Textbook: Simpson, Michael T. Hands-On Ethical Hacking and Network Defense. Thomson Course Technology, 2006.
Reading:
Textbook - Chapter 3, pp. 39–57
Assignments:
Review Questions (RQ): Chapter 3, pp. 57–59 Assignment due in class.
Lab(s):
Lab 1: NETWORK AND COMPUTER ATTACKS
Security + labsim CD
• 1.1.1 Examining a Denial of Service Attack
• 1.1.2 Hacking Resources
• 1.1.3 Keystroke Logging
• 1.1.4 Using a Virus Scanner
• 1.1.5 Scanning for SpyWare
• 1.2.1 Researching Virus Hoaxes
After viewing these demonstrations, answer the following questions:
1. In your opinion, when does keystroke logging pose the greatest risk as an exploit?
2. What is the best way of preventing keystroke logging?
3. In your opinion, how effective are spyware scanning tools?
Deliverables and format: Assignment due in class.
Submit your answers in a Microsoft Word document.
Font: Arial; 11 Line Spacing: Double
Lab2: IDENTIFYING MICROSOFT BUFFER OVERFLOW VULNERABILITIES
Complete Activity 3-5, Chapter 3, pp.53 from your textbook Hands-On Ethical Hacking and Network Defense.
Deliverables and format: Assignment due in class.
Submit your answer in a Microsoft Word document.
Font: Arial; 11 Line Spacing: Double
Participation Assignment (PA1):
Title: Most Dangerous Malware
1. Based upon the class discussion which of the following,according to you, is the most dangerous:
• A virus
• A worm
• A Trojan horse
• A Spyware
2. Why do you think so? Explain by comparing your choice with the other types of malware. In addition, substantiate your response with logical reasons and references to the destruction caused by your choice.
3. You need to respond to the answers provided by your peers in this class in the following manner:
• Similar perspectives: Substantiate the response of a peer who concurs your perspective.
• Different perspectives: Justify YOUR perspective to a peer with a different point of view.
Deliverables and format: Due before the next class.
Submit your answer in a Microsoft Word document.
Font: Arial; 11 Line Spacing: Double
Submit each assignment type as a separate attachment (CA1, LABs, RQ, PA1)
Refer to General Course Information for Email and Assignment Instructions.
Wednesday, December 10, 2008
Wednesday, December 3, 2008
Unit 2 - TCP/IP CONCEPTS REVIEW
Textbook: Simpson, Michael T. Hands-On Ethical Hacking and Network Defense. Thomson Course Technology, 2006.
Reading:
Textbook - Chapter 2, pp. 19 - 35
Quiz 1
A quiz containing 20 questions from Chapter 2— TCP/IP will be given at the beginning of class.
Assignments:
Review Questions (RQ): Chapter 2, pp. 36–38 Assignment due in class.
Lab(s):
Lab 1: VIEWING RFC-793
Complete Activity 2-1, Chapter 2, pp. 22 from your textbook Hands-On Ethical Hacking and Network Defense.
After completing the activity, answer the following question:
What communication functions does TCP perform in an IP network?
Comment on the importance of any two functions.
Deliverables and format: Assignment due in class.
Submit your answers in a Microsoft Word document in not more than 150 words.
Font: Arial; 11 Line Spacing: Double
Lab2: TCP/IP Learning to use the Traceroute command
To complete this lab exercise, perform the following steps:
1. Access the link http://www.calweb.com/cgi-bin/traceroute
2. Enter “google.com” in the form; do not enter “www.”
3. Note down the main IP address of Google.
4. What is the last IP address in the route?
5. Do you get the same results on clicking Submit again? Why or why not?
6. In a short paragraph, explain how commands such as Traceroute can be used in hacking.
Evaluation Criteria:
Did the student demonstrate the use of ports or lower-level functionality such as traceroute?
Deliverables and format: Assignment due in class.
Submit your answer in a Microsoft Word document.
Font: Arial; 11
Line Spacing: Double
Submit each assignment type as a separate attachment (CA1, LABs, RQ)
Refer to General Course Information for Email and Assignment Instructions.
Reading:
Textbook - Chapter 2, pp. 19 - 35
Quiz 1
A quiz containing 20 questions from Chapter 2— TCP/IP will be given at the beginning of class.
Assignments:
Review Questions (RQ): Chapter 2, pp. 36–38 Assignment due in class.
Lab(s):
Lab 1: VIEWING RFC-793
Complete Activity 2-1, Chapter 2, pp. 22 from your textbook Hands-On Ethical Hacking and Network Defense.
After completing the activity, answer the following question:
What communication functions does TCP perform in an IP network?
Comment on the importance of any two functions.
Deliverables and format: Assignment due in class.
Submit your answers in a Microsoft Word document in not more than 150 words.
Font: Arial; 11 Line Spacing: Double
Lab2: TCP/IP Learning to use the Traceroute command
To complete this lab exercise, perform the following steps:
1. Access the link http://www.calweb.com/cgi-bin/traceroute
2. Enter “google.com” in the form; do not enter “www.”
3. Note down the main IP address of Google.
4. What is the last IP address in the route?
5. Do you get the same results on clicking Submit again? Why or why not?
6. In a short paragraph, explain how commands such as Traceroute can be used in hacking.
Evaluation Criteria:
Did the student demonstrate the use of ports or lower-level functionality such as traceroute?
Deliverables and format: Assignment due in class.
Submit your answer in a Microsoft Word document.
Font: Arial; 11
Line Spacing: Double
Submit each assignment type as a separate attachment (CA1, LABs, RQ)
Refer to General Course Information for Email and Assignment Instructions.
Unit 1 - Ethical Hacking Overview
Textbook: Simpson, Michael T. Hands-On Ethical Hacking and Network Defense. Thomson Course Technology, 2006.
Reading:
Textbook - Chapter 1, pp. 1–14
NIST SP 800-42
(http://www.csrc.nist.gov/publications/nistpubs/800-42/NIST-SP800-42.pdf )
Chapter 3, pp. 20–41
NIST SP 800-35
(http://www.csrc.nist.gov/publications/nistpubs/800-35/NIST-SP800-35.pdf )
Chapter 3, pp 21–23
Chapter 5, pp. 48–53
References:
“The trials of Kevin Mitnick” (CNN.com March 18, 1999)
http://www.cnn.com/SPECIALS/1999/mitnick.background/ (May 27, 2006).
Assignments:
Review Questions (RQ): Review Questions 1 - 20, pp. 15–17 Assignment due in class.
Write out question and answer.
Lab(s):
Lab 1: PENETRATION TESTERS: JOB REQUIREMENTS
Complete Activity 1-1, Chapter 1, pp. 3 from your textbook.
After completing the activity, summarize the job descriptions you read on Monster.com.
Compare the requirements of the various corporations for penetration testers. Refer to specific organizations in the summary.
Deliverables and format: Assignment due in class.
Submit your answers in a Microsoft Word document in not more than 150 words.
Font: Arial; 11 Line Spacing: Double
Research Assignment 1 (RA1):
Title: Ethical Vs. Unethical Hacking
Task:
1. Log on to ITT Tech Virtual Library, search for the article “The Legend and Legacy of Kevin Mitnick.” In all databases, access the article, and then read the section “The life of Kevin Mitnick.”
2. Answer the following question:
Based on the cyber hacking committed by Kevin and per your understanding of the definition of ethical hacking, do you consider Kevin Mitnick an ethical or unethical hacker?
3. Support your answer with logical reasons and references to Web sites, which support your point of view. Remember that references to .gov and .org Web sites will provide more credibility to your answer as compared to the Web sites that post personal opinions of people.
Deliverables and format:
Submit your answer in a Microsoft Word document in not more than 200 words.
Font: Arial; 11
Line Spacing: Double
Research Assignments are due before the start of the next class.
Submit each assignment type as a separate attachment (CA1, LAB1, RQ)
GMail Account:
Each student will email the Instructor from their gmail account tonight. If you do not have a gmail account then create one tonight. Your email should illustrate that you have read the General Course Information for Email and Assignments.
Refer to General Course Information for Email and Assignment Instructions.
Reading:
Textbook - Chapter 1, pp. 1–14
NIST SP 800-42
(http://www.csrc.nist.gov/publications/nistpubs/800-42/NIST-SP800-42.pdf )
Chapter 3, pp. 20–41
NIST SP 800-35
(http://www.csrc.nist.gov/publications/nistpubs/800-35/NIST-SP800-35.pdf )
Chapter 3, pp 21–23
Chapter 5, pp. 48–53
References:
“The trials of Kevin Mitnick” (CNN.com March 18, 1999)
http://www.cnn.com/SPECIALS/1999/mitnick.background/ (May 27, 2006).
Assignments:
Review Questions (RQ): Review Questions 1 - 20, pp. 15–17 Assignment due in class.
Write out question and answer.
Lab(s):
Lab 1: PENETRATION TESTERS: JOB REQUIREMENTS
Complete Activity 1-1, Chapter 1, pp. 3 from your textbook.
After completing the activity, summarize the job descriptions you read on Monster.com.
Compare the requirements of the various corporations for penetration testers. Refer to specific organizations in the summary.
Deliverables and format: Assignment due in class.
Submit your answers in a Microsoft Word document in not more than 150 words.
Font: Arial; 11 Line Spacing: Double
Research Assignment 1 (RA1):
Title: Ethical Vs. Unethical Hacking
Task:
1. Log on to ITT Tech Virtual Library, search for the article “The Legend and Legacy of Kevin Mitnick.” In all databases, access the article, and then read the section “The life of Kevin Mitnick.”
2. Answer the following question:
Based on the cyber hacking committed by Kevin and per your understanding of the definition of ethical hacking, do you consider Kevin Mitnick an ethical or unethical hacker?
3. Support your answer with logical reasons and references to Web sites, which support your point of view. Remember that references to .gov and .org Web sites will provide more credibility to your answer as compared to the Web sites that post personal opinions of people.
Deliverables and format:
Submit your answer in a Microsoft Word document in not more than 200 words.
Font: Arial; 11
Line Spacing: Double
Research Assignments are due before the start of the next class.
Submit each assignment type as a separate attachment (CA1, LAB1, RQ)
GMail Account:
Each student will email the Instructor from their gmail account tonight. If you do not have a gmail account then create one tonight. Your email should illustrate that you have read the General Course Information for Email and Assignments.
Refer to General Course Information for Email and Assignment Instructions.
SYLLABUS: Hacker Techniques, Tools and Incident Handling
Instructor: Mr. Beard
Office hours: TBD
Class hours: As Scheduled
COURSE DESCRIPTION
This course is an introduction to hacking tools and incident handling. Areas of instruction include
various tools and vulnerabilities of operating systems, software and networks used by hackers to
access unauthorized information. This course also addresses incident handling methods used when
information security is compromised.
COURSE OBJECTIVES
After successful completion of this course, the student will have the opportunity to:
1. Identify the classes of hackers and the ethical use of penetration analysis tools.
2. Describe the environments where network security is applied.
3. Identify classes of network monitoring and management tools as they relate to network
security.
4. Identify multiple classes of computer and network vulnerabilities.
5. Conduct network footprinting.
6. Describe tools used to test for multiple types of computer and network vulnerabilities.
7. Evaluate the role penetration testing plays in demonstrating the existence of network
vulnerabilities.
8. Explain the evolution of computer crime legislation.
9. Describe the best practices to protect networks and hosts.
10. Apply the provision of National Institute of Standards and Technology (NIST)
publications SP 800-42 and SP 800-35.
11. Explore ITT Tech Virtual Library to describe hacker related incidents and computer
vulnerabilities.
Related SCANS Objectives
1. Troubleshoot the problems in the security architecture of an organization.
2. Demonstrate how components of a network interact within and outside the network,
applying technical skills.
3. Evaluate the set of procedures, tools, or computers and their programs that will create
secure network architecture for an organization.
4. Create secure network architecture for an organization.
5. Identify the knowledge of security requirements of the organization with the best
application of information assurance practices.
6. Classify the availability, integrity and confidentiality of data in an orderly manner to
ensure the specific secure requirements of the organization.
7. Acquire security related data and evaluate it for the purpose of implementing secure
network architecture for an organization.
8. Interpret security data, which effectively communicate the justification of related security
information.
9. Process security configurations using computers.
10. Solve security issues as a member of an information technology team.
11. Evaluate a decision regarding security structure of the organization and other related
problems through negotiation with others.
COURSE RESOURCES
Student Textbook Package
Simpson, Michael T. Hands-On Ethical Hacking and Network Defense. Thomson
Course Technology, 2006.
References and Resources
ITT Tech Virtual Library
Log on to the ITT Tech Virtual Library— http://www.library.itt-tech.edu/
—to access the online books, journals, and other reference resources selected to support ITT Tech curriculums.
General References
• >Program Links>Professional Organizations
• >Program Links>Recommended Links
EVALUATION & GRADING
COURSE REQUIREMENTS
1. Attendance and Participation
Regular attendance and participation are essential for satisfactory progress in this course.
2. Completed Assignments
Each student is responsible for completing all assignments on time.
3. Team Participation, if applicable
Each student is responsible for participating in team assignments and for completing the delegated task. Each team member must honestly evaluate the contributions by all members of their respective teams.
Evaluation Criteria Table
The final grade will be based on the following weighted categories:
Category Weight
Participation 10%
Writing Assignments 15%
Research Assignments 10%
Lab Assignments 25%
Project 1 5%
Project 2 10%
Final Exam 25%
Office hours: TBD
Class hours: As Scheduled
COURSE DESCRIPTION
This course is an introduction to hacking tools and incident handling. Areas of instruction include
various tools and vulnerabilities of operating systems, software and networks used by hackers to
access unauthorized information. This course also addresses incident handling methods used when
information security is compromised.
COURSE OBJECTIVES
After successful completion of this course, the student will have the opportunity to:
1. Identify the classes of hackers and the ethical use of penetration analysis tools.
2. Describe the environments where network security is applied.
3. Identify classes of network monitoring and management tools as they relate to network
security.
4. Identify multiple classes of computer and network vulnerabilities.
5. Conduct network footprinting.
6. Describe tools used to test for multiple types of computer and network vulnerabilities.
7. Evaluate the role penetration testing plays in demonstrating the existence of network
vulnerabilities.
8. Explain the evolution of computer crime legislation.
9. Describe the best practices to protect networks and hosts.
10. Apply the provision of National Institute of Standards and Technology (NIST)
publications SP 800-42 and SP 800-35.
11. Explore ITT Tech Virtual Library to describe hacker related incidents and computer
vulnerabilities.
Related SCANS Objectives
1. Troubleshoot the problems in the security architecture of an organization.
2. Demonstrate how components of a network interact within and outside the network,
applying technical skills.
3. Evaluate the set of procedures, tools, or computers and their programs that will create
secure network architecture for an organization.
4. Create secure network architecture for an organization.
5. Identify the knowledge of security requirements of the organization with the best
application of information assurance practices.
6. Classify the availability, integrity and confidentiality of data in an orderly manner to
ensure the specific secure requirements of the organization.
7. Acquire security related data and evaluate it for the purpose of implementing secure
network architecture for an organization.
8. Interpret security data, which effectively communicate the justification of related security
information.
9. Process security configurations using computers.
10. Solve security issues as a member of an information technology team.
11. Evaluate a decision regarding security structure of the organization and other related
problems through negotiation with others.
COURSE RESOURCES
Student Textbook Package
Simpson, Michael T. Hands-On Ethical Hacking and Network Defense. Thomson
Course Technology, 2006.
References and Resources
ITT Tech Virtual Library
Log on to the ITT Tech Virtual Library— http://www.library.itt-tech.edu/
—to access the online books, journals, and other reference resources selected to support ITT Tech curriculums.
General References
• >Program Links>Professional Organizations
• >Program Links>Recommended Links
EVALUATION & GRADING
COURSE REQUIREMENTS
1. Attendance and Participation
Regular attendance and participation are essential for satisfactory progress in this course.
2. Completed Assignments
Each student is responsible for completing all assignments on time.
3. Team Participation, if applicable
Each student is responsible for participating in team assignments and for completing the delegated task. Each team member must honestly evaluate the contributions by all members of their respective teams.
Evaluation Criteria Table
The final grade will be based on the following weighted categories:
Category Weight
Participation 10%
Writing Assignments 15%
Research Assignments 10%
Lab Assignments 25%
Project 1 5%
Project 2 10%
Final Exam 25%
Subscribe to:
Posts (Atom)
