Course Outlines

	Course Outlines

	Public Search

Close Window/Tab

PRINT VIEW -- Opens in new, second window. Use browser controls to close when finished.

Credit- Degree applicable
Effective Quarter: Fall 2020
I. Catalog Information
CIS 56	Network Security	4.5 Unit(s)

	Requisites: Advisory: EWRT 200 and READ 200, or ESL 261, 262 and 263; CIS 108. Hours: Lec Hrs: 48.00 Lab Hrs: 18.00 Out of Class Hrs: 96.00 Total Student Learning Hrs: 162.00 Description: Provides broad-based knowledge and hands-on experience with many facets of network security. The course includes website and database attacks/defense, identified vulnerability exploits, layered security approaches, and Active Directory security policy settings. Includes cryptography, hashing, access controls, physical, application, data defenses, auditing and security protocols. Also, the course can help prepare students to pass the CompTIA Security+ Certification exam.

Student Learning Outcome Statements (SLO)
	• Student Learning Outcome: Determine methods to protect network against security vulnerabilities.

II. Course Objectives

A.	Explore network security issues

B.	Investigate access control and identity management

C.	Implement cryptography

D.	Investigate policies, procedures, and awareness

E.	Identify physical security

F.	Utilize perimeter defenses

G.	Implement network defenses

H.	Design host defenses

I.	Identify application defenses

J.	Formulate data defenses

K.	Perform security assessments and audits

III. Essential Student Materials

None

IV. Essential College Facilities

None

V. Expanded Description: Content and Form

A.	Explore network security issues

1.	Security challenges

2.	Security roles and concepts

3.	Threat agent types

4.	Security introduction

5.	General attack strategy

6.	General defense strategy

7.	Attack and defense strategy overview

B.	Investigate access control and identity management

1.	Access control models

2.	Authentication

3.	Authorization

4.	Access control best practices

5.	Windows domain users and groups

6.	Linux users and groups

7.	Linux user security

8.	Group policy overview

9.	Hardening authentication

10.

Remote access

11.

Network authentication

12.

Identity management

C.	Implement cryptography

1.	Cryptography concepts

2.

Hashing

3.	Symmetric encryption

4.	Asymmetric encryption

5.	Public Key Infrastructure (PKI)

6.	Cryptography implementations

D.	Investigate policies, procedures, and awareness

1.	Security policies

2.	Business continuity

3.	Risk management

4.	Incident response

5.	Social engineering

6.	Certification and accreditation

7.	Development

8.	Employee management

9.	Business impact analysis

10.

Disaster recovery plan

E.	Identify physical security

1.	Physical security definitions

2.	Hardware security

3.	Environmental controls

4.	Mobile devices

5.

Telephony

6.	The Internet of Things

F.	Utilize perimeter defenses

1.	Networking review

2.	Perimeter attacks

3.	Security appliances

4.	Packet Captures

5.

Firewalls

6.	Network Address Translation (NAT)

7.	Virtual Private Networks (VPN)

8.	Web threat protection

9.	Network Access Control (NAC)

10.

Wireless attacks

11.

Wireless defenses

G.	Implement network defenses

1.	Network devices

2.	Network device vulnerabilities

3.	Switch attacks

4.	Router and switch security

5.	Intrusion detection and prevention

H.	Design host defenses

1.

Malware

2.	Password attacks

3.	Windows system hardening

4.	Hardening enforcement

5.	File server security

6.	Linux host security

I.	Identify application defenses

1.	Web application attacks

2.	Internet browsers

3.

E-mail

4.	Network applications

5.	Virtualization

6.	Application development

7.	System life Cycle

8.	Application software testing

J.	Formulate data defenses

1.	Redundancy

2.	Backup and restore

3.	File encryption

4.	Secure protocols

5.	Cloud computing

K.	Perform security assessments and audits

1.	Vulnerability assessment

2.	Penetration testing

3.	Protocol analyzers

4.	Logs and audits

5.	System testing and monitoring

VI. Assignments

A.	Reading assignments

B.	Complete assigned homework review questions

C.	View assigned security videos

VII. Methods of Instruction

Lecture and visual aids
Discussion of assigned reading
Discussion and problem solving performed in class
Quiz and examination review performed in class
Homework and extended projects
Laboratory discussion sessions and quizzes that evaluate the proceedings weekly laboratory exercises

VIII. Methods of Evaluating Objectives

A.	Final exam and midterm or quizzes based on comprehension and mastery of key terms and concepts as well as application skills related to analysis and synthesis of computer concepts. These are evaluated based on correctness.

B.	Participation in lab skills exercises that demonstrate ability to critically evaluate the proper use of appropriate computer security software to complete a given set of computer-related tasks.

IX. Texts and Supporting References

A.	Examples of Primary Texts and References

1.	Darril Gibson. "CompTIA Security+: Get Certified Get Ahead." SY0-501 Edition. YCDA LLC, 2017.

B.	Examples of Supporting Texts and References

1.	Kim, David. “Fundamentals of Information Security." Third Edition. Jones and Bartlett Learning LLC, an Ascent Learning Company, 2018

X. Lab Topics

A.	Use Active Directory to view, create, manage user accounts and groups

B.	Eliminate threats with a layered security approach

C.	Use asymmetric encryption to encrypt and decrypt files

D.	Perform reconnaissance and probing using common tools

E.	Perform a vulnerability assessments

F.	Enable Windows Active Directory and user access controls

G.	Use Group Policy Objects and Microsoft Baseline Security Analyzer for change control

H.	Perform packet capture and traffic analysis

I.	Implement a business continuity plan

J.	Perform a web site and database attack by exploiting identified vulnerabilities