Center for Curriculum and Transfer Articulation
Essentials of Network and Information Security
Course: CIS270

First Term: 2003 Summer I
Lec + Lab   3.0 Credit(s)   4.0 Period(s)   3.7 Load  
Course Type: Occupational
Load Formula: S


Description: Threats to security of information systems; responsibilities and basic tools for information security, including communication security, infrastructure security, organizational security and basic cryptography. Introduction to the language of network security and hardware, software and firmware components of an information security system for local, metropolitan, enterprise, and wide area networks. Helps prepare participants for the Comptia Security+ exam and the GIAC Security Essentials Certificate (GSEC)



MCCCD Official Course Competencies
1. Explain how to configure and secure access to servers, workstations and other devices in networks. (I, II, III)
2. Explain the role of network devices such as routers, hubs, and switches. (II, III)
3. Explain the purpose and goals for network security policies. (IV)
4. Explain the uses protocol suites. (III)
5. Describe the importance of solid network operational and organizational procedures. ( IV)
6. Describe the fundamentals of network infrastructure security. (V)
7. Explain the fundamentals of encryption and cryptography. (VI)
8. Describe security threat trends, including common network vulnerabilities and attacks, and their ramifications. (VII)
9. Describe strategies for configuring secure remote network access. (VIII)
10. Describe the use of defensive network security techniques, utilities, and monitors. (IX)
 
MCCCD Official Course Outline
I. Server and Workstation Configuration
   A. Access control
   B. Authentication methods
   C. Guarding against attacks
   D. Auditing-logging, system scanning
   E. Non-essential services and protocols: disabling unnecessary systems/programs/processes
II. Network Hardware
   A. Topologies
   B. Media
   C. Routers
   D. Securing network devices
   E. Wireless access points
   F. Switches
III. Protocols and Suites
   A. OSI (Open Systems Interconnection)
   B. TCP/IP (Transmission Control Protocol/Internet Protocol)
   C. Specifications
   D. IEEE (Institute of Electrical and Electronic Engineers) 802 workgroup transmission standards
IV. Operational/Organizational Network Security
   A. Access control
   B. Backups and disaster recovery
   C. Business continuity
   D. Policy and procedures
   E. Privilege management
   F. Forensics
   G. Risk identification
   H. Education and training for users and managers
   I. Containment
   J. Documentation
V. Infrastructure Security
   A. Application hardening
   B. OS/NOS (Operating Systems/Network Operating Systems) hardening
   C. TCP wrappers
   D. VPNs (Virtual Private Network)
VI. Basics of Cryptography
   A. Algorithms
   B. PKI (Public Key Infrastructure)
   C. Key management and certificate lifecycle
   D. Standards and protocols
   E. Concept of cryptography
VII. Network Vulnerabilities and Attacks
   A. Malicious code
   B. DOS (Denial of Service)
   C. Man in the middle
   D. Spoofing
   E. Password guessing
   F. Buffer overflow
   G. TCP/IP hijacking
   H. Back door
   I. Social engineering
   J. Network sniffing
   K. Trojan horses
   L. Logic bombs
   M. Worms
VIII. Configuring and Securing Remote Network Access
   A. FTP (File Transfer Protocol)
   B. WWW (World Wide Web)
   C. RAS (Remote Access Services)
   D. E-mail
   E. Wireless
   F. VPN (Virtual Private Networking)
   G. SSL (Secure Socket Layer)
IX. Using Defensive Tools and Techniques
   A. Vulnerability scanners
   B. Password crackers
   C. Network sniffers
   D. Honeypots
   E. Firewalls
   F. Security audits
 
MCCCD Governing Board Approval Date: 4/22/2003

All information published is subject to change without notice. Every effort has been made to ensure the accuracy of information presented, but based on the dynamic nature of the curricular process, course and program information is subject to change in order to reflect the most current information available.