Topics included in this unit start with an introduction to the layered structure of networks, security threats in an open network environment, and basic security. This is followed by a detailed exposition of major tools and protocols used in VPNs, including firewalls, IPSec, Internet Security Association and Key Management Protocol (ISAKMP), Internet Key Exchange (IKE), Point-to-Point Protocol (PPP) and Point-to-Point Tunnelling Protocol (PPTP), Layer 2 Tunnelling Protocol (L2TP), Secure Sockets Layer (SSL), and SOCKS. This leads to an exposition of principles and methodologies for the design and implementation of Intranets and Extranets using VPNs. Also discussed, are the techniques for managing security, naming and address services, and performance of a VPN.
Objectives
At the completion of this unit, students should
have a detailed knowledge and understanding of all major protocols used for VPN;
a detailed knowledge and understanding of VPN architectures including interaction with firewalls;
an understanding of major issues in implementing the protocols;
the knowledge and skills to objectively compare and contrast various VPN protocols (eg. L2TP with IPSec and the platform specific variations);
the knowledge and skills to enable them to design and implement standard and non-standard VPNs;
the ability to work in small groups requiring skills associated with inter-personal relationships, communication and teamwork.
Prerequisites
Admission to the Master of Network Computing, or equivalent Masters level programs of the Faculty of Information Technology; You should have some programming experience in C, C++ or Java.
Unit relationships
CPE5006 is an elective unit in the Master of Network Computing. It has no prerequisites other than knowledge of modern network data communications, in particular TCP/IP and data link protocols used in local area networks.
Texts and software
Required text(s)
Dennis Fowler, Virtual Private Networks: Making the Right Connection. 1stEd. MorganKaufmann/Elsevier (1999) ISBN 1558605754
Oleg Kolesnikov, Brian Hatch. Building Linux Virtual Private Networks 1stEd. Que (2002) ISBN 1578702666
Textbook availability
Text books are available from the Monash University Book Shops. Availability from other suppliers cannot be assured. The Bookshop orders texts in specifically for this unit. You are advised to purchase your text book early.
Software requirements
The standard operating environment provided in FIT computer labs is considered adequate for most purposes. However, most of the tutorial exercises require the use of an open source Linux environment, which is provided in the assigned FIT computer laboratory.
Software may be:
downloaded from the resources page on the unit web site
Hardware requirements
Students studying off-campus are required to have the minimum system configuration specified by the Faculty as a condition of accepting admission, and regular Internet access. On-campus students, and those studying at supported study locations may use the facilities available in the assigned computing labs where removable disk drives pre-formatted with Linux and basic network infrastructure is provided.
Information about computer use for students is available from the ITS Student Resource Guide in the Monash University Handbook.
You will need to allocate up to 8 hours per week for private study including use of a computer for eMail and newsgroups/discussion groups.
Recommended reading
Greg Holden. Guide to Firewalls and Network Security Intrusion Detection and VPNs. THOMSON ISBN 0619130393
Greg Holden. Guide to Network Defense and Counter Measures. THOMSON ISBN 0619131241
Thaddeus Fortenberry. Windows 2000 Virtual Private Networking. 1stEd. Que (2000) ISBN 1578702461
Meeta Gupta. Building a Virtual Private Network. 1stEd. PremierPress (2002) ISBN 1931841810
Library access
You may need to access the Monash library either personally to be able to satisfactorily complete the subject. Be sure to obtain a copy of the Library Guide, and if necessary, the instructions for remote access from the library website.
Study resources
Study resources for CPE5006 are:
The CPE5006 web site contains the unit outline, lecture slides, weekly tutorial exercises, assignment specifications, sample solutions and supplementary resource material and is be available to registered students. Copies of all handouts and most other resource material will generally be made available via the web. The password required to access the materials will be given to you at the first lecture. Students may download copies of lecture slides and tutorial exercises from the web pages. In some circumstances, material may be placed in the web pages without being distributed in class. A web-based Notices, News and Discussion forum and computer mailing list, that can be accessed from the FIT5006 web site or directly via the URL: http://webboard.netcomp.monash.edu.au/~CPE5006
No Tutorial in Week 1. Webboard Conference Registration
2
Networking concepts
3
Encryption
4
Authentication and Authorisation
5
Key Management & CA
6
Building simple VPNs
7
VPN Protocols I
Assignment 1
8
VPN Protocols II
9
Building and IPSec VPN
10
VPN with Windows
Non teaching week
11
Non standard protocols & Plenary session
12
(No Lecture) A2 Theoretical work
13
(No Lecture) A2 Theoretical work
Assignment 2
Timetable
The timetable for on-campus classes for this unit can be viewed in Allocate+
Assessment
Assessment weighting
Read this section VERY carefully. Assessment for the unit consists of:
a written research assignment with a weighting of 20% to be submitted individually by each student;
a project worth 40% to be implemented collectively and submitted by a group of students;
assessable tutorial exercises and tests worth 40%.
The first assignment is worth 20% of the total marks for the unit and must be completed individually. The assignment consists of a report written by the student based upon the information available within the lecture notes, text books, and that obtained by searching the Internet and the Library. This will address objectives 1 and 2.
The second assignment will be worth 40% of the total marks for the unit and will be done as in groups. It entails a wide range of activities including the research, design, implementation, testing, and presentation of the project in a work-environment-like situation. This will address objectives 2, 3, 4, and 5.
The work done in the tutorials will be assessed at the end of the semester and together with a lab test, is worth 40% of the total marks for the unit. This will address objectives 1, 2, 3, 4, and 5.
See the Unit desciption and Assessment pages on the unit web site for more details, including assignment specifications and marking guides.
Assessment Policy
To pass this unit you must:
gain at least 40% of the assessable tutorial and test component: ie exercises and tests performed under Laboratory conditions, taken as a whole
gain at least 40% of the assignment component: ie the assignments and any other other assessment tasks (such as presentations) taken as a whole
achieve at least 50% of the total marks for the unit
For more details on the 40% Rule and many other things that students are expect to know about, visit the student information section of the Faculty web pages.
Your score for the unit will be calculated by:
(A1% * 20/100) + (A2% * 40/100) + (T% * 40/100)
where:
A1% is the total %mark awarded for the individual research assignment, A2% is the total %mark awarded for the group project and T% is the total %mark of all assessable tutorial exercises and test.
Assessment Requirements
Assessment
Due Date
Weighting
assessable tutorial exercise and tests
various (see Tute pages)
40%
assignment 1
week 7
20 %
assignment 2
week13
40 %
no formal exam in this unit
Exam period (S2/06) starts on 23/10/06
0 %
Assignment specifications will be made available on the CPE5006 unit web site assessment page.
Assignment Submission
The parts of the assignments that require written submission must be delivered to the labelled mailbox at the offices of the Caulfield School of IT on or before the nominated submision date and time, with the appropriate cover sheet correctly filled out and attached. Do not email the written submissions.
Extensions and late submissions
Late submission of assignments
Assignments received after the due date will be subject to a penalty of 10% per day late. Assignments received more than one week after the due date will not normally be accepted.
This policy is strict because comments or guidance will be given on assignments as they are returned, and sample solutions may also be published and distributed, after assignment marking or with the returned assignment.
Extensions
It is your responsibility to structure your study program around assignment deadlines, family, work and other commitments. Factors such as normal work pressures, vacations, etc. are seldom regarded as appropriate reasons for granting extensions.
Requests for deadline extensions must be made in writing using the Application for Extension form available from the Faculty student information web pages, and submitted to the lecturer at least two days before the due date of the relevant assignment. You will be asked to forward original medical certificates in cases of illness, and may be asked to provide other forms of documentation where necessary. If approved, the signed tear-off stub from the original extension form must be attached to a hard-copy of the assignment submission. A copy of the email or other written communication of an extension must be attached to the assignment submission.
Grading of assessment
Assignments, and the unit, will be marked and allocated a grade according to the following scale:
Grade
Percentage/description
HD High Distinction -
very high levels of achievement, demonstrated knowledge and understanding, skills in application and high standards of work encompassing all aspects of the tasks.
In the 80+% range of marks for the assignment.
D Distinction -
high levels of achievement, but not of the same standards. May have a weakness in one particular aspect, or overall standards may not be quite as high.
In the 70-79% range.
C Credit -
sound pass displaying good knowledge or application skills, but some weaknesses in the quality, range or demonstration of understanding.
In the 60-69% range.
P Pass
acceptable standard, showing an adequate basic knowledge, understanding or skills, but with definite limitations on the extent of such understanding or application. Some parts may be incomplete.
In the 50-59% range.
N Not satisfactory
failure to meet the basic requirements of the assessment.
Below 50%.
Assignment return
We will aim to have assignment results made available to you within two weeks after assignment receipt.
Feedback
Feedback to you
You will receive feedback on your work and progress in this unit. This feedback may be provided through your participation in tutorials and class discussions, as well as through your assignment submissions. It may come in the form of individual advice, marks and comments, or it may be provided as comment or reflection targeted at the group. It may be provided through personal interactions, such as interviews and on-line forums, or through other mechanisms such as on-line self-tests and publication of grade distributions.
Feedback from you
You will be asked to provide feedback to the Faculty through a Unit Evaluation survey at the end of the semester. You may also be asked to complete surveys to help teaching staff improve the unit and unit delivery. Your input to such surveys is very important to the faculty and the teaching staff in maintaining relevant and high quality learning experiences for our students.
And if you are having problems
It is essential that you take action immediately if you realise that you have a problem with your study. The semester is short, so we can help you best if you let us know as soon as problems arise. Regardless of whether the problem is related directly to your progress in the unit, if it is likely to interfere with your progress you should discuss it with your lecturer or a Community Service counsellor as soon as possible.
Plagiarism and cheating
Plagiarism and cheating are regarded as very serious offences. In cases where cheating has been confirmed, students have been severely penalised, from losing all marks for an assignment, to facing disciplinary action at the Faculty level. While we would wish that all our students adhere to sound ethical conduct and honesty, I will ask you to acquaint yourself with Student Rights and Responsibilities and the Faculty regulations that apply to students detected cheating as these will be applied in all detected cases.
In this University, cheating means seeking to obtain an unfair advantage in any examination or any other written or practical work to be submitted or completed by a student for assessment. It includes the use, or attempted use, of any means to gain an unfair advantage for any assessable work in the unit, where the means is contrary to the instructions for such work.
When you submit an individual assessment item, such as a program, a report, an essay, assignment or other piece of work, under your name you are understood to be stating that this is your own work. If a submission is identical with, or similar to, someone else's work, an assumption of cheating may arise. If you are planning on working with another student, it is acceptable to undertake research together, and discuss problems, but it is not acceptable to jointly develop or share solutions unless this is specified by your lecturer.
Intentionally providing students with your solutions to assignments is classified as "assisting to cheat" and students who do this may be subject to disciplinary action. You should take reasonable care that your solution is not accidentally or deliberately obtained by other students. For example, do not leave copies of your work in progress on the hard drives of shared computers, and do not show your work to other students. If you believe this may have happened, please be sure to contact your lecturer as soon as possible.
Cheating also includes taking into an examination any material contrary to the regulations, including any bilingual dictionary, whether or not with the intention of using it to obtain an advantage.
Plagiarism involves the false representation of another person's ideas, or findings, as your own by either copying material or paraphrasing without citing sources. It is both professional and ethical to reference clearly the ideas and information that you have used from another writer. If the source is not identified, then you have plagiarised work of the other author. Plagiarism is a form of dishonesty that is insulting to the reader and grossly unfair to your student colleagues.
Communication
Communication methods
Preferred method of contact for lecturers and tutors is by eMail or conference group posting. The conference is accessable through the unit web site, by eMail or newsreader. The lecturer is also available for personal consultation at times and place given in the consultation section below.
Notices
Notices related to the unit during the semester will be placed on the Notices conference in the Unit Website. Check this regularly. Failure to read the Notices conference is not regarded as grounds for special consideration.
Consultation Times
A timetable showing consultation times will be posted on the door of each staff members office and also announced during lectures.
If direct communication with your unit adviser/lecturer or tutor outside of consultation periods is needed you may contact the lecturer and/or tutors at:
All email communication to you from your lecturer will occur through your Monash student email address. Please ensure that you read it regularly, or forward your email to your main address. Also check that your contact information registered with the University is up to date in My.Monash.
Additional information
Demonstration of Practical work
To ensure that students fully understand the workings of any practical work submitted for assessment, some emphasis is given to an oral presentation, which is part of the individual student demonstration of each program or project. Students will be expected to show a detailed understanding of the operations described and structure of the practical work, and be able to answer questions related to the design and function of the practical work or project.