SECURITY AND VPN TECHNOLOGIES

SHE Level 5
SCQF Credit Points 15.00
ECTS Credit Points 7.50
Module Code MMI125771
Module Leader Maria Filippopoulou
School School of Computing, Engineering and Built Environment
Subject Cyber Security and Networks
Trimester
  • B (January start)

Summary of Content

This module aims to provide students with the theoretical knowledge and practical skills needed to determine appropriate design choices for virtual private network solutions, implement them and verify their operation. This module covers both tunnelling technologies designed to enhance connectivity e.g. MPLS, GRE, 6to4 and security (IPSec). Methods of securing infrastructure devices and data networks are also examined.

Syllabus

Tunneling Implement and troubleshoot MPLS operations (Label stack, LSR, LSP, LDP,MPLS ping, MPLS traceroute). Implement and troubleshoot basic MPLS L3VPN (L3VPN, CE, PE, P, Extranet (route leaking) ). Implement and troubleshoot encapsulation (GRE, Dynamic GRE). Implement and troubleshoot DMVPN single hub (NHRP, DMVPN with IPsec using pre-shared key, QoS profile, Pre-classify). Encryption Implement and troubleshoot IPsec with pre-shared key (IPv4 site to IPv4 site, Virtual tunneling interface (VTI)). Troubleshooting VPN technologies Use IOS troubleshooting tools (debug, conditional debug, ping, traceroute with extended options, Embedded packet capture). Apply troubleshooting methodologies Diagnose the root cause of networking issue (analyze symptoms, identify and describe root cause) Design and implement valid solutions according to constraints Verify and monitor resolution Interpret packet capture (Using wireshark trace analyzer,Using IOS embedded packet capture). Device security Implement and troubleshoot IOS AAA using local database Implement and troubleshoot device access control (Lines (VTY, AUX, console), SNMP, Management plane protection, Password encryption, Implement and troubleshoot control plane policing). Network security Implement and troubleshoot switch security features (VACL, PACL, Stormcontrol, DHCP snooping, IP source-guard, Dynamic ARP inspection, Port-security, Private VLAN). Implement and troubleshoot router security features (IPv4 access control lists (standard, extended, time-based), IPv6 traffic filter, Unicast reverse path forwarding). Implement and troubleshoot IPv6 first hop security (RA guard, DHCP guard, Binding table, Device tracking, ND inspection/snooping, Source guard, PACL).

Learning Outcomes

On completion of this module, students should be able to:- evaluate the workings of VPN technologies at an advanced level.- design and defend complex VPN solutions (MPLS, DMVPN).- design and defend complex VPN based security solutions (IPSec).- evaluate the relationship between VPN technologies and layer 3 unicast routing protocols and resolve issues caused by their interaction (MPLS LDP, MPBGP).- Appraise the main types of technologies available to secure network infrastructure and critically analyze their effectiveness in mitigating a range of security threats.- Integrate VPN and network security technologies to fulfill the requirements of a security policy.- evaluate different VPN design cases and defend design choices.- appraise a problem situation apply the techniques and tools presented to implement router and switch configurations.- validate the correct operation of VPN and security technologies.- support and fix complex VPN and security issues using common commands and diagnostic tools.

Teaching / Learning Strategy

The course will be presented as a programme of lectures supported by tutorials and associated practical work. Students are directed to read appropriate texts and articles to consolidate their knowledge of the topics covered.

Indicative Reading

Fall, K. R. Stevens, W.R (2011), TCP/IP Illustrated, Volume 1, 2nd edition,Addison Wesley. Comer, D.E. (2013), Internetworking with TCP/IP, 6th edition, Pearson. Minei, I. Lucek, J. MPLS-Enabled Applications: Emerging Developments and New Technologies (Wiley Series on Communications Networking & Distributed Systems), 3rd edition, Wiley. De Ghein,L. (2006) MPLS Fundamentals: A Comprehensive Introduction to MPLS Theory and Practice. Cisco Press. Pepelnjak,I. Guichard, J. (2012), MPLS and VPN Architectures, Cisco Press. Davis, C.R. (2001), IPSec Securing VPNs, McGraw-Hill.

Transferrable Skills

-360b7 Time management: organising, prioritising and planning work b7 Independent working and self reliance b7 Reviewing and evaluating own learning, strengths and weaknesses b7 Presentational skills b7 Commercial Awareness -360b7 Team working and Interpersonal Skills

Module Structure

Activity Total Hours
Independent Learning (FT) 2.00
Tutorials (FT) 6.00
Practicals (FT) 96.00
Lectures (FT) 39.00
Assessment (FT) 7.00

Assessment Methods

Component Duration Weighting Threshold Description
TS1 2.00 50.00 45% Practical Case Study (Lab test)
CW1 2.00 50.00 45% Class Test (Digital assessment)