CS3690: Network Security - NPS Online
Overview
This course covers the concepts and technologies used to achieve confidentiality, integrity, and authenticity for information processed across networks. Topics include: fundamentals of TCP/IP-based networking, core network security principles, traffic filtering types and methodology, packet-level traffic analysis, employment of cryptography, tunneling/encapsulation, Public Key Infrastructure (PKI), remote authentication protocols, and virtual private networks based upon the IPSec, L2TP, and SSL protocols.
Included in degrees & certificates
- 225
- 256
- 367
Prerequisites
- CS3600
Learning Outcomes
- Student will learn that protocol-based automation lies at the core of what all systems generally referred to as "cyber" are composed of.
- Student will learn that virtually all cyber-enabling protocols are vulnerable to one or more of the elements of the CIA-Triad: confidentiality, integrity, availability.
- Student will learn how the three information security objectives (CIA-Triad) can be used to characterize all four factors of the Risk Equation: threats, vulnerabilities, security controls, and impact.
- Student will learn how the combination of protocols (e.g., IP, TCP, NAT, etc.), devices (e.g., switches, routers, servers, etc.), and addressing/naming schemes (e.g., MAC, IP, port, fqdn) work together to enable data-in-transit via automated systems and infrastructure (e.g., ARP, DNS, DHCP, BGP, etc.)
- Student will learn how to "read" and interpret layers 2-4 of the TCP/IP protocol stack; with the goal of being capable of distinguishing "normal" (i.e., protocol- and behavior-compliant) traffic from that which is "abnormal", and thus indicative of either non-malicious errors or (intentional) malicious activity.
- Student will learn to appreciate the value that understanding "normal" protocol-enabled behavior brings to the network defender's ability to properly "filter" for enhanced security protection.
- Student will learn to convert high(er) level security policy statements/requirements into action via appropriate security device configuration.
- Student will learn the rudiments of applying protocol information to create appropriate traffic filters (e.g., router access-control lists) that combine both white- and black-listing techniques; with the end goal of creating and/or enhancing principle-of-least-privilege (POLP) based perimeter defenses.
- Student will learn the fundamentals of cryptologic mechanisms, to include: key symmetry, PKI, digital signature, digital certificate, cross-certification, trust anchor, certification authority, message authentication code, bit-entropy, brute-force time estimation, Kerckhoff's Principle, Avalanche Principle, session key, key management infrastructure, key distribution complexity, and VPN types.
- Student will learn to assess--at a high level--whether any particular combination of cryptologic mechanisms (e.g., hash, nonce, asymmetric encryption or symmetric encryption) provides one, both or neither of confidentiality and integrity.
- Student will learn the fundamental protocols by which digital authentication can be achieved via the proof-of-possession-of-secrets paradigm: using both TLS and IPsec as examples.
- Student will learn the meaning of, and how to distinguish between, the terms: key establishment, key transport, key agreement and key derivation.
- Student will learn what is meant by a "side-channel" attack; both in the general sense as well as a specific (cryptographic) example.
- Student will learn about VPN split-tunneling, and considerations/concerns when VPN (tunneling) technology is integrated with firewall (filtering) technology.
- Student will learn of the ROI potential of integrating trusted third-party infrastructure solutions for the purpose of dealing with the key management problem at scale.
- Student will learn what Perfect-Forward Secrecy means, and what is required to achieve it.
- Student will learn the requirements of the three assurance levels that can be applied to each of the identification, authentication, and federation aspects of a digital authentication enterprise; as described by NIST in its SP800-63-3 publication.
- Student will learn the functional components and operation of IEEE 802.1X (port-based access-control), and IPsec based VPNs.
Offerings database access
Asset Publisher
Application Deadlines
No upcoming deadlines.
Asset Publisher
Academic Calendar
No upcoming events.