cs492 Syllabus 20122013.pdf

65 downloads 3799 Views 80KB Size Report
Understand and analyze network traffic and protocols. 6. Understand network- troubleshooting concepts. 7. ... o TCP/IP Network analysis and Troubleshooting.
1

Yarmouk University Faculty of Information Technology & Computer Sciences Department of Computer sciences

CS 492: SPECIAL TOPICS Course Credits: 3 Cr. Hrs.

Pre-requisite(s): Pre req.: CS376

2nd Semester: ==================================================================

Course Description: This course is designed to cater all student knowledge needs, from elementary networking concepts, to intermediate network monitoring and security techniques.

Course Objectives: At the end of the course, the students will be able to: 1. Understand Network Devices functions and configurations hub, switch, tap and routers) 2. Understand Network Security Devices (IDS, Firewall..etc) 3. Understand and analyze network services. 4. Understand and analyze application performance 5. Understand and analyze network traffic and protocols 6. Understand network-troubleshooting concepts. 7. Understand network security concepts. 8. Understand network intrusions and how to identify them such as a. Computer Viruses b. Network worms c. Botnets

Learning Outcomes: After completing this course the student must demonstrate the knowledge gained as follows: Within Network Monitoring 1. Independently understand the concept of Packet capturing and how it works. 2. Independently understand the Packet/traffic analysis concepts and protocol format. 3. Independently install and configure network devices for network monitoring tasks. 4. Independently perform network monitoring at any small, medium or enterprise network

2 Within Network Security, 1. Independently analyze and understand how Network Security Devices (Firewalls, IDS/IPS, NAT, Proxies.) works 2. Building an Internet Security models from the packet flow aspect (ie spoofing ). 3. Independently discover and identify abnormalities within the network caused by worms, viruses, Bots and Network related security treats. 4. Independently carry out network security tasks at any small, medium or enterprise network

Teaching Methods: A combination of the following teaching activities will be used in order to demonstrate the concepts of the course and to achieve the expected learning outcomes. • Lectures covering the theoretical part using PowerPoint presentations • Case studies and examples on the board • Real world examples demonstration to tie the concept taught in the class to what is exactly happening inside the network.

Evaluation Plan: Students will be evaluated in this course using a combination of assessment methods, including: • First Exam (20%) • Second Exam (20%) • Assignment (10%) • Final Exam (50%). Assignment: EACH 3 STUDENTS make up a group. The topics will be provided to the students during the course. The assignments will require programming, hardware configuration, software configuration, and documentation.

Teaching Resources: Main Textbook

This course does not have a specific textbook. However, Internet reading should be suffices.  PRACTICAL PACKET ANALYSIS, 2ND EDITION, Chris Sanders, ISBN-10: 159327-266-9 ISBN-13: 978-1-59327-266-1, Published by William Pollock

Electronic material placed at Yarmouk University site for this course: Syllabus, PowerPoint slides, exercises, assignments, case studies, announcements, exam samples, and discussions.

3

Course Plan: PRELIMINARIES TO NETWORK MONITORING o o o o

IP Packet Format and encapsulation TCP/UDP Packet format and header snapshots ICMP Format and operation Network Devices  Hub  Switches  Routers  TAP

Week 1

NETWORK MONITORING AND THEIR TECHNIQUES o Network Devices placement and Configuration o Tapping into the wire  Promiscuous mode  Sniffing Around Hubs  Sniffing in a Switched Environment  Port Mirroring / Spanning  Hubbing Out  Using a Tap  Sniffing in a Routed Environment o Passive Network Monitoring o Active Network Monitoring o TCP/IP Network analysis and Troubleshooting o Using Filters  Capture Filters  Display Filters  Saving Filters o Real-World Problems  No Internet Access: Configuration Problems  No Internet Access: Unwanted Redirection  No Internet Access: Upstream Problems  Inconsistent Printer

Week 2-5

NETWORK SECURITY o Network Devices  NAT  Firewalls  Proxy o IP Spoofing and sniffing o Network discovery and scanning techniques

Week 6-9

4 o Network Inspection  IP scan  Port Scan  SYN Scan  Active and passive O.S. Fingerprinting o DoS, DDoS, and Packet Tracing NETWORK THREATS o Network threats and protection  Egg dropping  Malware, And Spam  Phishing attacks  Remote-Access Trojan  Identifying Network Worms and Viruses  Botnets and Cyber Security o Web security  HTTP and HTTPS  PHP Vulnerability o Network Intrusion Detection Systems  IDS/IPS  SNORT as an example  Alert Building using SNORT

Week 10 -14

Integrity Policies. PLEASE DO YOUR OWN WORK! You get no return for your time and money spent at the University by cheating. As such, cheating and plagiarism will not be tolerated, will be reported to the proper University officials, and will be followed up on.