CNIT 50: Network Security Monitoring

Proposed for Fall 2017 Sam Bowne

1 unit

Catalog Description

Learn modern, powerful techniques to inspect and analyze network traffic, so you can quickly detect abuse and attacks and respond to them. This class covers the configuration and use of Security Onion, a popular open-source Linux distribution designed for network security monitoring.

Advisory: CNIT 106 and 120, or comparable understanding of networking and security concepts.

Course Justification

Firewalls and antivirus are not enough to protect modern computer networks--abuse and attacks are common and cannot be prevented. Instead, networks are now monitored to detect security incidents, and security teams respond to them to limit the harm they cause. This class prepares students for jobs in monitoring and incident response, providing skills that are in high demand.

This course is part of the Advanced Cybersecurity Certificate.

Student Learning Outcomes

Upon successful completion of this course, the student will be able to:
  1. Explain the importance of network security monitoring and compare it to other types of defenses, such as firewalls
  2. Implement and configure Security Onion to detect abuse and attacks on networks
  3. Detect intrusions on the server-side and client-side of networks, and respond effectively to limit the damage they cause


"The Practice of Network Security Monitoring: Understanding Incident Detection and Response" by Richard Bejtlich, No Starch Press; 1 edition (July 26, 2013), ASIN: B00E5REN34 Buy from Amazon

Lecture Notes

Part 1: Getting Started

1. Network Security Monitoring Rationale
2. Collecting Network Traffic: Access, Storage, and Management

Part 2: Security Onion Deployment

3. Standalone NSM Deployment and Installation
4. Distributed Deployment
5. SO Platform Housekeeping


6. Command Line Packet Analysis Tools
7. Graphical Packet Analysis Tools
8. NSM Console

NSM in Action

9. NSM Operations
10. Server-side Compromise
11. Client-side Conpromise
12. Extending SO
13. Proxies and Checksums

Projects (In Development)

Downloading the Virtual Machines

Download VMware Player

Back to Top


Last Updated: 5-8-17