This is a hands-on course that will survey network situational awareness techniques. The concept of network situational awareness is to develop a cogent set of observed network characteristics that will inform decision makers as to the wise course to take in defending the network (or more colloquially Know your network. Know the Internet. Know how they work together). The course will involve network investigation to include packet capture analysis and network flow analysis.
Lecture and project-based
MS / Ph.D. students interested in digital forensics
By the end of the course, students should perform the following:
- Demonstrate network analysis using Wireshark (tshark), tcpdump, Scapy, Snort, and/or SiLK to profile a network, and identify malicious behavior in support of the mission needs of an organization.
- Compare mission differences between Law Enforcement, Network Defense, and Intelligence for national security.
- Summarize security-community analysis and synthesize indicators of compromise (IOCs) in order to properly communicate to the C-suite, management, or other members of the security community.
- Begin creation of personal “brand” to use within the security community at large.
Faculty and instructors who have taught this course in the past