Checking date: 19/05/2025 21:03:39


Course: 2025/2026

Cyber defense systems
(12388)
Master in Cybersecurity (Plan: 325 - Estudio: 288)
EPI


Coordinating teacher: PASTRANA PORTILLO, SERGIO

Department assigned to the subject: Computer Science and Engineering Department

Type: Compulsory
ECTS Credits: 6.0 ECTS

Course:
Semester:




Objectives
Design sensing strategies for various components of a networked system and analyze observed events during a specific attack to identify those of significance. Identify attack characteristics and likely sources by analyzing a system subjected to different types of attacks. Conduct system analysis to uncover evidence of attacks and implement appropriate measures to preserve the chain of custody of said evidence. Propose effective countermeasures once an attack and its source have been identified, justifying their effectiveness. Evaluate network segmentation (zoning) strategies and design corresponding traffic filtering policies. Design and assess measures for user identification and authentication, as well as the management of digital identities and associated access authorizations. Conceive, design, implement, and maintain a comprehensive cyber defense system tailored to a specific context. Interpret and apply technical regulations and legal frameworks related to cybersecurity, considering their impact on system design and the deployment of security tools. Design and evaluate secure architectures for systems and networks.
Learning Outcomes
Description of contents: programme
Cyber Defense Systems: 1. Introduction to Cyber Defense 2. Local sensors: Audit and analysis of events 2.1. Management of users and accesses 2.2. Analysis of security logs 3. Firewall and network segmentation: 3.1. Fundamentals of traffic filtering 3.2. Types of firewalls 3.3. Network segmentation 4. Detection and prevention of attacks 4.1. Signature detection 4.2. Anomaly detection 4.3. Automated response to intrusion attacks 5. Security Information and Event Management (SIEM) 5.1. Introduction and SIEMs architectures 5.2. Aggregation and correlation rules 5.3. Intrusion detection networks 5.4. Strategies for network sensing
Learning activities and methodology
The course will consists of the following elements: -- Master classes -- Lab Sessions -- Practical Exercises -- Lab Assignments -- Tutoring
Assessment System
  • % end-of-term-examination/test 40
  • % of continuous assessment (assigments, laboratory, practicals...) 60

Calendar of Continuous assessment


Basic Bibliography
  • P.W. Singer . Cybersecurity and Cyberwar: What Everyone Needs to Know. Oxford University Press . 2014
  • Anton A. Chuvakin, Kevin J. Schmidt. Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management. Syngress. 2012
  • Brian Caswell, Jay Beale, Andrew Baker. Snort Intrusion Detection and Prevention Toolkit. Syngress. 2007
  • Chris Sanders, Jason Smith. Applied Network Security Monitoring: Collection, Detection, and Analysis. Syngress. 2013
  • David R. Miller , Shon Harris, Allen Harper, Stephen VanDyke, Chris Blask. Security Information and Event Management (SIEM) Implementation . Network Pro Library. 2010
  • Dobromir Todorov. Mechanics of User Identification and Authentication: Fundamentals of Identity Management . Auerbach Publications . 2007
  • J. Michael Stewart. Network Security, Firewalls And Vpns. Jones & Bartlett Learning. 2013
  • Richard Bejtlich. The Practice of Network Security Monitoring: Understanding Incident Detection and Response. No Starch Press. 2013
  • Timur Mehmet . Firewall Hacking Secrets For Security Professionals. HackerStorm.com Publishing. 2013

The course syllabus may change due academic events or other reasons.