||Covers both network management and network security. Network management will include the design of LAN-based networks, including spanning tree protocols, bridge learning protocols, virtual LANs, and Ethernet switches, and the security of switches and routers. Network management protocols will be covered in depth including switch and router management information bases, as well as associated SNMP protocols, and network monitoring tools. The second half of the class will focus on network security. In order to understand the network security problem, the security section will begin with a review of various forms of network attacks. We then turn to network-side security management including both passive measures like firewall defense schemes including packet filters and bastion hosts. Newer secure protocols will then be covered including network-layer security and various application-layer secure protocols.
||Upon the successful completion of this course students will be able to: Program a cryptographic security protocol using authentication and encryption. Describe architectural tradeoffs for security in terms of network architecture. Describe how asymmetric cryptography can be used with email. Analyze trade-offs between secure network protocols at various network stack layers. Describe the major paradigms in network-based attacks including buffer overflows, email viruses, and Denial Of Service attacks. Describe the construction of a symmetric key-based Key Distribution Center protocol. Explain the internal architecture for Secure Shell, SSL, Kerberos, and 802.11i. Analyze the problems with weak authentication schemes like IP addresses, and MAC addresses. Improve the defense of various network/host functions. Compare and contrast Layer-3 based firewalls with Layer-7 based application firewalls and other firewall variations. Determine the pros and cons of various network security tools.