#REQUEST.pageInfo.pagedescription#

Site Navigation

COMP9046 - Network Security & Forensics

banner1
Title:Network Security & Forensics
Long Title:Network Security & Forensics
Module Code:COMP9046
 
Credits: 10
NFQ Level:Expert
Field of Study: Computer Science
Valid From: Semester 1 - 2016/17 ( September 2016 )
Module Delivered in 2 programme(s)
Module Coordinator: TIM HORGAN
Module Author: VINCENT RYAN
Module Description: The importance of Network Security in modern connected organisations cannot be understated as incresingly data processing and storage are interconnected. Network forensics has had a major impact on analysing the activities of threat actors in comprimised networks. As a result, a thorough understanding of Network Security requires a thorough knowledge of Network Forensics and vice versa. This module aims to develop the student's skills and knowledge associated with Network Security and Network Forensics. Packet Capture analysis will be strong focus of the module.
Learning Outcomes
On successful completion of this module the learner will be able to:
LO1 Appraise a wide range of security technologies and mechanisms associated with computer networking.
LO2 Evaluate and simulate a range of network based attacks.
LO3 Analyse a number of packet captures from a security viewpoint to detect and evaluate and measure the presence of threat actors.
LO4 Validate and implement network monitoring solutions to produce packet captures for network activity assessment.
LO5 Measure and critically appraise a computer network and associated systems with respect to its preparedness for contemporary security attacks.
LO6 Utilise a large amount of data such as logs, pcaps and netflows to detect and analyse a security incident
Pre-requisite learning
Module Recommendations
This is prior learning (or a practical skill) that is strongly recommended before enrolment in this module. You may enrol in this module if you have not acquired the recommended learning but you will have considerable difficulty in passing (i.e. achieving the learning outcomes of) the module. While the prior learning is expressed as named CIT module(s) it also allows for learning (in another module or modules) which is equivalent to the learning specified in the named module(s).
No recommendations listed
Incompatible Modules
These are modules which have learning outcomes that are too similar to the learning outcomes of this module. You may not earn additional credit for the same learning and therefore you may not enrol in this module if you have successfully completed any modules in the incompatible list.
No incompatible modules listed
Co-requisite Modules
No Co-requisite modules listed
Requirements
This is prior learning (or a practical skill) that is mandatory before enrolment in this module is allowed. You may not enrol on this module if you have not acquired the learning specified in this section.
The student should have a good knowledge of basic Computer Networking.
Co-requisites
No Co Requisites listed
 

Module Content & Assessment

Indicative Content
Network Security
Network Security concepts, Firewalls, Single Points of Failure, Network Protocols, IPv6 Security, Network Infrastructure Security
Network Monitoring
Packet Capture, Packet Crafting, Sniffing in a switched environment, Wireless Network sniffing, Intrusion Detection and Prevention Systems, DLP, Tunnelling
Network Forensics
Netflow, Packet Capture analysis, Log Analysis, SIEM, Common Protocols such as DHCP, SMB, SMTP, DNS and analysis of these
Network Attacks
Simulation and analysis of attacks such as DDoS, DNS Attacks, Attacks based on Network Infrastructure and Equipment, Man in the Middle Attacks, Smurf Attacks and VLAN hopping
Tools
Extensive use of tools such as tcpdump, wireshark, tshark, hping, scapy, iptables, nfdump, argus, maltego, afterglow, elsa, splunk, snort, bro, xplico. Kali and Security Onion will be used as platforms.
Assessment Breakdown%
Course Work100.00%
Course Work
Assessment Type Assessment Description Outcome addressed % of total Assessment Date
Written Report This report will assess the student's skills and mastery of Network Security (Firewalls, Infrastructure Security), Network Monitoring (Packet Capture Analysis, Packet Crafting and Network Sniffing) and Network Forensics. 1,2,3 30.0 Week 6
Project This project will evaluate the student's mastery in implementing network monitoring solutions (Security Onion, Snort and others), assessing vulnerable networks and analysing attacks against those networks. The student will be expected to provide a virtualised network infrastructure. 4,5,6 30.0 Week 9
Project This project will assess the students knowledge of the security technologies in Computer Networking, Packet Capture Analysis, Network Forensics and Network Security Readiness. 1,3,5 40.0 Sem End
No End of Module Formal Examination
Reassessment Requirement
Coursework Only
This module is reassessed solely on the basis of re-submitted coursework. There is no repeat written examination.

The institute reserves the right to alter the nature and timings of assessment

 

Module Workload

Workload: Full Time
Workload Type Workload Description Hours Frequency Average Weekly Learner Workload
Lecture Lecture delivering theory underpinning learning outcomes. 4.0 Every Week 4.00
Lab Lab to support learning outcomes. 2.0 Every Week 2.00
Independent & Directed Learning (Non-contact) Independent study. 8.0 Every Week 8.00
Total Hours 14.00
Total Weekly Learner Workload 14.00
Total Weekly Contact Hours 6.00
Workload: Part Time
Workload Type Workload Description Hours Frequency Average Weekly Learner Workload
Lecture Lecture delivering theory underpinning learning outcomes. 4.0 Every Week 4.00
Lab Lab to support learning outcomes. 2.0 Every Week 2.00
Independent & Directed Learning (Non-contact) Independent study. 8.0 Every Week 8.00
Total Hours 14.00
Total Weekly Learner Workload 14.00
Total Weekly Contact Hours 6.00
 

Module Resources

Recommended Book Resources
  • Bill Nelson 2015, Guide to Computer Forensics and Investigations, 5 Ed., Course Technology [ISBN: 1285060032]
Supplementary Book Resources
  • Richard Bejtlich 2013, The Practice of Network Security Monitoring: Understanding Incident Detection and Response [ISBN: 1593275099]
  • Laura Chappel 2012, Wireshark Network Analysis (Second Edition), 2 Ed. [ISBN: 9781893939944]
  • Sherri Davidoff, Jonathan Ham 2012, Network Forensics: Tracking Hackers through Cyberspace [ISBN: 978-013256471]
This module does not have any article/paper resources
Other Resources
 

Module Delivered in

Programme Code Programme Semester Delivery
CR_KINSE_9 Master of Science in Information Security 1 Mandatory
CR_KINSY_9 Postgraduate Diploma in Science in Information Security 1 Mandatory

Cork Institute of Technology
Rossa Avenue, Bishopstown, Cork

Tel: 021-4326100     Fax: 021-4545343
Email: help@cit.edu.ie