Module Details
| Module Code: |
COMP9046 |
| Title: |
Network Security & Forensics
|
|
Long Title:
|
Network Security & Forensics
|
| NFQ Level: |
Expert |
| Valid From: |
Semester 1 - 2021/22 ( September 2021 ) |
| Field of Study: |
4811 - Computer Science
|
| Module Description: |
The importance of Network Security in modern connected organisations cannot be understated as increasingly data processing and storage are interconnected. Network forensics has had a major impact on analysing the activities of threat actors in compromised networks. As a result, a thorough understanding of Network Security requires a thorough knowledge of Network Forensics and vice versa. This module aims to develop the student's skills and knowledge associated with Network Security and Network Forensics. Packet Capture Analysis will be the strong focus of the module.
|
| Learning Outcomes |
| On successful completion of this module the learner will be able to: |
| # |
Learning Outcome Description |
| LO1 |
Appraise a wide range of security technologies and mechanisms associated with computer networking. |
| LO2 |
Evaluate and simulate a range of network based attacks. |
| LO3 |
Analyse a number of packet captures from a security viewpoint to detect and evaluate and measure the presence of threat actors. |
| LO4 |
Validate and implement network monitoring solutions to produce packet captures for network activity assessment. |
| LO5 |
Measure and critically appraise a computer network and associated systems with respect to its preparedness for contemporary security attacks. |
| LO6 |
Utilise a large amount of data such as logs, pcaps and netflows to detect and analyse a security incident. |
| Dependencies |
Module Recommendations
This is prior learning (or a practical skill) that is strongly recommended before enrolment in this module. You may enrol in this module if you have not acquired the recommended learning but you will have considerable difficulty in passing (i.e. achieving the learning outcomes of) the module. While the prior learning is expressed as named MTU module(s) it also allows for learning (in another module or modules) which is equivalent to the learning specified in the named module(s).
|
|
Incompatible Modules
These are modules which have learning outcomes that are too similar to the learning outcomes of this module. You may not earn additional credit for the same learning and therefore you may not enrol in this module if you have successfully completed any modules in the incompatible list.
|
| No incompatible modules listed |
Co-requisite Modules
|
| No Co-requisite modules listed |
Requirements
This is prior learning (or a practical skill) that is mandatory before enrolment in this module is allowed. You may not enrol on this module if you have not acquired the learning specified in this section.
|
| The student should have a good knowledge of basic Computer Networking. |
| Indicative Content |
|
Network Security
Network Security concepts, Firewalls, Single Points of Failure, Network Protocols, IPv6 Security, Network Infrastructure Security
|
|
Network Monitoring
Packet Capture, Packet Crafting, Sniffing in a switched environment, Wireless Network sniffing, Intrusion Detection and Prevention Systems, DLP, Tunnelling
|
|
Network Forensics
Netflow, Packet Capture analysis, Log Analysis, SIEM, Common Protocols such as DHCP, SMB, SMTP, DNS and analysis of these
|
|
Network Attacks
Simulation and analysis of attacks such as DDoS, DNS Attacks, Attacks based on Network Infrastructure and Equipment, Man in the Middle Attacks, Smurf Attacks and VLAN hopping
|
|
Tools
Extensive use of tools such as tcpdump, wireshark, tshark, hping, scapy, iptables, nfdump, argus, maltego, afterglow, elsa, splunk, snort, bro, xplico. Kali and Security Onion will be used as platforms.
|
|
Module Content & Assessment
|
| Assessment Breakdown | % |
|---|
| Coursework | 100.00% |
Assessments
| No End of Module Formal Examination |
| Reassessment Requirement |
Coursework Only
This module is reassessed solely on the basis of re-submitted coursework. There is no repeat written examination.
|
The University reserves the right to alter the nature and timings of assessment
Module Workload
| Workload: Full Time |
| Workload Type |
Contact Type |
Workload Description |
Frequency |
Average Weekly Learner Workload |
Hours |
| Lecture |
Contact |
Lecture delivering theory underpinning learning outcomes. |
Every Week |
4.00 |
4 |
| Lab |
Contact |
Lab to support learning outcomes. |
Every Week |
2.00 |
2 |
| Independent & Directed Learning (Non-contact) |
Non Contact |
Independent study. |
Every Week |
8.00 |
8 |
| Total Hours |
14.00 |
| Total Weekly Learner Workload |
14.00 |
| Total Weekly Contact Hours |
6.00 |
| Workload: Part Time |
| Workload Type |
Contact Type |
Workload Description |
Frequency |
Average Weekly Learner Workload |
Hours |
| Lecture |
Contact |
Lecture delivering theory underpinning learning outcomes. |
Every Week |
4.00 |
4 |
| Lab |
Contact |
Lab to support learning outcomes. |
Every Week |
2.00 |
2 |
| Independent & Directed Learning (Non-contact) |
Non Contact |
Independent study. |
Every Week |
8.00 |
8 |
| Total Hours |
14.00 |
| Total Weekly Learner Workload |
14.00 |
| Total Weekly Contact Hours |
6.00 |
|
Module Resources
|
| Recommended Book Resources |
|---|
-
Bill Nelson. (2015), Guide to Computer Forensics and Investigations, 5th. Course Technology, [ISBN: 1285060032].
| | Supplementary Book Resources |
|---|
-
Richard Bejtlich. (2013), The Practice of Network Security Monitoring: Understanding Incident Detection and Response, [ISBN: 1593275099].
-
Laura Chappel. (2012), Wireshark Network Analysis, 2nd. [ISBN: 9781893939944].
-
Sherri Davidoff, Jonathan Ham. (2012), Network Forensics: Tracking Hackers through Cyberspace, [ISBN: 9780132564717].
-
Quinn Kiser. (2020), Computer Networking and Cybersecurity, Primasta, [ISBN: 9781952559792].
| | This module does not have any article/paper resources |
|---|
| Other Resources |
|---|
-
Website, Malware Traffic Captures,
-
Website, WireShark Sample Captures,
|
|
