SECUNET Syll for PAASCU - Detailed-eric

7/30/2019 SECUNET Syll for PAASCU - Detailed-eric

1/8

SECUNET Syllabus

I. COURSE IDENTIFICATION

Course Title Basic Network SecurityCourse Credit 3 UNITS

CoursePrerequisite

Advanced Networking Concepts

CourseCorequisite

NONE

CourseDescription

The course covers the fundamentals of network security. The extent of coverage is confined to the concepts necessary to provide the studewith a good working knowledge in network security. Appropriate hacking tools and security tools will be utilized to supplement and complemethe different network security concepts discussed.

II. COURSE OBJECTIVESGeneral Objective To introduce the basic concepts of network security to BSIT students.Specific Objectives At the end of the course, the students should be able to:

1. Aware of the basic security management concepts.2. The difference between policies, standards, guidelines, and procedures.3. Determine the level of threat provided by the intruders.4. Explain the ways and good practices of network security.5. Understand some laws pertaining to cyber crimes.6. Differentiate the level of security and weaknesses in each network.7. Name network attacks and vulnerabilities.8. Use some methods of testing for network vulnerabilities.9. Use some hacking prevention techniques.10.Understand the Information Technology Infrastructure Library11.Document company IT Use Policies

III. TEXTBOOK(S) AND REFERENCES

Textbook(s) Graves, K. (2010). CEH. United Kingdom: Wiley Pub. Kartalopoulos, S.V (2009). Security of Information and Communication. UnitedKingdom:Wiley Pub.Basta,A. (2008). Computer Security and Penetration Testing. Thomson. Fourouzan, B.A (2008). Cryptography and Network Security. McGrHill

References Gregg, M.C (2008). Build Your Own Lab. Wiley Pub. Ye,N. (2008). Secure Computer and Network System. J.Wiley Pub. Jacobson,D. (2009

Information Technology Education Department


2/8

Introduction to Network Security. CRC.

Module Objectives Activities/Tasks/Skills/Focus Learning Resources Value Focus Assessment/Eval

Week 1

Module 1: Orientation, Reviewof the Course SyllabusExpectations leveling andClassroom Rules Formulation

Chapter 1 : SecurityManagement Practices

Module 2: InformationSecurity TriadBasic Security ConceptsConfidentialityIntegrity

Availability

Module 3: SecurityManagementSecurity Program DevelopmentSecurity Control Goals

Module 4: Information RiskManagementKinds of IRMCountermeasures or SafeguardSecurity Controls(Functional vs. Assurance)Classification Controls

At the end of the period, the studentsshould be able to:

1. Explain what the course is all about;2. Recall and agree on expected

classroom behavior and procedures.Relive the basic tenets beingdiscussed in the class.

3. Know the basic information aboutsecurity management concepts

4. The difference between policies,standards, guidelines, andprocedures

5. Security awareness concepts6. Risk Management

Discussion of the syllabus,

review of classroom rules andprocedures.

Discussion of chapter 1 about

Security ManagementPractices

Review on Different kinds of

information and databasevalues

Practical laboratory on

capturing and observinginformation within the network

Syllabus

Reference books

Cisco Router

Wireshark

Determination

Perseverance

Short Quiz

Recitation

Assignment

Laboratory Exe

Week 2

Chapter 2: Access Control

Module 5: IdentityManagement


1. Understand the threats,vulnerabilities, and risks which areassociated with the information

Discussion on how to gainaccess base on privilegesand user account roles asusers on the network

Familiarization of the basic

terms of network security as

Syllabus

Reference Books

Packet Tracer

Net Scan

Determination

Knowledge

Technical Skills

Comprehension

Logic

Short Quiz

Recitation

Seatwork

Laboratory Exe

Assignment


3/8

Components of Access ControlAccount Management

Module 6: AuthenticationPassword Management andTechniquesTypes of Biometrics

Problems with Biometrics

Module 7: Access ControlModulesDiscretionary Access ControlMandatory Access ControlNon Discretionary AccessControlRole Based Access Control

system2. Explain and apply the preventive and

detective measure that are availableto counter them

3. Compare and contrast the differentkinds of biometrics as well as howthey help to secure the network

4. Explain the role and methods on how

Access Control Modules works tosecure the network

well as the right usage ofpassword

Discussion of the different

way on how to secure thesystem using biometrics

Basic alphanumeric

password creation andaccess-list restriction

practical laboratory exercise

Week 3

Chapter 3:Telecommunication andNetwork Security

Module 8 - Remote AccessSecurity ManagementSecuring Telecommunicationand User ConnectivityRemote User ManagementIssues

Module 9 - Intrusion Detectionand ResponseFundamental Variation on howIDS worksComputer Incident andResponse

Long Quiz


1. Communications and networksecurity as it relates to voice, data,multimedia, and facsimiletransmissions in terms of local area,wide area, and remote access

2. Communications security techniquesto prevent, detect, and correct errorsso that integrity, availability, and theconfidentiality of transactions overnetworks may be maintained

3. Internet/intranet/extranet in terms offirewalls, routers, gateways andvarious protocols

4. Communications securitymanagement and techniques, whichprevent detect, and correct errors so

that the transactions over networksmay be maintained

Review on how to perform

remote management as wellas securing the connection

Discussion of basic

fundamentals of IntrusionDetection System

Discussion of Computer

Incident and Response

Discussion of network attacks

and abuses

Practical Laboratory in

remote connection usage andintrusion detection simulation

Syllabus

Reference Books

Cisco Routers

Packet Tracer

WireShark GNS3 Simulator

VNC

Determination

Knowledge

Perseverance

Enthusiasm

Teamwork

Long Quiz

Recitation

Seatwork

Hands On Lab

exercise

Week 4Continuation of the previouschapter


4/8

Module 10: Back Up Conceptsand MethodsKinds of Backup MethodsBack Up Concepts andTechniquesCommon Back up Issues

Module 11: Single point offailuresManaging Single Point ofFailures

Module 12: Network Attacksand AbusesDenial of ServiceSession Hijacking Attack

ACRONIS,

Windows System

Backup

Backtrak

Week 5

Chapter 4: LayeredArchitecture Model andFirewall Concepts

Module 13: OSI ReferenceModel and TCP/IP ModelSeven OSI Reference Model

Module 14: OSI SecurityService and ManagementBasic Security ManagementSecurity Mechanism

Module 15: FirewallArchitecturesTypes of Firewall and Concepts


1. Explain the various role of OSImodels

2. Compare and Contrast OSIReference Model and the TCP/IPModel

3. Key Concepts of how firewall worksto protect our network

Review of the OSI Reference

model

Review of the TCP/IP Model

Discussion of Firewall

Architectures

Simulation on how firewall

works against threats

Syllabus

Reference Books

Firewall Simulator

(ice black) Cisco Routers

Packet Tracer

Wireshark

Determination

Knowledge

Technical Skills

Dedication Teamwork

Short Quiz

Seatwork

Recitation

Practical Exam Hands On Lab

Exercise

Week 6

Chapter 5- Cryptography

Module 16: Cryptography


1. Overview of Cryptography andencryption techniques

Review of Cryptography

History

Review of Cryptography key

concepts

Syllabus

Reference Books

Cain and Abel

Packet Tracer

Determination

Knowledge

Technical Skills

Dedication

Short Quiz

Seatwork

Recitation

Hands On Lab


5/8

ConceptsCryptography TerminologyCryptosystem Development

Module 17: CryptographyHistoryShift CipherTransposition Cipher

ScytaleVigenere Cipher

Module 18: SymmetricCryptographyDESTriple DESRC4,RC5,RC6BlowfishIDEASymmetric Cons

2. Explain the Cryptography KeyFundamentals and History

3. Distinguish the different types ofencryption modes

Discussion of the kinds of

Cryptography and thedifferent encryption modes

Practical Laboratory,

Encryption implementation

Wireshark

TrueCrypt,

CommuniCrypt

Enthusiasm

Excitement

Logic

Exercise

Week 7Continuation of the previouschapter

Module 19: AsymmetricCryptographyDiffie-HelmanRSA,DSAEl-GamalElliptic Curve Cryptosystem

Module 20: Encryption ModesCipher Block EncryptionBlock EncryptionStream Cipher

Week 8

Long Quiz 2

Film Showing : Hackers Wanted

At the end of the period, the students

should be able to:1. Evaluate students on what they learn

on the previous weeks2. Assess their theoretical skills3. Assess movies on how ethical

hacking affect the community

Assessment of the theoretical

capability of the student Film Showing

Syllabus

Reference Books

Modules

Movie

Determination

Perseverance

Motivation

Knowledge

Comprehension

Long Quiz

Recitation

Seatwork

Hands On Lab

Exercise


6/8

Week 9

Chapter 6: SecurityArchitecture

Module 21: System SecurityArchitectureSecurity Architecture Terms and

PerimetersBasic Hardware Architecture

Module 22: System SecurityModelState Machine ModelBell-Lapadula ModelBIBA ModelLatice Model

Module 23: Security Modes ofOperationDedicated Security ModeSystem High Security Mode

At the end of the period, the studentsshould be able to:1. Identify the different computer

components as well as theirrespective functions

2. Methods on how the security modelswork

3. Understand the system security

model in performing protectionmechanism against threats

Discussion of the system

security architecture

Review of the computer

components

Discussion of the System

security model and modes ofoperation

Syllabus

Reference Books

Modules

Computer

Components

Determination

Motivation

Technical

Teamwork

Short Quiz

Recitation

Seatwork

Practical Skills

Week 10

Chapter 7:BusinessContinuity Planning andDisaster Recovery Planning

Module 24: BusinessContinuity PlanningBCP DR Key ConceptsCreating a BCP

Module 25: Disaster RecoveryManagementRecovery Planning

Warm SiteCold SiteRestoration Methods

Module 26: Electronic


1. Understand the basic differencebetween business continuity planningand disaster recovery planning

2. Explain the difference betweennatural and man made disaster.

3. Identify the four prime Businesscontinuity planning elements

4. Evaluate the steps in creating adisaster recovery plan

5. Explain the five types of disasterrecovery plan test

6. Understand and implement thedifferent types of back up plan

Discussion on Business

Continuity Planning

Review on the Disaster

Recovery Management

Discussion of Electronic

Vaulting and RemoteJournaling

Syllabus

Reference Books

Modules

Determination

Motivation

Perseverance

Teamwork

Knowledge

Short Quiz

Seatwork

Assignment

Practical Skills


7/8

Vaulting and RemoteJournalingBackup Plans and CategoryRemote JournalingTape Vaulting

Week 11

Chapter 8: PhysicalEnvironmental Security

Module 27: Physical SecurityFundamentalsThreats and Physical SecurityProblemsPhysical Security FundamentalsSecurity Zones

Module 28: EnvironmentalIssues and Practices

Automatic Fire Prevention andSuppression SystemPerimeter SecurityPhysical IDS


1. The elements involved in choosing asecure site and its design andconfiguration

2. The methods for securing a facilityagainst unauthorized access

3. The methods for securing theequipment against theft of either theequipment or its containedinformation

4. The environmental and safetymeasures needed to protectpersonnel, and the facility and itsresources

Discussion of the Physical

Security Fundamentals

Review on the EnvironmentalIssues and Practices

Practical Laboratory, Physical

Security

Syllabus

Reference Books

Packet Tracer

Determination

Motivation

Teamwork Enthusiasm

Technical

Knowledge

Short Quiz

Seatwork

Assignment Practical Skills

Hands On Lab

Physical Secu

Week 12

Chapter 9: Cybercrimes andother Legal Stuff

Module 29: Complexities inCyber CrimeComplexities in Cyber CrimeTypes of Law and key concepts

Module 30 : International

Protection of PropertySoftware PiracyDifferent Laws and Regulations

Module 31 : Computer Fraudand Abuse

At the end of the period, the studentsshould be able to:1. Understand what laws apply to

computer crimes.2. How to determine if a crime has

occurred3. The basics of conducting an

investigation and the liabilities underthe law

Discussion of the

complexities in cyber crime

Review on the international

protection of property

Discussion on Computer

Fraud and Abuse

Discussion on Employee

Privacy

Syllabus

Modules

Reference Books

Computer Laws

Determination

Motivation

Technical

Knowledge

Perseverance

Short Quiz

Seatwork

Practical Lab

Recitation

Assignment


8/8

Gram Leach Bliley Act of 1999Federal Privacy Act of 1974

Week 13

Module 32 EmployeePrivacy IssuesEmployee Privacy Issues

Company Liability Issues

Computer ForensicInvestigationInvestigation and IncidentResponse

Module 33 IT Use PoliciesCompany IT infrastructure andnetwork design

Discussion on legal and

privacy issues on IT

Discussion on mitigation ofrisk and response to incidents

Audit a companys network

infrastructure

Assess and recommends

companys network security

Investigate

Assess

Perseverance

Discover

Week 14

Final Examination


1. Evaluate their knowledge acquiredthrough the subject

EXAM EXAM

Documents

SECUNET Syll for PAASCU - Detailed-eric