ETHICAL HACKING

SHE Level 3
SCQF Credit Points 20.00
ECTS Credit Points 10.00
Module Code M3I125240
Module Leader Riccardo Lazzarini
School School of Computing, Engineering and Built Environment
Subject Cyber Security and Networks
Trimester
  • A (September start)

Pre-Requisite Knowledge

Cyber security operations and Equivalent

Summary of Content

Ethical hacking is the practice of legally and ethically assessing the security of systems and networks to discover possible weaknesses. The overall aim of ethical hacking is strengthening defences. Companies employ ethical hackers so that they can discover weak spots in their systems. The aim of this module is to appreciate the various stages of a hacking attack, while analysing how hackers can use tools to break into insecure network systems and how these attacks may be mitigated. The module examines hacking techniques used to break into networked systems, and explores the usage of malware in the context of a hacking attack. The percentage of Work Based Learning for this module, as represented by the proportion of the Activity Types which take place off campus, is 78%. The percentage of Work Based Assessment for this module is 50%.

Syllabus

Legal, Professional and Ethical Aspects related to ethical hacking. Theoretical principles, basic philosophy and concepts of ethical hacking to provide an insight into the mindset of a hacker. Ethical Hacking Methodologies and Techniques -360 - Ethical hacking methodologies and frameworks used to identify and exploit known vulnerabilities. - A practical exploration of hacking/penetration testing methods including information gathering, vulnerability assessment, exploitation and privilege escalation. Technologies, tools and techniques to execute attacks on networks and systems -360 - Man In the Middle, Denial of service & Password attacks - Use of malware against computer systems - Techniques for bypassing security. Mitigation techniques against hacking. Ethical Hacking Tools -360 - Use existing hacking tools in a legal and professional context. - Develop and design customised tools to complete hacking activities.. - Developing practices and strategies to hack into networks.

Learning Outcomes

On successful completion of this module a student should be able to:1. Appreciate the legal, ethical and professional challenges facing an ethical hacker. 2. Appreciate the fundamental principles of systems security and describe the role ethical hacking plays in providing secure and robust networks. 3. Apply the methods hackers employ to accurately collect and assimilate information about a target's infrastructure whilst avoiding detection.4. Evaluate the limitations of security mechanisms and reflect on the use of tools and techniques to bypass them.5. Understand and implement the tools and configurations to mitigate the vulnerabilities and issues identified.

Teaching / Learning Strategy

Work Based Education aims to maximise the direct and digitally mediated contact time with students by practicing teaching and learning strategies that use authentic work based scenarios and encourage action learning, enquiry based learning, problem based learning and peer learning. All these approaches aim to directly involve the students in the process of learning and to encourage sharing of learning between students. The module team will determine the level and accuracy of knowledge acquisition at key points in the delivery, inputting when necessary either directly or with the support of external experts who will add to the authenticity, the credibility and application of the education and learning in the workplace. The Learning and Teaching Strategy is informed by the University's Strategy for Learning. The course material will be introduced through online presentations as well as guided reading material made available on GCULearn. These are supported by practical exercises, and there will be seminars on campus which will allow students to discuss key concepts and issues with peers and tutors. Students will be expected to undertake a significant level of independent study within the workplace, including practical activities, and links will be provided to appropriate external material such as articles, podcasts and videos to supplement the module content. Students will be encouraged to reflect upon the theoretical learning within the workplace and the application of newly learned concepts to the work environment, and this will form part of the module assessment. Students will receive feedback on their performance throughout the module through undertaking the practical assignments and tutorial exercises and participating in the seminars.

Indicative Reading

Peter Kim, The Hacker Playbook 2: Practical Guide To Penetration Testing, CreateSpace Independent Publishing Platform, 2015 Patrick Engebretson, The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy 2nd Edition, Syngress, 2013 Ben Clark, Rtfm: Red Team Field Manual, CreateSpace Independent Publishing Platform, 2014

Transferrable Skills

Logical thinking and problem solving. Critical analysis. Communication skills (electronic, written, oral and listening) necessary to make effective presentation of a technical nature (information, ideas, problems and their solutions) to a range of audiences. Creativity, innovation and independent thinking. Ability to prioritise tasks and time management (organising and planning work). Interpersonal skills, the ability to work as a member of a team (work with and relate effectively to others) recognising the different roles within a team and different ways of organising teams (leadership).

Module Structure

Activity Total Hours
Seminars (FT) 24.00
Assessment (FT) 20.00
Lectures (FT) 24.00
Independent Learning (FT) 108.00
Practicals (FT) 24.00

Assessment Methods

Component Duration Weighting Threshold Description
Exam (Exams Office) 2.00 50.00 35% Unseen written exam
Coursework 1 n/a 50.00 35% Practical based assignment