CE324-6-SP-CO: Network Security And Cryptographic Principles
Department: Computer Science and Electronic Engineering
Essex credit: 15
ECTS credit: 7.5
Available to Study Abroad / Exchange Students: Yes
Full Year Module Available to Study Abroad / Exchange Students for a Single Term: No
Outside Option: No
Comments: Pre-Req - CE235 and some IP Networking knowledge is assumed
Dr Martin Reed
Dr Martin Reed
CSEE School Office, email: csee-schooloffice (non-Essex users should add @essex.ac.uk to create full e-mail address), Telephone 01206 872770
|Module is taught during the following terms
The aim of this module is to consider the application of security to networked computers and systems, extending on the content of CE235 Computer Security (which examined security as applied to a single computer). It explains how to secure a network by applying methods to detect, mitigate and/or stop attacks.
Based on the assumption that public networks will always be open to compromise, this course introduces techniques to secure transmitted data,
including the management of encryption systems and communication.
After completing this module, students will be expected to be able to:
1. Identify and describe common network security vulnerabilities/attacks
2. Design computer network architectures that reduce security risks
3. Formulate firewall table rules and in general be familiar with network boundary protection.
4. Identify and describe the operation of security tools for network security applications
5. Propose suitable security techniques for encryption and authentication
6. Analyse the key management techniques required for encrypted
Principles of network security and privacy. Introduction to the different types of networkbased attack (or non-malicious problem) that may require attention.
Securing a computer network at the network layer
Techniques to identify network vulnerabilities and review of the relevant network layer protocols. Types of firewall. Configuring network firewalls and application gateways.
Computer architectures and topologies that reduce risk of attack. Network policies that support security. Securing wireless systems. Stopping network layer and DNS-based
Detecting and mitigating network based attacks
Network intrusion detection systems. Fake systems (honeypots) for attack
deflection/detection. Adapting network policy in reaction to attack.
Key management for encryption and authentication
Ticket-based authentication systems including Kerberos. Public key infrastructure (PKI). Securing Email communication. Secure network management.
Secure communication protocols
Securing application/transport layer protocols using secure socket layer (SSL) including secure HTTP web transfer. Securing network layer transmission through IP security (IPsec).
Virtual private networks (VPNs). Secure web-based applications (cookies, cross-site scripting, and spoofing).
Learning and Teaching Methods
Lectures and Laboratory sessions
30 per cent Coursework Mark, 70 per cent Exam Mark
Lab Test 1(MCQ test open book), weighting = 12%, taken in wk 21
Lab Test 2 (MCQ test open book), weighting =12% taken in wk 25
Log Book - to hand in at end of the second test, weighting = 6%, submitted in wk 25
Exam Duration and Period
2:00 during Summer Examination period.
STUDENTS SHOULD NOTE THAT THIS MODULE INFORMATION IS SUBJECT TO REVIEW AND CHANGE
- Highly recommended reading
- CHESWICK, W.R., BELLOVIN, S.M. AND RUBIN, A.D., Firewall and Internet Security,
- Addison-Wesley 2003 (2nd edn)
- KAUFMAN, C., PERLMAN, R. AND SPECINER, M., Network Security: Private
- Communication in a Public World, Prentice Hall (2nd edn)
- Recommended reading
- YUAN, R. AND STRAYER, W.T., Virtual Private Networks: Technologies & Solutions,
- STALLINGS, W., Network Security Essentials: Applications and Standards, Prentice Hall
- Background reading
- CONVERY, S., Network Security Architectures, Cisco Press
- REHMAN, R.U., Intrusion Detection with SNORT, Prentice Hall 2003