Cyber Defense Monitoring Solutions

Allikas: Kursused
Redaktsioon seisuga 20. detsember 2020, kell 19:37 kasutajalt Risto (arutelu | kaastöö)
Mine navigeerimisribale Mine otsikasti

Basic information

  • Course Code -- ITX8071
  • Credit Points -- 6.0 EAP
  • Course Language -- English
  • Course Schedule -- the course will be lectured from 17:45 to 21:00 on every Friday of fall semester 2020. All lectures and lab sessions will be held in room ICT-401 (Akadeemia tee 15A building). Starting from September 11 2020, lectures and labs will take place in MS Teams environment under the team "Cyber Defense Monitoring Solutions (ITX8071)".
  • Course Materials -- use the registration code w7Xz53c for accessing all course slides and pre-recorded lecture videos in Moodle.

Evaluation

During the semester, two homework assignments are given to each student. Both assignments can yield up to 12.5 points, thus the maximum score from homework is 25 points. During the exam, three tasks are given to each student, with each task yielding up to 25 points and the whole exam up to 75 points. The final grade for a student is derived from his/her personal score:

  • score > 90 -- grade 5 (excellent)
  • 80 < score ≤ 90 -- grade 4 (very good)
  • 70 < score ≤ 80 -- grade 3 (good)
  • 60 < score ≤ 70 -- grade 2 (satisfactory)
  • 50 < score ≤ 60 -- grade 1 (pass)
  • score ≤ 50 -- a student has failed to pass

Virtual machine image

For course lab sessions, there is a virtual machine image which has been created with VirtualBox. When importing the image into VirtualBox, don't forget to select the option "Reinitialize the MAC address of all network cards". Also, if you are using the image on a classroom computer, import your virtual machine into the D:\itx8071 directory. In order to run your virtual machine as a node of the classroom network, change the network adapter mode from NAT to Bridged Adapter.

For changing the console keyboard layout of the virtual machine, use the /usr/bin/localectl tool. For example, localectl set-keymap et sets Estonian keyboard layout for console and localectl set-keymap us sets US keyboard layout for console, while localectl list-keymaps lists all available layouts and localectl status shows the current settings.

Lab sessions

Solutions for past lab sessions are available here.

Homework assignments

  • Task1 -- a group work for max 3 students which must be submitted by October 29 2020 23:59 local time.
  • Task2 -- a group work for max 3 students which must be submitted by December 17 2020 23:59 local time.

Solutions to homework assignments should be sent to the e-mail address of the lecturer (given in the title page of each slide module). Together with the solution, full names and student codes of the authors must be listed. You should consider your solution submitted only after its reception has been confirmed by the lecturer.

All submitted solutions should be carefully tested final versions. Please submit the solution only once, and do not send in partial and/or untested work. It is not allowed to submit a partial solution, and use comments from the lecturer for later resubmission of improved version(s). Also, if you wish to submit multiple solutions, you must clearly indicate which one should be used for evaluation. If no such indication is provided, the first solution will be used for evaluating your work, and other solutions are not considered.

Please note that each student can be a (co)author of only one solution (i.e., participation in more than one student group is not allowed). Also note that the list of authors can not be changed after the deadline.

The correct solution with your score will be announced after the deadline.

Solutions submitted after the deadline will not be accepted. Also, it is not possible to redo the homework assignment after the deadline.

Independent work during the semester

For attending the course, the following course materials have to be independently studied in Moodle by given deadlines:

  • lecture materials of module 2 ("Introduction to packet filtering with the Linux netfilter firewall") by September 17 2020.
  • lecture materials of module 3 ("Regular expression language") by September 24 2020.
  • lecture materials of module 5 ("Syslog-ng framework") by October 22 2020.
  • lecture materials of module 6 ("Introduction to event correlation and Simple Event Correlator") by November 5 2020.
  • lecture materials of module 7 ("Simple Event Correlator - advanced topics") by November 19 2020.
  • lecture materials of module 8 ("Introduction to intrusion detection/prevention and Snort IDS/IPS") by December 3 2020.

Information about the exam

The exam is an open-book exam and is consists of two parts, with both parts being mandatory:

  • written exam on a personal computer of an attending student,
  • oral exam for explaining the written examination work and answering other questions.

Both the written and oral exam begin with the identification process in MS Teams environment, and each attending student must present an ID with a photo. During the written exam, examination assignments are distributed over e-mail to students, and each student has to accomplish 3 tasks during 2.5 hours. Before the end of the examination time slot, each student has to submit the solutions over e-mail and confirm with the lecturer that solutions have been received. Solutions arriving after designated time are not accepted and will yield the grade of 0.

Written exam can be taken during one of the following time slots:

  • January 4 2021 at 15:45, virtually in MS Teams environment under the team "Cyber Defense Monitoring Solutions (ITX8071)".
  • January 11 2021 at 15:45, virtually in MS Teams environment under the team "Cyber Defense Monitoring Solutions (ITX8071)".
  • January 15 2021 at 15:45, virtually in MS Teams environment under the team "Cyber Defense Monitoring Solutions (ITX8071)".

Oral examinations will take place during 2 days that follow the written exam. Note that the oral exam lasts up to 60 minutes and is individual for each student (in other words, the discussion involves only the student and the lecturer). For participating in the oral exam, each student has to agree a separate time slot with the lecturer before the written exam. Failure to participate in the oral exam will yield the grade of 0.

When taking the oral exam, the student must consider the following:

  • the oral exam can only be taken via full video call with an activated web cam, in order to reliably identify the person who is taking the exam,
  • if the student is not able to explain a solution from the written examination work, the entire examination work is regarded as plagiarized which yields the grade of 0,
  • in addition to discussing solutions from the written examination work, the oral exam will involve questions about other topics of the course.

For taking the exam, official registration in OIS is required for one of the time slots of the written exam. In addition, each participant must also register his/her participation with the lecturer, setting the time slot for the oral exam. The oral exam must take place within 48 hours after the written exam.

Note that each student can take the exam only once, and in order to get the second try for improving the result, official application for re-examination is required (see below).

Re-examination information

Each student is granted one re-examination attempt which requires official application. The student can apply for re-examination after failing a regular exam, or for improving a low grade from a regular exam. Re-examination invalidates any previous grade or intermediate result which was obtained during the semester. The re-exam begins with a written test of 2 assignments that have to be accomplished within 50 minutes, with an oral examination immediately following. The final grade is solely based on the result of the re-exam, and no work from previous exam or semester can be combined with the re-exam.

The re-examination is an open-book exam and all rules of the regular exam apply (see above).

Re-exam can be taken in January 20 2021 at 15:45 virtually in MS Teams.

Plagiarism policy

Please note that plagiarized home works and exam works will be rejected without a review, and the university will be notified of the offense. All cases of student plagiarism and other violations of academic practices will be handled according to regulations of the IT faculty.