doc. Ing. Jan Jeřábek, Ph.D.

Department of Telecommunications (UTKO)

The graduate is able to:
- list the various network threats and attacks and provide their basic characteristics,
- compare two basic AAA protocols,
- select and configure an appropriate security strategy for the network,
- Prepare configuration of secure routing, switching,
- Configure the IPsec VPN network including a description of the required cryptographic protocols,
- operate the Cisco ASA firewall and use it to secure the network.
Course covers the same skills that are validated in the CCNA Security certification exam 210-260.

Student, which is going to attend this course, should be able to: - use several numeral systems and conversions between them, - explain and use elementary units common in area of information and communication technologies (ICT), e.g. data size, transmission speed, - use elementary terms from ICT area, e.g. operating system, memory, process, - describe architecture of basic network models, i.e. TCP/IP and ISO/OSI, - describe basic application protocols for user data transfer from TCP/IP suite, - configure devices and protocols used on local-area level on Cisco CCNA knowledge level. One of the three following conditions is required: Completed XCA2 course at FEEC BUT, or valid CCNA 200-125 certification or newer, or successfully finished CCNA4 (CCNA Routing and Switching: Connecting Networks 6.0) or newer, even at another Cisco Academy.

Not applicable.

Not applicable.

Santos O., Stuppi J.: CCNA security 210-260: official cert guide, Cisco press, 570 stran, 2015. ISBN 978-1-58720-566-8. (EN)
Přednáškové prezentace v angličtině dostupné studentům předmětu zdarma. (EN)
Elektronické interaktivní materiály přístupné na portálu Cisco Academy Online, dostupné pro studenty předmětu zdarma. (EN)

Teaching methods include practical laboratories. Course is taking advantage of e-learning (Moodle) system.

Up to 11 points from partial tests.
Up to 19 points from final theoretical test.
Up to 70 points from final practical exam.
The exam from the course will take place in person and/or remotely.

Czech

Not applicable.

1. Principles of network security, network threats and attacks. Design of secure network.
2. Securing of administrative access to router.
3. Configuration of Authentication, Authorization and Accounting (AAA) on Cisco devices. Authentication with RADIUS and TACACS+ services.
4. Use of Cisco IOS Firewall technologies - packet filters, control of application protocols, advanced filtering with ACLs, zone-based firewall.
5. Intrusion Prevention System (IPS) on routers.
6. Securing of L2 devices (switches).
7. Cryptography for VPN network - symmetric and asymmetric ciphers.
8. Configuration of IPsec VPN networks.
9. Basics of configuration of Cisco ASA firewalls based on CLI.
10. Basics of configuration of Cisco ASA firewalls based on ASDM.
11. Comprehensive configuration of network with Cisco ASA firewall, case study 1.
12. Comprehensive configuration of network with Cisco ASA firewall, case study 2.
13. Final theoretical exam, final practical exam.

The aim of the course is to provide students with a comprehensive orientation in the field of security of network active devices. In addition to the theoretical concepts, they will be familiar with Authentication, Authorization and Accounting (AAA) technology, ways of setting security on routers and also second layer devices. They will learn how to configure Virtual Private Network (VPN) networks and use Intrusion Prevention Systems (IPS) that can be used as an extension of Cisco Operating Systems (IOS). Students will also be introduced to the Cisco Adaptive Security Appliance (ASA) firewalls.

Attendance on laboratories is compulsory, properly excused laboratories can be filled after talking to the lecturer.

• Programme IBEP-TZ Bachelor's

  branch TZ-IBP , 1. year of study, summer semester, 3 credits, elective
  branch TZ-IBP , 2. year of study, summer semester, 3 credits, elective
  branch TZ-IBP , 3. year of study, summer semester, 3 credits, elective
  

• Programme EEKR-M1 Master's

  branch M1-BEI , 1. year of study, summer semester, 3 credits, general knowledge
  branch M1-TIT , 1. year of study, summer semester, 3 credits, general knowledge
  branch M1-KAM , 1. year of study, summer semester, 3 credits, general knowledge
  branch M1-EVM , 1. year of study, summer semester, 3 credits, general knowledge
  branch M1-EST , 1. year of study, summer semester, 3 credits, general knowledge
  branch M1-MEL , 1. year of study, summer semester, 3 credits, general knowledge
  branch M1-SVE , 1. year of study, summer semester, 3 credits, general knowledge
  branch M1-EEN , 1. year of study, summer semester, 3 credits, general knowledge
  

• Programme IBEP-V Master's

  branch V-IBP , 1. year of study, summer semester, 3 credits, general knowledge
  

• Programme EEKR-M1 Master's

  branch M1-TIT , 2. year of study, summer semester, 3 credits, general knowledge
  branch M1-EST , 2. year of study, summer semester, 3 credits, general knowledge
  

• Programme IBEP-V Master's

  branch V-IBP , 2. year of study, summer semester, 3 credits, general knowledge
  

52 hours, compulsory

Ing. Anna Kubánková, Ph.D.
doc. Ing. Lukáš Malina, Ph.D.