Module Details

CE324-6-SP-CO: Network Security And Cryptographic Principles

Year: 2016/17
Department: Computer Science and Electronic Engineering
Essex credit: 15
ECTS credit: 7.5
Available to Study Abroad / Exchange Students: Yes
Full Year Module Available to Study Abroad / Exchange Students for a Single Term: No
Outside Option: No
Pre-requisites: CE235
Co-requisites:
Comments: Pre-Req - CE235 and some IP Networking knowledge is assumed

Staff
Supervisor: Dr Martin Reed Arsenia Chorti Arsenia Chorti Arsenia Chorti
Teaching Staff: Dr Martin Reed
Contact details: CSEE School Office, email: csee-schooloffice (non-Essex users should add @essex.ac.uk to create full e-mail address), Telephone 01206 872770

Module is taught during the following terms
Autumn Spring Summer

Module Description

Learning Outcomes

The aim of this module is to consider the application of security to networked computers and systems, extending on the content of CE235 Computer Security (which examined security as applied to a single computer). It explains how to secure a network by applying methods to detect, mitigate and/or stop attacks.

Based on the assumption that public networks will always be open to compromise, this course introduces techniques to secure transmitted data,
including the management of encryption systems and communication.

After completing this module, students will be expected to be able to:

1. Identify and describe common network security vulnerabilities/attacks
2. Design computer network architectures that reduce security risks
3. Formulate firewall table rules and in general be familiar with network boundary protection.
4. Identify and describe the operation of security tools for network security applications
5. Propose suitable security techniques for encryption and authentication
6. Analyse the key management techniques required for encrypted
communication/authentication

Outline Syllabus

Introduction

Principles of network security and privacy. Introduction to the different types of networkbased attack (or non-malicious problem) that may require attention.

Securing a computer network at the network layer

Techniques to identify network vulnerabilities and review of the relevant network layer protocols. Types of firewall. Configuring network firewalls and application gateways.

Computer architectures and topologies that reduce risk of attack. Network policies that support security. Securing wireless systems. Stopping network layer and DNS-based
spoofing.

Detecting and mitigating network based attacks

Network intrusion detection systems. Fake systems (honeypots) for attack
deflection/detection. Adapting network policy in reaction to attack.

Key management for encryption and authentication

Ticket-based authentication systems including Kerberos. Public key infrastructure (PKI). Securing Email communication. Secure network management.

Secure communication protocols

Securing application/transport layer protocols using secure socket layer (SSL) including secure HTTP web transfer. Securing network layer transmission through IP security (IPsec).

Virtual private networks (VPNs). Secure web-based applications (cookies, cross-site scripting, and spoofing).

Learning and Teaching Methods

Lectures and Laboratory sessions

Assessment

30 per cent Coursework Mark, 70 per cent Exam Mark

Coursework

Lab Test 1(MCQ test open book), weighting = 12%, taken in wk 21 Lab Test 2 (MCQ test open book), weighting =12% taken in wk 25 Log Book - to hand in at end of the second test, weighting = 6%, submitted in wk 25

Exam Duration and Period

2:00 during Summer Examination period.

Other information

STUDENTS SHOULD NOTE THAT THIS MODULE INFORMATION IS SUBJECT TO REVIEW AND CHANGE

Bibliography

  • Highly recommended reading
  • CHESWICK, W.R., BELLOVIN, S.M. AND RUBIN, A.D., Firewall and Internet Security,
  • Addison-Wesley 2003 (2nd edn)
  • KAUFMAN, C., PERLMAN, R. AND SPECINER, M., Network Security: Private
  • Communication in a Public World, Prentice Hall (2nd edn)
  • Recommended reading
  • YUAN, R. AND STRAYER, W.T., Virtual Private Networks: Technologies & Solutions,
  • Addison-Wesley
  • STALLINGS, W., Network Security Essentials: Applications and Standards, Prentice Hall
  • Background reading
  • CONVERY, S., Network Security Architectures, Cisco Press
  • REHMAN, R.U., Intrusion Detection with SNORT, Prentice Hall 2003

External Examiner Information

  • Name: Dr Tahmina Ajmal
    Institution: University of Bedfordshire
    Academic Role: Senior Lecturer