First cycle
degree courses
Second cycle
degree courses
Single cycle
degree courses
School of Engineering
COMPUTER ENGINEERING
Course unit
COMPUTER NETWORK MANAGEMENT
INL1001835, A.A. 2017/18

Information concerning the students who enrolled in A.Y. 2016/17

Information on the course unit
Degree course Second cycle degree in
COMPUTER ENGINEERING
IN0521, Degree course structure A.Y. 2009/10, A.Y. 2017/18
N0
bring this page
with you
Number of ECTS credits allocated 9.0
Type of assessment Mark
Course unit English denomination COMPUTER NETWORK MANAGEMENT
Department of reference Department of Information Engineering
E-Learning website https://elearning.dei.unipd.it/course/view.php?idnumber=2017-IN0521-000ZZ-2016-INL1001835-N0
Mandatory attendance No
Language of instruction English
Branch PADOVA
Single Course unit The Course unit can be attended under the option Single Course unit attendance
Optional Course unit The Course unit can be chosen as Optional Course unit

Lecturers
Teacher in charge ALEXANDRU SOCEANU

ECTS: details
Type Scientific-Disciplinary Sector Credits allocated
Core courses ING-INF/05 Data Processing Systems 9.0

Mode of delivery (when and how)
Period Second semester
Year 2nd Year
Teaching method frontal

Organisation of didactics
Type of hours Credits Hours of
teaching
Hours of
Individual study
Shifts
Lecture 9.0 72 153.0 No turn

Calendar
Start of activities 26/02/2018
End of activities 01/06/2018

Examination board
Board From To Members of the board
9 A.A. 2017/2018 01/10/2017 15/03/2019 SOCEANU ALEXANDRU (Presidente)
MORO MICHELE (Membro Effettivo)
LAURENTI NICOLA (Supplente)
8 A.A. 2016/2017 01/10/2016 15/03/2018 SOCEANU ALEXANDRU (Presidente)
MORO MICHELE (Membro Effettivo)
CONGIU SERGIO (Supplente)

Syllabus
Prerequisites: Prerequisites: Basic knowledge in the area of Computer Networks, Java knowledge
Target skills and knowledge: Learning objectives:
After completing this course students will be able to:
•Understand the role and the objectives of network management (NM) for an organization
•Learn how to investigate various standard/private Management Information Bases (MIB) and Remote MIBs
•Configure and use various types of network management tools and protocols: SNMPv2/v3, NetFlow, OpenFlow, OpenNMS, NetFlow-Collector
•Diagnose security problems and use diagnostic/auditing tools
•Investigate attacks on network components and on network applications
•Use tools and techniques for protecting the network components and network applications: NGFW, NGIPS, VPN, RADIUS, Sandboxen.
•Understand how to manage Software Defined Network (SDN) using Mininet.
•Be aware of the security assurance requirements of the organizations
Examination methods: Exam: written exam 90 min.; the acceptance to the exam is completion of all lab and project assignments; Final grade evaluation: 60% written exam + 40% lab/project assignments
Assessment criteria: The evaluation of the labs/projects are based on following criteria:
- Quality of the running live implementation in the class
- Presentation of the project components (.ppt presentation)
- Short analysis of the Java code
- Evaluation of the project report
- Evaluation of the answers of the member of the team (individually) to the questions during the presentation
Course unit contents: Course content:
•Surveys of Fundamentals on Computer Networks: Medium Access Control, TCP/IP Stack, Spanning Tree Protocol, VLAN, Addressing/Subnetting, Routing Alg./Protocols/Tables, QoS, CoS.
•Network Management (NM) Architecture: Reference Model, Legacy NM Functionalities: Monitoring, Performance, Fault, Configuration, Accounting, Distributed NM, Proxy Architecture, Policy Governed Architecture, EVAS NM Architecture (Endpoint Visualization, Access, and Security), Internet of Things (IoT) Architecture, Software Defined Networks Architecture (SDN).
•Management Information Bases (MIBs): Std. and Private MIBs, MIB II, ASN.1 Language, Structure of Management Information (SMI) using ASN.1, Basic Encoding Rules (BER), Remote Network Monitoring MIBs: RMON1&2.
•NM-Protocols and -Systems: SNMPv2&v3, NetFlow, OpenFlow, CoAP, 6LoWPAN, NM Systems: OpenNMS, NetFlow Collector, Mininet (SDN)
•Network Attacks: Type of Attacks: Reconnaissance (Reconn), Denial of Service (DoS), DDoS, Case studies of Network Attacks;
•Network Security Models: Basic Security Model: Confidentiality, Integrity, Availability, Network Access Control (NAC), Transport Layer Security: SSL, TSL, DTLS, Network Layer Security: Packet filtering, Access Control List (ACL), PAT/NAT, IPSec, VPN, Link Layer Security: IEEE 802.15.4
•Managing Protection against Network Attacks: VLAN Security, New Generation FW (NGFW), New Generation IPS (NGIPS), Legacy NAC using Std. IEEE 802.1x and RADIUS, Managing NAC using Policy Engines: Case Study: NAC using Policy Governed Network CISCO-ISE, Managing Sandboxing Protection
•NM Protection Regulation Guides.
Planned learning activities and teaching methods: A) Face to face weekly courses

B) Lab/Project assignments
1.Managing Static/RIPv2/OSPF Routing,
2.Monitoring/Controlling CNs using SNMPv2&v3 and MIBII technology,
3.Monitoring the CN using OpenNMS Tool and SNMP,
4.Monitoring the CN using NetFlow protocol and NetFlow Collector,
5.Monitoring/Controlling SDN-based CNs using Mininet
6.Program CN attacks using Scapy attack generator: Reconn., DoS/DDoS
7.Configure/Analyze VPN method based traffic protection using OpenVPN,
8.Configure/Analyze CN protection using NGFW-(Untangle) and NAT-Tools,
9.Configure/Analyze Network Access Control (NAC) using RADIUS-Server
10.Configure/Analyze IPS based protection using Snort(IPS)-Tool,
11.Configure/Analyze Sandbox based protection using Sandbox Tool Cuckoo

All assignments will be carried out using the virtual lab container with already installed network components and software packages. The network components are based on virtual machines and open source software tools, i.e.: Wireshark, Vyos Router supporting MIBII, SNMPv2&3 and NetFlow Agents, OpenNMS, NetFlow Collector, RADIUS, IPS (Snort), NGFW (Untangle), Sandbox (Cuckoo), OpenVPN, Mininet, OpenvSwitch.
The lab assignments will be carried out in a collaborative manner by teams of 2-3 students. The completion of labs and the projects are mandatory for being admitted to the exam
Additional notes about suggested reading: References:
1. James Kurose and Keith Ross: "Computer Networking, A Top Down Approach", 6th Ed., Pearson Education, N. Y., 2013
2. William Stallings: „SNMP, SNMPv2, SNMPv3 and RMON 1 and 2“, 3rd Ed., Addison Weslay, 2006
3. William Stallings & Larie Brown: "Computer Security: Principle and Practice", 3rd Ed., Pearson Education., 2015
4. T. Alpcan, T. Bas: “Network Security”, Cambridge University Press, 2010
5. Omar Santos: "Network Security with NetFlow and IPFIX", Pearson Education, 2015
6. O.Santos, P.Kampanakis, A. Woland, N. Hamphrey:"CISCO Next Generation Security Solutions", Pearson Education, 2016
7. Richard Burke: “Network Management : Concepts and Practice: A Hands-On Approach”, Prentice Hall, Upper Saddle River, NJ 07458, 2004
8. Diego Kreutz, et. Co: “Software-Defined Networking: A Comprehensive Survey”, Cornell Univ. Library, 2014, http://arxiv.org/pdf/1406.0440.pdf
9. Introduction to NetFlow (CISCO)
www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios- netflow/prod_white_paper0900aecd80406232.html
Textbooks (and optional supplementary readings)
  • see: DEI-UNIPD Moodle of the course "Computer Network Management", Exam Patterns section. Moodle DEI-UNIPD: --, --.