IS316 SYLLABUS: Fundamentals of Network Security, Firewalls, and VPNs

Instructor: Mr.Beard
Email: JBeard@itt-tech.edu
Beard.JL@gmail.com
Phone:504.463-0338
Office hours: During class or via email
Class hours: Class meets on Fridays

COURSE DESCRIPTION
This course offers an introduction to Virtual Private Networks (VPNs) and firewalls for securing a network. Various network security-related issues are introduced and examined. Different types of VPNs for securing data in an organizational setup are discussed as well as the benefits and architecture of a VPN and how to implement a VPN. Other topics include the utility of firewalls tackling security problems and limitations to a firewall. In addition, instruction is also given on how to construct, configure, and administer a firewall and the functionality of a firewall.

MAJOR INSTRUCTIONAL AREAS
Introduction to firewalls
Types of firewalls for securing data
Implementation of firewalls and virtual private networks
Standards of NIST publication 800-41 for firewalls

COURSE RESOURCES
Student Textbook Package
Greg Holden. Guide to Firewalls and Network Security Intrusion Detection and VPNs
Intrusion Detection and VPNs. Massachusetts: Thomson Course Technology, 2006

References and Resources
ITT Tech Virtual Library
Login to the ITT Tech Virtual Library (http://www.library.itt-tech.edu/) to access online books, journals, and other reference resources selected to support ITT Tech curricula.

EVALUATION & GRADING
COURSE REQUIREMENTS
1. Attendance and Participation
• Regular attendance and participation are essential for satisfactory progress in this course.
2. Completed Assignments
• Each student is responsible for completing all assignments on time.
3. Team Participation (if applicable)
• Each student is responsible for participating in team assignments and for completing the delegated task. Each team member must honestly evaluate the contributions by all members of their respective teams.

Evaluation Criteria Table
The final grade (10 point scale) will be based on the following weighted categories:
CATEGORY WEIGHT

• Participation 10 %
• Case Assignments 20%
• Lab Assignments 25%
• Course Project 20%
• Final Exam 25%
  
  

Unit 1 - Firewall Planning and Design

Textbook: Greg Holden. Guide to Firewalls and Network Security Intrusion Detection and VPNs. Massachusetts: Thomson Course Technology, 2006
Reading: Chapter 1

Assignments:

Review Questions RQ): Chapter 1, Questions 1-20, Assignment due tonight.

Case Assignment 1 (CA1) p35:
Title: Making a Case for a Firewall
Deliverables and format:
The paper should be a minimum of two (2) pages in length.
Microsoft Word - Font: Arial Size: 11 Point, Double spaced


Case Assignment 2 (CA2) p35:
Title: Locating the Network Perimeter
Deliverables and format:
The paper should not exceed 250 words in length.
Microsoft Word - Font: Arial Size: 11 Point, Double spaced
Case Assignments are due before the start of class next week.

Labs: Lab assignments are due tonight
Lab1: LabSim Security+ complete 5.2 Firewalls
Title: LabSim Security+ 5.2
▪ Task: What is the difference between enabling the reserved or well-known ports on the firewall versus enabling the ports in NAT?
▪ Deliverables and format: After you complete the simulation, take a screen shot of the final page and submit it to the instructor tonight along with the task questionin a Word document.

Refer to Hands-On Projects (p31) in your textbook for the following Lab assignments
Lab2: Project 1-1 View Active Connections
Lab3: Project 1-2 Search for a Numbered Request for Comment (RFC)
Lab4: Project 1-4 Do Your Own Manual “Port Scanning”
Deliverables: Use screenshots to document your work

Refer to the General Course Information link for Email Instructions and Assignment formats.

Unit 2 - Identify the Need for a Security Policy

Reading:
Textbook: Guide to Firewalls and Network Security Intrusion Detection and VPNs.
Chapter 2, pp. 37–60

References: http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf

Assignments:
Review Questions (RQ): 1–14, pp. 53, 54 Assignment due tonight.

Project:
Project Part 1: Submission (Part 1 is due tonight)
Project Part 2: Initiation (Part 2 Due Week 4)

Case Assignment 2-1 (CA1) p60:
Title: Develop a Response Plan
Deliverables and format:
Microsoft Word - Font: Arial Size: 11 Point, Double spaced

Case Assignment 2-4 (CA2) p60:
Title: Justify a Security Policy
Deliverables and format:
The paper should not exceed 250 words in length.
Microsoft Word - Font: Arial Size: 11 Point, Double spaced
Case Assignments are due before the start of class next week.

Labs: Lab assignments due tonight.
Lab1: Research and Create
▪ Task: Students will use this time to research a security policy and begin creating one. This will be used for the course project. Students may use the site: http://www.sans.org/score/incidentforms/
▪ Deliverables and format: Submit results of research on security policy along with an outline of a security plan.

Refer to Hands-On Projects (p56) in your textbook for the following Lab assignments:
Lab2: Project 2-1 Locate and Fill Out an Incident Identification Form
Lab3: Project 2-2 Draw up a List of Resources To Be Protected
Lab4: Project 2-3 Enable IPSec on a Windows 2000 Workstation

Submit each assignment type as a separate attachment (CA1, LAB1, RQ). You may group the labs into one document. Submit screenshots where appropriate.

Refer to the General Course Information link for Email Instructions and Assignment formats.

Unit 3 Explain Firewall Configuration Strategies

Reading:
Textbook: Guide to Firewalls and Network Security Intrusion Detection and VPNs.
Chapter 3, pp. 61 - 99

References: ITT Tech Virtual Library > Books > Strebe Matthew and Perkins Charles Firewalls 24Seven, Second Edition > Chapter 10: The Ideal Firewall

Assignments:

Review Questions (RQ): 1–21, pp. 92–94 Assignment due tonight.

Case Assignment 3-3 (CA1) p99:
Title: Design a Public Access and Private Security Plan
Deliverables and format:
The paper should not exceed 250 words in length.
Microsoft Word - Font: Arial Size: 11 Point, Double spaced
Case Assignment is due before the start of next class.

Labs:
Refer to Hands-On Projects (pp 95 - 97) in your textbook for the following Lab assignments:

Lab1: Project 3-1 Draw a simple packet-filtering design
Lab2: Project 3-2 Draw a DMZ
Lab3: Project 3-3 Failover Firewall Configuration
Lab4: Project 3-4 Use the Tracert Command to Trace Network Connections
Lab5: Project 3-6 Install Sygate Personal Firewall

See http://www.pacestar.com/ for trial network drawing tools.
See http://www.visualroute.com/ for trial network trace route tools.

Submit each assignment type as a separate attachment (CA1, LAB1, RQ). You may group the labs into one document. Submit screenshots where appropriate.


Refer to General Course Information for Email and Assignment Instructions.

Unit 4 - Explain Packet Filtering

Reading:
Textbook: Guide to Firewalls and Network Security Intrusion Detection and VPNs
Chapter 4, pp. 101–134

Assignments:

Review Questions (RQ): Review Questions 1–21, pp. 125–127 Assignment due at the end of class.

Case Assignment 4-1 (CA1) p132:
Title: Design a Packet Filtering Solution.
Deliverables and format:
The paper should not exceed 500 words in length.
Microsoft Word - Font: Arial Size: 11 Point, Double spaced

Case Assignments are due before the start of the next class.

Project:
Project Part II due.
Project Part III assigned – Refer to the project handout for particulars.

LabSim: Security + CD
Lab 1: Complete 5.3 Packet Filters – Submit screen shot to instructor.

Labs:
Refer to Hands-On Projects (128-129) in your textbook for the following Lab assignments
Lab2: Project 4-1 Install and Configure Tiny Personal Firewall
Lab3: Project 4-2 Set Up Windows Packet Filtering
Lab4: Project 4-5 Use Windows IPSec Packet Filtering
Lab5: Project 4-6 View Your Local Network Routing Table


Submit each assignment type as a separate attachment (CA1, LAB1, RQ)

Refer to General Course Information for Email and Assignment Instructions.

Unit 5 - Working with Proxy Servers and Application-Level Firewalls

Reading:
Textbook: Guide to Firewalls and Network Security Intrusion Detection and VPNs
Chapter 5, pp. 135–170

References:
• http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf
• ITT Tech Virtual Library > Books > Dunsmo Bradley Mission Critical Internet Security >Chapter 2: Internetwork Security Concepts
• ITT Tech Virtual Library > Books > Burgess Mark Principles of Network and System
Administration, Second Edition > Chapter 9 - Application-level services

Assignments:

Review Questions (RQ): Review Questions 6–19, pp. 160–161 Assignment due in class.

Case Assignment 5-1 (CA1) p169:
Title: Use Private IP Addresses and Share a Connection.
Deliverables and format:
The paper should not exceed 500 words in length.
Microsoft Word - Font: Arial Size: 11 Point, Double spaced

Case Assignments are due before the start of the next class.


LabSim: Security + CD
Lab 1: Complete 5.1 Network Address Translation– Submit screen shot to instructor.

Labs:
Refer to Hands-On Projects (162) in your textbook for the following Lab assignments
Lab2: Project 5-1 Install and Configure NetProxy
Questions to answer
• Why is a subnet mask allocated when configuring a NAT address pool?
• When configuring NAT how is the network connection shared?

Submit each assignment type as a separate attachment (CA1, LAB1, RQ)


Refer to the General Course Information link for Email Instructions and Assignment formats.

Unit 6 - Encryption and Firewalls

Reading:
Textbook: Guide to Firewalls and Network Security Intrusion Detection and VPNs
Chapter 7, pp. 203–242

References:
• http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf
• ITT Tech Virtual Library > Books > Dunsmore Bradley Mission Critical Internet Security> Chapter 3: IPSec

Assignments:

Review Questions (RQ): Review Questions 1–19, pp. 231–233 Assignment due in class.

Case Assignment 7-2 (CA1) p 241
Title: Encryption.
Deliverables and format:
The paper should be a minimum of 2 pages in length.
Microsoft Word - Font: Arial Size: 11 Point, Double spaced

Case Assignments are due before the start of the next class.

Project: Refer to project handout.
Part 3: Submission
Part 4: Initiation


Labs:
Refer to Hands-On Projects (pp234 -237) in your textbook for the following Lab assignments
Lab1: Project 7-1 Install and Configure PGP
Lab2: Project 7-2 Use a Public Key Server
Lab3: Project 7-3 Import Someone Else’s Public Key
Lab4: Project 7-4 Encrypt and Sign an E-Mail Attachment


Submit each assignment type as a separate attachment (CA1, LAB1, RQ)


Refer to General Course Information for Email and Assignment Instructions.

Unit 7 - Choosing a Bastion Host

Reading:
Textbook: Guide to Firewalls and Network Security Intrusion Detection and VPNs
Chapter 8, pp. 243–276

References:• http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf
• ITT Tech Virtual Library > Books > Tittel Ed, Stewart James Michael and Chapple Mike
CISSP: Certified Information Systems Security Professional Study Guide, Second Edition

Assignments:

Review Questions (RQ): Review Questions 1–15, pp. 159-161 Assignment due in class.

Case Assignment 8-1 (CA1) 274
Title: Analyze Bastion Host Requirements
Deliverables and format:
Microsoft Word - Font: Arial Size: 11 Point, Double spaced

Case Assignments are due before the start of the next class.

Labs:
Refer to Hands-On Projects (pp266-271) in your textbook for the following Lab assignments
Lab1: Project 8-1 Configure an FTP Server as a Bastion Host
Lab2: Project 8-2 Create an Emergency Repair Disk
Lab3: Project 8-3 Create an Automated System Recovery Set
Lab4: Project 8-4 Test Your Bastion Host


Submit each assignment type as a separate attachment (CA1, LAB1, RQ)


Refer to General Course Information for Email and Assignment Instructions.

Unit 8 - Setting Up a Virtual Private Network

Reading:
Textbook: Guide to Firewalls and Network Security Intrusion Detection and VPNs
Chapter 9, pp. 277–318

References:

• http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf
• ITT Tech Virtual Library > Books > Brown Steven Implementing Virtual Private
  Networks > Chapter 2:Network Security for VPNs, Chapter 4: VPN Architecture
• ITT Tech Virtual Library > Books > Edwards Wade CCSP Complete Study Guide
  (642-501, 642-511, 642-521, 642-531, 642-541)
• ITT Tech Virtual Library > Books > Dunsmore Bradley Mission Critical Internet
  Security > Chapter 3: IPSec
• ITT Tech Virtual Library > Books > Burgess Mark Principles of Network and
  System Administration, Second Edition > Chapter 9 - Application-level services
  
  Project Part 4: Submission
  Project Part 5: Initiation
  
  Assignments:
  Review Questions (RQ): Review Questions 1–20, pp. 306 – 309
  Assignment due in class.
  
  Case Assignment 9-1 (CA1) p 318
  Title: Setting Up a VPN
  Deliverables and format:
  Microsoft Word - Font: Arial Size: 11 Point, Double spaced
  
  Case Assignments are due before the start of the next class.
  
  Labs:
  Lab 1: LabSim Security + CD, complete 8.2 Virtual Private Network
  
  Refer to Hands-On Projects (pp310-314) in your textbook for the following Lab assignments
  Lab2: Project 9-1 Set Up VPN Client Connection
  Lab3: Project 9-2 Change VPN Connection Properties
  Lab4: Project 9-7 Establish VPN Rules
  
  
  Submit each assignment type as a separate attachment (CA1, LAB1, RQ)
  
  
  Refer to General Course Information for Email and Assignment Instructions.
  
  

Unit 9 - Building Your Own Firewall

Reading:
Textbook: Guide to Firewalls and Network Security Intrusion Detection and VPNs
Chapter 10, pp. 319–356

References:
http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf

ITT Tech Virtual Library > Books > Douglas Susan and Douglas Korry Linux Timesaving Techniques For Dummies > Technique 34: Protecting Yourself with a Firewall

ITT Tech Virtual Library > Books > Strebe Matthew and Perkins Charles Firewalls 24Seven, Second Edition > Chapter 13 : Security Utilities

ITT Tech Virtual Library > Books > Negus Christopher and Weeks Thomas Linux Troubleshooting Bible > Chapter 11: Firewall Troubleshooting

Project Part 5: Submission
Project Part 6: Initiation

Assignments:
Review Questions (RQ): Review Questions 1–20, pp. 343-346
Assignment due in class

Case Assignment 10-2 (CA1) p 355
Title: Remote Access Software and Firewalls
Deliverables and format:
Microsoft Word - Font: Arial Size: 11 Point, 1 page

Case Assignment 10-3 (CA2) p 355
Title: Which Firewall to Use
Deliverables and format:
Microsoft PowerPoint Presentation

Case Assignments are due before the start of the next class.

Labs: (Bring Your Drive)
Refer to Hands-On Projects (pp246-24) in your textbook for the following Lab assignments
Lab1: Project 10-1 Download ZoneAlarm Pro
Lab2: Project 10-2 Configure ZoneAlarm Pro
Lab3: Project 10-3 Test Configuration and View Log


Submit each assignment type as a separate attachment (CA1, LAB1, RQ)


Refer to General Course Information for Email and Assignment Instructions.

Unit 10 - Ongoing Administration

Reading:
Textbook: Guide to Firewalls and Network Security Intrusion Detection and VPNs
Chapter 11, pp. 357–392

References:
http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf

ITT Tech Virtual Library > Books > Edwards Wade CCSP Complete Study Guide (642-501, 642-511, 642-521, 642-531, 642-541 > Chapter 15: VPNs and the PIX Firewall

ITT Tech Virtual Library > Books > Smith Roderick W. Linux+ Study Guide, Third Edition (XK0-002) > Chapter 8: System Documentation

ITT Tech Virtual Library > Books > Negus Christopher and Weeks Thomas Linux Troubleshooting Bible > Chapter 11: Firewall Troubleshooting

Project Part 6: Submission – Due week 11

Assignments:
Review Questions (RQ): Review Questions 1–20, pp. 384–385
Assignment due in class

Case Assignment 11-1 (CA1) p 391
Title: Monitoring Traffic
Deliverables and format:
Microsoft Word - Font: Arial Size: 11 Point, 2 pages

Case Assignments are due before the start of the next class.

Labs:
Lab1: LabSim Security + CD, complete 6.1 Network Hardening
Lab2: LabSim Security + CD, complete 6.2 Operating System Hardening

Refer to Hands-On Projects (pp387-88) in your textbook for the following Lab assignments
Lab3: Project 11-1 Using Status Monitor
Lab4: Project 11-2 Configure a System Alert

Submit each assignment type as a separate attachment (CA1, LAB1, RQ)


Refer to General Course Information for Email and Assignment Instructions.