Cryptography has a variety of roles to play within the network security. It is given that mathematicians have already developed sophisticated cryptographic primitives, protocols and algorithms. Engineers have realised these protocols and made them available on a range of platforms: dedicated crypto-hardware, network infrastructure device, and general purpose computer. In this module, the focus is on how these cryptographic implementations are used to protect data in transit. The properties and uses of cryptographic hashes will be analysed in the course. Particular attention will be given to their role in assuring data integrity.
Ethernet LANs, inter-networking via IPv4, transport TCP and UDP protocols, and application DNS and HTTP protocols will be thoroughly covered, supported by extensive analysis of traffic flows using visualisation tools such as Wireshark. Core concepts of cyber security (confidentiality, integrity, availability, identity, authentication, freshness, and authorisation) will be introduced in the contexts of several, generic asset configurations and potential threats (malware, phishing, social engineering, and man-in-the-middle).
Principal Learning Outcomes
On successful completion of the module a student will be able to:
• Use terminology appropriately to describe important concepts relating to network security.
• Critically evaluate the configuration of network security devices.
• Critically analyse a network configuration (using tools as appropriate) to identify its security posture.
• Apply appropriate network security re-mediation (including re-design of poorly zoned networks, introduction of missing security devices and re-configuration of mis-configured devices) to achieve a desired security posture.