Professional Documents
Culture Documents
F23 CST8804-Intro
F23 CST8804-Intro
F23 CST8804-Intro
1
Agenda
• CST8804 Course Introduction: subject, literature, goals, and approach
• Prerequisites
• C271 Lab
• Important information
• Q&A
2
Intro
Traditional information security should not be confused with cyber security. In
the past, information security programs and policies were designed to protect
the confidentiality, integrity, and availability of data within the confines of an
organization. However, organizations are rarely self-contained, and the price of
interconnectivity is an increased level of exposure to attack. Cybersecurity is
the process of protecting information by preventing, detecting, and responding
to attacks.
3
The high-level view od the Security Appliances
courses
4
Course Learning Requirements / Embedded
Knowledge and Skills
5
The Course Learning Requirements (Design and implement network security
architecture for a given topology): a team member has to have an understanding of
the relation between a security device function and its position in a network vs. a
project lead who proposes design network security solution including use/test
cases.
Plan and implement security assessment methodologies, vulnerability
management strategies, and incident response procedures to generate and
communicate security analysis reports and recommendations to the proper level of
the organization.) A team member participates in the risk assessment process
related to the proposed change/solution for risk awareness and logistics of the
change vs. a project lead who performs threat modeling, risk assessment, reports
and communicates findings to stakeholder/upper management.
Team members are functionality-oriented; project leads are risk
management-oriented.
6
Applied knowledge of Risks and Assets
Risk is a measure of the extent to which an entity is threatened by a potential
circumstance or event, and typically a function of the adverse impacts that would
arise if the circumstance or event occurs; and the likelihood of occurrence.
Sources: NIST SP 800-160 Vol.
There are three basic elements of risk: assets, threats, and vulnerabilities.
An asset is any item of economic value owned by an individual or corporation.
• Physical assets - e.g. routers, servers, hard drives, and workstations or,
• Virtual assets – e.g. data, formulas, databases, spreadsheets, trade secrets, and
processing time.
Regardless of the type of asset discussed, if the asset is lost, damaged, or
compromised, there can be an economic cost to the organization.
7
• Advanced application recognition
• User identification —The User-ID feature allows administrators to configure and enforce firewall policies
based on users and user groups instead of or in addition to network zones and addresses.
• Threat prevention—Threat prevention services that protect the network from viruses, worms, spyware,
and other malicious traffic can be varied by application and traffic source
• URL filtering—Outbound connections can be filtered to prevent access to inappropriate web sites
• Traffic visibility—Extensive reports, logs, and notification mechanisms provide detailed visibility into
network application traffic and security events
• Networking versatility and speed
• End user protection - provides security for client systems
• Fail-safe operation—High availability (HA) support provides automatic failover in the event of any
hardware or software disruption
8
Security Devices and Appliances Overview
Context-
Device Decision making process TCP/OSI level Example
aware
Standard/Extended
No security zone/level ACL based on 5-Tuple Network
Packet-filter firewall Routing based consideration (L3/L4) Stateless Cisco Router/MLS
IDS/IPS Routing based Signature or Anomaly based L3* Cisco Firewall, Security Onion, Bro, SNORT
9
Layered Policy Concept
10
Gartner NGFW
11
Multivendor approach
“Deloitte's security team is the biggest in Canada, and with its experience in
business risk consulting, wide span of security services, and large
ecosystem of security technology and cloud vendors, it can provide
customized, industry-specific security services to Canadian customers.”
12
CST8806 Prerequisites
The reoccurrence of some topics for students such as the definition of NIDS/NIPS,
HIDS/HIPS, etc. solutions.
The networks knowledge
“A traditional stateful and stateless firewall is an OSI Level 3-4 device, an NGFW is
an OSI Level 2-7 device,” should be clear to students without further explanation.
However, as we have students with different level of previous network
knowledge/experience the above statement will be accompanied by the OSI and
TCP/IP model, connection-oriented vs. connectionless protocols explanations, etc.
13
Hilary Hinton Ziglar
Literature
Brotherson, L., Berlin, A. (2017). Defensive Security Handbook: Best Practices for Securing
Infrastructure. Publisher: O’Reilly. ISBN: 978-1-491-96038-7
Murdoch, D., (2018). Blue Team Handbook: SOC, SIEM, and Threat Hunting Use Cases:
Notes from the field (v1.02). Publisher: Don Murdoch. ISBN-13: 978-1726273985
Mastering Palo Alto Networks - Second Edition By Tom Piens aka 'reaper', Kim Wens aka 'kiwi’
CCNP and CCIE Security Core SCOR 350-701 Official Cert Guide By Omar Santos
15
Approach
• 50-minute sessions going over the theory of a given technology
• 10 X 3-hour Lab Activities (25%). A tested submission time.
• Late submissions will not be graded unless previously approved by the lab
professor.
• 1 x 2 Week Practical Project (35%). Exam week submission time.
• 1st Midterm Exam (15%). The first class after the reading week. 30-min, in-
person.
• 2nd Midterm Exam (10%). The last class in Fall2023. 30-min, in-person.
• 6 x 5-minutes Quizzes (15%). Beginning of the class, in-person, open-book.
• All quizzes, assignments, exams, and projects represent independent and
individual work.
16 All given dates subject to change with notification
Approach (Contd.)
Similar to information security, setting up CST8804 class policies is useful and can be used to form the
cornerstone of knowledge acquisition and improvement as they promote:
• Consistency
• Distribution of knowledge
• Setting expectations
• Sets the tone
Quizzes, assignments, and projects’ language
Answers and submissions have to lay out what you wish to achieve.
They should not be ambiguous or use words and phrases such as “should,” “try,” and “mostly.”
For example, a good policy will use statements such as: “A unique User ID shall be assigned to every user.”
as opposed to “A unique User ID should be assigned to a user.”
Brotherson, L., Berlin, A. (2017). Defensive Security Handbook: Best Practices for Securing Infrastructure. Chapter 3
17
CST8804 Lab: C271
Access
Do’s
- Work with Cisco ASA 5515/5525 firewalls and multilayer switches
- Work with Palo Alto Cyber Lab
Don’t
- Bring food and drinks in
- Use it as a social hub
- Use CST8804 lab time to work on another subjects; if needed please common
spaces or library
- Leave incorrectly connected cables after Cisco ASA Labs
18
Important Information: Academic Integrity
All students should be familiar with the Algonquin College policy AA48: Academic
Integrity which outlines student’s roles and responsibilities and what represents
academic dishonesty
Students with any questions about the course expectations regarding academic
integrity are encouraged to speak to their professor and the College’s academic
integrity team at acaio@algonquincollege.com
Students with visible and/or non-visible disabilities are encouraged to register with
the Centre for Accessible Learning (CAL) in order to be eligible for appropriate
learning supports and/or accommodations.
Interim or retroactive accommodations may be considered. For other situations
where deferral of evaluations may be warranted, please consult Algonquin
College Policy AA21: Deferred Evaluation.
19
Important Information: Use of Mobile Devices in Class
With the proliferation of small, personal mobile devices used for communications and
data storage, Algonquin College believes there is a need to address their use during
classes and examinations. During classes, the use of such devices unless authorized
by your professor can be disruptive and disrespectful to others. During examinations,
the use of such devices is generally prohibited unless authorized by your professor.
Otherwise, use is considered academic dishonesty in the form of cheating. For further
details consult Algonquin College Policy AA32: Use of Mobile Devices in Class
20
Online vs in-person, next week
• As the design developer on some assignment, my attendance on-site is
mandatory.
• However, I plan to leverage my business travels during this period to enrich the
course content for CST8804 by using the on-site work as a case study. Besides
providing valuable takeaways on key topics from my courses such as
cybersecurity and NGFW design, this case study will also give students a look
into how to apply theoretical knowledge in real-life scenarios, as well as how to
communicate with clients, lead the design implementation and troubleshoot on
the spot.
• While teaching the theoretical concepts is necessary, so is showing the students
how to leverage their communication skills and deep concept understanding to
optimally apply their knowledge.
21
Q&A
22