Building the Next Generation of Computer Security Professionals. Chris Simpson

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Building the Next Generation of Computer Security Professionals. Chris Simpson"

Transcription

1 Building the Next Generation of Computer Security Professionals Chris Simpson

2 Overview Why teach computer security to high school students Deciding what to teach What I taught Community Support Lessons Learned and Way Ahead

3 How I got involved

4

5

6 Why teach computer security to high schools

7 Job Growth Source: information-security-analysts-web-developers-and-computer-network-architects.htm

8 "The numbers I've seen look like shortages in the 20,000s to 40,000s for years to come." Dark Tangent Source:

9 Limited computer science and computer security learning opportunities in high school

10 We need to help the next generation understand computer security related issues

11 Deciding What to Teach Never taught at the high school level No K-12 Curriculum Listed prerequisites but didn t enforce Diverse student background and experience Decided on Basic and Intermediate Class

12 Basic Class In this course, students will learn the fundamentals of securing computer operating systems. This class is a combination of theory and hands-on application.this course will show how students how operating systems work and actions that can be used to make them more secure. As a part of the class, students will be given weak systems to secure. Students will learn about Windows and UNIX Systems. Once they are done, the systems will come under simulated attack by a Red Team (virtual bad guys) and will need to work to thwart the attack. After participating in this course, the student will understand the fundamentals on how to secure an operating system.

13 Intermediate Class Description In this course, students will build on their knowledge from the first class and learn how to find and fix vulnerabilities and detect intruders. This class is a combination of theory and hands-on application, with more focus on applying hands-on skills. Students will learn how to use vulnerability scanners, scripting tools and will install a network intrusion detection system. After participating in this course, the student will understand the fundamentals on how to secure an operating system. The student will also have secured a system and defended it from attack. The course will conclude with simulated network attacks from a Red Team (virtual bad guys) that students will have to detect and respond to the threat.

14 Class Material

15 Class Setup Mix of lab and lecture plus guest speakers Utilized Virtual Box for most labs National University Virtual Education Lab Built course around Hacker High School material Class library

16 Textbooks (Licensed copy)

17 Basic versus Intermediate Used similar material in both classes with more advanced labs in the Intermediate class

18 Ethics Emphasize importance of using the Internet and security tools responsibly What happens if you break the law Case studies - Nomad Hacker - Randal Schwartz - Scott Moulton

19 Learning to Learn Security Community Be skeptical Learning Tools - Books and magazines - Blogs and social media - Videos - Academic papers (seminal security papers)

20 Intro to Hacking What is a hacker Hacker profiles Jeff Moss Johnny Long HD Moore General Keith Alexander Fyodor

21 Intro to Operating Processes Accounts Passwords Root Registry Logging Patching Systems

22 Intro to Networking Warriors of the Net Basic networking gear Network stack Encapsulation

23 What Attackers Do Attacker mindset Terms - Rootkits - Malware - Phishing

24 Forensics and Incident Response How a hard drive works Principles of Forensics

25 Linux Basic Command line - find, grep, pipes etc Scripting - Why use scripts - Basic bash script

26 Vulnerability Scanners How they work Vulnerability standards NVDB, CVE Difference between a vulnerability assessment and pentest

27 Pentest Tools NMAP Metasploit Responsible use

28 Cryptography History Caesar Cipher Vigenere Cipher Symmetric and Asymmetric Encryption NSA website

29 Security Certs and Careers Covered common security certs (ISC2, ISACA, OCSP, CEH etc) Highlighted career opportunities in the security field Discussed working environment

30 Checking knowledge retention with jokes... The best thing about packet delivery jokes is that they are best effort. In high society, TCP is more welcome than UDP. At least it knows a proper handshake. Whenever you tell a localhost joke, you're talking to yourself

31 Hands on Labs Finding stuff on the Internet Find answers OS Specific Research malware

32 Linux Labs Log onto Ubuntu Open terminal Commands ls, mv, ping etc

33 Make directory List ip addrsss Command line - copy - print - tracert - ipconfig Windows Labs

34 Honeypot Demo Showed how quickly systems can be compromised Dionaea - Caught over 100 pieces of malware in 4 days - Mostly Nimda and other common worms

35 Vulnerable Website Generic website listening on ssh and port 80 Ran TCPDUMP Downloaded and analyzed traffic SSH bruteforce attacks from Germany Note to self: Turnoff tcpdump when downloading pcap files

36 Community Support

37 Guest Speakers Scott Kennedy - Career planning and Crypto Stephen Cobb - ESET Security Evangelist - Malware San Diego Super Computer Center CSO FBI Agent

38 National University Virtual Education Lab (VEL) Four Teams Vulnerable VM s to defend XP, W2K3 and Ubuntu Grad Student Red Team located in Georgia Interactive Debrief

39

40 Vendor Tools Qualys Vulnerability Scanner

41 Pentest Lab BackTrack 5 NMAP Metasploit and Armitage Virtual Box and Vulnerable XP VM

42 Communication with Parents Pre and Post class Highlighted course material Discussed responsible use of computers and security tools

43 Lessons Learned Need 2-3 Interns to support labs More hands on labs Don t let students read Facebook etc during class Use Linux Textbook and have a 1-2 day Linux bootcamp Make sure students understand the material

44 Way Ahead Try again this Summer One or two day Linux immersion Create pre-class tutorial Build a website to share curriculum plans, lessons and other learning material Less talk more hands on Build more detailed labs Add a competition

45 How you can help build the next generation of computer security professionals

46 Mentor a High School Cyber Defense Team

47 Share Your Knowledge Volunteer at local school Share learning materials - Note: Sharing does not include sending me malicious links and files!

48 Support Hackers For Charity

49 More Info Presentation and links: Course Website:

Virtual Learning Tools in Cyber Security Education

Virtual Learning Tools in Cyber Security Education Virtual Learning Tools in Cyber Security Education Dr. Sherly Abraham Faculty Program Director IT and Cybersecurity Dr. Lifang Shih Associate Dean School of Business & Technology, Excelsior College Overview

More information

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) Author: Avinash Singh Avinash Singh is a Technical Evangelist currently worksing at Appin Technology Lab, Noida. Educational Qualification: B.Tech from Punjab Technical

More information

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

If you know the enemy and know yourself, you need not fear the result of a hundred battles. Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group ruiper@wavefrontcg.com 1 (604) 961-0701 If you know the enemy and know yourself, you

More information

Cyber Exercises, Small and Large

Cyber Exercises, Small and Large First International Conference on Cyber Crisis Cooperation: Cyber Exercises 27 June 2012 Cyber Exercises, Small and Large Commander Mike Bilzor Computer Science Department U.S. Naval Academy Annpolis,

More information

EECS 354 Network Security. Introduction

EECS 354 Network Security. Introduction EECS 354 Network Security Introduction Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how to think like an attacker Defense then becomes second-nature

More information

THE SAN DIEGO MAYORS CYBER CUP (SDMCC) ORIENTATION 10 NOVEMBER 2015

THE SAN DIEGO MAYORS CYBER CUP (SDMCC) ORIENTATION 10 NOVEMBER 2015 THE SAN DIEGO MAYORS CYBER CUP (SDMCC) ORIENTATION 10 NOVEMBER 2015 AGENDA Welcome & Introductions Overview/key dates Team Registration Overview of CyberNEXS Key changes Rules & Scoring Registering the

More information

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)

More information

Certified Ethical Hacker (CEH)

Certified Ethical Hacker (CEH) Certified Ethical Hacker (CEH) Course Number: CEH Length: 5 Day(s) Certification Exam This course will help you prepare for the following exams: Exam 312 50: Certified Ethical Hacker Course Overview The

More information

Description: Objective: Attending students will learn:

Description: Objective: Attending students will learn: Course: Introduction to Cyber Security Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: In 2014 the world has continued to watch as breach after breach results in millions of

More information

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)

More information

CRYPTUS DIPLOMA IN IT SECURITY

CRYPTUS DIPLOMA IN IT SECURITY CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information

More information

ASK PC Certified Information Systems Security Expert - CISSE

ASK PC Certified Information Systems Security Expert - CISSE Course Description As part of our mission to spread the awareness of IT security in the Middle East, we understand that an Arabic course will be valuable for native speakers. This is a comprehensive course

More information

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.

More information

VESZPROG ANTI-MALWARE TEST BATTERY

VESZPROG ANTI-MALWARE TEST BATTERY VESZPROG ANTI-MALWARE TEST BATTERY 2012 The number of threats increased in large measure in the last few years. A set of unique anti-malware testing procedures have been developed under the aegis of CheckVir

More information

SCP - Strategic Infrastructure Security

SCP - Strategic Infrastructure Security SCP - Strategic Infrastructure Security Lesson 1 - Cryptogaphy and Data Security Cryptogaphy and Data Security History of Cryptography The number lock analogy Cryptography Terminology Caesar and Character

More information

EC-Council. Certified Ethical Hacker. Program Brochure

EC-Council. Certified Ethical Hacker. Program Brochure EC-Council C Certified E Ethical Hacker Program Brochure Course Description The (CEH) program is the core of the most desired information security training system any information security professional

More information

IDS and Penetration Testing Lab ISA656 (Attacker)

IDS and Penetration Testing Lab ISA656 (Attacker) IDS and Penetration Testing Lab ISA656 (Attacker) Ethics Statement Network Security Student Certification and Agreement I,, hereby certify that I read the following: University Policy Number 1301: Responsible

More information

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder. CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files

More information

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses

More information

Cybersecurity Foundations

Cybersecurity Foundations Cybersecurity Foundations Course Number: 13198 Category: Technical Applications Duration: 5 Days Overview When you consider just a few of the consequences of a security breach - your proprietary information

More information

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access The World s Premier Online Practical Network Defense course PND at a glance: Self-paced, online, flexible access 1500+ interactive slides (PDF, HTML5 and Flash) 7+ hours of video material 10 virtual labs

More information

ITT Technical Institute. IS4560 Hacking and Countermeasures Onsite Course SYLLABUS

ITT Technical Institute. IS4560 Hacking and Countermeasures Onsite Course SYLLABUS ITT Technical Institute IS4560 Hacking and Countermeasures Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory Hours, 30 Lab Hours) Prerequisite(s) and/or Corequisite(s):

More information

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning

More information

CYBERTRON NETWORK SOLUTIONS

CYBERTRON NETWORK SOLUTIONS CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified

More information

Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100

Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology

More information

Security + Certification (ITSY 1076) Syllabus

Security + Certification (ITSY 1076) Syllabus Security + Certification (ITSY 1076) Syllabus Course: ITSY 1076 Security+ 40 hours Course Description: This course is targeted toward an Information Technology (IT) professional who has networking and

More information

NCS 430 Penetration Testing Lab #2 Tuesday, February 10, 2015 John Salamy

NCS 430 Penetration Testing Lab #2 Tuesday, February 10, 2015 John Salamy 1 NCS 430 Penetration Testing Lab #2 Tuesday, February 10, 2015 John Salamy 2 Item I. (What were you asked to do?) Complete Metasploit: Quick Test on page 88-108 of the Penetration Testing book. Complete

More information

167 th Air Wing Fast Track Cyber Program Blue Ridge Community and Technical College

167 th Air Wing Fast Track Cyber Program Blue Ridge Community and Technical College 167 th Air Wing Fast Track Cyber Program Blue Ridge Community and Technical College Information Security Certificate: Designed to introduce students to programming, security basics, network monitoring,

More information

EECS 588: Computer and Network Security. Introduction January 14, 2014

EECS 588: Computer and Network Security. Introduction January 14, 2014 EECS 588: Computer and Network Security Introduction January 14, 2014 Today s Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components of your grade

More information

How to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01

How to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01 How to build and use a Honeypot By Ralph Edward Sutton, Jr DTEC 6873 Section 01 Abstract Everybody has gotten hacked one way or another when dealing with computers. When I ran across the idea of a honeypot

More information

2016 TÜBİTAK BİLGEM Cyber Security Institute

2016 TÜBİTAK BİLGEM Cyber Security Institute 2016 Revision 5.0 2016 TÜBİTAK BİLGEM Cyber Security Institute 1 ... 3 1. Information Security Awareness for End Users... 4 2. Information Security Awareness for Managers... 5 3. Social Engineering: Attack

More information

Build Your Own Security Lab

Build Your Own Security Lab Build Your Own Security Lab A Field Guide for Network Testing Michael Gregg WILEY Wiley Publishing, Inc. Contents Acknowledgments Introduction XXI xxiii Chapter 1 Hardware and Gear Why Build a Lab? Hackers

More information

Cybernetic Proving Ground

Cybernetic Proving Ground Cybernetic Proving Ground Penetration Testing Scenario Jakub Čegan, Martin Vizváry, Michal Procházka cegan@ics.muni.cz Institute of Computer Science, Masaryk University About The Scenario "In this game

More information

INFORMATION SECURITY TRAINING CATALOG (2015)

INFORMATION SECURITY TRAINING CATALOG (2015) INFORMATICS AND INFORMATION SECURITY RESEARCH CENTER CYBER SECURITY INSTITUTE INFORMATION SECURITY TRAINING CATALOG (2015) Revision 3.0 2015 TÜBİTAK BİLGEM SGE Siber Güvenlik Enstitüsü P.K. 74, Gebze,

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

INFORMATION SECURITY TRAINING CATALOG (2016)

INFORMATION SECURITY TRAINING CATALOG (2016) INFORMATICS AND INFORMATION SECURITY RESEARCH CENTER CYBER SECURITY INSTITUTE INFORMATION SECURITY TRAINING CATALOG (2016) Revision 4.0 2015 TÜBİTAK BİLGEM SGE Siber Güvenlik Enstitüsü P.K. 74, Gebze,

More information

Information Security. Training

Information Security. Training Information Security Training Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin

More information

Firewalls and Software Updates

Firewalls and Software Updates Firewalls and Software Updates License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. Contents General

More information

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led Course Description This class will immerse the student into an interactive environment where they will

More information

Understanding and Defending Against the Modern DDoS Threat

Understanding and Defending Against the Modern DDoS Threat Understanding and Defending Against the Modern DDoS Threat SESSION ID: CLE-T09 Stephen Gates Chief Security Evangelist Corero Network Security @StephenJGates Understand you re vulnerable! How well are

More information

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting Chapter 1 1. Introducing Penetration Testing 1.1 What is penetration testing 1.2 Different types of test 1.2.1 External Tests

More information

Vulnerability analysis

Vulnerability analysis Vulnerability analysis License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. Contents License Contents

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

e-code Academy Information Security Diploma Training Discerption

e-code Academy Information Security Diploma Training Discerption e-code Academy Information Security Diploma Training 2015 I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. OBJECTIVE... 3 LIST OF POSTGRADUATE COURSES... 3 FIRST SEMESTER

More information

Introduction to Network Security Lab 2 - NMap

Introduction to Network Security Lab 2 - NMap Introduction to Network Security Lab 2 - NMap 1 Introduction: Nmap as an Offensive Network Security Tool Nmap, short for Network Mapper, is a very versatile security tool that should be included in every

More information

167 th Air Wing Fast Track Cyber Security Blue Ridge Community and Technical College

167 th Air Wing Fast Track Cyber Security Blue Ridge Community and Technical College 167 th Air Wing Fast Track Cyber Security Blue Ridge Community and Technical College Information Security Certificate: Designed to introduce students to programming, security basics, network monitoring,

More information

NETWORK SECURITY (W/LAB) Course Syllabus

NETWORK SECURITY (W/LAB) Course Syllabus 6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information

More information

CSSIA CompTIA Security+ Domain. Network Security. Network Security. Network Security. Network Security. Network Security

CSSIA CompTIA Security+ Domain. Network Security. Network Security. Network Security. Network Security. Network Security Security+ Supported Labs - V1 Lab 1 Network Devices and Technologies - Capturing Network Using tcpdump to Capture Network with Wireshark with Network Miner 2 Secure Network Administration Principles -

More information

information security and its Describe what drives the need for information security.

information security and its Describe what drives the need for information security. Computer Information Systems (Forensics Classes) Objectives for Course Challenges CIS 200 Intro to Info Security: Includes managerial and Describe information security and its critical role in business.

More information

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours Ethical Hacking and Information Security Duration Detailed Module Foundation of Information Security Lecture with Hands On Session: 90 Hours Elements of Information Security Introduction As technology

More information

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2) Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2) Course number: CFED Length: 5 days Certification Exam This course will help you prepare for the following exams: CCE --

More information

Computer Networks & Computer Security

Computer Networks & Computer Security Computer Networks & Computer Security Software Engineering 4C03 Project Report Hackers: Detection and Prevention Prof.: Dr. Kartik Krishnan Due Date: March 29 th, 2004 Modified: April 7 th, 2004 Std Name:

More information

Chapter 1 The Principles of Auditing 1

Chapter 1 The Principles of Auditing 1 Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls

More information

Ursuline College Accelerated Program URSULINE COLLEGE

Ursuline College Accelerated Program URSULINE COLLEGE Ursuline College Accelerated Program CRITICAL INFORMATION! DO NOT SKIP THIS LINK BELOW... BEFORE PROCEEDING TO READ THE UCAP MODULE, YOU ARE EXPECTED TO READ AND ADHERE TO ALL UCAP POLICY INFORMATION CONTAINED

More information

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty EMERGING THREATS & STRATEGIES FOR DEFENSE Stephen Coty Chief Security Evangelist @StephenCoty Industry Analysis 2014 Data Breaches - Ponemon Ponemon 2014 Data Breach Report *Statistics from 2013 Verizon

More information

Cyber Hygiene for Physical Security

Cyber Hygiene for Physical Security Cyber Hygiene for Physical Security David Brent: david.brent@us.bosch.com Darnell Washington: dwashington@securexperts.com 1 Objectives Fundamentals of Penetration Testing : Video Perspective Reality and

More information

Networks and Security Lab. Network Forensics

Networks and Security Lab. Network Forensics Networks and Security Lab Network Forensics Network Forensics - continued We start off from the previous week s exercises and analyze each trace file in detail. Tools needed: Wireshark and your favorite

More information

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS 1 LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS Te-Shun Chou and Tijjani Mohammed Department of Technology Systems East Carolina University chout@ecu.edu Abstract

More information

EC Council Certified Ethical Hacker V8

EC Council Certified Ethical Hacker V8 Course Code: ECCEH8 Vendor: Cyber Course Overview Duration: 5 RRP: 2,445 EC Council Certified Ethical Hacker V8 Overview This class will immerse the delegates into an interactive environment where they

More information

Ethical Hacking Course Layout

Ethical Hacking Course Layout Ethical Hacking Course Layout Introduction to Ethical Hacking o What is Information Security? o Problems faced by the Corporate World o Why Corporate needs Information Security? Who is a Hacker? o Type

More information

Hackers: Detection and Prevention

Hackers: Detection and Prevention Computer Networks & Computer Security SE 4C03 Project Report Hackers: Detection and Prevention Due Date: March 29 th, 2005 Modified: March 28 th, 2005 Student Name: Arnold Sebastian Professor: Dr. Kartik

More information

Network Incident Report

Network Incident Report To submit copies of this form via facsimile, please FAX to 202-406-9233. Network Incident Report United States Secret Service Financial Crimes Division Electronic Crimes Branch Telephone: 202-406-5850

More information

CYBER SECURITY TRAINING SAFE AND SECURE

CYBER SECURITY TRAINING SAFE AND SECURE CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need

More information

Open Source Security Tools for Information Technology Professionals

Open Source Security Tools for Information Technology Professionals Open Source Security Tools for Information Technology Professionals CUNY SPS Course Syllabus Aron Trauring May 23, 2005 (rev October 21, 2005) Course Description Information security is a top priority

More information

SI110 Introduction to Cyber Security Technical Foundations. Fall AY2012 Twelve Week Exam

SI110 Introduction to Cyber Security Technical Foundations. Fall AY2012 Twelve Week Exam SI110 Introduction to Cyber Security Technical Foundations Fall AY2012 Twelve Week Exam Individual work. Closed book. Closed notes. You may not use any electronic device. Your answers must be legible to

More information

Lab Objectives & Turn In

Lab Objectives & Turn In Firewall Lab This lab will apply several theories discussed throughout the networking series. The routing, installing/configuring DHCP, and setting up the services is already done. All that is left for

More information

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES SECURITY

More information

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

ITEC441- IS Security. Chapter 15 Performing a Penetration Test 1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and

More information

Author: Sumedt Jitpukdebodin. Organization: ACIS i-secure. Email ID: materaj@gmail.com. My Blog: http://r00tsec.blogspot.com

Author: Sumedt Jitpukdebodin. Organization: ACIS i-secure. Email ID: materaj@gmail.com. My Blog: http://r00tsec.blogspot.com Author: Sumedt Jitpukdebodin Organization: ACIS i-secure Email ID: materaj@gmail.com My Blog: http://r00tsec.blogspot.com Penetration Testing Linux with brute force Tool. Sometimes I have the job to penetration

More information

CIS 4204 Ethical Hacking Fall, 2014

CIS 4204 Ethical Hacking Fall, 2014 CIS 4204 Ethical Hacking Fall, 2014 Course Abstract: The purpose of this course is to provide a basic understanding of computing, networking, programming concepts, and exploitation techniques, as they

More information

Computer and Network Security

Computer and Network Security EECS 588 Computer and Network Security Introduction January 12, 2016 Alex Halderman Today s Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components

More information

NETWORK SECURITY WITH OPENSOURCE FIREWALL

NETWORK SECURITY WITH OPENSOURCE FIREWALL NETWORK SECURITY WITH OPENSOURCE FIREWALL Vivek Kathayat,Dr Laxmi Ahuja AIIT Amity University,Noida vivekkathayat@gmail.com lahuja@amity.edu ATTACKER SYSTEM: Backtrack 5r3( 192.168.75.10 ) HOST: Backtrack

More information

EECS 588: Computer and Network Security. Introduction

EECS 588: Computer and Network Security. Introduction EECS 588: Computer and Network Security Introduction January 13, 2014 Today s Cass Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components of your grade

More information

Why do I need a pen test lab? Requirements. Virtual Machine Downloads

Why do I need a pen test lab? Requirements. Virtual Machine Downloads Why do I need a pen test lab? Hacking and or scanning machines without consent is against the law in most countries To become an effective penetration tester or ethical hacker you need to practice to enhance

More information

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006 IBM TRAINING A43 Modern Hacking Techniques and IP Security By Shawn Mullen Las Vegas, NV 2005 CSI/FBI US Computer Crime and Computer Security Survey 9 out of 10 experienced computer security incident in

More information

FORBIDDEN - Ethical Hacking Workshop Duration

FORBIDDEN - Ethical Hacking Workshop Duration Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once

More information

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00 Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak Capture Link Server V1.00 Version 1.0 Eastman Kodak Company, Health Imaging Group Page 1 Table of Contents

More information

Vulnerability Assessment and Penetration Testing

Vulnerability Assessment and Penetration Testing Vulnerability Assessment and Penetration Testing Presenters: Bruce Upton CISSP, CISA, C EH bruce.upton@protectmybank.com Jerry McClurg CISSP, CISA, C EH jerry.mcclurg@protectmybank.com Agenda and Overview:

More information

Cyber Defense Operations Graduate Certificate

Cyber Defense Operations Graduate Certificate The SANS Technology Institute makes shorter groups of courses available to students who are unable to commit to a full master s degree program. These certificate programs will augment your skills, provide

More information

Metasploit The Elixir of Network Security

Metasploit The Elixir of Network Security Metasploit The Elixir of Network Security Harish Chowdhary Software Quality Engineer, Aricent Technologies Shubham Mittal Penetration Testing Engineer, Iviz Security And Your Situation Would Be Main Goal

More information

158.738. Implementation & Management of Systems Security. Amavax Project. Ethical Hacking Challenge. Group Project By

158.738. Implementation & Management of Systems Security. Amavax Project. Ethical Hacking Challenge. Group Project By 158.738 Implementation & Management of Systems Security Amavax Project Ethical Hacking Challenge Group Project By Nawed Rajeh Mansour Kavin Khan Al Gamdi Al Harthi Palanavel The Amavax project required

More information

Host/Platform Security. Module 11

Host/Platform Security. Module 11 Host/Platform Security Module 11 Why is Host/Platform Security Necessary? Firewalls are not enough All access paths to host may not be firewall protected Permitted traffic may be malicious Outbound traffic

More information

FedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

FedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov FedVTE Training Catalog SUMMER 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please

More information

Description: Course Details:

Description: Course Details: Course: Malicious Network Traffic Analysis Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: There are a tremendous amount of network based attacks to be aware of on the internet

More information

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Professional Penetration Testing Techniques and Vulnerability Assessment ... Course Introduction Today Hackers are everywhere, if your corporate system connects to internet that means your system might be facing with hacker. This five days course Professional Vulnerability Assessment

More information

IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection

IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection Description Lab flow At the end of this lab, you should be able to Discover how to harness the power and capabilities

More information

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation

More information

Someone s sitting in the shade today because someone planted a tree a long time ago. Warren Buffett. Ed Skoudis Mike Qaissaunee.

Someone s sitting in the shade today because someone planted a tree a long time ago. Warren Buffett. Ed Skoudis Mike Qaissaunee. New Jersey Cyber Aces Academy at Brookdale: A Collaborative Public/Private Model to Secure the Nation A project funded through NSF SFS Grant DUE#1331170 Ed Skoudis Mike Qaissaunee April 30, 2014 Someone

More information

Penetration Testing Workshop

Penetration Testing Workshop Penetration Testing Workshop Who are we? Carter Poe Nathan Ritchey Mahdi Shapouri Fred Araujo Outline Ethical hacking What is penetration testing? Planning Reconnaissance Footprinting Network Endpoint

More information

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap. Port Scanning Objectives 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap. Introduction: All machines connected to a LAN or connected to Internet via a modem

More information

Network Security: Introduction

Network Security: Introduction Network Security: Introduction 1. Network security models 2. Vulnerabilities, threats and attacks 3. Basic types of attacks 4. Managing network security 1. Network security models Security Security has

More information

Penetration Testing Walkthrough

Penetration Testing Walkthrough Penetration Testing Walkthrough Table of Contents Penetration Testing Walkthrough... 3 Practical Walkthrough of Phases 2-5... 4 Chose Tool BackTrack (Armitage)... 5 Choose Target... 6 Phase 2 - Basic Scan...

More information

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) : Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh Written Exam in Network Security ANSWERS May 28, 2009. Allowed aid: Writing material. Name (in block letters)

More information

EC-Council Certified Security Analyst (ECSA)

EC-Council Certified Security Analyst (ECSA) EC-Council Certified Security Analyst (ECSA) v8 Eğitim Tipi ve Süresi: 5 Days VILT 5 Day VILT EC-Council Certified Security Analyst (ECSA) v8 Learn penetration testing methodologies while preparing for

More information

Interdisciplinary Program in Information Security and Assurance. By Kossi Edoh NC A&T State University Greensboro

Interdisciplinary Program in Information Security and Assurance. By Kossi Edoh NC A&T State University Greensboro Interdisciplinary Program in Information Security and Assurance By Kossi Edoh NC A&T State University Greensboro Information Assurance The protection of electronic information and infrastructures that

More information

1 Scope of Assessment

1 Scope of Assessment CIT 380 Project Network Security Assessment Due: April 30, 2014 This project is a security assessment of a small group of systems. In this assessment, students will apply security tools and resources learned

More information

Vulnerability handling DK-CERT

Vulnerability handling DK-CERT Vulnerability handling DK-CERT TF-CSIRT, Heraklion, 21. May 2010 Shehzad Ahmad, DK-CERT Email: shehzad.ahmad@uni-c.dk Agenda Introduction of DK-CERT Background, today and the future DK-CERT Services Vulnerability

More information

Introduction to Operating Systems

Introduction to Operating Systems Introduction to Operating Systems It is important that you familiarize yourself with Windows and Linux in preparation for this course. The exercises in this book assume a basic knowledge of both of these

More information

Network Security and Firewall 1

Network Security and Firewall 1 Department/program: Networking Course Code: CPT 224 Contact Hours: 96 Subject/Course WEB Access & Network Security: Theoretical: 2 Hours/week Year Two Semester: Two Prerequisite: NET304 Practical: 4 Hours/week

More information

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0 EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single

More information