Course detail

CISCO Academy - Network Security

FEKT-XPC-CASAcad. year: 2023/2024

The course which is part of the updated and official Cisco Curriculum (Network Security), addresses practically the security issues of network devices and network communications. Included topics are: Network security principles, creating a secure network, AAA configuration, use of Radius and TACACS + authentication. Securing of routers. Creating a secure infrastructure using L2 elements, 802.1x technology. Security of end devices. Using Cisco IOS Firewall and Cisco IOS IPS. Cryptography for VPN networks, creating IPSec VPN networks. Cisco ASA firewalls. 

Language of instruction

Czech

Number of ECTS credits

3

Mode of study

Not applicable.

Entry knowledge

Student, which is going to attend this course, should be able to:
- use several numeral systems and conversions between them,
- explain and use elementary units common in area of information and communication technologies (ICT), e.g. data size, transmission speed,
- use elementary terms from ICT area, e.g. operating system, memory, process,
- describe architecture of basic network models, i.e. TCP/IP and ISO/OSI,
- describe basic application protocols for user data transfer from TCP/IP suite,
- configure devices and protocols used on local-area level on Cisco CCNA knowledge level.
One of the three following conditions is required: Completed XCA3 course at FEEC BUT, or valid CCNA certification (up-to-date version), or successfully finished CCNA3 even at another Cisco Academy. 

Rules for evaluation and completion of the course

Up to 16 points for chapter tests, without any minimum required score in these tests
Up to 24 points for final theoretical test, when student is required to obtain 70% score or higher in this test.
Up to 60 points for final practical exam,student is required to obtain 70% score or higher in this exam.
In total, 75% score is minimum to pass the course. It represents 50 points at BUT, while 100% represents 100 points at BUT.


Attendance on laboratories is compulsory, properly excused laboratories can be filled after talking to the lecturer.

Aims

The aim of the course is to provide students with a comprehensive orientation in the field of security of network active devices. In addition to the theoretical concepts, they will be familiar with Authentication, Authorization and Accounting (AAA) technology, ways of setting security on routers and also second layer devices. They will learn how to configure Virtual Private Network (VPN) networks and the Cisco Adaptive Security Appliance (ASA) firewalls.
The graduate is able to:
- list the various network threats and attacks and provide their basic characteristics,
- compare two basic AAA protocols,
- select and configure an appropriate security strategy for the network,
- Prepare configuration of secure routing, switching,
- Configure the IPsec VPN network including a description of the required cryptographic protocols,
- operate the Cisco ASA firewall and use it to secure the network.

Study aids

Not applicable.

Prerequisites and corequisites

Not applicable.

Basic literature

Lecture slides and lab manuals (freely available for students of course) (EN)

Recommended reading

Not applicable.

Elearning

Classification of course in study plans

  • Programme MPC-TIT Master's 0 year of study, summer semester, elective
  • Programme MPC-SVE Master's 0 year of study, summer semester, elective
  • Programme MPC-MEL Master's 0 year of study, summer semester, elective
  • Programme MPC-KAM Master's 0 year of study, summer semester, elective
  • Programme MPC-IBE Master's 0 year of study, summer semester, elective
  • Programme MPC-EVM Master's 0 year of study, summer semester, elective
  • Programme MPC-EKT Master's 0 year of study, summer semester, elective
  • Programme MPC-EEN Master's 0 year of study, summer semester, elective
  • Programme MPC-EAK Master's 0 year of study, summer semester, elective
  • Programme MPC-BIO Master's 0 year of study, summer semester, elective

  • Programme MPC-AUD Master's

    specialization AUDM-TECH , 0 year of study, summer semester, elective
    specialization AUDM-ZVUK , 0 year of study, summer semester, elective

  • Programme MPC-TIT Master's 0 year of study, summer semester, elective
  • Programme MPC-EVM Master's 0 year of study, summer semester, elective
  • Programme MPC-EKT Master's 0 year of study, summer semester, elective
  • Programme MKC-EEN Master's 0 year of study, summer semester, elective
  • Programme BPC-TLI Bachelor's 0 year of study, summer semester, elective
  • Programme BPC-SEE Bachelor's 0 year of study, summer semester, elective
  • Programme BPC-MET Bachelor's 0 year of study, summer semester, elective
  • Programme BPC-IBE Bachelor's 0 year of study, summer semester, elective
  • Programme BPC-ECT Bachelor's 0 year of study, summer semester, elective

  • Programme BPC-AUD Bachelor's

    specialization AUDB-TECH , 0 year of study, summer semester, elective
    specialization AUDB-ZVUK , 0 year of study, summer semester, elective

  • Programme BKC-TLI Bachelor's 0 year of study, summer semester, elective
  • Programme BKC-SEE Bachelor's 0 year of study, summer semester, elective
  • Programme BKC-MET Bachelor's 0 year of study, summer semester, elective
  • Programme BKC-EKT Bachelor's 0 year of study, summer semester, elective

  • Programme EEEI-H Bachelor's

    branch H-AEI , 0 year of study, summer semester, elective

  • Programme BPC-AMT Bachelor's 0 year of study, summer semester, elective

Type of course unit

 

Laboratory exercise

52 hod., compulsory

Teacher / Lecturer

Syllabus

1. Securing Networks (Introduction, Threats, Secure Device Access)
2. Assigning Administrative Roles
3. Device Monitoring and Management
4. Authentication, Authorization, and Accounting (AAA)
5. Access Control Lists
6. Firewall Technologies
7. Zone-Based Policy Firewalls, IPS Technologies, IPS Operation and Implementation
8. Endpoint Security, Layer 2 Security Considerations
9. Cryptographic Services, Basic Integrity and Authenticity
10. Public Key Cryptography
11. VPNs, Implement Site-to-Site IPsec VPNs
12. Introduction to the ASA, ASA Firewall Configuration
13. Network Security Testing

Elearning