High-level Programming of Computer Network Security Systems

Major: Administration of Cybersecurity Systems
Code of subject: 7.125.04.E.025
Credits: 4.00
Department: Information Security
Lecturer: Ph.D., Associate Professor Tishik I.Ya.
Semester: 2 семестр
Mode of study: денна
Мета вивчення дисципліни: The purpose of studying the academic discipline is for students to acquire practical skills regarding the correct design, installation, selection of configuration, management and operation of software and hardware intended for the protection of local networks, in particular, the design of protection systems based on CISCO software in networks that use the IP protocol.
Завдання: The study of an educational discipline involves the formation of competencies in students of education: general competence: KZ 3. Ability to abstract thinking, analysis and synthesis Іntegral competence: INT. A person's ability to solve tasks of a research and/or innovative nature in the field of information security and/or cyber security. Рrofessional competences: KF1. The ability to reasonably apply, integrate, develop and improve modern information technologies, physical and mathematical models, as well as technologies for creating and using applied and specialized software for solving professional tasks in the field of information security and/or cyber security KF8. The ability to research, develop, implement and support methods and means of cryptographic and technical protection of information at objects of information activity and critical infrastructure, in information systems, as well as the ability to evaluate the effectiveness of their use, according to the established strategy and policy of information security and/or cyber security of the organization . KF10. The ability to conduct scientific and pedagogical activities, plan training, monitor and support work with personnel, as well as make effective decisions on information security and/or cyber security
Learning outcomes: Knowledge of the specifics of implementing a security system for a given computer network. Knowledge of key mechanisms for designing a computer network security system. Knowledge of rules and basic system commands for security management. Skills of existing modern methods and means of protection. Ability to design network security systems for a given network and to assist in appropriate computer simulations. Ability to manage communications and processes and implement access control. Ability to practice knowledge
Required prior and related subjects: Computer networks Security of computer network infrastructure Security of network operating systems Event logging systems in computer systems Risk theory Cryptographic systems and protocols, part 2
Summary of the subject: Наведені загрози порушення захисту мережевої інфраструктури, зазначені основні причини виникнення комп’ютерних мереж, характеризують основні типи порушників, описують категорії загроз безпеки мережі та можливі варіанти нівелювання таких заражень. Здійснено огляд засобів мережевого захисту, представлені параметри налаштування маршрутизаторів для захисту внутрішньої мережі середовища (наприклад, мережа кампусу). Здійснено огляд компонентів системи захисту периметра мережі. Демонструється приклад налаштування маршрутизатора CISCO для захисту периметра заданої мережі. Розглядаються основні засоби мережевого захисту, які підтримують операційні системи та використовують як інструменти мережевого захисту.
Опис: Introduction. Network infrastructure protection. Protection of physical devices. Cisco Switch Software Protection: Describe and Configure Secure Ports. Software protection of the administrative interface of network devices based on Cisco IOS. Cisco IOS-based router communication organization and software security. Implement remote access to Cisco routers using indirect authentication. Software configuration of the mechanism of translation of network addresses and ports on the basis of IOS of a router. CISCO network perimeter security systems: capabilities of routers and firewalls. Design of computer network perimeter security systems based on the CISCO IOS router. Design of corporate network security systems using software and hardware firewalls. How to configure a demilitarized zone (DMZ) based on Cisco IOS. Cisco IOS-based ad filtering software. CISCO router configuration rules for IPSec support. Designing a virtual private network between the corporation's offices based on the Cisco iOS router. Rules for configuring IPSec encryption settings in the software and hardware firewall. Design of a virtual private network between the offices of the corporation on the basis of software and hardware firewalls. Design of network equipment protection systems of the corporation for the implementation
Assessment methods and criteria: Laboratory works - 15 Practical works - 5 Tests -10 Examination control -65
Критерії оцінювання результатів навчання: Maximum score in points Current control (PC) Examination control Together for the discipline Laboratory works - 30 Written together on a PC the oral component component 40 50 10 100 The procedure and criteria for assigning points and grades: Type of control Scoring criteria Maximum number of points Laboratory work Completed and submitted work 5 Test control Correct answers to the questions and correctly solved problems 50 Oral component Correct answer to the question 10
Recommended books: 1. Уенстром М. Організація захисту мережі Cisco / М.В. Уенстром. Пер. з англ.. ?К.: «Вільямс», 2005. ? 768 с. ил. 2. Рибальський О.В. Захист інформації в інформаційно-комунікаційних системах. Навчальний посібник для курсантів ВНЗ МВС України / О.В. Рибальський, В.Г. Хахановський, В.А. Кудінов, В.М. Смаглюк. – К.: Вид. Національної академії внутріш. справ, 2013. – 118 с. 3. Поповський В.В. Захист інформації в телекомунікаційних системах: Учебник в 2-х т. / В.В. Поповський, А.В. Персиков. – Харків: ТОВ «Компания СМИТ», 2006. – 238 с. [1]. – 292 c. [2].