INF5004NSA - Intrusion detection and firewalls

Schedule, syllabus and examination date

Choose semester

Course content

  • Threats to security from the network
  • Security strategies and policies
  • Firewall architecture
  • Intrusion-detection systems (snort)
  • Pattern matching and artificial intelligence versus computer immunology
  • Reading and analyzing log files and audits (Perimeter logs)
  • IP-spoofing and sequence guessing
  • Malicious ICMP activity and router/switch poisoning
  • Use of TCPdump for protocol analysis
  • Denial of Service attacks, structure, detecting and preventing
  • IPSec filters, Windows filtering, IP filters in Linux and BSD.
  • Anomaly detection: research directions.
  • IETF XML standard for exchange of intrusion information.

Learning outcome

The aim of this course is to build further on the grounding of principles in the earlier security courses, and to apply those principles to currently popular technologies such as firewalls and intrusion detection systems, widely sold as commerical solutions. Students will construct and adapt firewalls and intrusion detectors and analyse their architectures

Admission

The course is for students on the master programme in Network and System Administration.

Prerequisites

Formal prerequisite knowledge

No obligatory prerequisites beyond the minimum requirements for entrance to higher education in Norway.

Overlapping courses

The course is equivalent to MS004A at Oslo University College.

Teaching

2 hours of lectures and 4 hours lab work each week.

The course will be taught at Oslo University College (Room P35-PH24, Datalab2, Oslo University College).

Examination

4 hours written exam.

Examination support material

All written aids are allowed.

Grading scale

Grades are awarded on a scale from A to F, where A is the best grade and F is a fail. Read more about the grading system.

Explanations and appeals

Resit an examination

Students who can document a valid reason for absence from the regular examination are offered a postponed examination at the beginning of the next semester.

Re-scheduled examinations are not offered to students who withdraw during, or did not pass the original examination.

Withdrawal from an examination

It is possible to take the exam up to 3 times. If you withdraw from the exam after the deadline or during the exam, this will be counted as an examination attempt.

Other

It is strongly recommended to attend the first lecture since it will be given important information.

Facts about this course

Credits

10

Level

Master

Teaching

Every spring

Examination

Every spring

Teaching language

English