Cyber Defense Monitoring Solutions
Basic information
- Course Code -- ITX8071
- Credit Points -- 6.0 EAP
- Course Language -- English
- Course Schedule -- the course will be lectured from 17:45 to 21:00 on every Wednesday of fall semester 2022. Note that most lectures are taking place in MS Teams environment under the team "Cyber Defense Monitoring Solutions (ITX8071)".
- Course Materials -- use the registration code w7Xz53c for accessing all course slides and pre-recorded lecture videos in Moodle.
Detailed Course Schedule
- August 31 2022 (introduction to the course, lecture of module 1) -- room ICT-401
- September 7 2022 (lab of module 1) -- room ICT-401
- September 14 2022 (lab of module 2) -- room ICT-401
- September 21 2022 (lecture of module 3) -- MS Teams
- September 28 2022 (lab of module 3) -- room ICT-401
- October 5 2022 (lab of module 4) -- room ICT-401
- October 12 2022 (lecture of module 5) -- MS Teams
- October 19 2022 (lab of module 5) -- room ICT-401
- October 26 2022 (lecture of module 6) -- MS Teams
- November 2 2022 (lab of module 6) -- room ICT-401
- November 9 2022 (lecture of module 7) -- MS Teams
- November 16 2022 (lab of module 7) -- room ICT-401
- November 23 2022 (lecture of module 8) -- MS Teams
- November 30 2022 (lab of module 8) -- room ICT-401
- December 7 2022 (lecture of module 9) -- MS Teams
- December 14 2022 (lab of module 9) -- room ICT-401
Independent work during the semester
For attending the course, the following course materials have to be independently studied in Moodle by given deadlines:
- lecture materials of module 2 ("Introduction to packet filtering with the Linux netfilter firewall") by September 13 2022.
- lecture materials of module 3 ("Regular expression language") by September 20 2022.
- lecture materials of module 4 ("Introduction to Perl regular expressions") by October 4 2022.
- lecture materials of module 5 ("Syslog-ng framework") by October 11 2022.
- lecture materials of module 6 ("Introduction to event correlation and Simple Event Correlator") by October 25 2022.
- lecture materials of module 7 ("Simple Event Correlator - advanced topics") by November 8 2022.
- lecture materials of module 8 ("Introduction to intrusion detection/prevention and Suricata IDS/IPS") by November 22 2022.
Evaluation
During the semester, two homework assignments are given to each student. Both assignments can yield up to 12.5 points, thus the maximum score from homework is 25 points. During the exam, three tasks are given to each student, with each task yielding up to 25 points and the whole exam up to 75 points. The final grade for a student is derived from his/her personal score:
- score > 90 -- grade 5 (excellent)
- 80 < score ≤ 90 -- grade 4 (very good)
- 70 < score ≤ 80 -- grade 3 (good)
- 60 < score ≤ 70 -- grade 2 (satisfactory)
- 50 < score ≤ 60 -- grade 1 (pass)
- score ≤ 50 -- a student has failed to pass
Virtual machine image
For course lab sessions, there is a virtual machine image which has been created with VirtualBox. When importing the image into VirtualBox, don't forget to select the option "Generate new MAC addresses for all network adapters". Also, if you are using the image on a classroom computer, import your virtual machine into the D:\itx8071 directory. In order to run your virtual machine as a node of the classroom network, change the network adapter mode from NAT to Bridged Adapter.
Since the virtual machine is essential for doing homework assignments, it is strongly recommended to also install it on a personal laptop. In order to do that, leave the existing network adapter to NAT mode, and create an additional network adapter with setting it to Host-only Adapter mode. The host-only adapter is connected to a special virtual network (e.g., 192.168.56.0/24) that is not accessible from other hosts and is shared between the host computer and virtual machines. This network can be used for accessing the virtual machine from the host computer and creating setups where several virtual machines need to communicate.
For changing the console keyboard layout of the virtual machine, use the /usr/bin/localectl tool. For example, localectl set-keymap et sets Estonian keyboard layout for console and localectl set-keymap us sets US keyboard layout for console, while localectl list-keymaps lists all available layouts and localectl status shows the current settings.
Lab sessions
Solutions for past lab sessions are available here.
Homework assignments
- Task1 -- a group work for max 3 students which must be submitted by October 27 2021 23:59 local time.
- Task2 -- a group work for max 3 students which must be submitted by December 15 2021 23:59 local time.
Solutions to homework assignments should be sent to the e-mail address of the lecturer (given in the title page of each slide module). Together with the solution, full names and student codes of the authors must be listed. You should consider your solution submitted only after its reception has been confirmed by the lecturer.
All submitted solutions should be carefully tested final versions. Please submit the solution only once, and do not send in partial and/or untested work. It is not allowed to submit a partial solution, and use comments from the lecturer for later resubmission of improved version(s). Also, if you wish to submit multiple solutions, you must clearly indicate which one should be used for evaluation. If no such indication is provided, the first solution will be used for evaluating your work, and other solutions are not considered.
Please note that each student can be a (co)author of only one solution (i.e., participation in more than one student group is not allowed). Also note that the list of authors can not be changed after the deadline.
The correct solution with your score will be announced after the deadline.
Solutions submitted after the deadline will not be accepted. Also, it is not possible to redo the homework assignment after the deadline.
Information about the exam
The exam is an open-book exam and is consists of two parts, with both parts being mandatory:
- written exam on a personal computer of an attending student,
- oral exam for explaining the written examination work and answering other questions.
During the written exam, examination assignments are distributed over e-mail to students, and each student has to accomplish 3 tasks during 2.5 hours. Note that each student has to work on examination tasks alone, and receiving any help from other persons is strictly prohibited. Before the end of the examination time slot, each student has to submit the solutions over e-mail and confirm with the lecturer that solutions have been received. Solutions arriving after designated time are not accepted and will yield the grade of 0.
Written exam can be taken during one of the following time slots:
- January 5 2022 at 15:45, virtually in MS Teams environment under the team "Cyber Defense Monitoring Solutions (ITX8071)".
- January 12 2022 at 15:45, virtually in MS Teams environment under the team "Cyber Defense Monitoring Solutions (ITX8071)".
- January 19 2022 at 15:45, virtually in MS Teams environment under the team "Cyber Defense Monitoring Solutions (ITX8071)".
Oral examinations will take place during 2 days that follow the written exam. Note that the oral exam lasts up to 60 minutes and is individual for each student (in other words, the discussion involves only the student and the lecturer). For participating in the oral exam, each student has to agree a separate time slot with the lecturer before the written exam. Failure to participate in the oral exam will yield the grade of 0.
When taking the oral exam, the student must consider the following:
- the oral exam can only be taken via full video call with an activated web cam, in order to reliably identify the person who is taking the exam,
- in the beginning of the oral exam, the student must present an ID with a photo,
- if the student is not able to explain a solution from the written examination work, the entire examination work is regarded as plagiarized which yields the grade of 0,
- in addition to discussing solutions from the written examination work, the oral exam will involve questions about other topics of the course,
- the oral exam must take place no later than 48 hours after the written exam.
For taking the exam, official registration in OIS is required for one of the time slots of the written exam at least 24 hours before the exam. In addition, each participant must also register his/her participation with the lecturer, setting the time slot for the oral exam. The oral exam must take place within 48 hours after the written exam.
Note that each student can take the exam only once, and in order to get the second try for improving the result, official application for re-examination is required (see below).
Re-examination information
Each student is granted one re-examination attempt which requires official application. The student can apply for re-examination after failing a regular exam, or for improving a low grade from a regular exam. Re-examination invalidates any previous grade or intermediate result which was obtained during the semester. The re-examination consists of a written exam of 2 assignments that have to be accomplished within 50 minutes, and an oral exam for explaining the written examination work and answering other questions. The final grade is solely based on the result of the re-exam, and no work from previous exam or semester can be combined with the re-exam.
The re-examination is an open-book exam and all rules of the regular exam apply (see above).
The re-exam can be taken during the timeslots of the regular exam.
Plagiarism policy
Please note that plagiarized home works and exam works will be rejected without a review, and the university will be notified of the offense. All cases of student plagiarism and other violations of academic practices will be handled according to regulations of the IT faculty.