CYBER DEFENCE AND PENETRATION TESTING

SHE Level 5
SCQF Credit Points 15.00
ECTS Credit Points 7.50
Module Code MMI125226
Module Leader Nebrase Elmrabit
School School of Computing, Engineering and Built Environment
Subject Cyber Security and Networks
Trimesters
  • A (September start)
  • B (January start)

Pre-Requisite Knowledge

Programme Entry Requirements

Summary of Content

This module focuses on teaching the methods and techniques used in penetration testing. This is the practice of legally and ethically assessing the security of systems and networks by identifying possible weaknesses. The overall aim of penetration testing is strengthening defences through the means of attacks. The aim of this module is to appreciate the various stages of a penetration test, while analysing how ethical hackers can use tools to break into insecure network systems and how these attacks may be mitigated. The module examines hacking techniques used to break into networked systems, and explores the usage of malware in the context of a hacking attack.

Syllabus

Legal, Professional and Ethical Aspects related to Penetration Testing. Theoretical principles, basic philosophy and concepts of penetration testing to provide an insight into the mindset of a hacker. Penetration Testing Methodologies and Techniques: Methodologies and frameworks used to identify and exploit known vulnerabilities. A practical exploration of penetration testing methods including information gathering, vulnerability assessment, exploitation and privilege escalation. Technologies, tools and techniques to execute attacks on networks and systems: Man In the Middle, Denial of Service & Password attacks - Use of malware against computer systems. Ethical Hacking Tools: Use existing hacking tools in a legal and professional context. - Develop and design customised tools to complete hacking activities. Developing practices and strategies to perform penetration testing of systems and networks. Use of Social Engineering techniques for bypassing security. Mitigation techniques against hacking (e.g. vulnerability patching)

Learning Outcomes

On successful completion of this module a student should be able to:1. Evaluate the legal, ethical and professional challenges facing an ethical hacker. 2. Explain the fundamental principles of systems security and evaluate the role a penetration tester plays in achieving secure and robust networks. 3. Apply the methods hackers employ to accurately collect and assimilate information about a target's infrastructure whilst avoiding detection.4. Evaluate the limitations of security mechanisms and recommend on the use of tools and techniques to bypass them.5. Understand and implement the tools and configurations to mitigate the vulnerabilities and issue identified.6. Analyse and evaluate new technical threats (e.g. Zero Day Vulnerabilities) by using information from trusted sources

Teaching / Learning Strategy

Work Based Education aims to maximise the direct and digitally mediated contact time with students by practicing teaching and learning strategies that use authentic work based scenarios and encourage action learning, enquiry based learning, problem based learning and peer learning. All these approaches aim to directly involve the students in the process of learning and to encourage sharing of learning between students. The module team will determine the level and accuracy of knowledge acquisition at key points in the delivery, inputting when necessary either directly or with the support of external experts who will add to the authenticity, the credibility and application of the education and learning in the workplace. The course material is introduced through lectures in the form of online presentations, which will cover the principles of the subject, will illustrate the relevance of it to the real-world and introduce a range of professional processes and practices. Students will engage with practical assignments and online tutorial material which may include instruction and peer-created content, and there will be seminars on campus which will allow students to discuss key concepts and issues with peers and with instructors. Students will be expected to undertake a significant level of independent study within the workplace, including practical activities, and links will be provided to appropriate external material such as podcasts, MOOCs, videos and literature to supplement the module content. Students will be encouraged to reflect upon the theoretical learning within the workplace and the application of newly learned concepts to the work environment, and this will form part of the module assessment. Students will receive feedback on their performance through the module through undertaking the practical assignments and tutorial exercises and participating in the seminars. The material presented in this module is potentially damaging if used maliciously and the capabilities developed in this module have potential for harm. Academics will emphasise the professional expectations of students as well as stressing the students' ethical and moral responsibilities to themselves and others, including the School and the University .

Indicative Reading

-360b7 Peter Kim, The Hacker Playbook 2: Practical Guide To Penetration Testing, CreateSpace Independent Publishing Platform, 2015 b7 Patrick Engebretson, The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy 2nd Edition, Syngress, 2013 Ben Clark, Rtfm: Red Team Field Manual, CreateSpace Independent Publishing Platform, 2014

Transferrable Skills

In addition to the attainment of learning outcomes students will develop personal transferrable skills such as: -360b7 Logical thinking and problem solving. b7 Critical analysis. b7 Communication skills (electronic, written, oral and listening) necessary to make effective presentation of a technical nature (information, ideas, problems and their solutions) to a range of audiences. b7 Creativity, innovation and independent thinking. b7 Ability to prioritise tasks and time management (organising and planning work). Interpersonal skills, the ability to work as a member of a team (work with and relate effectively to others) recognising the different roles within a team and different ways of organising teams (leadership)

Module Structure

Activity Total Hours
Seminars (FT) 24.00
Assessment (FT) 26.00
Independent Learning (FT) 100.00

Assessment Methods

Component Duration Weighting Threshold Description
Exam (School) 1.00 40.00 45% Class test
Coursework 1 n/a 60.00 45% Technical report (2000 words)