Securing Enterprise LANs and WANs module helps you develop the skills needed for entry-level network security career

opportunities. It provides a theoretically rich, hands-on introduction to network security, in a logical sequence

driven by technologies., the following are key indicative content:

Explain the various types of threats and attacks.

Explain the tools and procedures to mitigate the effects of malware and common network attacks.

Configure command authorization using privilege levels and role based CLI.

Implement the secure management and monitoring of network devices.

Configure AAA to secure a network.

Implement ACLs to filter traffic and mitigate network attacks on a network.

Implement Zone-Based Policy Firewall using the CLI.

Explain how network-based Intrusion Prevention Systems are used to help secure a network.

Explain endpoint vulnerabilities and protection methods.

Implement security measures to mitigate Layer 2 attacks.

Explain how the types of encryption, hashes, and digital signatures work together to provide confidentiality, integrity, and authentication.

Explain how a public key infrastructure is used to ensure data confidentiality and provide authentication.

Configure a site-to-site IPsec VPN, with pre-shared key authentication, using the CLI.

Explain how SD-Access is effective for configuration and maintenance in growing and ever-changing networks.

Describe the benefits of utilizing an SD-WAN.

Mobile networks

Mobile network security





This module will support the development and assessment of the following Core Knowledge, Skills and Behaviours from the DTSP Apprenticeship Standard:¿

Knowledge¿

K1 How organisations adapt and exploit digital technology solutions to gain a competitive advantage.¿

K3 Principles of estimating the risks and opportunities of digital and technology solutions.¿

K5 A range of digital technology solution development techniques and tools.¿

K6 The approaches and techniques used throughout the digital and technology solution lifecycle and their applicability to an organisation’s standards and pre-existing tools.¿

K11 The nature and scope of common vulnerabilities in digital and technology solutions. For example, the risks of unsecure coding and unprotected networks¿

K15 Principles of estimating cost, and time resource constraints within digital and technology solutions activities.¿

K16 Fundamental computer networking concepts in relation to digital and technology solutions. For example, cloud architecture, components, quality of service.¿

K17 Reporting techniques, including how to synthesise information and present concisely, as appropriate to the target audience.¿

K18 Techniques of robust research and evaluation for the justification of digital and technology solutions.¿

K19: Relevant legal, ethical, social and professional standards to a digital and technology solution. For example, Diversity, Accessibility, Intellectual Property, Data Protection Acts, Codes of Practice, Regulatory and Compliance frameworks.¿

Skills¿

S1 Analyse a business problem to identify the role of digital and technology solutions.¿

S2 Identify risks, determine mitigation strategies and opportunities for improvement in a digital and technology solutions project.¿

S3 Analyse a business problem to specify an appropriate digital and technology solution.¿

S10 Initiate, design, implement and debug a data product for a digital and technology solution.¿

S12 Plan, design and manage simple computer networks with an overall focus on the services and capabilities that network infrastructure solutions enable in an organisational context.¿

Behaviours¿

B1 Has a strong work ethic and commitment to meet the standards required.¿

B3 Acts with integrity with respect to ethical, legal and regulatory requirements ensuring the protection of personal data, safety and security.¿

B4 Commits to continuous professional development; maintaining their knowledge and skills in relation to developments in digital and technology solutions that influence their work.¿

B7 Maintains awareness of trends and innovations in the subject area, utilising a range of academic literature, online sources, community interaction, conference attendance and other methods which can deliver business value.¿

¿

This module will support the development and assessment of the following Specialist Route Knowledge, Skills and Behaviours from the DTSP Apprenticeship Standard:¿

¿

Network Engineer¿

Knowledge¿

K61 The role and function of virtual or physical network components and functions and typical topologies and service architectures.¿

K62 The main network protocols in use, their purpose, features and relationship to each other for example Ethernet, IP (Internet Protocol), TCP (Transmission Control Protocol), OSPF (Open Shortest Path First),¿

K63 The benefits and risks of cloud computing and the common integration deployments (private, public, hybrid). Including the benefits and risks of virtualisation as a concept; key features of virtualisation and current cloud platforms available.¿

K64 The main factors that affect network performance, and how to mitigate these on network performance by implementing changes to QoS. For example, Traffic Shaping / Policing / Queuing), Topology (physical and logical), and Network Policy (Traffic Analysis, DPI (Deep Packet Inspection).¿

K66 Key security concepts. For example, threats, vulnerabilities, exploits, detection and mitigation techniques, and security program elements such as user awareness, physical access control, multi-layer defence models.¿

K67 SDN (Software Defined Networking) and Network Function Virtualisation Core Principles. For example, Control Plane Separation, flexibility, overlay networks, disassociation of software and hardware layers.¿



Skills¿

S56 Identify and collate stakeholder needs in relation to computer network requirements, plans and designs.¿

S57 Plan, design, document, and develop the relevant elements of a computer network within an organisation or between organisations, considering customer requirements (performance, scale), constraints (budget, equipment availability), and define policies for their use.¿

S58 Monitor performance and ensure networks are configured correctly and perform as expected by designers or architects. Undertake capacity management and audit of IP addressing and hosted devices.¿

S59 Investigate, troubleshoot and resolve data network faults in local and wide area environments using information from multiple sources physically or remotely by console connection. Recommend and implement short term fixes to restore service and, or quality of experience and recommend longer term changes to prevent recurrence or reduce impact of future occurrences.¿

S60 Implement computer networks from a design including testing and validation. This includes populating variables in configurations for example IP addresses and subsequent application of configuration to equipment such as routers, switches, firewalls.¿

S61 Secure network systems by establishing and enforcing policies and defining and monitoring access. Support and administer firewall environments in line with IT security policy.

S62 Research and evaluate emerging network technologies and assess relevance to current network requirements. Provide an objective opinion on how new features and technologies may be incorporated as required by the organisation.¿

S63 Investigate security concerns or attacks for example DDOS (Distributed Denial of Service), port scanning), assessing key metrics and indicators, evidencing the chosen steps to mitigate.¿

Assessment 1: Time constrained exam written and monitored online for outcomes 1, 2, and 4.



Assessing the following Network Engineer Route KSBs¿

Knowledge¿¿

K66 Key security concepts. For example, threats, vulnerabilities, exploits, detection and mitigation techniques, and security program elements such as user awareness, physical access control, multi-layer defence models.¿

K67 SDN (Software Defined Networking) and Network Function Virtualisation Core Principles. For example, Control Plane Separation, flexibility, overlay networks, disassociation of software and hardware layers.



Assessment 2: A Practical assessment to install, configure, test firewalls and implement security solutions for outcomes 3 and 4



Assessing the following Network Engineer KSBs:¿

Knowledge¿¿

K66 Key security concepts. For example, threats, vulnerabilities, exploits, detection and mitigation techniques, and security program elements such as user awareness, physical access control, multi-layer defence models.¿

K67 SDN (Software Defined Networking) and Network Function Virtualisation Core Principles. For example, Control Plane Separation, flexibility, overlay networks, disassociation of software and hardware layers.

K68 Key elements of mobile networks. For example RAN (Radio Access Network), EPC (Evolved Packet Core), IMS (IP Multimedia Subsystem) including some specific key functions such as S/P/U-Gateways and the concepts in communicating over free-space media such as interference, ground bounce, encryption and in mobile endpoint platforms such as tracking user location and roaming.

Skills¿¿

S57 Plan, design, document, and develop the relevant elements of a computer network within an organisation or between organisations, considering customer requirements (performance, scale), constraints (budget, equipment availability), and define policies for their use.¿¿

S58 Monitor performance and ensure networks are configured correctly and perform as expected by designers or architects. Undertake capacity management and audit of IP addressing and hosted devices.¿¿

S59 Investigate, troubleshoot and resolve data network faults in local and wide area environments using information from multiple sources physically or remotely by console connection. Recommend and implement short term fixes to restore service and, or, quality of experience and recommend longer term changes to prevent recurrence or reduce impact of future occurrences.¿¿

S61 Secure network systems by establishing and enforcing policies and defining and monitoring access. Support and administer firewall environments in line with IT security policy.

S62 Research and evaluate emerging network technologies and assess relevance to current network requirements. Provide an objective opinion on how new features and technologies may be incorporated as required by the organisation.

S63 Investigate security concerns or attacks for example DDOS (Distributed Denial of Service), port scanning), assessing key metrics and indicators, evidencing the chosen steps to mitigate.

We will provide lecture material which will be available to you from the launch of the module. This material will be provided by Staffordshire University in addition to material which is provided by AWS Academy.



We will also provide you with access to the AWS environment where you can develop your skills and use the technology which we are discussing.



The module will be delivered in a Blended Learning Mode consisting of face to face, online and guided learning sessions.



Teaching sessions will blend theory and practical learning and most importantly where possible contextualised in your workplace as part of your apprenticeship. Learners will be introduced to curriculum concepts and ideas and will then be able to apply theory to practical examples. In addition, students will be provided with a range of resources for independent study such as case studies, academic papers and industry case studies. There will be a mixture of practical and theoretical formative (mock or practice) exercises which will help students build knowledge and confidence in preparation for summative (formal) assessment.



The delivery will be delivered as follows:



Module Launch week: 12 hours

There will be a module launch session consisting of up to 12 hours face to face contact time devoted to developing your understanding of the core purpose and assessment of the module. Learners will be presented with details of how the learning will be structure and how to access to the learning materials for the remainder of the module



Structured Learning Sessions: 15 hours

Following the module launch week you will have a further 15 hours of contact time as a class with the module team. This will typically be as 10 x 1.5 hour online classes which will be a combination of activities including lectures, demonstrations, discussions, tutorials and seminars. Some sessions are likely to be in flipped classroom style, where you will be expected to watch online recordings, read materials or respond to practical activities in preparation for active engagement with problem solving in the online session.



1:1 Progress Checks: 1 hour

As a Blended Learner understanding your progress can be a challenge so you are allocated an hour of 1:1 time with your tutor (typically 3 x 20 minute). Some of these may be in small groups if appropriate. These sessions may be used to discuss key topics, troubleshoot salutations, review working drafts etc



Guided Independent Learning: 178 hours

The module leader will provide resources through the virtual learning environment which will include videos and presentations as well as links to useful websites and other resources. Additional academic learning will be achieved through reading around the subject area, module tutors will suggest useful texts, though many others will be suitable and can be found in our e-library. You should also draw on the expertise in your workplace via your workplace mentor and other colleagues. If you require help understanding any of the concepts, you should contact your module tutor for assistance.

As an apprentice you are constantly developing your Digital Skills as part of your substantial role, and this applies to the development of the knowledge for your modules too. In some cases, there will be a significant cross over between the module content and in others less so, depending on the nature of your workplace duties, this will have direct impact on to the number of Independent Learning required.



Within the Independent learning time you will be expected to complete your assignments, as a guide a typical module assignment should take around 60 hours to complete

1. Explain and critically evaluate security threats, the securing of network devices, AAA, VPN, IPS, firewalls and cryptographic systems.

2. Analyse and evaluate how the types of encryption, hashes, and digital signatures work together to provide confidentiality, integrity, and authentication



3. Install, configure, and test firewall and intrusion prevention technologies according to industry standards using desirable tools.

4. Implement advanced technologies to support a secure and scalable enterprise network architecture.

Enterprise Networking, Security, and Automation Companion Guide (CCNAv7), Cisco Networking Academy. Cisco Press July 2020.



CCNA Security 210-260 Official Cert Guide, John Stuppi, Omar Santos. Publisher: Cisco Press. Release Date: September 2015. ISBN: 9780134077857

Lecture slide, recorded videos, lab documents and activities accessed through VLE

Simulation tools for network logical design, configurations and testing



Students studying this module will be able to access online materials including the Cisco Networking Academy online

curriculum (http://www.netacad.com), and the VLE.

The purpose of this module is to provide skills and knowledge in the field of network security including mobile communications. Today's organizations are challenged with responding rapidly to emerging network security threats. Security personnel configure and monitor various network security threat mitigation measures, such as device hardening, intrusion prevention systems, and firewalls, to protect data assets and network systems from attack.