Study Centre Sydney
INTERNAL SUBJECT OUTLINE
2010-10
ITC358-Network Security
Subject Lecturer Peter Dalmaris
Email: pdalmaris@gmail.com
Lecture Wednesday
1-5pm
Lab16
Tutorials The weekly instruction in this subject will consist of a combined lecture /tutorial lasting up to 4 hours which will occur every Wednesday. This will cover the main points from each topic.
Consultation To be advised
The information in this study package has been adapted from the original materials provided by Charles Sturt University. Contact information, assessment items and due dates may have been changed with the approval of the Charles Sturt University subject convenor so that they better fit the specific situation of the local partner.
ITC358
Network Security
Faculty of Business
Subject Outline
2010-10
*ITC358*
Network Security
ITC358 Subject Outline
Faculty of Business
Subject lecturer
Peter Dalmaris
Session offering
Summer Session 2010 (30 Nov 2009-18 Feb 2010)
Produced by the Division of Learning and Teaching Services, Charles Sturt University, Albury - Bathurst - Wagga Wagga, New South Wales, Australia.
Published May 2009
Mailing Information
This subject has one mailing consisting of:
Readings
Subject Outline
Printed at Charles Sturt University
© Charles Sturt University
Previously published material in this book is copied on behalf of Charles Sturt University pursuant to Part VB of the Commonwealth Copyright Act 1968
Contents
ITC358 Network Security.................................................................................... 6
Subject details....................................................................................................... 6
Resources............................................................................................................. 7
Subject requirements............................................................................................. 9
Subject delivery................................................................................................... 11
Assessment details.............................................................................................. 13
Appendices......................................................................................................... 24
ITC358 Network Security
Welcome
Welcome to a new session of study at Charles Sturt University, Study Centre Sydney. This subject informs students of aspects of security relating to the operation and management of information technology infrastructure. The subject covers managerial and technical aspects of information security and provides a practical insight into information technology security practices.
Your subject lecturerPeter Dalmaris
Peter holds a PhD in knowledge management and business process management. He also hold a Bachelor degree in Electrical and Computer Engineering, a Master in Engineering and Information Systems and a Master of Science. You can contact Peter via email at pdalmaris@gmail.com.
Contact proceduresAcademic enquiries
Any questions concerning the teaching of this subject can be made by contacting your subject lecturer.
Email:
pdalmaris@gmail.comUniversity policies and regulations
Academic matters are defined by, and are subject to, Charles Sturt University policies and regulations. Your Subject Outline should be read in conjunction with all such academic regulations and policies, as some of these may affect the outcome of your studies.
At the beginning of the session, information regarding some of these specific regulations and policies will be posted to your eBox at
my.csu.
Subject details
Learning objectives
Upon successful completion of this subject, students should:
· be able to describe various types of threats that exist for computers and networks;
· be able to define the basic terminology associated with computer and information security;
· be able to describe the various physical security components used to protect computers and networks;
· be able to identify methods used to attack information security systems;
· be able to list techniques to enhance information security;
· be able to recognise basic cryptography techniques;
· be able to explain the components and use of a public key infrastructure;
· be able to identify the different types of devices used to secure a network;
· be able to compare and contrast the effectiveness of various firewall architecture;
· be able to define virtual private networks and describe their security aspects;
· be able to describe the security implications of wireless networks;
· be able to outline the role and features of intrusion detection systems;
· be able to apply methods of hardening network infrastructure;
· be able to describe various types of network and computer attacks;
· be able to list security aspects of applications such as email and web services; and
· be able to outline aspects of security policies and risk management techniques.
Resources
CSU Interact is the University's online learning environment. It contains your subjects with a range of learning services or tools that you will be able to explore. You can access CSU Interact via
http://my.csu.edu.auThe learning resources for this subject consist of:
Subject Outline
Readings
Prescribed text(s)
Ciampa, M. (2009). Security+ guide to network security fundamentals (3rd ed.). Canada: Course Technology.
Required reading
Reading 1: Pfleeger, C. P., & Pfleeger, S.L. (2007). Elementary cryptography. In Security in computing (4th ed. pp. 37-97). Upper Saddle River NJ: Prentice Hall.
Reading 2: Stallings, W. (2006). Firewalls. In Cryptography and network security: Principles and practices (4th ed. pp. 621-634). Upper Saddle River NJ: Prentice Hall.
Reading 3: Campbell, P., Calvert, B., & Boswell, S. (2003). E-mail. In Security+ guide to network security fundamentals (pp. 123-151). Canada: Thomson
Reading 4: Maiwald, E. (2004). Virtual private networks. In Fundamentals of network security (pp. 285-310). Burr Ridge, IL: McGraw-Hill.
Reading 5: Thomas, T. (2004). Router security. In Network security first-step (pp. 189-230). Indianapolis, IN: Cisco Press.
Reading 6: Geier, J. (2005). Wireless network security. In Wireless networks first-step. (pp. 171-200). Indianapolis, IN: Cisco Press.
Reading 7: Kaufman, C., Perlman, R., & Speciner, M. (2002). IPSec: AH and ESP. In Network security (2nd ed., pp. 423-439). Upper Saddle River, NJ: Prentice Hall.
Reading 8: Slay, J., & Koronios, A. (2006). The Australian ethical, legal and standards framework. In Information technology security & risk management. (pp. 67-100). Milton Qld: Wiley.
Electronic communication
A range of information and services concerning this subject is accessible through your personalised area (my.csu) of Charles Sturt University's web site at the following URL:
http://my.csu.edu.aumy.csu is a secure (password-protected) web site that enhances navigation of the University's online environment. It brings together information that relates to you. For example, Personal Details provides your textbook lists, examination timetables, academic transcripts and examination results, finance balances, and direct access to online subjects and forums. This web site also contains your eBox where official University communications will be sent, e.g. HECS information, messages from the Vice-Chancellor. Every distance education subject offered has an online Subject Outline. This outline links to learning resources and services available to assist you with the subject. These services include direct access to the:
· internet links and resources relevant to your subject;
· online subject forum which provides you with an opportunity to engage in discussion with your subject coordinator and other students enrolled in the subject;
· subject email address that allows you to contact your subject coordinator;
· and library, allowing you to search for subject information and resources.
Please note that due to the dynamic nature of the World Wide Web, some web sites may have been moved or links may have become inactive. Your assistance in reporting new, moved and inactive web sites through your subject forum is appreciated.
Library services
The Library website provides access to print and online material, such as books, reports, journals, articles, dissertations, newspapers, and other reference tools. You will also find guides and assistance to help you use the Library's resources.
http://www.csu.edu.au/division/library/Contact details are:
Study Centre Sydney (02) 9291 9300
Library Help
Answers to your frequently asked questions about Library services and resources are available at:
http://www.csu.edu.au/division/library/how-to/faq/Library skills tutorials
InfoSkills@CSU is a self-paced, interactive, online tutorial which teaches core research skills such as using library databases and the library catalogue. It incorporates a number of exercises and quizzes to test your understanding. It is modular and can be done in any order at any time. InfoSkills@CSU is located on the Library website (go to 'How to use the library' and 'Library skills tutorial') or can be accessed directly at:
http://www.web-ezy.com/csuweb-ezy/How to contact the Library
Phone
1800 808 369 (free call from within Australia)
Online Ask
A Question
http://csu.altarama.com/reft100.aspx?key=Ask&ref=120Library Forum
http://forums.csu.edu.au/perl/forums.pl?forum_id=Library_Services_forum&task=framesetLibrary contacts
http://www.csu.edu.au/division/library/about/contacts/Subject requirements
Pass/fail requirements
To pass this subject you must achieve an overall mark of 50% in the combined Assessments 1 & 2 total as well as a mark of 50% in the exam.
Plagiarism
It is unfair to honest students that other students cheat or plagiarise. Charles Sturt University takes a serious view of plagiarism and cheating in any form of assessment, and will take appropriate steps to detect plagiarism including using electronic plagiarism detectors.
Plagiarism consists of a person using the words or ideas of another as if they were his or her own. That is, using, or attempting to use, another person's work without acknowledgement. The important message here is that if you use the work of another person then it must be acknowledged. The phrase "using another person's work" includes, but is not limited to:
· using study guide material without acknowledgement;
· paraphrasing the work of another person;
· directly copying any part of another person's work;
· summarising the work of another person;
· using or developing an idea or theme derived from another person's work;
· using experimental results obtained from another person's work; and
· in the collaborative projects, falsely representing the individual contributions of the collaborating students where individual contributions are to be identified.
Other forms of cheating will also be treated with the utmost seriousness. The university reserves the right to electronically scan students' assessments for the purposes of verifying originality.
Penalties for plagiarism are listed in the Academic Regulations under the Student Academic Misconduct Rule. The penalties include: a caution or reprimand; awarding of zero marks in the assignment, essay, project, test, examination or other work in respect of which academic misconduct has occurred; a fail in the subject; a fine; suspended enrolment; or exclusion from the University.
The Faculty of Business has acquired computer software which can link electronic or scanned assessments to online data to accurately detect plagiarism. The software can also detect situations when students submit assessments which include the work of other students. The software system used by the Faculty is called "Turnitin". The Faculty reserves the right to require submission of assessments in electronic form. More details of this software can be found at the following web sites:
http://www.turnitin.com/http://www.turnitin.com/static/products_services/plagiarism_prevention.htmlPlease note that we would much prefer to encourage students to submit assessments which clearly acknowledge sources rather than to detect plagiarism and to impose penalties. Recent penalties applied to plagiarism have included automatic failure and suspension from the University.
A guide to the APA style of referencing (the style now used by the Faculty of Business) is available at:
http://www.csu.edu.au/division/studserv/learning/pdfs/apa2008.pdfFurther details on how to reference and avoid unintentional plagiarism can be found at the Student Services website.
http://www.csu.edu.au/division/studserv/learning/referencingSubject delivery
Schedule
Week
Topic
Readings
1
Topic 1: Introduction to information security
Text Chapter 1
2
Topic 2: Cryptography
Text Chapter 11 and Reading 1
3
Topic 3: Systems threats and Countermeasures
Text Chapter 2 & 3
4
Topic 4: Secure communication
Reading 2 & 3
Assessment item 1 due
5
Topic 5: Network Vulnerabilities and Attacks Topic 6: Network Defences
Text Chapter 4
Text Chapter 5
6
Topic 7: Virtual Private Networks
7
Topic 8: Wireless Network Security
Text Chapter 6 & Reading 6
8
Topic 9: Access Control Fundamentals & Authentication
Text Chapter 7 & 8
Assessment item 2 due
9
Topic 10: IP Security
Topic 11: Vulnerability Assessment and Security Audits
Reading 7
Text Chapter 9 & 10
10
Topic 12: Security Policies and Training
Text Chapter 14 & Reading 8
Exam Period
Online forum participation
All CSU online subjects have forums which are accessible through the CSU Interact online learning environment. Details regarding how these will be utilised during a teaching session should be provided within the 'Teaching and support strategies' section of the subject outline, or on the forum itself.
Submission of assessment tasks
It is recommended that your name and your student number be included in the header or footer of every page of any assignment.
Charles Start University has a centralized assignment receipt centre located at reception. All assignments should be accompanied by a completed assignment cover sheet. Reception only accepts assignments up to 5pm each week day.
You will have the assignment receipt handed to you stamped and signed, this must be kept as proof of submission.
Faxed/emailed assessment tasks
The Faculty of Business has resolved not to accept faxed or emailed assessment tasks under any circumstances.
Assessment task return
You should normally expect your marked assessment tasks to be despatched to you within three weeks of the due date, if your assessment task was submitted on time. If an assessment task is submitted on time but not returned by the return date, you should make enquiries in the first instance to the subject coordinator.
Academic learning skills assistance
Visit the learning skills website for advice about assignment preparation, academic reading and notetaking, referencing, and preparing for exams at:
http://www.csu.edu.au/division/studserv/learningYou may also contact:
Dr Susan Lee
Study Support Officer
Phone: 02 9291 9337
E-mail:
S.Lee@sga.edu.auFor appointments, please see Reception.
Queries regarding the content of this subject should be directed to your subject lecturer.
Subject evaluation surveys
It is University policy that all subjects are evaluated every time that they are offered. The University's Division of Learning and Teaching Services administers surveys through the Online Evaluation Survey System. Staff in the faculties and schools value your feedback very highly and take account of your comments when reviewing learning and teaching in each subject. If you are interested in the details of any enhancements to this subject as a result of the latest survey, please contact the subject coordinator.
Surveys for each of the subjects you are enrolled in for this session will be available for you to complete for a period of 4 weeks from the last week of the teaching session. An email message will alert you to the availability of the surveys online.
Please complete the subject evaluation by following the link:
http://online.csu.edu.au/evaluations/Individual subject results are reported to the subject coordinator and Heads of Schools after grades have been submitted for each teaching session (except where subjects have one student the results are not reported to staff). The aggregated results for subjects are available within 3 weeks of the release of grades. They can be accessed online at:
http://www.csu.edu.au/division/landt/evalunit/evaluation_online.htmVariations to Subject Outlines
Should it be necessary to change the content of the Subject Outline during a teaching session, it will be done in consultation with the Head of School and other support services of the University. You then will be notified of the changes in writing by the subject coordinator.
Assessment details
Due dates
Item no.
Description
Value
Due date*
Return date**
Cover sheet required
1
Assessment 1: Questions
20%
Monday 24 August 2009
Monday 14 September 2009
Yes
2
Assessment 2: Questions
20%
Monday 19 October 2009
Monday 9 November 2009
Yes
3
Assessment 3: Examination
60%
Exam period
(16-27 November 2009)
No
*
due date is the last date for assessment items to be received at the University
**
applies only to assessment items submitted by the due date
Extensions and late submission of assessments
Requests for extensions will be considered on a case-by-case basis. Reasons such as illness may require evidence of a medical certificate. Reasons such as work pressures will not suffice. The majority of students face the same pressures of prioritising work and family commitments.
The penalty for late submission of an assessment without obtaining the subject coordinator's approval for an extension will be 10% deduction per day including weekends, of the maximum marks allocated for the assignment, i.e. 1 day late - 10% deduction, or 2 days late - 20% deduction.
For example, for an assignment worth 20 marks, the calculation depending on the penalty given are as follows:
Marks received (before penalty)
18 marks
Less 1 day late penalty
2 marks
Student's final mark
16 marks
Marks received (before penalty)
18 marks
Less 2 days late penalty
4 marks
Student's final mark
14 marks
Any difficulty that you have during the session should, in the first instance at least, be dealt with by your subject coordinator.
Assessment item 1: Questions
Due date:
Monday 24 August 2009
Value:
20%
Marks:
Each question in this assessment has a value of 5 marks.
Length:
There is no minimum or maximum number of words set for this assessment item. However, it is expected that answers to questions be succinct (i.e. precise and concise) with all sources of information fully referenced as per APA referencing style. See the CSU guide to APA at
http://www.csu.edu.au/division/studserv/learning/referencing/index.htmRationale:
The rational for this assignment is for you to demonstrate your understanding of protocols used in network security and encryption methods, use security-related tools, and diagnose the capability of a computer to protect itself.
Instructions:
Post your answers on your personal blog. Use one post for each question. Provide supporting references at the end of each post entry.
Question 1 – Google Reconnaissance (5 marks)
Complete project 1-2, page 31 from the text book. Take screenshots of steps 4, 5, 6, 7. Take 2 more screenshots that display the contents of documents that expose account names. Provide a description of each screenshot.
Question 2 – Keylogger (5 marks)
Install and use a keylogger as shown in Project 2-2, page 71. Provide screenshots of steps 1, 4, 6, 11, 14. Answer question in step 14. Also answer this question: how would you attempt to install a keylogger to a computer for which you did not know a user name and password?
Question 3 – Virus attacks (5 marks)
Complete Case Project 2-1, page 76. Report your findings in your blog.
Question 4 – Anti virus software (5 marks)
Complete project 3-2, page 111. Provide screenshots of steps 4, 6, 7, 12, 13, 18. Ensure you answer the questions in steps 6, 7, 12, 13, 18. Provide a description of each step.
Assessment item 2: Questions
Due date:
Monday 19 October 2009
Value:
20%
Length:
There is no minimum or maximum number of words set for this assessment item. However, it is expected that answers to questions be succinct (i.e. precise and concise) with all sources of information fully referenced as per APA referencing style. See the CSU guide to APA at
http://www.csu.edu.au/division/studserv/learning/referencing/index.htmRationale:
The rational for this assignment is for you to demonstrate your understanding of protocols used in network security and encryption methods, use security-related tools, and diagnose the capability of a computer to protect itself.
Instructions:
Post your answers on your personal blog. Use one post for each question. Provide supporting references at the end of each post entry.
Question 1 – Wireshark (5 marks)
Complete Project 4-1, page 148. Provide screenshots of steps 1, 6, 7, 8, 9, 14. What is happening in steps 7 and 8? How can you prevent Wireshark capturing these data?
Question 2 – Cryptography (5 marks)
Project 11-1, page 394. Provide screenshots of steps 1, 5, 6, 9, 10, 11, 12, 13, 14. Answer the two questions in step 14.
Complete Case Project 11.1, page 398.
Question 3 – Wireless security (5 marks)
1. Complete Project 6-3. Provide screenshots of steps 1, 7, 9, 11, 13, 14.
2. Complete Case Project 6-3.
Question 4 – Vulnerability scanners (5 marks)
Complete Project 9-2, page 9. Provide screenshots of steps 1, 3, 5, 6, 10, 13, 15, 17. Answer question in step 17.
Assessment item 3: Examination
Due date:
Examination period
Value:
60%
Length:
2 hours
Exam type:
Closed book
Appendices Sample exam
