VPN & SECURITY TECHNOLOGIES

SHE Level 5
SCQF Credit Points 15.00
ECTS Credit Points 7.50
Module Code MMI125237
Module Leader Maria Filippopoulou
School School of Computing, Engineering and Built Environment
Subject Cyber Security and Networks
Trimester
  • B (January start)

Pre-Requisite Knowledge

Programme entry requirements

Summary of Content

This module aims to provide students with the theoretical knowledge and practical skills needed to determine appropriate design choices for virtual private network and security solutions, implement them and verify their operation.

Syllabus

Tunneling Implement and troubleshoot MPLS operations (Label stack, LSR, LSP, LDP,MPLS ping, MPLS traceroute). Implement and troubleshoot basic MPLS L3VPN (L3VPN, CE, PE, P, Extranet (route leaking)). Implement and troubleshoot encapsulation (GRE, Dynamic GRE). Implement and troubleshoot DMVPN single hub (NHRP, DMVPN with IPsec using pre-shared key, QoS profile, Pre-classify). Encryption Implement and troubleshoot IPsec with pre-shared key (IPv4 site to IPv4 site, Virtual tunneling interface (VTI)). Troubleshooting VPN technologies Use IOS troubleshooting tools (debug, conditional debug, ping, traceroute with extended options, Embedded packet capture). Apply troubleshooting methodologies Diagnose the root cause of networking issue (analyze symptoms, identify and describe root cause) Design and implement valid solutions according to constraints Verify and monitor resolution Interpret packet capture (Using wireshark trace analyzer,Using IOS embedded packet capture). Device security Implement and troubleshoot IOS AAA using local database Implement and troubleshoot device access control (Lines (VTY, AUX, console), Management plane protection, Password encryption, Implement and troubleshoot control plane policing). Network security Implement and troubleshoot switch security features (VACL, PACL, Stormcontrol, DHCP snooping, IP source-guard, Dynamic ARP inspection, Port-security, Private VLAN). Implement and troubleshoot router security features (IPv4 access control lists (standard, extended, time-based), IPv6 traffic filter, Unicast reverse path forwarding). Implement and troubleshoot IPv6 first hop security (RA guard, DHCP guard, Binding table, Device tracking, ND inspection/snooping, Source guard, PACL).

Learning Outcomes

On successful completion of this module a student should be able to:1. Evaluate the workings of VPN technologies at an advanced level2. Design and defend complex VPN solutions (MPLS, DMVPN)3. Design and defend complex VPN based security solutions (IPSec)4. Evaluate the relationship between VPN technologies and layer 3 unicast routing protocols and resolve issues caused by their interaction (MPLS LDP, MPBGP)5. Appraise the main types of technologies available to secure network infrastructure and critically analyze their effectiveness in mitigating a range of security threats6. Integrate VPN and network security technologies to fulfill the requirements of a security policy7. Evaluate different VPN design cases and defend design choices8. Appraise a problem situation apply the techniques and tools presented to implement router and switch configurations9. Validate the correct operation of VPN and security technologies10. Support and fix complex VPN and security issues using common commands and diagnostic tools

Teaching / Learning Strategy

This module is intended to be taken by students who may not be present in a full-time capacity such as distance and work-based learners. The module will be delivered using a flipped classroom approach where students independently access learning resources using online methods with a weekly seminar session which may be held using online Collaboration tools (in the case of distance learners) or in the university (in the case of work based learners). In both Work Based and Distance Education the aim is to maximise the direct and digitally mediated contact time with students by practicing teaching and learning strategies that use authentic work based scenarios and encourage action learning, enquiry based learning, problem based learning and peer learning. All these approaches aim to directly involve the students in the process of learning and to encourage sharing of learning between students. The module team will determine the level and accuracy of knowledge acquisition at key points in the delivery, inputting when necessary either directly or with the support of external experts who will add to the authenticity, the credibility and application of the education and learning in the workplace. The course material is introduced through lectures in the form of online presentations, which will cover the principles of the subject, will illustrate the relevance of it to the real-world and introduce a range of professional processes and practices. Students will engage with practical assignments and online tutorial material which may include instruction and peer-created content, and there will be seminars on campus which will allow students to discuss key concepts and issues with peers and with instructors. Students will be expected to undertake a significant level of independent study within the workplace for the work based learners, including practical activities, and links will be provided to appropriate external material such as podcasts, MOOCs, videos and literature to supplement the module content. Students will be encouraged to reflect upon the theoretical learning (for example, within the workplace) and the application of newly learned concepts to the work environment, and this will form part of the module assessment. Students will receive feedback on their performance through the module through undertaking the practical assignments and tutorial exercises and participating in the seminars.

Indicative Reading

Fall, K. R. Stevens, W.R (2011), TCP/IP Illustrated, Volume 1, 2nd edition,Addison Wesley. Comer, D.E. (2013), Internetworking with TCP/IP, 6th edition, Pearson. Minei, I. Lucek, J. MPLS-Enabled Applications: Emerging Developments and New Technologies (Wiley Series on Communications Networking & Distributed Systems), 3rd edition, Wiley. De Ghein, L. (2006) MPLS Fundamentals: A Comprehensive Introduction to MPLS Theory and Practice. Cisco Press. Pepelnjak,I. Guichard, J. (2012), MPLS and VPN Architectures, Cisco Press. Davis, C.R. (2001), IPSec Securing VPNs, McGraw-Hill.

Transferrable Skills

Traditional Academic Skills - specialist knowledge, ability to apply knowledge, logical thinking, critical analysis, problem-solving, written and spoken communication, ability to use numerical data, and research skills Personal Development Skills - self-confidence, self-discipline, self-reliance, awareness of strengths and weaknesses, creativity, independence, knowledge of international affairs, desire to go on learning, ability to reflect, reliability, integrity, honesty and regard for others Enterprise Or Business Skills - ability to prioritise tasks, time management, interpersonal skills, presentational skills, ability to work in teams and leadership.

Module Structure

Activity Total Hours
Seminars (FT) 24.00
Independent Learning (FT) 111.00
Assessment (FT) 15.00

Assessment Methods

Component Duration Weighting Threshold Description
Coursework 1 n/a 40.00 45% Written Report (2000 words)
Exam (School) 1.00 20.00 45% Diagnostic test
Exam (School) 2.00 40.00 45% Lab based test