Course Syllabus Revised: Dec. 20, 2011.



Similar documents
Applied Information Technology Department

IT 106 Introduction to IT Problem Solving Using Computer Programming revised

IT 101 Introduction to Information Technology

TCOM 562 Network Security Fundamentals

Syllabus: IST451. Division of Business and Engineering. Penn State Altoona

The University of Akron Department of Mathematics. 3450: COLLEGE ALGEBRA 4 credits Spring 2015

CSCI-599 DATA MINING AND STATISTICAL INFERENCE

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

IT 415 Information Visualization Spring Semester

Professor: Dr. Esra Memili Office: 370 Bryan Office Hours: Monday 2:00-6:00pm and 8:50-9:50pm, and by appointment

Common Syllabus Revised

SYST 371 SYSTEMS ENGINEERING MANAGEMENT

Deep Security/Intrusion Defense Firewall - IDS/IPS Coverage Statistics and Comparison

Applied Network Security Course Syllabus Spring 2015

Deep Security Intrusion Detection & Prevention (IDS/IPS) Coverage Statistics and Comparison

MKT 300 Marketing Management Spring 2011 Course Syllabus

MAT Elements of Modern Mathematics Syllabus for Spring 2011 Section 100, TTh 9:30-10:50 AM; Section 200, TTh 8:00-9:20 AM

UVA IT3350 Syllabus Page 1

Organizational Communication Training and Development Spring Office Hours: MWF 10:30 11:00, 12:00 1:00 and 4:15 5:30 p.m. and by appointment

A NOVEL APPROACH FOR PROTECTING EXPOSED INTRANET FROM INTRUSIONS

Academic Calendar Arkansas State University - Jonesboro

COURSE SYLLABUS. Instructor Background: M.S. Computer Information Systems, Nova Southeastern University

Syllabus: AIT Information Systems Infrastructure Lifecycle Management

MGSC 590 Information Systems Development Course Syllabus for Spring 2008

Course Title: ITAP 3471: Web Server Management

OPERATIONS MANAGEMENT (OM335: 04285, 04290)

MGT 3361 Project Management

ACG (10061) INTERMEDIATE THEORY III (3 credit hours) Tentative Syllabus spring 2012 Class hours: Wednesdays, 7:10 p.m. 10:00 p.m.

MATH 2412 PRECALCULUS SPRING 2015 Synonym 26044, Section 011 MW 12:00-1:45, EVC 8106

ACADEMIC CALENDAR FOR DIVISION OF MEDICAL SCIENCES AT HARVARD MEDICAL SCHOOL GRADUATE SCHOOL OF ARTS AND SCIENCES Ph.D.

MAT225 Differential Equations Spring 2016

CS 340 Cyber Security Weisberg Division of Computer Science College of Information Technology & Engineering Marshall University

PEABODY COLLEGE ACADEMIC CALENDAR

Course Syllabus PEHR 2990 Intro to Intercollegiate Athletic Administration Dixie State College of Utah Spring 2013

MAT150 College Algebra Syllabus Spring 2015

Select One: New Delete Course Modification

MATHEMATICAL TOOLS FOR ECONOMICS ECON SPRING 2012

CS/CEL 4750 Software Engineering II Spring 2014 ONLINE/HYBRID Course Delivery

BCM :00-12:15 p.m. 1:30-3:35 p.m. Wednesday 10:00-12:00 noon

Introduction to Computer Forensics Course Syllabus Spring 2012

SYLLABUS MIS 6713: Delivering Business Value through Information Systems Fall 2014

Accounting : Accounting Information Systems and Controls. Fall 2015 COLLEGE OF BUSINESS AND INNOVATION

STUDENT ASSESSMENT TESTING CALENDAR

ACADEMIC CALENDAR June 2016

GEOG 5200S Elements of Cartography : Serving the Community Through Cartography Spring 2015

1. COURSE DESCRIPTION

MATH 1080-Sec 003: Polynomial Calculus Fall 2015

FI 630 Financial Management I

ORANGE COUNTY COMMUNITY COLLEGE FINAL as of MARCH 10, 2015 ACADEMIC YEAR CALENDAR FALL SEMESTER 2015

Mathematics Spring Branch Campus

LIM COLLEGE UNDERGRADUATE ACADEMIC CALENDAR

SCHOOL OF MANAGEMENT

ACADEMIC YEAR CALENDAR FALL SEMESTER First Half-Semester Courses

registration time and day. Priority registration available on Fall Registration Open for Degree-Seeking Students

Official Census Dates. Official Drop and Withdrawal Dates

UNIVERSITY OF DAYTON DAYTON OHIO ACADEMIC CALENDAR (Subject to Change)

ACCY 2001 Intro Financial Accounting Fall 2014

MGT 3361 Project Management

University of Colorado Denver College of Engineering & Applied Science CVEN 5235 Advanced Construction Engineering

Syllabus -- Spring 2016 Juvenile Justice (CRJU CRN 7031)

CENTRAL OHIO TECHNICAL COLLEGE COLLEGE CALENDAR* Page 1

Required Text Schacter, Daniel L. Introducing Psychology with Updates on DSM-5 (2nd ed.). Worth Publishers. (2014).

Training Assessments Assessments NAEP Assessments (selected sample)

CSC 474 Information Systems Security

Official Census Dates. Official Drop and Withdrawal Dates

Open Source Security Tools for Information Technology Professionals

Rupinder Singh, Dr. Jatinder Singh

Rollins College Entrepreneurial and Corporate Finance BUS 320- H1X

SOUTHWEST COLLEGE Department of Mathematics

Brown University Department of Economics Spring 2015 ECON 1620-S01 Introduction to Econometrics Course Syllabus

Research Methods in Psychology (PSYC 2301) January Term 2016 SMU-in-Taos

FIN 357 BUSINESS FINANCE

Course: ITM 125.C2 Course Title: Essentials of Business Information Systems Spring C2 2012

Business Administration Online Course - Plagiarism and Fraud

Entrepreneurship MGMT 3183 WEB Assisted Online Course Syllabus Summer 2011

The University of Texas at Austin Department of Civil, Architectural and Environmental Engineering

Course Syllabus. Course code: Academic Staff Specifics. Office Number and Location

IDOs, Squad Leaders, and Corpsmen Report for INDOC Training ( ) Mon August 8. Faculty Academic Year Obligation Begins Mon August 8

PSY 303, Mehta, Spring 2014 Page 1

2016 Examina on dates

SYLLABUS: MKT , Monday evening 4:00-6:30pm; BU124 Spring Semester, 2012

BAKERSFIELD COLLEGE. Elementary Probability and Statistics. Math B22 CRN SPRING 2016

CS 464/564 Networked Systems Security SYLLABUS

NETWORK SECURITY (W/LAB) Course Syllabus

INFM 700: Information Architecture

COURSE INFORMATION. Biology 224 Anatomy & Physiology Spring, 2014

MCS5813 Cryptography Spring and select CRN 3850

(575) and by prior appointment nmsu. edu

IST639 Enterprise Technologies Course Syllabus Spring 2014

UVic Department of Electrical and Computer Engineering

Elmer E. O Banion Science Building Room. Office Phone: FAX:

to set up appointments at other times. SYLLABUS

Practical Intrusion Analysis

Analytical Chemistry Lecture - Syllabus (CHEM 3310) The University of Toledo Fall 2012

Transcription:

CFRS 663/TCOM 663 Operations of Intrusion Detection and Forensics Department of Electrical and Computer Engineering George Mason University Spring, 2012 Course Syllabus Revised: Dec. 20, 2011. Instructor Dr. Kafi Hassan Email: khassan1@gmu.edu Telephone: (703) 592-8211 Office Hours: By email, phone or by appointment only Office Location: Engineering Building, Room 3707 Teaching Assisting TBD Email: TBD Telephone: TBD Office Hours: TBD Office Location: TBD Location & Time Operation of Intrusion Detection for Forensic - 12830 - CFRS 663-001 Operation of Intrusion Detection for Forensic - 12835 - TCOM 663-001 Location: Nguyen Engineering Building 1505 Time: Wednesday 4:30 PM.-07:10 PM. Textbooks Title: Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century

Author: Ryan Trost Publisher: Addison-Wesley Professional Pub. Date: June 24, 2009 Print ISBN-10: 0-321-59180-1 Print ISBN-13: 978-0-321-59180-7 Web ISBN-10: 0-321-59189-5 Web ISBN-13: 978-0-321-59189-0 Additional Resources: 1. Bace, Becky. Intrusion Detection. Sams. 1st edition. 1999. 2. Caswell, Brian, Snort 2.1 Intrusion Detection, Second Edition. Syngress. 2004. 3. Rehman, Rafeeq. Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID. Prentice Hall. 2003. 4. Rash, Mike. Intrusion Prevention and Active Response: Deploying Network and Host IPS. Syngress. 2005. 5. Northcutt, Stephen. Network Intrusion Detection, 3rd Edition. New Riders. 2003. 6. Northcutt, Stephen. Intrusion Signatures and Analysis. New Riders. 2001. 7. Mohay, George. Computer and Intrusion Forensics. Artech House Publishers. 2003. 8. Marchette, David. Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint. Springer. 2001. 9. Kohlenberg, Toby Snort IDS and IPS Toolkit, Syngress, 2007 10. Archibald, Neil, et. al. Nessus, Snort, & Ethereal Power Tools Customizing Open Source Security Applications Syngress, 2005 Course Description 663 Operations of Intrusion Detection and Forensics (3:3:0) Introduces students to network and computer intrusion detection and its relation to forensics. The class addresses intrusion detection architecture, system types, packet analysis, and products. It also presents advanced intrusion detection topics such as intrusion prevention and active response, decoy systems, alert correlation, data mining, and proactive forensics. Prerequisites TCOM 509, 529, and a working knowledge of computer programming. Course Objectives At the conclusion of this course the student will have learned why and how intrusion detection systems are used and how they are applied in the forensics area. The student will also know how to implement an intrusion detection system, analyze packets, and construct signatures. The student will also have advanced knowledge of prevention and response technologies and other leading areas of research in intrusion detection and forensics. Grading Raw scores may be adjusted to calculate final grades. Grades will be assessed on the following components:

Homework Assignments: 30% Practical IDS Exercises Assignments: 30% Final Exam: 40% These components are outlined in the following sections. Homework Assignments: 1. Homework 1 - Research 3 open source/free intrusion detection products and 3 commercial intrusion detection products. Write 200 words on each product that summarizes how the product operates, the type of attacks it can detect, how you would use this product in your architecture, and any other pertinent information about the product. Because we will be discussing it in class, do not include Snort as one of your products. This is an individual homework please remember the honor code. This homework is due before class on Feb. 8. 2. Homework 2 This home work will be posted on the Blackboard website and will be due by class time on March 28. 3. Homework 3 This home work will be posted on the Blackboard website and will be due by class time on April 18. Practical IDS Exercise Assignments: Three practical IDS forensic exercises will be assigned throughout the semester. 1. Hands-on Exercise 1: TCPDump/Wireshark - Hands-on Exercise 1 contains practical exercises that will familiarize you with the TCPDump and Wireshark network analyzers. For each exercise you should have 2 Aterm windows open on your desktop. This will allow you to generate traffic in one window and analyze the traffic in another window. This hands-on exercise is due before class on Feb. 22. 2. Hands-on Exercise #2: Snort IDS - Hands-on Exercise 2 contains practical Snort IDS exercises that will familiarize you with the Snort Intrusion Detection System. For each exercise you should have 2 shell windows open on your computer. Having two shell windows will allow you to generate traffic in one window and analyze the traffic in another window. Instructions will be provided to you and you will open two shell (Aterm) windows. This hands-on exercise is due before class on April 11. 3. Hands-on Exercise #3: IDS Log Analysis - Hands-on Exercise 3 contains practical IDS log analysis exercises that allows you to analyze IDS forensic logs file using software programming scripts. This hands-on exercise is due before class on April 25. All homework and hands-on exercise assignments are due on the dates and times defined on the Blackboard assignment tap and they must be submitted on the Blackboard. Late assignments will

be assessed a penalty of 25% of the assignment grade for each week or part there of it is late. No homework or hands-on assignment will be accepted after the third week. Final exam The Final exam will be in-class exam and will cover materials discussed in class. Schedule Date Week Topic Chapters Assignments Jan. 25 1 Course overview, Network Overview, and 1 TCP/IP review 1 Feb. 2 Monitoring Network-Analysis Tools Packet 2 Sniffing, Packet Analysis Part 1 8 Feb. 3 Intrusion Detection Systems IDS 3 HW 1 due Groundwork: Packet Analysis Part 2 15 Feb. 4 Fundamentals of IDS Part 1: Lifecycle of a 4 Vulnerability 22 Feb. 5 Fundamentals of IDS Part 2: Proactive Intrusion Prevention and Response via Attack 5 Hands-on Exercise 1 due Graphs Topological Vulnerability 29 Feb. 6 Network Flows and Anomaly Detection IP 6 Data Flows 7 Mar. 7 Introduction to Snort: Overview, Snort 7 Signatures and Operational Theory, Analysis Web Application Firewalls Web Threat 14 Mar. 8 Spring Recess 8 21 Mar. 9 Wireless IDS/IPS 9 28 Mar. 10 Physical Intrusion Detection for IT, origins of 10 HW 2 due Physical Security, Advanced Intrusion Detection and Intrusion Prevention Techniques 4 Apr. 11 Intrusion Detection Current Uses of Geocoding, Alert Correlation for Incident and 11 Forensic Analysis 11 Apr. 12 Visual Data Communications Introduction to Visualization, Advanced IDS Methods for Behavior Analysis and Proactive Forensics 12 Hands-on Exercise 2 due 18 Apr. 13 Advanced IDS 25 Apr. 14 Advanced IDS HW 3 due 2 May 15 Final Exam Review 9 May 16 Final Exam (Final research paper submission) This schedule is subject to revision before and throughout the course. Call 703-993-1000 for recorded information on campus closings (e.g. due to weather).

Attendance Policy Students are expected to attend each class, to complete any required preparatory work (including assigned reading) and to participate actively in lectures, discussions and exercises. As members of the academic community, all students are expected to contribute regardless of their proficiency with the subject matter. Students are expected to make prior arrangements with Instructor if they know in advance that they will miss any class and to consult with the Instructor if they miss any class without prior notice. Departmental policy requires students to take exams at the scheduled time and place, unless there are truly compelling circumstances supported by appropriate documentation. Except in such circumstances, failure to attend a scheduled exam may result in a grade of zero (0) for that exam. Communications Communication on issues relating to the individual student should be conducted using email or telephone. Email is the preferred method for urgent messages, you should also attempt to contact the Instructor via telephone. Email messages from the Instructor to all class members will be sent to students' GMU email addresses if you use another email account as your primary address, you should forward your GMU email to that account. Lecture slides are complements to the lecture process, not substitutes for it. Access to lecture slides will be provided as a courtesy to students provided acceptable attendance is maintained. Honor Code Students are required to be familiar and comply with the requirements of the GMU Honor Code [1]. The Honor Code will be strictly enforced in this course. All assessable work is to be completed by the individual student. Students must NOT collaborate on the project reports or presentation without explicit prior permission from the Instructor. Office of Disability Services If you are a student with disability and you need academic accommodations, please see me and contact the Office of Disability Services (ODS) at 993-2474. All academic accommodations must be arranged through the ODS.

Key Dates * : January 1 Day of Week Sunday Martin Luther King Day (no classes) Mon Jan 16 First day of classes; last day to submit Domicile Reclassification Application; Payment Due Date; full semester waitlists removed Mon Jan 23 Last day to drop with no tuition penalty Tues Jan 31 Last day to add classes all individualized section forms due Tues Jan 31 Last day to drop with a 33% tuition penalty Tues Feb 14 Last day to drop with a 67% tuition penalty Fri Feb 24 Last day to drop Fri Feb 24 Last day to file your Spring 2012 Graduation Intent Fri Feb 24 Spring Break Mon Mar 12 - Sun Mar 18 Last day of classes Sat May 5 Reading Days Exam Period (beginning at 7:30 a.m.) Mon May 7 & Tue May 8 Wed May 9 - Wed May 16 Commencement and Degree Conferral Date May 19, 2012 * These Key Dates are from http://registrar.gmu.edu/calendars/2012spring.html Make sure that you check and verify on the official GMU Registrar Web page for updated and latest date information. [1] Available at www.gmu.edu/catalog/apolicies/honor.html and related GMU Web pages.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information