#REQUEST.pageInfo.pagedescription#

Site Navigation

COMP8027 - Security Monitoring

banner1
Title:Security Monitoring
Long Title:Security Monitoring
Module Code:COMP8027
 
Duration:1 Semester
Credits: 5
NFQ Level:Advanced
Field of Study: Computer Science
Valid From: Semester 1 - 2017/18 ( September 2017 )
Module Delivered in 1 programme(s)
Module Coordinator: Sean McSweeney
Module Author: Sean McSweeney
Module Description: In many cases, organisations prepare for a security breach using endpoint and network protections, such as Anti-Virus and Firewalls, but do not monitor what is happening inside their network. Studies have shown that an attacker can be inside an organisation’s network for a year on average before being detected, as many organisations are not effectively monitoring traffic inside their network. This module addresses the tools and techniques needs to monitor a network and a host from a security viewpoint. It also addresses the hardening of hosts and networks against attacks, the location of network forensic artifacts so that an attack can be pinpointed, and explores the most common form of modern day attack namely Denial of Service Attack.
Learning Outcomes
On successful completion of this module the learner will be able to:
LO1 Appraise computer system hardening approaches and techniques.
LO2 Evaluate the issues involved in effective security auditing.
LO3 Compare network monitoring solutions to detect threat actors.
LO4 Assess network forensic data to perform a forensic analysis.
LO5 Critically examine modern network based attacks which lead to denial of service.
Pre-requisite learning
Module Recommendations

This is prior learning (or a practical skill) that is strongly recommended before enrolment in this module. You may enrol in this module if you have not acquired the recommended learning but you will have considerable difficulty in passing (i.e. achieving the learning outcomes of) the module. While the prior learning is expressed as named MTU module(s) it also allows for learning (in another module or modules) which is equivalent to the learning specified in the named module(s).

12816 COMP8022 Network Security
Incompatible Modules
These are modules which have learning outcomes that are too similar to the learning outcomes of this module. You may not earn additional credit for the same learning and therefore you may not enrol in this module if you have successfully completed any modules in the incompatible list.
No incompatible modules listed
Co-requisite Modules
No Co-requisite modules listed
Requirements

This is prior learning (or a practical skill) that is mandatory before enrolment in this module is allowed. You may not enrol on this module if you have not acquired the learning specified in this section.

No requirements listed
 

Module Content & Assessment

Indicative Content
System Hardening
OS hardening, windows security, linux security, bastille, user access control.
Security Auditing
User activity logging. Designing an audit system. Syslog server. Storing log data remotely. Windows Event logs and user tools.
Attacks and Detection
Denial-of-service attacks and amplification techniques. Host intrusion detection (aide/tripwire). Honeypots for detection.
Network Monitoring
NetFlow, Detecting client and server compromises. Collection and analysis of data, indicators of compromise. String, flow, transaction, statistical and alert data.
Network Forensics
Seeking indicators of compromise in packet captures. Analysis techniques and tools. Case studies.
Tools
e.g. Security Onion, elsa, splunk, logstash, bro, snort, suricata, nfcapd, nfdump, nfsen, silk, ossec.
Assessment Breakdown%
Course Work100.00%
Course Work
Assessment Type Assessment Description Outcome addressed % of total Assessment Date
Short Answer Questions An in-class exam that will require the learner to demonstrate understanding of topics such as computer system hardening, the issues involved in auditing security logs and Denial of Service attacks. 1,2,5 30.0 Week 5
Practical/Skills Evaluation The learner's understanding on how the theoretical knowledge delivered during the lectures may be applied to system hardening, security auditing and denial of service will be assessed on through a number of assigned tasks. 1,2,3,5 20.0 Week 6
Short Answer Questions An in-class exam that will require the learner to demonstrate understanding of network monitoring solutions and network forensics solutions. 3,4 30.0 Week 11
Practical/Skills Evaluation The learner's understanding will be assessed on how the theoretical knowledge delivered during the lectures may be applied to network and host analysis and network forensics through a number of assigned tasks. 3,4 20.0 Week 13
No End of Module Formal Examination
Reassessment Requirement
Coursework Only
This module is reassessed solely on the basis of re-submitted coursework. There is no repeat written examination.

The institute reserves the right to alter the nature and timings of assessment

 

Module Workload

Workload: Full Time
Workload Type Workload Description Hours Frequency Average Weekly Learner Workload
Lecture Lecture delivering theory underpinning learning outcomes. 2.0 Every Week 2.00
Lab Practical computer-based lab supporting learning outcomes. 2.0 Every Week 2.00
Independent & Directed Learning (Non-contact) Independent & directed learning 3.0 Every Week 3.00
Total Hours 7.00
Total Weekly Learner Workload 7.00
Total Weekly Contact Hours 4.00
Workload: Part Time
Workload Type Workload Description Hours Frequency Average Weekly Learner Workload
Lecture Lecture delivering theory underpinning learning outcomes. 2.0 Every Week 2.00
Lab Practical computer-based lab supporting learning outcomes. 2.0 Every Week 2.00
Independent & Directed Learning (Non-contact) Independent & directed learning 3.0 Every Week 3.00
Total Hours 7.00
Total Weekly Learner Workload 7.00
Total Weekly Contact Hours 4.00
 

Module Resources

Recommended Book Resources
  • Richard Bejtlich 2013, The Practice of Network Security Monitoring, O'Reilly Media [ISBN: 9781593275099]
Supplementary Book Resources
  • Chris Sanders, Jason Smith 2014, Applied Network Security Monitoring, Syngress [ISBN: 9780124172081]
  • Sherri Davidoff, Jonathan Ham 2012, Network Forensics: Tracking Hackers through Cyberspace, Prentice Hall [ISBN: 9780132564717]
  • Steven Anson, Steve Bunting, Ryan Johnson, Scott Pearson 2012, Mastering Windows Network Forensics and Investigation, Sybex [ISBN: 9781118163825]
  • Michael Hale Ligh, Andrew Case, Jamie Levy, Aaron Walters 2014, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory, 1st Ed., Wiley [ISBN: 9781118825099]
  • Samir Datt 2016, Learning Network Forensics, Packt [ISBN: 9781782174905]
  • Ric Messier 2017, Network Forensics, Wiley [ISBN: 9781119328285]
  • R.C. Joshi, Emmanuel S. Pilli 2016, Fundamentals of Network Forensics: A Research Perspective (Computer Communications and Networks), Springer [ISBN: 9781447172970]
  • Chris Sanders 2017, Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems, 3rd Edition Ed., No Starch Press [ISBN: 9781593278021]
Supplementary Article/Paper Resources
Other Resources
 

Module Delivered in

Programme Code Programme Semester Delivery
CR_KITMN_8 Bachelor of Science (Honours) in IT Management 7 Mandatory

Cork Institute of Technology
Rossa Avenue, Bishopstown, Cork

Tel: 021-4326100     Fax: 021-4545343
Email: help@cit.edu.ie