| Study programme competencies |
| Code | Study programme competences |
| A2 | CE2 - Deep knowledge of cyberattack and cyberdefense techniques |
| A4 | CE4 - To understand and to apply the methods and tools of cybersecurity to protect data and computers, communication networks, databases, computer programs and information services |
| A8 | CE8 - Skills for conceive, design, deploy and operate cybersecurity systems |
| A12 | CE12 - Knowledge of the role of cybersecurity in the design of new industrial processes, as well as of the singularities and restrictions to be addressed in order to build a secure industrial infrastructure |
| B2 | CB2 - Students will be able to apply their knowledge and their problem-solving ability in new or less familiar situations, within a broader context (or in multi-discipline contexts) related to their field of specialization |
| B4 | CB4 - Students will learn to communicate their conclusions ---and the hypotheses and ultimate reasoning in their support--- to expert and nonexpert audiences in a clear and unambiguous way |
| B5 | CB5 - Students will apprehend the learning skills enabling them to study in a style that will be selfdriven and autonomous to a large extent |
| B6 | CG1 - To have skills for analysis and synthesis. To have ability to project, model, calculate and design solutions in the area of information, network or system security in every application area |
| B8 | CG3 - Capacity for critical thinking and critical evaluation of any system designed for protecting information, any information security system, any system for network security or system for secure communication |
| C4 | CT4 - Ability to ponder the importance of information security in the economic progress of society |
| Learning aims | |||
| Learning outcomes | Study programme competences | ||
| They will understand the role of a firewall in the security strategy of a final device or the network it protects. | AJ2 AJ8 |
BJ2 BJ6 |
|
| They will be able to describe what the access policies are and to design / specify the set of them that a scenario or particular case requires. | AJ8 AJ12 |
BJ2 BJ4 BJ6 BJ8 |
CJ4 |
| They will know the different types of packet filtering (stateful/stateless) and application-level firewalls, and they will know how to configure them on different platforms. | AJ2 |
BJ6 BJ8 |
|
| They can design and describe, for a specific scenario / topology, alternative configurations to place the firewall within the corporate network (bastion, DMZ, distributed firewall) | AJ8 |
BJ2 BJ6 BJ8 |
|
| They will be able to describe the basic principles that underlie intrusion detection, the common sensors they use for information collection, and the analysis techniques (anomaly detection versus heuristic detection) that decide when to trigger an alarm. They will know possible technical solutions (HIDS / NIDS, IPS, SIEM, honeypot), which they will know how to install and configure for some platforms and particular implementations | AJ2 AJ8 |
BJ6 BJ8 |
|
| They will be familiar with the concepts of tunneling and network virtualization, and will be able to choose and implement the most appropriate virtual private network technology for different scenarios | AJ2 AJ4 |
BJ6 |
|
| They can explain the principles on which anonymous networks are built | AJ2 |
BJ4 BJ5 |
CJ4 |
| Contents |
| Topic | Sub-topic |
| 1. Secure Networks Design | 1.1. Enterprise Network Architectures 1.2. Design Patterns 1.3. Perimetral Security Approaches 1.4. BYOD Approaches |
| 2.- Network Devices Hardening | 2.1. Internal Architecture of Network Devices 2.2. Protecting Data Plane 2.3. Protecting Control Plane 2.4. Protecting Management Plane |
| 3. Firewalls | 3.1. Static Packet Filtering 3.2. Dynamic Packet Filtering 3.3. Application-level Filtering 3.4. Zone-based Firewalls 3.5. Next-Generation Firewalls 3.6. NAT/NATP |
| 4. IDS/IPS | 4.1 Network-based Systems 4.2 Host-based Systems |
| 5. Proxies | 5.1 Proxy Management 5.2 Reverse proxy 5.3 Transparent proxy 5.4 Anonymous Networks |
| 6. Monitoring | 6.1 Syslog 6.2 SNMP 6.3 Netflow 6.4 SIEM |
| 7. VPN Deployment | 7.1 IPsec based VPNs 7.2 SSL based VPNs 7.3 MPLS based VPNs |
| 7. Implantación de VPNs | 7.1 VPNs baseadas en IPsec 7.2 VPNs baseadas en SSL 7.3 VPNs baseadas en MPLS |
| Planning | ||||
| Methodologies / tests | Competencies | Ordinary class hours | Student’s personal work hours | Total hours |
| ICT practicals | A2 A8 B2 B5 B6 | 21 | 52.5 | 73.5 |
| Objective test | A8 B2 B4 B6 B8 | 3 | 0 | 3 |
| Supervised projects | B4 B6 B8 | 0.5 | 10 | 10.5 |
| Guest lecture / keynote speech | A2 A4 A8 A12 B8 C4 | 21 | 42 | 63 |
| Personalized attention | 2 | 0 | 2 | |
| (*)The information in the planning table is for guidance only and does not take into account the heterogeneity of the students. | ||||
| Methodologies |
| Methodologies | Description |
| ICT practicals | In which the student will observe the operation in practice of some of the theoretical contents explained in the lectures. In these practices, the student will use different tools (network equipment, network simulators, monitoring tools, etc.) proposed by the professors, which will allow them to deepen and strengthen their knowledge on different aspects of network security. In addition to the basic practices that all students will have to do, additional practices that interested students can do optionally will be proposed. |
| Objective test | At the end of the exposition of the subject, a test type will be carried out that will allow to assess the theoretical knowledge and practical skills acquired during the evolution of the course. |
| Supervised projects | Proposal of works for their individual and non-face-to-face resolution by the students. These works will be optional and will allow students interested in doing them, to deepen aspects of the agenda that are of special interest to them and that could not be dealt with in sufficient detail during the lectures. |
| Guest lecture / keynote speech | In which the theoretical content of the syllabus will be exposed, including illustrative examples and with the support of audiovisual media. The student will have the support material (notes, copies of the slides, articles, etc.) beforehand and the teacher will promote an active attitude, recommending the previous reading of the topics to be discussed each day in class, as well as asking questions that allow to clarify concrete aspects and leaving open questions for the reflection of the student. The master sessions will be complemented with conferences that will bring an external expert to discuss a topic in greater depth. |
| Personalized attention |
|
|
| Assessment | |||
| Methodologies | Competencies | Description | Qualification |
| ICT practicals | A2 A8 B2 B5 B6 | The subject's practices will consist of different activities related to the design and implementation of Secure Networks. A defense of the practices will be carried out to assess the level of understanding and the work developed by the student | 45 |
| Objective test | A8 B2 B4 B6 B8 | At the end of the exposition of the subject, there will be an objective test type test on the contents, both in the theoretical sessions and in the practical sessions. | 45 |
| Supervised projects | B4 B6 B8 | The tutored works will be optional and on some subject to be arranged between the student and the teacher | 10 |
| Assessment comments | |||
|
To pass the subject, it will be necessary to obtain a minimum of 40% of the total mark in the objective test and in the practices. Otherwise, the maximum note that can be obtained is 4.5. |
|||
| Sources of information |
| Basic |
Anthony Bruno; Steve Jordan (2016). CCDA 200-310 Official Cert Guide, Fifth Edition. Chapter 12. Managing Security. Cisco Press
Anthony Bruno; Steve Jordan (2016). CCDA 200-310 Official Cert Guide, Fifth Edition. Chapter 12. Managing Security. Chapter 13. Security Solutions. Cisco Press
Omar Santos, John Sutppi (2015). CCNA Security 210-260 Official Cert Guide. Cisco Press |
|
|
|
| Complementary |
Wendell Odom (2016). CCENT/CCNA ICND1 100-105 Official Certification Guide. Cisco Press
Wendell Odom (2019). CCNA Routing and Switching ICND2 Official Cert Guide. Cisco Press
Marwan Al-shawi; André Laurent (2016). Designing for Cisco Network Service Architecture (ARCH) Foundation Learning Guide. Chapter 22. Designing Security Services and Infrastructure Protection. Cisco Press
Marwan Al-shawi; André Laurent (2016). Designing for Cisco Network Service Architecture (ARCH) Foundation Learning Guide. Chapter 23. Designing Firewall and IPS Solutions. Cisco Press
Marwan Al-shawi; André Laurent (2016). Designing for Cisco Network Service Architecture (ARCH) Foundation Learning Guide. Chapter 25. Network Access Control Solutions. Cisco Press
Kulbir Saini (2011). Squid Proxy Server 3.1 Beginner's Guide. Packt Publishing |
|
|
| Recommendations | |
| Subjects that it is recommended to have taken before |
| Subjects that are recommended to be taken simultaneously | |
|
| Subjects that continue the syllabus | |
|
| Other comments | |