Ethical Hacking

Created Feb. 7, 2024 by Jordana Shaw

ITC 240: Ethical Hacking Syllabus

Instructor: Syeda Ferdous Ara Begum
Email: begums@middlesex.mass.edu
Office Telephone: 978-322-8319
Office: Room LP 406, Pollard Building, Lowell

Semester: Credits: 4 Time: Location: Office Hours:

Course Description:

This course teaches students how to properly secure a network by introducing them to various methodologies and techniques of attacking and disabling a network. Students will receive a hands-on practical approach in penetration testing measures and ethical hacking. Coursework is supplemented by hands-on exercises of attacking and disabling a network, and the use of appropriate tools for defense and countermeasures, with emphasis on teaching students to use what they learn ethically and legally. Students will be required to sign the White Hat Oath.

Prerequisite(s): Completion of ITC 111, NST 282, and ETH 102

Required Materials:

To succeed in this class, you will need all of the following:

In place of a mandatory text book, you are expected to do the online readings and watch the videos posted on blackboard prior to class
No books are required or recommended for this course. However, you might find the below books of interest. Realize that free, if not superior, resources can be found on the course’s website.

Book(optional):

Michael T. Simpson, Nicholas Antill, Hands-On Ethical Hacking and Network Defence, Third Edition. Cengage Learning, 2017, ISBN-13 9781285454610.

Handouts: Additional handouts may be required. Instructor will provide information on obtaining this material.
Student will need several USB/Memory Sticks in order to save work or other storage devices. Remember to back up originals in case lose or damage them.
Weekly access to a computer and the internet
Notebook for taking notes,
Bring all of these items to every class.

Student Learner Outcomes:

After the successful completion of this course, the student will be able to:

Formulate what an ethical hacker can and cannot do legally, and demonstrate the credentials and roles of penetration testers.
Analyze the types of malicious software found in modern networks.
Relate the threats and countermeasures for physical security and social engineering.
Perform foot-printing to learn about a company and its network.
Perform port scans to locate potential entry points to servers and networks.
Perform enumeration (finding resources, accounts, and passwords) on Microsoft, Netware, and Unix/Linux targets.
Construct very simple programming scripts in C, HTML, and Perl, specifically oriented towards the needs of network security professionals.
Categorize Microsoft Windows vulnerabilities, and harden systems.
Categorize Linux vulnerabilities, and protect servers.
Take control of protect Web Servers.
Locate and hack into wireless networks, and protect them.
Explain how cryptography and hashing work, and perform attacks against them such as password cracking and man-in-the-middle attacks.
Describe and deploy security devices, including routers, firewalls, Intrusion Detection Systems, and honeypots.
Apply the ethics associated with the use of hacking or penetration testing tools and techniques.

Teaching Methods:

Classes will consist of regular lectures and hands-on activities. Class lectures will be based on topics covered in the required readings from the course textbook. Interactive hands-on exercises will be conducted during class which will introduce the student to the basic skills for completing each hands-on homework assignment. Blackboard will also be used as a communication tool.

The instructor will provide announcements, handouts, and assign text readings to assist students in learning. PowerPoint lectures may be made available based on topics stressed in the required hands-on assignments as well as provide additional information not covered in the text.

Institutional Disability Services Statement

The collegiate experience at Middlesex, on the campus and in the classroom, is open to students of varying abilities and levels of adaptive skills. Supportive faculty and staff as well as fellow students encourage all students to participate in extracurricular and class activities. The DSS office provides services and resources to empower each student to attain his/her highest level of academic success and learning independence.

On our Bedford campus:

• Visit us in the Enrollment Center Building, 2nd Floor.

• Call us at 781-280-3630

On our Lowell campus:

• Visit us in the Cowan Center Building, 3rd Floor, Room 314.

• Call us at 978-656-3258

Student Responsibilities:

Attendance:

There is a direct relationship between attendance and successful completion of coursework. Each student is encouraged to attend all class meetings and prepare all course materials on time.

The student is responsible for obtaining material distributed on class days when he/she was absent. This can be done through contacting a classmate who was present or by contacting the instructor during his office hours or by appt.

Attendance will be recorded. If you are unable to come to the class for any special reason, please email or contact me in advance.

Adverse Weather

For class delays or canceled due to bad weather, please check the MCC portal: https://mymcc.middlesex.mass.edu/

MCC posts school closing due to adverse weather on the phone hotline 978- 656 – 3200 or 781 – 280 – 3200. Students should use good judgment when deciding to travel during adverse weather.

Electronic Devices:

Students are not allowed to use computer during class time unless instructed by instructor. Special circumstances Cell phones or pagers should be set on silent or vibrate alarms during class. No use of CD players or headphones connected to PCs. NO TEXTING IN CLASS!

Academic Integrity

It is the responsibility of the Middlesex community is to uphold the integrity of our academic programs. This responsibility belongs to faculty and students alike. According to the Academic Catalog 2005-2007 “taking credit for work done by another person, or doing work for which another person will receive credit is cheating” and “taking and using the ideas or writings of another without clearly and fully crediting the source is plagiarism” (109). As students, it is your responsibility to learn proper citation of sources; the Modern Language Association Handbook gives complete descriptions. It is understood that you will submit original work for each assignment, both within and between courses. Students are encouraged to get assistance with assignments from their peers, but must complete and understand each assignment independently; points will not be awarded for assignments the student has not personally completed.

Best way to succeed:

Attend every class in order to benefit from class lessons
Always check your MCC email for announcements and special instructions
Take advantage of assistance and encouragement from the instructor
Learn from other students
When a class is missed, notify the instructor by email
Have the ability to set goals and be accountable for meeting targeted deadlines
Working independently as well as in a group setting
Submit all assignments/projects on suggested due dates
Check Blackboard before and after class for announcements/special instructions

Blackboard:

Supplementary information for the course is available at Blackboard. The Blackboard contains class notes, PowerPoint slides, class announcements, the course syllabus, test dates, and other information for the course.

Late Policy

All projects are due on the date due. Late submission of projects will be assessed a penalty of 5% per day. No exceptions are made.

No unit work will be accepted beyond the late deadline unless arrangements are made prior to the deadline for severe circumstances such as debilitating illness, death in the family, or legal/religious obligations; documentation will be required.

To accommodate possible technology glitches, one “freebie” (i.e. no penalty) re-do/extension of up to 3 days will be granted upon request to each student during the semester. The best way to reach me is by email: begums@middlesex.mass.edu

Credit Hour Policy:

Middlesex Community College follows the Carnegie Unit for credit. Students are expected to spend a minimum of 45 hours of work for each credit. The most common breakdown for one credit is one hour of class instruction and two hours of homework for 15 weeks each semester. A three credit course demands nine hours each week.

Grading and Evaluation Criteria

5% of the final grade is based on class attendance and participation. Your attendance will be recorded every day. In order to earn 5% of your attendance grade, you have to attend class all the times when school is open, also participate in the class by asking questions, answering questions, helping others etc. If you have attended the class physically but do not participate, you will only receive 50% credit. In an Emergency circumstance exception can be made provided that appropriate written notification is given.
20% of the final grade is based on quizzes.
15% of the final grade is based on home works.
25% of the final grade is based on Lab work.
35% of the final grade is based on Exam 1 is 15% and Exam 2 is 20%

The grading scale can be broken down as follows:

Grade	Numeric Range
A	93-100
A-	90-92
B+	87-89
B	83-86
B-	80-82
C+	77-79
C	73-76
C-	70-72
D+	67-69
D	63-66
D-	60-62
F	00-59

Tentative Course Schedule:

Weeks	Topics	Reading Assignments
Week 1 Week of 09/05	Read Syllabus and course policy, Including blackboard, organize lab work, team and sign the White Hat Oath.Ethical Hacking Overview Describe the role of an ethical hacker Describe what you can do legally as an ethical hacker Describe what you can’t do as an ethical hacker Lab/Home Work/Quiz Signup for Cisco Course	The History of Hacking Certification for Ethical Hackers Hacking Laws The Pros and Cons of Ethical Hacking Security Through Effective Penetration Testing Ethical Wireless Hacker is Innocent When your defences fail TED Talk: Governments don't understand cyber warfare. We need hackers
Week 2 Week of 09/11	TCP/IP Concepts Review Explain the TCP/IP protocol stack Explain the basic concepts of IP addressing Explain the binary, octal, and hexadecimal numbering systems Lab/Home Work/Quiz	https://www.skillscommons.org/handle/taaccct/5393 Lesson 1 and 2 TCP/IP protocol architecture The 7 Layers of the OSI Model Ping of death IP address - Internet Protocol (IP) address IP addressing and subnetting for new users
Week 3 Week of 09/18	Network and Computer Attacks Describe the different types of malicious software and what damage they can do Describe methods of protecting against malware attacks Describe the types of network attacks Identify physical security attacks and vulnerabilities Lab/Home Work/Quiz	Malware Ethical Hacking: Buffer Overflow Basics TED Talk: Three Types of Online Attack
Week 4 Week of 09/25	Foot-printing and Social Engineering Use Web tools for foot-printing Conduct competitive intelligence Describe DNS zone transfers Identify the types of social engineering Lab/Home Work/Quiz	Some hacker tools illustrated https://www.skillscommons.org/handle/taaccct/5391 Lesson 2 and 5 TED Talk Fighting Viruses Defending the Net
Week 5 Week of 10/02	Port Scanning Describe port scanning and types of port scans Describe port-scanning tools Explain what ping sweeps are used for Explain how shell scripting is used to automate security tasks Lab/Home Work/Quiz	https://www.skillscommons.org/handle/taaccct/5391 Lesson 2 SuperScan is a powerful free port scanning tool available at: http://www.sofotex.com/SuperScan-download_L14815.html. Find the Nmap main pages at: http://www.insecure.org/nmap/data/nmap_manpage.html. Download Nessus plug-ins from https://www.tenable.com/downloads/nessus. Nessus Official Site:https://www.tenable.com/products/nessus-vulnerability-scanner TED Talk: Hire the Hackers Broken links Understanding the ICMP Protocol (Part I):http://www.windowsnetworking.com/articles_tutorials/Understanding-ICMP-Protocol-Part1.html
Week 6 Week of 10/09	Enumeration Describe the enumeration step of security testing Enumerate Windows OS targets Enumerate *nix OS targets Lab/Home Work/Quiz	https://www.skillscommons.org/handle/taaccct/5391 Lesson 3 and 4 A NetBIOS vulnerability https://support.microsoft.com/en-us/help/824105/ms03-034-flaw-in-netbios-could-lead-to-information-disclosure Nessus Client Top 125 Network Security Tools: https://sectools.org/ An Overview of NetBIOS Broken links: NetBIOS Enumeration Tools: http://www.cotse.com/tools/netbios.htm Oscanner: An Oracle Enumeration tool: http://www.securityfocus.com/tools/3588
Week 7 Week of 10/16	Mid Term semester review and Exam
Week 8 Week of 10/23	Programming for Security Professionals Explain basic programming concepts Write a simple C program Explain how Web pages are created with HTML Describe and create basic Perl programs Explain basic object-oriented programming concepts Lab/Home Work/Quiz	Writing pseudocode at: http://www.csc.calpoly.edu/~jdalbey/SWE/pdl_std.html Java standard for documenting Java code : http://www.oracle.com/technetwork/java/javase/documentation/index-jsp-135444.html HTML tutorial http://www.w3schools.com/html/ Perl Debugging Tutorial:https://www.thegeekstuff.com/2010/05/perl-debugger/ Broken links Introduction to object-oriented programming using C++ http://gd.tuwien.ac.at/languages/c/c++oop-pmueller/
Week 9 Week of 10/30	Desktop and Server OIS Vulnerabilities Describe vulnerabilities of the Windows and Linux operating systems Identify specific vulnerabilities and explain ways to fix them Explain techniques to harden Windows and Linux systems Lab/Home Work/Quiz	https://www.skillscommons.org/handle/taaccct/5391 Lesson 4 SQL Server security http://www.sqlsecurity.com/ Lock it Down Make Password Policy Part of Your Security Plan HFNetChk https://www.petri.com/hfnetchk Linux security http://www.linuxsecurity.com Linux vulnerability https://nvd.nist.gov/vuln/detail/CVE-2004-0075
Week 10 Week of 11/06	Embedded Operating Systems: The Hidden Threat Explain what embedded operating systems are and where they’re used Describe Windows IoT (Internet of Things) and other embedded operating systems Identify vulnerabilities of embedded operating systems and best practices for protecting them Lab/Home Work/Quiz	https://www.skillscommons.org/handle/taaccct/5391 Lesson 5 A proactive strategy for eliminating embedded system software vulnerabilities: Part 2 Broken links: Windows embedded devices http://www.microsoft.com/windowsembedded/en-us/default.mspx Embedded Operating System Applications http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0075 Windows 10 Internet of Things: https://www.microsoft.com/windowsembedded/en-us/windows-embedded.aspx
Week 11 Week of 11/13	Hacking Web Servers Describe Web applications Explain Web application vulnerabilities Describe the tools used to attack Web servers Lab/Home Work/Quiz	https://www.skillscommons.org/handle/taaccct/5393 Lesson 3,4 and 5 Security checklist for web application designhttps://www.sans.org/reading-room/whitepapers/securecode/security-checklist-web-application-design-1389 JavaScript tutorial http://www.w3schools.com/js/default.asp VBScript tutorial http://www.tutorialspoint.com/vbscript/ Broken links: Example of a Web form vulnerability.http://www.microsoft.com/technet/security/bulletin/MS00-100.mspx
Week 12 Week of 11/23	Hacking Wireless Networks Explain wireless technology Describe wireless networking standards Describe the process of authentication Describe wardriving Describe wireless hacking and tools used by hackers and security professionals Lab/Home Work/Quiz	https://www.skillscommons.org/handle/taaccct/5394 Lesson 1 , 2 and 3 Ethical Hacker Faces War Driving Charges Access points (APs).http://kb.netgear.com/app/answers/detail/a_id/235/~/what-is-a-wireless-access-point%3F?cid=wmt_netgear_organic Wireless network https://heimdalsecurity.com/blog/home-wireless-network-security/ Wireless standards http://standards.ieee.org/getieee802/.
Week 13 Week of 11/27	Cryptography Summarize the history and principles of cryptography Describe symmetric and asymmetric encryption algorithms Explain public key infrastructure (PKI) Describe possible attacks on cryptosystems Compare hashing algorithms and how they ensure data integrity Lab/Home Work/Quiz	Cryptography http://www.open.edu/openlearn/ocw/mod/oucontent/view.php?id=48322 https://www.skillscommons.org/handle/taaccct/5394 Lesson 4 and 5
Week 14 Week of 12/04	Network Protection Systems Explain how routers are used as network protection systems Describe firewall technology and tools for configuring firewalls and routers Describe intrusion detection and prevention systems and Web-filtering technology Explain the purpose of honeypots Lab/Home Work/Quiz Final Exam Review/ Exam	Week 8: Managing security risks A Brief History of Malware and Cybercrime How You Can Fight Cybercrime
Week 15 Week of 12/11	Network Protection Systems (cont.)
Week 16Final Exam Week	Final Exam

Note: Instructor will do best to follow this syllabus but reserve the right to make changes if needed.

This workforce product was funded by a grant awarded by the U.S. Department of Labor’s Employment and Training Administration. The product was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The U.S. Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability, or ownership.

Page of