Apr 19, 2024  
2017-2018 Course Catalog 
    
Catalog Navigation
  Catalog Home
  Introduction to Century College
  Mission, Vision, Values

  College Calendar

  Course Descriptions and Outlines
  Programs (Century Academic Pathway)
  Programs (Department)
  Programs (A-Z)

  Academic Policies and Program Requirements
  Admissions and Registration
  Application for Admission
  Student Services and Resources
  Student Handbook
  Transfer

  Continuing Education and Customized Training
  College Administration and Faculty
  Maps and Directions
  Archived Catalogs
  My Portfolio
HELP
2017-2018 Course Catalog [ARCHIVED CATALOG]

Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)

CVF 2086 - Network Pen Testing and Ethical Hacking

Credits: 4
Hours/Week: Lecture 4Lab None
Course Description: This course covers the three major phases of penetration testing (Reconnaissance, Scanning and Exploitation) in detail. Reconnaissance is learning about a target’s infrastructure by mining blogs, search engines, and social networking sites. Scanning is the process of identifying live host or services in a given network. Exploitation involves the use of exploitation frameworks, stand-alone exploits, and other valuable tactics to conduct a vulnerability assessment. Students will also discuss and demonstrate how to prepare a final report, tailored to maximize the value of the test from both a management and technical perspective. The final portion of the class includes a comprehensive hands-on exercise, conducting a penetration test against a hypothetical target organization, following all of the steps. This course also describes the limitations of penetration testing techniques and other practices that can be used to augment penetration testing to find vulnerabilities in architecture, policies, and processes. Certified Ethical Hacker exam Certification is part of this course.
MnTC Goals
None

Prerequisite(s): CVF 1065  and CVF 1085  with a grade of C or higher OR instructor consent. System administration experience on Microsoft Windows or Linux operating systems.
Corequisite(s): None
Recommendation: None

Major Content
  1. Introduction to Ethical Hacking
    1. Internet Crime Current Report: IC3
    2. Data Breach Investigations Report
    3. Types of Data Stolen From the Organizations
    4. Essential Terminologies
    5. Elements of Information Security
  2. Scanning Networks
    1. Network Scanning
    2. Types of Scanning
    3. Checking for Live Systems - ICMP Scanning
    4. Ping Sweep
  3. Enumeration
    1. What is Enumeration?
    2. Techniques for Enumeration
    3. Netbios Enumeration
  4. System Hacking
    1. Information at Hand Before System Hacking Stage
    2. System Hacking: Goals
    3. CEH Hacking Methodology (CHM)
    4. Password Cracking
  5. Trojans and Backdoors
    1. What is a Trojan?
    2. Overt and Covert Channels
    3. Purpose of Trojans
    4. What Do Trojan Creators Look For?
    5. Indications of a Trojan Attack
  6. Viruses and Worms
    1. Introduction to Viruses
    2. Virus and Worm Statistics 2010
    3. Stages of Virus Life
    4. Working of Viruses: Infection Phase
    5. Working of Viruses: Attack Phase
    6. Virus Hoaxes
  7. Sniffers
    1. Lawful Intercept
    2. Wiretapping
    3. Sniffing Threats
    4. How a Sniffer Works
    5. Hacker Attacking a Switch
    6. Types of Sniffing: Passive Sniffing
  8. Social Engineering
    1. What is Social Engineering?
    2. Behaviors Vulnerable to Attacks
    3. Why is Social Engineering Effective?
    4. Warning Signs of an Attack
    5. Phases in a Social Engineering Attack
  9. Denial of Service
    1. What is a Denial of Service Attack?
    2. What is Distributed Denial of Service Attacks?
    3. How Distributed Denial of Service Attacks Work
    4. Symptoms of a DoS Attack
    5. Cyber Criminals
  10. Footprinting and Reconnaissance
    1. Footprinting Terminologies
    2. What is Footprinting?
    3. Objectives of Footprinting
    4. Footprinting Threats
    5. Finding a Companys URL
  11. Penetration Testing
    1. Introduction to Penetration Testing
    2. Security Assessments
    3. Vulnerability Assessment
  12. Buffer Overflow
    1. Buffer Overflows
    2. Why are Programs and Applications Vulnerable?
    3. Understanding Stacks
    4. Stack-Based Buffer Overflow
  13. Hacking Web Applications
    1. Web Application Security Statistics
    2. Introduction to Web Applications
    3. Web Application Components
    4. How Web Applications Work?
    5. Web Application Architecture
  14. Hacking Wireless Networks
    1. Wireless Networks
    2. Wi-Fi Usage Statistics in the US
    3. Wi-Fi Hotspots at Public Places
    4. Wi-Fi Networks at Home
    5. Types of Wireless Networks
  15. Hijacking Webservers
    1. Webserver Market Shares
    2. Open Source Webserver Architecture
    3. IIS Webserver Architecture
    4. Website Defacement
  16. Session Hijacking
    1. What is Session Hijacking?
    2. Dangers Posed by Hijacking
    3. Why Session Hijacking is Successful
    4. Key Session Hijacking Techniques
  17. Crytography
    1. Cryptography
    2. Types of Cryptography
    3. Government Access to Keys (GAK)
    4. Ciphers
    5. Advanced Encryption Standard (AES)
  18. Evading IDS, Firewalls, and Honeypots
    1. Intrusion Detection Systems (IDS) and its Placement
    2. How IDS Works?
    3. Ways to Detect an Intrusion
    4. Types of Intrusion Detection Systems
    5. System Integrity Verifiers (SIV)
  19. SQL Injection
    1. SQL Injection is the Most Prevalent Vulnerability in 2010
    2. SQL Injection Threats
    3. What is SQL Injection?
    4. SQL Injection Attacks
    5. How Web Applications Work
    6. Server Side Technologies

Learning Outcomes
At the end of this course students will be able to:

  1. apply various technological tools to gather and parse packets.
  2. employ “buffer overflow” attack to ensure quality control of OS and application level attacks.
  3. examine different types of network level attacks.
  4. explain ethical use of hacking techniques in a computer networks.
  5. explain the basic function/operation of reconnaissance-using network and computer tools.
  6. implement a non-invasive intrusion detection system.
  7. implement computer security policies and electronic investigation procedures.
  8. perform simple penetration testing using tools such as ARIN, port-scanning tools, Fragrouter.
  9. perform system and network scanning for vulnerabilities, OS fingerprints and firewall limitations.
  10. perform system security and vulnerability testing in a LAN environment.


Courses and Registration


Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)