Is3220 Ig

IS3220 Information Technology
Infrastructure Security

INSTRUCTOR GUIDE

Course Revision Table
Change
Date
Updated Section Change Description Change Rationale
Implementation
Date
01/09/2012 All New course New course March 2012

Credit hours: 4.5
Contact / Instructional hours: 60 (30 Theory, 30 Lab)
Prerequisite: IS3120 Network Communications Infrastructure or equivalent
Corequisite: None
IS3220 Information Technology Infrastructure Security INSTRUCTOR GUIDE

ITT Educational Services, Inc.
All Rights Reserved. -2- Change Date: 01/09/2012

Table of Contents
COURSE OVERVIEW ............................................................................................................... 3
INSTRUCTOR RESOURCES .................................................................................................... 5
COURSE MANAGEMENT ......................................................................................................... 7
GRADING .................................................................................................................................. 9
UNIT PLANS ............................................................................................................................11
COURSE SUPPORT TOOLS ...................................................................................................88
ASSESSMENT TOOLS ............................................................................................................90



Course Overview

Course Summary
Computer network security is complex, with new threats emerging constantly and new products and
procedures being introduced to defend against them. With todays emphasis on anywhere, anytime
access, most internal networks also access public networks, such as the Internet.
Strong network-perimeter defense is required along with secure connections for remote users.

This course focuses on general network security, providing essential terminology, current threats,
methods of protection, and future trends. In addition, the course covers firewalls, virtual private
networking fundamentals, and best practices. Along the way, students will understand the challenges
businesses and organizations face in protecting their networks and the data that resides within.

Instructional Approach
ITT/ESI instructional strategy and teaching methods are grounded into the following theoretical
constructs:
Blooms Taxonomy of learning objectives that determine: a) selection of specific instructional
tasks and associated outcomes, and b) assessment of learning outcomes
Gagns Taxonomy of learned capabilities that represent progression of competency
development from lower level operational skills to high-level intellectual capacity for solving
unknown, complex, ill-structured problems through application or generation of rules
Kellers ARCS Model addressing critical factors of learner motivation and engagement

Instructors are encouraged to utilize the following principles in their teaching practice:
Engaging students into active, experiential learning processes facilitated by the instructor or more
experienced peers
Gradually increasing the complexity of instructional tasks dynamically adapted to the students
current competency level
Promoting cognitive realism by grounding instructional tasks into real-life contexts and engaging
students in situations where they are challenged by complex problems requiring analytical
thinking, critical reading, and systematic interaction with peers
Providing opportunities for performing scientific inquiry and reflection on individual and group
work
Implementing assessments of student learning focused on knowledge transfer and demonstration
of competency acquisition through performing the tasks that have real-world relevance and match
the activities of professionals in practice



Critical Considerations

You should be familiar with current network security firewall and Virtual Private Network (VPN) concepts
and methods. The labs and lab demonstrations focus on port/protocol scanning and data packet analysis
(using NetWitness Investigator), vulnerability scanning (using Zenmap), network design, firewall analysis,
and VPN design considerations.

Due to the dynamic nature of the subject matter covered in the course, some students may come into this
course with less than updated knowledge and skills than required, which could hinder them from freely
maneuvering across the topics as desired. This will require the instructor to consciously use an adaptive
course delivery mode, fully engaging students across various learning activities while constantly
assessing students needs in terms of the knowledge dependencies, especially during the first couple of
weeks. The instructor should proactively provide students with just-in-time guidance and assistance on
the required knowledge and skills wherever applicable. As determined by the major instructional areas
identified in the course, the instructor may find it necessary to assign students to specific additional
readings and related learning activities from the ITT Tech Virtual Library and other external resources.
The instructor may also decide to expand on specific terms/topics so that students with less than updated
knowledge in the domain may catch up and follow the progression of the course successfully.



Instructor Resources

Required Resources
1. For the course textbook(s) and other required materials, review the course Syllabus.
2. Electronic copy of the Instructor Lab Manual (in .pdf format) and supporting lab setup files*
3. Course Delivery Presentations (in .ppt format)*
* To be downloaded from www.jblearning.com/ITT. These files are hosted in the instructors resources
portal provided by Jones & Bartlett Learning. To download, you must register by using your itt-tech.edu
email address as your personal log on. Once you register with the site, a confirmation email will be sent to
the itt-tech.edu email you provided with the log on credentials. Once you successfully log on to the site,
you may download the files in the course folder.

Additional Resources
Internal
ITT Tech Virtual Library:
http://myportal.itt-tech.edu/library/Pages/HomePage.aspx. This resource provides access to
books, articles, and tutorials that supplement student learning.
Faculty Collaboration Portals:
http://myportal.itt-tech.edu/employee/dept/curriculum/FC/default.aspx.


This location allows you to post your questions and to respond to your peers questions about the
course.
Curriculum Database:
http://myportal.itt-tech.edu/faculty/cdb/Pages/default.aspx.
Please download the latest version of the courseware from this location.
External
Douglas E Comer
Internetworking with TCP/IP, 5
th
ed.
Noonan et al
Firewall Fundamentals
Rhodes-Ousley et al,
Network Security: The Complete Reference
W. Richard Stevens et al
TCP/IP Illustrated
Keith Strassberg et al
Firewalls: The Complete Reference
Michael E. Whitman et al
Guide to Firewalls and Network Security
Elizabeth D. Zwicky et al
Building Internet Firewalls, 2
nd
ed.
Ruixi Yuan
Virtual Private Networks: Technologies and Solutions
Jonathan Katz
Introduction to Modern Cryptography: Principles and Protocols. Chapman & Hall/CRC
Mark Lewis
Comparing, Designing, and Deploying VPNs
John Mairs
VPNs: A Beginner's Guide



Course Management

Lab Setup and Technical Requirements

Course Specific Lab Setup
Each ISS course has an accompanying Lab Manual. Refer to each courses Lab Manual for specific lab
setup, configuration, Instructor demos, and student lab instructions. For each lab, the instructor will
explain and demonstrate what tasks and deliverables are required (paper-based or equipment-based).

Test Administration and Processing
Tests/examinations for the onsite courses are proctored by instructors in the classroom following
the schedule at the local campus. The Final Examination is to be conducted in the last week of
the quarter with the first half of the class time allocated to the course review and the second half
of the class time allocated to the examination. If a lab practicum is part of the final examination,
the lab practicum is to be scheduled in the lab time of the last class meeting.
It is against the academic integrity and violation of the institutional policy to reveal the content of
the tests/examinations to students in any format prior to the actual time scheduled for the
test/examination. Every instructor is required to exercise diligence in protecting all testing
materials from being compromised in any form.
Grades for the course must be closed at the scheduled time mandated by the institution.
All quizzes, tests and examinations for the online courses are administered through the online
learning management system (LMS) at their scheduled times.

Replacement of Learning Assignments
Tests/ExaminationsThe instructor may add up to 20% of the items to the prescribed set without
altering the grade weight for the category. No substitution is allowed for any of the prescribed
items.
QuizzesThe instructor is encouraged to construct just-in-time items for this category. If
prescribed items are provided, the instructor may choose to use them or substitute them with their
own versions without altering the grade weights allocated to the category.
Assignments/Discussions/ProjectsWherever deemed necessary, the instructor may choose to
substitute prescribed items with his or her own version without altering the grade weights
allocated to the category. The substitution items must address the same objectives as the original
items at similar levels of scope and rigor with reasonable rubrics.



Academic Integrity
All students must comply with the policies that regulate all forms of academic dishonesty, or academic
misconduct, including plagiarism, self-plagiarism, fabrication, deception, cheating, and sabotage. For
more information on the academic honesty policies, refer to the Student Handbook. Check policies and
faculty Handbook.

Communication and Student Support
Faculty are expected to proactively engage students in the learning of the course through active
guidance, monitoring and follow-ups.

Onsite faculty should respond to students emails and/or phone calls within 48 hours. Graded
assignments must be returned to students by the next class meeting in most cases.

Online instructors are expected to respond to students Ask the Instructor messages within 24 hours of
receipt (48 hours on the weekend). Written assignments must be graded within 72 hours. Discussion
forums must be graded within 72 hours after the last day posts are due.



Grading

The following template is required for setting up your course grade book. Titles are to be entered as
written below to enable aggregate analysis of student learning activities.

Grading Category
Category
Weight
Category Components
Component
Weight
Assignment 16%
Unit 1. Assignment 1. Clear-Text Data in Packet Trace 2%
Unit 2. Assignment 1. Selecting Security Countermeasures 2%
Unit 4. Assignment 1. Identify Unnecessary Services From
a Saved Vulnerability Scan
2%
Unit 5. Assignment 1. Select the Proper Type of Firewall 2%
Unit 7. Assignment 1. Create a VPN Connectivity
Troubleshooting Checklist
2%
Unit 8. Assignment 1. Security Concerns and Mitigation
Strategies
2%
Unit 9. Assignment 1. Security Plan and Documentation 2%
Unit 10. Assignment 1. Postincident Executive Summary
Report
2%
Lab 20%
Unit 1. Lab 1. Analyze Essential TCP/IP Networking
Protocols
2%
Unit 2. Lab 1. Network Documentation 2%
Unit 3. Lab 1. Network Discovery & Security Scanning
Using ZenMap GUI (Nmap)
2%
Unit 4. Lab 1. Perform a Software Vulnerability Scan &
Assessment with Nessus
1

2%
Unit 5. Lab 1. Configure a Microsoft Windows Workstation
Internal Firewall
2%
Unit 6. Lab 1. Design a De-Militarized Zone (DMZ) for a
LAN-to-WAN Ingress/Egress
2%
Unit 7. Lab 1. Implement a VPN Tunnel for Secure
Remote-Access
2%
Unit 8. Lab 1. Design a Layered Security Strategy for an IP
Network Infrastructure
2%
Unit 9. Lab 1. Construct a Linux Host Firewall and Monitor
for IP Traffic
2%

1
Nessus is a Registered Trademark of Tenable Network Security, Inc.


Grading Category
Category
Weight
Category Components
Component
Weight
Unit 10. Lab 1. Design and Implement Security Operations
Management Best Practices
2%
Discussion 10%
Unit 1. Discussion 1. Familiar Protocols 1%
Unit 2. Discussion 1. Familiar Domains 1%
Unit 3. Discussion 1. Social Engineering Defense Issues 1%
Unit 4. Discussion 1. Host-Based vs. Network-Based
IDSs/IPSs
1%
Unit 5. Discussion 1. Ingress and Egress Filtering 1%
Unit 6. Discussion 1. Firewall Security Strategies 1%
Unit 7. Discussion 1. Developing a VPN Policy and
Enforcing VPN Best Practices
1%
Unit 8. Discussion 1. System Hardening 1%
Unit 9. Discussion 1. Firewall Implementation Planning 1%
Unit 10. Discussion 1. Incident Response Strategies 1%
Project 29%
Unit 4. Project Part 1. Network Survey 4%
Unit 7. Project. Part 2. Network Design 5%
Unit 11. Final Project. Network Security Plan 20%
Exam 25% Final Exam 25%


Unit Plans

UNIT 1: Essential TCP/IP Network Protocols and Applications

Learning Objective
Review essential Transmission Control Protocol/Internet Protocol (TCP/IP) behavior and
applications used in IP networking.

Key Concepts
TCP/IP protocol analysis using NetWitness Investigator
Differentiating clear text from cipher text
Essential TCP/IP characteristics: Three-way handshake, synchronize (SYN), acknowledge
(ACK), User Datagram Protocol (UDP), and TCP
IP networking protocol behavior: IP version 4 (IPv4) address, Address Resolution Protocol (ARP),
Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), Routing Information
Protocol (RIP), Open Shortest Path First (OSPF)
Network management tools: Internet Control Message Protocol (ICMP), Simple Network
Management Protocol (SNMP), Telnet, File Transfer Protocol (FTP), Trivial File Transfer Protocol
(TFTP), Secure Shell (SSH)

Reading
Stewart, Chapter 1. Network Security Fundamentals
IPv4 Versus IPv6
DNS
Stewart, Chapter 2. Firewall Fundamentals
TCP/IP Overview
Stewart, Chapter 5. Network Security Implementation
Seven Domains of a Typical IT Infrastructure
Protocols and Topologies
Common Types of Addressing

Keywords
Use the following keywords to search for additional materials to support your work:
IPv4 addressing
NetWitness investigator
Network management
Networking protocol


Protocol analysis
Protocol analyzer
Protocols
TCP/IP
Three-way handshake
Trace analysis



Learning Activities

E X P L O R E

FOCUS SUGGESTED APPROACH METHOD TOOLS

Concepts

The first part of this unit provides background for students
who are not familiar with protocols. Begin the unit with the
concept of packet in network communications, what it
contains, and the benefits of protocol analysis.
Next, through the Concepts section of IS3220.U1.PS1.ppt,
cover the following points:
Discuss the TCP/IP protocol suite and various
protocols within the suite.
Discuss packets and packet structure.
Introduce protocol (packet) analyzers. There are
many analyzers to choose from, like Wireshark,
tcpdump, and NetWitness Investigator.
Explain NetWitness Investigator and Wireshark
features. Note that these software packages will
be used throughout the course.

Presentation

IS3220.U1.PS1

Process

Refer to the Process section of IS3220.U1.PS1.ppt to
Reinforce that students can use NetWitness
Investigator as a packet capture tool and trace
analyzer and touch on its other comprehensive
features.
Discuss the essentials of TCP/IP transaction
sessions and three-way handshake: SYN, ACK,
finish (FIN), and reset (RST) used by TCP.

Presentation

IS3220.U1.PS1

Roles

This is a graded discussion. Therefore, at the end of the
discussion, ask the students to summarize and submit
their learning.

Text Sheet
Discussion

IS3220.U1.TS1


Form groups of students and encourage them to discuss
the roles of common protocols that are used in their
personal computing or professional enterprise
environments. For example, ask them what role TCP/IP
plays for Internet communications. Ask them how DHCP
eases management of IP addresses. Help them
understand the common protocols used in preparation for
packet analysis.

Context

Set the stage for capturing session analysis and analyzing
network protocol use by discussing the following:
IPv4 addressing
Networking protocol use
Clear-text protocol transactions versus encrypted
protocols

Presentation

IS3220.U1.PS1

Rationale

Discuss constraints on packet captures, such as network
interface promiscuous mode and switches versus hubs.
Emphasize how the ability to capture clear text is a privacy
issue. What kinds of personal or sensitive data could be
read? Which laws may be broken when capturing
clear-text data? Ask students to describe how these
privacy issues could affect their personal and professional
lives.
Discussion

IS3220.U1.TS2

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment
Students will be provided a handout on familiar protocols
and asked to discuss them. The protocols include
TCP/IP, TCP, IP, UDP, DHCP, and many others. If
participation wanes, ask questions, such as, Which
protocol does xyz?, so that students can provide a
protocol name. You may turn the session into a game of
jeopardy to encourage participation.
Encourage students to use all the resources from the
EXPLORE phase to work on this graded assignment.
1% Unit 1. Discussion
1. Familiar Protocols



P R A C T I C E


Demo Lab

Refer to IS3220 Instructors Lab Manual for details. Demonstration

IS3220.
Instructors Lab
Manual

Hands-on
Lab

Refer to IS3220 Instructors Lab Manual for details. Independent
Study

IS3220.
Instructors Lab
Manual

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment
Refer to IS3220 Instructors Lab Manual for details.

PRACTICE phase to work on this graded assignment.
2% IS3220. Instructors
Lab Manual



A P P L Y


Challenge

The premise of this assignment is that the student is newly
hired as a technology associate in the information systems
department at Corporation Techs in Dallas, Texas. The
student needs to learn about a new packet analyzer called
NetWitness Inspector.

Lecture

Contributing
Factors

Revisit the issues of clear text versus encrypted data and
the privacy issues surrounding the clear text. Tell the
students that personal and/or sensitive information may
easily be intercepted by an attacker.

Discussion

Course of
Action

Hand out the assignment to the students. Ask them to
download and install NetWitness Investigator on their
computer. They must use the interface to open a specific
demo packet, and then find and display a clear-text
password.
Students must find the clear-text password as
mypassword1. Students are instructed to explore the
NetWitness Investigator interface on their own in
preparation for the interface use throughout the course.
The tools they must identify are: Toggle Timeline, Order
By Total, Order By Values, Ascending Sort, Descending
Sort, Session Count, Session Size, Packet Count, Custom
Drill, Google Earth, and Print View.

Discussion

Summary

% of the total
course grade
Assignment
Requirements


Graded
Assignment
Students are given instructions on installing NetWitness
Investigator and opening a trace file. They must find the
clear-text password as mypassword1. The students
must report the name of the tools they explore.

APPLY phase to work on this graded assignment.

2% Unit 1.
Assignment 1.
Clear-text data
in packet trace

Reminders
Remind students of their readings for Unit 2.
Remind students that Unit 1 Assignment 1 is due before the start of next units class.
(End of Unit 1)



UNIT 2: Network Security Basics

Learning Objective
Explain the fundamental concepts of network security.

Key Concepts
Confidentiality, integrity, and availability (CIA) mandates for network resource security
Network security and its value to the enterprise
Roles and responsibilities in network security
Impact of network infrastructure design on security
Features, uses, and benefits of network security countermeasures

Reading
Stewart, Chapter 1. Network Security Fundamentals

Keywords
Confidentiality
Integrity
Availability
Authentication
Authorization
Risk
Threat
Vulnerability
Security policy
Firewall
VPN
Demilitarized zone (DMZ)



Learning Activities

E X P L O R E


Concepts

The Concepts section is divided into three parts:
1. Refer to slides 3-5 in the Concepts section of
IS3220.U2.PS1.ppt to cover the following points:
Discuss CIA as primary goals of information
security.
Talk about the secondary goals that build
upon the CIA triad. Also, discuss the
procedures and methods used for assuring
the goals of the CIA triad are met.
Using the diagram provided in slide 5, discuss
each of the seven domains of a typical
information technology (IT) infrastructure. This
discussion should include any CIA
implications for each domain. You may also
want to discuss how these domains relate to
each other.
2. Introduce the concept of risk and describe how
understanding the concepts of risk and applying
policies and controls that address information
assurance will result in a more secure networking
environment. Refer to slides 6-9 in the Concepts
section of IS3220.U2.PS1.ppt to cover the
following points:
Revisit the concepts of risk, threat, and
vulnerability. You may use some real-life
examples to describe the impact of risk on an
organization.
Discuss how information assurance builds
upon the CIA concepts to provide methods
and procedures, like authentication and
Presentation

IS3220.U2.PS1


nonrepudiation, to address the risks
associated with IT.
Talk about security policies.
Provide an overview of a sample of
networking infrastructures. Highlight the
benefits and risks that each type brings.
3. Revisit the key terms that have been discussed so
far. Review the terminology that the students will
see in the upcoming units. Understanding the
terminology will be critical for the remainder of the
course. Refer to slides 10-12 in the Concepts
section of IS3220.U2.PS1.ppt to cover the
following points:
General terminology: Ask students to provide
a definition of the terms mentioned in the
slide.
Risk terminology: The topic of risk has many
pieces and is often confusing to someone who
has not worked with risk before. You may
want to do a quick recap of the terms
associated with risk.
Networking terminology: The intent of
discussing this terminology is to introduce the
students to the purpose and security
implications associated with each term.
Where appropriate, point out security risks
that a networking component addresses or
offers.

Process

Refer to the Process section of IS3220.U2.PS1.ppt to
Introduce policy, awareness, and training as
security countermeasures. Present them as
the starting point for security in every
organization.
Talk about some of the common
countermeasures that are available. Discuss
Presentation

IS3220.U2.PS1



how the countermeasures chosen to secure a
network will vary depending on the business
requirements and the network deployment
supporting those requirements. Review the
use, benefits, and limitations of each
countermeasure.

Roles

Select six students in the class. Ask each of them to
represent the role of senior management, IT management,
IT security staff, managers, network administrators, users,
and auditors, respectively. Give them about five minutes
to think about what is their responsibility toward network
security. Then, ask those students to present their views
to the rest of the class. Later, the entire class should
discuss if appropriate responsibilities were identified. What
did those six students miss? Provide students with
IS3220.U2.TS1.doc to facilitate the discussion.

Discussion

IS3220.U2.TS1

Context

Refer to the Context section of IS3220.U2.PS1.ppt to
Discuss how business requirements guide the
network requirements and security
implications of the requirements. Highlight
how the availability requirements change the
design of the system. Propose questions,
such as Does the business require 24/7
availability? If so, redundant systems might
be necessary. Further ask, Can the business
tolerate an outage? Remind students that
availability is one of the primary objectives of
network security.
Address the sensitivity of the data involved.
Ask students, are we transmitting personally
identifiable information (PII) data or card
holder data? Is there a requirement around
encryption? Talk about how sensitivity relates
back to the confidentiality objective.
Presentation

IS3220.U2.PS1



Highlight some of the implications that
connecting a network to the Internet presents.
Discuss wired networks.
Walk through the benefits of wireless
networking.
Discuss some of the security concerns that
must be considered with a wireless network.
Discuss the benefits and design
implementations of mobile networking.

Rationale

their learning.

To remind students of the seven domains, provide them
with IS3220.U2.TS2.doc. Form groups of students to
discuss and identify the domains of a typical IT
infrastructure the students are familiar with and the
countermeasures that they have used or seen being used
in a network. The intent of this discussion is to allow the
students to apply the material that was covered so far to
their experiences.

Discussion

IS3220.U2.TS2

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment
This is an in-class assignment. The students will be
divided into smaller groups to facilitate a discussion on
the domain of a typical IT infrastructure.


1% Unit 2.
Discussion 1.
Familiar
Domains



P R A C T I C E


Demo Lab


IS3220.
Instructors Lab
Manual

Hands-on
Lab

Study

IS3220.
Instructors Lab
Manual

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment

2%
IS3220.
Instructors Lab
Manual



A P P L Y


Challenge

The scenario for this assignment continues from the
scenario in Unit 1 Assignment 1. This time, students will
be given a suggested network design for Corporation
Techs. For more details on the scenario, refer to the
assignment. Students must research and identify the
appropriate network security countermeasures for the
identified threats.

Lecture

Contributing
Factors

Remind students that a balance must exist between
security and usability. Several countermeasures are
available for any given threat, but the best one must be
chosen with the business objectives in mind.

Discussion

Course of
Action

Hand over the assignment to the students. Ask students to
refer back to their notes from the early discussion about
common network security threat countermeasures. Using
the Internet, the students should research real-life
solutions to the problem.

Discussion

IS3220.U2.TS3

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment
Students need to identify the countermeasures and
submit a report on the same. The students report should
include a description of each threat and the
countermeasure identified for it. The students should
discuss the reasons they chose each countermeasure. In
addition, the students should discuss the benefits and
limitations of each countermeasure.

2% Unit 2.
Assignment 1.
Selecting
Security
Countermeasures



Reminders

(End of Unit 2)



UNIT 3: Network Security Threats

Learning Objective
Recognize the impact that malicious exploits and attacks have on network security.

Key Concepts
Intellectual property and privacy data
Risk assessment for your network infrastructure
Wired and wireless network infrastructure risks, threats, and vulnerabilities
Common network hacking tools: Applications, exploits, and attacks
Social engineering practices and their impact on network security efforts

Reading
Stewart, Chapter 4. Network Security Threats and Issues
NIST SP 800-30: Risk Management Guide for Information Technology Systems
(http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf)

Keywords
Arbitrary code execution
Botnet
Buffer overflow
Cross-site scripting (XSS)
Denial of service (DoS)
Distributed denial of service (DDoS)
Hacker
Insertion attack
Interception attack
Keystroke logger
Nmap
Phishing
Playback attack
Port scanning
Replay attack
Risk assessment
Rootkit
Security awareness training


Session hijacking
Social engineering
Spam
Structured Query Language (SQL) injection
Vulnerability scan
Hacking
ICMP redirect
Insertion attack
Interception attack
Keystroke logger
Man-in-the-middle/monkey-in-the-middle



Learning Activities

E X P L O R E


Concepts

Begin the session with a discussion on the common types
of threats that are likely to be encountered by most
organizations, malware and application vulnerabilities.
Refer to the Concepts section of IS3220.U3.PS1.ppt to
Malware: Compare and contrast various types of
malware, such as viruses, worms, Trojan horses,
browser redirection, and keyloggers. Review how
computers are infected with malware. You may
present real-world examples and illustrate the
impact they can have on organizations.
Application vulnerabilities: Review common
classes of vulnerabilities, such as buffer overflow,
unsanitized data inputs, cross-site scripting, and
cached credentials. Stress the importance of
including security in the system development life
cycle and keeping abreast of vendor-issued
security patches and updates. Present real-world
examples and illustrate the impact they can have
on organizations.
System port and vulnerability scanning: Review
the basics of system port and vulnerability
scanning and relate the importance of conducting
regular vulnerability scans.

Presentation

IS3220.U3.PS1

Process

Organizations must be able to prioritize and address
threats that pose the greatest risk. Refer to the Process
section of IS3220.U3.PS1.ppt to cover the following
points:
Risk assessment methodology: Introduce risk.
Presentation

IS3220.U3.PS1



Cover the basic steps of formal risk assessment
methodology as discussed in NIST Special
Publication 800-30.
Determining risk: Discuss the concepts of
likelihood and impact of risk. Help students
understand how these concepts are used to
calculate risk using a risk level matrix. Explain the
difference between qualitative and quantitative
risk analysis and why qualitative risk analysis is
typically used when calculating risk for network
security.

Roles

Ask students, who could be an attacker? Suggest some
examples, like a disgruntled employee out for revenge, an
overworked employee that tries to bypass security
controls in order to save time, or a professional hacker
trying to steal confidential or proprietary data to sell to the
highest bidder. How to protect an organization against
such attackers? Hand out the text sheet
(IS3220.U3.TS1.doc) to students and refer to the Roles
points:
Network attackers: Discuss the types of
attackers, internal and external. Talk about how
attackers are not always malicious and attacks
are not always deliberate. Identify the three types
of hackers. Describe the hacking process.
Hacker motivation: Explore the hacker society
and how hacking affects social status in hacker
communities. During the discussion, encourage
students to offer opinions on hacker motivations,
as well as share any professional experiences
they have had with internal or external attackers.
Attack Methods: Discuss attack methods, such as
unauthorized access, network penetration,
malware, and application compromise. Also,
discuss social engineering techniques.
Discussion
Presentation

IS3220.U3.TS1

IS3220.U3.PS1



Context

By now, students should be familiar with the seven
domains of a typical IT infrastructure as well as common
threats and vulnerabilities. You may do a quick recap of
the domains, threats, and vulnerabilities with the help of
slides provided for the Context section.

Refer to the Context section of IS3220.U3.PS1.ppt to
Risks, threats, and vulnerabilities for each of the
seven domains of a typical IT infrastructure.
Present security concerns rose from risks, threats,
and vulnerabilities specific to wireless networks,
such as scanning for wireless networks and rogue
access points.

Presentation

IS3220.U3.PS1

Rationale

their learning.

Hand out the text sheet summarizing social engineering
techniques. Form groups of students and instruct them to
discuss social engineering attacks and identify security
awareness training to offset common social engineering
techniques. In addition, discuss why social engineering
attacks are particularly difficult to prevent. Refer to the
Graded Assignments section for details.

The intent of this discussion is to help students apply their
learning on social engineering to prepare them for any
real-world situations involving social engineering.
Discussion

IS3220.U3.TS2

Summary

% of the total
course grade
Assignment
Requirements


Graded
Assignment
social engineering techniques.

1% Unit 3.
Discussion 2.
Social
Engineering
Defense Issues



P R A C T I C E


Demo Lab


IS3220.
Instructors Lab
Manual

Hands-on
Lab

Study

IS3220.
Instructors Lab
Manual

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment

2% IS3220.
Instructors Lab
Manual



A P P L Y


Challenge

The initial phase of any network security realignment
process involves identifying existing resources. This
activity allows students to fulfill the role of an employee
participating in the network security process in a specific
business situation.

Lecture

Contributing
Factors

Remind students that before it is possible to plan to
change anything in the network, they must first understand
what is present in the network, where it is located, and
what function it performs. Students should refer back to
the work performed in the Hands-on Lab in earlier units of
this course.

Discussion

Course of
Action

Hand out the assignment to the students. Ask them to
summarize the network survey results and submit it.
Discussion

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment
Students will build upon the Lab assignment in order to
produce a network survey document that identifies hosts,
protocols, and services applicable to the Corporation
Techs network environment.

4% Unit 4. Project
Part 1. Network
Survey.
Reminders
Remind students that Project Part 1 is due for submission in next unit.

(End of Unit 3)
UNIT 4: Network Security Tools and Techniques


Learning Objective
Identify network security tools and discuss techniques for network protection.

Key Concepts
Securing the local area network (LAN)-to-wide area network (WAN) domainInternet
ingress/egress point
Mitigating risk with intrusion detection systems (IDSs) and intrusion prevention systems (IPSs)
Contrasting intrusion detection and intrusion prevention strategies
Review of automated network scanning and vulnerability assessment tools and their use
Data protection strategies and their value to the organization

Reading
Technical Overview of Network Security, Firewalls, and VPNs
Stewart, Chapter 7. Exploring the Depths of Firewalls
Understanding Firewall Logs and Alerts
Intrusion Detection
Stewart, Chapter 15. Network Security Resources, and the Future

Keywords
Firewall
IDS
IPS
Network analysis
Port Scan
VPN
Vulnerabilities
Vulnerability assessment
Vulnerability scan
Watermarking



Learning Activities

E X P L O R E


Concepts

Identify the features and functions of commonly available
network-vulnerability assessment tools. Refer to the
Concepts section of IS3220.U4.PS1.ppt to cover the
following points:
Discuss the two basic types of vulnerability
scanners.
Define Nmap and Zenmap and take a tour of
the Zenmap interface.
Discuss other notable vulnerability
assessment scanners, such as Nessus,
Retina, and SAINT. You may also want to
discuss other scanners students encounter in
the real-world.

Presentation

IS3220.U4.PS1

Process

Network analysis involves analyzing network data to
reconstruct network activity over a specific time period.
This section focuses on network analysis and the primary
steps used to perform analyses. Refer to the Process
points:
Network analysis
Overview of network analysis tools
Where to capture data on the network
Network analysis steps

Presentation

IS3220.U4.PS1

Roles

Describe the use of data loss/data leak prevention tools
and their roles in protecting the CIA principles.
Refer to the Roles section of IS3220.U4.PS1.ppt to cover
the following points:
Emphasize the purpose of data loss/data leak
Presentation

IS3220.U4.PS1



prevention tools.
Define the two basic types of tools: Perimeter
based and client or endpoint based. Discuss
some of the perimeter- and client-based tools,
both commercial and open source. The
discussion should not favor any one tool.
Focus on the roles the tools play in protecting
sensitive information from leaving a network.

Context

Take the focus to securing the LAN-to-WAN domain,
which includes border routers, perimeter firewalls, IDSs
and IPSs. Refer to the Context section of
Discuss the LAN-to-WAN domain in relation to
the seven domains of a typical IT
infrastructure.
Review the essentials of ingress and egress
traffic. Define each of them.
Talk about border routers and how to protect
the LAN-to-WAN domain.
Define ingress and egress filtering.
Review the essential functions and features of
an IDS and IPS.
Discuss how an IDS differs from an IPS. Tell
the students that both IDSs and IPSs are
often collectively referred to as IDSs but they
do handle some different functions.
Differentiate between host-based IDSs
(HIDSs) and network-based IDSs (NIDSs).
This brief lecture will set the stage for the
in-depth discussion on HIDS and NIDS
drawbacks.

Presentation

IS3220.U4.PS1

Rationale

their learning. Ask students to review the content provided
in the handout and discuss why host- or network-based
Discussion

IS3220.U1.TS1



IDS solutions might present problems for an organization
in terms of resource consumption and encrypted transport
examination. Remind students that part of the tuning or
training process of an HIDS or NIDS is to strike a balance
between security and resource consumptionto avoid
decreasing end-user productivity and network bottlenecks.
The students should also discuss possible resolutions.

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment
divided into smaller groups to facilitate discussion.

1% Unit 4.
Discussion 1.
Host-Based vs.
Network-Based
IDSs/IPSs



P R A C T I C E


Demo Lab


IS3220.
Instructors Lab
Manual

Hands-on
Lab

Study

IS3220.
Instructors Lab
Manual

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment

2% IS3220.
Instructors Lab
Manual



A P P L Y


Challenge

scenario in Project Part 1. The student has been working
as a technology associate in the information systems
department at Corporation Techs. Refer to the assignment
to know the details about the scenario. Given a saved
Nmap/Zenmap scan of a web server host, students must
identify services that were detected on the system and
research the use of each service. The goal is to identify
unnecessary services running on the Web server.

Lecture

Contributing
Factors

Remind students that not all services are necessary on
every server. Leaving some services enabled provides a
possible attack point.

Discussion

Course of
Action

Hand out the assignment to the students. Students should
use the knowledge gained in class regarding vulnerability
assessment tools, and Nmap/Zenmap in particular, to
study the saved scan of a Web server. Students must use
the Help system in the tool and the Internet to determine
which services are unnecessary. Students need to create
a detailed plan for the removal of unnecessary services,
supporting their conclusions.

Discussion

IS3220.U4.TS2

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment
Students will be provided with a scenario and a saved
Nmap scan of a Web-server host. They will then identify
services detected on the system, research the use of
each, and detail a plan for the removal of unnecessary
2% Unit 4
Assignment 1.
Identify
Unnecessary
Services from a
Saved
Vulnerability Scan


services with support for their conclusions.


Reminders
Remind the students of their readings for Unit 5.

(End of Unit 4)



UNIT 5: Firewall Fundamentals

Learning Objective
Describe the fundamental functions performed by firewalls.

Key Concepts
IP stateful firewalls
Types of firewalls and their features and functions
Review of software- and hardware-based firewall solutions and their value to the enterprise
Filtering and port control strategies and their functions in enterprise security
Homed firewalls and placement

Reading
Stewart, Chapter 2. Firewall Fundamentals

Keywords
Application gateway
Egress filtering
Firewall
Host-based firewall
Ingress filtering
Multi-homed firewall
Network address translation (NAT)
Network-based firewall
Stateful
Stateless



Learning Activities

E X P L O R E


Concepts

The Concepts section is divided into two parts:
1. The first part of this unit provides background for
students new to the concept of network firewalls.
Refer to the slide 3 and 4 in the Concepts section of
IS3220.U5.PS1 to cover the following points:
Define a firewall and describe its features,
explain how firewalls fit into the network
security framework, and name different types
of firewalls. Discuss the various traffic
considerations a firewall makes on the
network.
Present an example of network topology
showing where firewalls fit into the network
environment.
2. The second part focuses on how tracking
network-connection state helps identify legitimate and
illegitimate network access. Refer to the slides 5 and 6
in the Concepts section of IS3220.U5.PS1.ppt to cover
Define stateless firewall inspection.
Define stateful firewall inspection.
Describe the difference between stateless and
stateful traffic filtering. Discuss the strengths
of monitoring session state information to
validate connections.

Presentation

IS3220.U5.PS1

Process

Discuss the differences between the types of firewall
filtering with a focus on the associated benefits and
drawbacks of each. Refer to the Process section of
Presentation

IS3220.U5.PS1


Describe how firewalls apply various filtering
strategies. Discuss variances between examining
protocol headers and payloads, filtering at different
Open Systems Interconnection (OSI) protocol layers,
and inbound versus outbound connections.
Discuss how proxy and NAT connections fit into the
network with firewalls. Distinguish the directions in
which traffic flows through the network.

Roles

The Roles section is divided into four parts:
1. Introduce packet filters and discuss the different types
of firewall and the roles each firewall plays in the
overall network design. Refer to slide 12 in the Roles
section of IS3220.U5.PS1.ppt to discuss static and
dynamic packet filters and the advantages of
monitoring connection states.
2. Highlight that all networks pass traffic and some of
that traffic could potentially expose the network to risk
factors. Help students understand the value of
application-level gateway filtering in secure networks.
Refer to slides 13-16 in the Roles section of
Define application-level gateways. Discuss
how a proxy connects firewall application
protocols. Explain the security that man-in-
the-middle filtering provides between client
and server. Describe how application proxies
help create a defense-in-depth strategy with
firewalls.
3. Form groups of students and encourage them to
discuss the different types of firewall. Ask them what
roles each firewall plays in the network design. Help
them understand the various firewall filtering methods.
Refer to slide 17 and 18 in the Roles section of
IS3220.U5.PS1.ppt to cover the following point:
Examine circuit-level network proxies and
distinguish them from application-level
Presentation

IS3220.U5.PS1


proxies. Discuss the basic operation of
circuit-level proxies. Describe how application
proxies help create a defense-in-depth
strategy with firewalls.
4. Discuss how address translation serves to segment
subnets and internal networks. Highlight that NAT also
helps to create a defense-in-depth strategy when
used with firewalls and proxies.
Refer to slide 19 in the Roles section of
IS3220.U5.PS1.ppt to walk through NAT and
explore how it benefits the network. Describe
how NAT helps create a defense-in-depth
strategy with firewalls and proxies.

Context

their learning.

Form groups of students, engage them in a discussion on
ingress and egress filtering, and firewall placement. Help
them understand the various firewall filtering methods.

Student should address inbound external connections to
protected intranet services, such as VPN telecommuting.
They should also cover outbound internal connections to
popular Internet services, such as Web and e-mail. The
students should also discuss firewall placement.

Discussion

IS3220.U5.TS1

Rationale

Discuss the differences between network- and host-based
firewalls, such as the scope of protection each provides.
Refer to the Rationale section of IS3220.U5.PS1.ppt to
Differentiate between software and hardware firewall
devices and discuss what would be the considerations
for installing both types. Emphasize the advantages
and disadvantages of software- and hardware-based
Presentation

IS3220.U5.PS1


firewall solutions.
Discuss layered protection through host- and network-
based firewalls, distinctions and differences between
local filtering and
network-wide filtering, and considerations for installing
both types.
Talk about single-homed and multi-homed firewall
systems, network implications, and considerations for
installing both types. Discuss strengths provided by
multi-homed firewall filtering and network isolation.

Ask students what kinds of traffic pass unprotected on the
internal network and what could pass protected between
external and internal sources. How is a hardware firewall
better than a software firewall? Why would you want more
than one interface?

Summary % of the total
course grade
Assignment
Requirements

Graded
Assignment
ingress and egress filtering and firewall placement.

1% Unit 5.
Discussion 1.
Ingress and
Egress Filtering



P R A C T I C E


Demo Lab


IS3220.
Instructors Lab
Manual

Hands-on
Lab

Study

IS3220.
Instructors Lab
Manual

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment

2% IS3220.
Instructors Lab
Manual



A P P L Y


Challenge

scenario in Unit 4 Assignment 1. The student has been
working as a technology associate in the information
systems department at Corporation Techs. Refer to the
assignment to know the details of the scenario. In this
assignment, the student needs to learn how to select the
right firewall filtering method for a given scenario.

Discussion

Contributing
Factors

Highlight the important differences between ingress and
egress traffic and the translation associated with private
network classes using NAT.
Discussion

Course of
Action

Hand out the assignment to the students. They must
choose an appropriate firewall filtering method and use
good judgment when considering how each type provides
protection and necessary filtering logic.

Discussion

IS3220.U5.TS2

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment
Students are instructed to identify where various types of
firewall filtering apply and how they protect against
malicious network behavior at all layers of the OSI
reference model.


2% Unit 5.
Assignment 1.
Select the Proper
Type of Firewall

Reminders



(End of Unit 5)



UNIT 6: Firewall Design Strategies

Learning Objective
Assess firewall design strategies.

Key Concepts
Organization traffic and acceptable use policy (AUP) policy reviewwhat is acceptable traffic
Strategies for Internet and private network separation
Firewall rules and their application in restricting and permitting data transit
Use of protected DMZs to provide security for publicly facing bastion hosts
Conflicts between security strategies and requirements for availability

Reading
Stewart, Chapter 7. Exploring the Depths of Firewalls
Stewart, Chapter 8. Firewall Deployment Considerations

Keywords
Rules
Filters
Management interface
Access control list (ACL)
Alert
False positive/negative
Firewalking
Load balancing
Caching
Unified thread management
Signature



Learning Activities

E X P L O R E


Concepts

Begin this unit by discussing the concepts of firewalls.
Firewalls are critical security components to include in any
network environment, but they are invulnerable. Firewalls
have both limitations and weaknesses that must be
thought through and discussed.
Refer to the Concepts section of IS3220.U6.PS1 to cover
Exploitable programming bugs
Buffer overflow
Fragmentation
Firewalking
Internal code planting
DoS

There are actions that an administrator can take to
counter the limitations and weaknesses of firewalls.
Additional protection can often be achieved by adding
encryption. Encryption has some significant implications
that should be understood before its enablement.
Describe the following points:
Encrypted transport
Gateway bottlenecks

Describe the impact of including firewall enhancements:
Malware scanning
IDS and IPS
VPN endpoints

Discussion
Presentation

IS3220.U6.PS1

Process
Discussion

IS3220.U6.TS1


their learning.

To facilitate the discussion, provide students with the text
sheet (IS3220.U6.TS1.doc). Have the students break into
small groups. Ask them to review the descriptions of
different firewall security strategies in order to determine
which strategies are appropriate. Strategies to be
discussed include:
Security through obscurity
Least privilege
Simplicity
Defense in depth
Diversity of defense
Choke point
Weakest link
Fail safe
Universal participation

Roles

Discuss the roles of reverse proxy and port forwarding in
internal network security. Reverse proxy and port
forwarding are methods that can provide a buffer from
direct access, creating concealment and thus, enhancing
security of the internal network. Refer to the Roles section
of IS3220.U6.PS1.ppt to cover the following points:
The roles reverse proxy and port forwarding play
in internal network security
The pros and cons of using reverse proxy and
port forwarding
Sharing limited public address space across
multiple private network services through NAT
combined with port forwarding

Discussion
Presentation

IS3220.U6.PS1

Context

In this section, lead a discussion about bastion hosts.
Bastion hosts represent the most basic of firewall
implementations. Refer to the Context section of
The use of bastion hosts in the DMZ
Discussion
Presentation

IS3220.U6.PS1


Considerations for ingress/egress filtering of traffic
originating in the private network and from the
Internet

Rationale

Rationale section is divided into two parts:
1. The first part covers firewall rules and ports range.
When setting up a new firewall or dealing with an
existing one, it is a requirement to configure and
manage firewall rules. Rules must be adjusted as
the needs of the environment shift, but there are
some general guidelines to keep in mind. Refer to
the Rationale section of IS3220.U6.PS1.ppt to
Firewall rule
General guidelines
Ports:
Which ports should be allowed
Which ports should be blocked
Conflicts between port range and individual
port allow/block settings
2. The second part covers the importance of logging
and monitoring. Logging and monitoring firewalls
in an environment is critical. In order to remain
aware of the effectiveness of the firewall and to be
able to respond effectively to threats, logging and
monitoring should be configured. Refer to the
Rationale section of IS3220.U6.PS1.ppt to
discuss logging and monitoring.

Discussion
Presentation

IS3220.U6.PS1

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment
divided into smaller groups to facilitate discussion.

1% Unit 6.
Discussion 1.
Firewall Security
Strategies



P R A C T I C E


Demo Lab


IS3220.Instructors
Lab Manual

Hands-on
Lab

Study

IS3220.Instructors
Lab Manual

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment

2% IS3220.Instructor
s Lab Manual



A P P L Y


Challenge

The configuration of a network affects the options
available for security and network defense. Using the
network survey produced during Part 1 of this project,
together with host vulnerability assessments and access
requirements, students are instructed to design an
updated network structure, separating private and public
services within the Corporation Techs network.
Lecture

Contributing
Factors

Engage the students in a discussion on what they need to
design in a network structure. Once they come up with
answers, give them the following description:
The Web server provides public access to the
organization's static Web site for contact information,
while sales team members in the field transfer contract
and bid documents using a site secured with a logon and
password. All of Corporation Techs computer systems
share the same Class C public IP address range,
including workstations along with servers providing
authentication, e-mail, and both secure and public Web
sites. As internet service provider (ISP) costs are very
high due to the subnet lease, it would be beneficial if the
new network design could reduce the number of public
addresses needed.

Discussion

Course of
Action

Hand over the assignment to the students. Students must
use NetWitness Investigator and Zenmap to identify
vulnerabilities in a packet trace file, create a basic network
design separating private and public services within the
network, and create a report detailing the information.

Lecture



Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment
Students will identify vulnerabilities, create a basic
network design separating private and public services
within the network, and create a professional report
detailing the information.


2% Unit 7. Project
Part 2. Network
Design

Reminders
Remind students that Project Part 2 is due for submission in next unit.

(End of Unit 6)



UNIT 7: VPN Fundamentals

Learning Objective
Describe the foundational concepts of VPNs.

Key Concepts
Strategies for protection of remote network access using a VPN
Network architecture necessary for VPN implementation
Types of VPN solutions and common protocols used for connectivity and data transport
Planning and selecting the best VPN options for an organization

Reading
Stewart, Chapter 3. VPN Fundamentals
Stewart, Chapter 11. VPN Management
Stewart, Chapter 12. VPN Technologies

Keywords
Use the following keyword to search for additional materials to support your work:
VPN



Learning Activities

E X P L O R E


Concepts

The first part of this unit provides a background for
students new to the concept of VPN. Refer to the
Concepts section of IS3220.U7.PS1.ppt to cover the
following points:
Define the VPN concept: What it does, how it
works, and why it is used. Discuss the benefits
and limitations of VPN technology.
Discuss the various types of VPN protocols and
how each fits into the OSI network model. Cover
VPN cost motivations, usage scenarios, and the
various connection types.
Ask students, what business and personal uses
are for VPN. How do VPNs benefit the network
and what are their usage limitations?
It is recommended that after teaching Concepts you take
up Rationale, Context, Roles, and Process, respectively.

Presentation

IS3220.U7.PS1

Process

their learning.

Students will review the process of developing a VPN
policy and employing best practices, guidelines, and
standards. Discussion topics should include:
Types of remote users and groups and applicable
access levels assigned to each of them
The guidelines, practices, procedures, policies,
and regulations that influence VPN operation and
oversight:
Solutions to resolve VPN usage violations
Discussion

IS3220.U7.TS1


or end-user misbehaviors
Controls used to contain and confine the
types of damage users can do, and how
to enforce them through policy

Roles

Emphasize the fundamental roles hardware- and
software-based VPN solutions play in data security. Refer
to the Roles section of IS3220.U7.PS1.ppt to cover the
following points:
Advantages and disadvantages of hardware- and
software-based VPNs
Options for outsourcing ownership and operation
of VPN services and systems

Presentation

IS3220.U7.PS1

Context
Ask the students, what solution is best for casual VPN
needs and what suits enterprise networks.

Compare and contrast VPNs operating in transport mode
and tunnel mode. Identify common VPN protocols and
examine the uses, features, and problems associated with
each of them. Refer to the Context section of
VPN tunneling and transport
Cryptographic protocols
VPN authentication, authorization, and
accountability mechanisms
Tunneling, transport, encapsulating, and carrier
protocols

Presentation

IS3220.U7.PS1

Rationale

Discuss VPN deployment models, deployment
mechanisms, architecture, and protocols. Emphasize
crucial components for secure VPN operation throughout
this section. Examine the implications of privately and
corporately owned VPN solutions. Refer to the Rationale
points:
VPN deployment models and methods and uses
Presentation

IS3220.U7.PS1



of each model
The underlying architecture that support VPN
services and VPN best practices
Common VPN protocols, the functions they
provide, and the problems posed by each VPN
protocol

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment
This is an in-class assignment. Students will be divided
into smaller groups to facilitate a discussion on
developing a VPN policy and employing best practices,
guidelines, and standards.

1% Unit 7.
Discussion 1.
VPN Policy and
Best Practices



P R A C T I C E


Demo Lab


IS3220.
Instructors Lab
Manual

Hands-on
Lab

Study

IS3220.
Instructors Lab
Manual

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment
2% IS3220. Instructors
Lab Manual



A P P L Y


Challenge

scenario in Project Part 2. The student has been working
as a technology associate in the information systems
department at Corporation Techs. The company has
experienced several VPN connection failures lately. The
manager has asked the student to create a VPN
connectivity troubleshooting checklist for future use.

Lecture

Contributing
Factors

There are potential failure points in a VPN connection.
Students must consider the underlying network, VPN
protocols and services, and software-related issues.

Discussion

Course of
Action

Hand out the assignment along with the text sheet.
Students must identify relevant steps in the VPN
connectivity troubleshooting process and create a
checklist of actions for resolving general VPN connectivity
issues.
Discussion

IS3220.U7.TS2

Summary

% of the total
course grade
Assignment
Requirements
Graded
Assignment
Students are instructed to review VPN connectivity
troubleshooting steps and create a troubleshooting
checklist.


2% Unit 7.
Assignment 1.
Create a VPN
Connectivity
Troubleshooting
Checklist

Reminders

(End of Unit 7)


UNIT 8: Network Security Implementation Strategies

Learning Objective
Describe network security implementation strategies and the roles each can play within the
security life cycle.

Key Concepts
Layered security strategies
Layered security for enterprise network resources
Practices for hardening systems and networks against an attack
Security as a process rather than a goal
Security as a process or a life cycle that requires constant attention

Reading

Keywords
Defense in depth
Concentric castle
Hardening
Internet Assigned Numbers Authority (IANA)
RFC 1918
Authentication
Authorization
Encryption
DHCP
Secure Sockets Layer (SSL)
Internet Protocol security (IPsec)



Learning Activities

E X P L O R E


Concepts

The Concepts section is divided into three parts:
1. You may use the following introduction to start the
Concepts section:
Layered security is about making a system more
secure by adding additional layers. The strength
of the systems security is determined by the sum
of all the layers and not just one control. Layered
security requires adding multiple controls to
protect any given resource. Each security control
should address CIA or some combination of them.
The goal of layered security is not to erase risk
but lower it by making it more difficult for an
attacker to penetrate defenses.

Refer to slides 3 and 4 in the Concepts section of
Layered security: Discuss how controls in
layered security build upon each other.
Emphasize that security policy is a layer
and should support all the other layers.
Layered security is action: Walk through
examples of layered security in action.
For the purposes of instruction, these
examples are simplified. You may want to
share some real-life examples in the
class.
2. Introduce the concentric castle design. Refer to
slides 5 and 6 in the Concepts section of
Concentric castles: Discuss the features
Presentation

IS3220.U8.PS1


and benefits of a concentric castles
design.
Network security application: Discuss how
a DMZ design employs the principles of a
concentric castles design.
3. Talk in-depth about the focus of layered security.
Discuss that when building upon the concepts of
layered security and concentric defense, one can
add overlapping countermeasures to the same (or
different) layers to create depth of controls. Once
the breadth and depth of controls are established,
defense in-depth can be realized. Help students
understand that technical controls must be
supported by nontechnical controls. Nontechnical
controls are often physical security controls or
administrative controls. As an example, incident
management can include a variety of technical
controls to identify an incident. However, without a
proper incident response plan, one does not have
true defense in depth. Refer to slides 7-9 in the
Concepts section of IS3220.U8.PS1.ppt to cover
Improving concentric castles: Continuing
with the previous example, describe how
depth can be added to the castle defense
to create a more robust defense.
Building upon layered security: Discuss
breadth versus depth using the example
given in the slide.
The bigger picture: Discuss how layered
defense and defense in depth work
together to address the concerns
associated with the CIA triad.

Process

their learning.
Discussion

IS3220.U8.TS1


Explain the purpose of system hardening. Lead the class
in a discussion about system hardening strategies and
techniques including updates and patches, default
logon/passwords, anonymous access, removal of
unneeded services, separation of production and
development environments, and settings, such as
password length and complexity. The system hardening
discussion text sheet (IS3220.U1.TS1.doc) provides a
sample of resources available for hardening systems. It
has descriptions and links to available hardening
guidelines and standards.

Roles

You may use the following introduction to start this
section:
Security is only as strong as the weakest link involved. To
have a successful network-security implementation one
must consider not only the bigger picture, but also each
individual component. Starting with a security policy that
addresses the CIA, one must place countermeasures to
address identified threats at every level. This is
accomplished using a combination of layered security and
defense in depth.

Refer to slides 11-19 in the Roles section of
Node security: Present the idea that every device
on the network has certain risks associated with it.
In order to have an effective network security one
must start security at the lowest level (the device
level). Highlight that different individuals play a
role in securing the network at individual levels.
Node security concerns: Discuss the specific
security concerns of different node types. The
examples provided are simplistic for presentation
purposes. You may want to discuss some real-life
examples to add more depth.
Network security: Discuss how network design
Presentation

IS3220.U8.PS1


decisions impact the security of the network.
Present this as a review from previous sections.
Highlight the newer topics.
Describe how IP addresses are
assignedstatically or dynamically.
Discuss the two different types of
addressing offered by TCP/IP, public and
private.
Physical security: Discuss the importance of
physical security. Provide students with examples
of how direct terminal access can bypass certain
controls. Touch on high-level aspects of physical
security as they relate to network security.
Administrative controls: Discuss the administrative
controls that form the framework of network
security. Explain how all controls are build with the
corporate objectives in mind.
Key components: Discuss the areas that go into
the overall security of a network. This topic may
also be treated as a review from previous
sections.

Context

Hand out the provided text sheet (IS3220.U8.TS2.doc),
which includes a comparison of security concerns for
local, remote, and mobile hosts. Compare and contrast
the security concerns surrounding local hosts, remote
hosts, and mobile devices. Remind students that one must
consider business needs when designing security. A
workers needs can vary based on the job functions and
work locations. Ask students to consider the requirements
of the sample worker types included in the handout.
The discussion should include the following points:
Transport security
On-device encryption
Malware defenses

Discussion

IS3220.U8.TS2



Rationale

You may use the following introduction to start the
Rationale section:
In order to have a successful network security
implementation, one must enforce access control. To
effectively defend against threats, one must be able to
authenticate and authorize users. Additionally, having the
ability to log and monitor activity is crucial to success. If
security policy is the law, access control is the police.
Access control plays a pivotal role in protecting the CIA of
information. Access control sets the stage for who can
access confidentiality or modify integrity of information.
Finally, if an individual cannot access the information they
need, the availability of information will be affected.

Encryption is concerned with render data unreadable to
everyone, but the intended parties. Encryption focuses on
protecting the confidentiality and integrity of data.
Encryption systems are designed to ensure that a
message is unreadable to eavesdroppers and the host
has not been altered. Encryption can also ensure
authenticity and nonrepudiation.

Refer to slides 21-25 in the Rationale section of
Authentication: Discuss how authentication works
and the different levels of authentication. Link the
discussion back to the CIA triad as appropriate.
Authorization: Discuss how authorization works.
Attention should be paid to the concept of least
privileged. You can relate it back to the CIA triad
as appropriate.
Accounting: Discuss how accounting works and
the difference between logging, monitoring, and
auditing. Link it back to the CIA triad as
appropriate.
Encryption: Data at rest is not a focus because
we are concerned with networks and
Presentation

IS3220.U8.PS1



communication encryption. However, a brief
overview of encryption should be provided.
Discuss the methods and purpose of encrypting
data in transit.

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment
system hardening techniques and strategies. At the end
of the discussion, the students need to summarize and
submit their learning.

1% Unit 8. Discussion
1. System
hardening



P R A C T I C E


Demo Lab


IS3220.
Instructors Lab
Manual

Hands-on
Lab

Study

IS3220.
Instructors Lab
Manual

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment

2% IS3220.
Instructors Lab
Manual



A P P L Y


Challenge

Students will identify a networked technology used at
home, at work, or as a personal convenience. The
students will research and identify three potential threats
to node security of the device, and detail a mitigation
mechanism for each threat.

Lecture

Contributing
Factors

Hand out the provided security concerns and mitigations
strategies text sheet. Tell the students that it is estimated
that over 5 billion devices are connected to the Internet
today. In the next 5-10 years estimates are putting that
number at anywhere between 15 and 50 billion.

Discussion

IS3220.U8.TS3

Course of
Action

Ask students to consider the list of host types and select a
networked technology used at home, at work or as a
personal convenience.
Discussion

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment
Students will provide a written report on the networked
technologies along with its associated threats, and
mitigation strategy. The students report should include a
description of each networked technology and the
identified threat.
2% Unit 8.
Assignment 1.
Security
Concerns and
Mitigation
Strategies

Reminders

(End of Unit 8)
UNIT 9: Firewall Implementation and Management


Learning Objective
Appraise the elements of firewall and VPN implementation and management.

Key Concepts
Planning and selection of an appropriate firewall for an organization
Best practices for managing enterprise and personal firewalls
Security appliances that work with firewalls
Best practices for managing VPN connectivity
Risks in using remote access technologies in the context of an enterprise

Reading
Stewart, Chapter 9. Firewall Management and Security Concerns
Stewart, Chapter 10. Using Common Firewalls
Stewart, Chapter 13. Firewall Implementation
Stewart, Chapter 14. Real-World VPNs

Keywords
Attacks
Best practices
Firewall
Implementation
Integration
Threats
Troubleshooting
VPN



Learning Activities

E X P L O R E


Concepts

Firewall and VPN implementations require careful
planning, management, and extensive documentation.
This ensures successful deployment, resolve future
problems, detect and thwart attacks, and prepare for
disasters.

Refer to the Concepts section of IS3220.U9.PS1.ppt to
Identify and review best practices for
management of various types of firewalls.
Discuss the tools for managing and monitoring
firewalls: Although specific tools are mentioned,
there are always new tools being developed.
Discuss the reason for having the tools and the
purpose of managing and monitoring a firewall by
covering the following points:
Buying vs. Building
Common firewall hacks.
Emphasize the critical aspects of
firewalking, packet inspection,
tunneling, and defenses against
tunneling.

Discussion
Presentation

IS3220.U9.PS1

Process

This section focuses on techniques for troubleshooting
common firewall problems. Refer to the Process section of
Basic troubleshooting tips
The importance of detailed and up-to-date
documentation

Discussion
Presentation

IS3220.U9.PS1



Roles

This is a graded discussion. At the end of the discussion,
ask students to summarize and submit their learning.

Ask students to review the content in the text sheet
provided and discuss firewall implementation planning.
Phases or sections of planning may include survey of use,
scope, address space, technologies in use, availability,
and support skill set. Emphasize thoroughness and
professionalism. Tell the students that plans become part
of the permanent documentation of the security
infrastructure.

Discussion

IS3220.U9.TS1

Context

VPNs are purposeful holes in corporate security. They can
be very dangerous if the host is compromised. Refer to
the Context section of IS3220.U9.PS1.ppt to cover the
following points:
The general nature and source of VPN
attacks
VPN Security Measures

Also, discuss the importance of home and mobile users to
physically safeguard their VPN-enabled equipment and
keep the systems patched and updated.

Discussion
Presentation

IS3220.U9.PS1

Rationale

Discuss how firewalls and VPNs complement one another.
Some products are fully integrated while others are
stand-alone products that together provide better network
protection. Refer to the Rationale section of
The issues involved with deployment,
placement, and implementation of VPNs in
conjunction with firewalls
VPN implementation choices
VPN appliance
VPN hosts and trust
VPN/firewall security and performance
VPN protection
Discussion
Presentation

IS3220.U9.PS1



Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment
firewall implementation planning.

1% Unit 9.
Discussion 1.
Firewall
Implementation
Planning



P R A C T I C E


Demo Lab


IS3220.
Instructors Lab
Manual

Hands-on
Lab

Refer to IS3220. Instructors Lab Manual for details. Independent
Study

IS3220.
Instructors Lab
Manual

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment


2% IS3220.Instructors
Lab Manual



A P P L Y


Challenge

scenario in Unit 8 Assignment 1. This time, Corporation
Techs wants to set up a new network in a remote office for
an engineering firm. The IT department wants to integrate
the new network set in the remote office with the one set
in the main office. The trigger for this assignment is that
students must create a network security plan for its remote
office.

Lecture

Contributing
Factors

Many factors go into any network plan. Initiate a
discussion on how the students would handle this
situation. An important part of this approach is firewall and
VPN integration, and providing defense in depth to protect
the internal network and assets. Students should carefully
consider the technologies involved and create a security
plan and a network configuration document that indicates
firewall and VPN selections.
Discuss the elements of this summary, which elements
are essential, and which elements could be optional. It is
imperative that the summary should have a professional
look and should be precise.

Discussion

Course of
Action

Once the discussions are over, hand out the assignment
to students and explain the delivery requirements to them.
Given the main challenge and different business
situations, ask the students to design and implement the
most appropriate course of action.

Lecture

IS3220.U9.TS2



Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment
The students will use the scenario in the case study to
identify and finalize the method for creating a remote
office. Students should justify their selection and analyze
the case study from their perspective.


2% Unit 9.
Assignment 1.
Remote Access
Security Plan
and
Documentation

Reminders

(End of Unit 9)



UNIT 10: Network Security Management

Learning Objective
Identify network security management best practices and strategies for responding when security
measures fail.

Key Concepts
Best practices for network security management and their value to the organization
Strategies for integrating network security strategies with firewall defenses and VPN remote
access
The value of incident response planning, testing, and practice

Reading
Stewart, Chapter 6. Network Security Management
Stewart, Chapter 15. Perspectives, Resources, and the Future
NIST SP 800-61: Computer Security Incident Handling Guide
(http://www.nist.gov/customcf/get_pdf.cfm?pub_id=51289)

Keywords
Authentication
Availability
Compliance
Confidentiality
Encryption
Governance
IDS
IPS
Integrity
NAT
Open source
Perimeter
Risk
VPN
Wireless connectivity



Learning Activities

E X P L O R E


Concepts

This section will reiterate best practices for managing
network security. Identify and review various best
practices for the management of network security across
the organization's networked environment. The Concepts
section is divided into two parts:
1. Begin by reviewing the overall strategies and then
moving to devices and connectivity. Highlight that
many of the strategies will also encompass
devices and connectivity concepts. Refer to the
Concepts slide 3-6 section of
IS3220.U10.PS1.ppt. to cover the following points:
Strategies
Devices
Connectivity
2. Refer to the slides 7 and 8 section of
IS3220.U10.PS1.ppt. to cover the following points:
User training
Security awareness

Discussion
Presentation

IS3220.U10.PS
1

Process

In order to ensure that a network remains as secure as
possible over time, it is important to execute network
security assessments, security, and event monitoring on
an ongoing basis. Refer to the Process section of
The process of judging, testing, and evaluating
current state and the steps that can be used to
measure relative security
The execution of ongoing assessments as well as
before and after projects intended to improve
network security
Discussion
Presentation

IS3220.U10.PS
1


The importance of security information and event
monitoring, its functions, and its intended purpose

Roles

There are many choices available when selecting
network-monitoring tools for an environment. Refer to the
Roles section of IS3220.U10.PS1.ppt. to cover the
following points:
Nagios
SmokePing
Groundwork
Ganglia
Cacti
Ntop
Whatsup Gold
Iris

Describe these and other commonly available network
monitoring tools. Spend time examining their value to an
organization.

Discussion
Presentation

IS3220.U10.PS
1

Context

This section is divided in two parts:
1. In the first part, discuss the potential future state of
firewalls and VPNs as part of network security
strategies. Refer to the slide 15 in the Context section
of IS3220.U10.PS1.ppt. to cover the following points:
Threats
Firewall capabilities
Encryption
Authentication
Metrics
Industry focus
Cloud security
Mobile device security
2. Refer to slide 16of IS3220.U10.PS1.ppt to cover the
following points:
Describe the function presented by integration of
firewall and VPN strategies into network security
Discussion
Presentation

IS3220.U10.PS
1.


efforts including the following:
Enhanced threat management
Authentication
Encryption

Discuss at a high level examples of value add of
such as:
Confidentiality
Integrity
Availability

Rationale

their learning. To facilitate the discussion, provide the
students with a handout (IS3220.U10.TS1.doc). Form
groups of students and ask them to first review the
described scenario and then the incident response phases
in the handout. Each phase falls either before, during, or
after an incident occurrence.

Instruct the students to use the information presented in
the handout to determine how effectively the situation was
handled, and then additionally, determine how they would
have handled the incident response before, during, and
after its occurrence. During the discussion identify and
review various strategies for and impacts of incident
response, including planning, midincident, and
postincident roles and responsibilities.

Discussion

IS3220.U10.TS
1

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment
broken into smaller groups to facilitate discussion.

1% Unit 10.
Discussion 1.
Incident
Response
Strategies



P R A C T I C E


Demo Lab


IS3220.
Instructors Lab
Manual

Hands-on
Lab

Study

IS3220.
Instructors Lab
Manual

Summary

% of the total
course grade
Assignment
Requirements

Graded
Assignment

2% IS3220.
Instructors Lab
Manual



A P P L Y


Challenge

scenario in Unit 9 Assignment 1. For details of the
scenario, please refer to the Assignment section. The
premise is that a firewall breach has occurred at
Corporation Techs. The IT security team responded to e-
mail alerts, isolated the incident, and took corrective
actions. The student, as part of the team, must create the
postincident executive summary report for management.

Lecture

Contributing
Factors

Advise the students to research typical executive
summary reports to determine the proper format and level
of detail.

Discuss with them all things to be considered to create a
good summary report. What should be the elements of
this report, which elements are essential, and which
elements could be optional? It is imperative that the report
should have a professional look and should be precise.
Executive management does not want to read copious
technical details

Discussion

Course of
Action

Once the discussions are over, handover the assignment
to students and explain the delivery requirements to them.
Given the main challenge and different business situations
ask students to design and implement the most
appropriate course of action.

Lecture

Summary

% of the total
course grade
Assignment
Requirements


Graded
Assignment
Students must write a clear and concise postincident
executive summary report to be presented to senior
management.

2% Unit 10.
Assignment 1.
Postincident
Executive
Summary
Report

Reminders
Remind students about the Final Exam due next unit.
Remind students that the project is due for submission in the next unit.
Remind students that Unit 10 Assignment 1 is due before the start of next unit's class.

(End of Unit 10)


UNIT 11: Course Review and Final Examination

Part I: Course Review
In this unit, the important concepts covered in the course must be reviewed with the students. The
following is the suggested approach for facilitating this reflective activity:

Recap major instructional areas and critical concepts; emphasize the importance of applying
competencies developed in those areas in real workplace situations.
Explain how the concepts introduced in this course will be used in the future courses in the
program; reiterate conceptual, strategic, and methodological linkages between this course
and other courses in the program.
Invite students to reflect on their learning experience and lessons learned from both content
and process perspectives.
Encourage students to share their thoughts on how they plan to apply knowledge and skills
acquired in this course to advance their career and further studies.
Solicit student feedback on the course content, structure, and delivery; ask what could be
improved in the next version of the course.
Solicit questions and offer clarifications related to the upcoming final examination.
Thank students for their commitment and hard work.

Part II: Final Examination
Final Exam Answer Key

Question
Number
Correct
Answer
Course
Objective
Tested
Reference in Course
Source Page (s)
1. d 1.1
Network Security, Firewalls, and VPNs
N/A
2. d 1.2 N/A
3. b 1.3
Ch. 2, 69
Ch. 4, 121
4. a 1.4 Ch. 2, 65, 69
5. a 1.5 N/A
6. c 2.1 Ch. 1, 6
7. b 2.2 Ch. 1, 9
8. d 2.3 Ch. 1, 12
9. a 2.5 Ch. 2, 44


Question
Number
Correct
Answer
Course
Objective
Tested
Reference in Course
Source Page (s)
10. c 2.4 Ch. 1, 10
11 c 3.1 Ch. 4, 119
12 d 3.2 Ch. 4, 113
13 b 3.3 Ch. 4, 115
14 a 3.4 Ch. 4, 134
15 d 3.5
Ch. 4, 129,
144, 145
16 b 4.1 Ch. 5, 152
17 b 4.2 N/A
18 d 4.3
Ch. 1, 22
Ch. 15
19 c 4.4 Ch. 1
20 c 4.5 Ch. 1
21 a 5.1 Ch. 2, 69
22 d 5.2
Ch. 2, 69, 70,
73
23 c 5.3 Ch. 2, 70, 71
24 a 5.4 Ch. 2, 69
25 c 5.5 Ch. 2, 60, 69
26 c 6.1 Ch. 7, 213
27 a 6.2
Ch. 7, 227,
228
28 b 6.3 Ch. 7, 234
29 b 6.5
Ch. 7, 239,
240
30 d 6.8
Ch. 4, 141
Ch. 8,
261,262
31 d 7.1 Ch. 3, 85
32 d 7.2 Ch. 3, 81
33 c 7.3 Ch. 3, 94
34 a 7.4 Ch. 12, 2-4


Question
Number
Correct
Answer
Course
Objective
Tested
Reference in Course
Source Page (s)
35 c 7.5
Ch. 5, 151
Ch. 6, 198
36 c 8.1 Ch. 5, 166
37 b 8.2 Ch. 5, 152
38 c 8.5
Ch. 1, p. 21
Ch. 5,
171,172
39 b 8.4 Ch. 5, 171
40 a 8.7
Ch. 6, 169,
170
41 b 9.1
Ch. 6, 229-
230
Ch. 9
42 d 9.2 Ch. 9
43 d 9.3
Ch. 2
Ch. 5
44 c 9.4 Ch. 9
45 a 9.7 Ch. 14
46 b 10.2
Ch. 6, 196,
198
47 d 10.4 Ch. 6, 205
48 b 10.5 N/A
49 d 10.7 Ch. 6, 191
50 a 10.2
Ch. 6, 182-
189

Please refer to the Assessment document for detailed instructions for the written examination.

If this course has a lab component as part of the final examination, adequate lab time and space must be
scheduled to accommodate the lab exam.

(End of Unit Plans)
IS3220 Information Technology Infrastructure Security INSTRUCTOR SUPPORT TOOLS


Course Support Tools

The following table provides an index of all instructional materials used in this course to support the
instructors and students work. The file ID column references the documents included in the Course
Support Package that can be downloaded from the Curriculum Database: http://myportal.itt-
tech.edu/faculty/cdb/Pages/default.aspx.

Unit # Title Type Abbreviation File ID
1 Unit 1 Lecture Presentation PS IS3220.U1.PS1
1 Unit 1 Familiar Protocols Text Sheet TS IS3220.U1.TS1
1 Unit 1 Packet Capture Privacy Issues Text Sheet TS IS3220.U1.TS2
2
Unit 2 Roles Involved in Network
Security
Text Sheet TS IS3220.U2.TS1
2 Unit 2 Familiar Domains Text Sheet TS IS3220.U2.TS2
2
Unit 2 Selecting Security
Countermeasures
Text Sheet PS IS3220.U2.TS3
3 Unit 3 Attacker Motivations Text Sheet TS IS3220.U3.TS1
3
Unit 3 Social Engineering Defense
Issues
4
Unit 4 Host-Based vs. Network-Based
IDS/IPS
4
Unit 4 Identify Unnecessary Services
From a Saved Vulnerability Scan
5 Unit 5 Ingress and Egress Filtering Text Sheet TS IS3220.U5.TS1
5
Unit 5 Select the Proper Type of
Firewall
6 Unit 6 Firewall Security Strategies Text Sheet TS IS3220.U6.TS1
7
Unit 7 VPN Policy Development and
Best Practices
IS3220 Information Technology Infrastructure Security INSTRUCTOR SUPPORT TOOLS


Unit # Title Type Abbreviation File ID
7
Unit 7 Create a VPN Connectivity
Troubleshooting Checklist
8 Unit 8 System Hardening Text Sheet TS IS3220.U8.TS1
8
Unit 8 Security Concerns for Local,
Remote, and Mobile Hosts
8
Unit 8 Security Concerns and
Mitigation Strategies
9
Unit 9 Firewall Implementation
Planning
10
Unit 10 Incident Response
StrategiesBefore, During, and After

Tool Codes Legend:
PS = Presentation Slides
TS = Text Sheet
IS = Illustration Sheet
WS = Worksheet
IS3220 Information Technology Infrastructure Security GRADED ASSIGNMENTS


Assessment Tools

This section contains guidelines and assessment criteria that must be applied when evaluating graded
deliverables submitted by students.

UNIT 1 ASSESSMENTS

Unit 1 Discussion 1: Familiar Protocols
Use the following rubric to evaluate students contribution to the discussion process and associated
deliverables:
Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
% of Assignment Grade: 100% 75% 50% 25% 0%
Category: CONTENT
Students explained the
roles of at least three of the
protocols.

Students offered details,
such as the layers
associated with specific
protocols.

Category: METHOD
Students engaged in
discussion of the assigned
topic(s) with at least two of
their peers.

Students supported their
arguments with data and
factual information.

Students provided relevant
citations and references to
support their position on
the issue discussed.



Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Students compared and
contrasted their position
with the perspectives
offered by their peers and
highlighted critical
similarities and differences.

Students offered a
substantive, critical
evaluation of the peers
perspective on the
discussed issue(s) that
were opposite of their own,
and supported their critical
review with data and

Students raised questions
and solicited peer and
instructor input on the
topic(s) discussed.

Students articulated their
positions clearly and
logically.

Students solicited peer and
instructor feedback on their
arguments and
propositions.

Category: REFLECTION
Students covered topical
requirements assigned for
this deliverable.

Students captured critical
points of the discussion.

Students summarized
different perspectives
offered by the discussants.



Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Students summarized 2-3
major learning moments
they experienced during
the discussion.

Students briefly discussed
how their perspectives
changed or got validated
through this discussion.

Students provided
feedback on how the
discussion could be
improved.

Students followed the
submission requirements.

Unit 1 Assignment 1: Clear-Text Data in Packet Trace
Use the following rubric to evaluate the assignment:
Assessment Criteria
Performance Levels
5
TARGET

Met all criteria

4
ACCEPTABLE

Met selected
criteria
3
MINIMAL

Met one criterion
2
UNACCEPTABLE

Submitted
assignment, but did
not meet the
criteria
1
NO
SUBMISSION
Students found the clear-
text password.

Students identified at least
ten main tools.



UNIT 2 ASSESSMENTS

Unit 2 Discussion 1: Familiar Domains
deliverables:
Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Category: CONTENT
Students selected at least
three domains and
associated
countermeasures.

Students offered details,
such as what function the
countermeasure serves.

Category: METHOD
Students engaged in
their peers.






Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Students offered a
perspective on the

topic(s) discussed.

logically.

arguments and
propositions.

this deliverable.


Students summarized

the discussion.



Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION

Students provided
feedback on how the
discussion could be
improved.


Unit 2 Assignment 1: Selecting Security Countermeasures
Assessment Criteria
Performance Levels
5
TARGET

Met all criteria

4
ACCEPTABLE

Met selected
criteria
3
MINIMAL

Met one criterion
2
UNACCEPTABLE

Submitted
assignment, but did
not meet the
criteria
1
NO
SUBMISSION
four security threats the
network expansion poses.

Students researched and
identified the appropriate
countermeasures for the
identified threats.



UNIT 3 ASSESSMENT

Unit 3 Discussion 1: Social Engineering Defense Issues
deliverables:
Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Category: CONTENT
one social engineering
attack for each technique.

one security awareness
training solution to offset
each attack.

Category: METHOD
Students engaged in
their peers.






Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Students offered a
perspective on the

topic(s) discussed.

logically.

arguments and
propositions.

this deliverable.


Students summarized

the discussion.



Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION

Students provided
feedback on how the
discussion could be
improved.




UNIT 4 ASSESSMENTS

Unit 4 Discussion 1: Host-Based vs. Network-Based IDSs/IPSs
deliverables:
Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Category: CONTENT
Students recognized
resources that can be
consumed when
tuning/training an intrusion
system.

Students recognized
resources that can be
consumed during normal
operation of an intrusion
system.

Students correctly
identified the encryption
issue surrounding the
effectiveness of an NIDS.

Category: METHOD
Students engaged in
their peers.





Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION

Students offered a
perspective on the

topic(s) discussed.

logically.

arguments and
propositions.

this deliverable.


Students summarized



Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
the discussion.


Students provided
feedback on how the
discussion could be
improved.


Unit 4 Assignment 1: Identify Unnecessary Services from a Saved Vulnerability
Scan
Assessment Criteria
Performance Levels
5
TARGET

Met all criteria

4
ACCEPTABLE

Met selected
criteria
3
MINIMAL

Met one criterion
2
UNACCEPTABLE

Submitted
assignment, but did
not meet the
criteria
1
NO
SUBMISSION
identified at least three
unnecessary services that
may typically run on a Web
server?



UNIT 5 ASSESSMENTS

Unit 5 Discussion 1: Ingress and Egress Filtering
deliverables:
Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Category: CONTENT
roles of both network
directions, inbound and
outbound.

Students explained how
protective isolations
provide security.

Students offered details
such as why you isolate
external and internal traffic.

Category: METHOD
Students engaged in
their peers.






Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Students offered a
perspective on the

topic(s) discussed.

logically.

arguments and
propositions.

this deliverable.


Students summarized

the discussion.



Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION

Students provided
feedback on how the
discussion could be
improved.




Unit 5 Assignment 1: Select the Proper Type of Firewall
Assessment Criteria
Performance Levels
5
TARGET

Met all criteria

4
ACCEPTABLE

Met selected
criteria
3
MINIMAL

Met one criterion
2
UNACCEPTABLE

Submitted
assignment, but did
not meet the
criteria
1
NO
SUBMISSION
Students selected the right
type of firewall/filtering to
use.

identified how firewalls and
filters protect against
malicious network behavior
at all layers of the OSI
reference model.



UNIT 6 ASSESSMENT

Unit 6 Discussion 1: Firewall Security Strategies
deliverables:
Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Category: CONTENT
Students selected at least
three strategies and cited
content to support their
recommendations.

Students discussed
relevant details, such as
the top priority of data
integrity and the budgetary
restrictions that exist.

Category: METHOD
Students engaged in
their peers.






Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Students offered a
perspective on the

topic(s) discussed.

logically.

arguments and
propositions.

this deliverable.


Students summarized

the discussion.




Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Students provided
feedback on how the
discussion could be
improved.




UNIT 7 ASSESSMENTS

Unit 7 Discussion 1: Developing a VPN Policy and Enforcing VPN Best Practices
deliverables:
Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Category: CONTENT
Students explained
acceptable and
unacceptable forms of use.

Students explained how
policies establish security
practices and procedures.

such as why policies cover
various aspects of VPNs.

Category: METHOD
Students engaged in
their peers.






Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Students offered a
perspective on the

topic(s) discussed.

logically.

arguments and
propositions.

this deliverable.


Students summarized

the discussion.



Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION

Students provided
feedback on how the
discussion could be
improved.


Unit 7 Assignment 1: Create a VPN Connectivity Troubleshooting Checklist
Assessment Criteria
Performance Levels
5
TARGET

Met all criteria

4
ACCEPTABLE

Met selected
criteria
3
MINIMAL

Met one criterion
2
UNACCEPTABLE

Submitted
assignment, but did
not meet the
criteria
1
NO
SUBMISSION
Students identified relevant
steps in the VPN
connectivity
troubleshooting process.

Students created a clear
and concise checklist that
addresses VPN end-to-end
connectivity and the
underlying infrastructure.



UNIT 8 ASSESSMENTS

Unit 8 Discussion 1: System Hardening
deliverables:
Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Category: CONTENT
Students discussed their
experience with formal
hardening guidelines and
standards.

such as what function the
strategy serves.

Category: METHOD
Students engaged in
their peers.






Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Students offered a
perspective on the

topic(s) discussed.

logically.

arguments and
propositions.

this deliverable.


Students summarized

the discussion.



Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION

Students provided
feedback on how the
discussion could be
improved.


Unit 8 Assignment 1: Security Concerns and Mitigation Strategies
Assessment Criteria
Performance Levels
5
TARGET

Met all criteria

4
ACCEPTABLE

Met selected
criteria
3
MINIMAL

Met one criterion
2
UNACCEPTABLE

Submitted
assignment, but did
not meet the
criteria
1
NO
SUBMISSION
one personally significant
networked technology.

identified three appropriate
threats associated with the
technology.

Students provided a
mitigation strategy for each
identified threat.



UNIT 9 ASSESSMENTS

Unit 9 Discussion 1: Firewall Implementation Planning
deliverables:
Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Category: CONTENT
Students showed creativity
when reflecting on potential
issues (vulnerabilities,
abuses, mistakes) around
various strategies and
deployments.

Students identified the
ways firewalls and VPNs
can sometimes hinder
legitimate traffic if not set
up correctly.

Students discussed
troubleshooting and
problem detection.

Category: METHOD
Students engaged in
their peers.





Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION

Students offered a
perspective on the

topic(s) discussed.

logically.

arguments and
propositions.

this deliverable.


Students summarized

the discussion.



Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION

Students provided
feedback on how the
discussion could be
improved.


Unit 9 Assignment 1: Remote Access Security Plan and Documentation
Assessment Criteria
Performance Levels
5
TARGET

Met all criteria

4
ACCEPTABLE

Met selected
criteria
3
MINIMAL

Met one criterion
2
UNACCEPTABLE

Submitted
assignment, but did
not meet the
criteria
1
NO
SUBMISSION
four different ways to
protect digital assets with a
defense-in-depth approach.

Students explained at least
three methods to protect
corporate digital assets
from the potential threats
the host-to-gateway VPN
would introduce.

overall network topology.



UNIT 10 ASSESSMENTS

Unit 10 Discussion 1: Incident Response Strategies
deliverables:
Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Category: CONTENT
Students recognized all six
phases.

Students reported on the
role of each of the incident
response team members.

Category: METHOD
Students engaged in
their peers.






Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION
Students offered a
perspective on the

topic(s) discussed.

logically.

arguments and
propositions.

this deliverable.


Students summarized

the discussion.



Assessment Criteria
Performance Levels
5
TARGET

Fully met
requirements in all
3 categories

4
ACCEPTABLE

Partially met
requirements in all
3 categories
3
MINIMAL

Partially met
requirements in
1-2 categories
2
UNACCEPTABLE

Completed
assignment,
but did not meet
requirements
1
NO
SUBMISSION

Students provided
feedback on how the
discussion could be
improved.


Unit 10 Assignment 1: Postincident Executive Summary Report
Assessment Criteria
Performance Levels
5
TARGET

Met all criteria

4
ACCEPTABLE

Met selected
criteria
3
MINIMAL

Met one criterion
2
UNACCEPTABLE

Submitted
assignment, but did
not meet the
criteria
1
NO
SUBMISSION
Students included all six
incident response phases
in their executive summary
report.

Students displayed an
understanding of firewall
strategies when discussing
corrective options in the
report.

Students concisely and
clearly summarized
information so that an
executive can easily
absorb the material.

Is3220 Ig

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Is3220 Ig

Uploaded by

Copyright:

Available Formats

IS3220 Information Technology

You might also like