Ficha

Versión en español

Course: 2025/2026

Cyber defense systems

(12388)

Master in Cybersecurity (Plan: 325 - Estudio: 288)

EPI

Coordinating teacher: PASTRANA PORTILLO, SERGIO

Department assigned to the subject: Computer Science and Engineering Department

Type: Compulsory

ECTS Credits: 6.0 ECTS

Course: 1º

Semester: 1º

Objectives

Design sensing strategies for various components of a networked system and analyze observed events during a specific attack to identify those of significance. Identify attack characteristics and likely sources by analyzing a system subjected to different types of attacks. Conduct system analysis to uncover evidence of attacks and implement appropriate measures to preserve the chain of custody of said evidence. Propose effective countermeasures once an attack and its source have been identified, justifying their effectiveness. Evaluate network segmentation (zoning) strategies and design corresponding traffic filtering policies. Design and assess measures for user identification and authentication, as well as the management of digital identities and associated access authorizations. Conceive, design, implement, and maintain a comprehensive cyber defense system tailored to a specific context. Interpret and apply technical regulations and legal frameworks related to cybersecurity, considering their impact on system design and the deployment of security tools. Design and evaluate secure architectures for systems and networks.

Learning Outcomes

Link to document

Description of contents: programme

Cyber Defense Systems: 1. Introduction to Cyber Defense 2. Local sensors: Audit and analysis of events 2.1. Management of users and accesses 2.2. Analysis of security logs 3. Firewall and network segmentation: 3.1. Fundamentals of traffic filtering 3.2. Types of firewalls 3.3. Network segmentation 4. Detection and prevention of attacks 4.1. Signature detection 4.2. Anomaly detection 4.3. Automated response to intrusion attacks 5. Security Information and Event Management (SIEM) 5.1. Introduction and SIEMs architectures 5.2. Aggregation and correlation rules 5.3. Intrusion detection networks 5.4. Strategies for network sensing

Learning activities and methodology

The course will consists of the following elements: -- Master classes -- Lab Sessions -- Practical Exercises -- Lab Assignments -- Tutoring

Assessment System

% end-of-term-examination/test 40
% of continuous assessment (assigments, laboratory, practicals...) 60

Calendar of Continuous assessment

The assessment system is based on practical laboratories in groups, as well as a individual final exam. Specifically, the assessment of the subject is split into:
- Continuous assessment (60% of the final mark)
- Final Exam (40% of the final mark). A minimum mark of 3.5 out of 10 points is required.

The extraordinary assessment will be based on a single exam weighting 100% of the final mark. This exam will include questions regarding the labs.

Basic Bibliography

P.W. Singer . Cybersecurity and Cyberwar: What Everyone Needs to Know. Oxford University Press . 2014
Anton A. Chuvakin, Kevin J. Schmidt. Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management. Syngress. 2012
Brian Caswell, Jay Beale, Andrew Baker. Snort Intrusion Detection and Prevention Toolkit. Syngress. 2007
Chris Sanders, Jason Smith. Applied Network Security Monitoring: Collection, Detection, and Analysis. Syngress. 2013
David R. Miller , Shon Harris, Allen Harper, Stephen VanDyke, Chris Blask. Security Information and Event Management (SIEM) Implementation . Network Pro Library. 2010
Dobromir Todorov. Mechanics of User Identification and Authentication: Fundamentals of Identity Management . Auerbach Publications . 2007
J. Michael Stewart. Network Security, Firewalls And Vpns. Jones & Bartlett Learning. 2013
Richard Bejtlich. The Practice of Network Security Monitoring: Understanding Incident Detection and Response. No Starch Press. 2013
Timur Mehmet . Firewall Hacking Secrets For Security Professionals. HackerStorm.com Publishing. 2013

The course syllabus may change due academic events or other reasons.