ETHICAL HACKING

SHE Level 3
SCQF Credit Points 20.00
ECTS Credit Points 10.00
Module Code M3I124459
Module Leader Riccardo Lazzarini
School School of Computing, Engineering and Built Environment
Subject Cyber Security and Networks
Trimester
  • A (September start)

Pre-Requisite Knowledge

Cyber security operations and Equivalent

Summary of Content

Ethical hacking is the practice of legally and ethically assessing the security of systems and networks to discover possible weaknesses. The overall aim of ethical hacking is strengthening defences. Companies employ ethical hackers so that they can discover weak spots in their systems. The aim of this module is to appreciate the various stages of a hacking attack, while analysing how hackers can use tools to break into insecure network systems and how these attacks may be mitigated. The module examines hacking techniques used to break into networked systems, and explores the usage of malware in the context of a hacking attack.

Syllabus

Legal, Professional and Ethical Aspects related to ethical hacking. Theoretical principles, basic philosophy and concepts of ethical hacking to provide an insight into the mindset of a hacker. Ethical Hacking Methodologies and Techniques -360 - Ethical hacking methodologies and frameworks used to identify and exploit known vulnerabilities. - A practical exploration of hacking/penetration testing methods including information gathering, vulnerability assessment, exploitation and privilege escalation. Technologies, tools and techniques to execute attacks on networks and systems -360 - Man In the Middle, Denial of service & Password attacks - Use of malware against computer systems - Techniques for bypassing security. Mitigation techniques against hacking. Ethical Hacking Tools -360 - Use existing hacking tools in a legal and professional context. - Develop and design customised tools to complete hacking activities.. Developing practices and strategies to hack into networks.

Learning Outcomes

On successful completion of this module a student should be able to:Appreciate the legal, ethical and professional challenges facing an ethical hacker. Appreciate the fundamental principles of systems security and describe the role ethical hacking plays in providing secure and robust networks. Apply the methods hackers employ to accurately collect and assimilate information about a target's infrastructure whilst avoiding detection.Evaluate the limitations of security mechanisms and reflect on the use of tools and techniques to bypass them.Understand and implement the tools and configurations to mitigate the vulnerabilities and issue identified.

Teaching / Learning Strategy

The university 'Strategy for Learning' documentation has informed the learning and teaching strategy for this module. The module's material will be introduced through lectures, while practical laboratory exercises, based on lecture material, will be given to students whereby the will experiment with, tools and techniques to assess the security posture of systems & network infrastructures. Tutorials will be used to help explain and elaborate on both the lecture material and the laboratory exercises. All lecture, tutorial and laboratory material will be available on GCU Learn and links will be provided to appropriate external material such as podcasts, videos and literature. GCU Learn will also be used to provide the students with module specific forums and wiki's to stimulate student and lecturer interaction out-with the normal lecture, laboratory and tutorial session. In addition, students will be encouraged to access NETLAB, an innovative hands-on online lab learning environment providing access to live systems and network devices. During all laboratory and tutorial sessions students will receive formative feedback on their performance in undertaking the laboratory and tutorial exercises. Summative feedback can be obtained for the coursework and final written exam undertaken as part of the module .

Indicative Reading

Peter Kim, The Hacker Playbook 2: Practical Guide To Penetration Testing, CreateSpace Independent Publishing Platform, 2015 Patrick Engebretson, The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy 2nd Edition, Syngress, 2013 Ben Clark, Rtfm: Red Team Field Manual, CreateSpace Independent Publishing Platform, 2014

Transferrable Skills

C1 - Logical thinking and problem solving. C2 - Critical analysis. D1 - Communication skills (electronic, written, oral and listening) necessary to make effective presentation of a technical nature (information, ideas, problems and their solutions) to a range of audiences. E2 - Creativity, innovation and independent thinking. E6 - Ability to prioritise tasks and time management (organising and planning work). E7 - Interpersonal skills, the ability to work as a member of a team (work with and relate effectively to others) recognising the different roles within a team and different ways of organising teams (leadership).

Module Structure

Activity Total Hours
Tutorials (FT) 12.00
Practicals (FT) 24.00
Assessment (FT) 20.00
Lectures (FT) 24.00
Independent Learning (FT) 120.00

Assessment Methods

Component Duration Weighting Threshold Description
Exam (Exams Office) 2.00 50.00 35% Unseen written exam
Coursework 1 n/a 50.00 35% Practical based assignment