Cyber Defense Monitoring Solutions
Basic information
- Course Code -- ITX8071
- Credit Points -- 6.0 EAP
- Course Language -- English
- Course Schedule -- the course will be lectured from 17:45 to 21:00 on every Friday of fall semester 2020. All lectures and lab sessions will be held in room ICT-401 (Akadeemia tee 15A building). Starting from September 11 2020, lectures and labs will take place in MS Teams environment under the team "Cyber Defense Monitoring Solutions (ITX8071)".
- Course Materials -- use the registration code w7Xz53c for accessing all course slides and pre-recorded lecture videos in Moodle.
Evaluation
During the semester, two homework assignments are given to each student. Both assignments can yield up to 12.5 points, thus the maximum score from homework is 25 points. During the exam, three tasks are given to each student, with each task yielding up to 25 points and the whole exam up to 75 points. The final grade for a student is derived from his/her personal score:
- score > 90 -- grade 5 (excellent)
- 80 < score ≤ 90 -- grade 4 (very good)
- 70 < score ≤ 80 -- grade 3 (good)
- 60 < score ≤ 70 -- grade 2 (satisfactory)
- 50 < score ≤ 60 -- grade 1 (pass)
- score ≤ 50 -- a student has failed to pass
Virtual machine image
For course lab sessions, there is a virtual machine image which has been created with VirtualBox. When importing the image into VirtualBox, don't forget to select the option "Reinitialize the MAC address of all network cards". Also, if you are using the image on a classroom computer, import your virtual machine into the D:\itx8071 directory. In order to run your virtual machine as a node of the classroom network, change the network adapter mode from NAT to Bridged Adapter.
For changing the console keyboard layout of the virtual machine, use the /usr/bin/localectl tool. For example, localectl set-keymap et sets Estonian keyboard layout for console and localectl set-keymap us sets US keyboard layout for console, while localectl list-keymaps lists all available layouts and localectl status shows the current settings.
Lab sessions
Solutions for past lab sessions are available here.
Homework assignments
- Task1 -- a group work for max 3 students which must be submitted by October 29 2020 23:59 local time.
- Task2 -- a group work for max 3 students which must be submitted by December 17 2020 23:59 local time.
Solutions to homework assignments should be sent to the e-mail address of the lecturer (given in the title page of each slide module). Together with the solution, full names and student codes of the authors must be listed. You should consider your solution submitted only after its reception has been confirmed by the lecturer.
All submitted solutions should be carefully tested final versions. Please submit the solution only once, and do not send in partial and/or untested work. It is not allowed to submit a partial solution, and use comments from the lecturer for later resubmission of improved version(s). Also, if you wish to submit multiple solutions, you must clearly indicate which one should be used for evaluation. If no such indication is provided, the first solution will be used for evaluating your work, and other solutions are not considered.
Please note that each student can be a (co)author of only one solution (i.e., participation in more than one student group is not allowed). Also note that the list of authors can not be changed after the deadline.
The correct solution with your score will be announced after the deadline.
Solutions submitted after the deadline will not be accepted. Also, it is not possible to redo the homework assignment after the deadline.
Independent work during the semester
For attending the course, the following course materials have to be independently studied in Moodle by given deadlines:
- lecture materials of module 2 ("Introduction to packet filtering with the Linux netfilter firewall") by September 17 2020.
- lecture materials of module 3 ("Regular expression language") by September 24 2020.
- lecture materials of module 5 ("Syslog-ng framework") by October 22 2020.
- lecture materials of module 6 ("Introduction to event correlation and Simple Event Correlator") by November 5 2020.
- lecture materials of module 7 ("Simple Event Correlator - advanced topics") by November 19 2020.
- lecture materials of module 8 ("Introduction to intrusion detection/prevention and Snort IDS/IPS") by December 3 2020.
Information about the exam
The exam is an open-book exam and is consists of two parts, with both parts being mandatory:
- written exam on a personal computer of an attending student,
- oral exam for explaining the written examination work and answering other questions.
The written exam begins with the identification process in MS Teams environment, and each attending student must present an ID with a photo. Examination assignments are distributed over e-mail to students, and during the exam each student has to accomplish 3 tasks during 2 hours and 15 minutes. Before the end of examination time slot, each student has to submit the solutions over e-mail and confirm with the lecturer that solutions have been received. Solutions arriving after designated time are not accepted and will yield the grade of 0.
Written exam can be taken during one of the following time slots:
- January 4 2021 at 15:45, virtually in MS Teams environment under the team "Cyber Defense Monitoring Solutions (ITX8071)".
- January 11 2021 at 15:45, virtually in MS Teams environment under the team "Cyber Defense Monitoring Solutions (ITX8071)".
- January 15 2021 at 15:45, virtually in MS Teams environment under the team "Cyber Defense Monitoring Solutions (ITX8071)".
The oral exam will take place on the day that follows the written exam. For the oral exam, a time slot has to be agreed with the lecturer before the written exam. Failure to participate in the oral exam will yield the grade of 0.
When taking the oral exam, the student must consider the following:
- if the student is not able to explain a solution from the written examination work, the entire examination work is regarded as plagiarized which yields the grade of 0,
- in addition to discussing solutions from the written examination work, the oral exam will involve questions about other topics of the course.
For taking the exam, official registration in OIS is required for one of the time slots of the written exam. In addition, each participant must also register his/her participation with the lecturer, setting the time slot for the oral exam.
Note that each student can take the exam only once, and in order to get the second try for improving the result, official application for re-examination is required (see below).
Re-examination information
Each student is granted one re-examination attempt which requires official application. The student can apply for re-examination after failing a regular exam, or for improving a low grade from a regular exam. Re-examination invalidates any previous grade or intermediate result which was obtained during the semester. During re-examination, 2 assignments have to be accomplished within 45 minutes. The final grade is solely based on assignment solutions, and no work from previous exam or semester can be combined with the re-exam.
The re-examination is an open-book exam and all rules of the regular exam apply (see above).
Re-exam can be taken in January 20 2021 at 15:45 virtually in MS Teams. The exam begins with a 45 minute written exam, with an oral examination immediately following.
Plagiarism policy
Please note that plagiarized home works and exam works will be rejected without a review, and the university will be notified of the offense. All cases of student plagiarism and other violations of academic practices will be handled according to regulations of the IT faculty.