CN8831: Advanced Topics in Network Security


Instructor: Dr. Cungang Yang 
Office: ENG435
Telephone: x 4175 
e­mail:  This email address is being protected from spambots. You need JavaScript enabled to view it.

Term: Winter

Goals of this class

  • Introduce a range of topics in wired and wireless network security
  • Solutions useful for network security design
  • Attack performing, detection and mitigation technique
    • Practical preparation for CCNP exam



This graduate course offers detailed and practical information in areas of network security including attack and defence, security protocols, design of secure wireless networks and Cisco safe networks.


Course Outline

1.     Introduction to IDS

2.     Security Protocols

  • Web security

o   SSL, SET, Chaum MIX

  • Authentication and key management protocols
  • Group key management protocols
  • Access control models

3.     Attack and Defence in Wired Networks

§  Tools to perform the attacks

o   Port scanning

o   IP spoofing

o   Session Hijacking

§  Detecting the attacks

§  Protecting against the attacks on network devices

o   Attacking the network devices

§  Penetrate and bypass Firewalls

§  Circumvent IDS

§  Router vulnerability

§  Switch vulnerability

o   Securing the network devices

§  Securing Firewalls

§  Securing Routers

§  Securing Switch


4.     Attack and Defence in WLAN Network Security

  • Scanning and penetrating wireless networks

o   Tools

o   Detecting wireless attacks: DOS attack, Man-in-the-Middle, MAC Address Spoofing, Rogue Access Point (Unauthorized Access Point)

o   Prevention

  • EAP Authentication Protocols for WLAN

o   EAP-MD5, EAP-TLS, Cisco - LEAP

  • Security Design Guidelines for WLAN

5. Security topics in Ad-hoc, Sensor and Mesh Networks

6. Designing and Implementing Cisco SAFE Networks

  • Designing and Implementing Small SAFE Networks
  • Designing and Implementing Medium-Sized SAFE Networks
  • Designing Remote SAFE Networks


Marking Scheme:

Quiz: 25%      

Final: 45%


Labs: 30%

      IDS labs

      Penetration testing and network defence labs



(1) Cisco: “CCIE Professional Development: Network Security Technologies and Solutions” by Yusuf Bhaiji

(2) Cisco: “Wireless LAN Security” by Krishna Sankar

(3) Cisco: “Penetration Testing and Network Defence”, the practical guide to simulate, detecting, and responding    to network attacks” by Andrew Whiater and Daniel Newman

(4) Cisco: “CCSP CSI Exam Certification Guide” by Ido Dubrawsky, Paul Grey

(5) “How to Cheat at Securing a Wireless Network” by Chris Hurley