INF5004NSA - Intrusion detection and firewalls

Course content - Learning outcomes - Admission - Prerequisites - Overlap - Teaching - Exam information - Other information - Contact us

Facts about this course:
Credits:	10
Level:	Advanced course at master's level
Teaching semester:	Every autumn semester
Examination semester:	Every autumn semester
Language of instruction:	English
Administrated by:	Department of Informatics (Ifi)

Course content

Threats to security from the network
Security strategies and policies
Firewall architecture
Intrusion-detection systems (snort)
Pattern matching and artificial intelligence versus computer immunology
Reading and analyzing log files and audits (Perimeter logs)
IP-spoofing and sequence guessing
Malicious ICMP activity and router/switch poisoning
Use of TCPdump for protocol analysis
Denial of Service attacks, structure, detecting and preventing
IPSec filters, Windows filtering, IP filters in Linux and BSD.
Anomaly detection: research directions.
IETF XML standard for exchange of intrusion information.

Learning outcomes

The aim of this course is to build further on the grounding of principles in the earlier security courses, and to apply those principles to currently popular technologies such as firewalls and intrusion detection systems, widely sold as commerical solutions. Students will construct and adapt firewalls and intrusion detectors and analyse their architectures

Admission

The course is for students on the master programme in Network and System Administration.

Prerequisites

No obligatory prerequisites beyond the minimum requirements for entrance to higher education in Norway.

Overlap

The course is equivalent to MS004A at Oslo University College.

Teaching

2 hours of lectures and 4 hours lab work each week.

The course will be taught at Oslo University College (Room P35-PH24, Datalab2, Oslo University College).

Exam information

Written exam (70% of the grade) and home exam/lab assignment (30% of the grade). Both assignment and written exam must be passed in the same semester. General information about the examination.

Assessment and grading

Course grades are awarded on a descending scale using alphabetic grades from A to E for passes and F for fail. Read more about the grading system .

Possibility of make-up exams and re-takes

This subject does not offer new examination in the beginning of the subsequent term for candidates who withdraw during an ordinary examination or fail an ordinary examination. For general information about new examination, see http://www.mn.uio.no/studier/admin/eksamen/utsatt-og-ny-eksamen/index.html and http://www.mn.uio.no/english/studies/admin/examination/retaking-examinations/

Withdrawing from exams and limits on re-takes

A student can sit for this exam up to 3 times. If a student wishes to withdraw from the exam, s/he must do this in StudentWeb at least two weeks prior to the first day of the exam. Failure to do so will be counted as one of the three opportunities to sit for the exam.

Other information

It is strongly recommended to attend the first lecture since it will be given important information.

Contact us

Department of Informatics (Ifi)

Visiting address:
Informatics builidng, First floor, room 2316, Gaustadalléen 23

Visiting hours:
Monday-friday 12:00-15:00

Postal address:
P.o.Box 1080, Blindern
NO-0316 Oslo

Phone: +47 22 85 24 10
Fax: +47 22 85 24 01
E-mail: studieinfo@ifi.uio.no
Web: http://www.mn.uio.no/ifi/english/