Course Network Security Essentials - korachi-9090/wiki GitHub Wiki
Course: Network Security Essentials
This course introduces the fundamental concepts, tools, and techniques used to secure network infrastructure in small to medium-sized environments. Students will gain hands-on experience implementing a variety of security controls including firewalls, VPNs, intrusion detection systems, and traffic analysis tools.
Course Overview
Course Code: CIS 274
Credits: 5
Format: 30% Lecture / 70% Lab-Based
Duration: 10 Weeks
Primary Lab: Build a complete secured network with pfSense, VPN, and IDS implementation
This hands-on course focuses on practical implementation of network security controls using industry-standard tools and best practices. Students will learn to deploy and configure pfSense as a firewall/router, set up VPN tunnels, implement intrusion detection systems, and analyze network traffic for security threats.
Course Modules
- Network Security Fundamentals
- Firewall Implementation
- Network Address Translation and Port Forwarding
- Virtual Private Networks
- Intrusion Detection Systems
- Traffic Analysis and Packet Inspection
- Secure Network Design
Weekly Breakdown
Week 1: Introduction to Network Security Concepts
- CIA triad (Confidentiality, Integrity, Availability)
- Defense in depth strategies
- Security zones and network segmentation
- DMZ implementation concepts
- Lab: Security Zones and DMZ Mapping
Week 2: Introduction to pfSense Firewall
- pfSense architecture and features
- Installation and initial setup
- Interface configuration
- Dashboard and monitoring
- Lab: pfSense Installation and Configuration
Week 3: Firewall Rules and NAT
- Firewall rule creation and evaluation order
- Best practices for firewall policy design
- Network Address Translation (NAT) concepts
- Port forwarding implementation
- Lab: Firewall Rules and NAT Configuration
Week 4: DHCP, DNS, and Logging in pfSense
- DHCP server configuration
- DNS resolver/forwarder setup
- System and service logs
- Log analysis and monitoring
- Lab: Network Services and Logging
Week 5: VPN Technologies Overview
- VPN concepts and protocols
- OpenVPN architecture
- Client configuration and distribution
- Authentication methods
- Lab: OpenVPN Remote Access Configuration
Week 6: IPsec VPN Implementation
- IPsec protocols and modes
- Site-to-site VPN design
- Tunnel configuration
- Troubleshooting VPN connections
- Lab: Site-to-Site IPsec VPN Setup
Week 7: Intrusion Detection Concepts
- IDS vs. IPS technologies
- Signature-based detection
- Anomaly-based detection
- Snort/Suricata architecture
- Lab: IDS Implementation with Snort
Week 8: Network Traffic Analysis
- Packet capture techniques
- Protocol analysis with Wireshark
- Traffic baseline establishment
- Identifying suspicious traffic patterns
- Lab: Traffic Capture and Analysis
Week 9: Secure Network Design
- Network architecture best practices
- Security control selection and placement
- Documentation standards
- Risk assessment considerations
- Lab: Secure Network Design Project
Week 10: Final Project and Review
- Integration of security components
- Testing and validation techniques
- Security assessment reporting
- Lab: Comprehensive Network Security Implementation
Learning Outcomes
By the end of this course, you will be able to:
- Explain core network security concepts including the CIA triad, defense in depth, and access control
- Install and configure pfSense as a multi-purpose network security appliance
- Create and manage firewall rules based on security policy requirements
- Implement Network Address Translation (NAT) and port forwarding securely
- Configure and troubleshoot both OpenVPN and IPsec VPN tunnels
- Deploy intrusion detection systems using Snort or Suricata
- Analyze network traffic to identify potential security threats
- Apply network hardening techniques to reduce the attack surface
- Design network topologies with appropriate security zones and controls
- Document security implementations with proper diagrams and configuration details
Key Terms
- CIA Triad
- Defense in Depth
- Firewall
- Network Address Translation
- Virtual Private Network
- Intrusion Detection System
- Demilitarized Zone
- Access Control List
- OpenVPN
- IPsec
Lab Exercises
- Security Zones and DMZ Mapping
- pfSense Installation and Configuration
- Firewall Rules and NAT Configuration
- Network Services and Logging
- OpenVPN Remote Access Configuration
- Site-to-Site IPsec VPN Setup
- IDS Implementation with Snort
- Traffic Capture and Analysis
- Secure Network Design Project
- Comprehensive Network Security Implementation
Required Tools
- pfSense firewall/router platform
- VirtualBox or VMware for virtualization
- Snort or Suricata for intrusion detection
- Wireshark for packet capture and analysis
- OpenVPN and IPsec for VPN tunneling
Assessment Components
- Weekly Labs & Security Reports (40%)
- Midterm Practical - pfSense Firewall Setup (20%)
- Final Project - Secured Network Build (30%)
- Participation & Lab Engagement (10%)
Certification Alignment
This course content aligns with portions of the CompTIA Security+ and CySA+ certification exams, particularly in the areas of network security, firewalls, VPNs, and intrusion detection systems.
Additional Resources
- pfSense Documentation
- Snort Rule Writing Guide
- Wireshark Packet Analysis Tutorial
- VPN Troubleshooting Guide
- Network Security Design Patterns
Back to Quarter 2 | Previous Course: Cisco Networking II | Next Course: Windows Server Fundamentals