Budapest University of Technology and Economics, Faculty of Electrical Engineering and Informatics

The aim of the course is to provide students an insight into the security problems related to the operation of computer systems. The course also discusses the basics of attacks against computer systems and defense against them. By discussing the possibilities of implementing defense, the students get an insight into the basics of operating a security operations center. The course examines the security of both networks and endpoints, from the perspective of both the attacker and the defender.

A secondary objective of this course is to help students prepare for the Cisco Certified CyberOps Associate exam which can be taken at independent certification centers.

After introducing the basic threats the course material is the following:

• Cyber-attacks, roles: Introduction, basics of SIEMs (Security Incident and Event Monitoring), basics of SOCs (Security Operations Center)
• Widely used operating systems I.: Secure operations of Windows OS, CLI Shell
• Widely used operating systems II.: Secure operations of Linux OS, CLI, Shell
• Basic network protocols, vulnerabilities, countermeasures: Ethernet, IP, ARP, wireless networks, ICMP, NAT, TCP, UDP, DHCP, DNS
• Application level protocols, vulnerabilities, countermeasures: file sharing, email, web
• Basics of cryptography, secure routing, secure name resolution
• Network attacks and vulnerabilities: Penetration testing tools
• Network monitoring in attack detection
• Log collection and analysis
• Public intelligence collection
• End-point protection
• Forensics and event handling
• Midterm test
• Practical task

The course is realized through 4 hours of laboratory work per week, where the acquired theory is applied in practice. Therefore, students have to prepare week-by-week for the laboratory work at home, using mostly the online available material.

The rules of assessments are the following (in accordance with the current rules of BME (TVSz)):

During the semester:

• Participation: The participation at the laboratory classes is obligatory. They can be missed up to two times (counting 14 teaching weeks and 4x45 minute long laboratory classes a week, a minimum of 85% participation is required). The absences need to be replaced.
• Entry tests: Preliminary preparation will be checked at the beginning of each laboratory class. The participation requires a sufficient level of knowledge. If a student fails this test, the laboratory work cannot be started, and it is administrated as a missed class participation, thus it has to be replaced. The preliminary preparation is checked on the 70% of the weeks (max. 10 times) in form of entry tests.
• Midterm test: During the semester the writing of a written examination is required at a sufficient level. This is done in the place and time of the class. The midterm test can be recapped as described in the "Recaps".
• Practical task: At the end of the semester, a complex practical exercise has to be solved in the place and time of the class. It is required to solve this task at a sufficient level. The practical task can be recapped as described in the "Recaps".
• The midterm test and the practical task are evaluated in percentage results. When the above conditions are satisfied, the grade is determined according to the mean value of the midterm test and the practical task results. The grade is calculated using the following ranges:

0-49 %          fail (1)
50-59 %        satisfactory (2)
60-69 %        medium (3)
70-84 %        good (4)
85-100 %      excellent (5)

During the exam period: -

Other remarks

The synopsis of this course is based on the Cisco Cyberops Associate course with modification to fit to the university requirements.

• Participation and entry tests: maximum two missed lessons (due to absences or insufficient preparation) can be replaced at a dedicated date (during the semester, or in the replacement week). (3 or more absences cannot be replaced, thus in this case the subject cannot be accomplished.)
• Practical task: The practical task can be replaced in the designated replacement time (during the semester or the replacement week).
• Midterm test: The midterm test can be replaced in the designated replacement time (during the semester or the replacement week).

If required, we provide a consultation opportunity at an agreed time.