460-4124/02 – Data Center Networks and Cloud Computing Security (BPSDC)
Gurantor department | Department of Computer Science | Credits | 4 |
Subject guarantor | Ing. Pavel Moravec, Ph.D. | Subject version guarantor | Ing. Pavel Moravec, Ph.D. |
Study level | undergraduate or graduate | Requirement | Compulsory |
Year | 2 | Semester | summer |
| | Study language | English |
Year of introduction | 2016/2017 | Year of cancellation | |
Intended for the faculties | FEI | Intended for study types | Follow-up Master |
Subject aims expressed by acquired skills and competences
After the course completion the student should be able to:
- Describe key technologies which improve data center security.
- Define the physical and logical levels of data and service security.
- Configure basic network elements in a more secure manner.
- Explain and apply techniques, improving the cloud solutions security.
- Describe the most common attacks on data center and cloud service infrastructure.
- Explain basic principles of defense against network attacks on data centers.
Teaching methods
Lectures
Tutorials
Experimental work in labs
Project work
Summary
The aim of the course is to introduce students to the basic aspects of building secure data centers and cloud solutions and securing of their operation. In the introduction the current network technologies used in large data centers are presented. Emphasis is placed on a comprehensive approach, starting at the physical security level, a secure network infrastructure, to the security of the software services running on the servers themselves. Remote access methods, data center interconnection, and securing of transmission routes are discussed. Further, the issues of cloud services security, especially in terms of availability, confidentiality and data security issues related to the operation, and security mechanisms are described. As part of the laboratory work, students will learn about advanced network infrastructure, virtual servers and their security.
Compulsory literature:
Recommended literature:
Additional study materials
Way of continuous check of knowledge in the course of semester
Verification of study:
Assignments solved during exercises that verify students' ability to apply methods of computer network configuration, monitoring and troubleshooting for data center networks in particular scenarios dealing with data center security.
Credit requirements: Handing-in solutions of the individual lab assignments during the semester.
Exam is done in written form.
E-learning
Other requirements
Basic knowledge of computer networking topics (layered model, addressing, routing and switching, remote access) and computer security (attacks on infrastructure, CIA, AAA, encryption, identity management).
Prerequisities
Subject has no prerequisities.
Co-requisities
Subject has no co-requisities.
Subject syllabus:
Lecure schedule:
1. Design and implementation of data centers (hardware and software redundancy), overview of the most common networking (TIA-942, ISO/IEC 11801-5) and software technologies.
2. Data center operation and its efficiency (facilities, PUE)
3. Security and safety of data center standards (TIER certification, EN 50600).
4. Securing the communication interfaces (Fibre Channel - port security, fabric binding, FCIP - traffic engineering, cost profile).
5. Logging and monitoring of data center infrastructure and services, audit trail.
6. Identity and permission management (SAML, OAuth, OpenID). Technologies for data center management and remote access.
7. Data center network infrastructure, services and application security. Integrated solutions for data center security and their common features.
8. Service models of cloud services and their deployment models (SaaS, PaaS, IaaS). Data and application accessibility in cloud environment, data recovery, privacy of stored data.
9. Public and Private Cloud (Amazon, Microsoft Azure, Google Cloud).
10. Cloud security controls. DDoS attacks on cloud services and their prevention.
Computer laboratories focus on practical implementation of topics covered on the lectures.
Laboratory schedule:
1. Introduction to the laboratory and assignments during the semester.
2. Implementation of L2 security.
3. Implementation of L3 security.
4. Deployment of IDS and IPS solutions.
5. Zone-based firewalling.
6. Remote management and remote access configuration.
7. Cloud platforms - OpenStack.
8. Cloud platforms - Amazon AWS.
9. Cloud platforms - Microsoft Azure.
10. Physical safety and security of data centers.
Conditions for subject completion
Occurrence in study plans
Occurrence in special blocks
Assessment of instruction
Předmět neobsahuje žádné hodnocení.