Network & Information Security Management - Seminars

Various seminars hosted by the tutor were held during the course of this module, these are described below:

Seminar 1 - Introductory session and group allocation for Team Project

Seminar 1 Preparation

Seminar 1 included an introduction to the module as well as team and website allocations.

A team contract was developed and signed by all team members.

The team contract is available by clicking on the link below

Click here to download the team contract

Seminar 2 - STRIDE and DREAD tools

Seminar 2 Preparation

During this seminar, Microsoft STRIDE & DREAD tools were discussed.

We were asked to review the lecturecast, and then based on our response in Collaborative Learning Discussion 1, answer the questions below:

  • Use a 3 level DREAD rating where 0 = no risk and 3 = maximum risk.
  • Which is the risk with the highest rating? What assumptions have you made?

Student notes were prepared for this seminar. These are available by clicking on the links below.

Click here to download the student notes in a MS Excel format

Click here to download the presentation in a .pdf format

Seminar 3 - TCP/IP v ISO/OSI

Seminar 3 Preparation

Read: Russell, A.L. (2006) ‘Rough Consensus and Running Code’ and the Internet-OSI Standards War. IEEE Annals of the History of Computing. Available from: https://www2.cs.duke.edu/courses/common/compsci092/papers/govern/consensus.pdf

Then consider the following:

"Would the Internet we have today be much better if it was based on the ISO/ OSI 7-layer model rather than TCP/IP?"

Also, consider the availability, influence and impact of server and desktop tools and environments and where they came from (Commercial sources vs. Open source).

Groups were also asked to put together a slide deck on the scanning results of the website assigned

Student notes were prepared for this seminar. These are available by clicking on the link below.

Click here to download the notes in a .pdf format

Click here to download the scanning exercise notes in a text format

A short presentation was also required from a group perspective on the scanning exercise activity.

Click here to download the presentation in a Powerpoint format

Seminar 4 - Evaluation Exercise

Seminar 4 Preparation

There is no need to install any software for this evaluation – it is a research activity.

Read the blog post in preparation for this week’s seminar - “Geer, D. (2015) 8 Penetration Testing Tools That Will Do the Job. (Network World)".

  • Evaluate the tools discussed therein against the criteria: ease of install, ease of use, flexibility, licensing, privacy, reputation.
  • Rate each tool on a scale of 1-5, 5 being the most popular/highest score.
  • Which tool gets the highest rating according to your evaluation?

Student notes were prepared for this seminar. These are available by clicking on the link below.

Click here to download the notes in a MS Excel format

A short presentation was also required from a group perspective.

Click here to download the presentation in a Powerpoint format

Seminar 5 - Security Standards

Seminar 5 Preparation

Review the following links/websites and answer the questions below.

ICO (2020) Guide to the General Data Protection Regulation (GDPR).

PCI Security Standards.org (2020) Official PCI Security Standards Council Site

HIPAA (2020) HIPAA For Dummies

  • Which of the standards discussed in the sources above would apply to the website/organisation assigned to you for the assessment? For example, a company providing services to anyone living in Europe or a European-based company or public body would most likely be subjected to GDPR. A company handling online payments would most likely need to meet PCI-DSS standards.
  • Evaluate your assigned website against the appropriate standards and decide how you would check if standards were being met?
  • What would your recommendations be to meet those standards?
  • What assumptions have you made?

Student scratch notes were prepared for this seminar. These are available by clicking on the link below.

Click here to download the notes in a MS word format

A short presentation was also required from a group perspective.

Click here to download the presentation in a Powerpoint format

Seminar 6 - Data Breach Case Study

Seminar 6 Preparation

Data Breach Case Study

Read Swinhoe, D., 2020. The 15 Biggest Data Breaches Of The 21St Century. [online] CSO Online.

Select one of the cases by completing Data Breach choice. Once you have made your selection, you will be able to see the links to the case. Then complete a breach checklist as discussed in the lecturecast (reproduced below):

  • What types of data were affected?
  • What happened?
  • Who was responsible?
  • Were any escalation(s) stopped - how?
  • Was the Business Continuity Plan instigated?
  • Was the ICO notified?
  • Were affected individuals notified?
  • What were the social, legal and ethical implications of the decisions made?

If you had been the ISM for the organisation you selected what mitigations would you have put in place to stop any reoccurrences?

Student notes were prepared for this seminar. These are available by clicking on the link below.

Click here to download the notes in a MS word format

A short presentation was also required from a group perspective.

Click here to download the presentation in a Powerpoint format

Seminar 7 - Debate Vote

Seminar 7 Preparation

Read the following two articles.

Rawat, D. & Reddy, S. (2017). Software Defined Networking Architecture, Security and Energy Efficiency: A Survey. IEEE Communications Surveys & Tutorials 19(1):325-346.

Ding, W., Yan, Z. & Deng, R. (2016) A Survey on Future Internet Security Architectures. IEEE Access.

Your tutor will split you into 4 teams and then you will debate the following questions:

Team 1: It is our belief that the future of the Internet is based on content centric networking (CCN &/or NDN or COAST).

Team 2: It is our belief that the future of the Internet is based on peer-to-peer overlay-based networking (BitTorrent, TOR, Freenet, KAD).

Team 3: It is our belief that the future of the Internet is based on the MobilityFirst architecture.

Team 4: It is our belief that the future of the Internet is based on the adoption of IPv6 and the rollout of the associated security measures (DNSSEC, HTTP/3, IPsec, etc.)

Read all the arguments for each of the four positions. Each team should argue against the other positions and defend why their point of view is correct. Each team member should pick at least one opposing point of view and refute it. During this week’s seminar session, all students will independently vote for which argument they believe was presented most persuasively.

Team 1: Content-Centric Networking (CCN)

It is our belief that the future of the Internet is based on content centric networking (CCN)

The current IPv4 (Internet Protocol) version 4 Internet architecture in use today is based on connection between hosts using source and destination IP addresses. Network attacks, depletion of IP addresses, increased latency in serving content are amongst the many disadvantages that IPv4 offers (Ding et al., 2016). There are various research projects being funded by the U.S. National Science Foundation (NSF) to present alternatives to the current architecture. One of these alternatives is called Content-Centric Networking (CCN) a form of Information Centric Networks (ICN) which is primarily based on content cache and delivery. The CCN architecture has 3 layers viz. Network Provider Infrastructure Layer, Services Aware Layer, and the Information Overlay Layer (Ding et al., 2016). Furthermore, endpoints connect to each other on named data instead of IP addresses (Arokiaraj & Muthumani, 2020). Some of the advantages of this architecture include:

  • Attack detection and verification of all packets
  • Network load reduction
  • Enhance router storage (cache)
  • Shorter downloading times as well as low communication overheads (Mishra & Dave, 2015)

In conclusion, CCN is proving to be beneficial for current network architectures as well as being a promising alternative to IP driven networks. Various caching strategies are being researched to enhance this architecture (Mishra & Dave, 2015).

References

Arokiaraj, C, A, P & Muthumani, N. (2020). A Survey And Analysis Of Content Centric Networking Approaches. International Journal of Scientific & Technology 9(1): 3613-3617. Available from: https://www.ijstr.org/final-print/jan2020/A-Survey-And-Analysis-Of-Content-Centric-Networking-Approaches.pdf [Accessed 14 February 2022].

Ding, W., Yan, Z. & Deng, R. (2016) A Survey on Future Internet Security Architectures. IEEE Access. 4: 4374-7393. Available from: https://www.researchgate.net/publication/305744487_A_Survey_on_Future_Internet_Security_Architectures [Accessed 14 February 2022].

Mishra, G, P., & Dave, M. (2015) ‘A Review on Content Centric Networking and Caching Strategies’, 2015 Fifth International Conference on Communication Systems and Network Technologies. India, 4-6 April 2015. USA: IEEE. Available from: https://ieeexplore.ieee.org/document/7280055 [Accessed 14 February 2022].

Click here to download the above post in a .pdf format

A short presentation was prepared for this from a group perspective.

Click here to download the presentation in a Powerpoint format