Revised 8/2023
ITN 263 - Internet/intranet Firewalls and E-commerce Systems (4 CR.)
Course Description
Gives an in-depth exploration of firewall, Web security, and e-commerce security. Explores firewall concepts, types, topology and the firewall's relationship to the TCP/IP protocol. Includes client/server architecture, the Web server, HTML and HTTP in relation to Web Security, and digital certification, D.509, and public key infrastructure (PKI). Lecture 4 hours per week.
General Course Purpose
The purpose of this course is to allow the student to develop additional knowledge and skills on perimeter network defenses, including firewalls and intrusion detection systems, that provide protection to our corporate data assets. This course also includes content, as indicated below in parenthesis behind each learning objective, which directly maps to DHS/NSA’s Center of Academic Excellence – 2 Year (CAE2Y) criteria.
Course Prerequisites/Corequisites
Prerequisite: ITN 260
Course Objectives
Upon successful completion of this course, the student will have a working knowledge of:
- Firewall concepts, principles, and types
- Firewall selection, configuration, and employment
- Securing a Web Server
- Securing e-Commerce
- HIDS concepts and principles
- IDS/IPS concepts and principles
- Incident Response
- Forensics Analysis
Major Topics to Be Included
- Firewalls
- Intrusion Detection Systems
- E-Commerce
- Incident Response
- Forensic Analysis
Student Learning Outcomes
Firewalls (NDF)
- Specify the main consideration associated with selecting a firewall by organization, and operating systems.
- Specify the main consideration associated with selecting a firewall by type and firewall.
- Define the firewall terms and identify the firewall strategies.
- Explain packet-filtering firewalls.
- Explain application gateway firewalls
- Explain circuit level gateway firewalls.
- Explain stateful inspection firewalls.
- Explain the different firewall architectures.
- Explain Network Address Translation (NAT).
- Specify the firewall security policy tradeoffs.
- Identify the various sections of a firewall security policy.
- Given specific protocols, specify generic firewall rules for configuring a firewall.
- Explain port security
Intrusion Detection Systems (IDS)
- Define the intrusion detection terms and their relationship to the security management model.
- Differentiate between host based intrusion detection system and a network based intrusion detection system.
- Differentiate between the two primary classes of host based intrusion detection systems.
- Describe the operation of a host based intrusion detection system.
- Describe the operation of a network based intrusion detection system.
- Describe intrusion detection analysis
- Identify and describe the two main approaches to intrusion detection analysis.
- Describe the various automated responses to intrusion detection.
CAE2Y Knowledge Unit Domain Index
E-Commerce (WAS)
- Explain the rational for the concerns regarding electronic commerce.
- Differentiate between the two major e-Commerce models.
- Identify the major goals associated with e-commerce.
- Describe the various functions related to client side security.
- Describe the various functions related to server side security.
- Describe the various functions of application security.
- Describe the various functions related to database security.
- Describe the various elements of a typical E-commerce architecture.
- Define E-commerce security zones and their rational.
Incident Response (CPM, SRA)
- Identify the incident response goals.
- Describe the Incident response process.
- Describe the various factors to be considered when preparing for an incident.
- Describe the phases of the risk management process.
- Explain the various functions required to prepare a host for an incident.
- Explain the various functions required to prepare a network for an incident.
- Describe the various considerations related to incident response policies and investigative steps.
- Identify the hardware and software tools required to investigate an incident.
- Explain the composition of a typical incident response team and their functions.
- Describe the various functions related to the initial response to an incident.
- Describe the various functions relating to investigating and assessing an incident.
- Explain the function of restoring a system after an incident.
- Describe the various concerns in evaluating an incident.
Forensic Analysis (DVF, HOF, NWF, PLE)
- Explain the typical guidelines related to forensics analysis.
- Describe the hardware and software tools required to conduct a forensics analysis.
- Define the various terms related to forensics analysis.
- Explain the rational for evidence chain of custody.
- Describe the need for trusted binaries in conducting an investigation into a computer incident.
- Describe the most common Unix forensics utilities.
- Describe the most common Windows forensics utilities.
- Explain the process, tools and techniques for recovering Unix volatile data.
- Explain the process, tools and techniques for recovering Windows volatile data.
- Explain the process, tools and techniques for conducting an offline Windows analysis.
- Describe the various consideration related to conducting a network analysis
- Be able to track and identify the packets involved in a simple TCP connection using Wireshark.
| KU Category | Course Content KU Mapping | CAE2Y KU Name | Description |
| Core Technical CDE Knowledge Units | NDF | Network Defense | Provide students with knowledge of the concepts used in defending a network, and the basic tools and techniques that can be taken to protect a network and communication assets from cyber threats. |
| Core Non-Technical CDE Knowledge | CPM | Cybersecurity Planning and Management | Provide students with the ability to develop plans and processes for a holistic approach to |
| PLE | Policy, Legal, Ethics, and Compliance | Provide students with and understanding of information assurance in context and the rules and guidelines that control them. | |
| SRA | Security Risk Analysis | Provide students with sufficient understanding of risk assessment models, methodologies and processes such that they can perform a risk assessment of a particular systems and recommend mitigations to identified risks. | |
| Optional Knowledge Units | DVF | Device Forensics | Provide students with the ability to apply forensics techniques to investigate and analyze a device |
| HOF | Host Forensics | Provide students with the ability to apply forensics techniques to investigate and analyze a host in a network. | |
| IDS | Intrusion Detection Systems | Provide students with knowledge and skills related to detecting and analyzing vulnerabilities and threats and taking steps to mitigate associated risks. | |
| NWF | Network Forensics | Provide students with the ability apply forensics techniques to investigate and analyze network traffic. | |
| WAS | Web Application Security | Provide students with an understanding of technology, tools, and practices associated with web applications. |
NOTE: the course content KU mapping represents the KU Domain topic as shown in the Center of Academic Excellence (CAE) KU mapping matrix (Excel file).
Required Time Allocation
In order to standardize the core topics of ITN 263 so that a course taught at one campus is equivalent to the same course taught at another campus, the following student contact hours per topic are required. Each syllabus should be created to adhere as closely as possible to these allocations. Of course, the topics cannot be followed sequentially. Many topics are taught best as an integrated whole, often revisiting the topic several times, each time at a higher level. There are normally 60 student-contact-hours per semester for a four credit course. (This includes 15 weeks of instruction and does not include the final exam week so 15* 4 = 60 hours. Sections of the course that are given in alternative formats from the standard 16 week section still meet for the same number of contact hours.) The final exam time is not included in the time table. The category, Other Optional Content, leaves ample time for an instructor to tailor the course to special needs or resources.
| Topic | Time in Hours | Percentages |
|---|---|---|
| Firewalls | 16 | 27% |
| Intrusion Detection Systems | 16 | 27% |
| E-Commerce | 1 | 2% |
| Incident Response | 3 | 5% |
| Forensic Analysis | 6 | 10% |
| Exams, Quizzes | 8 | 13% |
| Other Optional Content | 10 | 17% |
| Total | 60 | 100% |