ACIT4050 Applied Computer and Network Security Emneplan

The aim of this course is to build further on the grounding of principles in the earlier security courses and to apply those principles to technologies such as firewalls and intrusion detection systems, widely sold as commercial solutions. Students will construct and adapt firewalls and intrusion detection systems, analyse their architectures and analyse security incidents related to cyber security. Actual security incidents will be demonstrated and then analysed in depth by the students.

No formal requirements over and above the admission requirements.

The student should have the following outcomes upon completing the course:

Knowledge

Upon successful completion of the course, the student:

• has thorough knowledge of cyber security
• has advanced knowledge of the purpose of firewalls and how they are used in practice to implement a network security policy
• has in-depth knowledge of the type of network information available to classify traffic, such as protocol headers and IP addresses.
• has a thorough understanding of how signature-based host and network intrusion detection and prevention is used in organisations
• has good understanding of malware and cyber threat intelligence
• has good understanding of penetration testing
• has good understanding of computer forensics

Skills

Upon successful completion of the course, the student:

• can implement a high-level network security firewall policy
• can implement host and network intrusion detection and prevention systems
• Is able to analyse and explain the contents of network traffic
• is able to analyse and explain the workings of common cyber security incidents
• can execute penetration tests on network services

General competence

Upon successful completion of the course, the student:

• understands the role of security awareness in organisations
• understands the role of malware and threat intelligence in cyber security
• can explain and discuss security challenges related to cyber security to experts and non-experts alike
• can reflect on how intrusion detection and prevention can improve network security and how it is used in the field

• Security strategies and policies
• Firewall architecture and deployment
• Host and network intrusion detection and prevention
• Analysis of TCP/IP traffic and log files
• Malware
• Threat intelligence
• Penetration testing
• Computer forensics

This course features weekly lectures and lab sessions to provide both theoretical content and hands-on experience. Students work in groups of two and complete assignments. The students supplement the lectures and lab sessions with their own reading. Compulsory assignments are given throughout the semester.

The following required coursework must be approved before the student can take the exam:

The student is required to complete at least 9 of the 13 assignments to a satisfactory level. The assignments focus on technical work and are documented in reports. The reports must adequately detail the completed work.

New exam for spring 2020: Final oral exam by videoconference

[Previous: Individual written exam 3 hours.]

The exam grade cannot be appealed.

None.

Pass/fail.

Two internal examiners. External examiner is used periodically.