Course Catalogue

Module Code and Title:       CSC309          Systems and Networks Security

Programme:                          BCA

Credit Value:                         12

Module Tutor:                       Phub Namgay

General Objective: The security of electronic systems and computer networks is an important issue recently due to the increased dependence of organizations and people on such systems. The risks of unauthorized intrusion into an e-commerce/e-government system or other website ranges from invasion of privacy and loss of money to the exposure national security information and other potential catastrophes. Therefore, securing such data is vital to the proper operation and future stability of organizations. This module imparts students with deeper insight into different techniques available for enhancing cyber security.

Learning Outcomes – On completion of the module, learners will be able to:

  1. Define the need for Internet Protocol (IP) security and the security standard, IPsec.
  2. Explain the fundamental cryptographic principles and various encryption techniques.
  3. Describe firewalls and analyse their uses and functions.
  4. Describe Intrusion Detection Systems.
  5. Analyse the various threats commonly faced by modern IT systems.
  6. Explain the mechanisms and risks associated with various types of viruses, worms and Trojans, as well as the various prevention measures that must be undertaken.
  7. Develop solutions for networking and security problems, balancing business concerns, technical issues and security.
  8. Design a network security mechanism practically.

Learning and Teaching Approach:

Approach

Hours per week

Total credit hours

Lecture & discussions

3

45

Lab Practical

3

45

Independent study

2

30

Total

120

 

Assessment Approach:

A. Individual Assignment: Portion of Final Mark: 10%

Students should submit two assignments of 1000-1500 words related to Computer Security and Network Security to obtain this 10%. The first one will be before the midterm and it constitutes half of the total 10% allocated. The second one will be after them midterm. 40% will be awarded for explanation of purpose, 40% for content and 20% for illustrating its applications

B. Class Test: Portion of Final Mark: 10%

This is a written test conducted within the class for duration of 30-40 minutes and cover 2-3 weeks of material. There will two such tests, one before midterm comprising of topics from the beginning to the quarter point of the subject matter and the other after the midterm comprising of topics from after the midterm to quarter pointer after midterm.

C. Lab Practical Exam: Portion of Final Mark: 15%

This component assesses the student’s practical knowledge. They will be assessed on their program designing skills, maintaining syntax, use of functions, testing and debugging a code. Each class test will consist of 2-3 and the students have to solve those problems in the class within predefined time. 35% will be awarded sub tasks completed, 35% Techniques used for each sub task, 10% for timing and 30% for output.

D. Presentation: Portion of Final Mark: 5%

It is a group presentation. Students are made to presents a topic related to the module to their class mates. The objective of the presentation is to make students share their knowledge and information on network and security with peers, learn the art of presentation and improve their skills in communicating their knowledge with their peers. The presentation will be approximately 10-12 minutes, and include power points slides.

30% will be awarded for content of the presentation, 30% for preparedness, 10% for timing, 15% for handling of Q&A session, 5% for group-based coordination and 10% for presentation skill.

E. Midterm Examination: Portion of Final Mark: 20%

This a college wide examination conducted at the half-way into the semester. This examination is conducted for 1 hour and 30 Minutes and it includes all topics till the half-way point in the subject matter.

Areas of assignments

Quantity

Weighting

A.    Individual Assignment

2

10%

B.    Class Test

2

10%

C.   Lab Practical Exam

1

15%

D.   Presentation

1

5%

E.    Midterm Exam

1

20%

Total Continuous Assessment (CA)

 

60%

Semester-end Examination (SE)

 

40%

           

Prerequisites: CSC206, CSC205, CSC307, CPR304

Subject Matter:

  1. Introduction
    • The Importance of network security.
    • Network Security as a Business Policy.
    • Defining the important issues
  2. Network Security
    • Introduction to Cryptography, Substitution Ciphers, Two Fundamental Cryptographic Principles.
    • DES – the data encryption standard.
    • Security at the Application Layer: PGP and S/MIME
    • Security at the Transport Layer: SSL and TLS
    • Security at the Network Layer: IPSec
  3. The threats to a secure network
    • Users: the threat from within
    • Viruses and Trojans
    • Intrusion and unauthorized access
    • Disasters and public disorder
  4. Firewalls and Security policy
    • Definition, Types of firewall.
    • Limitations to firewalls
    • Firewall Functions – Static Packet Filtering, Dynamic Packet Filtering, Stateful Filtering, Proxy Servers
    • Ethical hacking (Fundamentals)
    • Phishing
  5. Intrusion Detection System
    • Network Intrusion Detection System
    • System Integrity Verifier
    • Log File Monitor
    • Honeypot
  6. Viruses, Trojans and Worms
    • Viruses – Replication, Concealment, Social-Engineering Viruses
    • Worms, Trojan Horses
    • Preventive Measures – Access Control, Checksum Verification, Process Monitoring, Virus Scanners
    • Deploying Virus Protection – Protecting the Desktop Systems, Protecting the Server Operating Systems, Protecting the Unix-Based System
  7. Introduction to DHCP Snooping
    • Introduction to DHCP Snooping
    • Basic Principles
    • Trusted Interface
    • Listening
    • Enabling Location Transition for a DHCP Snooping User
    • Association Between ARP and DHCP Snooping
    • Clear the MAC Address Entry Immediately When the User Goes Offline
    • Discard DHCP Request Messages with Non-0 GIADDR Field
    • DHCP Snooping Attack Defense
    • Detection Of Bogus DHCP Servers
    • Defence Against Attacks from Non-DHCP Users
    • Defence Against DHCP Flood Attacks, Message Attacks and Server DoS Attacks
  8. Practical Components
    • Firewall
    • Basic router configuration and a Zone Based Firewall
    • DNS Amplification Attack
    • Man in The Middle Attack on Windows with Cain and Abel
    • DHCP Snooping
    • Virtual Private Networks (VPNs) 
    • PPTP, L2TP, SSL and IPSEC overview
    • Implementing a S2S VPN on a Cisco Router
    • Template for a S2S VPN on a Cisco Router
    • Troubleshooting of VPNs
    • Software to be used: Cisco Packet Tracer 5.3 and NFSense

Reading List

  1. Essential Reading:
    • Behrouz A. F. (2008). Cryptography and Network Security. McGrow-Hill, Delhi.
    • Poole, O. (2003). Network Security – A Practical Guide. Elsevier.
    • Brenton, C. & Hunt, C. (2003), Mastering Network Security. Sybax.
    • (2011)Computer Networks - A System Approach (5th ed.). Elsevier.
  2. Additional Reading:
    • Obaidat, M.S., Noureddine A., Boudriga (2007). Security of e-Systems and Computer Networks. Cambridge University Press.
    • Frisch, A. (2002). Essential System Administration, 3rd Edition. O’Reilly.
    • Nemeth, E., et al. (2006). Linux Administration Handbook. 2nd Edition. Prentice Hall.
    • Benantar, M. (2006). Access Control Systems: Security, Identity Management and Trust Models. Springer.

Date: May 30, 2015
Royal Thimphu College