ITT Technical Institute. IS4560 Hacking and Countermeasures Onsite Course SYLLABUS

Similar documents
If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Build Your Own Security Lab

ITS425: Ethical Hacking and Penetration Testing

ITS425: Ethical Hacking and Penetration Testing

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp

Building the Next Generation of Computer Security Professionals. Chris Simpson

Footprinting and Reconnaissance Tools

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Virtual Learning Tools in Cyber Security Education

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

ITSY Security Assessment/Auditing Spring 2010 Professor: Zoltan Szabo D111 LEC TR 11:20AM 12:45PM D111 LAB TR 12:50PM 02:15PM

Implementing Cisco IOS Network Security

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

IDS and Penetration Testing Lab ISA656 (Attacker)

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

EC Council Certified Ethical Hacker V8

Chapter 1 The Principles of Auditing 1

Certified Ethical Hacker Exam Version Comparison. Version Comparison

IINS Implementing Cisco Network Security 3.0 (IINS)

information security and its Describe what drives the need for information security.

IT Networking and Security

Information Technology Career Cluster Advanced Cybersecurity Course Number:

EC-Council Certified Security Analyst (ECSA)

Certified Ethical Hacker (CEH)

CRYPTUS DIPLOMA IN IT SECURITY

INFORMATION SECURITY TRAINING CATALOG (2015)

INTRUSION DETECTION SYSTEM

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Cyber Exercises, Small and Large

Cisco Advanced Services for Network Security

Information Security. Training

June 2014 WMLUG Meeting Kali Linux

Desktop Security. Overview and Technology Guidance. Michael Ramsey Network Specialist, NC DPI

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Course Title: Penetration Testing: Security Analysis

IDS and Penetration Testing Lab ISA 674

InfoSec Academy Pen Testing & Hacking Track

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

ANTI-HACKER TOOL KIT. ourth Edition

NSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs

Understanding Security Testing

CompTIA Security+ (Exam SY0-410)

CDS and Clearing Limited Thapathali, Kathmandu 7 th Level (Technical) Syllabus

e-code Academy Information Security Diploma Training Discerption

Unit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Fundamentals of Network Security - Theory and Practice-

TABLE OF CONTENTS NETWORK SECURITY 2...1

ASK PC Certified Information Systems Security Expert - CISSE

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Penetration Testing LAB Setup Guide

IT Networking and Security

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

Penetration Testing Workshop

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

SECURITY. Risk & Compliance Services

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

5 Steps to Advanced Threat Protection

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Building A Secure Microsoft Exchange Continuity Appliance

CYBERTRON NETWORK SOLUTIONS

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Minnesota State Community and Technical College Detroit Lakes Campus

Networking: EC Council Network Security Administrator NSA

NETWORK SECURITY (W/LAB) Course Syllabus

Introduction. Course Description

Security + Certification (ITSY 1076) Syllabus

Computer Network Engineering

Microsoft Technologies

Endpoint protection for physical and virtual desktops

Information Security Services

Syllabus: IST451. Division of Business and Engineering. Penn State Altoona

VMware: Advanced Security

24/7 Visibility into Advanced Malware on Networks and Endpoints

Secure Software Programming and Vulnerability Analysis

Advanced Network & Systems Security

CYBER DEFENSE COMPETITION: A TALE OF TWO TEAMS *

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

CS Ethical Hacking Spring 2016

How To Pass A Credit Course At Florida State College At Jacksonville

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

Transcription:

ITT Technical Institute IS4560 Hacking and Countermeasures Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory Hours, 30 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: NT580 Introduction to Information Security or equivalent Course Description: This course explores hacking techniques and countermeasures. Topics include network systems penetration tools and techniques for identifying vulnerabilities and security holes in operating systems and software applications. Students will practice ethical hacking procedures to attempt unauthorized access to target systems and data, and incident handling procedures in the case of an information security compromise.

Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS4799 ISC Capstone Project IS4670 Cybercrime Forensics IS4680 Security Auditing for Compliance IS4560 Hacking and Countermeasures IS4550 Security Policies and Implementation IS3445 Security for Web Applications and Social Networking IS3350 Security Issues in Legal Context IS330 Access Security IS3340 Windows Security IS3440 Linux Security IS30 Risk Management in Information Technology IS30 Network Communications Infrastructure IS30 IT Infrastructure Security PM30 Introduction to Project Management NT580 Introduction to Information Security NT799 NSA Capstone Project NT430 Linux Networking NT640 IP Networking MS30 Statistics SS350 Research Methods EN30 Written Analysis SP3450 Social Psychlogy HU4640 Ethics SC4730 Environmental Science EN30 Composition I EN40 Composition II MA0 College Mathematics I Information Security Courses Prerequisites from Lower- Division General Education/ General Studies Date: /0/0

Course Summary Major Instructional Areas. Evolution of computer hacking. The role of information security professionals 3. Hacking tools and techniques 4. Vulnerabilities exploited by hackers 5. Incident response 6. Defensive technologies Course Objectives. Explain the history and current state of hacking and penetration testing, including ethical and legal implications.. Describe cryptology. 3. Identify common information gathering tools and techniques. 4. Analyze system vulnerabilities exploited by hackers. 5. Perform web and database attacks. 6. Remove trojans, backdoors, and malware from infected systems. 7. Perform network traffic analysis and sniffing by using appropriate tools. 8. Analyze wireless network vulnerabilities exploited by hackers. 9. Perform incident handling by using appropriate methods. 0. Compare and contrast defensive technologies. Date: /0/0

Learning Materials and References Required Resources Textbook Package New to this Course Carried over from Previous Course(s) Required for Subsequent Course(s) Oriyano, Sean-Philip and Michael Gregg. Handling. st ed. Sudbury, MA: Jones & Bartlett, 00. Printed IS4560 Student Lab Manual ISS Mock IT Infrastructure () Cisco Core Backbone Network consisting of Cisco 8 routers, 950/960 catalyst switches, ASA 5505s for classroom hands-on labs that require a live, IP network. (For onsite only) ISS Mock IT Infrastructure () VM Server Farm ( Microsoft Windows Servers and Ubuntu Linux Servers) for classroom hands-on VM labs. (For both onsite and online) ISS Mock IT Infrastructure () VM Workstation (Microsoft Windows XP003 Professional Workstation with Core ISS Apps and Tools) for classroom hands-on VM labs. (For both onsite and online) () The following presents the core ISS Cisco core backbone network components needed for some of the hands-on labs for onsite delivery only. (Note: video labs will be used for online delivery): Cisco 8 Routers Cisco 950/960 Catalyst Switches Cisco ASA 5505 Security Appliances Simulated WAN Infrastructure EGP using BGP4 or IGP using EIGRP Layer Switching with VLAN Configurations Telnet and SSH version for Remote Access Inside and Outside VLANs DMZ VLAN 3 Date: /0/0

Hacking and Countermeasures Figure ISS Cisco Core Backbone Network () The following lists the core ISS VM server farm and VM workstation OS, applications, and tools required for this course for both onsite and online course deliveries: External Hard Drive Virtual Machines Virtual Server Domain Controller DHCPWindows0 7.30.0.0/4 DFG: 7.30.0. Virtual Server Standalone Server TargetWindows0 DHCP DFG: 7.30.0. Virtual Server Standalone Server TargetUBUNTU0 DHCP DFG: 7.30.0. Virtual Server Standalone Server TargetUBUNTU0 DHCP DFG: 7.30.0. Virtual Workstationr Workstation STUDENT DHCP Virtual Workstationr Workstation INSTRUCTOR DHCP OS:Wk3 STD 3bit CPU 5 MB RAM OS=0G + Active Directory DNS,IIS DHCP: SCOPE: 7.30.0.55-99 OS:Wk3 STD 3bit CPU 5 MB RAM OS=0G FTP TFTP POP3 IIS Application Svcs OS: Ubuntu 0.04 LTS CPU 5 MB RAM OS=0G + IPTables DVWA Apache SSH OS: Ubuntu 9.0 CPU 5 MB RAM OS=0G + GUFW Client Tools OS: WindowsXP Professional CPU 5 MB RAM OS=0G + Wireshark Netwitness NMAP Nessus OS: WindowsXP Professional CPU 5 MB RAM OS=0G + Wireshark Netwitness NMAP Nessus Figure ISS Core VM Server Farm & VM Workstations 4 Date: /0/0

Note #: ISS onsite students can obtain their removable hard drive directly from their ITT campus. ISS online students will be required to download the core ISS VM server farm and VM workstations directly to their personal computer for installation. The ITT Onsite or Online Instructor will provide students with the specific instructions and procedures for how to obtain the core ISS VM server farm and workstation image files during the first week of class. (3) The following lists the new VMs, applications, and tools required to perform the hands-on labs for this course for both onsite and online deliveries:. New VM for server farm: VulnerableXP0. This VM is a vulnerable Microsoft Windows 003 Standard Edition Server used for performing attacks.. New VM for server farm: Backtrack0. A Backtrack 4 Ubuntu Server pre-loaded with the following applications and tools: a. Metasploit with required plug-ins b. Kismet c. Aircrack-ng d. Airsnort e. Snort f. MySQL g. BASE 3. New VM that Replaces the Old TargetUbuntu0 VM on the VM server farm. An Ubuntu Server 0.4 VM pre-loaded with the following applications and tools: a. Damn Vulnerable Web App (DVWA) b. ClamAV Installed c. Rootkit Hunter: http://www.rootkit.nl/projects/rootkit_hunter.html d. Chrootkit: http://www.chkrootkit.org/ e. Appropriate rootkit tools can be found at: http://www.packetstormsecurity.org/unix/penetration/rootkits/indexdate.html f. Infected with EICAR g. tcpdump h. Common Linux tools such as strings, sed and grep 5 Date: /0/0

4. Tools Directory: A directory called "tools" which contains the binary installation files for each tool covered in the course, including: a. Infected with EICAR b. ClamAV Installed c. Rootkit Hunter: http://www.rootkit.nl/projects/rootkit_hunter.html d. Chrootkit: http://www.chkrootkit.org/ e. Appropriate rootkit tools can be found at: http://www.packetstormsecurity.org/unix/penetration/rootkits/indexdate.html f. Wireshark g. Netwitness Investigator h. FileZilla FTP client/server i. Putty SSH client j. Nessus Nessus is a Registered Trademark of Tenable Network Security, Inc. 6 Date: /0/0

k. Zenmap l. MD5sum m. SHAsum n. GnuPG (Gnu Privacy Guard) o. OpenSSL p. VMware Player Note #: Installation instructions for installing these new VMs, applications and tools will be provided by the ISS onsite or online Instructor during day / week of the course. Recommended Resources Books, Professional Journals Please use the following author s names, book/article titles and/or keywords to search in the ITT Tech Virtual Library for supplementary information to augment your learning in this subject: Books Books4X7 CRCnetBASE Periodicals ProQuest EbscoHost Reference School of Information Technology Harold F. Tipton, et al 7 Date: /0/0

Information Security Management Handbook, 6 th ed. (Chapter 76) Tim Greene SSL hack vulnerability details to emerge; Black Hat demo to show even extended validation certificates are vulnerable to man-in-the-middle attacks, Network World (Online), Jul 6, 009. Peter Galli Red Hat rolls out Global Desktop, eweek, May 007, Vol. 4 Issue 7, (Page 4-4), (AN 506049) Cliff Saran Wal-Mart opts for Linux platform to cut costs through virtualisation, Computer Weekly, Feb 007, (Page -), (AN 433670) Other References DShield Security threat trends and current information http://www.dshield.org/indexd.html (accessed May 5, 00). Insecure.org Security tools and documentation http://insecure.org/ (accessed May 5, 00). NOTE: All links are subject to change without prior notice. Keywords: Asymmetric Encryption Black Hat s Cryptanalysis Cryptographic System Cryptographic Technologies Cryptographic Tools Data Gathering Techniques Encryption Ethical Hacking 8 Date: /0/0

Ethical Laws and Standards for Penetration Testers Footprinting Hacking Hashing Information Gathering Nessus Nmap Penetration Testing Pretty Good Privacy (PGP) Symmetric Encryption Vulnerability Scanning White Hat s 9 Date: /0/0

Course Plan Instructional Methods This course is designed to promote learner-centered activities and support the development of cognitive strategies and competencies necessary for effective task performance and critical problem solving. The course utilizes individual and group learning activities, performance-driven assignments, problem-based cases, projects, and discussions. These methods focus on building engaging learning experiences conducive to development of critical knowledge and skills that can be effectively applied in professional contexts. Suggested Learning Approach In this course, you will be studying individually and within a group of your peers. As you work on the course deliverables, you are encouraged to share ideas with your peers and instructor, work collaboratively on projects and team assignments, raise critical questions, and provide constructive feedback. Use the following advice to receive maximum learning benefits from your participation in this course: DO DON T Do take a proactive learning approach Don t assume there is only one correct Do share your thoughts on critical issues answer to a question and potential problem solutions Don t be afraid to share your perspective on Do plan your course work in advance the issues analyzed in the course Do explore a variety of learning resources in Don t be negative towards the points of view addition to the textbook that are different from yours Do offer relevant examples from your Don t underestimate the impact of experience collaboration on your learning Do make an effort to understand different Don t limit your course experience to reading points of view the textbook Do connect concepts explored in this Don t postpone your work on the course course to real-life professional situations deliverables work on small assignment and your own experiences components every day 0 Date: /0/0

Course Outline Graded Activities Unit # Unit Title Assigned Readings Grading Category # Activity Title Grade Allocation (% of all graded work) Introduction to Hacking and Penetration Testing, Ethics and the Law Chapter Assignment. Lab. Developments in Hacking, Cybercrime, and Malware Develop an Attack & Penetration Test Plan. Cryptography Assignment Cryptology in Information Security Chapter Chapter 3. Lab.3 Vulnerability of a Cryptosystem Implement Hashing & Encryption for Secure Communications 3 Information Gathering and Footprinting Chapter 5 Assignment 3. 3. Information Gathering Plan Data Gathering and Footprinting Protection Plan Lab 3.3 Perform Data Gathering and Foot-printing on a Targeted Website Date: /0/0

Graded Activities Unit # Unit Title Assigned Readings Grading Category # Activity Title Grade Allocation (% of all graded work) Assignment 4. Top Ports and Rising Ports Review 4 Port Scanning, Vulnerability Scanning, and System Exploits Chapter 6 Chapter 7 Lab 4. Compromise and Exploit a Vulnerable Microsoft Workstation/Server Project 4.3 Project Part : Current Security Threats 3 Discussion 5. Web Server Vulnerability Analysis 5 Assignment 5. Web Application Attacks Prevention 5 Web and Database Attacks Chapter 9 Lab 5.3 Perform a Website & Database Attack by Exploiting Identified Vulnerabilities Project 5.4 Project Part : Vulnerabilities in Information Technology (IT) Security 3 6 Identifying and Combating Trojans, Backdoors, and Malware Chapter 0 Chapter Assignment 6. Malware Lifecycle Lab 6. Identify & Mitigate Malware & Malicious Software on a Linux Workstation Exam 6.3 Mid-Term Exam 5 Date: /0/0

Graded Activities Unit # Unit Title Assigned Readings Grading Category # Activity Title Grade Allocation (% of all graded work) Assignment 7. Network Traffic and Exploit Identification 7 Network Traffic Analysis and Sniffing Chapter Lab 7. Conduct a Network Traffic Analysis & Baseline Definition Project 7.3 Project Part 3: Investigate Findings on the Malware 3 Discussion 8. Security Features of Wireless Technologies 5 Assignment 8. Wireless Exploit Research 8 Wireless Security Chapter 8 Lab 8.3 Audit and Implement a Secure WLAN Solution Project 8.4 Project Part 4: Analysis of Intrusion Detection System (IDS) Traffic with Inbound Attacks 3 9 Incident Response Chapter 4 Assignment 9. Lab 9. Gaps in Incident Response Perform Incident Response for Linux and Microsoft Workstations 3 Date: /0/0

Graded Activities Unit # Unit Title Assigned Readings Grading Category # Activity Title Grade Allocation (% of all graded work) Assignment 0. Controls 0 Defensive Technologies and Techniques Chapter 4 Chapter 5 Lab 0. Design and Implement SNORT as an Intrusion Detection System (IDS) Project 0.3 Project Part 5: Malware Infection 3 Course Review and Final Examination N/A Project. Project Part 6: Defense Plan to Prevent Attacks Exam. Final Exam 5 3 Candidate for eportfolio 4 Date: /0/0

Evaluation and Grading Evaluation Criteria The graded assignments will be evaluated using the following weighted categories: Category Weight Assignment % Discussion 0% Lab 0% Project 8% Exam 40% TOTAL 00% Grade Conversion The final grades will be calculated from the percentages earned in the course, as follows: Grade Percentage Credit A 90 00% 4.0 B+ 85 89% 3.5 B 80 84% 3.0 C+ 75 79%.5 C 70 74%.0 D+ 65 69%.5 D 60 64%.0 F <60% 0.0 Academic Integrity All students must comply with the policies that regulate all forms of academic dishonesty, or academic misconduct, including plagiarism, self-plagiarism, fabrication, deception, cheating, and sabotage. For more information on the academic honesty policies, refer to the Student Handbook. (End of ) 5 Date: /0/0

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information