Dec 21, 2024  
2018-2019 Course Catalog 
    
2018-2019 Course Catalog [ARCHIVED CATALOG]

Add to Portfolio (opens a new window)

CVF 2088 - Advanced Network Pen Testing and Ethical Hacking

Credits: 4
Hours/Week: Lecture 3 Lab 2
Course Description: This course builds on the topics covered in CVF 2086 , while it briefly reviews the three major phases of penetration testing (Reconnaissance, Scanning and Exploitation), the focus of this class is on the analysis of the result and the application of the process and methodology of penetration testing. Case scenarios includes learning about a target’s infrastructure by mining blogs, search engines, and social networking sites. The final portion of the class includes a comprehensive hands-on exercise, conducting a penetration test against a hypothetical target organization, following all of the steps. This course also describes the limitations of penetration testing techniques and other practices that can be used to augment penetration testing to find vulnerabilities in architecture, policies, and processes. Certified Security Analyst Certification is part of this course.
MnTC Goals
None

Prerequisite(s): CVF 1085  and CVF 2086  with a grade of C or higher OR instructor consent. System administration experience on Microsoft Windows or Linux operating systems.
Corequisite(s): None
Recommendation: None

Major Content
  1. The Need for Security Analysis
    1. What Are We Concerned About?
    2. So What Are You Trying To Protect?
    3. Why Are Intrusions So Often Successful?
    4. What Are The Greatest Challenges?
    5. Environmental Complexity
    6. New Technologies
    7. New Threats, New Exploits
  2. TCP/IP Packet Analysis
    1. TCP/IP Model
    2. Application Layer
    3. Transport Layer
    4. Internet Layer
    5. Network Access Layer
  3. Advanced Sniffing Techniques
    1. What is Wireshark?
    2. Wireshark: Filters
    3. IP Display Filters
    4. Example
    5. Wireshark: Tshark
    6. Wireshark: Editcap
    7. Wireshark: Mergecap
  4. Vulnerability Analysis with Nessus
    1. Nessus
    2. Features of Nessus
    3. Nessus Assessment Process
    4. Nessus: Scanning
    5. Nessus: Enumeration
    6. Nessus: Vulnerability Detection
    7. Configuring Nessus
  5. Advanced Wireless Testing
    1. Wireless Concepts
    2. Wireless Concepts
    3. 802.11 Types
    4. Core Issues with 802.11
    5. What’s the Difference?
    6. Other Types of Wireless
  6. Designing a DMZ
    1. Introduction
    2. DMZ Concepts http://www.eccouncil.org
    3. Multitiered Firewall With a DMZ Flow
    4. DMZ Design Fundamentals
    5. Advanced Design Strategies
  7. Snort Analysis
    1. Snort Overview
    2. Modes of Operation
    3. Features of Snort
    4. Configuring Snort
  8. Advanced Googling
    1. Site Operator
    2. intitle:index.of
    3. error | warning
    4. login | logon
    5. username | userid | employee.ID | “your username is”
    6. password | passcode | “your password is”http://www.eccouncil.org
    7. admin | administrator
    8. admin login
  9. Log Analysis
    1. Introduction to Logs
    2. Types of Logs
    3. Events that Need to be Logged
    4. What to Look Out For in Logs
    5. W3C Extended Log File Format
    6. Automated Log Analysis Approaches
    7. Log Shipping
  10. Advanced Exploits and Tools
    1. Common Vulnerabilities
    2. Buffer Overflows Revisited
    3. Smashing the Stack for Fun and Profit
    4. Smashing the Heap for Fun and Profit
    5. Format Strings for Chaos and Mayhem
    6. The Anatomy of an Exploit

Learning Outcomes
At the end of this course students will be able to:

  1. defend a computer against a variety of different types of security attacks using a number of hands-on techniques.
  2. ability to quantitatively assess and measure threats to information assets.
  3. evaluate where information networks are most vulnerable.
  4. perform penetration tests into secure networks for evaluation purposes.
  5. critique security plans designed at protecting data assets against attacks from the internet.
  6. develop an ongoing security strategy.
  7. investigate and mitigate data risk.
  8. defend a LAN against a variety of different types of security attacks using a number of hands-on techniques.

Competency 1 (1-6)
None
Competency 2 (7-10)
None


Courses and Registration



Add to Portfolio (opens a new window)