Learning Outcomes
This course considers the application of security to networked computers and systems, extending on the content of CE708 Computer Security (which examined security as applied to a single computer). It explains how to secure a network by applying methods to detect, mitigate and/or stop attacks. Based on the assumption that public networks will always be open to compromise, this course introduces techniques to secure transmitted data, including the management of encryption systems and communication.
1. Identify and describe common network security vulnerabilities/attacks
2. Design computer network architectures that reduce security risks
3. Formulate firewall table rules and in general be familiar with network boundary protection.
4. Identify and describe the operation of security tools for network security applications
5. Propose suitable security techniques for encryption and authentication
6. Analyse the key management techniques required for encrypted communication/authentication
7. Analyse security problem scenarios and propose integrative solutions
Outline Syllabus
Introduction
- Principles of network security and privacy. Introduction to the different types of network-based attack (or non-malicious problem) that may require attention.
-Securing a computer network at the network layer
Techniques to identify network vulnerabilities and review of the relevant network layer protocols. Types of firewall. Configuring network firewalls and application gateways. Computer architectures and topologies that reduce risk of attack. Network policies that support security. Securing wireless systems. Stopping network layer and DNS-based spoofing.
- Detecting and mitigating network based attacks
Network intrusion detection systems. Fake systems (honeypots) for attack deflection/detection. Adapting network policy in reaction to attack.
-Key management for encryption and authentication
Ticket-based authentication systems including Kerberos. Public key infrastructure (PKI). Securing Email communication. Secure network management.
- Secure communication protocols
Securing application/transport layer protocols using secure socket layer (SSL) including secure HTTP web transfer. Securing network layer transmission through IP security (IPsec). Virtual private networks (VPNs). Secure web-based applications (cookies, cross-site scripting, and spoofing).
This course considers the application of security to networked computers and systems, extending on the content of CE708 Computer Security (which examined security as applied to a single computer). It explains how to secure a network by applying methods to detect, mitigate and/or stop attacks. Based on the assumption that public networks will always be open to compromise, this course introduces techniques to secure transmitted data, including the management of encryption systems and communication.
1. Identify and describe common network security vulnerabilities/attacks
2. Design computer network architectures that reduce security risks
3. Formulate firewall table rules and in general be familiar with network boundary protection.
4. Identify and describe the operation of security tools for network security applications
5. Propose suitable security techniques for encryption and authentication
6. Analyse the key management techniques required for encrypted communication/authentication
7. Analyse security problem scenarios and propose integrative solutions
Outline Syllabus
Introduction
- Principles of network security and privacy. Introduction to the different types of network-based attack (or non-malicious problem) that may require attention.
-Securing a computer network at the network layer
Techniques to identify network vulnerabilities and review of the relevant network layer protocols. Types of firewall. Configuring network firewalls and application gateways. Computer architectures and topologies that reduce risk of attack. Network policies that support security. Securing wireless systems. Stopping network layer and DNS-based spoofing.
- Detecting and mitigating network based attacks
Network intrusion detection systems. Fake systems (honeypots) for attack deflection/detection. Adapting network policy in reaction to attack.
-Key management for encryption and authentication
Ticket-based authentication systems including Kerberos. Public key infrastructure (PKI). Securing Email communication. Secure network management.
- Secure communication protocols
Securing application/transport layer protocols using secure socket layer (SSL) including secure HTTP web transfer. Securing network layer transmission through IP security (IPsec). Virtual private networks (VPNs). Secure web-based applications (cookies, cross-site scripting, and spoofing).
- Module Supervisor: Martin Reed