Network Security

Course Title: Network Security

Course No: CSIT.423.3

Nature of the Course: Theory + Lab

Semester: 8

Full Marks: 60 + 20 + 20

Pass Marks: 24 + 10 + 10

Credit Hours: 3

Course Description

This course introduces key concepts of network security. The topics include the basic concepts of network security including application, transport, IP and data link layer security mechanisms and protocols. The course covers the wireless security principles as well as the use of firewalls to secure networks.

Course Objectives

Introduce basics of network security principles so that students will be able to use network and internet security techniques including transport and IP security approaches together with the use of firewall to secure the public and private networks.

Course Contents

1. Introduction

7 hrs

1.1. Overview of network security, Goals of Network Security, Methods to achieve network security

Overview of network security

Goals of Network Security

Methods to achieve network security

1.2. Security Architecture of OSI Reference Model

1.3. Security Services and Layering: Link to Link Encryption, End-to-End Encryption

Security Services and Layering

Link to Link Encryption

End-to-End Encryption

1.4. Threats and Attacks in Network, Denial of Service Attacks, Repudiation Attacks

Threats and Attacks in Network

Denial of Service Attacks

Repudiation Attacks

1.5. Network Access Control (NAC), NAC enforcement methods, Extensible Authentication Protocol (EAP)

Network Access Control (NAC)

NAC enforcement methods

Extensible Authentication Protocol (EAP)

2. Application Level Security

8 hrs

2.1. Security issues at application layer

2.2. Email Security, Email Security Services, Pretty Good Privacy (PGP), Services of PGP, Privacy Enhancement Mail (PEM), Secure Multipurpose Internet Mail Extension (S/MIME), Domain Keys Identified Mail (DKIM)

Email Security and Email Security Services

Pretty Good Privacy (PGP) and its Services

Privacy Enhancement Mail (PEM)

Secure Multipurpose Internet Mail Extension (S/MIME)

Domain Keys Identified Mail (DKIM)

2.3. DNS Security, Domain Name System Security Extension (DNSSEC)

DNS Security

Domain Name System Security Extension (DNSSEC)

2.4. S-HTTP, Secure Electronic Transaction (SET)

S-HTTP

Secure Electronic Transaction (SET)

3. Transport Level Security

6 hrs

3.1. Security issues at transport layer

3.2. Secured Socket Layer (SSL), Features of SSL, Architecture of SSL

Secured Socket Layer (SSL)

Features of SSL

Architecture of SSL

3.3. Transport Layer Security (TLS), Features of TLS, Architecture of TLS, Comparison of SSL and TLS

Transport Layer Security (TLS)

Features of TLS

Architecture of TLS

Comparison of SSL and TLS

3.4. HTTPS, SSH, SSH Services

HTTPS

SSH and SSH Services

4. IP Security

5 hrs

4.1. Overview of IP Security

4.2. IPSec Protocol, Architecture of IPSec Protocol: IPSec Policy, AH Protocol, ESP Protocol, Transport and Tunnel Mode of IPSec, Key Management in IPSec

IPSec Protocol

IPSec Policy

AH Protocol

ESP Protocol

Transport and Tunnel Mode of IPSec

Key Management in IPSec

4.3. Applications of IPSec

4.4. Virtual Private Network (VPN), Ensuring VPN using IPSec

Virtual Private Network (VPN)

Ensuring VPN using IPSec

5. Data Link Layer Security

5 hrs

5.1. Attacks at Data Link Layer: ARP Spoofing, MAC Flooding, Port Stealing

ARP Spoofing

MAC Flooding

Port Stealing

5.2. Securing Ethernet LANs: Port Security, Preventing ARP Spoofing, Spanning Tree Protocols, Preventing Attacks on STP.

Port Security

Preventing ARP Spoofing

Spanning Tree Protocols

Preventing Attacks on STP

5.3. Securing VLANs

6. Wireless Network Security

6 hrs

6.1. IEEE 802.11 Wireless LAN Overview

6.2. IEEE 802.11i Wireless LAN Security

6.3. Wireless Application Protocol Overview

6.4. Wireless Transport Layer Security

6.5. WAP End-to-End Security

7. Firewalls

4 hrs

7.1. Introduction of firewalls, Need for Firewalls

Introduction of firewalls

Need for Firewalls

7.2. Types of Firewalls: Packet Filtering, Stateful Inspection, Application Level Gateways, Circuit Level Gateways, Host Based Firewalls.

Packet Filtering

Stateful Inspection

Application Level Gateways

Circuit Level Gateways

Host Based Firewalls

7.3. Securing Networks by configuring Firewalls

8. Network Management Security

4 hrs

8.1. Basic Concepts of SNMP, Protocol Context of SNMP

Basic Concepts of SNMP

Protocol Context of SNMP

8.2. SNMP V1, V2, V3

SNMP V1

SNMP V2

SNMP V3

8.3. User Security Model (USM)

8.4. View Based Access Control Model (VACM)

Laboratory Works

Student should write programs to simulate the network security protocols. The instructor should facilitate the appropriate use of security tools to simulate the security mechanisms in above mentioned chapters. Students should be able to configure the firewalls and other network security management tools. The lab work should be practiced for minimum of 3 lab hours per week.

1.Security Protocol Simulation
2.Security Tools
3.Firewall Configuration

Text Books

1.William Stallings, "Network Security Essentials: applications and standards", Prentice Hall

Reference Books

1.William Stallings, "Cryptography and Network Security: Principles and Practices", Pearson Education.
2.Michael T. Goodrich and Roberto Tamassia, "Introduction to Computer Security", Pearson Education
3.Chris Brenton and Cameron Hunt, "Mastering Network Security", SYBEX
4.Eric Maiwald, "Network Security A Beginner's Guide", McGraw-Hill
5.B. A. Forouzan, "Cryptography & Network Security", Tata Mc Graw Hill.

Notes:

This syllabus follows the official CSIT curriculum of Far Western University. In case of any doubt or revision, the university's published syllabus shall be considered authoritative. https://cdc.fwu.edu.np/faculties.html

Network Security

Network Security

Select University

Select Program

TabFlux . Network Security . FWU . BSc. CSIT