Purdue School of Engineering and Technology

Purdue School of Engineering and Technology

Advanced Network Security

CIT 40600 / 3 Cr.

This course provides students with in-depth study and practice of advanced concepts in applied systems and networking security, including security policies, access controls, IP security, authentication mechanisms, and intrusion detection and protection.

  • Windows
  • Unix

Course Outcomes (What are these?)

  • Identify the key types of access control mechanisms using Unix and Windows ACL (CIT j, m)
  • Audit passwords on Windows and UNIX (CIT j, m)
  • Understand how TCP/IP traffic behaves on the network and how to operate sniffing tools to detect anomalies (CIT j, m)
  • Implement an organizational policy using software-based and hardware-based packet filtering (CIT b, c, j, m)
  • Configure NIDS tools like Snort to look for certain detects (CIT b, c, j, m)
  • Configure and run a vulnerability scanner to find weak points in your systems (CIT b, c, j, m)
  • Configure GPG under Linux to enable more secure communications (CIT b, c, j, m)

CIT Student Outcomes (What are these?)

(b) An ability to analyze a problem, and identify and define the computing requirements appropriate to its solution.

(c) An ability to design, implement, and evaluate a computer-based system, process, component, or program to meet desired needs.

(j) An ability to use and apply current technical concepts and practices in the core information technologies. [IT]

(m) An understanding of best practices and standards and their application. [IT]

  • Access Controls
  • Passwords
  • Encryption
  • Kerberos
  • Intrusion Detection
  • Vulnerability Scanning
  • Sniffing
  • Packet Filtering


Principles of Undergraduate Learning (PULs)

2. Critical Thinking

3. Integration and Application of Knowledge

4. Intellectual Depth, Breadth, and Adaptiveness

What You Will Learn

Access Controls

  • Setup and maintain Windows and Linux ACLs
  • Discuss different forms of physical access control
  • Discuss multifactor authentication, including token based authentication
  • Discuss various forms of data center security risks, including tailgating


  • Discuss and configure systems with weak and secure authentication
  • Learn how to setup and properly manage a password policy
  • Determine when and where cleartext passwords are used
  • Discuss various password cracking tools and password strength
  • Learn when to use a single sign on or single use passwords


  • Configure various forms of encryption, including EFS, Bitlocker and PGP
  • Learn about cold boot attacks and other attacks on encryption
  • Setup and configure full disk, pre-operating system encryption using AES
  • Setup and encrypt various forms of portable media


  • Learn about the Kerberos ticket granting process
  • Discuss Kerberos drawbacks
  • Discuss User Client-Based Logins, Client Authentication, Client Service Authorization and Client Service Requests
  • Discuss how Kerberos is used in different computing environments

Intrusion Detection

  • Learn about various types of hardware and softwared based intrusion detection systems (NIDS, PIDS, APIDS, HIDS)
  • Discuss manual, automatic and hybrid forms of intrusion detection
  • Learn about different IDS terminology including false positives and false negatives
  • Learn the difference between passive and reactive intrusion detection systems

Vulnerability Scanning

  • Setup and configure Microsoft Baseline Security Analyzer
  • Setup and configure Nessus
  • Discuss the business process of implementing a vulnerability patch
  • Learn about how Honeypots are setup and how they work


  • Configure many of the different packet sniffers available (Ettercap, tcpdump)
  • Learn about ARP spoofing and ARP poisoning
  • Discuss how packet sniffing can be used for penetration testing

Packet Filtering

  • Discuss the concepts behind packet filtering including keeping state and stateful inspection
  • Setup and configure packet filtering on a firewall
  • Setup and configure a proxy
  • Learn how to setup and analyze basic packet filtering rules