460-4124/02 – Data Center Networks and Cloud Computing Security (BPSDC)

Gurantor departmentDepartment of Computer ScienceCredits4
Subject guarantorIng. Pavel Moravec, Ph.D.Subject version guarantorIng. Pavel Moravec, Ph.D.
Study levelundergraduate or graduateRequirementCompulsory
Year2Semestersummer
Study languageEnglish
Year of introduction2016/2017Year of cancellation
Intended for the facultiesFEIIntended for study typesFollow-up Master
Instruction secured by
LoginNameTuitorTeacher giving lectures
MOR03 Ing. Pavel Moravec, Ph.D.
STR554 Ing. Daniel Stříbný
Extent of instruction for forms of study
Form of studyWay of compl.Extent
Full-time Credit and Examination 2+2

Subject aims expressed by acquired skills and competences

After the course completion the student should be able to: - Describe key technologies which improve data center security. - Define the physical and logical levels of data and service security. - Configure basic network elements in a more secure manner. - Explain and apply techniques, improving the cloud solutions security. - Describe the most common attacks on data center and cloud service infrastructure. - Explain basic principles of defense against network attacks on critical infrastructure.

Teaching methods

Lectures
Tutorials
Experimental work in labs
Project work

Summary

The aim of the course is to introduce students to the basic aspects of building secure data centers and cloud solutions and securing of their operation. In the introduction the current network technologies used in large data centers are presented. Emphasis is placed on a comprehensive approach, starting at the physical security level, a secure network infrastructure, to the security of the software services running on the servers themselves. Remote access methods, data center interconnection, and securing of transmission routes are discussed. Further, the issues of cloud services security, especially in terms of availability, confidentiality and data security, legal issues related to the operation of cloud services, and security mechanisms are described. The subject also deals with the issues of the recently widespread extensive DDoS attacks and their possible mitigation and protection against them. As part of the laboratory work, students will learn about advanced network infrastructure, virtual servers and their security.

Compulsory literature:

• Lee, G. : Cloud Networking: Understanding Cloud-based Data Center Networks, Morgan Kaufmann, 2014, ISBN 978-0128007280. • Yeluri R., Castro-Leon E.: Building the Infrastructure for Cloud Security: A Solutions View. Apress, 2013, ISBN 978-1-4302-6145-2.4 • Uptime Institute: Tier Standard: Operational Sustainability, 2013. • Uptime Institute: Tier Standard: Topology, 2012.

Recommended literature:

• Krutz, R. L., Russell D. V.: Cloud Security: A Comprehensive Guide to Secure Cloud Computing, Wiley, 2010, ISBN: 978-0-470-58987-8. • Santana G. A. A. : Data Center Virtualization Fundamentals: Understanding Techniques and Designs for Highly Efficient Data Centers with Cisco Nexus, UCS, MDS, and Beyond, Cisco Press, 2013, ISBN 978-1587143243. • Buecker A., et al: Managing Security and Compliance in Cloud or Virtualized Data Centers Using IBM PowerSC. IBM Redbooks, 2013, ISBN 978-0738437675.

Way of continuous check of knowledge in the course of semester

Verification of study: Tasks solved during exercises that verify students' ability to apply methods of computer network configuration, monitoring and troubleshooting for data center networks in particular scenarios dealing with data center security.

E-learning

Další požadavky na studenta

Basic knowledge of computer networking topics (layered model, addressing, routing and switching, remote access) and computer security (attacks on infrastructure, CIA, AAA, encryption, identity management).

Prerequisities

Subject has no prerequisities.

Co-requisities

Subject has no co-requisities.

Subject syllabus:

Lecure schedule 1. Design and implementation of data centers (hardware and software redundancy), overview of the most common networking and software technologies. 2. Physical security of data centers (TIER, IRMS certification). 3. Securing the communication interfaces (Fibre Channel - port security, fabric binding, FCIP - traffic engineering, cost profile). 4. Logging and monitoring of data center infrastructure and services, audit trail. 5. Identity and permission management (SAML, OAuth, OpenID). Technologies for data center management and remote access. 6. Data center network infrastructure, services and application security. Integrated solutions for data center security and their common features. 7. Service models of cloud services and their deployment models (SaaS, PaaS, IaaS). Data and application accessibility in cloud environment, data recovery, privacy of stored data. 8. Legal aspects of cloud computing (in Czech republic, EU, USA). 9. Cloud security controls. DDoS attacks on cloud services (amplification, SMURF attacks, attacks on network and transport layers) and their prevention. 10. Virtual Private Cloud (Amazon VPC, Google Secure Data Connector). Computer laboratories focus on practical implementation of topics covered on the lectures. Laboratory schedule 1. Cloud platforms – Azure, Amazon ASW, etc. 2. IDS and IPS. 3. Zone-based firewalling. 4. ASA platform. 5. Vmware NSX. 6. OpenStack. 7. Hypervisor Networking. 8. Virtual appliances 1. 9. Virtual appliances 2. 10. Physical safety of data centers.

Conditions for subject completion

Full-time form (validity from: 2016/2017 Winter semester)
Task nameType of taskMax. number of points
(act. for subtasks)
Min. number of points
Credit and Examination Credit and Examination 100 (100) 51
        Credit Credit 45  22
        Examination Examination 55  29
Mandatory attendence parzicipation: Required attendance is 70% of labs.

Show history

Occurrence in study plans

Academic yearProgrammeField of studySpec.FormStudy language Tut. centreYearWSType of duty
2019/2020 (N2647) Information and Communication Technology (1801T064) Information and Communication Security P English Ostrava 2 Compulsory study plan
2019/2020 (N0612A140005) Information and Communication Security P English Ostrava 2 Compulsory study plan
2018/2019 (N2647) Information and Communication Technology (1801T064) Information and Communication Security P English Ostrava 2 Compulsory study plan
2017/2018 (N2647) Information and Communication Technology (1801T064) Information and Communication Security P English Ostrava 2 Compulsory study plan
2016/2017 (N2647) Information and Communication Technology (1801T064) Information and Communication Security P English Ostrava 2 Compulsory study plan

Occurrence in special blocks

Block nameAcademic yearForm of studyStudy language YearWSType of blockBlock owner