Module Details

Module Code: COMP8027
Title: Security Monitoring
Long Title: Security Monitoring
NFQ Level: Advanced
Valid From: Semester 1 - 2017/18 ( September 2017 )
Duration: 1 Semester
Credits: 5
Field of Study: 4811 - Computer Science
Module Delivered in: 1 programme(s)
Module Description: In many cases, organisations prepare for a security breach using endpoint and network protections, such as Anti-Virus and Firewalls, but do not monitor what is happening inside their network. Studies have shown that an attacker can be inside an organisation’s network for a year on average before being detected, as many organisations are not effectively monitoring traffic inside their network. This module addresses the tools and techniques needs to monitor a network and a host from a security viewpoint. It also addresses the hardening of hosts and networks against attacks, the location of network forensic artifacts so that an attack can be pinpointed, and explores the most common form of modern day attack namely Denial of Service Attack.
 
Learning Outcomes
On successful completion of this module the learner will be able to:
# Learning Outcome Description
LO1 Appraise computer system hardening approaches and techniques.
LO2 Evaluate the issues involved in effective security auditing.
LO3 Compare network monitoring solutions to detect threat actors.
LO4 Assess network forensic data to perform a forensic analysis.
LO5 Critically examine modern network based attacks which lead to denial of service.
Dependencies
Module Recommendations

This is prior learning (or a practical skill) that is strongly recommended before enrolment in this module. You may enrol in this module if you have not acquired the recommended learning but you will have considerable difficulty in passing (i.e. achieving the learning outcomes of) the module. While the prior learning is expressed as named MTU module(s) it also allows for learning (in another module or modules) which is equivalent to the learning specified in the named module(s).
12816 COMP8022 Network Security
Incompatible Modules
These are modules which have learning outcomes that are too similar to the learning outcomes of this module. You may not earn additional credit for the same learning and therefore you may not enrol in this module if you have successfully completed any modules in the incompatible list.
No incompatible modules listed
Co-requisite Modules
No Co-requisite modules listed
Requirements

This is prior learning (or a practical skill) that is mandatory before enrolment in this module is allowed. You may not enrol on this module if you have not acquired the learning specified in this section.
No requirements listed
 
Indicative Content
System Hardening
OS hardening, windows security, linux security, bastille, user access control.
Security Auditing
User activity logging. Designing an audit system. Syslog server. Storing log data remotely. Windows Event logs and user tools.
Attacks and Detection
Denial-of-service attacks and amplification techniques. Host intrusion detection (aide/tripwire). Honeypots for detection.
Network Monitoring
NetFlow, Detecting client and server compromises. Collection and analysis of data, indicators of compromise. String, flow, transaction, statistical and alert data.
Network Forensics
Seeking indicators of compromise in packet captures. Analysis techniques and tools. Case studies.
Tools
e.g. Security Onion, elsa, splunk, logstash, bro, snort, suricata, nfcapd, nfdump, nfsen, silk, ossec.
Module Content & Assessment
Assessment Breakdown%
Coursework100.00%

Assessments

Coursework
Assessment Type Short Answer Questions % of Total Mark 30
Timing Week 5 Learning Outcomes 1,2,5
Assessment Description
An in-class exam that will require the learner to demonstrate understanding of topics such as computer system hardening, the issues involved in auditing security logs and Denial of Service attacks.
Assessment Type Practical/Skills Evaluation % of Total Mark 20
Timing Week 6 Learning Outcomes 1,2,3,5
Assessment Description
The learner's understanding on how the theoretical knowledge delivered during the lectures may be applied to system hardening, security auditing and denial of service will be assessed on through a number of assigned tasks.
Assessment Type Short Answer Questions % of Total Mark 30
Timing Week 11 Learning Outcomes 3,4
Assessment Description
An in-class exam that will require the learner to demonstrate understanding of network monitoring solutions and network forensics solutions.
Assessment Type Practical/Skills Evaluation % of Total Mark 20
Timing Week 13 Learning Outcomes 3,4
Assessment Description
The learner's understanding will be assessed on how the theoretical knowledge delivered during the lectures may be applied to network and host analysis and network forensics through a number of assigned tasks.
No End of Module Formal Examination
Reassessment Requirement
Coursework Only
This module is reassessed solely on the basis of re-submitted coursework. There is no repeat written examination.

The University reserves the right to alter the nature and timings of assessment

 

Module Workload

Workload: Full Time
Workload Type Contact Type Workload Description Frequency Average Weekly Learner Workload Hours
Lecture Contact Lecture delivering theory underpinning learning outcomes. Every Week 2.00 2
Lab Contact Practical computer-based lab supporting learning outcomes. Every Week 2.00 2
Independent & Directed Learning (Non-contact) Non Contact Independent & directed learning Every Week 3.00 3
Total Hours 7.00
Total Weekly Learner Workload 7.00
Total Weekly Contact Hours 4.00
Workload: Part Time
Workload Type Contact Type Workload Description Frequency Average Weekly Learner Workload Hours
Lecture Contact Lecture delivering theory underpinning learning outcomes. Every Week 2.00 2
Lab Contact Practical computer-based lab supporting learning outcomes. Every Week 2.00 2
Independent & Directed Learning (Non-contact) Non Contact Independent & directed learning Every Week 3.00 3
Total Hours 7.00
Total Weekly Learner Workload 7.00
Total Weekly Contact Hours 4.00
 
Module Resources
Recommended Book Resources
  • Richard Bejtlich. (2013), The Practice of Network Security Monitoring, O'Reilly Media, [ISBN: 9781593275099].
Supplementary Book Resources
  • Chris Sanders, Jason Smith. (2014), Applied Network Security Monitoring, Syngress, [ISBN: 9780124172081].
  • Sherri Davidoff, Jonathan Ham. (2012), Network Forensics: Tracking Hackers through Cyberspace, Prentice Hall, [ISBN: 9780132564717].
  • Steven Anson, Steve Bunting, Ryan Johnson, Scott Pearson. (2012), Mastering Windows Network Forensics and Investigation, Sybex, [ISBN: 9781118163825].
  • Michael Hale Ligh, Andrew Case, Jamie Levy, Aaron Walters. (2014), The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory, 1st. Wiley, [ISBN: 9781118825099].
  • Samir Datt. (2016), Learning Network Forensics, Packt, [ISBN: 9781782174905].
  • Ric Messier. (2017), Network Forensics, Wiley, [ISBN: 9781119328285].
  • R.C. Joshi, Emmanuel S. Pilli. (2016), Fundamentals of Network Forensics: A Research Perspective (Computer Communications and Networks), Springer, [ISBN: 9781447172970].
  • Chris Sanders. (2017), Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems, 3rd Edition. No Starch Press, [ISBN: 9781593278021].
Supplementary Article/Paper Resources
Other Resources
 
Module Delivered in
Programme Code Programme Semester Delivery
CR_KITMN_8 Bachelor of Science (Honours) in IT Management and Cybersecurity 7 Mandatory