Cybersecurity Operations Fundamentals

A tantárgy neve magyarul / Name of the subject in Hungarian: Számítógépes rendszerek biztonságos üzemeltetése

Last updated: 2021. április 19.

Budapest University of Technology and Economics
Faculty of Electrical Engineering and Informatics
Course ID Semester Assessment Credit Tantárgyfélév
VIHIAV43   0/0/4/f 4  
3. Course coordinator and department Dr. Holczer Tamás,
4. Instructors

Név:

Beosztás:

Tanszék, Int.:

 Dr. Holczer Tamás

 assisstant professor

 Department of Networked Systems and Services

 Ládi Gergő

 PhD student

 Department of Networked Systems and Services

5. Required knowledge computer networks, operating systems, basics of IT security
6. Pre-requisites
Ajánlott:

Communication Networks I. (VIHIAB01) or equivalent and Administering Computer Networks in Practice I (VIHIAV39) are recommended but not required. Intermediate knowledge of English is required.

7. Objectives, learning outcomes and obtained knowledge

The aim of the course is to provide students an insight into the security problems related to the operation of computer systems. The course also discusses the basics of attacks against computer systems and defense against them. By discussing the possibilities of implementing defense, the students get an insight into the basics of operating a security operations center. The course examines the security of both networks and endpoints, from the perspective of both the attacker and the defender.

A secondary objective of this course is to help students prepare for the Cisco Certified CyberOps Associate exam which can be taken at independent certification centers.

8. Synopsis

After introducing the basic threats the course material is the following:

  • Cyber-attacks, roles: Introduction, basics of SIEMs (Security Incident and Event Monitoring), basics of SOCs (Security Operations Center)
  • Widely used operating systems I.: Secure operations of Windows OS, CLI Shell
  • Widely used operating systems II.: Secure operations of Linux OS, CLI, Shell
  • Basic network protocols, vulnerabilities, countermeasures: Ethernet, IP, ARP, wireless networks, ICMP, NAT, TCP, UDP, DHCP, DNS
  • Application level protocols, vulnerabilities, countermeasures: file sharing, email, web
  • Basics of cryptography, secure routing, secure name resolution
  • Network attacks and vulnerabilities: Penetration testing tools
  • Network monitoring in attack detection
  • Log collection and analysis
  • Public intelligence collection
  • End-point protection
  • Forensics and event handling
  • Midterm test
  • Practical task
9. Method of instruction

The course is realized through 4 hours of laboratory work per week, where the acquired theory is applied in practice. Therefore, students have to prepare week-by-week for the laboratory work at home, using mostly the online available material.

10. Assessment

The rules of assessments are the following (in accordance with the current rules of BME (TVSz)):

During the semester:

  • Participation: The participation at the laboratory classes is obligatory. They can be missed up to two times (counting 14 teaching weeks and 4x45 minute long laboratory classes a week, a minimum of 85% participation is required). The absences need to be replaced.
  • Entry tests: Preliminary preparation will be checked at the beginning of each laboratory class. The participation requires a sufficient level of knowledge. If a student fails this test, the laboratory work cannot be started, and it is administrated as a missed class participation, thus it has to be replaced. The preliminary preparation is checked on the 70% of the weeks (max. 10 times) in form of entry tests.
  • Midterm test: During the semester the writing of a written examination is required at a sufficient level. This is done in the place and time of the class. The midterm test can be recapped as described in the "Recaps".
  • Practical task: At the end of the semester, a complex practical exercise has to be solved in the place and time of the class. It is required to solve this task at a sufficient level. The practical task can be recapped as described in the "Recaps".
  • The midterm test and the practical task are evaluated in percentage results. When the above conditions are satisfied, the grade is determined according to the mean value of the midterm test and the practical task results. The grade is calculated using the following ranges:

0-49 %          fail (1)
50-59 %        satisfactory (2)
60-69 %        medium (3)
70-84 %        good (4)
85-100 %      excellent (5)

During the exam period: -

Other remarks

The synopsis of this course is based on the Cisco Cyberops Associate course with modification to fit to the university requirements.

11. Recaps
  • Participation and entry tests: maximum two missed lessons (due to absences or insufficient preparation) can be replaced at a dedicated date (during the semester, or in the replacement week). (3 or more absences cannot be replaced, thus in this case the subject cannot be accomplished.)
  • Practical task: The practical task can be replaced in the designated replacement time (during the semester or the replacement week).
  • Midterm test: The midterm test can be replaced in the designated replacement time (during the semester or the replacement week).
12. Consultations

If required, we provide a consultation opportunity at an agreed time.

13. References, textbooks and resources Ross J. Anderson, "Security Engineering: A guide to building dependable distributed systems", Wiley, 2010
J. Harris, "Cisco Security Little Black Book", Dreamtech Press, 2002
O. Santos, J. Muniz, S. D. Crescenzo, „CCNA Cyber Ops", Cisco Press, 2017
O. Santos, „Cisco CyberOps Associate", Cisco Press, 2020

14. Required learning hours and assignment

Classes

56

Preparation for classes

28

Preparation for midterm test

24

Preparation for the practical task

12

Learning of prescribed materials

 

Preparation for the exam

 

Total

120

IMSc program

Név:

Beosztás:

Tanszék, Int.:

Dr. Holczer Tamás

assistant professor

Department of Networked Systems and Services

Ládi Gergő

PhD student

Department of Networked Systems and Services

Dr. Farkas Károly

associate professor

Department of Networked Systems and Services