NETWORK PENETRATION TESTING AND ETHICAL HACKING

SHE Level 3
SCQF Credit Points 20.00
ECTS Credit Points 10.00
Module Code M3I123698
Module Leader Riccardo Lazzarini
School School of Computing, Engineering and Built Environment
Subject Cyber Security and Networks
Trimester
  • A (September start)

Pre-Requisite Knowledge

Security Landscape or equivalent

Summary of Content

Ethical hacking is the practice of penetrating systems to discover weaknesses with the aim of strengthening defences. Companies employ ethical hackers so that they can discover weak spots in their systems. The aim of this module is to appreciate the various stages of a hacking attack, or equally a penetration test, while analysing how hackers can use tools to break into insecure network system and how these attacks may be mitigated. This module provides a comprehensive grounding in the methodology, techniques and culture of ethical hacking, and the laws relating to computer crime. It takes students on a practical journey into the hacking mindset, examining and applying the tools and techniques hackers employ, through the various stages and elements of a penetration test (from information discovery, target scanning through to exploitation, privilege escalation, and retaining access). The aim of this module is to analyse how hackers can use tools to break into an insecure network system and how these attacks may be mitigated. The module examines hacking techniques used to break into insecure networked systems, and explores the usage of Trojans and Root kits, which have become increasingly important elements of the ethical hacking arena together with effective countermeasures. The module is designed to educate for the purpose of properly defending systems from hacking attacks.

Syllabus

Legal, Professional and Ethical Aspects Legal, professional and ethical issues likely to face the domain of ethical hacking. Ethical responsibilities, and the need for professional integrity and making appropriate use of the tools and techniques associated with ethical hacking. legality. Emphasis on positive, constructive, and ethical aspects of the discipline. the expectations and requirements of the legal system. Introduction to the Principles of Ethical Hacking A historical and cultural examination of hacking. The underpinning theoretical principles, basic philosophy and concepts of ethical hacking. Insights into the mindset of an ethical hacker. The concepts of penetration testing, vulnerability assessment set in the context of enhancing systems security. Requirements and expectations of penetration testing. Penetration testing methodologies. Introduction to Computer Systems, Networks and Communication Protocol Basics Introduction to computer systems and networks. Fundamental concepts of communication protocols. Ports and protocols. Sniffing and intercepting traffic. digital systems from the perspective of the threats and vulnerabilities that can be identified and addressed as a result of employing ethical hacking principles. Methodologies and Techniques A practical exploration of hacking/penetration testing methods. Information discovery. Vulnerability assessment, exploitation and privilege escalation. Password attacks. Trojans, back-doors and root kits, strategies for denial of service attack, utilising weaknesses with buffer overflows, Firewall and IDS. Techniques for bypassing security. Hacking prevention techniques. Ethical Hacking Tools A penetration tester's tool chest of resources. Ethical hacking tools in context and how these tools would be used in a professional environment. Develop and design customised tools using the Python programming language. Developing practices and strategies to hack into networks. Legal and ethical aspects of the activities.

Learning Outcomes

On completion of this module, the student should be able to- Appreciate the legal, ethical and professional challenges facing an ethical hacker. Discuss the legality and scope of ethical hacking and evaluate the legal and ethical issues relating to examples of this technique.Understand how ethical hacking relates to, and makes use of, the underpinning theories and principles of computing and networking.Appreciate the fundamental principles of systems security, particularly in relation to weaknesses and vulnerabilities and describe the limitations of security mechanisms and the tools and techniques employed to bypass them.Describe the role ethical hacking plays in providing secure and robust networks (including wireless networks).Apply the methods hackers employ to accurately collect and assimilate information about a target's infrastructure whilst avoiding detection, particularly in regard to penetration testing and systems security.Understand and implement the tools that can be used to leverage access on a system.Describe the techniques hackers employ to cover their tracks and the routes through which access is maintained.

Teaching / Learning Strategy

Learning and teaching will take place through a variety of mechanisms, including lectures, seminars, with associated practical sessions, research into current developments and issues, and case studies. This module emphasises a "hands-on" approach to learning. Case studies will be used formatively in tutorials throughout the module in order to promote application of knowledge to specific problems and encourage discussion. Topics will be introduced in lectures and discussed through guided inquiry based learning activities. Theoretical material will be re-enforced and consolidated through the critical analysis and discussion of case studies in tutorials that are designed to explain and elaborate both on theoretical and laboratory content. Additionally directed learning will reinforce essential theory and place understanding into context. Independent study will be encouraged to satisfy the student's own interests. A Virtual Learning Environment (VLE) will also be used to provide access to a range of relevant learning resources and materials to enhance the teaching strategy. Managed blended learning environments will be used to consider material and provide the capability for on-line reflection of material related to learning outcomes, and enable peer support. Feedback will be implemented via a combination of generic feedback, and verbal feedback during tutorials and laboratory sessions together with self assessment and peer review exercises to help the student to assess their understanding of material and to develop their learning strategy. The subject discipline is continuously developing, evolving and changing and as a result students will be expected to keep up to date with developments through independent research. Students will be encouraged to adopt an independent learning style, acquiring and applying knowledge through their own research and enquiry, supported by a series of guided activities and exercises. Students will be encouraged to share the findings of their research through seminar presentations and participation in on-line discussions with the rest of the student cohort. The material presented in this module is potentially damaging if used maliciously and the capabilities developed in this module have potential for harm. Academics will emphasise the professional expectations of students and of persons working in this domain as well as stressing the students' ethical and moral responsibilities to themselves and others, including the School and the University.

Indicative Reading

Engebretson P., (2013), The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy, Syngress Harper, A. et al (2015) Gray Hat Hacking The Ethical Hackers Handbook, McGraw-Hill. Oryano, S. (2014) CEH: Certified Ethical Hacker Version 8 Study Guide, Wiley. Wilhelm, T. (2013) Professional Penetration Testing, Syngress In addition to the references above several online resources (blogs, journals, websites, etc.), which reflect up to date understanding in the field, will be provided to students.

Transferrable Skills

TRADITIONAL ACADEMIC SKILLS - ability to apply knowledge, logical thinking, problem-solving. PERSONAL DEVELOPMENT SKILLS - self-discipline, self-reliance, awareness of strengths and weaknesses, independence, knowledge of international affairs, desire to go on learning, ability to reflect, integrity, honesty and regard for others ENTERPRISE OR BUSINESS SKILLS - ability to prioritise tasks, time management, interpersonal skills, presentational skills, ability to work in teams and leadership skills, flexibility, independence and risk-taking

Module Structure

Activity Total Hours
Practicals (FT) 24.00
Assessment (FT) 20.00
Independent Learning (FT) 120.00
Tutorials (FT) 12.00
Lectures (FT) 24.00

Assessment Methods

Component Duration Weighting Threshold Description
Exam (Exams Office) 2.00 50.00 35% Unseen written exam
Coursework 1 0.00 50.00 35% Practical Lab work