《计算机网络安全》教学大纲

课程代码

045102881

课程名称

计算机网络安全

英文名称

Computer and Network Security

课程类别

专业基础课

课程性质

必修

学时

总学时48:实验学时:16实习学时:0其他学时:0

学分

2.5

开课学期

5

开课单位

计算机科学与工程学院

适用专业

信息安全

授课语言

中文

先修课程

计算机网络、高级语言程序设计、操作系统、数据库

课程对毕业要求的支撑

本课程对学生达到如下毕业要求的贡献:

 1. 设计/开发解决方案:能够设计针对信息安全复杂工程问题的解决方案,设计满足特定需求的信息安全解决方案,并能够在设计环节中体现创新意识,考虑社会、健康、安全、法律、文化以及环境等因素。

 2. 使用现代工具:能够针对信息安全复杂工程问题,开发、选择与使用恰当的技术、资源、现代工具和信息技术工具,包括对信息安全复杂工程问题的预测与模拟,并能够理解其局限性。

 3. 工程与社会:能够基于信息安全工程相关背景知识进行合理分析,评价信息安全专业工程实践和复杂工程问题解决方案对社会、健康、安全、法律以及文化的影响,并理解应承担的责任。

4. 职业规范:具有人文社会科学素养、社会责任感,能够在工程实践中理解并遵守工程职业道德和规范,履行责任。

课程目标

完成课程后,学生将具备以下能力:

 (1) 熟悉TCP/IP协议存在的缺陷、网络安全威胁以及网络安全防护等。

 (2) 掌握网络侦察技术、网络扫描技术、拒绝服务攻击、计算机病毒、特洛伊木马、网络监听技术、Web网站攻击技术等常见攻击技术原理与应用。

(3) 掌握防火墙技术、入侵检测技术和蜜罐技术等防范技术原理与应用。

课程简介

本课程属于信息安全专业基础课程,结合理论讲解、实例学习和实验,全面介绍计算机网络安全的基本概念、技术和原理。主要内容包括:网络协议缺陷、网络安全威胁以及网络安全防护,网络侦察技术,网络扫描技术,拒绝服务攻击,计算机病毒,特洛伊木马,网络监听技术,Web网站攻击技术,防火墙技术,虚拟专用网技术,入侵检测技术,蜜罐技术。

教学内容与学时分配

(一)计算机网络安全概述(2学时)

教学内容:介绍我国信息安全的形势;了解我国在信息安全方面的方针和政策;介绍我国信息安全人才需求;信息安全重要性、网络安全威胁、漏洞产生的原因、TCP/IP协议族主要协议安全性分析以及网络安全防护概述

(二)网络侦察技术(2学时)

教学内容:网络攻击过程、网络侦察方法以及网络侦察防御

(三)网络扫描技术(3学时)

教学内容:网络扫描的概念、主机扫描、端口扫描、操作系统检测、漏洞扫描

(四)拒绝服务攻击(3学时)

教学内容:拒绝服务攻击的概念、拒绝服务攻击的方法及原理、僵尸网络、拒绝服务攻击的检测及响应

(五)计算机病毒(3学时)

教学内容:恶意程序的概念及分类、计算机病毒的定义及特征、计算机病毒的分类、结构和传播、计算机病毒的检测技术

(六)特洛伊木马(3学时)

教学内容:特洛伊木马定义、分类和入侵、木马的隐藏技术、木马的防范、木马检测和发现

(七)网络监听技术(2学时)

教学内容:网络监听概念、共享网络监听、交换网络监听、网络监听检测与防范

(八)Web网站攻击技术(3学时)

教学内容:Web应用面临的安全威胁、SQL注入攻击、跨站脚本攻击、认证和会馆管理攻击与防范

(九)防火墙技术(3学时)

教学内容:防火墙的基本概念、功能及分类、防火墙技术、防火墙体系结构、防火墙评价标准

(十)虚拟专用网技术(3学时)

教学内容:虚拟专用网概念、虚拟专用网关键技术

(十一)入侵检测技术(3学时)

教学内容:入侵检测系统概念、通用入侵检测框架、入侵检测数据源及分类、入侵检测方法

(十二)蜜罐技术(2学时)

教学内容:蜜罐技术的概念和分类、蜜罐技术优缺点、Honeyd

实验教学(包括上机学时、实验学时、实践学时)

教学方法

课程教学以课堂教学、课外作业、上机实验以及与授课教师的科研实践相结合等共同实施。

考核方式

本课程采用闭卷考试并结合实验、作业和考勤进行综合评估,其中闭卷考试占该课程总评成绩的70 %,实验、作业与考勤占该课程总评成绩的30 %

教材及参考书

现用教材:

吴礼发,洪征,李华波,《网络攻防原理与技术》,机械工业出版社,2017

主要参考资料:

 [1].吴灏,《网络攻防技术》, 机械工业出版社,2009

 [2].牛少彰,江为强,《网络的攻击与防范-理论与实践》,北京邮电大学出版社, 2006

 [3].卿斯汉,蒋建春,《网络攻防技术原理与实战》,科学出版社,2004

[4].Chuck EasttomNetwork Defense and Countermeasures: Principles and PracticesPrentice Hall2005

制定人及制定时间

何军辉,2019410

 “Computer and Network SecuritySyllabus

Course Code

045102881

Course Title

Computer and Network Security

Course Category

Specialty Basic Courses

Course Nature

Compulsory Course

Class Hours

Total hours: 48 Lab hours: 16 Practice hours: 0 Other hours:0

Credits

2.5

Semester

5

Institute

School of Computer Science & Engineering

ProgramOriented

Information Security

Teaching Language

Chinese

Prerequisites

Computer Networks, Advanced Language Programming, Operating Systems, Database

 Student Outcomes

 (Special Training Ability)

 This course contributes to the following graduation requirements for students:

 1. Designing and Developing Solutions: with the ability to design the solutions to complex and specific engineering problems in information security, to have an innovative sense in the design phase by considering the factors of society, health, safety, law and culture.

 2. Applying the Modern Tools: with the ability to develop, select and use the appropriate techniques, resources, and modern tools and IT tools, including prediction and simulation, to solve the complex engineering activities in information security and understand the limitations.

 3. Engineering and Society: with the ability to reasonably analyze and evaluate the impacts of professional engineering practice and solutions to the complex engineering problems to society, health, safety, law and culture issues by using the background knowledge of information security engineering, to understand the consequent responsibility.

4. Professional Regulations: to understand the humanity science and have the sense of social responsibility, be able to responsibly understand and abide the professional ethics and regulations in engineering practice.

Course Objectives

 Upon completion of the course, students will have the following abilities:

 (1) Be familiar with TCP / IP protocol flaws, network security threats and network security protection.

 (2) Master common attack technology principles and applications, including network reconnaissance technology, network scanning technology, denial of service attacks, computer viruses, Trojan horses, network monitoring technology, Web site attack technology.

(3) Master common defending technology principles and applications, including firewall technology, intrusion detection technology and honeypot technology.

Course Description

This course belongs to the basic courses of information security. The basic concepts, techniques and principles of computer network security may be introduced by combining theoretical explanation, case study and experiment. The main contents include: network protocol defects, network security threats and network security protection, network reconnaissance technology, network scanning technology, denial of service attacks, computer viruses, Trojan horses, network monitoring technology, Web site attack technology, firewall technology, virtual private network technology, intrusion detection technology, and honeypot technology.

Teaching Content and Class Hours Distribution

 (A) Computer network security overview (2 hours)

 Teaching content: introduce the situation of information security in China; understand China's guidelines and policies on information security; and introduce the needs of information security talents in China; the importance of information security, network security threats, the causes of loopholes, security analysis of TCP/IP protocol suite and network security defense overview

 (B) Network reconnaissance technology (2 hours)

 Teaching content: network attack process, network reconnaissance methods and network reconnaissance defense

 (C) Network scanning technology (3 hours)

 Teaching content: the concept of network scanning, host scanning, port scanning, operating system detection, vulnerability scanning

 (D) Denial of service attacks (3 hours)

 Teaching content: the concept of denial of service attacks, denial of service attacks and principles, botnets, denial of service attacks detection and response

 (E) Computer virus (3 hours)

 Teaching content: the concept and classification of malicious programs, the definition and characteristics of computer viruses, computer virus classification, structure and dissemination of computer virus detection technology

 (F) Trojan horse (3 hours)

 Teaching content: Trojan horse definition, classification and invasion, Trojan hiding technology, Trojan horse prevention, Trojan detection and discovery

 (G) Network monitoring technology (2 hours)

 Teaching content: network monitoring concept, sharing network monitoring, switching network monitoring, network monitoring detection and prevention

 (H) Web site attack technology (3 hours)

 Teaching content: security threats towards applications, SQL injection attacks, cross-site scripting attacks, authentication and session management attacks and prevention

 (I) firewall technology (3 hours)

 Teaching content: the basic concept of firewall, function and classification, firewall technology, firewall architecture, firewall evaluation criteria

 (J) Virtual Private Network Technology (3 hours)

 Teaching content: virtual private network concept, virtual private network key technology

 (K) Intrusion Detection Technology (3 hours)

 Teaching content: intrusion detection system concept, common intrusion detection framework, intrusion detection data source and classification, intrusion detection method

 (L) Honeypot technology (2 hours)

Teaching content: honeypot technology concept and classification, honeypot technology advantages and disadvantages, Honeyd

Experimental Teaching

Yes

Teaching Method

Teaching methods include classroom teaching, extracurricular homework, experiments and the combination of teaching and lecturer’s research practice.

Examination Method

This course will be evaluated with comprehensive assessment, includingclosed book examinations, experiments, assignments and attendance. The closed book exams account for 70% of the total score of the course. Experiments, homework and attendance account for 30% of the total score of the course.

Teaching Materials and Reference Books

 Present textbook:

吴礼发,洪征,李华波,《网络攻防原理与技术》,机械工业出版社,2017

 The main references:

 [1].吴灏,《网络攻防技术》, 机械工业出版社,2009

 [2].牛少彰,江为强,《网络的攻击与防范-理论与实践》,北京邮电大学出版社, 2006

 [3].卿斯汉,蒋建春,《网络攻防技术原理与实战》,科学出版社,2004

[4].Chuck EasttomNetwork Defense and Countermeasures: Principles and PracticesPrentice Hall2005

Prepared by Whom and When

Junhui He, April 10, 2019


计算机网络安全》实验教学大纲

课程代码

045102881

课程名称

计算机网络安全

英文名称

Computer and Network Security

课程类别

专业基础课

课程性质

必修

学时

总学时48:实验学时:16实习学时:0其他学时:0

学分

2.5

开课学期

5

开课单位

计算机科学与工程学院

适用专业

信息安全

授课语言

中文

先修课程

计算机网络、高级语言程序设计、操作系统、数据库

毕业要求(专业培养能力)

本课程对学生达到如下毕业要求的贡献:

  1. 设计/开发解决方案:能够设计针对信息安全复杂工程问题的解决方案,设计满足特定需求的信息安全解决方案,并能够在设计环节中体现创新意识,考虑社会、健康、安全、法律、文化以及环境等因素。

  2. 使用现代工具:能够针对信息安全复杂工程问题,开发、选择与使用恰当的技术、资源、现代工具和信息技术工具,包括对信息安全复杂工程问题的预测与模拟,并能够理解其局限性。

  3. 工程与社会:能够基于信息安全工程相关背景知识进行合理分析,评价信息安全专业工程实践和复杂工程问题解决方案对社会、健康、安全、法律以及文化的影响,并理解应承担的责任。

  4. 职业规范:具有人文社会科学素养、社会责任感,能够在工程实践中理解并遵守工程职业道德和规范,履行责任。

课程培养学生的能力(教学目标)

完成课程后,学生将具备以下能力:

  1. 熟悉TCP/IP协议存在的缺陷、网络安全威胁以及网络安全防护等。

  2. 掌握网络侦察技术、网络扫描技术、拒绝服务攻击、计算机病毒、特洛伊木马、网络监听技术、Web网站攻击技术等常见攻击技术原理与应用。

  3. 掌握防火墙技术、入侵检测技术和蜜罐技术等防范技术原理与应用。

课程简介

本课程属于信息安全专业基础课程,结合理论讲解、实例学习和实验,全面介绍计算机网络安全的基本概念、技术和原理。主要内容包括:网络协议缺陷、网络安全威胁以及网络安全防护,网络侦察技术,网络扫描技术,拒绝服务攻击,计算机病毒,特洛伊木马,网络监听技术,Web网站攻击技术,防火墙技术,虚拟专用网技术,入侵检测技术,蜜罐技术。

主要仪器设备与软件

PC机、网络安全设备

实验报告

每次实验需提交实验报告,实验报告的内容应包括实验目的及要求、实验环境、实验过程和实验小结等。

考核方式

本实验课程成绩将结合出勤、实验操作以及实验报告等进行综合评估,其中出勤占实验课程总评成绩的10%,实验操作占实验课程总评成绩的60%,实验报告占实验课程总评成绩的30%

教材、实验指导书及教学参考书目

实验指导书与参考书:

  1. 吴礼发, 洪征, 李华波,《网络攻防原理》,机械工业出版社,2012

  2. 吴灏,《网络攻防技术》, 机械工业出版社,2009

  3. 牛少彰,江为强,《网络的攻击与防范-理论与实践》,北京邮电大学出版社, 2006

  4. 卿斯汉,蒋建春,《网络攻防技术原理与实战》,科学出版社,2004

  5. Chuck EasttomNetwork Defense and Countermeasures: Principles and PracticesPrentice Hall2005

制定人及发布时间

何军辉,2019430


计算机网络安全》实验教学内容与学时分配

实验项目编号

实验项目名称

实验学时

实验内容提要

实验类型

实验要求

每组人数

主要仪器设备与软件


网络侦察

网络扫描

4

1、网络侦察的几种常用方法(如搜索引擎、Whois数据、网络拓扑发现等)

2、利用常见网络扫描软件NMAP进行主机扫描、端口扫描、操作系统检测和漏洞扫描等)

验证性

必做

4

PC机、网络设备


 ARP欺骗

口令嗅探

木马程序

4

1、利用ARPSpoof进行单向或双向ARP欺骗

2、利用Bettercap嗅探口令

3、利用msfvenom生成木马程序

验证性

必做

4

PC机、网络设备


 Windows防火墙/Linux防火墙

PPTP VPN

4

1、Windows高级防火墙配置和测试

2、Linux UFW防火墙配置和测试

3、PPTP VPN服务端建立与客户端连接

设计性

必做

4

PC机、网络设备


入侵检测系统Snort/虚拟蜜罐Honeyd

4

1、入侵检测系统snort的配置和使用

2、利用Honeyd配置蜜罐

设计性

必做

4

PC机、网络设备


 “Computer and Network SecuritySyllabus

Course Code

045102881

Course Title

Computer and Network Security

Course Category

Specialty Basic Courses

Course Nature

Compulsory Course

Class Hours

Total hours: 48 Lab hours: 16 Practice hours: 0 Other hours:0

Credits

2.5

Semester

5

Institute

School of Computer Science & Engineering

Program Oriented

Information Security

Teaching Language

Chinese

Prerequisites

Computer Networks, Advanced Language Programming, Operating Systems, Database

Student Outcomes (Special Training Ability)

This course contributes to the following graduation requirements for students:

  1. Designing and Developing Solutions: with the ability to design the solutions to complex and specific engineering problems in information security, to have an innovative sense in the design phase by considering the factors of society, health, safety, law and culture.

  2. Applying the Modern Tools: with the ability to develop, select and use the appropriate techniques, resources, and modern tools and IT tools, including prediction and simulation, to solve the complex engineering activities in information security and understand the limitations.

  3. Engineering and Society: with the ability to reasonably analyze and evaluate the impacts of professional engineering practice and solutions to the complex engineering problems to society, health, safety, law and culture issues by using the background knowledge of information security engineering, to understand the consequent responsibility.

  4. Professional Regulations: to understand the humanity science and have the sense of social responsibility, be able to responsibly understand and abide the professional ethics and regulations in engineering practice.

Teaching Objectives

Upon completion of the course, students will have the following abilities:

  1. Be familiar with TCP / IP protocol flaws, network security threats and network security protection.

  2. Master common attack technology principles and applications, including network reconnaissance technology, network scanning technology, denial of service attacks, computer viruses, Trojan horses, network monitoring technology, Web site attack technology.

  3. Master common defending technology principles and applications, including firewall technology, intrusion detection technology and honeypot technology.

Course Description

This course belongs to the basic courses of information security. The basic concepts, techniques and principles of computer network security may be introduced by combining theoretical explanation, case study and experiment. The main contents include: network protocol defects, network security threats and network security protection, network reconnaissance technology, network scanning technology, denial of service attacks, computer viruses, Trojan horses, network monitoring technology, Web site attack technology, firewall technology, virtual private network technology, intrusion detection technology, and honeypot technology.

Instruments and Equipments

PC and network security equipment

Experiment Report

Each experiment must submit an experimental report, the experimental report should include the contents of the experimental requirements, experimental environment, experimental process and experimental summary.

Assessment

The experimental result will be evaluated with a comprehensive assessment, including attendance, experimental operation and experimental reports. Attendance accounts for 10% of the total score of the experimental course, experimental operations account for 60% of the total score of the experimental course, the experimental reports account for 30% of the total score.

Teaching Materials and Reference Books

Experimental Guidance and Reference:

  1. 吴礼发, 洪征, 李华波,《网络攻防原理》,机械工业出版社,2012

  2. 吴灏,《网络攻防技术》, 机械工业出版社,2009

  3. 牛少彰,江为强,《网络的攻击与防范-理论与实践》,北京邮电大学出版社, 2006

  4. 卿斯汉,蒋建春,《网络攻防技术原理与实战》,科学出版社,2004

Chuck EasttomNetwork Defense and Countermeasures: Principles and PracticesPrentice Hall2005

Prepared by Whom and When

Junhui He, April 30, 2019


 “Computer and Network SecurityExperimental Teaching Arrangements

No.

Experiment Item

Class Hours

Content Summary

Category

Requirements

Number of StudentsEach Group

Instruments, Equipments and Software

 1

Network reconnaissance

Network scanning

4

1、Network reconnaissance of several common methods (such as search engines, whois, network topology discovery, etc.)

2、Usage of common network scanning software, such as NMAP, for host scanning, port scanning, operating system detection and vulnerability scanning, etc.

Verification

Compulsory

4

PC and network security equipment

2

ARP spoofing

Password intercept

Trojan horse attack

4

1、Use ARPSpoof for one-way or two-way ARP spoofing

2、Use Bettercap to crack password

3、Use msfvenom to generate Trojan horse

Verification

Compulsory

4

PC and network security equipment

3

Firewall Windows/Linux

PPTP Virtual Private Network

4

1、Configure and test Windows advanced firewall

2、Configure and test Linux firewall

3、Use PPTP VPN server to establish a security connection with the client

Design

Compulsory

4

PC and network security equipment

4

Intrusion Detection System Snort / Virtual Honeypot Honeyd

4

1、Intrusion detection system - Snort configuration and use

2、Use Honeyd to configure honeypots

Design

Compulsory

4

PC and network security equipment