is3220_ig

IS3220 Information Technology

Infrastructure Security

INSTRUCTOR GUIDE

Course Revision Table

Change Date

Updated Section Change Description Change RationaleImplementation

Date

01/09/2012 All New course New course March 2012

Credit hours: 4.5

Contact / Instructional hours: 60 (30 Theory, 30 Lab)

Prerequisite: IS3120 Network Communications Infrastructure or equivalent

Corequisite: None

IS3220 Information Technology Infrastructure Security INSTRUCTOR GUIDE

Table of Contents

COURSE OVERVIEW...................................................................................................................3

INSTRUCTOR RESOURCES.......................................................................................................5

COURSE MANAGEMENT............................................................................................................7

GRADING......................................................................................................................................9

UNIT PLANS...............................................................................................................................11

COURSE SUPPORT TOOLS.....................................................................................................88

ASSESSMENT TOOLS...............................................................................................................90

© ITT Educational Services, Inc.All Rights Reserved. -2- Change Date: 01/09/2012


Course Overview

Course Summary

Computer network security is complex, with new threats emerging constantly and new products and

procedures being introduced to defend against them. With today’s emphasis on anywhere, anytime

access, most internal networks also access public networks, such as the Internet.

Strong network-perimeter defense is required along with secure connections for remote users.

This course focuses on general network security, providing essential terminology, current threats,

methods of protection, and future trends. In addition, the course covers firewalls, virtual private

networking fundamentals, and best practices. Along the way, students will understand the challenges

businesses and organizations face in protecting their networks and the data that resides within.

Instructional Approach

ITT/ESI instructional strategy and teaching methods are grounded into the following theoretical

constructs:

Bloom’s Taxonomy of learning objectives that determine: a) selection of specific instructional

tasks and associated outcomes, and b) assessment of learning outcomes

Gagné’s Taxonomy of learned capabilities that represent progression of competency

development from lower level operational skills to high-level intellectual capacity for solving

unknown, complex, ill-structured problems through application or generation of rules

Keller’s ARCS Model addressing critical factors of learner motivation and engagement

Instructors are encouraged to utilize the following principles in their teaching practice:

Engaging students into active, experiential learning processes facilitated by the instructor or more

experienced peers

Gradually increasing the complexity of instructional tasks dynamically adapted to the student’s

current competency level

Promoting cognitive realism by grounding instructional tasks into real-life contexts and engaging

students in situations where they are challenged by complex problems requiring analytical

thinking, critical reading, and systematic interaction with peers

Providing opportunities for performing scientific inquiry and reflection on individual and group

work

Implementing assessments of student learning focused on knowledge transfer and demonstration

of competency acquisition through performing the tasks that have real-world relevance and match

the activities of professionals in practice



Critical Considerations

You should be familiar with current network security firewall and Virtual Private Network (VPN) concepts

and methods. The labs and lab demonstrations focus on port/protocol scanning and data packet analysis

(using NetWitness Investigator), vulnerability scanning (using Zenmap), network design, firewall analysis,

and VPN design considerations.

Due to the dynamic nature of the subject matter covered in the course, some students may come into this

course with less than updated knowledge and skills than required, which could hinder them from freely

maneuvering across the topics as desired. This will require the instructor to consciously use an adaptive

course delivery mode, fully engaging students across various learning activities while constantly

assessing students’ needs in terms of the knowledge dependencies, especially during the first couple of

weeks. The instructor should proactively provide students with just-in-time guidance and assistance on

the required knowledge and skills wherever applicable. As determined by the major instructional areas

identified in the course, the instructor may find it necessary to assign students to specific additional

readings and related learning activities from the ITT Tech Virtual Library and other external resources.

The instructor may also decide to expand on specific terms/topics so that students with less than updated

knowledge in the domain may catch up and follow the progression of the course successfully.



Instructor Resources

Required Resources

1. For the course textbook(s) and other required materials, review the course Syllabus.

2. Electronic copy of the Instructor Lab Manual (in .pdf format) and supporting lab setup files*

3. Course Delivery Presentations (in .ppt format)*

* To be downloaded from www.jblearning.com/ITT. These files are hosted in the instructor’s resources

portal provided by Jones & Bartlett Learning. To download, you must register by using your itt-tech.edu

email address as your personal log on. Once you register with the site, a confirmation email will be sent to

the itt-tech.edu email you provided with the log on credentials. Once you successfully log on to the site,

you may download the files in the course folder.

Additional Resources

Internal

ITT Tech Virtual Library:

http://myportal.itt-tech.edu/library/Pages/HomePage.aspx. This resource provides access to

books, articles, and tutorials that supplement student learning.

Faculty Collaboration Portals:

http://myportal.itt-tech.edu/employee/dept/curriculum/FC/default.aspx.


http://www.jblearning.com/ITT


This location allows you to post your questions and to respond to your peers’ questions about the

course.

Curriculum Database:

http://myportal.itt-tech.edu/faculty/cdb/Pages/default.aspx.

Please download the latest version of the courseware from this location.

External

Douglas E Comer

Internetworking with TCP/IP, 5th ed.

Noonan et al

Firewall Fundamentals

Rhodes-Ousley et al,

Network Security: The Complete Reference

W. Richard Stevens et al

TCP/IP Illustrated

Keith Strassberg et al

Firewalls: The Complete Reference

Michael E. Whitman et al

Guide to Firewalls and Network Security

Elizabeth D. Zwicky et al

Building Internet Firewalls, 2nd ed.

Ruixi Yuan

Virtual Private Networks: Technologies and Solutions

Jonathan Katz

Introduction to Modern Cryptography: Principles and Protocols. Chapman & Hall/CRC

Mark Lewis

Comparing, Designing, and Deploying VPNs

John Mairs

VPNs: A Beginner's Guide



Course Management

Lab Setup and Technical Requirements

Course Specific Lab Setup

Each ISS course has an accompanying Lab Manual. Refer to each course’s Lab Manual for specific lab

setup, configuration, Instructor demos, and student lab instructions. For each lab, the instructor will

explain and demonstrate what tasks and deliverables are required (paper-based or equipment-based).

Test Administration and Processing

Tests/examinations for the onsite courses are proctored by instructors in the classroom following

the schedule at the local campus. The Final Examination is to be conducted in the last week of

the quarter with the first half of the class time allocated to the course review and the second half

of the class time allocated to the examination. If a lab practicum is part of the final examination,

the lab practicum is to be scheduled in the lab time of the last class meeting.

It is against the academic integrity and violation of the institutional policy to reveal the content of

the tests/examinations to students in any format prior to the actual time scheduled for the

test/examination. Every instructor is required to exercise diligence in protecting all testing

materials from being compromised in any form.

Grades for the course must be closed at the scheduled time mandated by the institution.

All quizzes, tests and examinations for the online courses are administered through the online

learning management system (LMS) at their scheduled times.

Replacement of Learning Assignments

Tests/Examinations –The instructor may add up to 20% of the items to the prescribed set without

altering the grade weight for the category. No substitution is allowed for any of the prescribed

items.

Quizzes –The instructor is encouraged to construct just-in-time items for this category. If

prescribed items are provided, the instructor may choose to use them or substitute them with their

own versions without altering the grade weights allocated to the category.

Assignments/Discussions/Projects –Wherever deemed necessary, the instructor may choose to

substitute prescribed items with his or her own version without altering the grade weights

allocated to the category. The substitution items must address the same objectives as the original

items at similar levels of scope and rigor with reasonable rubrics.



Academic Integrity

All students must comply with the policies that regulate all forms of academic dishonesty, or academic

misconduct, including plagiarism, self-plagiarism, fabrication, deception, cheating, and sabotage. For

more information on the academic honesty policies, refer to the Student Handbook. Check policies and

faculty Handbook.

Communication and Student Support

Faculty are expected to proactively engage students in the learning of the course through active

guidance, monitoring and follow-ups.

Onsite faculty should respond to students’ emails and/or phone calls within 48 hours. Graded

assignments must be returned to students by the next class meeting in most cases.

Online instructors are expected to respond to students’ “Ask the Instructor” messages within 24 hours of

receipt (48 hours on the weekend). Written assignments must be graded within 72 hours. Discussion

forums must be graded within 72 hours after the last day posts are due.



Grading

The following template is required for setting up your course grade book. Titles are to be entered as

written below to enable aggregate analysis of student learning activities.

Grading CategoryCategory Weight

Category ComponentsComponent

Weight

Assignment 16%

Unit 1. Assignment 1. Clear-Text Data in Packet Trace 2%

Unit 2. Assignment 1. Selecting Security Countermeasures 2%

Unit 4. Assignment 1. Identify Unnecessary Services From a Saved Vulnerability Scan

2%

Unit 5. Assignment 1. Select the Proper Type of Firewall 2%

Unit 7. Assignment 1. Create a VPN Connectivity Troubleshooting Checklist

2%

Unit 8. Assignment 1. Security Concerns and Mitigation Strategies

2%

Unit 9. Assignment 1. Security Plan and Documentation 2%

Unit 10. Assignment 1. Postincident Executive Summary Report

2%

Lab 20%

Unit 1. Lab 1. Analyze Essential TCP/IP Networking Protocols

2%

Unit 2. Lab 1. Network Documentation 2%

Unit 3. Lab 1. Network Discovery & Security Scanning Using ZenMap GUI (Nmap)

2%

Unit 4. Lab 1. Perform a Software Vulnerability Scan & Assessment with Nessus®1 2%

Unit 5. Lab 1. Configure a Microsoft Windows Workstation Internal Firewall

2%

Unit 6. Lab 1. Design a De-Militarized Zone (DMZ) for a LAN-to-WAN Ingress/Egress

2%

Unit 7. Lab 1. Implement a VPN Tunnel for Secure Remote-Access

2%

Unit 8. Lab 1. Design a Layered Security Strategy for an IP Network Infrastructure

2%

Unit 9. Lab 1. Construct a Linux Host Firewall and Monitor for IP Traffic

2%

Unit 10. Lab 1. Design and Implement Security Operations Management Best Practices

2%

Discussion 10% Unit 1. Discussion 1. Familiar Protocols 1%

1 Nessus is a Registered Trademark of Tenable Network Security, Inc.



Grading CategoryCategory Weight

Category ComponentsComponent

Weight

Unit 2. Discussion 1. Familiar Domains 1%

Unit 3. Discussion 1. Social Engineering Defense Issues 1%

Unit 4. Discussion 1. Host-Based vs. Network-Based IDSs/IPSs

1%

Unit 5. Discussion 1. Ingress and Egress Filtering 1%

Unit 6. Discussion 1. Firewall Security Strategies 1%

Unit 7. Discussion 1. Developing a VPN Policy and Enforcing VPN Best Practices

1%

Unit 8. Discussion 1. System Hardening 1%

Unit 9. Discussion 1. Firewall Implementation Planning 1%

Unit 10. Discussion 1. Incident Response Strategies 1%

Project 29%

Unit 4. Project Part 1. Network Survey 4%

Unit 7. Project. Part 2. Network Design 5%

Unit 11. Final Project. Network Security Plan 20%

Exam 25% Final Exam 25%



Unit Plans

UNIT 1: Essential TCP/IP Network Protocols and Applications

Learning Objective

Review essential Transmission Control Protocol/Internet Protocol (TCP/IP) behavior and

applications used in IP networking.

Key Concepts

TCP/IP protocol analysis using NetWitness Investigator

Differentiating clear text from cipher text

Essential TCP/IP characteristics: Three-way handshake, synchronize (SYN), acknowledge

(ACK), User Datagram Protocol (UDP), and TCP

IP networking protocol behavior: IP version 4 (IPv4) address, Address Resolution Protocol (ARP),

Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), Routing Information

Protocol (RIP), Open Shortest Path First (OSPF)

Network management tools: Internet Control Message Protocol (ICMP), Simple Network

Management Protocol (SNMP), Telnet, File Transfer Protocol (FTP), Trivial File Transfer Protocol

(TFTP), Secure Shell (SSH)

Reading

Stewart, Chapter 1. “Network Security Fundamentals”

IPv4 Versus IPv6

DNS

Stewart, Chapter 2. “Firewall Fundamentals”

TCP/IP Overview

Stewart, Chapter 5. “Network Security Implementation”

Seven Domains of a Typical IT Infrastructure

Protocols and Topologies

Common Types of Addressing

Keywords

Use the following keywords to search for additional materials to support your work:

IPv4 addressing

NetWitness investigator

Network management

Networking protocol



Protocol analysis

Protocol analyzer

Protocols

TCP/IP

Three-way handshake

Trace analysis



Learning Activities

E X P L O R E

FOCUS SUGGESTED APPROACH METHOD TOOLS

Concepts

The first part of this unit provides background for students

who are not familiar with protocols. Begin the unit with the

concept of “packet” in network communications, what it

contains, and the benefits of protocol analysis.

Next, through the Concepts section of IS3220.U1.PS1.ppt,

cover the following points:

Discuss the TCP/IP protocol suite and various

protocols within the suite.

Discuss packets and packet structure.

Introduce protocol (packet) analyzers. There are

many analyzers to choose from, like Wireshark,

tcpdump, and NetWitness Investigator.

Explain NetWitness Investigator and Wireshark

features. Note that these software packages will

be used throughout the course.

Presentation IS3220.U1.PS1

Process

Refer to the Process section of IS3220.U1.PS1.ppt to


Reinforce that students can use NetWitness

Investigator as a packet capture tool and trace

analyzer and touch on its other comprehensive

features.

Discuss the essentials of TCP/IP transaction

sessions and three-way handshake: SYN, ACK,

finish (FIN), and reset (RST) used by TCP.


Roles

This is a graded discussion. Therefore, at the end of the

discussion, ask the students to summarize and submit

their learning.

Text Sheet

Discussion

IS3220.U1.TS1



Form groups of students and encourage them to discuss

the roles of common protocols that are used in their

personal computing or professional enterprise

environments. For example, ask them what role TCP/IP

plays for Internet communications. Ask them how DHCP

eases management of IP addresses. Help them

understand the common protocols used in preparation for

packet analysis.

Context

Set the stage for capturing session analysis and analyzing

network protocol use by discussing the following:

IPv4 addressing

Networking protocol use

Clear-text protocol transactions versus encrypted

protocols


Rationale

Discuss constraints on packet captures, such as network

interface promiscuous mode and switches versus hubs.

Emphasize how the ability to capture clear text is a privacy

issue. What kinds of personal or sensitive data could be

read? Which laws may be broken when capturing

clear-text data? Ask students to describe how these

privacy issues could affect their personal and professional

lives.

Discussion IS3220.U1.TS2

Summary % of the total course grade

Assignment Requirements

Graded Assignment

Students will be provided a handout on familiar protocols

and asked to discuss them. The protocols include

TCP/IP, TCP, IP, UDP, DHCP, and many others. If

participation wanes, ask questions, such as, “Which

protocol does xyz?”, so that students can provide a

protocol name. You may turn the session into a game of

jeopardy to encourage participation.

Encourage students to use all the resources from the

1% Unit 1. Discussion1. Familiar Protocols



EXPLORE phase to work on this graded assignment.

P R A C T I C E


Demo Lab

Refer to IS3220 Instructor’s Lab Manual for details. Demonstration IS3220.

Instructor’s Lab

Manual

Hands-on

Lab

Refer to IS3220 Instructor’s Lab Manual for details. Independent

Study

IS3220.

Instructor’s Lab

Manual



Graded Assignment

Refer to IS3220 Instructor’s Lab Manual for details.


PRACTICE phase to work on this graded assignment.

2% IS3220. Instructor’s Lab Manual



A P P L Y


Challenge

The premise of this assignment is that the student is newly

hired as a technology associate in the information systems

department at Corporation Techs in Dallas, Texas. The

student needs to learn about a new packet analyzer called

NetWitness Inspector.

Lecture

Contributing

Factors

Revisit the issues of clear text versus encrypted data and

the privacy issues surrounding the clear text. Tell the

students that personal and/or sensitive information may

easily be intercepted by an attacker.

Discussion

Course of

Action

Hand out the assignment to the students. Ask them to

download and install NetWitness Investigator on their

computer. They must use the interface to open a specific

demo packet, and then find and display a clear-text

password.

Students must find the clear-text password as

‘mypassword1’. Students are instructed to explore the

NetWitness Investigator interface on their own in

preparation for the interface use throughout the course.

The tools they must identify are: Toggle Timeline, Order

By Total, Order By Values, Ascending Sort, Descending

Sort, Session Count, Session Size, Packet Count, Custom

Drill, Google Earth, and Print View.

Discussion





Graded Assignment

Students are given instructions on installing NetWitness

Investigator and opening a trace file. They must find the

clear-text password as ‘mypassword1’. The students

must report the name of the tools they explore.


APPLY phase to work on this graded assignment.

2% Unit 1. Assignment 1. Clear-text data in packet trace

Reminders

Remind students of their readings for Unit 2.

Remind students that Unit 1 Assignment 1 is due before the start of next unit’s class.

(End of Unit 1)



UNIT 2: Network Security Basics

Learning Objective

Explain the fundamental concepts of network security.

Key Concepts

Confidentiality, integrity, and availability (CIA) mandates for network resource security

Network security and its value to the enterprise

Roles and responsibilities in network security

Impact of network infrastructure design on security

Features, uses, and benefits of network security countermeasures

Reading

Stewart, Chapter 1. “Network Security Fundamentals”

Keywords


▪ Confidentiality

▪ Integrity

▪ Availability

▪ Authentication

▪ Authorization

▪ Risk

▪ Threat

▪ Vulnerability

▪ Security policy

▪ Firewall

▪ VPN

▪ Demilitarized zone (DMZ)



Learning Activities

E X P L O R E


Concepts

The Concepts section is divided into three parts:

1. Refer to slides 3-5 in the Concepts section of

IS3220.U2.PS1.ppt to cover the following points:

Discuss CIA as primary goals of information

security.

Talk about the secondary goals that build

upon the CIA triad. Also, discuss the

procedures and methods used for assuring

the goals of the CIA triad are met.

Using the diagram provided in slide 5, discuss

each of the seven domains of a typical

information technology (IT) infrastructure. This

discussion should include any CIA

implications for each domain. You may also

want to discuss how these domains relate to

each other.

2. Introduce the concept of risk and describe how

understanding the concepts of risk and applying

policies and controls that address information

assurance will result in a more secure networking

environment. Refer to slides 6-9 in the Concepts

section of IS3220.U2.PS1.ppt to cover the

following points:

Revisit the concepts of risk, threat, and

vulnerability. You may use some real-life

examples to describe the impact of risk on an

organization.

Discuss how information assurance builds

upon the CIA concepts to provide methods

and procedures, like authentication and




nonrepudiation, to address the risks

associated with IT.

Talk about security policies.

Provide an overview of a sample of

networking infrastructures. Highlight the

benefits and risks that each type brings.

3. Revisit the key terms that have been discussed so

far. Review the terminology that the students will

see in the upcoming units. Understanding the

terminology will be critical for the remainder of the

course. Refer to slides 10-12 in the Concepts

section of IS3220.U2.PS1.ppt to cover the

following points:

General terminology: Ask students to provide

a definition of the terms mentioned in the

slide.

Risk terminology: The topic of risk has many

pieces and is often confusing to someone who

has not worked with risk before. You may

want to do a quick recap of the terms

associated with risk.

Networking terminology: The intent of

discussing this terminology is to introduce the

students to the purpose and security

implications associated with each term.

Where appropriate, point out security risks

that a networking component addresses or

offers.

Process

Refer to the Process section of IS3220.U2.PS1.ppt to


▪ Introduce policy, awareness, and training as

security countermeasures. Present them as

the starting point for security in every

organization.

Talk about some of the common

countermeasures that are available. Discuss




how the countermeasures chosen to secure a

network will vary depending on the business

requirements and the network deployment

supporting those requirements. Review the

use, benefits, and limitations of each

countermeasure.

Roles

Select six students in the class. Ask each of them to

represent the role of senior management, IT management,

IT security staff, managers, network administrators, users,

and auditors, respectively. Give them about five minutes

to think about what is their responsibility toward network

security. Then, ask those students to present their views

to the rest of the class. Later, the entire class should

discuss if appropriate responsibilities were identified. What

did those six students miss? Provide students with

IS3220.U2.TS1.doc to facilitate the discussion.


Context

Refer to the Context section of IS3220.U2.PS1.ppt to


Discuss how business requirements guide the

network requirements and security

implications of the requirements. Highlight

how the availability requirements change the

design of the system. Propose questions,

such as “Does the business require 24/7

availability?” If so, redundant systems might

be necessary. Further ask, “Can the business

tolerate an outage?” Remind students that

availability is one of the primary objectives of

network security.

Address the sensitivity of the data involved.

Ask students, are we transmitting personally

identifiable information (PII) data or card

holder data? Is there a requirement around

encryption? Talk about how sensitivity relates

back to the confidentiality objective.




Highlight some of the implications that

connecting a network to the Internet presents.

Discuss wired networks.

Walk through the benefits of wireless

networking.

Discuss some of the security concerns that

must be considered with a wireless network.

Discuss the benefits and design

implementations of mobile networking.

Rationale



their learning.

To remind students of the seven domains, provide them

with IS3220.U2.TS2.doc. Form groups of students to

discuss and identify the domains of a typical IT

infrastructure the students are familiar with and the

countermeasures that they have used or seen being used

in a network. The intent of this discussion is to allow the

students to apply the material that was covered so far to

their experiences.




Graded Assignment

This is an in-class assignment. The students will be

divided into smaller groups to facilitate a discussion on

the domain of a typical IT infrastructure.



1% Unit 2. Discussion 1.

Familiar Domains



P R A C T I C E


Demo Lab


Instructor’s Lab

Manual

Hands-on

Lab


Study

IS3220.

Instructor’s Lab

Manual



Graded Assignment




2% IS3220. Instructor’s Lab

Manual



A P P L Y


Challenge

The scenario for this assignment continues from the

scenario in Unit 1 Assignment 1. This time, students will

be given a suggested network design for Corporation

Techs. For more details on the scenario, refer to the

assignment. Students must research and identify the

appropriate network security countermeasures for the

identified threats.

Lecture

Contributing

Factors

Remind students that a balance must exist between

security and usability. Several countermeasures are

available for any given threat, but the best one must be

chosen with the business objectives in mind.

Discussion

Course of

Action

Hand over the assignment to the students. Ask students to

refer back to their notes from the early discussion about

common network security threat countermeasures. Using

the Internet, the students should research real-life

solutions to the problem.




Graded Assignment

Students need to identify the countermeasures and

submit a report on the same. The students’ report should

include a description of each threat and the

countermeasure identified for it. The students should

discuss the reasons they chose each countermeasure. In

addition, the students should discuss the benefits and

limitations of each countermeasure.


2% Unit 2. Assignment 1.

Selecting Security

Countermeasures




Reminders

Remind students of their readings for Unit 3.


(End of Unit 2)



UNIT 3: Network Security Threats

Learning Objective

Recognize the impact that malicious exploits and attacks have on network security.

Key Concepts

Intellectual property and privacy data

Risk assessment for your network infrastructure

Wired and wireless network infrastructure risks, threats, and vulnerabilities

Common network hacking tools: Applications, exploits, and attacks

Social engineering practices and their impact on network security efforts

Reading

Stewart, Chapter 4. “Network Security Threats and Issues”

NIST SP 800-30: Risk Management Guide for Information Technology Systems

(http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf)

Keywords


Arbitrary code execution

Botnet

Buffer overflow

Cross-site scripting (XSS)

Denial of service (DoS)

Distributed denial of service (DDoS)

Hacker

Insertion attack

Interception attack

Keystroke logger

Nmap

Phishing

Playback attack

Port scanning

Replay attack

Risk assessment

Rootkit

Security awareness training



Session hijacking

Social engineering

Spam

Structured Query Language (SQL) injection

Vulnerability scan

Hacking

ICMP redirect

Insertion attack

Interception attack

Keystroke logger

Man-in-the-middle/monkey-in-the-middle



Learning Activities

E X P L O R E


Concepts

Begin the session with a discussion on the common types

of threats that are likely to be encountered by most

organizations, malware and application vulnerabilities.

Refer to the Concepts section of IS3220.U3.PS1.ppt to


Malware: Compare and contrast various types of

malware, such as viruses, worms, Trojan horses,

browser redirection, and keyloggers. Review how

computers are infected with malware. You may

present real-world examples and illustrate the

impact they can have on organizations.

Application vulnerabilities: Review common

classes of vulnerabilities, such as buffer overflow,

unsanitized data inputs, cross-site scripting, and

cached credentials. Stress the importance of

including security in the system development life

cycle and keeping abreast of vendor-issued

security patches and updates. Present real-world

examples and illustrate the impact they can have

on organizations.

System port and vulnerability scanning: Review

the basics of system port and vulnerability

scanning and relate the importance of conducting

regular vulnerability scans.


Process

Organizations must be able to prioritize and address

threats that pose the greatest risk. Refer to the Process

section of IS3220.U3.PS1.ppt to cover the following

points:

Risk assessment methodology: Introduce risk.




Cover the basic steps of formal risk assessment

methodology as discussed in NIST Special

Publication 800-30.

Determining risk: Discuss the concepts of

likelihood and impact of risk. Help students

understand how these concepts are used to

calculate risk using a risk level matrix. Explain the

difference between qualitative and quantitative

risk analysis and why qualitative risk analysis is

typically used when calculating risk for network

security.

Roles

Ask students, who could be an attacker? Suggest some

examples, like a disgruntled employee out for revenge, an

overworked employee that tries to bypass security

controls in order to save time, or a professional hacker

trying to steal confidential or proprietary data to sell to the

highest bidder. How to protect an organization against

such attackers? Hand out the text sheet

(IS3220.U3.TS1.doc) to students and refer to the Roles


points:

Network attackers: Discuss the types of

attackers, internal and external. Talk about how

attackers are not always malicious and attacks

are not always deliberate. Identify the three types

of hackers. Describe the hacking process.

Hacker motivation: Explore the hacker society

and how hacking affects social status in hacker

communities. During the discussion, encourage

students to offer opinions on hacker motivations,

as well as share any professional experiences

they have had with internal or external attackers.

Attack Methods: Discuss attack methods, such as

unauthorized access, network penetration,

malware, and application compromise. Also,

discuss social engineering techniques.

Discussion

Presentation

IS3220.U3.TS1

IS3220.U3.PS1



Context

By now, students should be familiar with the seven

domains of a typical IT infrastructure as well as common

threats and vulnerabilities. You may do a quick recap of

the domains, threats, and vulnerabilities with the help of

slides provided for the Context section.

Refer to the Context section of IS3220.U3.PS1.ppt to


Risks, threats, and vulnerabilities for each of the

seven domains of a typical IT infrastructure.

Present security concerns rose from risks, threats,

and vulnerabilities specific to wireless networks,

such as scanning for wireless networks and rogue

access points.


Rationale



their learning.

Hand out the text sheet summarizing social engineering

techniques. Form groups of students and instruct them to

discuss social engineering attacks and identify security

awareness training to offset common social engineering

techniques. In addition, discuss why social engineering

attacks are particularly difficult to prevent. Refer to the

Graded Assignments section for details.

The intent of this discussion is to help students apply their

learning on social engineering to prepare them for any

real-world situations involving social engineering.






Graded Assignment



social engineering techniques.




Social Engineering

Defense Issues



P R A C T I C E


Demo Lab


Instructor’s Lab Manual

Hands-on

Lab


Study

IS3220. Instructor’s Lab

Manual



Graded Assignment





Manual



A P P L Y


Challenge

The initial phase of any network security realignment

process involves identifying existing resources. This

activity allows students to fulfill the role of an employee

participating in the network security process in a specific

business situation.

Lecture

Contributing

Factors

Remind students that before it is possible to plan to

change anything in the network, they must first understand

what is present in the network, where it is located, and

what function it performs. Students should refer back to

the work performed in the Hands-on Lab in earlier units of

this course.

Discussion

Course of

Action

Hand out the assignment to the students. Ask them to

summarize the network survey results and submit it.

Discussion



Graded Assignment

Students will build upon the Lab assignment in order to

produce a network survey document that identifies hosts,

protocols, and services applicable to the Corporation

Techs’ network environment.



4% Unit 4. Project Part 1. Network

Survey.

Reminders Remind students of their readings for Unit 4.

Remind students that Project Part 1 is due for submission in next unit.

(End of Unit 3)



UNIT 4: Network Security Tools and Techniques

Learning Objective

Identify network security tools and discuss techniques for network protection.

Key Concepts

Securing the local area network (LAN)-to-wide area network (WAN) domain–Internet

ingress/egress point

Mitigating risk with intrusion detection systems (IDSs) and intrusion prevention systems (IPSs)

Contrasting intrusion detection and intrusion prevention strategies

Review of automated network scanning and vulnerability assessment tools and their use

Data protection strategies and their value to the organization

Reading


Technical Overview of Network Security, Firewalls, and VPNs

Stewart, Chapter 7. “Exploring the Depths of Firewalls”

Understanding Firewall Logs and Alerts

Intrusion Detection

Stewart, Chapter 15. “Network Security Resources, and the Future”

Keywords


Firewall

IDS

IPS

Network analysis

Port Scan

VPN

Vulnerabilities

Vulnerability assessment

Vulnerability scan

Watermarking



Learning Activities

E X P L O R E


Concepts

Identify the features and functions of commonly available

network-vulnerability assessment tools. Refer to the

Concepts section of IS3220.U4.PS1.ppt to cover the

following points:

Discuss the two basic types of vulnerability

scanners.

Define Nmap and Zenmap and take a tour of

the Zenmap interface.

Discuss other notable vulnerability

assessment scanners, such as Nessus,

Retina, and SAINT. You may also want to

discuss other scanners students encounter in

the real-world.


Process

Network analysis involves analyzing network data to

reconstruct network activity over a specific time period.

This section focuses on network analysis and the primary

steps used to perform analyses. Refer to the Process


points:

Network analysis

Overview of network analysis tools

Where to capture data on the network

Network analysis steps


Roles

Describe the use of data loss/data leak prevention tools

and their roles in protecting the CIA principles.

Refer to the Roles section of IS3220.U4.PS1.ppt to cover

the following points:

Emphasize the purpose of data loss/data leak




prevention tools.

Define the two basic types of tools: Perimeter

based and client or endpoint based. Discuss

some of the perimeter- and client-based tools,

both commercial and open source. The

discussion should not favor any one tool.

Focus on the roles the tools play in protecting

sensitive information from leaving a network.

Context

Take the focus to securing the LAN-to-WAN domain,

which includes border routers, perimeter firewalls, IDSs

and IPSs. Refer to the Context section of


Discuss the LAN-to-WAN domain in relation to

the seven domains of a typical IT

infrastructure.

Review the essentials of ingress and egress

traffic. Define each of them.

Talk about border routers and how to protect

the LAN-to-WAN domain.

Define ingress and egress filtering.

Review the essential functions and features of

an IDS and IPS.

Discuss how an IDS differs from an IPS. Tell

the students that both IDSs and IPSs are

often collectively referred to as IDSs but they

do handle some different functions.

Differentiate between host-based IDSs

(HIDSs) and network-based IDSs (NIDSs).

This brief lecture will set the stage for the

in-depth discussion on HIDS and NIDS

drawbacks.


Rationale



their learning. Ask students to review the content provided

in the handout and discuss why host- or network-based




IDS solutions might present problems for an organization

in terms of resource consumption and encrypted transport

examination. Remind students that part of the tuning or

training process of an HIDS or NIDS is to strike a balance

between security and resource consumption––to avoid

decreasing end-user productivity and network bottlenecks.

The students should also discuss possible resolutions.



Graded

Assignment


divided into smaller groups to facilitate discussion.




Host-Based vs. Network-Based

IDSs/IPSs



P R A C T I C E


Demo Lab



Hands-on

Lab


Study


Manual



Graded Assignment





Manual



A P P L Y


Challenge


scenario in Project Part 1. The student has been working

as a technology associate in the information systems

department at Corporation Techs. Refer to the assignment

to know the details about the scenario. Given a saved

Nmap/Zenmap scan of a web server host, students must

identify services that were detected on the system and

research the use of each service. The goal is to identify

unnecessary services running on the Web server.

Lecture

Contributing

Factors

Remind students that not all services are necessary on

every server. Leaving some services enabled provides a

possible attack point.

Discussion

Course of

Action

Hand out the assignment to the students. Students should

use the knowledge gained in class regarding vulnerability

assessment tools, and Nmap/Zenmap in particular, to

study the saved scan of a Web server. Students must use

the Help system in the tool and the Internet to determine

which services are unnecessary. Students need to create

a detailed plan for the removal of unnecessary services,

supporting their conclusions.




Graded Assignment

Students will be provided with a scenario and a saved

Nmap scan of a Web-server host. They will then identify

services detected on the system, research the use of

each, and detail a plan for the removal of unnecessary

2% Unit 4Assignment 1.

Identify Unnecessary

Services from a Saved

Vulnerability Scan



services with support for their conclusions.



Reminders

Remind the students of their readings for Unit 5.


(End of Unit 4)



UNIT 5: Firewall Fundamentals

Learning Objective

Describe the fundamental functions performed by firewalls.

Key Concepts

IP stateful firewalls

Types of firewalls and their features and functions

Review of software- and hardware-based firewall solutions and their value to the enterprise

Filtering and port control strategies and their functions in enterprise security

Homed firewalls and placement

Reading

Stewart, Chapter 2. “Firewall Fundamentals”

Keywords


Application gateway

Egress filtering

Firewall

Host-based firewall

Ingress filtering

Multi-homed firewall

Network address translation (NAT)

Network-based firewall

Stateful

Stateless



Learning Activities

E X P L O R E


Concepts

The Concepts section is divided into two parts:

1. The first part of this unit provides background for

students new to the concept of network firewalls.

Refer to the slide 3 and 4 in the Concepts section of

IS3220.U5.PS1 to cover the following points:

▪ Define a firewall and describe its features,

explain how firewalls fit into the network

security framework, and name different types

of firewalls. Discuss the various traffic

considerations a firewall makes on the

network.

▪ Present an example of network topology

showing where firewalls fit into the network

environment.

2. The second part focuses on how tracking

network-connection state helps identify legitimate and

illegitimate network access. Refer to the slides 5 and 6

in the Concepts section of IS3220.U5.PS1.ppt to cover


▪ Define stateless firewall inspection.

▪ Define stateful firewall inspection.

▪ Describe the difference between stateless and

stateful traffic filtering. Discuss the strengths

of monitoring session state information to

validate connections.


Process

Discuss the differences between the types of firewall

filtering with a focus on the associated benefits and

drawbacks of each. Refer to the Process section of





Describe how firewalls apply various filtering

strategies. Discuss variances between examining

protocol headers and payloads, filtering at different

Open Systems Interconnection (OSI) protocol layers,

and inbound versus outbound connections.

Discuss how proxy and NAT connections fit into the

network with firewalls. Distinguish the directions in

which traffic flows through the network.

Roles

The Roles section is divided into four parts:

1. Introduce packet filters and discuss the different types

of firewall and the roles each firewall plays in the

overall network design. Refer to slide 12 in the Roles

section of IS3220.U5.PS1.ppt to discuss static and

dynamic packet filters and the advantages of

monitoring connection states.

2. Highlight that all networks pass traffic and some of

that traffic could potentially expose the network to risk

factors. Help students understand the value of

application-level gateway filtering in secure networks.

Refer to slides 13-16 in the Roles section of


Define application-level gateways. Discuss

how a proxy connects firewall application

protocols. Explain the security that man-in-the-

middle filtering provides between client and

server. Describe how application proxies help

create a defense-in-depth strategy with

firewalls.

3. Form groups of students and encourage them to

discuss the different types of firewall. Ask them what

roles each firewall plays in the network design. Help

them understand the various firewall filtering methods.

Refer to slide 17 and 18 in the Roles section of

IS3220.U5.PS1.ppt to cover the following point:

▪ Examine circuit-level network proxies and

distinguish them from application-level




proxies. Discuss the basic operation of

circuit-level proxies. Describe how application

proxies help create a defense-in-depth

strategy with firewalls.

4. Discuss how address translation serves to segment

subnets and internal networks. Highlight that NAT also

helps to create a defense-in-depth strategy when used

with firewalls and proxies.

▪ Refer to slide 19 in the Roles section of

IS3220.U5.PS1.ppt to walk through NAT and

explore how it benefits the network. Describe

how NAT helps create a defense-in-depth

strategy with firewalls and proxies.

Context



their learning.

Form groups of students, engage them in a discussion on

ingress and egress filtering, and firewall placement. Help

them understand the various firewall filtering methods.

Student should address inbound external connections to

protected intranet services, such as VPN telecommuting.

They should also cover outbound internal connections to

popular Internet services, such as Web and e-mail. The

students should also discuss firewall placement.


Rationale

Discuss the differences between network- and host-based

firewalls, such as the scope of protection each provides.

Refer to the Rationale section of IS3220.U5.PS1.ppt to


Differentiate between software and hardware firewall

devices and discuss what would be the considerations

for installing both types. Emphasize the advantages

and disadvantages of software- and hardware-based




firewall solutions.

Discuss layered protection through host- and network-

based firewalls, distinctions and differences between

local filtering and

network-wide filtering, and considerations for installing

both types.

Talk about single-homed and multi-homed firewall

systems, network implications, and considerations for

installing both types. Discuss strengths provided by

multi-homed firewall filtering and network isolation.

Ask students what kinds of traffic pass unprotected on the

internal network and what could pass protected between

external and internal sources. How is a hardware firewall

better than a software firewall? Why would you want more

than one interface?



Graded Assignment



ingress and egress filtering and firewall placement.



1% Unit 5. Discussion 1. Ingress and

Egress Filtering



P R A C T I C E


Demo Lab



Hands-on

Lab


Study


Manual



Graded Assignment





Manual



A P P L Y


Challenge


scenario in Unit 4 Assignment 1. The student has been

working as a technology associate in the information

systems department at Corporation Techs. Refer to the

assignment to know the details of the scenario. In this

assignment, the student needs to learn how to select the

right firewall filtering method for a given scenario.

Discussion

Contributing

Factors

Highlight the important differences between ingress and

egress traffic and the translation associated with private

network classes using NAT.

Discussion

Course of

Action

Hand out the assignment to the students. They must

choose an appropriate firewall filtering method and use

good judgment when considering how each type provides

protection and necessary filtering logic.




Graded Assignment

Students are instructed to identify where various types of

firewall filtering apply and how they protect against

malicious network behavior at all layers of the OSI

reference model.




Select the Proper Type of Firewall

Reminders





(End of Unit 5)



UNIT 6: Firewall Design Strategies

Learning Objective

Assess firewall design strategies.

Key Concepts

Organization traffic and acceptable use policy (AUP) policy review—what is acceptable traffic

Strategies for Internet and private network separation

Firewall rules and their application in restricting and permitting data transit

Use of protected DMZs to provide security for publicly facing bastion hosts

Conflicts between security strategies and requirements for availability

Reading

Stewart, Chapter 7. “Exploring the Depths of Firewalls”

Stewart, Chapter 8. “Firewall Deployment Considerations”

Keywords


Rules

Filters

Management interface

Access control list (ACL)

Alert

False positive/negative

Firewalking

Load balancing

Caching

Unified thread management

Signature



Learning Activities

E X P L O R E


Concepts

Begin this unit by discussing the concepts of firewalls.

Firewalls are critical security components to include in any

network environment, but they are invulnerable. Firewalls

have both limitations and weaknesses that must be

thought through and discussed.

Refer to the Concepts section of IS3220.U6.PS1 to cover


Exploitable programming bugs

Buffer overflow

Fragmentation

Firewalking

Internal code planting

DoS

There are actions that an administrator can take to

counter the limitations and weaknesses of firewalls.

Additional protection can often be achieved by adding

encryption. Encryption has some significant implications

that should be understood before its enablement.

Describe the following points:

Encrypted transport

Gateway bottlenecks

Describe the impact of including firewall enhancements:

Malware scanning

IDS and IPS

VPN endpoints

Discussion

Presentation

IS3220.U6.PS1

Process



Discussion © ITT Educational Services, Inc.All Rights Reserved. -50- Change Date: 01/09/2012


their learning.

To facilitate the discussion, provide students with the text

sheet (IS3220.U6.TS1.doc). Have the students break into

small groups. Ask them to review the descriptions of

different firewall security strategies in order to determine

which strategies are appropriate. Strategies to be

discussed include:

Security through obscurity

Least privilege

Simplicity

Defense in depth

Diversity of defense

Choke point

Weakest link

Fail safe

Universal participation

IS3220.U6.TS1

Roles

Discuss the roles of reverse proxy and port forwarding in

internal network security. Reverse proxy and port

forwarding are methods that can provide a buffer from

direct access, creating concealment and thus, enhancing

security of the internal network. Refer to the Roles section

of IS3220.U6.PS1.ppt to cover the following points:

The roles reverse proxy and port forwarding play

in internal network security

The pros and cons of using reverse proxy and

port forwarding

Sharing limited public address space across

multiple private network services through NAT

combined with port forwarding

Discussion

Presentation

IS3220.U6.PS1

Context

In this section, lead a discussion about bastion hosts.

Bastion hosts represent the most basic of firewall

implementations. Refer to the Context section of


The use of bastion hosts in the DMZ

Discussion

Presentation

IS3220.U6.PS1



Considerations for ingress/egress filtering of traffic

originating in the private network and from the

Internet

Rationale

Rationale section is divided into two parts:

1. The first part covers firewall rules and ports range.

When setting up a new firewall or dealing with an

existing one, it is a requirement to configure and

manage firewall rules. Rules must be adjusted as

the needs of the environment shift, but there are

some general guidelines to keep in mind. Refer to

the Rationale section of IS3220.U6.PS1.ppt to


Firewall rule

General guidelines

Ports:

Which ports should be allowed

Which ports should be blocked

Conflicts between port range and individual

port allow/block settings

2. The second part covers the importance of logging

and monitoring. Logging and monitoring firewalls

in an environment is critical. In order to remain

aware of the effectiveness of the firewall and to be

able to respond effectively to threats, logging and

monitoring should be configured. Refer to the

Rationale section of IS3220.U6.PS1.ppt to

discuss logging and monitoring.

Discussion

Presentation

IS3220.U6.PS1



Graded Assignment


divided into smaller groups to facilitate discussion.




Firewall Security Strategies



P R A C T I C E


Demo Lab

Refer to IS3220 Instructor’s Lab Manual for details. Demonstration IS3220.Instructor’s

Lab Manual

Hands-on

Lab


Study

IS3220.Instructor’s Lab Manual

Summary% of the total

course grade


Graded Assignment




2% IS3220.Instructor’s Lab Manual



A P P L Y


Challenge

The configuration of a network affects the options

available for security and network defense. Using the

network survey produced during Part 1 of this project,

together with host vulnerability assessments and access

requirements, students are instructed to design an

updated network structure, separating private and public

services within the Corporation Techs’ network.

Lecture

Contributing

Factors

Engage the students in a discussion on what they need to

design in a network structure. Once they come up with

answers, give them the following description:

The Web server provides public access to the

organization's static Web site for contact information, while

sales team members in the field transfer contract and bid

documents using a site secured with a logon and

password. All of Corporation Techs’ computer systems

share the same Class C public IP address range,

including workstations along with servers providing

authentication, e-mail, and both secure and public Web

sites. As internet service provider (ISP) costs are very

high due to the subnet lease, it would be beneficial if the

new network design could reduce the number of public

addresses needed.

Discussion

Course of

Action

Hand over the assignment to the students. Students must

use NetWitness Investigator and Zenmap to identify

vulnerabilities in a packet trace file, create a basic network

design separating private and public services within the

network, and create a report detailing the information.

Lecture





Graded Assignment

Students will identify vulnerabilities, create a basic

network design separating private and public services

within the network, and create a professional report

detailing the information.



2% Unit 7. Project Part 2. Network

Design

Reminders


Remind students that Project Part 2 is due for submission in next unit.

(End of Unit 6)



UNIT 7: VPN Fundamentals

Learning Objective

Describe the foundational concepts of VPNs.

Key Concepts

Strategies for protection of remote network access using a VPN

Network architecture necessary for VPN implementation

Types of VPN solutions and common protocols used for connectivity and data transport

Planning and selecting the best VPN options for an organization

Reading

Stewart, Chapter 3. “VPN Fundamentals”

Stewart, Chapter 11. “VPN Management”

Stewart, Chapter 12. “VPN Technologies”

Keywords

Use the following keyword to search for additional materials to support your work:

VPN



Learning Activities

E X P L O R E


Concepts

The first part of this unit provides a background for

students new to the concept of VPN. Refer to the

Concepts section of IS3220.U7.PS1.ppt to cover the

following points:

Define the VPN concept: What it does, how it

works, and why it is used. Discuss the benefits

and limitations of VPN technology.

Discuss the various types of VPN protocols and

how each fits into the OSI network model. Cover

VPN cost motivations, usage scenarios, and the

various connection types.

Ask students, what business and personal uses

are for VPN. How do VPNs benefit the network

and what are their usage limitations?

It is recommended that after teaching Concepts you take

up Rationale, Context, Roles, and Process, respectively.


Process



their learning.

Students will review the process of developing a VPN

policy and employing best practices, guidelines, and

standards. Discussion topics should include:

Types of remote users and groups and applicable

access levels assigned to each of them

The guidelines, practices, procedures, policies,

and regulations that influence VPN operation and

oversight:

Solutions to resolve VPN usage violations




or end-user misbehaviors

Controls used to contain and confine the

types of damage users can do, and how

to enforce them through policy

Roles

Emphasize the fundamental roles hardware- and

software-based VPN solutions play in data security. Refer

to the Roles section of IS3220.U7.PS1.ppt to cover the

following points:

Advantages and disadvantages of hardware- and

software-based VPNs

Options for outsourcing ownership and operation

of VPN services and systems


Context

Ask the students, what solution is best for casual VPN

needs and what suits enterprise networks.

Compare and contrast VPNs operating in transport mode

and tunnel mode. Identify common VPN protocols and

examine the uses, features, and problems associated with

each of them. Refer to the Context section of


VPN tunneling and transport

Cryptographic protocols

VPN authentication, authorization, and

accountability mechanisms

Tunneling, transport, encapsulating, and carrier

protocols


Rationale

Discuss VPN deployment models, deployment

mechanisms, architecture, and protocols. Emphasize

crucial components for secure VPN operation throughout

this section. Examine the implications of privately and

corporately owned VPN solutions. Refer to the Rationale

section of IS3220.U7.PS1.ppt to cover the following points:

VPN deployment models and methods and uses

of each model




The underlying architecture that support VPN

services and VPN best practices

Common VPN protocols, the functions they

provide, and the problems posed by each VPN

protocol



Graded Assignment

This is an in-class assignment. Students will be divided

into smaller groups to facilitate a discussion on

developing a VPN policy and employing best practices,

guidelines, and standards.




VPN Policy and Best Practices



P R A C T I C E


Demo Lab



Hands-on

Lab


Study


Manual



Graded Assignment




2% IS3220. Instructor’s Lab Manual



A P P L Y


Challenge


scenario in Project Part 2. The student has been working

as a technology associate in the information systems

department at Corporation Techs. The company has

experienced several VPN connection failures lately. The

manager has asked the student to create a VPN

connectivity troubleshooting checklist for future use.

Lecture

Contributing

Factors

There are potential failure points in a VPN connection.

Students must consider the underlying network, VPN

protocols and services, and software-related issues.

Discussion

Course of

Action

Hand out the assignment along with the text sheet.

Students must identify relevant steps in the VPN

connectivity troubleshooting process and create a

checklist of actions for resolving general VPN connectivity

issues.




Graded Assignment

Students are instructed to review VPN connectivity

troubleshooting steps and create a troubleshooting

checklist.



2% Unit 7. Assignment 1. Create a VPN Connectivity

Troubleshooting Checklist

Reminders



(End of Unit 7)



UNIT 8: Network Security Implementation Strategies

Learning Objective

Describe network security implementation strategies and the roles each can play within the

security life cycle.

Key Concepts

Layered security strategies

Layered security for enterprise network resources

Practices for hardening systems and networks against an attack

Security as a process rather than a goal

Security as a process or a life cycle that requires constant attention

Reading


Keywords


Defense in depth

Concentric castle

Hardening

Internet Assigned Numbers Authority (IANA)

RFC 1918

Authentication

Authorization

Encryption

DHCP

Secure Sockets Layer (SSL)

Internet Protocol security (IPsec)



Learning Activities

E X P L O R E


Concepts

The Concepts section is divided into three parts:

1. You may use the following introduction to start the

Concepts section:

Layered security is about making a system more

secure by adding additional layers. The strength

of the system’s security is determined by the sum

of all the layers and not just one control. Layered

security requires adding multiple controls to

protect any given resource. Each security control

should address CIA or some combination of them.

The goal of layered security is not to erase risk

but lower it by making it more difficult for an

attacker to penetrate defenses.

Refer to slides 3 and 4 in the Concepts section of


▪ Layered security: Discuss how controls in

layered security build upon each other.

Emphasize that security policy is a layer

and should support all the other layers.

▪ Layered security is action: Walk through

examples of layered security in action.

For the purposes of instruction, these

examples are simplified. You may want to

share some real-life examples in the

class.

2. Introduce the concentric castle design. Refer to

slides 5 and 6 in the Concepts section of


▪ Concentric castles: Discuss the features




and benefits of a concentric castle’s

design.

▪ Network security application: Discuss how

a DMZ design employs the principles of a

concentric castle’s design.

3. Talk in-depth about the focus of layered security.

Discuss that when building upon the concepts of

layered security and concentric defense, one can

add overlapping countermeasures to the same (or

different) layers to create depth of controls. Once

the breadth and depth of controls are established,

defense in-depth can be realized. Help students

understand that technical controls must be

supported by nontechnical controls. Nontechnical

controls are often physical security controls or

administrative controls. As an example, incident

management can include a variety of technical

controls to identify an incident. However, without a

proper incident response plan, one does not have

true defense in depth. Refer to slides 7-9 in the

Concepts section of IS3220.U8.PS1.ppt to cover


▪ Improving concentric castles: Continuing

with the previous example, describe how

depth can be added to the castle defense

to create a more robust defense.

▪ Building upon layered security: Discuss

breadth versus depth using the example

given in the slide.

▪ The bigger picture: Discuss how layered

defense and defense in depth work

together to address the concerns

associated with the CIA triad.

Process



their learning.

Discussion

IS3220.U8.TS1



Explain the purpose of system hardening. Lead the class

in a discussion about system hardening strategies and

techniques including updates and patches, default

logon/passwords, anonymous access, removal of

unneeded services, separation of production and

development environments, and settings, such as

password length and complexity. The system hardening

discussion text sheet (IS3220.U1.TS1.doc) provides a

sample of resources available for hardening systems. It

has descriptions and links to available hardening

guidelines and standards.

Roles

You may use the following introduction to start this

section:

Security is only as strong as the weakest link involved. To

have a successful network-security implementation one

must consider not only the bigger picture, but also each

individual component. Starting with a security policy that

addresses the CIA, one must place countermeasures to

address identified threats at every level. This is

accomplished using a combination of layered security and

defense in depth.

Refer to slides 11-19 in the Roles section of


Node security: Present the idea that every device

on the network has certain risks associated with it.

In order to have an effective network security one

must start security at the lowest level (the device

level). Highlight that different individuals play a

role in securing the network at individual levels.

Node security concerns: Discuss the specific

security concerns of different node types. The

examples provided are simplistic for presentation

purposes. You may want to discuss some real-life

examples to add more depth.

Network security: Discuss how network design




decisions impact the security of the network.

Present this as a review from previous sections.

Highlight the newer topics.

Describe how IP addresses are assigned

—statically or dynamically.

Discuss the two different types of

addressing offered by TCP/IP, public and

private.

Physical security: Discuss the importance of

physical security. Provide students with examples

of how direct terminal access can bypass certain

controls. Touch on high-level aspects of physical

security as they relate to network security.

Administrative controls: Discuss the administrative

controls that form the framework of network

security. Explain how all controls are build with the

corporate objectives in mind.

Key components: Discuss the areas that go into

the overall security of a network. This topic may

also be treated as a review from previous

sections.

Context

Hand out the provided text sheet (IS3220.U8.TS2.doc),

which includes a comparison of security concerns for

local, remote, and mobile hosts. Compare and contrast

the security concerns surrounding local hosts, remote

hosts, and mobile devices. Remind students that one must

consider business needs when designing security. A

worker’s needs can vary based on the job functions and

work locations. Ask students to consider the requirements

of the sample worker types included in the handout.

The discussion should include the following points:

▪ Transport security

▪ On-device encryption

▪ Malware defenses




Rationale

You may use the following introduction to start the

Rationale section:

In order to have a successful network security

implementation, one must enforce access control. To

effectively defend against threats, one must be able to

authenticate and authorize users. Additionally, having the

ability to log and monitor activity is crucial to success. If

security policy is the law, access control is the police.

Access control plays a pivotal role in protecting the CIA of

information. Access control sets the stage for who can

access confidentiality or modify integrity of information.

Finally, if an individual cannot access the information they

need, the availability of information will be affected.

Encryption is concerned with render data unreadable to

everyone, but the intended parties. Encryption focuses on

protecting the confidentiality and integrity of data.

Encryption systems are designed to ensure that a

message is unreadable to eavesdroppers and the host

has not been altered. Encryption can also ensure

authenticity and nonrepudiation.

Refer to slides 21-25 in the Rationale section of


Authentication: Discuss how authentication works

and the different levels of authentication. Link the

discussion back to the CIA triad as appropriate.

Authorization: Discuss how authorization works.

Attention should be paid to the concept of least

privileged. You can relate it back to the CIA triad

as appropriate.

Accounting: Discuss how accounting works and

the difference between logging, monitoring, and

auditing. Link it back to the CIA triad as

appropriate.

Encryption: Data at rest is not a focus because

we are concerned with networks and




communication encryption. However, a brief

overview of encryption should be provided.

Discuss the methods and purpose of encrypting

data in transit.



Graded Assignment



system hardening techniques and strategies. At the end

of the discussion, the students need to summarize and

submit their learning.



1% Unit 8. Discussion1. System

hardening



P R A C T I C E


Demo Lab



Hands-on

Lab


Study


Manual



Graded Assignment





Manual



A P P L Y


Challenge

Students will identify a networked technology used at

home, at work, or as a personal convenience. The

students will research and identify three potential threats

to node security of the device, and detail a mitigation

mechanism for each threat.

Lecture

Contributing

Factors

Hand out the provided security concerns and mitigations

strategies text sheet. Tell the students that it is estimated

that over 5 billion devices are connected to the Internet

today. In the next 5-10 years estimates are putting that

number at anywhere between 15 and 50 billion.


Course of

Action

Ask students to consider the list of host types and select a

networked technology used at home, at work or as a

personal convenience.

Discussion



Graded Assignment

Students will provide a written report on the networked

technologies along with its associated threats, and

mitigation strategy. The students’ report should include a

description of each networked technology and the

identified threat.




Security Concerns and

Mitigation Strategies

Reminders



(End of Unit 8)



UNIT 9: Firewall Implementation and Management

Learning Objective

Appraise the elements of firewall and VPN implementation and management.

Key Concepts

Planning and selection of an appropriate firewall for an organization

Best practices for managing enterprise and personal firewalls

Security appliances that work with firewalls

Best practices for managing VPN connectivity

Risks in using remote access technologies in the context of an enterprise

Reading

Stewart, Chapter 9. “Firewall Management and Security Concerns”

Stewart, Chapter 10. “Using Common Firewalls”

Stewart, Chapter 13. “Firewall Implementation”

Stewart, Chapter 14. “Real-World VPNs”

Keywords


Attacks

Best practices

Firewall

Implementation

Integration

Threats

Troubleshooting

VPN



Learning Activities

E X P L O R E


Concepts

Firewall and VPN implementations require careful

planning, management, and extensive documentation.

This ensures successful deployment, resolve future

problems, detect and thwart attacks, and prepare for

disasters.

Refer to the Concepts section of IS3220.U9.PS1.ppt to


Identify and review best practices for

management of various types of firewalls.

Discuss the tools for managing and monitoring

firewalls: Although specific tools are mentioned,

there are always new tools being developed.

Discuss the reason for having the tools and the

purpose of managing and monitoring a firewall by

covering the following points:

▪ Buying vs. Building

▪ Common firewall hacks.

▪ Emphasize the critical aspects of

firewalking, packet inspection,

tunneling, and defenses against

tunneling.

Discussion

Presentation

IS3220.U9.PS1

Process

This section focuses on techniques for troubleshooting

common firewall problems. Refer to the Process section of


Basic troubleshooting tips

The importance of detailed and up-to-date

documentation

Discussion

Presentation

IS3220.U9.PS1



Roles

This is a graded discussion. At the end of the discussion,

ask students to summarize and submit their learning.

Ask students to review the content in the text sheet

provided and discuss firewall implementation planning.

Phases or sections of planning may include survey of use,

scope, address space, technologies in use, availability,

and support skill set. Emphasize thoroughness and

professionalism. Tell the students that plans become part

of the permanent documentation of the security

infrastructure.


Context

VPNs are purposeful holes in corporate security. They can

be very dangerous if the host is compromised. Refer to

the Context section of IS3220.U9.PS1.ppt to cover the

following points:

The general nature and source of VPN

attacks

VPN Security Measures

Also, discuss the importance of home and mobile users to

physically safeguard their VPN-enabled equipment and

keep the systems patched and updated.

Discussion

Presentation

IS3220.U9.PS1

Rationale

Discuss how firewalls and VPNs complement one another.

Some products are fully integrated while others are

stand-alone products that together provide better network

protection. Refer to the Rationale section of


The issues involved with deployment,

placement, and implementation of VPNs in

conjunction with firewalls

VPN implementation choices

VPN appliance

VPN hosts and trust

VPN/firewall security and performance

VPN protection

Discussion

Presentation

IS3220.U9.PS1





Graded

Assignment



firewall implementation planning.




Firewall Implementation

Planning



P R A C T I C E


Demo Lab



Hands-on

Lab

Refer to IS3220. Instructor’s Lab Manual for details. Independent

Study


Manual



Graded Assignment




2% IS3220.Instructor’s Lab Manual



A P P L Y


Challenge


scenario in Unit 8 Assignment 1. This time, Corporation

Techs wants to set up a new network in a remote office for

an engineering firm. The IT department wants to integrate

the new network set in the remote office with the one set

in the main office. The trigger for this assignment is that

students must create a network security plan for its remote

office.

Lecture

Contributing

Factors

Many factors go into any network plan. Initiate a

discussion on how the students would handle this

situation. An important part of this approach is firewall and

VPN integration, and providing defense in depth to protect

the internal network and assets. Students should carefully

consider the technologies involved and create a security

plan and a network configuration document that indicates

firewall and VPN selections.

Discuss the elements of this summary, which elements

are essential, and which elements could be optional. It is

imperative that the summary should have a professional

look and should be precise.

Discussion

Course of

Action

Once the discussions are over, hand out the assignment

to students and explain the delivery requirements to them.

Given the main challenge and different business

situations, ask the students to design and implement the

most appropriate course of action.

Lecture IS3220.U9.TS2





Graded Assignment

The students will use the scenario in the case study to

identify and finalize the method for creating a remote

office. Students should justify their selection and analyze

the case study from their perspective.




Remote Access Security Plan

and Documentation

Reminders



(End of Unit 9)



UNIT 10: Network Security Management

Learning Objective

Identify network security management best practices and strategies for responding when security

measures fail.

Key Concepts

Best practices for network security management and their value to the organization

Strategies for integrating network security strategies with firewall defenses and VPN remote

access

The value of incident response planning, testing, and practice

Reading

Stewart, Chapter 6. “Network Security Management”

Stewart, Chapter 15. “Perspectives, Resources, and the Future”

NIST SP 800-61: Computer Security Incident Handling Guide

(http://www.nist.gov/customcf/get_pdf.cfm?pub_id=51289)

Keywords


Authentication

Availability

Compliance

Confidentiality

Encryption

Governance

IDS

IPS

Integrity

NAT

Open source

Perimeter

Risk

VPN

Wireless connectivity



Learning Activities

E X P L O R E


Concepts

This section will reiterate best practices for managing

network security. Identify and review various best

practices for the management of network security across

the organization's networked environment. The Concepts

section is divided into two parts:

1. Begin by reviewing the overall strategies and then

moving to devices and connectivity. Highlight that

many of the strategies will also encompass

devices and connectivity concepts. Refer to the

Concepts slide 3-6 section of

IS3220.U10.PS1.ppt. to cover the following points:

▪ Strategies

▪ Devices

▪ Connectivity

2. Refer to the slides 7 and 8 section of

IS3220.U10.PS1.ppt. to cover the following points:

User training

Security awareness

Discussion

Presentation

IS3220.U10.PS

1

Process

In order to ensure that a network remains as secure as

possible over time, it is important to execute network

security assessments, security, and event monitoring on

an ongoing basis. Refer to the Process section of


The process of judging, testing, and evaluating

current state and the steps that can be used to

measure relative security

The execution of ongoing assessments as well as

before and after projects intended to improve

network security

Discussion

Presentation

IS3220.U10.PS

1



The importance of security information and event

monitoring, its functions, and its intended purpose

Roles

There are many choices available when selecting

network-monitoring tools for an environment. Refer to the

Roles section of IS3220.U10.PS1.ppt. to cover the

following points:

Nagios

SmokePing

Groundwork

Ganglia

Cacti

Ntop

Whatsup Gold

Iris

Describe these and other commonly available network

monitoring tools. Spend time examining their value to an

organization.

Discussion

Presentation

IS3220.U10.PS

1

Context

This section is divided in two parts:

1. In the first part, discuss the potential future state of

firewalls and VPNs as part of network security

strategies. Refer to the slide 15 in the Context section

of IS3220.U10.PS1.ppt. to cover the following points:

Threats

Firewall capabilities

Encryption

Authentication

Metrics

Industry focus

Cloud security

Mobile device security

2. Refer to slide 16of IS3220.U10.PS1.ppt to cover the

following points:

Describe the function presented by integration of

firewall and VPN strategies into network security

Discussion

Presentation

IS3220.U10.PS

1.



efforts including the following:

Enhanced threat management

Authentication

Encryption

Discuss at a high level examples of value add of

such as:

Confidentiality

Integrity

Availability

Rationale



their learning. To facilitate the discussion, provide the

students with a handout (IS3220.U10.TS1.doc). Form

groups of students and ask them to first review the

described scenario and then the incident response phases

in the handout. Each phase falls either before, during, or

after an incident occurrence.

Instruct the students to use the information presented in

the handout to determine how effectively the situation was

handled, and then additionally, determine how they would

have handled the incident response before, during, and

after its occurrence. During the discussion identify and

review various strategies for and impacts of incident

response, including planning, midincident, and

postincident roles and responsibilities.

Discussion IS3220.U10.TS

1



Graded Assignment


broken into smaller groups to facilitate discussion.




Incident Response Strategies



P R A C T I C E


Demo Lab



Hands-on

Lab


Study


Manual



Graded Assignment





Manual



A P P L Y


Challenge


scenario in Unit 9 Assignment 1. For details of the

scenario, please refer to the Assignment section. The

premise is that a firewall breach has occurred at

Corporation Techs. The IT security team responded to e-

mail alerts, isolated the incident, and took corrective

actions. The student, as part of the team, must create the

postincident executive summary report for management.

Lecture

Contributing

Factors

Advise the students to research typical executive

summary reports to determine the proper format and level

of detail.

Discuss with them all things to be considered to create a

good summary report. What should be the elements of

this report, which elements are essential, and which

elements could be optional? It is imperative that the report

should have a professional look and should be precise.

Executive management does not want to read copious

technical details

Discussion

Course of

Action

Once the discussions are over, handover the assignment

to students and explain the delivery requirements to them.

Given the main challenge and different business situations

ask students to design and implement the most

appropriate course of action.

Lecture





Graded Assignment

Students must write a clear and concise postincident

executive summary report to be presented to senior

management.



2% Unit 10. Assignment 1. Postincident

Executive Summary

Report

Reminders

Remind students about the Final Exam due next unit.

Remind students that the project is due for submission in the next unit.

Remind students that Unit 10 Assignment 1 is due before the start of next unit's class.

(End of Unit 10)



UNIT 11: Course Review and Final Examination

Part I: Course Review

In this unit, the important concepts covered in the course must be reviewed with the students. The

following is the suggested approach for facilitating this reflective activity:

Recap major instructional areas and critical concepts; emphasize the importance of applying

competencies developed in those areas in real workplace situations.

Explain how the concepts introduced in this course will be used in the future courses in the

program; reiterate conceptual, strategic, and methodological linkages between this course

and other courses in the program.

Invite students to reflect on their learning experience and lessons learned from both content

and process perspectives.

Encourage students to share their thoughts on how they plan to apply knowledge and skills

acquired in this course to advance their career and further studies.

Solicit student feedback on the course content, structure, and delivery; ask what could be

improved in the next version of the course.

Solicit questions and offer clarifications related to the upcoming final examination.

Thank students for their commitment and hard work.

Part II: Final Examination

Final Exam Answer Key

Question Number

Correct Answer

Course Objective

Tested

Reference in Course

Source Page (s)

1. d 1.1

Network Security, Firewalls, and VPNs

N/A

2. d 1.2 N/A

3. b 1.3Ch. 2, 69Ch. 4, 121

4. a 1.4 Ch. 2, 65, 69

5. a 1.5 N/A

6. c 2.1 Ch. 1, 6

7. b 2.2 Ch. 1, 9

8. d 2.3 Ch. 1, 12

9. a 2.5 Ch. 2, 44



Question Number

Correct Answer

Course Objective

Tested

Reference in Course

Source Page (s)

10. c 2.4 Ch. 1, 10

11 c 3.1 Ch. 4, 119

12 d 3.2 Ch. 4, 113

13 b 3.3 Ch. 4, 115

14 a 3.4 Ch. 4, 134

15 d 3.5Ch. 4, 129, 144, 145

16 b 4.1 Ch. 5, 152

17 b 4.2 N/A

18 d 4.3Ch. 1, 22Ch. 15

19 c 4.4 Ch. 1

20 c 4.5 Ch. 1

21 a 5.1 Ch. 2, 69

22 d 5.2Ch. 2, 69, 70, 73

23 c 5.3 Ch. 2, 70, 71

24 a 5.4 Ch. 2, 69

25 c 5.5 Ch. 2, 60, 69

26 c 6.1 Ch. 7, 213

27 a 6.2Ch. 7, 227, 228

28 b 6.3 Ch. 7, 234

29 b 6.5Ch. 7, 239, 240

30 d 6.8Ch. 4, 141Ch. 8, 261,262

31 d 7.1 Ch. 3, 85

32 d 7.2 Ch. 3, 81

33 c 7.3 Ch. 3, 94

34 a 7.4 Ch. 12, 2-4



Question Number

Correct Answer

Course Objective

Tested

Reference in Course

Source Page (s)

35 c 7.5Ch. 5, 151Ch. 6, 198

36 c 8.1 Ch. 5, 166

37 b 8.2 Ch. 5, 152

38 c 8.5Ch. 1, p. 21Ch. 5, 171,172

39 b 8.4 Ch. 5, 171

40 a 8.7Ch. 6, 169, 170

41 b 9.1Ch. 6, 229-230Ch. 9

42 d 9.2 Ch. 9

43 d 9.3Ch. 2Ch. 5

44 c 9.4 Ch. 9

45 a 9.7 Ch. 14

46 b 10.2Ch. 6, 196, 198

47 d 10.4 Ch. 6, 205

48 b 10.5 N/A

49 d 10.7 Ch. 6, 191

50 a 10.2Ch. 6, 182-189

Please refer to the Assessment document for detailed instructions for the written examination.

If this course has a lab component as part of the final examination, adequate lab time and space must be

scheduled to accommodate the lab exam.

(End of Unit Plans)


IS3220 Information Technology Infrastructure Security INSTRUCTOR SUPPORT TOOLS

Course Support Tools

The following table provides an index of all instructional materials used in this course to support the

instructor’s and student’s work. The file ID column references the documents included in the Course

Support Package that can be downloaded from the Curriculum Database:

http://myportal.itt-tech.edu/faculty/cdb/Pages/default.aspx.

Unit # Title Type Abbreviation File ID

1 Unit 1 Lecture Presentation PS IS3220.U1.PS1

1 Unit 1 Familiar Protocols Text Sheet TS IS3220.U1.TS1

1 Unit 1 Packet Capture Privacy Issues Text Sheet TS IS3220.U1.TS2


2Unit 2 Roles Involved in Network Security

Text Sheet TS IS3220.U2.TS1

2 Unit 2 Familiar Domains Text Sheet TS IS3220.U2.TS2

2Unit 2 Selecting Security Countermeasures

Text Sheet PS IS3220.U2.TS3


3 Unit 3 Attacker Motivations Text Sheet TS IS3220.U3.TS1

3Unit 3 Social Engineering Defense Issues



4Unit 4 Host-Based vs. Network-Based IDS/IPS


4Unit 4 Identify Unnecessary Services From a Saved Vulnerability Scan



5 Unit 5 Ingress and Egress Filtering Text Sheet TS IS3220.U5.TS1

5Unit 5 Select the Proper Type of Firewall



6 Unit 6 Firewall Security Strategies Text Sheet TS IS3220.U6.TS1


7Unit 7 VPN Policy Development and Best Practices


7Unit 7 Create a VPN Connectivity Troubleshooting Checklist



IS3220 Information Technology Infrastructure Security INSTRUCTOR SUPPORT TOOLS

Unit # Title Type Abbreviation File ID


8 Unit 8 System Hardening Text Sheet TS IS3220.U8.TS1

8Unit 8 Security Concerns for Local, Remote, and Mobile Hosts


8Unit 8 Security Concerns and Mitigation Strategies



9Unit 9 Firewall Implementation Planning



10Unit 10 Incident Response Strategies—Before, During, and After


Tool Codes Legend:

PS = Presentation Slides

TS = Text Sheet

IS = Illustration Sheet

WS = Worksheet


IS3220 Information Technology Infrastructure Security GRADED ASSIGNMENTS

Assessment Tools

This section contains guidelines and assessment criteria that must be applied when evaluating graded

deliverables submitted by students.

UNIT 1 ASSESSMENTS

Unit 1 Discussion 1: Familiar Protocols

Use the following rubric to evaluate students’ contribution to the discussion process and associated

deliverables:

Assessment Criteria

Performance Levels

5TARGET

Fully met requirements in all

3 categories

4ACCEPTABLE

Partially met requirements in all

3 categories

3MINIMAL

Partially met requirements in1-2 categories

2UNACCEPTABLE

Completed assignment,

but did not meet requirements

1NO

SUBMISSION

% of Assignment Grade: 100% 75% 50% 25% 0%

Category: CONTENT

Students explained the roles of at least three of the protocols.

Students offered details, such as the layers associated with specific protocols.

Category: METHOD

Students engaged in discussion of the assigned topic(s) with at least two of their peers.

Students supported their arguments with data and factual information.

Students provided relevant citations and references to support their position on the issue discussed.



Assessment Criteria

Performance Levels

5TARGET


3 categories

4ACCEPTABLE


3 categories

3MINIMAL


2UNACCEPTABLE



1NO

SUBMISSION


Students compared and contrasted their position with the perspectives offered by their peers and highlighted critical similarities and differences.

Students offered a substantive, critical evaluation of the peer’s perspective on the discussed issue(s) that were opposite of their own, and supported their critical review with data and factual information.

Students raised questions and solicited peer and instructor input on the topic(s) discussed.

Students articulated their positions clearly and logically.

Students solicited peer and instructor feedback on their arguments and propositions.

Category: REFLECTION

Students covered topical requirements assigned for this deliverable.

Students captured critical points of the discussion.

Students summarized different perspectives offered by the discussants.



Assessment Criteria

Performance Levels

5TARGET


3 categories

4ACCEPTABLE


3 categories

3MINIMAL


2UNACCEPTABLE



1NO

SUBMISSION


Students summarized 2-3 major learning moments they experienced during the discussion.

Students briefly discussed how their perspectives changed or got validated through this discussion.

Students provided feedback on how the discussion could be improved.

Students followed the submission requirements.

Unit 1 Assignment 1: Clear-Text Data in Packet Trace

Use the following rubric to evaluate the assignment:

Assessment Criteria

Performance Levels

5TARGET

Met all criteria

4ACCEPTABLE

Met selected criteria

3MINIMAL

Met one criterion

2UNACCEPTABLE

Submitted assignment, but did

not meet the criteria

1NO

SUBMISSION


Students found the clear-text password.

Students identified at least ten main tools.



UNIT 2 ASSESSMENTS

Unit 2 Discussion 1: Familiar Domains


deliverables:

Assessment Criteria

Performance Levels

5TARGET


3 categories

4ACCEPTABLE


3 categories

3MINIMAL


2UNACCEPTABLE



1NO

SUBMISSION


Category: CONTENT

Students selected at least three domains and associated countermeasures.

Students offered details, such as what function the countermeasure serves.

Category: METHOD




