Wednesday, February 18, 2009

UNIT 10 – Protecting Networks with Security Devices

Textbook: Simpson, Michael T. Hands-On Ethical Hacking and Network Defense. Thomson Course Technology, 2006.

Reading:
Textbook –
Chapter 13, pp. 321–346 Quiz

Assignments:
Review Questions (RQ):
Chapter 13, pp. 347–349

Hard Drives Required for LAB.

Project Part 2
Use Internet resources to footprint fazzle.com.
Due Week 10.

Lab(s):
LAB 1:
CREATING STANDARD AND EXTENDED IP ACCESS LISTS
Complete Activity 13-2, Chapter 13, pp.329 from your textbook Hands-On Ethical Hacking and
Network Defense.

Deliverables:
Submit your work in a Word document via hardcopy and email to your instructor.

LAB 2: EXAMINING AN OPEN-SOURCE HONEYPOT
Complete Activity 13-4, Chapter 13, pp.345 from your textbook Hands-On Ethical Hacking and Network Defense.

Document you activity via screenshots inserted into a Word document.
Visit http://www.securityfocus.com/infocus/1659
Answer the following questions:
1. What is a Honeypot?
2. What do the following commands do:arpd 192.168.1.0/24
honeyd -p nmap.prints -f honeyd.conf 192.168.1.0/24

Submit your work in a Word document via hardcopy and email to your instructor.

Deliverables and format: Assignment due at the end of class.
Submit your answers in a Microsoft Word document.
Font: Arial; 11
Line Spacing: Double

Submit each assignment type as a separate attachment (CA1, LABs, RQ)


Refer to General Course Information for Email and Assignment Instructions.

Wednesday, February 4, 2009

UNIT 9 – Hacking Wireless Networks

Textbook: Simpson, Michael T. Hands-On Ethical Hacking and Network Defense. Thomson Course Technology, 2006.

Reading:
Textbook –
Chapter 11, pages 269–289 Quiz

Assignments:
Review Questions (RQ):
Chapter 11, pp. 290–292

Hard Drives Required for LAB.

Project
Project Part 1 Submission
Project Part 2 - Use Internet resources to footprint fazzle.com.
Assigned Week 9 & Submission Due Week 10.

Lab(s):
LAB 1: INSTALLING NETSTUMBLER
Perform activity 11-3, pp.285 of your textbook Hands-On Ethical Hacking and Network Defense. After completing the activity, answer the following questions:
1. Based on the information about wireless networks, what can you conclude about the security of the wireless networks within your sensing area?
2. Which tools can you use to break the security of a wireless network?

Evaluation Criteria:
1. Did the students differentiate secured from unsecured networks?
2. Did the students mention Web Cracking Tools or other wireless sniffers?

Lab 2: Attacking the target server.
Based upon last week’s lab, write a report listing the tools you evaluated against the target server.
How did the tools perform?
What information were you able to gather regarding the target server?
What tools (based upon the tools you used) would you want in your tool kit to perform penetration testing?

Deliverables and format: Assignment due at the end of class.
Submit your answer in a Microsoft Word document.
Font: Arial; 11
Line Spacing: Double

Submit each assignment type as a separate attachment (CA1, LABs, RQ)


Refer to General Course Information for Email and Assignment Instructions.

IS317 UNIT 8 – Hacking Web Severs

Textbook: Simpson, Michael T. Hands-On Ethical Hacking and Network Defense. Thomson Course Technology, 2006.

Reading:
Textbook –
Chapter 10, pp. 231–264

Assignments:
Review Questions (RQ):
Chapter 10, pp. 265–266

Hard Drives Required for LAB.

Lab(s):
LAB 1:
VISITING THE OWASP WEB SITE
Complete activity 10-5, pp.250 of your textbook.
Based on your review of the top 10 vulnerabilities, do you believe it is possible to secure a Web site? Substantiate your opinion. What are some of the considerations a network security professional must take into account for securing a Web site?

Evaluation Criteria:
1. Did the students explain whether it is possible to secure a Web site?
2. Do the students list the key elements involved in Web server security?

Deliverables and format: Assignment due at the end of class.
Submit your answer in a Microsoft Word document.
Font: Arial; 11
Line Spacing: Double

Case Assignment 1 (CA1)
Title:
Determining Vulnerabilities of Web Servers
Complete the exercise Case 10-1 on page 267 from Chapter 10 of your textbook. To understand the scenario for this exercise, read case 1-1 on page 17 of the textbook.

Deliverables and format:

Submit your answer in a Microsoft Word document.
Font: Arial; 11
Line Spacing: Double

Submit each assignment type as a separate attachment (CA1, LABs, RQ)

IS317 Course Project
Project Introduction: Using commonly available tools examine the Internet Footprint of a company and identify possible vectors a hacker might attempt to compromise.

Project Submission Plan:
Project Part I
Tasks:
1. Using Google and Yahoo, determine all the information about the search engine—Fazzle.com, including details of ownership, board members, and other possible areas of inspection.

Deliverables and format:
Submit your answer in a Word document in not more than 200 words.
Font: Arial; 11
Line Spacing: Double

Assigned and Due Date:
Assigned: Week 8
Due: Week 9
Grading Weight: 5%

Project Part 2
Tasks:
1. Using www.netcraft.com and
www.whois.com, define IP blocks and OS systems for the site Fazzle.com.

Deliverables and format:
Submit your answer in a Word document in not more than 100 words.
Font: Arial; 11
Line Spacing: Double
Assigned and Due Date:
Assigned: Week 9
Due: Week 10
Grading Weight: 10%



Refer to General Course Information for Email and Assignment Instructions.

Wednesday, January 28, 2009

UNIT 7 – LINUX OPERATING SYSTEM VULNERABILITIES

Textbook: Simpson, Michael T. Hands-On Ethical Hacking and Network Defense. Thomson Course Technology, 2006.

Reading:
Textbook – Chapter 9, pp. 195–227

Assignments:
Review Questions (RQ):
Chapter 9, pp. 228–230

Hard Drives Required for LAB.

Lab(s):
LAB 1: LINUX PROGRAMMING
Refer to emailed handout.

LAB 2: FINDING LINUX ROOTKITS ON THE INTERNET
Perform activity 9-6, Chapter 9, pp.215 of your text book. After completing the activity, answer the following questions:
1. What can be the impact of rooting the commands that you listed?
2. If you visit the Web site http://www.securityfocus.com/infocus/1539, it demonstrates several tasks that you can do to harden Linux against attacks. Which of these can help prevent rootkit installs?

Evaluation Criteria:
1. Did the students recognize that the rooting of many of these commands gives up monitoring and control of their system?
2. Were the students able to relate the rooting with the methods that could have prevented the rooting of the system?

Deliverables and format: Assignment due at the end of class.
Submit your answer in a Microsoft Word document.
Font: Arial; 11
Line Spacing: Double

Graded Research Assignment 1 (RA1)
Title: Securing Linux Server against Unauthorized Intrusion
Introduction: Whether it is a Linux server or Microsoft server, within its defined role, it is essential to secure that resource. It is important to understand how the server roles relate to the methods that help secure these devices. This assignment will assist you in making those connections. Visit the URL http://www.aboutdebian.com/security.htm, and read about network security in Linux server. Next, in a Word document:

1. Describe the four types of Linux servers.
2. Describe the broad security categories according to Debian.
3. For each security category, list two techniques that can assist in securing a Linux system and why you think that technique is of assistance.

Evaluation Criteria:
1. Did the student describe four types of servers:
a. Application Servers
b. File Servers
c. Network Security Servers
d. Firewall servers and Web servers
2. Did the student describe the four categories of security?
3. Did the student list two techniques for each security category and explained how these techniques can help?

Deliverables and format: Assignment due at the end of class.
Submit your answer in a Microsoft Word document.
Font: Arial; 11
Line Spacing: Double
Submit each assignment type as a separate attachment (CA1, LABs, RQ)


Refer to General Course Information for Email and Assignment Instructions.

Wednesday, January 21, 2009

IS317 Unit 6 Microsoft Operating System Vulnerabilities

Textbook: Simpson, Michael T. Hands-On Ethical Hacking and Network Defense. Thomson Course Technology, 2006.

Reading:
Textbook –
Chapter 8, pp. 167–189

Quiz on Chapter 8 Reading Assignment.
Check your email for quiz.

Assignments:
Review Questions (RQ):
Chapter 8, pp. 190–192

Hard Drives Required for LAB.

Lab(s):
LAB 1:
DOWNLOADING AND INSTALLING MBSA
Complete Activity 8-1, Chapter 8, pp. 175 from your textbook Hands-On Ethical Hacking and
Network Defense
Submit a screen shot showing the Microsoft Baseine Security Analyzer Setup

LAB 2: USING MBSA TO SCAN LOCAL COMPUTER Evaluation Criteria
Complete Activity 8-4, Chapter 8, pp.182 from your textbook Hands-On Ethical Hacking and
Network Defense.
Submit a Microsoft Word document for step 4.

Deliverables and format:
Assignment due at the beginning of the next class.
Submit your answer in a Microsoft Word document.
Font: Arial; 11
Line Spacing: Double
Submit each assignment type as a separate attachment (CA1, LABs, RQ)


Refer to General Course Information for Email and Assignment Instructions.

Wednesday, January 14, 2009

Unit 5 - Port Scanning and Enumeration

Textbook: Simpson, Michael T. Hands-On Ethical Hacking and Network Defense. Thomson Course Technology, 2006.

Reading:
Textbook –
Chapter 5, pp. 89–104
Chapter 6, pp. 109–133

Assignments:
Review Questions (RQ):
Chapter 5, pp. 105–107,
Chapter 6, pp. 133–136

Lab(s):
LAB 1: ENUMERATING A WINDOWS OPERATING SYSTEM
Complete Activity 6.2, Chapter 6, pp.117 from your textbook. This activity will help you examine several tools required to enumerate a Windows operating system.

To complete the activity, use the IP address of your computer rather than that of your partner’s computer. Following are the steps to find out the IP address of your computer. Perform these steps before you start the activity so that you have all the information required to complete it:

1. On the desktop, click Start.
2. Click All Programs.
3. Click Accessories.
4. Click Command Prompt.
5. Type IPCONFIG /ALL in the Command Prompt window.
6. Note the current IP address and host name of your computer. The host name is the same
as your computer name.

For this activity, you will also need to share files and folders. If you are running Windows XP with service pack 2, you need to enable file and print sharing to share your files. You can do this with the Windows XP Network Setup Wizard. To enable file and print sharing, you need to perform the following steps:

1. Click Start on the desktop.
2. Click All Programs.
3. Click Communications.
4. Click Windows XP Network Setup Wizard.
5. Complete the steps for enabling file and print sharing in this wizard.
6. Restart your computer. Ensure that you save all relevant work before restarting your computer.

After you complete Activity 6.2, answer the following questions:
1. What information can you obtain by using the Net View command on your PC?
2. What information can you obtain by using these tools on a corporate network?
3. What are the risks involved in file sharing?

Evaluation Criteria:
1. Did the students describe the shares observed on their computers?
2. Did the students observe that they could look at or use others’ shares on the same network?
3. Did the students describe the risks of file sharing?
4. Did the students describe the use of file sharing networks such as Kazaa or Morpheus?

Deliverables and format: Assignment due in class.
Submit a Microsoft Word document in not more than 150 words.
Font: Arial; 11 Line Spacing: Double

Case Assignment 1 (CA1)
Title: Windows Server 2003 Server Roles and Audit Events
Introduction:
Servers in an enterprise or organizational setting, in general, play a defined role. This role is based on the needs of the organization. Often, these needs conflict with the most effective methodology for securing these esources. A web server must be open to port 80 traffic if it is to serve public Web pages. This assignment helps identify the functional role of these resources and how to track potentially intrusive events.

This assignment has two parts:
Part A
In Table 3.1, describe the server roles and the functions that each type of server performs.

Audit account logon events

Table 3.1 Windows Server 2003 Server Roles
To be emailed to students

Part B
Using Table 3.2, write a paragraph on any four audit security settings and why Microsoft recommended that setting, based on the category of the illustrated server role:
Legacy Client—LC , Enterprise Client—EC, or Specialized Security-Limited Functionality—SS

Table 3.2: Audit Events Recommended By Microsoft
To be emailed to students

Evaluation Criteria:
• Did student fill in chart with all nine role/function information?
• Is the provided description sufficient for 100%, 50%, or 0 % credit for each server role?
• Did the student provide the following for each of the audit category
1 Description of the event
2 Opinion on why Microsoft recommended a particular setting

Deliverables and format: Assignment due at the beginning of the next class.
Submit your answer in a Microsoft Word document in not more than 500 words.
Font: Arial; 11
Line Spacing: Double
Submit each assignment type as a separate attachment (CA1, LABs, RQ)


Refer to General Course Information for Email and Assignment Instructions.

Tuesday, January 6, 2009

Unit 4 - Footprinting and Social Engineering

Textbook: Simpson, Michael T. Hands-On Ethical Hacking and Network Defense. Thomson Course Technology, 2006.

Reading:
Textbook - Chapter 4, pp. 61–83

Assignments:
Review Questions (RQ): Chapter 4, pp. 84–86 Assignment due in class.

Lab(s):
LAB 1:
Discovering Cookies on Web Browsers
Complete Activity 4-4, Chapter 4, pp. 73 from your textbook. After viewing these demonstrations, answer the following questions:

Deliverables and format: Assignment due in class.
Submit screenshots in a Microsoft Word document.
Font: Arial; 11 Line Spacing: Double

Case Assignment 1 (CA1): Using an E-mail Address to Determine the Operating system
Title: Network FootPrinting
Complete the exercise Case 4-1 on page 86 from Chapter 4 of your textbook. To understand the scenario for this exercise, read case 1-1 on page 17 of the textbook.

Deliverables and format: Assignment due at the beginning of the next class.
Submit your answer in a Microsoft Word document.
Font: Arial; 11
Line Spacing: Double

Submit each assignment type as a separate attachment (CA1, LABs, RQ)


Refer to General Course Information for Email and Assignment Instructions.