INF5004NSA - Intrusion detection and firewalls
Schedule, syllabus and examination date
- Threats to security from the network
- Security strategies and policies
- Firewall architecture
- Intrusion-detection systems (snort)
- Pattern matching and artificial intelligence versus computer immunology
- Reading and analyzing log files and audits (Perimeter logs)
- IP-spoofing and sequence guessing
- Malicious ICMP activity and router/switch poisoning
- Use of TCPdump for protocol analysis
- Denial of Service attacks, structure, detecting and preventing
- IPSec filters, Windows filtering, IP filters in Linux and BSD.
- Anomaly detection: research directions.
- IETF XML standard for exchange of intrusion information.
The aim of this course is to build further on the grounding of principles in the earlier security courses, and to apply those principles to currently popular technologies such as firewalls and intrusion detection systems, widely sold as commerical solutions. Students will construct and adapt firewalls and intrusion detectors and analyse their architectures
The course is for students on the master programme in Network and System Administration.
Formal prerequisite knowledge
No obligatory prerequisites beyond the minimum requirements for entrance to higher education in Norway.
The course is equivalent to MS004A at Oslo University College.
2 hours of lectures and 4 hours lab work each week.
The course will be taught at Oslo University College (Room P35-PH24, Datalab2, Oslo University College).
4 hours written exam.
Examination support material
All written aids are allowed.
Grades are awarded on a scale from A to F, where A is the best grade and F is a fail. Read more about the grading system.
Explanations and appeals
Resit an examination
Students who can document a valid reason for absence from the regular examination are offered a postponed examination at the beginning of the next semester.
Re-scheduled examinations are not offered to students who withdraw during, or did not pass the original examination.
Withdrawal from an examination
It is possible to take the exam up to 3 times. If you withdraw from the exam after the deadline or during the exam, this will be counted as an examination attempt.
It is strongly recommended to attend the first lecture since it will be given important information.