Cyber Defense Monitoring Solutions

Allikas: Kursused
Redaktsioon seisuga 30. august 2022, kell 09:04 kasutajalt Risto (arutelu | kaastöö)
Mine navigeerimisribale Mine otsikasti

Basic information

  • Course Code -- ITX8071
  • Credit Points -- 6.0 EAP
  • Course Language -- English
  • Course Schedule -- the course will be lectured from 17:45 to 21:00 on every Wednesday of fall semester 2022. Note that most lectures are taking place in MS Teams environment under the team "Cyber Defense Monitoring Solutions (ITX8071)", while labs are arranged in room ICT-401. Lectures and labs that are arranged in room ICT-401 can be followed in MS Teams environment.
  • Course Materials -- use the registration code w7Xz53c for accessing all course slides and pre-recorded lecture videos in Moodle.

Detailed Course Schedule

  • August 31 2022 (introduction to the course, lecture of module 1) -- room ICT-401
  • September 7 2022 (lab of module 1) -- room ICT-401
  • September 14 2022 (lab of module 2) -- room ICT-401
  • September 21 2022 (lecture of module 3) -- MS Teams
  • September 28 2022 (lab of module 3) -- room ICT-401
  • October 5 2022 (lab of module 4) -- room ICT-401
  • October 12 2022 (lecture of module 5) -- MS Teams
  • October 19 2022 (lab of module 5) -- room ICT-401
  • October 26 2022 (lecture of module 6) -- MS Teams
  • November 2 2022 (lab of module 6) -- room ICT-401
  • November 9 2022 (lecture of module 7) -- MS Teams
  • November 16 2022 (lab of module 7) -- room ICT-401
  • November 23 2022 (lecture of module 8) -- MS Teams
  • November 30 2022 (lab of module 8) -- room ICT-401
  • December 7 2022 (lecture of module 9) -- MS Teams
  • December 14 2022 (lab of module 9) -- room ICT-401

Independent work during the semester

For attending the course, the following course materials have to be independently studied in Moodle by given deadlines:

  • lecture materials of module 2 ("Introduction to packet filtering with the Linux netfilter firewall") by September 13 2022
  • lecture materials of module 3 ("Regular expression language") by September 20 2022
  • lecture materials of module 4 ("Introduction to Perl regular expressions") by October 4 2022
  • lecture materials of module 5 ("Syslog-ng framework") by October 11 2022
  • lecture materials of module 6 ("Introduction to event correlation and Simple Event Correlator") by October 25 2022
  • lecture materials of module 7 ("Simple Event Correlator - advanced topics") by November 8 2022
  • lecture materials of module 8 ("Introduction to intrusion detection/prevention and Suricata IDS/IPS") by November 22 2022

Evaluation

During the semester, two homework assignments are given to each student. Both assignments can yield up to 12.5 points, thus the maximum score from homework is 25 points. During the exam, three tasks are given to each student, with each task yielding up to 25 points and the whole exam up to 75 points. The final grade for a student is derived from his/her personal score:

  • score > 90 -- grade 5 (excellent)
  • 80 < score ≤ 90 -- grade 4 (very good)
  • 70 < score ≤ 80 -- grade 3 (good)
  • 60 < score ≤ 70 -- grade 2 (satisfactory)
  • 50 < score ≤ 60 -- grade 1 (pass)
  • score ≤ 50 -- a student has failed to pass

Virtual machine image

For course lab sessions, there is a virtual machine image which has been created with VirtualBox. When importing the image into VirtualBox, don't forget to select the option "Generate new MAC addresses for all network adapters". Also, if you are using the image on a classroom computer, import your virtual machine into the D:\itx8071 directory. In order to run your virtual machine as a node of the classroom network, change the mode of the first network adapter from NAT to Bridged Adapter.

Since the virtual machine is essential for doing homework assignments, it is strongly recommended to also install it on a personal laptop. In order to do that, leave the first network adapter to NAT mode, and change the mode of the second network adapter to Host-only Adapter. The host-only adapter is connected to a special virtual network (e.g., 192.168.56.0/24) that is not accessible from other hosts and is shared between the host computer and virtual machines. This network can be used for accessing the virtual machine from the host computer and creating setups where several virtual machines need to communicate.

For changing the console keyboard layout of the virtual machine, use the /usr/bin/localectl tool. For example, localectl set-keymap et sets Estonian keyboard layout for console and localectl set-keymap us sets US keyboard layout for console, while localectl list-keymaps lists all available layouts and localectl status shows the current settings.

Lab sessions

Solutions for past lab sessions are available here.

Homework assignments

  • Task1 -- a group work for max 3 students which must be submitted by October 25 2022 23:59 local time.
  • Task2 -- a group work for max 3 students which must be submitted by December 13 2022 23:59 local time.

Solutions to homework assignments should be sent to the e-mail address of the lecturer (given in the title page of each slide module). Together with the solution, full names and student codes of the authors must be listed. You should consider your solution submitted only after its reception has been confirmed by the lecturer.

All submitted solutions should be carefully tested final versions. Please submit the solution only once, and do not send in partial and/or untested work. It is not allowed to submit a partial solution, and use comments from the lecturer for later resubmission of improved version(s). Also, if you wish to submit multiple solutions, you must clearly indicate which one should be used for evaluation. If no such indication is provided, the first solution will be used for evaluating your work, and other solutions are not considered.

Please note that each student can be a (co)author of only one solution (i.e., participation in more than one student group is not allowed). Also note that the list of authors can not be changed after the deadline.

The correct solution with your score will be announced after the deadline.

Solutions submitted after the deadline will not be accepted. Also, it is not possible to redo the homework assignment after the deadline.

Information about the exam

The exam is an open-book exam, but the use of Internet, electronic devices, and digital materials is not permitted. In order to attend the exam, each student must present an ID with a photo and have at least one pen in good working order. During the exam, each student has to accomplish 3 tasks within 3 hours on paper. All paper materials such as printed course slides, paper-based notes, and hardcopy books can be freely used during the exam.

Examination dates will be announced during the semester.

Re-examination information

Each student is granted one re-examination attempt which requires official application. The student can apply for re-examination after failing a regular exam, or for improving a low grade from a regular exam. Re-examination invalidates any previous grade or intermediate result which was obtained during the semester. During re-examination, 2 assignments have to be accomplished within 1 hour. The final grade is solely based on assignment solutions, and no work from previous exam or semester can be combined with the re-exam.

The re-examination is an open-book exam, but the use of Internet, electronic devices, and digital materials is not permitted, and all rules of the regular exam apply (see above).

Re-examination dates will be announced during the semester.

Plagiarism policy

Please note that plagiarized home works and exam works will be rejected without a review, and the university will be notified of the offense. All cases of student plagiarism and other violations of academic practices will be handled according to regulations of the IT faculty.