Aktuella utvärderingar

Visa resultat

Här kan se resultatet från utvärderingen och exportera statistiken till ett annat program. Det går också att göra en enkel filtrering genom att klicka på svarsalternativen och kommentarerna eller en avancerad filtrering genom att använda knappen längst ned.

MPCSN 1213-3 Computer security, EDA263|DIT641

Status: Avslutad
Öppen för svar: 2013-03-15 - 2013-04-12
Antal svar: 42
Procent av deltagarna som svarat: 38%
Kontaktperson: Maria Sörner»
Utbildningsprogram som genomför enkäten: Datateknik 300 hp

Opening question

1. Which university do you belong to?

Some of our courses are taken jointly by students of the University of Gothenburg and Chalmers University of Technology. In order for us to be able to look at the answers of each student group separately, we would like you to indicate which university you are registered at.

41 svarande

University of Gothenburg»3 7%
Chalmers University of Technology»38 92%

Genomsnitt: 1.92

Your own effort

2. How many hours per week did you spend on this course?

We mean total time, that is, it comprises the time you spent in class and the time you spent on your own work. Try to estimate the average time over the entire study period.

42 svarande

At most 15 hours/week»16 38%
Around 20 hours/week»17 40%
Around 25 hours/week»5 11%
Around 30 hours/week»3 7%
At least 35 hours/week»1 2%

Genomsnitt: 1.95

- I read 4 other courses this period so the courses I feelt I understood best is those that I spent the smallest amount of time on. On average I spent around 2 hours on the lab each week in total and 6 hours for lectures and study.» (At most 15 hours/week)
- I should have put a lot more time into the course. I wanted to but things got in the way.» (At most 15 hours/week)
- The course was relatively easy » (At most 15 hours/week)
- I mostly spent time on the labs and on studying the book and slides one week before the exam.» (At most 15 hours/week)
- Most spent on some lectures in the beginning and then a lot on lab assignments. » (Around 25 hours/week)

3. How large part of the teaching offered did you attend?

42 svarande

0%»3 7%
25%»5 11%
50%»8 19%
75%»12 28%
100%»14 33%

Genomsnitt: 3.69

- I did not attend most because of another course with compulsory lectures.» (0%)
- I got other courses on the same time block» (25%)
- The lectures were very slow, so I skipped many.» (50%)
- Extremly booring lectures.» (100%)

Goals and goal fulfilment

The course syllabus states the course goals in terms of learning outcomes, i.e., knowledge, skills and attitudes to be acquired by the student during the course.

To review the learning outcomes for this course, click here. (Opens in new window)

4. How understandable are the course goals?

42 svarande

The goals are difficult to understand»2 4%
The goals give some guidance, but could be clearer»17 40%
The goals clearly describe what I am supposed to learn»23 54%

Genomsnitt: 2.5

- The goals don"t mention ethics, which was part of the exam.» (The goals are difficult to understand)
- They did not include ethics.» (The goals give some guidance, but could be clearer)
- Need to be clearer» (The goals give some guidance, but could be clearer)

5. Are the goals reasonable considering your background and the number of credits?

Answer this question and the succeeding one, only if you do know the course goals.

42 svarande

No, the goals are set too low»3 7%
Yes, the goals seem reasonable»37 88%
No, the goals are set too high»2 4%

Genomsnitt: 1.97

- With no prior specific knowledge in the area I found this course very well built as an introduction to comsec. » (Yes, the goals seem reasonable)
- Even on a bachelor level, the goals are reasonable.» (Yes, the goals seem reasonable)
- See previous comment.» (No, the goals are set too high)

6. Did the examination assess whether you have reached the goals?

42 svarande

No, not at all»10 23%
To some extent»19 45%
Yes, definitely»11 26%
I do not know/have not been examined yet»2 4%

Genomsnitt: 2.11

- Did not like the exam, it did not cover so much in the course and some questions were difficult to understand what they were after, like 1b. So I hope they are kind when they correct it.» (No, not at all)
- Only one exercice was interesting and pertinent in the examination : the one regarding Database where we had to think and analyse. Others questions were about stuff you are supposed to know by heart. I don"t see the point to learn more than the concept by heart.» (No, not at all)
- Exam did miss some of the important part of the course, like Cryptography and Authentication..» (No, not at all)
- The most boring and irrelevant exam I ever took» (No, not at all)
- The examination focus too much on the later part of the course contents, but it totally ignores the first few topics like authentication, cryptography. » (No, not at all)
- There were many important topics left out from the exams which were much more important to assess than what was asked. » (No, not at all)
- Stupid choice of question like ethics, its not on the course goals. And what I learned from metrics lecture was that its undefined» (To some extent)
- Too many focused questions for such a broad couse. (Few questions with a lot of points) » (To some extent)
- The exam missed what I assumed to be the central part of the course like encryption, different kind of attacks etc » (To some extent)
- Most of the questions are the same every year. Because of this, no solutions or answers to earlier exams are given. I believe this is a poor solution where it is enough to learn questions by heart rather than analyzing an actual problem. An excellent example of a good question is Q5 from 2012-03-08 where one must read code, point out security flaws and propose a solution.» (To some extent)
- See previous comment.» (To some extent)
- The exam covers very broadly the course contents and a lot of textbook knowledge. I was a bit surprised since previous exams were more technical and problem solving, but I find either way works. If I"d known that this one was so much textbook based, I would have studied in a different way though, reading more broadly and less in depth on many things. » (Yes, definitely)

Teaching and course administration

7. To what extent has the lectures been of help for your learning?

42 svarande

Small extent»9 21%
Some extent»14 33%
Large extent»13 30%
Great extent»6 14%

Genomsnitt: 2.38

- I did not attend most because of another course with compulsory lectures.» (Small extent)
- Boring lectures, left some important part out.» (Small extent)
- This is in my opinion one of the most interesting subjects in the world, but most of the lectures were dead boring. The course should be renamed to "computer security for suits".» (Small extent)
- The lecture slides were quite chaotic. The book helped a LOT more, when learning.» (Small extent)
- Probably due to the wide nature of the subject, most lectures were fuzzy and sometimes without substance. Several times, I felt like a lot of time went to saying obvious things with complicated words. (Rather, industry buzz words.)» (Small extent)
- I haven"t gone to a lot of lectures, but those I went to were among the best for learning and understanding that I"ve had in Chalmers courses. Good pace, enough details, and good slides.» (Some extent)

8. What do you think about the guest lecture, Security in the Telecom business?

38 svarande

Poor»2 5%
Fair»4 10%
Adequate»18 47%
Good»11 28%
Excellent»3 7%

Genomsnitt: 3.23 (bidrar till totalt genomsnitt/jämförelseindex)

- Didn"t attend» (?)
- It did not really interest me. But it"s nice to have a guest lecture non the less.» (Fair)
- I was there but don"t remember much of it. Can"t say it was bad nor great.» (Adequate)
- He wasn"t wery good at speaking in front of students, though interesting.» (Adequate)
- More guest lectures. More real problems! :)» (Excellent)
- This is what I want. Real world exploits and the mistakes that caused them. Insight into the work of a security analyst, tips about what one needs to think about etc. And I"m sure Magnus could have done this during the every lecture if the course had had a better focus. (i.e. less enterprise focus/suit stuff/buzzwords)» (Excellent)

9. What was the best about the lecture part of the course? What can be improved?

- Best: Up to date. Improved: Things related to policy, would be nice with a real life example with annotions»
- Organization of the lectures. Starting with the agenda for the current lecture.»
- The topic was very interesting»
- A bit annoying if I didnt attend the lecture I would miss what they wrote on the board.»
- Interesting and also some fun facts.»
- I remember the bell la padula lecture most clearly of all the lectures. This one was good for learning and I felt no need to study more on that part afterwards because I understood much from the lecture only. This is good. What can be improved is the whole theoretical part in the beginning with the C I and A things. It took me some time and I still had trouble defining them and answering questions. I don"t particularly like this type of theoretical framework and box diagrams but I suppose you have to do it that way when teaching introduction courses.»
- Informative but some should be more practical »
- Make them more exciting, Stop taking 10 minutes every lecture just writing up the agenda... »
- Good to write down the plan for the lecture on the board »
- They were slow and some concepts were explained too thourougly.»
- Magnus needs to manage the time a bit better.»
- The "real world glimpses", practical things such as database security, defensive programming, ... Improve: Don"t put such enormous focus on learning buzzwords and fancy terms. Clark-Wilson, seriously I still don"t know what that has to do with computer systems. And Erland needs to improve his english pronounciation.»
- It was way too slow»
- I like the mixture of blackboard, overhead and projector.»
- Make slides more informative, don"t put purple background (ALWAYS white, for printing). »
- I really like the lecturers (föreläsarna), and the subjects are generally dealt with in a structured - however sometimes lengthy - way. What I have a problem with is the topics and focus in the course. It feels like most of the content is only applicable to large corporations that handle a lot of information. It isn"t very hands-on. The reason given for this was that we aren"t allowed to learn about serious security flaws. This, however, is not what I am looking for. For example: give a list of notorious security flaws that are 10-20 years old. For each of them, firstly walk through the attacker"s point of view. Then take the victim"s/defender"s POV. While we actually looked at a few examples (ex. buffer overflow), I believe it is important to deal with a larger quantity. This would give a broader, more general _understanding_ of security. In conclusion: I am here at Chalmers because I like to think, analyze and solve problems. This is unfortunately not offered if the course is just focused at learning facts and such.»
- They have used black board more often, but If it is in slides itself, we will feel more comfortable to understand and learn»
- The course it was good. Sometimes the same argument was treated on different aspects. This broke the continuity of the explanation, when the lectures were far each other.»
- The usage of the blackboard toguether with the pdfs and even some transparencies, this keeps the class dinamic. The pace in some cases got maybe too slow.»
- Jokes»
- Linking the basics of computer security with real world examples really helped us in understanding better.»
- Magnus ways of trying to interact the student felt very good! Also the structure of the course.»

10. To what extent has the laboration time been of help for your learning?

42 svarande

Small extent»3 7%
Some extent»14 33%
Large extent»16 38%
Great extent»9 21%

Genomsnitt: 2.73

- The labs were almost not at all relevant to the exam content. » (Small extent)
- I knew most of the practical parts of the course already.» (Some extent)
- I felt stressed that you have to finish at school. I didn"t enjoy the lab assignments as much as I could have and didn"t learn as much as I could as well.» (Some extent)
- Labs were the best of this course» (Large extent)
- Labs were fun and informative.» (Large extent)
- Change lab 3! Rapport part was unclear and scanning was slow.» (Large extent)
- Overall easy but good labs. Interesting subjects» (Large extent)
- The lab was good for amateurs in this field. We had fun in the lab and learnt a lot!» (Large extent)
- Though, the openVas lab did not add to much to the learning. The report felt like a waste of time. The last lab was excellent!» (Great extent)
- I learned a lot from the labs and the teaching assistants were very helpful and also knew the subject well so I could discuss with them more than just the labs. They did a wonderful job. Only lab3 with the openVAS thing was traumatizing, both because things didn"t work and because I felt the instructions weren"t clear, the report wasn"t clear, things were missing and I didn"t know how to get much info out of my openVAS report. Passed finally anyway but that was a bit painful. » (Great extent)
- Lab 1 and 4 were good, 2 slightly unnecessary and 3 might have been ok if Chalmers computer resources had not been exactly as usual... useless...» (Great extent)

11. How was the Identification and Authentification lab?

42 svarande

Poor»1 2%
Fair»1 2%
Adequate»7 16%
Good»18 42%
Excellent»15 35%

Genomsnitt: 4.07

- My partner had no knowledge of C at all. He did not understand anything (what are pointers, what is bufferoverflow, what are signals and how do they work). However for the people who knew C this lab was a trivial task. The people that didn"t know anything learned nothing new and the ones that knew basic C and some system calls learned nothing new aswell.» (Poor)
- Too much code was provided, we were basically just filling in the blanks.» (Adequate)
- It helps a lot» (Good)
- Difficulties understanding which signals are of significance.» (Good)
- Buffer-overflows FTW! Also good to introduce a more security oriented programming mindset.» (Excellent)
- It looked a lot harder than it actually was. When I saw the C code and all the questions it made me think " I"m not going to be able to do this" but I did and it was reasonable (not too much work, not too difficult) and I learned much from it .» (Excellent)
- Hands-on. Nice!» (Excellent)

12. How was the GPG lab?

42 svarande

Poor»1 2%
Fair»1 2%
Adequate»9 21%
Good»23 54%
Excellent»8 19%

Genomsnitt: 3.85

- Very poor documentation. Hard to find answers. Only felt stressed and does not really demand our presence exactly those hours and could have been sent throughout a week or so from any Linux computer.» (Poor)
- The lab would have been trivial if we would have used a GUI front-end for GPG.» (Adequate)
- I"d like to remark that the solution to the questions about web of trust was not described in very much detail in the course material. Leading to pure speculation and confusion.» (Adequate)
- Acquiring signatures from other students was tedious, especially when you did something wrong and had to do it again. I think having two fake accounts available to use would have been a lot less complicated and just as good from a learning perspective.» (Adequate)
- There is a great need for a crypto-related lab and GPG fits that part. Might also increase the security for some of the students if they continue to use it.» (Excellent)
- This one, like the one before, scared me a bit at first but I put some work into it and got through, learning a lot while doing it. It"s really good. The lab pm could be better structured though, perhaps completely separate the textbook type questions from the actual encrypting and sending email. I was a bit bothered by the structure but not by the actual questions and tasks. » (Excellent)

13. How was the vulnerability scanning lab?

42 svarande

Poor»15 35%
Fair»8 19%
Adequate»11 26%
Good»6 14%
Excellent»2 4%

Genomsnitt: 2.33

- The server was crashing all the time.» (Poor)
- The concepts are really important but the execution I feel was not nice. Lots of trouble with the openVAS software, and I had trouble getting almost any info out of my first 2 scan reports. I didn"t know if I had done something wrong or if the information just wasn"t there, which makes it hard for me as a beginner since I can"t judge which is the problem. I ended up passing this one too but I felt that I"d spent most of my time trying to figure where in the report certain words were, more than learning about computer security. Also, it"s nice that you provided a template but please provide one in OpenOffice format. I had problems with the docx file and especially the index which was write-protected in some strange way.» (Poor)
- Did not work well at all, the system were way to slow.. » (Poor)
- Could have been good if it had worked as it was meant to I suppose...» (Poor)
- In beforehand, this was the lab I thought would give me the most. This turned out to be wrong. Not only was it very basic, but the lab system was catastrophic. Loading each webpage took literally minutes, and scanning took like 30 minutes. Moreover, the report was huge. I do realize the importance of writing technical reports, but I believe the lab was too small and the report template was to big. This resulted in a lot of redundant information.» (Poor)
- Please divide groups evenly between the targets next time and make sure the is sufficient capacity to handle everyone attending the lab.» (Poor)
- The tool was slow and complicated, and we hardly got any interesting results (which the supervisors seemed to acknowledge). Writing the report was needlessly formal and I did not learn anything new.» (Poor)
- Useless for client users» (Poor)
- The results were inconsistent. Would have been better if we were supposed to find a vulnerability and use it to go inte the system in my honest opinion» (Fair)
- The environment wasn"t set up properly which made the lab annoying. Always so high demands on students, but very often mistakes by teachers. Why is that?! Bad!» (Fair)
- The systems were very slow and often wouldn"t respond. Everyone had problems, which led to quite poor help from the supervisors (since they had to help everyone at once). While I"m sure that the lab in itself was good, I didn"t learn very much, and it all became a nuisance. » (Fair)
- The system was to bad to use.» (Fair)
- During the labtime the system was very slow. And some scanning didn"t give result as stated in lab-pm.» (Adequate)
- The server could have been more powerful so we did not have to waste time waiting. Would have been nice to use backtrack. » (Adequate)
- Except the troubles with theoden it was a good lab.» (Adequate)
- Hard to know what information the report was intended to cover.» (Adequate)
- Large problems with servers going down or being overloaded. It is understandable though but in the future it might be of interest to get a computer assigned to each student instead of letting them choose freely and distribute the passwords before the lab so that those students that feel that they can do it without the aid of the lab supervisors can do it before/after and the lab time can be less overloaded with requests. It would also be of interest to maybe have a bit more advanced exploit (maybe not 100 % fit for a lab but maybe as some extra credit part?) which ended with gaining root access to a computer. Or why not set up a computer with a small local wi-fi and encourage students during the course to try to get into it by applying what they learn, give a recommendation how to remove the exploit used and when the course ends the box should be, hopefully, fairly secure. Downside is it can be a lot of work if students do not take a interest in it but on the other hand, those that do take a interest in it can engorge themselves some more.» (Good)

14. How was the web application security lab?

40 svarande

Poor»1 2%
Fair»0 0%
Adequate»4 10%
Good»19 47%
Excellent»16 40%

Genomsnitt: 4.22

- The SQL injection task was 90% solved already and the XSS task was just a series of "open this", "copy this", "launch that". What is somebody supposed to learn if he/she doesn"t have any background in SQL or JavaScript?» (Poor)
- A nice lab, could be possible to add some more vulnerbilities to try!» (Good)
- It"s very fun» (Good)
- Include more tasks in the lab next year.» (Good)
- A possible improvement would be to use something other than a shared file on the same hard drive for stealing cookies, so that the attack seems more real.» (Good)
- Two way to common security issues. People need to know how they work! Excellent addition! Also really fun.» (Excellent)
- As with all of them, I would prefer a different structure where the textbook type questions are separated from the lab assignment tasks. Apart from that, this was a great lab with a bit of figuring things out and trying to hack the sql things. It could have been longer with some more injections or something, but It"s good as is also. » (Excellent)
- Nice to be on the other side of computer security for once.» (Excellent)
- Very exciting! Perhaps you should extend it though, we were done early» (Excellent)
- Nice with real world examples» (Excellent)
- Really funny!» (Excellent)

15. What was the best about the lab part of the course? What can be improved?

- Hands on experience. Both in a "poke it until you get through" and a more formal way (find what is wrong, rapport on it).»
- It was good that it covered different topics. Lab3 could maybe be looked at.»
- They are interesting and not to difficult»
- Keep the lecturer. He was good at explaining and fun to listen to. Don"t make the lab assignments so time restricted and restricted to lab room if not required. In those cases we have to use a lab computer to do port scanning etc, it"s ok, but when not needed it is just annoying that you have to squeeze in everybody in this room and finish at the same time.»
- The best part was that from knowing nothing I felt that I learned a lot and not just facts, but actually understanding on a basic level why some of those things matter and how easy it is do do it wrong (make it vulnerable). A lot of courses have labs where you can get through the tasks just by doing and trial and error, with zero understanding. You fixed this by adding lots of textbook questions and things that were in-between the lab task and the textbook, forcing me to read up on things and think about them. This is a good thing. »
- I think the tasks of lab can increase, so we can learn more from lab»
- In the GPG lab: Better explanation if the question is about PGP or GnuPG. Maybe add a link to a thorough explanation of these terms (OpenPGP, GnuPG). In the beginning we mixed these terms which only added to the confusion about trust.»
- Would have been nice if the labs could have been done from home, for example exchanging the keys»
- Lab 3 can be improved»
- You know what needs to be improved.»
- Best: the authentication implementation and SQL injection labs. Improve: The OpenVAS lab, it was badly organized.»
- Hands-on experience is critical in order to gain understanding of the subject. Generally good labs! A rewarding lab would be proof-reading code and systems for security flaws - however this is of course impossible to accomplish in practice.»
- What has to be done is kept very clear. Some technicall issues, specially in the vulnerability session where an external service had to be used.»
- SSH»
- It was fun and very informative. Little details we miss out during studying can be learnt in the lab sessions»
- The crypto-part along with the SQL-part. The scanning lab can be done MUCH more fun!»

16. How was the balance between the lecture and the lab parts?

- Personally I would want more labs, same lectures and a project instead of a exam. Making an analysis, setting up policies, explaining why and what system used etc.»
- It was good»
- More lab of course !»
- good»
- I think report writing has too high requirements. There"s no way you have to write those strict reports at work. At least not at Volvo, which I have worked for several years. Academic mumbo jumbo that does not really have any relevance in the real world.»
- I think it was a good balance. »
- Insufficient labs»
- The lab parts can increase»
- It was good »
- Good»
- Good.»
- Good»
- ok»
- Good »
- They where pretty balanced, but in some cases there was no relation between the content given in both.»
- Good»
- good»
- Ok.»

17. To what extent has the course book (Stallings) been of help for your learning?

42 svarande

I did not read it»15 35%
I preferred (...) instead»4 9%
I did not like it»2 4%
I liked it and it helped me to some extent»17 40%
I liked it and it helped me to a large extent»4 9%

Genomsnitt: 2.78

- I don"t buy books in dead-tree format. The Stallings book is available from Amazon Kindle store in the US but they would not sell it to Sweden.» (I did not read it)
- I barely read it. I mostly read the lecture slides.» (I did not read it)
- I preffered reading any online material I could find on every topic covered by the course.» (I preferred (...) instead)
- Comptia security plus by dulaney» (I preferred (...) instead)
- I preferred to use the lecture slides and look in the book if i didn´,t understand.» (I preferred (...) instead)
- I borrowed it from the library and got it 1 week before the exam and did not have time to read all the chapters needed for the course. But it did bring up a lot of good points and was fairly well structured if you followed the reading list posted. However! It is very American. A lot of blurb text to fill out pages at times. It feels it could be cooked down to half the amount of pages and still give a better understanding if done right. Some student should do a compressed version of it in other words.» (I liked it and it helped me to some extent)
- I enjoy reading it and just regret that I didn"t spend more time reading it. » (I liked it and it helped me to some extent)
- Some parts (like security policies) weren"t good. Most parts were good.» (I liked it and it helped me to some extent)

18. Please give feedback on the other course material, i.e. off-prints (OP), downloads (DL) and hand-outs on the web.

38 svarande

Poor»2 5%
Fair»3 7%
Adequate»10 26%
Good»20 52%
Excellent»3 7%

Genomsnitt: 3.5

- Bought the OP but did not use it.» (?)
- I barely read those.» (?)
- The handouts were were unstructured..» (Poor)
- Again, I dislike paper stuff. Make the OP avaliable in pingpong if you want us to read it. The DL:s were great though.» (Poor)
- Didnt really read them, to heavy reading but its interesting to know about» (Adequate)
- Interesting stuff, good to get some knowledge about where to find info about this subject, e.g phrack.org» (Good)
- Those things were ok and I could find them in pingpong. » (Good)
- They were good but hard to navigate and if a lectrue was missed it was hard seing what was mentioned (most important) and what wasn"t.» (Good)
- Nice to read about real security issues today.» (Good)
- Can be organised in a better way.» (Good)
- Loved the extra reading. Great stuff!» (Excellent)
- Nice with some additonal material» (Excellent)

19. How well did the course administration, web page, handouts etc work?

41 svarande

Very badly»0 0%
Rather badly»2 4%
Rather well»25 60%
Very well»14 34%

Genomsnitt: 3.29

- The off-prints should have been mentioned on the web-site.» (Rather badly)
- The signing in for the examinations should be reminded at class by the teacher, that would be usefull specially for new students.» (Rather badly)
- Better with everything on one page.» (Rather well)
- Pingpong website is really good» (Rather well)
- I wish there was only one website and that it would be easier to find the resubmit button to assignments, (never found it)» (Rather well)
- Ok» (Rather well)
- Better to have one page, instead of using your own page AND pinpong.» (Rather well)
- I don"t like ping pong. Try to keep as much info as possible on the course web page. The hyperlinks for the lectures are messed up. When tabbing between lecture links, you"ll see what I mean. Overall good though.» (Rather well)
- There were 2 webpages for the course and was pretty confusing. Can be better organised. » (Rather well)
- Simple web-page. It worked.» (Very well)
Genomsnitt totalt för detta stycke: 3.23

Study climate

20. How were the opportunities for asking questions and getting help?

42 svarande

Very poor»0 0%
Rather poor»0 0%
Rather good»11 26%
Very good»19 45%
I did not seek help»12 28%

Genomsnitt: 4.02

- Some assistants during the lab were not really helpful» (Rather good)
- They are all nice people» (Rather good)
- Always easy to get help if needed.» (Very good)
- During labs very good . » (Very good)

21. How well has cooperation between you and your fellow students worked?

42 svarande

Very poorly»0 0%
Rather poorly»3 7%
Rather well»13 30%
Very well»24 57%
I did not seek cooperation»2 4%

Genomsnitt: 3.59

- Didn"t have too much contact with the other students.» (Rather well)
- My partner did not do that much » (Rather well)
- I worked alone since my lab partner left the course early and I didn"t bother to look for another. It was still manageable and I may have learned more because I had no one else to lean on to.» (I did not seek cooperation)

22. How was the course workload?

42 svarande

Too low»2 4%
Low»1 2%
Adequate»35 83%
High»3 7%
Too high»1 2%

Genomsnitt: 3

- I believe we could have gone deeper into subject and covered more subject. I expected more from this course » (Low)
- Only part that is a bit much is all the memorizing of terms. Which is why I also would want it in a project form instead of a exam.» (Adequate)
- The labs seem harder than they are, so I think it is adequate. I should have been reading and studying more though for the exam. » (Adequate)
- I hate when courses are heavy on the lab part in the end of a course when you want to study for the exam.» (High)

23. How was the total workload this study period?

42 svarande

Too low»0 0%
Low»0 0%
Adequate»24 57%
High»14 33%
Too high»4 9%

Genomsnitt: 3.52

- High because it was during the first half of the BSc project which is very messy in terms of organisation and time management. Nothing to do with this course which was good in every way. » (High)
- 5 courses is, in hindsight, just a tad bit much.» (Too high)

Summarizing questions

24. What is your general impression of the course?

41 svarande

Poor»3 7%
Fair»4 9%
Adequate»5 12%
Good»26 63%
Excellent»3 7%

Genomsnitt: 3.53 (bidrar till totalt genomsnitt/jämförelseindex)

- boring class, would not recommend anyone to take this course.» (Poor)
- Not at all what I expected. Compare to Björn von Sydows Cryptography course, which was awesome from start to finish.» (Poor)
- There was too much organizational stuff and modeling in this course, which I expected to be about application security and writing secure code. I hoped to become really good at identifying and fixing vulnerabilities in programs, but now I felt that I didn"t really learn either part very well because most of the modeling stuff was too shallow. It would be better to split the material into two courses so it"s clear what the student will learn.» (Poor)
- I got a nice impression until the exam which was a big surprise for me» (Fair)
- If you don"t have any prior knowledge of C (or other low level programming language) then you can"t possibly understand what a buffer overflow is just by learning the material from the course. If, however, you"ve programmed in C then you must have done a dozen buffer overflows on your own and you must be fully aware of how to avoid them. If you want to underline vulnerability X in system Y then make sure everybody knows what Y is. If people know how system Y works and you teach them about vulnerability X then these people will be better programmers/users of Y. If they don"t know what system Y is then they"ll just have a vague sense that "buffer overflow is bad" or "SQL injections are bad" and just that. » (Fair)
- Speed it up! The lectures are very slow, which leads to an overall bad impression of the course. » (Fair)
- The technical part was very good, but the policies and management part was really boring and hard to study.» (Adequate)
- Should be a mandatory course for almost anyone that is supposed to implement systems or design them.» (Excellent)
- I really enjoyed it. In terms of how much I learnt vs time spent, one of the best courses I"ve had.» (Excellent)

25. What should definitely be preserved to next year?

- Labs»
- Labs. More labs. LABS!»
- The labs»
- labs»
- Have already answered somewhere above...»
- labs 1,2 and 4. And the teaching assistants. »
- handouts, DL»
- The labs»
- Lab 1 and 4.»
- The labs»
- The labs (excluding the OpenVAS lab).»
- The entire course is good and well organized. So we can keep everything for the fellow students.»
- The web application lab»
- The format of the lectures»
- Labs»
- The lab sessions. The content of the course.»

26. What should definitely be changed to next year?

- Exam. But I trust you have a good reason to why you have it as it is since having it in a project from might not be the easiest transition to make.»
- The exam style»
- lecture slides you put up, make sure it holds all the information from the lecture»
- Ethics shouldn"t be a part of the exam. I understand the need of a lecture on ethics, but ethics has nothing to do with computer security.»
- Why is Ethics part of Computer Security? It doesn"t have any computers in it, just people and belief systems. Add some exercices for how trust propagates in PGP (like the one in the second assignment). Also add exercices for SQL inferenceing. SQL inference exercices would have been really neat as puzzles.»
- Have already answered somewhere above...»
- do something about lab 3 »
- Labs workload»
- Better application on CC and policies»
- Add more advanced material »
- Less buzzwords, more practical stuff.»
- Faster lectures.»
- vulnerability scanning lab»
- Better slides (some are very un-informative, and please don"t do slides with purple background (impossible to properly print)) The OpenVAS lab: it was organized badly (servers mostly didn"t work, some scans didn"t give any answers, ...) The exam: it was too many questions that were too generally asked, please put more precise questions, not questions that require one to summarize a whole chapter. »
- The examination was very bad, the questions are not even related to computer security, it was like a moral science question paper. Clearly it didn"t assess whether we have reached the goals or not.»
- The vulnerability assignment needs a tweak»
- Examination notifications»
- Lecture slides can be organised. »
- I think that on the exam, all the possible points should be divided into all areas from the whole course. For example isn"t 10p on ethics and 10p common criteria ok in my opinion. The course is about computer security, not about ethics and common criteria. Off course these areas should be on the exam, but maybe for 5p each or something and instead focus on more gumptious areas such as different attacks, virus, worms and all that stuff. Kind of messed up text above, but I hope you get what I mean!»

27. Additional comments

- :-)»
- Retarded examquestions. appending complaints here. Why should I try to do interference on a db during exam?? That should have been an assignment instead»
- The lab supervisors can be more helpful instead of just ask questions like if you didn"t know anything. A bit of pedagogic skills and perhaps a charm course.»
- You should keep timeedit updated. It had lectures on fridays for many weeks after there were none and this was confusing. Exam question 130117:1 Is there a time aspect to the problem? I don"t understand this one. »
- Take the comments seriously. My friends warned me when I wanted to take the course, and said that it wasn"t on a very serious level. »
- I didn"t feel like the teacher described the ethics-topic in such an abstract manner as it was presented on the exam. »
Genomsnitt totalt för detta stycke: 3.53

Genomsnitt totalt för alla frågor: 3.39
Beräknat jämförelseindex: 0.59

Kursutvärderingssystem från