Inhalt

Abstract:

The course (former course title: "Planung und Management von Computer Netzwerken" / "Planning and Management of Computer Networks Interactive Online") is divided into two parts:
Part I: Fundamentals of Computer Networking
Part II: Secure Computer Network Management

Part I: Fundamentals of Computer Networking

The standard ISO/OSI computer networking model is introduced first and compared with the TCP/IP model based on RFC specifications; the roles and features of each of the layers of both models are presented.

The most important protocols and services of each layer used for networking the local and remote computers are also presented in the form of a top-down approach. All protocols are analyzed hands on using remote virtual labs and analyzer tools such as Wireshark. The roles and the main features of the network components, i.e. hub, switch, router and DNS server are addressed as well. Their operations are shown and tested using the remote virtual labs and experimental virtualized network configurations. There is also a project (programming of a simple application based on TCP and UDP sockets) which is a prerequisite for admission to the final exam.

Teaching resources offered: tutorials, lab instructions, virtualized ready set network configuration (downloadable on students’ PCs), case studies, forums, exam patterns, student support materials

Part II: Secure Computer Network Management

The role and the objectives of network management (NM) for an organization are initially addressed. Various standard and private Management Information Bases (MIB) and remote MIBs are presented. The different types of network management tools, i.e. OpenNMS, NetFlow Collector, as well as the network management protocols SNMPv2/v3, NetFlow and OpenFlow network management protocols are experienced hands on based on virtualized experimental virtual networks and software tools.

Experiments are also conducted on the fundamentals of the Reconnaissance and DoS network attack types and their effects on network components and network applications to gain hand-on experience. An understanding is gained of the need for protection tools and the various types of tools. Legacy protection tools and other techniques for protecting the network components (FW, IPS, VPN) are addressed. Furthermore, secure management concepts (e.g. migration to NGFW, NGIPS, Sandbox) for the purpose of protecting against new types of attacks (e.g. ransomware, protocol anomalies) are implemented. In addition, awareness is raised of the security assurance requirements of organizations for network protection.

Teaching resources offered: tutorials, lab instructions, virtualized ready set network configuration (downloadable on students PCs), case studies, forums, exam patterns, student support material

Collaborative and cumulative project for Part II: Program and implement a secure Software Defined Network (SDN) using Snort as the intrusion attacks detector. The project is carried out in a collaborative manner by international teams of 2-3 students. The project is cumulative, i.e. each project step is based on the framework provided by the prior steps. The project is mandatory for admittance to the final exam.

Gliederung:

Part I: Fundamentals of Computer Networking

• Computer Networking Terminology
• Computer Networking Architecture
• Application Layer
• Transport Layer
• Network Layer
• Multiprotocol Label Switching (MPLS)
• Data Link Layer wired networks
• Data Link Layer wireless networks
• Multimedia Technology
  
  

Part II: Secure Computer Network Management

• Surveys of Fundamentals on Computer Networks
• Network Management (NM) Architecture
• Management Information Bases (MIBs)
• NM Protocols
• Managing Network Security
• Managing Network Protection

Detaillierter Inhalt:

Part I: Fundamentals of Computer Networking

• Computer Networking Terminology
• Computer Networking Architecture: ISO/OSI versus TCP/IP models, role of the layers, interfaces, and protocols between layers
• Application Layer: services, application protocols (HTTP, FTP, E-Mail, DNS)
• Transport Layer: TCP protocol (sockets, analyze, error cases), UDP protocol (analyze), application programming using TCP/UDP Sockets
• Network Layer: addressing in global networks, subnetting, routing in Internet, routing algorithms, routing protocols (RIPV2 & OSPF), routing tables, ICMP protocol, protocol analyses, router operation
• Multiprotocol Label Switching (MPLS)
• Data Link Layer wired networks: CSMA/CD protocol, Ethernet versions, Ethernet analyses, VLAN principle, WAN protocols, switch operation
• Data Link Layer wireless networks: CSMA/CA protocol according to IEEE 802.11, message analyzes, access point operation
• Multimedia Technology: VoIP operation, RTP, RTCP, SIP, G.711, G.723 protocols, analyses of VoIP protocols
  
  

Part II: Secure Computer Network Management

• Surveys of Fundamentals on Computer Networks: MAC Control, TCP/IP Stack, STP protocol, VLANs, subnetting, routing algorithms, routing protocols, routing tables, QoS, CoS
• Network Management (NM) Architecture: reference model, legacy NM functionalities, proxy architecture, policy governed architecture, EVAS NM architecture (Endpoint Visualization, Access and Security), Software Defined Networks architecture (SDN), Mininet
• Management Information Bases (MIBs): standard and private MIBs (MIB II, RMON1, RMON2, ASN.1), language, Structure of Management Information (SMI), Basic Encoding Rules (BER), NM Systems (OpenNMS, NetFlow Collector)
• NM Protocols: SNMPv2, Secure SNMPv3, NetFlow, NetCONF, OpenFlow for SDNs, Case Study based on Mininet
• Managing Network Security: Confidentiality-Integrity-Availability-Model, managing Network Access Control (NAC), legacy NAC using Std. IEEE 802.1X and RADIUS;
  Case Study: NAC using Policy Governed Network CISCO-ISE; managing Transport Layer Secure Connections (SSL, TSL); managing Network Layer Security (IPSec and VPNs); managing Network Access Decision Control using Policy Engines
• Managing Network Protection: Type of Attacks (Reconnaissance, Denial of Service (DoS), DDoS), case studies of network attacks, managing protection methods (packet filtering, ACL, PAT/NAT, FW, VLAN, Honeypots, next generation FW (NGFW), next generation IPS (NGIPS), managing Sandboxing Protection)
  
  

Lab assignments:

1. Managing Static/RIPv2/OSPF routing
2. Monitoring/controlling CNs using SNMP v2 & v3 and MIBII technology
3. Monitoring the CN Security using OpenNMS and SNMP
4. Monitoring the CN Security using NetFlow Prot. and NetFlow Collector
5. Configuring/analyzing CN protection using FW and NAT tools
6. Programming, deploying, and analyzing various CN attacks (Reconnaissance, DoS)
7. Configuring/analyzing VPN based traffic protection using OpenVPN
8. Configuring/analyzing IPS protection using Snort
9. Configuring/analyzing network attacks using Cuckoo Sandbox
10. Monitoring/controlling SDN-based CNs using Mininet
    
    

All assignments are carried out using the virtual lab container with network components and software packages already installed. The network components are based on virtual machines and open source software tools such as Wireshark, Vyos Router supporting MIBII and SNMPv2&3, NetFlow Agents, OpenNMS, NetFlow Collector, Snort, OpenVPN, Mininet, and OpenvSwitch. All assignments are mandatory for admittance to the exam.

Lern-/Qualifikationsziele:

-

Lehrveranstaltungstyp:

Virtuelles Seminar

Interaktionsformen mit Betreuer/in:

E-Mail, Kooperation Lerner/Betreuer bei der Aufgabenbearbeitung, Übungsaufgaben für Selbstlernbetrieb

Interaktionsformen mit Mitlernenden:

E-Mail, Forum

Kursdemo:

zur Kursdemo

Nutzung

Kurs ist konzipiert für:

• Computer science or other technical study paths at universities of applied sciences
• Computer science or other technical study paths at universities

Formale Voraussetzungen:

None

Erforderliche Vorkenntnisse:

None

Hinweise zur Nutzung:

None

Kursumsetzung (verwendete Medien):

-

Erforderliche Technik:

-

Nutzungsentgelte:

für andere Personen als (reguläre) Studenten der vhb Trägerhochschulen nach Maßgabe der Benutzungs- und Entgeltordnung der vhb

Rechte hinsichtlich des Kursmaterials:

-

Verantwortlich

Anbieterhochschule:

HAW München (HM)

Anbieter:

Prof. Dr. Alexandru Soceanu

Autoren:

Alexandru Soceanu

Betreuer:

Prof. Dr. Alexandru Soceanu

Prüfung

Course examination

Art der Prüfung:

schriftlicher Leistungsnachweis (Klausur)

Bemerkung:

–

Prüfer:

Prof. Dr. Alexandru Soceanu

Prüfungsanmeldung erforderlich:

ja

Anmeldeverfahren:

Die Anmeldung zur Prüfung erfolgt über das vhb-Portal.

Prüfungsanmeldefrist:

30.06.2025 00:00 Uhr bis 11.07.2025 23:59 Uhr

Prüfungsabmeldefrist:

30.06.2025 00:00 Uhr bis 11.07.2025 23:59 Uhr

Kapazität:

–

Prüfungsdatum:

Nach Absprache mit dem Prüfer

Prüfungsdauer:

90 Minuten

Prüfungsort:

HAW München or upon request

Zuständiges Prüfungsamt:

Examination office of the students' home university

Zugelassene Hilfsmittel:

Lecture notes, literature

Formale Voraussetzungen für die Prüfungsteilnahme:

None

Inhaltliche Voraussetzungen für die Prüfungsteilnahme:

Course content

Zertifikat:

Ja (Certificate (graded) upon request)

Anerkennung:

Not yet known