. using the established firewall and network scenarios to implement complex rule sets and create multiple firewall configurations.
  4. The student will configure Virtual Private Networks (VPN) by:
    1. reviewing standard business drivers and technology components for successful VPN implementation.
    2. examining the concepts of Internet Protocol Security (IPSec).
    3. investigating the components of IPSec and how they work.
    4. identifying VPN tunneling protocols such as Point-to-Point Tunneling Protocol (PPTP), and Layer 2 Tunneling Protocol (L2TP).
    5. analyzing VPN designs and implementation issues.
    6. discussing VPN and Firewall architecture(s) to evaluate authentication related issues.
    7. performing tasks related to setting up security options for VPN(s).
  5. The student will design network Intrusion Detection Systems (IDS) by:
    1. reviewing how components interact to accomplish the IDS function.
    2. investigating technologies and techniques use to implement IDS.
    3. describing host based IDS(s) and how they identify intrusions.
    4. examining concepts and methods of data analysis and signatures of an incident.
    5. identifying the various uses for detecting, monitoring and anticipating network attacks.
    6. identifying the limitations of an IDS.
  6. The student will configure network IDS(s) by:
    1. describing the pros and cons of implementing an IDS (Snort) in a production environment.
    2. installing the Snort IDS application.
    3. creating and testing the rule sets to check the effectiveness of their installation.
    4. performing an install of IDS Center and testing its configuration of Snort rules.
    5. installing and configuring the Information Systems Security (ISS) scanning tool.
  7. The student will analyze Intrusion Signatures by:
    1. describing the concepts of performing packet-level signature analysis in the network environment.
    2. examining the functions of the Common Vulnerabilities and Exposure (CVE) standard.
    3. describing the benefits of CVE to network security professionals.
    4. examining the concepts of signatures that identify multiple types of malicious traffic.
    5. identifying normal Transmission Control Protocol/Internet Protocol (TCP/IP) traffic signature.
    6. examining packets for signatures of abnormal network traffic behavior.
  8. The student will perform risk analysis by:
    1. defining the concepts of risk analysis.
    2. analyzing the scenario to determine threats that must be addressed.
    3. describing the process of risk analysis.
    4. discussing methods that can be used to minimize threats.
    5. examining the principles of performing a continual risk analysis.
  9. The student will create security policy by:
    1. describing the concepts of security policies.
    2. describing how the company can benefit from using industry standards in policy creation.
    3. explaining the questions needed to design a physical access security policy.
    4. drafting an acceptable use policy statement.
    5. analyzing policies and procedures for incident handling and escalation.
    6. drafting common policies and procedures for strategic partner connections.

Criteria Performance Standard

Upon successful completion of the course the student will, with a minimum of 70% accuracy, demonstrate mastery of each of the above stated objectives through classroom measures developed by individual course instructors.

History of Changes

Effective 20021. 3 Year Review 2005, effective 20061(0370). CIS 1353 (prereq) deleted 1/22/08 C&I, effective 20072(0395). Prefix/# chg SCNS eff 20091(0415). Online 20092(0420). 3-Year Review 2009. C&I Approval: 05/31/2013, BOT Approval: 08/05/2013, Effective Term: Spring 2014 (480). C&I Approval: 02/14/2019, BOT Approval: 03/19/2019, Effective Term: Fall 2019 (565).
C&I Approval: , BOT Approval: , Effective Term: Summer 2021 (590)

Related Programs

  1. Applied Cybersecurity PTC (CYSECTC-AR) (615) (Active)
  2. Cisco Certified CyberOps Associate (to CYSEC-BAS) (CCOA2IC-AR) (620) (Active)
  3. Cisco Certified CyberOps Associate (to ITSC-AS) (CCOAIC-AR) (620) (Active)
  4. Cisco Certified CyberOps Associate (to ITSC-CT) (CCOA3IC-AR) (620) (Active)
  5. Cybersecurity (CYSEC-TR) (670) (Active)
  6. Cybersecurity (CYSEC-BAS) (610) (Active)
  7. Cybersecurity (ITSC-AS) (640) (Draft)
  8. Cybersecurity (ITSC-AS) (640) (Active)
  9. Cybersecurity (ITSC-CT) (510) (Active)
  10. EC Council Certified Network Defender (to CYSEC-BAS) (ECCND2IC-AR) (610) (Active)
  11. EC Council Certified Network Defender (to ITSC-AS) (ECCNDIC-AR) (610) (Active)
  12. EC Council Certified Network Defender (to ITSC-CT) (ECCND3IC-AR) (610) (Active)
  13. Technology Development & Management (TMGT-TR) (670) (Active)