General information:
Code:
UBPJO-122
Name:
Computer networks security
Profile of education:
Academic (A)
Lecture language:
English
Semester:
Spring
Responsible teacher:
Zieliński Sławomir (slawek@agh.edu.pl)
Academic teachers:
Zieliński Sławomir (slawek@agh.edu.pl)
Module summary

Description of learning outcomes for module
MLO code Student after module completion has the knowledge/ knows how to/is able to Connections with FLO Method of learning outcomes verification (form of completion)
Social competence
M_K001 Student is able to cooperate in a small group on a common task Case study
Skills
M_U001 Student is able to configure secure site-to-site connections traversing public networks Case study
M_U002 Student is able to configure VPNs for teleworkers Case study
M_U003 Student is able to configure BGP routing
Knowledge
M_W001 Student knows and understands basic security aspects of Internet connectivity Oral answer
M_W002 Student knows the specifics of inter-AS cooperation, including routing policies Case study
M_W003 Student knows and understands connectivity issues related to distributed applications Oral answer
FLO matrix in relation to forms of classes
MLO code Student after module completion has the knowledge/ knows how to/is able to Form of classes
Lecture
Audit. classes
Lab. classes
Project classes
Conv. seminar
Seminar classes
Pract. classes
Zaj. terenowe
Zaj. warsztatowe
Others
E-learning
Social competence
M_K001 Student is able to cooperate in a small group on a common task - - + - - - - - - - -
Skills
M_U001 Student is able to configure secure site-to-site connections traversing public networks - - + - - - - - - - -
M_U002 Student is able to configure VPNs for teleworkers - - + - - - - - - - -
M_U003 Student is able to configure BGP routing - - + - - - - - - - -
Knowledge
M_W001 Student knows and understands basic security aspects of Internet connectivity + - - - - - - - - - -
M_W002 Student knows the specifics of inter-AS cooperation, including routing policies + - - - - - - - - - -
M_W003 Student knows and understands connectivity issues related to distributed applications + - - - - - - - - - -
Module content
Lectures:
  1. Introduction. Computer networks security basics

    (2hrs) The lecture overviews the basic aspects of computer networks security, introduces the taxonomies related to the topics and discusses the technologies used at customer (company) premises edge.

  2. Network traffic filtering

    (2hrs) The lecture covers:
    - firewall types and their capabilities,
    - de-militarized zone design paradigms,
    - network address translation, traffic tunneling.

  3. Virtual private networks over Internet

    (7hrs) The lecture covers:
    - definition of a virtual private network,
    - paradigms of virtual private networks deployment,
    - Multiprotocol Label Switching (MPLS) basics,
    - introduction to Border Gateway Protocol (BGP) v4,
    - inter-operation between BGP and MPLS,
    - IP Security Architecture (IPSec), including cryptographic techniques,
    - Internet Key Exchange,
    - construction of site-to-site VPNs.

  4. Virtual private networks for teleworkers

    (2hrs) The lecture covers the topic of dynamic, on-demand creation of virtual private networks. In particular, Layer 2 Tunneling Protocol (L2TP) and its integration with IPSec, are discussed.

  5. Authentication, Authorization and Accounting

    (2hrs) The lecture focuses on:
    - techniques used to authenticate users and machines, including IEEE 802.1x and 802.11i,
    - services and protocols used for user rights management (RADIUS, etc.),
    - techniques of tracing network user activities.

Laboratory classes:

The topics of the laboratory classes are as follows:
1) firewall configuration,
2) network address translation and traffic tunelling,
3) configuring BGP,
4) configuring IPSec-based site-to-site VPNs,
5) configuring VPNs for teleworkers, based on L2TP, IPSec and RADIUS,
6) advanced VPN configuration (Dynamic Multipoint VPN or Group Encrypted Transport VPN),
7) case study.

Student workload (ECTS credits balance)
Student activity form Student workload
Summary student workload 100 h
Module ECTS credits 4 ECTS
Participation in lectures 14 h
Participation in laboratory classes 14 h
Preparation for classes 30 h
Preparation of a report, presentation, written work, etc. 22 h
Realization of independently performed tasks 20 h
Additional information
Method of calculating the final grade:

The final grade will be calculated from:
- case study lab completion (70%),
- short oral exam (20%),
- activity during lab classes (10%).

Prerequisites and additional requirements:

A good understanding of computer networking basics is required. The student is expected to know the rules of dynamic internal routing, IP addressing, VLSM, CIDR.

Recommended literature and teaching resources:

1. J. Doyle, J. Carroll, Routing TCP/IP vol. 2, Cisco Press 2005
2. M. Murhammer et al., A Comprehensive Guide to Virtual Private Networks, vol. I-III, IBM RedBooks, www.redbooks.ibm.com
3. V. Bollapragada, M. Khalid, S. Wainner, IPSec VPN Design, Cisco Press 2005

Scientific publications of module course instructors related to the topic of the module:

Additional scientific publications not specified

Additional information:

None