Return to homepage Skip to navigation Skip to site search Skip to main content Skip to footer

Module Catalogue

SCQF Level: 11  

Module Code: CMP503

Credit Value: 20  

Year: 2017/8

Term: Term 2

School: School of Arts, Media and Games

Description

This module examines the methodological framework for security testing via ethical hacking of computer systems and networks.

Aims

The aim of this module is to provide the student with a critical understanding of penetration testing methodologies and techniques, and their importance to the security of a network. In addition, the module will critically examine countermeasures to flaws found by penetration testing.

Learning Outcomes

By the end of this module the student should be able to:

1.  Design, plan and execute a penetration test in accordance with current standards and legal / ethical issues.

2.  Report on a penetration test critically evaluating the results in the context of the issues for the client.

3.  Systematically and critically appraise and evaluate the design of countermeasures for computer and network flaws found as a result of penetration tests.

Indicative Content

1 Design of a Vulnerability Assessment and Analysis test

Developing the penetration testing project scope. Goals of vulnerability assessment. Elements of a good vulnerability assessment. Risk analysis procedure

2 Rapid penetration testing

The use of a penetration testing application to give a quick snapshot of security of the target network. Advantages of rapid penetration testing. Types and uses of software.

3 Methodologies for Pentesting

Reviewing the various different methodologies that are used to execute a penetrating test

4 Systematic penetration testing techniques

Internal and external testing

5 Penetrating testing wireless LANs

Testing wireless devices. Wireless vulnerabilities and hacking methods. Advanced techniques of breaking wireless encryption security.

6 External Penetration testing

Penetration testing of Web Sites, Mail Servers, DNS Servers. Penetration testing of routers, switches and firewalls.

7 Network Vulnerability Assessment Report Writing

Project Overview Statements and the Project Scope Document.

8 Active Directory and Windows Exploits

Testing the Active Directory infrastructure of a windows server environment, exploring Domain and User enumeration and restriction bypass. Using PowerShell to exploit windows systems

9 Linux Exploits

Exploring SSH, rservices, Apache and X11 services

10 Post Exploitation Techniques

Techniques for further exploitation, pivoting and retaining access to the system

Statement on Teaching, Learning and Assessment

Content is delivered by means of lectures and seminars - many student-led - heavily re-inforced by practical exercises in the hacking laboratory. There will normally be several guest lectures on topics of relevance. Assessment is by means of a combination of coursework and examination. The Blackboard VLE will provide a gateway for students to access some learning resources and to submit work electronically. Other learning resources will be on a purpose built web site visible only within the hacking lab.

Teaching and Learning Work Loads

Total 200
Lecture 12
Tutorial/Seminar 39
Supervised Practical Activity 0
Unsupervised Practical Activity 0
Assessment 60
Independent 89

Back


Guidance notes:

Credit Value – The total value of SCQF credits for the module. 20 credits are the equivalent of 10 ECTS credits. A full-time student should normally register for 60 SCQF credits per semester.

Disclaimer: We make every effort to ensure that the information on our website is accurate but it is possible that some changes may occur prior to the academic year of entry. The modules listed in this catalogue are offered subject to availability during academic year 2017/18 , and may be subject to change for future years.

Top