Cyber Defense Monitoring Solutions

Allikas: Kursused
Redaktsioon seisuga 1. september 2021, kell 13:31 kasutajalt Risto (arutelu | kaastöö)
Mine navigeerimisribale Mine otsikasti

Basic information

  • Course Code -- ITX8071
  • Credit Points -- 6.0 EAP
  • Course Language -- English
  • Course Schedule -- the course will be lectured from 17:45 to 21:00 on every Thursday of fall semester 2021. Note that all lectures are taking place in MS Teams environment under the team "Cyber Defense Monitoring Solutions (ITX8071)". Note that the location of labs has not been decided yet.
  • Course Materials -- use the registration code w7Xz53c for accessing all course slides and pre-recorded lecture videos in Moodle.

Evaluation

During the semester, two homework assignments are given to each student. Both assignments can yield up to 12.5 points, thus the maximum score from homework is 25 points. During the exam, three tasks are given to each student, with each task yielding up to 25 points and the whole exam up to 75 points. The final grade for a student is derived from his/her personal score:

  • score > 90 -- grade 5 (excellent)
  • 80 < score ≤ 90 -- grade 4 (very good)
  • 70 < score ≤ 80 -- grade 3 (good)
  • 60 < score ≤ 70 -- grade 2 (satisfactory)
  • 50 < score ≤ 60 -- grade 1 (pass)
  • score ≤ 50 -- a student has failed to pass

Virtual machine image

For course lab sessions, there is a virtual machine image which has been created with VirtualBox. When importing the image into VirtualBox, don't forget to select the option "Generate new MAC addresses for all network adapters". Also, if you are using the image on a classroom computer, import your virtual machine into the D:\itx8071 directory. In order to run your virtual machine as a node of the classroom network, change the network adapter mode from NAT to Bridged Adapter.

Since the virtual machine is essential for doing homework assignments, it is strongly recommended to also install it on a personal laptop. In order to do that, select the "Generate new MAC addresses for all network adapters" option when importing the virtual machine image. Also, leave the existing network adapter to NAT mode, and create an additional network adapter with setting it to Host-only Adapter mode. The host-only adapter is connected to a special virtual network that is not accessible from other hosts and is shared between the host computer and virtual machines. This network can be used for accessing virtual machines from the host computer and creating setups where several virtual machines need to communicate.

For changing the console keyboard layout of the virtual machine, use the /usr/bin/localectl tool. For example, localectl set-keymap et sets Estonian keyboard layout for console and localectl set-keymap us sets US keyboard layout for console, while localectl list-keymaps lists all available layouts and localectl status shows the current settings.

Lab sessions

Solutions for past lab sessions are available here.

Homework assignments

  • Task1 -- a group work for max 3 students which must be submitted by October 27 2021 23:59 local time.
  • Task2 -- a group work for max 3 students which must be submitted by December 15 2021 23:59 local time.

Solutions to homework assignments should be sent to the e-mail address of the lecturer (given in the title page of each slide module). Together with the solution, full names and student codes of the authors must be listed. You should consider your solution submitted only after its reception has been confirmed by the lecturer.

All submitted solutions should be carefully tested final versions. Please submit the solution only once, and do not send in partial and/or untested work. It is not allowed to submit a partial solution, and use comments from the lecturer for later resubmission of improved version(s). Also, if you wish to submit multiple solutions, you must clearly indicate which one should be used for evaluation. If no such indication is provided, the first solution will be used for evaluating your work, and other solutions are not considered.

Please note that each student can be a (co)author of only one solution (i.e., participation in more than one student group is not allowed). Also note that the list of authors can not be changed after the deadline.

The correct solution with your score will be announced after the deadline.

Solutions submitted after the deadline will not be accepted. Also, it is not possible to redo the homework assignment after the deadline.

Independent work during the semester

For attending the course, the following course materials have to be independently studied in Moodle by given deadlines:

  • lecture materials of module 2 ("Introduction to packet filtering with the Linux netfilter firewall") by September 15 2021.
  • lecture materials of module 3 ("Regular expression language") by September 22 2021.
  • lecture materials of module 4 ("Introduction to event log monitoring and Perl regular expressions") by October 6 2021.
  • lecture materials of module 5 ("Syslog-ng framework") by October 20 2021.
  • lecture materials of module 6 ("Introduction to event correlation and Simple Event Correlator") by November 3 2021.
  • lecture materials of module 7 ("Simple Event Correlator - advanced topics") by November 17 2021.
  • lecture materials of module 8 ("Introduction to intrusion detection/prevention and Suricata IDS/IPS") by December 1 2021.

Information about the exam

To be announced.

Re-examination information

To be announced.

Plagiarism policy

Please note that plagiarized home works and exam works will be rejected without a review, and the university will be notified of the offense. All cases of student plagiarism and other violations of academic practices will be handled according to regulations of the IT faculty.

Pärit leheküljelt "http://courses.cs.taltech.ee/w/index.php?title=Cyber_Defense_Monitoring_Solutions&oldid=10128"