Defense In Depth Network Security

Program & Modules

Program Description

This series of hands-on lab exercises are intended to support courses in Network Security. These labs survey and demonstrate common defensive security mechanisms found in enterprise networks. Within a simulated network, students will install, configure, and test various levels of network security. The labs can be utilized to build on each other to emphasize planning and design or run individually to demonstrate a single security mechanism. ​​​​​​​

Modules

Network Access Control

This lab introduces the concept of RADUIS, Network Access Policies, and Captive Portals.

SSL & TLS + VPN

The lab demonstrates the use of SSL/TLS to secure traffic between a web host and for create a secure VPN tunnel for encrypting remote network traffic.

Firewall Configuration

This lab demonstrates the use of Firewalls to block unwanted network traffic. Both a network-based packet filter firewall and host-based firewall are configured.

Private Key Infrastructure

This lab focuses on setting creating an internal Private Key Infrastructure (PKI) to issue security certificates to clients and servers for encryption and authentication.

Vulnerability Scanning

This lab uses a vulnerability scanning tool to detect and analyze potential security vulnerabilities within the network and challenges students to remediate the vulnerabilities by implementing host hardening techniques and other security mechanisms.

User Authentication

This lab looks at several different methods of enabling user authentication on a variety of services within the network.

IPSC + VPN

This lab demonstrates the use of IPSEC to secure communications between a local client and server, as well, using IPSEC to create a secured VPN tunnel for encrypting remote network traffic.

Malicious Software

In this lab, students create a simple Malware program to infect a machine, then clean the system using anti-virus tools and block future attacks.

Intrusion Detection

This lab demonstrates the use of an Intrusion Detection device to capture and analyze a simulated network attack.