CNIT 50: Network Security Monitoring

Spring 2019 Sam Bowne

Sat 1:10-4:00 PM SCIE 303 CRN 39097

Schedule · Lecture Notes · Projects · Links · Home Page

logo

Description

Learn modern, powerful techniques to inspect and analyze network traffic, so you can quickly detect abuse and attacks and respond to them. This class covers the configuration and use of Splunk, the industry standard for network security monitoring. This class helps to prepare for Splunk Core Certified User certification.

Advisory: CNIT 106 and 120, or comparable understanding of networking and security concepts.

Course Justification

Firewalls and antivirus are not enough to protect modern computer networks--abuse and attacks are common and cannot be prevented. Instead, networks are now monitored to detect security incidents, and security teams respond to them to limit the harm they cause. This class prepares students for jobs in monitoring and incident response, providing skills that are in high demand. This course is part of the Advanced Cybersecurity Certificate.

Textbook

There is no textbook for this class. Instead, we will use this free online course:

Splunk Fundamentals 1

Quizzes

The quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts If you take the quiz twice, the second score is the one that counts, not necessarily the higher score.

Quizzes are here:

https://canvas.instructure.com/courses/1399104

Live Streaming

You can attend class remotely using Zoom.

Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/4108472927
Meeting ID: 410-847-2927

The lectures start at 1:10 PM California time on Saturdays.

Classes will also be recorded and published on YouTube for later viewing.

Schedule

Date Due Topic

Sat 1-19  1 - What is Machine Data
2 - What is Splunk
3 - Installing Splunk

Sat 2-9 Quizzes 1-3, 4, 5, 6
Lab 3
4 - Getting Data In
5 - Basic Searching
6 - Using Fields

Sat 2-23 Quizzes 7, 8, 8
Labs 4, 5, 6
7 - Best Practices
8 - SPL Fundamentals
9 - Transforming Commands

Sat 3-16 Quizzes 10, 11, 12
Labs 7, 8, 9
10 - Reports and Dashboards
11 - Pivot and Datasets
12 - Lookups

Sat 4-6 Quiz 13
Labs 10, 11, 12, 13
13 - Scheduled Reports and Alerts
Review

Sat 4-27  Boss of the NOC CTF

Wed 5-15 -  
Wed 5-22
Final Exam available online throughout the week.
You can only take it once.

* Quizzes due 30 min. before class

Lectures

Policy

To access course materials,
including videos, lab instructions, and
review quizzes, register at this site:

Splunk Fundamentals 1

1 - What is Machine Data
2 - What is Splunk
3 - Installing Splunk 4 - Getting Data In
5 - Basic Searching
6 - Using Fields
7 - Best Practices
8 - SPL Fundamentals
9 - Transforming Commands
10 - Reports and Dashboards
11 - Pivot and Datasets
12 - Lookups
13 - Scheduled Reports and Alerts

Archived class materials (restricted access)

Links

SPLUNK CERTIFICATION Candidate Handbook

Get started with Search - Splunk Documentation
Splunk and the ELK Stack: A Side-by-Side Comparison
What on earth is 'Splunk' -- and why does it pay so much? (from 2017)
Splunk in 2 Charts: 85 of the Fortune 100 companies use Splunk (from 2017)
Splunk Core Certified User Test Blueprint

New Unsorted Links

Splunk Certification Flashcards | Quizlet

Last Updated: 12-5-18 8:19 am