SECTION A - Curse Infrmatin 1. Curse ID: 2. Curse Title: 3. Divisin: 4. Department: 5. Subject: 6. Shrt Curse Title: 7. Effective Term:: CISS 23L Netwrk Analysis, Intrusin Detectin/Preventin Systems Labratry Business Divisin Cmputer Infrmatin Systems Department Cmputer Infrmatin Systems: Security Ntwk Analysis IDS/IPS Lab Summer 2013 SECTION B - Official Curse Infrmatin 1. Recmmended Class Size: a. Maximum Class Size: 36 b. Class Size Apprval Date: 2. Methd f Instructin: Lecture þ Labratry Lecture and Labratry Wrk Experience, Occupatinal Wrk Experience, General Open Entry/Exit Independent Studies Distance Learning (Distance Educatin Delayed) fr nline curses. Distance (Hybrid Online) fr nline supprted curses 3. Cntact Hurs fr a Term: Nte: If nt a variable unit/hur curse, enter the hurs in the "Lw" clumn nly. Leave the hurs in the "High" clumn blank. Lw High Lecture: T Lab: 27.00 T Lab/Lecture Parity? Yes þ N Activity: T Clinical: T Ttal Hurs 27 T 4. Credit Units: 0.50 T 1 Unit f credit per eighteen (18) hurs f lecture cntact hurs fr a term 1 Unit f credit per fifty-fur (54) hurs f lab, activity r clinical cntact hurs fr a term 5. Taxnmy f Prgrams (TOPS) Infrmatin: a. TOPS Cde and Curse Prgram Title: Page 1 f 5
070810 - *Cmputer Netwrking b. Curse Cntrl Number: (T be entered by the Instructin Office Only.) 6. SAM Pririty Cde:(Select One) þ Apprenticeship Curses ffered t apprentices nly. Advanced Occupatinal Curses taken in the advanced stages f an ccupatinal prgram. Each B level curse must have a C level prerequisite in the same prgram area. Clearly Occupatinal Curses taken in the middle stages f an ccupatinal prgram. Shuld prvide the student with entry-level jb skills. Pssibly Occupatinal Curses taken in the beginning stages f an ccupatinal prgram. Nn-Occupatinal 7. Please place this curse int the apprpriate discipline by selecting frm the drp dwn list. The discipline placement indicates what preparatin is needed t teach the curse. Discipline faculty may place their curses int mre than ne discipline as apprpriate: Cmputer Infrmatin Systems 8. General Curse Infrmatin a. Curse Credit Status: b. State Transfer Cde: c. State Classificatin Cde: d. Basic Skills Status/Level: e. Sprts/Physical Educatin Curse: D Credit Degree Applicable B Transferable, CSU/Private I Career-Technical Educatin N Nt a Basic Skills Curse Yes ( Only check here if the curse is a physical educatin curse.) f. Grading Methd: g. Number f repeats allwed: Letter Grade Only Nn-repeatable Credit (equates t 0 repeats) h. Overlap/Duplicate Curse: 9. Curse Preparatin: Nte: If this curse has a new requisite, a cntent review supplemental frm must be cmpleted. Prerequisite Page 2 f 5
Crequisite CISS 23 Advisry Nne 10. Curse Special Designatrs 11. Curse Prgram Status þ Prgram Applicable Stand-alne 12. Funding Agency Categry: Nt Applicable Primarily develped using ecnmic develpment funds Partially develped using ecnmic develpment funds SECTION C - Transfer Status Baccalaureate Status is granted by the Educatinal Design General Educatin and Baccalaureate Level Subcmmittee. þ CSU Transferable Apprval Date: UC Transferable SECTION D - General Educatin Request Mt. San Antni Cllege and CSU General Educatin curse apprval are submitted t the Educatinal Design GE and BL Subcmmittee fr apprval. 1. The Articulatin Officer submits the curse directly t the CSU Chancellr fr apprval. 2. Upn receiving apprval, the curse is apprved fr the Mt. SAC Assciate Degree GE and placed in the area(s) CSU apprval indicate(s). Yes N Apprved fr inclusin n Mt. SAC and CSU General Educatin List? 1. Mt SAC General Educatin Applicability: 2. CSU General Educatin Applicability (Requires CSU apprval): 3. IGETC Applicability (Requires CSU/UC apprval): Page 3 f 5
SECTION E - Curse Cntent 1. Curse Descriptins a. Catalg Descriptin Labratry curse using WireShark, Netflw netwrk analyzer, and cmputer frensic tls t trublesht netwrk prblems and mnitr netwrk traffics. Detect and blck netwrk attacks with standalne Cisc Intrusin Detectin Systems and Intrusin Preventin Systems (IDS/IPS), integrated Cisc Adaptive Security Appliance (ASA) IPS, Linux Snrt and Windws IDS/IPS. Student must be enrlled in CISS 23, a cncurrent lecture c-requisite. b. Class Schedule Descriptin: þ Yes N Is a curse descriptin t be printed in the Class Schedule? Hands-n labs t trublesht & mnitr netwrk. Detect & blck netwrk attack with IPS. Student must take CISS 23 cncurrently. 2. Curse Outline Infrmatin a. Lecture Tpical Outline: b. Lab Tpical Outline: - Capture and analyze Internet Cntrl Message Prtcl (ICMP), Address Reslutin Prtcl (ARP), Transmissin Cntrl Prtcl (TCP), User Datagram Prtcl (UDP), Secure Shell (SSH), Telnet, Pst Office Prtcl 3 (POP3), and Simple Mail Transfer Prtcl (SMTP) packets - Explit NMAP (netwrk Mapper) and NetScan TCP prbe with Wireshark sniff filter - Perfrm DNS (Dmain Name Service) ICMP attacks with Cisc firewall intrusin detectin and syslg analysis - Deply and install Netflw netwrk analyzer and frensic tls - Deply WireShark as sniffer t trubleshting slw netwrk prblem - Install IDS/IPS virtual images and fix netwrk cnnectivity prblem with Wireshark - Deply Linux in virtualizatin netwrk - Craft Slammer packet with packet builder, write Slammer Snrt rule, and launch Slammer attack - Attack Windws system and fllw instance handling plicy t mitigate the attack - Cnfigure SnrtSam real time respnse t blck attack - Cnfigure standalne Cisc ASA - Cnfigure integrated Cisc ASA IPS - Design Cisc IPS sensr, rule writing, prmiscuus mnitring and in line respnding system - Setup and cnfigure Cisc IDS/IPS with in line attacker blcking features - Launch attack n Cisc IPS sensr and Linux pfsense with Snrt sensr t bserve the result - Final exam 3. Curse Measurable Objectives: 1. Implement a sund netwrk IDS/IPS. 2. Write Cisc IPS rules and cnfigure Cisc IPS in line respnse. 3. Perfrm Netwrk Prtcl Analysis. 4. Use WireShark t capture and analyze netwrk packets. 5. Use apprpriate prtcl analyzers and IDS/IPS as security tls t detect netwrk attacks and trublesht netwrk prblems. Page 4 f 5
4. Curse Methds f Evaluatin: Categry 1. Substantial written assignments fr this curse include: Nne. If the curse is degree applicable, substantial written assignments in this curse are inapprpriate because: Primary fcus f the curse is IDS/IPS sensr deplyment and netwrk prblem slving skills. The Snrt and Cisc IPS certificatin exams are cmputer based multiple chices and hands-n lab simulatins. Categry 2. Cmputatinal r nn-cmputatinal prblem slving demnstratins: Use Wireshark packet capture and analysis t slve netwrk prblems Respnd t netwrk attacks based n instance handling plicies Categry 3. Skills Demnstratins: Cnstruct Slammer packet with packet builder, write Slammer Snrt rule, and launch Slammer attack Cnfigure Cisc and Linux Intrusin Preventin System with real time respnse t blck attack Categry 4. Objective Examinatins: 5. Sample Assignments: 1. Capture Telnet and SSH data stream using Wireshark, and analyze the packet detail fr user name and passwrd breach. 2. Craft Slammer packet with packet builder and launch attack t Cisc IPS and Linux Snrt IDS systems. 3. Deply Linux in virtualizatin netwrk and install pssense Snrt IPS. 6. Representative Text: Bk 1: Authr: Title: Publisher: Date f Publicatin: Editin: Jim Gau CISS23L Class ntes and On line Lab Exercises August 2012 Versin 12 Page 5 f 5