Course detail

CISCO Academy - Network Security

FEKT-XPC-CASAcad. year: 2019/2020

The course which is part of the updated and official Cisco CCNA Curriculum (CCNA Security), addresses practically the security issues of network devices and network communications. Included topics are: Network security principles, creating a secure network, AAA configuration, use of Radius and TACACS + authentication. Securing of routers. Creating a secure infrastructure using L2 elements, 802.1x technology. Security of end devices. Using Cisco IOS Firewall and Cisco IOS IPS. Cryptography for VPN networks, creating IPSec VPN networks. Cisco ASA firewalls.

Language of instruction

Czech

Number of ECTS credits

3

Mode of study

Not applicable.

Learning outcomes of the course unit

The graduate is able to:
- list the various network threats and attacks and provide their basic characteristics,
- compare two basic AAA protocols,
- select and configure an appropriate security strategy for the network,
- Prepare configuration of secure routing, switching,
- Configure the IPsec VPN network including a description of the required cryptographic protocols,
- operate the Cisco ASA firewall and use it to secure the network.
Course covers the same skills that are validated in the CCNA Security certification exam 210-260.

Prerequisites

Student, which is going to attend this course, should be able to:
- use several numeral systems and conversions between them,
- explain and use elementary units common in area of information and communication technologies (ICT), e.g. data size, transmission speed,
- use elementary terms from ICT area, e.g. operating system, memory, process,
- describe architecture of basic network models, i.e. TCP/IP and ISO/OSI,
- describe basic application protocols for user data transfer from TCP/IP suite,
- configure devices and protocols used on local-area level on Cisco CCNA knowledge level.
One of the three following conditions is required: Completed XCA2 course at FEEC BUT, or valid CCNA 200-125 certification or newer, or successfully finished CCNA4 (CCNA Routing and Switching: Connecting Networks 6.0) or newer, even at another Cisco Academy.

Co-requisites

Not applicable.

Planned learning activities and teaching methods

Teaching methods include practical laboratories. Course is taking advantage of e-learning (Moodle) system.

Assesment methods and criteria linked to learning outcomes

Up to 11 points from partial tests.
Up to 19 points from final theoretical test.
Up to 70 points from final practical exam.
The exam from the course will take place in person and/or remotely.

Course curriculum

1. Principles of network security, network threats and attacks. Design of secure network.
2. Securing of administrative access to router.
3. Configuration of Authentication, Authorization and Accounting (AAA) on Cisco devices. Authentication with RADIUS and TACACS+ services.
4. Use of Cisco IOS Firewall technologies - packet filters, control of application protocols, advanced filtering with ACLs, zone-based firewall.
5. Intrusion Prevention System (IPS) on routers.
6. Securing of L2 devices (switches).
7. Cryptography for VPN network - symmetric and asymmetric ciphers.
8. Configuration of IPsec VPN networks.
9. Basics of configuration of Cisco ASA firewalls based on CLI.
10. Basics of configuration of Cisco ASA firewalls based on ASDM.
11. Comprehensive configuration of network with Cisco ASA firewall, case study 1.
12. Comprehensive configuration of network with Cisco ASA firewall, case study 2.
13. Final theoretical exam, final practical exam.

Work placements

Not applicable.

Aims

The aim of the course is to provide students with a comprehensive orientation in the field of security of network active devices. In addition to the theoretical concepts, they will be familiar with Authentication, Authorization and Accounting (AAA) technology, ways of setting security on routers and also second layer devices. They will learn how to configure Virtual Private Network (VPN) networks and use Intrusion Prevention Systems (IPS) that can be used as an extension of Cisco Operating Systems (IOS). Students will also be introduced to the Cisco Adaptive Security Appliance (ASA) firewalls.

Specification of controlled education, way of implementation and compensation for absences

Attendance on laboratories is compulsory, properly excused laboratories can be filled after talking to the lecturer.

Recommended optional programme components

Not applicable.

Prerequisites and corequisites

Not applicable.

Basic literature

Not applicable.

Recommended reading

Not applicable.

Classification of course in study plans

  • Programme MPC-AUD Master's

    specialization AUDM-TECH , 0 year of study, summer semester, elective
    specialization AUDM-ZVUK , 0 year of study, summer semester, elective

  • Programme BPC-TLI Bachelor's 0 year of study, summer semester, elective
  • Programme BPC-SEE Bachelor's 0 year of study, summer semester, elective
  • Programme BPC-MET Bachelor's 0 year of study, summer semester, elective
  • Programme BPC-IBE Bachelor's 0 year of study, summer semester, elective
  • Programme BPC-ECT Bachelor's 0 year of study, summer semester, elective

  • Programme BPC-AUD Bachelor's

    specialization AUDB-ZVUK , 0 year of study, summer semester, elective
    specialization AUDB-TECH , 0 year of study, summer semester, elective

  • Programme BPC-AMT Bachelor's 0 year of study, summer semester, elective
  • Programme BKC-TLI Bachelor's 0 year of study, summer semester, elective
  • Programme BKC-SEE Bachelor's 0 year of study, summer semester, elective
  • Programme BKC-MET Bachelor's 0 year of study, summer semester, elective
  • Programme BKC-EKT Bachelor's 0 year of study, summer semester, elective

Type of course unit

 

Laboratory exercise

52 hod., compulsory

Teacher / Lecturer