CST8804 : Introductions

Aleksandra Vidojevic, M.Sc.

Cisco Certified CCNA Enterprise, CCNP Enterprise, Cisco Certified Security Specialist –
Core
Check Point certified CCSE, CCSA and CCSM
Fall-2023

1
 Agenda
• CST8804 Course Introduction: subject, literature, goals, and approach
• Prerequisites
• C271 Lab
• Important information
• Q&A

2
 Intro
Traditional information security should not be confused with cyber security. In
the past, information security programs and policies were designed to protect
the confidentiality, integrity, and availability of data within the confines of an
organization. However, organizations are rarely self-contained, and the price of
interconnectivity is an increased level of exposure to attack. Cybersecurity is
the process of protecting information by preventing, detecting, and responding
to attacks.

3
 The high-level view od the Security Appliances
courses

• The Advanced Diploma course, CST8605, prepares students to be part of a

team.
• The Graduate Certificate students, CST8804, to take on more of a leadership
role.
• The graduate certificate students, CST8804, to understand industry trends
toward migration to a multi-layered approach to security realized on a single
device using different licensing models/blades (Fortinet/Palo Alto/Check Point
vs. Cisco Firepower) and SD-WAN/SASE.

4
 Course Learning Requirements / Embedded
Knowledge and Skills

5
 The Course Learning Requirements (Design and implement network security
architecture for a given topology): a team member has to have an understanding of
the relation between a security device function and its position in a network vs. a
project lead who proposes design network security solution including use/test
cases.
Plan and implement security assessment methodologies, vulnerability
management strategies, and incident response procedures to generate and
communicate security analysis reports and recommendations to the proper level of
the organization.) A team member participates in the risk assessment process
related to the proposed change/solution for risk awareness and logistics of the
change vs. a project lead who performs threat modeling, risk assessment, reports
and communicates findings to stakeholder/upper management.
Team members are functionality-oriented; project leads are risk
management-oriented.
6
 Applied knowledge of Risks and Assets
Risk is a measure of the extent to which an entity is threatened by a potential
circumstance or event, and typically a function of the adverse impacts that would
arise if the circumstance or event occurs; and the likelihood of occurrence.
Sources: NIST SP 800-160 Vol.
There are three basic elements of risk: assets, threats, and vulnerabilities.
An asset is any item of economic value owned by an individual or corporation.
• Physical assets - e.g. routers, servers, hard drives, and workstations or,
• Virtual assets – e.g. data, formulas, databases, spreadsheets, trade secrets, and
processing time.
Regardless of the type of asset discussed, if the asset is lost, damaged, or
compromised, there can be an economic cost to the organization.
7
 • Advanced application recognition
• User identification —The User-ID feature allows administrators to configure and enforce firewall policies
based on users and user groups instead of or in addition to network zones and addresses.
• Threat prevention—Threat prevention services that protect the network from viruses, worms, spyware,
and other malicious traffic can be varied by application and traffic source
• URL filtering—Outbound connections can be filtered to prevent access to inappropriate web sites
• Traffic visibility—Extensive reports, logs, and notification mechanisms provide detailed visibility into
network application traffic and security events
• Networking versatility and speed
• End user protection - provides security for client systems
• Fail-safe operation—High availability (HA) support provides automatic failover in the event of any
hardware or software disruption

8
 Security Devices and Appliances Overview
Context-
Device Decision making process TCP/OSI level Example
aware
Standard/Extended
No security zone/level ACL based on 5-Tuple Network
Packet-filter firewall Routing based consideration (L3/L4) Stateless Cisco Router/MLS

Routing based Security zone/level Network

Traditional firewall and consideration* 5-Tuple (L3/L4) Stateful

Based on default Cisco NGFW Firepower, Palo

Routing based Security zones/levels policy or ACL Alto Checkpoint, Fortinet,
NGFW/Zone-based firewall and included in decision* Widening 5-Tuple* Network L2-L7 Stateful Juniper NGFW
L7 for for certain
application layer
ALG Aplication-level gateway (application layer "control/data" protocols
gateway/ application gateway/application such as FTP, BitTorrent, SIP, The Application Layer Gateway service in Microsoft
proxy/Application-level proxy) Routing based and TFTP/FTP/SIP/H323/IRC/PPTP/L2TP RTSP, Statefull Windows, The Linux kernel's Netfilter framework

Checkpoint, Azure WAF, AWS AWF, Imperva,

Web Application Firewall Routing based HTTP/HTTPS L7 only for web applications Statefull FortiWeb, NGINX

IDS/IPS Routing based Signature or Anomaly based L3* Cisco Firewall, Security Onion, Bro, SNORT

9
 Layered Policy Concept

10
 Gartner NGFW

11
 Multivendor approach

“Deloitte's security team is the biggest in Canada, and with its experience in
business risk consulting, wide span of security services, and large
ecosystem of security technology and cloud vendors, it can provide
customized, industry-specific security services to Canadian customers.”

12
 CST8806 Prerequisites

The reoccurrence of some topics for students such as the definition of NIDS/NIPS,
HIDS/HIPS, etc. solutions.
The networks knowledge
“A traditional stateful and stateless firewall is an OSI Level 3-4 device, an NGFW is
an OSI Level 2-7 device,” should be clear to students without further explanation.
However, as we have students with different level of previous network
knowledge/experience the above statement will be accompanied by the OSI and
TCP/IP model, connection-oriented vs. connectionless protocols explanations, etc.

13
Hilary Hinton Ziglar
 Literature
Brotherson, L., Berlin, A. (2017). Defensive Security Handbook: Best Practices for Securing
Infrastructure. Publisher: O’Reilly. ISBN: 978-1-491-96038-7

Murdoch, D., (2018). Blue Team Handbook: SOC, SIEM, and Threat Hunting Use Cases:
Notes from the field (v1.02). Publisher: Don Murdoch. ISBN-13: 978-1726273985

Additional resources used in the course preparation:

Exam Ref Az-900 Microsoft Azure Fundamentals, 3rd Edition. (n.d.).

CompTIA Cybersecurity Analyst (CySA+) CS0-002 Cert Guide, 2nd Edition

Mastering Palo Alto Networks - Second Edition By Tom Piens aka 'reaper', Kim Wens aka 'kiwi’

CCNP and CCIE Security Core SCOR 350-701 Official Cert Guide By Omar Santos
15
 Approach
• 50-minute sessions going over the theory of a given technology
• 10 X 3-hour Lab Activities (25%). A tested submission time.
• Late submissions will not be graded unless previously approved by the lab
professor.
• 1 x 2 Week Practical Project (35%). Exam week submission time.
• 1st Midterm Exam (15%). The first class after the reading week. 30-min, in-
person.
• 2nd Midterm Exam (10%). The last class in Fall2023. 30-min, in-person.
• 6 x 5-minutes Quizzes (15%). Beginning of the class, in-person, open-book.
• All quizzes, assignments, exams, and projects represent independent and
individual work.
16 All given dates subject to change with notification
 Approach (Contd.)
Similar to information security, setting up CST8804 class policies is useful and can be used to form the
cornerstone of knowledge acquisition and improvement as they promote:
• Consistency
• Distribution of knowledge
• Setting expectations
• Sets the tone
Quizzes, assignments, and projects’ language
Answers and submissions have to lay out what you wish to achieve.
They should not be ambiguous or use words and phrases such as “should,” “try,” and “mostly.”
For example, a good policy will use statements such as: “A unique User ID shall be assigned to every user.”
as opposed to “A unique User ID should be assigned to a user.”
Brotherson, L., Berlin, A. (2017). Defensive Security Handbook: Best Practices for Securing Infrastructure. Chapter 3

17
 CST8804 Lab: C271
Access
Do’s
- Work with Cisco ASA 5515/5525 firewalls and multilayer switches
- Work with Palo Alto Cyber Lab
Don’t
- Bring food and drinks in
- Use it as a social hub
- Use CST8804 lab time to work on another subjects; if needed please common
spaces or library
- Leave incorrectly connected cables after Cisco ASA Labs

18
Important Information: Academic Integrity
All students should be familiar with the Algonquin College policy AA48: Academic
Integrity which outlines student’s roles and responsibilities and what represents
academic dishonesty
Students with any questions about the course expectations regarding academic
integrity are encouraged to speak to their professor and the College’s academic
integrity team at acaio@algonquincollege.com
Students with visible and/or non-visible disabilities are encouraged to register with
the Centre for Accessible Learning (CAL) in order to be eligible for appropriate
learning supports and/or accommodations.
Interim or retroactive accommodations may be considered. For other situations
where deferral of evaluations may be warranted, please consult Algonquin
College Policy AA21: Deferred Evaluation.

19
Important Information: Use of Mobile Devices in Class

With the proliferation of small, personal mobile devices used for communications and
data storage, Algonquin College believes there is a need to address their use during
classes and examinations. During classes, the use of such devices unless authorized
by your professor can be disruptive and disrespectful to others. During examinations,
the use of such devices is generally prohibited unless authorized by your professor.
Otherwise, use is considered academic dishonesty in the form of cheating. For further
details consult Algonquin College Policy AA32: Use of Mobile Devices in Class

20
 Online vs in-person, next week
• As the design developer on some assignment, my attendance on-site is
mandatory.
• However, I plan to leverage my business travels during this period to enrich the
course content for CST8804 by using the on-site work as a case study. Besides
providing valuable takeaways on key topics from my courses such as
cybersecurity and NGFW design, this case study will also give students a look
into how to apply theoretical knowledge in real-life scenarios, as well as how to
communicate with clients, lead the design implementation and troubleshoot on
the spot.
• While teaching the theoretical concepts is necessary, so is showing the students
how to leverage their communication skills and deep concept understanding to
optimally apply their knowledge.

21
 Q&A

22