Network Security Systems

Module Reflection  ·  MSc Computer Science (Conversion)  ·  Author: Orville Fernandes

What I Brought In

Network security was not unfamiliar territory for me. As a Cloud Engineer at Blockware Nation, I had worked directly with VPCs, security groups, Kubernetes network policies using Calico and Nginx ingress controllers. I understood subnetting at a working level, had configured access control in cloud environments, and was well aware of the kinds of misconfigurations that create real security risks. I came into COM7115 with a practical foundation that most conversion students would not have had, and that context shaped both what I valued in the module and where I found it falling short.

The Module

COM7115 covered the core concepts of network security: IP addressing and subnetting, the OSI model, routing and switching fundamentals, and the principles of information assurance. The five pillars of information assurance – availability, integrity, authentication, confidentiality, and non-repudiation – provided a useful academic framework for something I had previously only engaged with empirically. Wilson (2013) makes the point that these pillars are not independent but interdependent, and that strengthening one can inadvertently undermine another – a tension I had encountered in practice but had never had language for.

The module also addressed cloud security and data privacy, examining how different cloud vendors approach information assurance and how service models like IaaS, PaaS, and SaaS affect the distribution of security responsibility between provider and client (Chakraborty et al., 2010). Beyond that, the module covered enterprise network security at a conceptual level, including network segmentation, access control, and basic threat modelling.

The Coursework

The module was assessed through two components: a research report and a Cisco Packet Tracer practical.

For the report, I chose to write on cloud security and data privacy, focusing specifically on misconfigured virtual network segmentation in a cloud VPC. This was a deliberate choice as it let me dig into territory I knew from professional experience and examine it more rigorously through an academic lens. The scenario I built was realistic: an enterprise cloud network that had degraded in security posture over time through poor maintenance practices and a lack of governance. The framework I proposed to remediate it broadly had four components, namely network segmentation, access control, environment separation, and policy enforcement, each of which reflected established practice in cloud security (NIST, 2018). The research process reinforced something I had learnt in practice: that it is rarely the initial implementation that fails, but the absence of procedures for ongoing maintenance and governance that allows security posture to degrade over time.

The practical component used Cisco Packet Tracer to configure IP addressing, routers, and switches across multiple subnets and test network connectivity. I came away with a more formal understanding of Fixed-Length Subnet Masking and a clearer picture of the distinct roles of routers and switches – consolidation of knowledge I had applied in cloud contexts without always understanding the underlying detail at the physical and data link layers.

Critical Reflection

For a module called Network Security Systems, the emphasis on security in the practical component was surprisingly thin. We configured networks – which only involved assigning IP addresses, connecting devices, testing connectivity – we did not secure them. There were no access control lists, no firewall rules, no intrusion detection or prevention, no implementation of the very concepts the module taught theoretically. A module about network security should, at some point, require students to actually implement security controls on a network, not just build one. The Packet Tracer practical was an engaging format and I enjoyed the hands-on element, but it assessed networking fundamentals, not network security.

The practical was also limited to Fixed-Length Subnet Masking. There was no exposure to Variable-Length Subnet Masking, no static or dynamic routing configuration (OSPF, BGP), and nothing approaching the complexity of an enterprise network. The learning outcome for LO2 – "designing complex solutions for managing and configuring secure enterprise networks" – was assessed entirely through the report, with no accompanying practical. For a Masters-level programme, that is a significant gap. Designing something on paper is a fundamentally different skill from implementing and troubleshooting it, and the module never required the latter at a level that felt commensurate with postgraduate study.

The module as a whole was pitched too introductory. As it stood, the material covered ground I had already worked with professionally, and the assessment did not push me to go meaningfully beyond that. I left with a more formal vocabulary for things I already knew, which has value, but I had expected to be challenged further.

Learning Outcomes

LO1 – Knowledge and understanding of network security concepts: Achieved through the research report.

LO2 – Design of complex solutions for secure enterprise networks: Achieved through the research report, which required me to diagnose a realistic security failure scenario and propose a structured remediation framework. The absence of any practical component for this outcome was a notable limitation.

LO3 – Implementation of security configurations based on system requirements: Partially achieved through the Cisco Packet Tracer practical. Network connectivity was configured and tested successfully, but the practical stopped short of implementing actual security controls, which left this outcome only partially evidenced in a meaningful way.

References

Chakraborty, R., Ramireddy, S., Raghu, T.S. and Rao, H.R. (2010) 'The information assurance practices of cloud computing vendors', IT Professional, 12(4), pp. 29–37.

National Institute of Standards and Technology (NIST) (2018) Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. Gaithersburg, MD: NIST. Available at: https://doi.org/10.6028/NIST.CSWP.04162018.

Wilson, K.S. (2013) 'Conflicts among the pillars of information assurance', IT Professional, 15(4), pp. 44–49. doi: 10.1109/MITP.2012.24.

Marks