Erinevus lehekülje "Cyber Defense Monitoring Solutions" redaktsioonide vahel
| (ei näidata sama kasutaja 188 vahepealset redaktsiooni) | |||
| 1. rida: | 1. rida: | ||
| − | == Basic  | + | == Basic information == | 
| * Course Code -- ITX8071 | * Course Code -- ITX8071 | ||
| * Credit Points -- 6.0 EAP | * Credit Points -- 6.0 EAP | ||
| * Course Language -- English | * Course Language -- English | ||
| − | * Course Schedule -- the course will be lectured from 17:45 to 21:00 on every  | + | * Course Schedule -- the course will be lectured from 17:45 to 21:00 on every Monday of fall semester 2025. Note that some lectures might take place in MS Teams environment under the team "Cyber Defense Monitoring Solutions (ITX8071)", while remaining lectures and all labs are arranged in room ICT-401. | 
| − | *  | + | * Course Materials -- use the registration code w7Xz53c for accessing all course slides and pre-recorded lecture videos in Moodle. | 
| − | *  | + | |
| + | == Detailed Course Schedule == | ||
| + | |||
| + | * September 1 2025 (introduction to the course, lecture of module 1) -- room ICT-401 | ||
| + | * September 8 2025 (lab of module 1) -- room ICT-401 | ||
| + | * September 15 2025 (lab of module 2) -- room ICT-401 | ||
| + | * September 22 2025 (lecture of module 3) -- room ICT-401 | ||
| + | * September 29 2025 (lab of module 3) -- room ICT-401 | ||
| + | * October 6 2025 (lab of module 4) -- room ICT-401 | ||
| + | * October 13 2025 (lecture of module 5) -- room ICT-401 | ||
| + | * October 20 2025 (lab of module 5) -- room ICT-401 | ||
| + | * October 27 2025 (lecture of module 6) -- room ICT-401 | ||
| + | * November 3 2025 (lab of module 6) -- room ICT-401 | ||
| + | * November 10 2025 (lab of module 7) -- room ICT-401 | ||
| + | * November 17 2025 (lecture of module 8) -- room ICT-401 | ||
| + | * November 24 2025 (lab of module 8) -- room ICT-401 | ||
| + | * December 1 2025 (lecture of module 9) -- MS Teams | ||
| + | * December 8 2025 (lab of module 9) -- room ICT-401 | ||
| == Evaluation == | == Evaluation == | ||
| − | During the semester, two homework assignments are given to each student. Both assignments can yield up to  | + | During the semester, two homework assignments are given to each student. Both assignments can yield up to 12.5 points, thus the maximum score from homework is 25 points. During the exam, three tasks are given to each student, with each task yielding up to 25 points and the whole exam up to 75 points. The final grade for a student is derived from his/her personal score: | 
| * score > 90 -- grade 5 (excellent) | * score > 90 -- grade 5 (excellent) | ||
| 19. rida: | 36. rida: | ||
| * score ≤ 50 -- a student has failed to pass | * score ≤ 50 -- a student has failed to pass | ||
| − | == Virtual  | + | In addition to regular 100 points from homeworks and exam, extra points can be collected for active participation in the course (see the following sections). | 
| + | |||
| + | == Virtual machine image == | ||
| + | |||
| + | For course lab sessions, there is a [https://drive.google.com/file/d/1RWWofqn4AO0thk1lRbeTw6wHeZ6f6UOJ/view?usp=drive_link virtual machine image] which has been created with VirtualBox. When importing the image into VirtualBox, '''don't forget''' to select the option '''"Generate new MAC addresses for all network adapters"'''. In order to run your virtual machine as a node of the classroom network, change the mode of the first network adapter from NAT to '''Bridged Adapter'''.  | ||
| + | |||
| + | Since the virtual machine is essential for doing homework assignments, it is strongly recommended to also install it on a personal laptop. In order to do that, leave the first network adapter to NAT mode, and change the mode of the second network adapter to '''Host-only Adapter'''. The host-only adapter is connected to a special virtual network (e.g., 192.168.56.0/24) that is not accessible from other hosts and is shared between the host computer and virtual machines. This network can be used for accessing the virtual machine from the host computer and creating setups where several virtual machines need to communicate. | ||
| + | |||
| + | For changing the console keyboard layout of the virtual machine, use the '''/usr/bin/localectl''' tool. For example, '''localectl set-keymap ee''' sets Estonian keyboard layout for console and '''localectl set-keymap us''' sets US keyboard layout for console, while '''localectl list-keymaps''' lists all available layouts and '''localectl status''' shows the current settings. | ||
| + | |||
| + | == Lab sessions == | ||
| + | |||
| + | Solutions for past lab sessions are available [https://drive.google.com/drive/folders/1-UYUgO-rnobRPRoVLwQvrivqyQbDpjEc?usp=sharing here]. | ||
| + | |||
| + | Note that the last lab of the course on December 8 2025 is a '''graded lab which provides 5 extra points for participants'''. During the graded lab, groups of max 3 students have to work on an assignment that is described [[itx8071-graded-lab|here]]. In order to speed up your work during the lab, you can accomplish part of the assignment in advance. '''To receive points for the graded lab, the assignment solution has to be presented to the lecturers for evaluation during the lab session in ICT-401, and any other submissions are not accepted.''' | ||
| + | |||
| + | == Independent work during the semester == | ||
| − | For course  | + | Note that the lectures of the course are interactive discussions which assume the students have prepared themselves for the lectures. | 
| + | For attending the course successfully, the following course materials have to be independently studied in Moodle by given deadlines: | ||
| + | |||
| + | * lecture materials of module 2 ("Introduction to packet filtering with the Linux netfilter firewall") by '''September 15 2025''' | ||
| + | * lecture materials of module 3 ("Regular expression language") by '''September 22 2025''' | ||
| + | * lecture materials of module 4 ("Introduction to Perl regular expressions") by '''October 6 2025''' | ||
| + | * lecture materials of module 5 ("Syslog-ng framework") by '''October 13 2025''' | ||
| + | * lecture materials of module 6 ("Introduction to event correlation and Simple Event Correlator") by '''October 27 2025''' | ||
| + | * lecture materials of module 7 ("Simple Event Correlator - advanced topics") by '''November 10 2025''' | ||
| + | * lecture materials of module 8 ("Introduction to intrusion detection/prevention and Suricata IDS/IPS") by '''November 17 2025''' | ||
| + | |||
| + | In Moodle, lecture materials of several modules are followed by '''tests which provide extra points''', with each test consisting of four multiple choice questions. The test can be taken '''only once''' and has to be completed '''before the relevant lecture takes place'''. To pass the test, at least three questions have to be answered correctly, and each successfully passed test yields '''1 extra point'''. | ||
| == Homework assignments == | == Homework assignments == | ||
| − | * Task1 -- a group work for max 3 students  | + | * [[itx8071-task1|Task1]] -- a group work for max 3 students which must be submitted by '''November 2 2025 23:59 local time'''. | 
| − | * Task2 -- a group work for max 3 students  | + | * [[itx8071-task2|Task2]] -- a group work for max 3 students which must be submitted by '''December 14 2025 23:59 local time'''. | 
| Solutions to homework assignments should be sent to the e-mail address of the lecturer (given in the title page of each slide module). Together with the solution, full names and student codes of the authors must be listed. You should consider your solution submitted only after its reception '''has been confirmed''' by the lecturer. | Solutions to homework assignments should be sent to the e-mail address of the lecturer (given in the title page of each slide module). Together with the solution, full names and student codes of the authors must be listed. You should consider your solution submitted only after its reception '''has been confirmed''' by the lecturer. | ||
| − | All submitted solutions should be carefully tested final versions. Please submit the solution '''only once''', and do '''not''' send in partial and/or untested work. It is not allowed to submit a partial solution, and use comments from the lecturer for later resubmission of improved version(s). | + | All submitted solutions should be carefully tested final versions. Please submit the solution '''only once''', and do '''not''' send in partial and/or untested work. It is not allowed to submit a partial solution, and use comments from the lecturer for later resubmission of improved version(s). Also, if you wish to submit multiple solutions, you must '''clearly indicate''' which one should be used for evaluation. If no such indication is provided, the '''first solution''' will be used for evaluating your work, and other solutions are not considered. | 
| Please note that each student can be a (co)author of only one solution (i.e., participation in more than one student group is not allowed). Also note that the list of authors can not be changed after the deadline. | Please note that each student can be a (co)author of only one solution (i.e., participation in more than one student group is not allowed). Also note that the list of authors can not be changed after the deadline. | ||
| 36. rida: | 80. rida: | ||
| The correct solution with your score will be announced after the deadline. | The correct solution with your score will be announced after the deadline. | ||
| − | Solutions submitted after the deadline will '''not''' be accepted. Also, it is '''not''' possible to redo the homework assignment after the deadline. | + | Solutions submitted after the deadline will '''not''' be accepted. Also, it is '''not''' possible to redo the homework assignment after the deadline.   | 
| + | |||
| + | == Notes about distance learning == | ||
| + | |||
| + | In the case you are not able to attend lectures and labs physically, the course can be taken in a distance learning setting. However, you should consider the following when opting for the distance learning path: | ||
| + | |||
| + | * All course slides and prerecorded lecture video clips can be accessed through Moodle | ||
| + | * Lab assignments can be found at the end of each lecture slideset (slides with the title "Tasks") | ||
| + | * Make sure that you solve all lab assignments on the course virtual machine -- examination tasks are similar to lab assignments and having a good understanding of the lab topics is essential for passing the final exam | ||
| + | * Lab assignment solutions with comments are regularly posted to the course home page -- don't forget to compare your work with posted solutions! | ||
| + | * Check the course home page regularly for new homework assignments, assignment deadlines, and other important information | ||
| + | * Because homework assignments allow the students to work as a group, it is recommended to join some group by looking potential cooperation partners through the course MS Teams group | ||
| + | * Since the course is offering extra points in addition to regular ones, it is recommended to collect as many extra points as possible for improving your final grade | ||
| == Information about the exam == | == Information about the exam == | ||
| − | During the exam, each student has to accomplish 3 tasks within 3 hours | + | The exam is an '''open-book''' exam, but the use of Internet, electronic devices, and digital materials is '''not''' permitted. In order to attend the exam, each student must present an ID with a photo and have at least one pen in good working order. During the exam, each student has to accomplish 3 tasks within 3 hours on paper. All paper materials such as printed course slides, paper-based notes, and hardcopy books can be freely used during the exam.   | 
| + | |||
| + | Examination times will be announced during the semester. | ||
| − | + | For taking the exam, '''official registration in OIS''' is required for one of the examination time slots. | |
| − | *  | + | Note that each student can take the exam only once, and in order to get the second try for improving the result, official application for re-examination is required (see below). | 
| − | *  | + | |
| + | '''While producing his/her final examination work, the student must consider the following:''' | ||
| + | |||
| + | * Since there is no defense of the written examination work, the examination work must present full and unambiguous task solutions | ||
| + | * Each task must have only one clearly presented solution; if multiple solutions are given, only the first one will be evaluated | ||
| + | * All handwriting in the examination work must be legible | ||
| + | * No spare pens are provided to students during the exam | ||
| + | |||
| + | '''The following rules apply during the exam, and failure to follow them will invalidate the examination work of the student:''' | ||
| + | |||
| + | * The use of Internet, digital materials, and electronic devices (computers, mobile phones, cameras, etc.) is not permitted for any purposes | ||
| + | * All electronic devices will have to be switched to silent mode and left on a designated desk for the duration of the exam | ||
| + | * Any communication between students or with persons not taking the exam is strictly prohibited | ||
| + | * While the use of printed materials is permitted, it is not allowed to share such materials between students | ||
| + | * Students can't leave the examination room during the first 60 minutes and the last 30 minutes of the exam | ||
| + | * Each student can leave the examination room once during the exam for max 10 minutes (only one person can leave the room at a time) | ||
| + | * When leaving the examination room, the student has to surrender the task sheet to the lecturer (it is prohibited to take any exam-related materials outside the room) | ||
| + | * When submitting the examination work, the student must also hand over the task sheet | ||
| + | * It is strictly prohibited to take photos or make any other copies of the task sheet | ||
| == Re-examination information == | == Re-examination information == | ||
| 51. rida: | 127. rida: | ||
| Each student is granted one re-examination attempt which requires official application. The student can apply for re-examination after failing a regular exam, or for improving a low grade from a regular exam. Re-examination invalidates any previous grade or intermediate result which was obtained during the semester. During re-examination, 2 assignments have to be accomplished within 1 hour. The final grade is solely based on assignment solutions, and no work from previous exam or semester can be combined with the re-exam. | Each student is granted one re-examination attempt which requires official application. The student can apply for re-examination after failing a regular exam, or for improving a low grade from a regular exam. Re-examination invalidates any previous grade or intermediate result which was obtained during the semester. During re-examination, 2 assignments have to be accomplished within 1 hour. The final grade is solely based on assignment solutions, and no work from previous exam or semester can be combined with the re-exam. | ||
| − | Re-examination time will be announced  | + | The re-examination is an '''open-book''' exam, but the use of Internet, electronic devices, and digital materials is '''not''' permitted, and all rules of the regular exam apply (see above). | 
| + | |||
| + | Re-examination time will be announced during the semester. | ||
| + | |||
| + | == Plagiarism policy == | ||
| + | |||
| + | Please note that '''plagiarized''' home works and exam works will be '''rejected without a review''', and the university will be '''notified''' of the offense. All cases of student plagiarism and other violations of academic practices will be handled according to [https://haldus.taltech.ee/sites/default/files/2020-10/Terviktekst_IT-teaduskonna%20%C3%B5ppuri%20akad%20tavade%20rikkumise%20ja%20v%C3%A4%C3%A4ritu%20k%C3%A4itumise%20menetlemise%20kord_ENG.pdf regulations of the IT faculty]. | ||
Viimane redaktsioon: 1. september 2025, kell 11:20
Basic information
- Course Code -- ITX8071
- Credit Points -- 6.0 EAP
- Course Language -- English
- Course Schedule -- the course will be lectured from 17:45 to 21:00 on every Monday of fall semester 2025. Note that some lectures might take place in MS Teams environment under the team "Cyber Defense Monitoring Solutions (ITX8071)", while remaining lectures and all labs are arranged in room ICT-401.
- Course Materials -- use the registration code w7Xz53c for accessing all course slides and pre-recorded lecture videos in Moodle.
Detailed Course Schedule
- September 1 2025 (introduction to the course, lecture of module 1) -- room ICT-401
- September 8 2025 (lab of module 1) -- room ICT-401
- September 15 2025 (lab of module 2) -- room ICT-401
- September 22 2025 (lecture of module 3) -- room ICT-401
- September 29 2025 (lab of module 3) -- room ICT-401
- October 6 2025 (lab of module 4) -- room ICT-401
- October 13 2025 (lecture of module 5) -- room ICT-401
- October 20 2025 (lab of module 5) -- room ICT-401
- October 27 2025 (lecture of module 6) -- room ICT-401
- November 3 2025 (lab of module 6) -- room ICT-401
- November 10 2025 (lab of module 7) -- room ICT-401
- November 17 2025 (lecture of module 8) -- room ICT-401
- November 24 2025 (lab of module 8) -- room ICT-401
- December 1 2025 (lecture of module 9) -- MS Teams
- December 8 2025 (lab of module 9) -- room ICT-401
Evaluation
During the semester, two homework assignments are given to each student. Both assignments can yield up to 12.5 points, thus the maximum score from homework is 25 points. During the exam, three tasks are given to each student, with each task yielding up to 25 points and the whole exam up to 75 points. The final grade for a student is derived from his/her personal score:
- score > 90 -- grade 5 (excellent)
- 80 < score ≤ 90 -- grade 4 (very good)
- 70 < score ≤ 80 -- grade 3 (good)
- 60 < score ≤ 70 -- grade 2 (satisfactory)
- 50 < score ≤ 60 -- grade 1 (pass)
- score ≤ 50 -- a student has failed to pass
In addition to regular 100 points from homeworks and exam, extra points can be collected for active participation in the course (see the following sections).
Virtual machine image
For course lab sessions, there is a virtual machine image which has been created with VirtualBox. When importing the image into VirtualBox, don't forget to select the option "Generate new MAC addresses for all network adapters". In order to run your virtual machine as a node of the classroom network, change the mode of the first network adapter from NAT to Bridged Adapter.
Since the virtual machine is essential for doing homework assignments, it is strongly recommended to also install it on a personal laptop. In order to do that, leave the first network adapter to NAT mode, and change the mode of the second network adapter to Host-only Adapter. The host-only adapter is connected to a special virtual network (e.g., 192.168.56.0/24) that is not accessible from other hosts and is shared between the host computer and virtual machines. This network can be used for accessing the virtual machine from the host computer and creating setups where several virtual machines need to communicate.
For changing the console keyboard layout of the virtual machine, use the /usr/bin/localectl tool. For example, localectl set-keymap ee sets Estonian keyboard layout for console and localectl set-keymap us sets US keyboard layout for console, while localectl list-keymaps lists all available layouts and localectl status shows the current settings.
Lab sessions
Solutions for past lab sessions are available here.
Note that the last lab of the course on December 8 2025 is a graded lab which provides 5 extra points for participants. During the graded lab, groups of max 3 students have to work on an assignment that is described here. In order to speed up your work during the lab, you can accomplish part of the assignment in advance. To receive points for the graded lab, the assignment solution has to be presented to the lecturers for evaluation during the lab session in ICT-401, and any other submissions are not accepted.
Independent work during the semester
Note that the lectures of the course are interactive discussions which assume the students have prepared themselves for the lectures. For attending the course successfully, the following course materials have to be independently studied in Moodle by given deadlines:
- lecture materials of module 2 ("Introduction to packet filtering with the Linux netfilter firewall") by September 15 2025
- lecture materials of module 3 ("Regular expression language") by September 22 2025
- lecture materials of module 4 ("Introduction to Perl regular expressions") by October 6 2025
- lecture materials of module 5 ("Syslog-ng framework") by October 13 2025
- lecture materials of module 6 ("Introduction to event correlation and Simple Event Correlator") by October 27 2025
- lecture materials of module 7 ("Simple Event Correlator - advanced topics") by November 10 2025
- lecture materials of module 8 ("Introduction to intrusion detection/prevention and Suricata IDS/IPS") by November 17 2025
In Moodle, lecture materials of several modules are followed by tests which provide extra points, with each test consisting of four multiple choice questions. The test can be taken only once and has to be completed before the relevant lecture takes place. To pass the test, at least three questions have to be answered correctly, and each successfully passed test yields 1 extra point.
Homework assignments
- Task1 -- a group work for max 3 students which must be submitted by November 2 2025 23:59 local time.
- Task2 -- a group work for max 3 students which must be submitted by December 14 2025 23:59 local time.
Solutions to homework assignments should be sent to the e-mail address of the lecturer (given in the title page of each slide module). Together with the solution, full names and student codes of the authors must be listed. You should consider your solution submitted only after its reception has been confirmed by the lecturer.
All submitted solutions should be carefully tested final versions. Please submit the solution only once, and do not send in partial and/or untested work. It is not allowed to submit a partial solution, and use comments from the lecturer for later resubmission of improved version(s). Also, if you wish to submit multiple solutions, you must clearly indicate which one should be used for evaluation. If no such indication is provided, the first solution will be used for evaluating your work, and other solutions are not considered.
Please note that each student can be a (co)author of only one solution (i.e., participation in more than one student group is not allowed). Also note that the list of authors can not be changed after the deadline.
The correct solution with your score will be announced after the deadline.
Solutions submitted after the deadline will not be accepted. Also, it is not possible to redo the homework assignment after the deadline.
Notes about distance learning
In the case you are not able to attend lectures and labs physically, the course can be taken in a distance learning setting. However, you should consider the following when opting for the distance learning path:
- All course slides and prerecorded lecture video clips can be accessed through Moodle
- Lab assignments can be found at the end of each lecture slideset (slides with the title "Tasks")
- Make sure that you solve all lab assignments on the course virtual machine -- examination tasks are similar to lab assignments and having a good understanding of the lab topics is essential for passing the final exam
- Lab assignment solutions with comments are regularly posted to the course home page -- don't forget to compare your work with posted solutions!
- Check the course home page regularly for new homework assignments, assignment deadlines, and other important information
- Because homework assignments allow the students to work as a group, it is recommended to join some group by looking potential cooperation partners through the course MS Teams group
- Since the course is offering extra points in addition to regular ones, it is recommended to collect as many extra points as possible for improving your final grade
Information about the exam
The exam is an open-book exam, but the use of Internet, electronic devices, and digital materials is not permitted. In order to attend the exam, each student must present an ID with a photo and have at least one pen in good working order. During the exam, each student has to accomplish 3 tasks within 3 hours on paper. All paper materials such as printed course slides, paper-based notes, and hardcopy books can be freely used during the exam.
Examination times will be announced during the semester.
For taking the exam, official registration in OIS is required for one of the examination time slots.
Note that each student can take the exam only once, and in order to get the second try for improving the result, official application for re-examination is required (see below).
While producing his/her final examination work, the student must consider the following:
- Since there is no defense of the written examination work, the examination work must present full and unambiguous task solutions
- Each task must have only one clearly presented solution; if multiple solutions are given, only the first one will be evaluated
- All handwriting in the examination work must be legible
- No spare pens are provided to students during the exam
The following rules apply during the exam, and failure to follow them will invalidate the examination work of the student:
- The use of Internet, digital materials, and electronic devices (computers, mobile phones, cameras, etc.) is not permitted for any purposes
- All electronic devices will have to be switched to silent mode and left on a designated desk for the duration of the exam
- Any communication between students or with persons not taking the exam is strictly prohibited
- While the use of printed materials is permitted, it is not allowed to share such materials between students
- Students can't leave the examination room during the first 60 minutes and the last 30 minutes of the exam
- Each student can leave the examination room once during the exam for max 10 minutes (only one person can leave the room at a time)
- When leaving the examination room, the student has to surrender the task sheet to the lecturer (it is prohibited to take any exam-related materials outside the room)
- When submitting the examination work, the student must also hand over the task sheet
- It is strictly prohibited to take photos or make any other copies of the task sheet
Re-examination information
Each student is granted one re-examination attempt which requires official application. The student can apply for re-examination after failing a regular exam, or for improving a low grade from a regular exam. Re-examination invalidates any previous grade or intermediate result which was obtained during the semester. During re-examination, 2 assignments have to be accomplished within 1 hour. The final grade is solely based on assignment solutions, and no work from previous exam or semester can be combined with the re-exam.
The re-examination is an open-book exam, but the use of Internet, electronic devices, and digital materials is not permitted, and all rules of the regular exam apply (see above).
Re-examination time will be announced during the semester.
Plagiarism policy
Please note that plagiarized home works and exam works will be rejected without a review, and the university will be notified of the offense. All cases of student plagiarism and other violations of academic practices will be handled according to regulations of the IT faculty.