SCQF Level: 11
Module Code: CMP503
Credit Value: 20
Term: Term 2
School: School of Arts, Media and Games
This module examines the methodological framework for security testing via ethical hacking of computer systems and networks.
The aim of this module is to provide the student with a critical understanding of penetration testing methodologies and techniques, and their importance to the security of a network. In addition, the module will critically examine countermeasures to flaws found by penetration testing.
By the end of this module the student should be able to:
1. Design, plan and execute a penetration test in accordance with current standards and legal / ethical issues.
2. Report on a penetration test critically evaluating the results in the context of the issues for the client.
3. Systematically and critically appraise and evaluate the design of countermeasures for computer and network flaws found as a result of penetration tests.
1 Design of a Vulnerability Assessment and Analysis test
Developing the penetration testing project scope. Goals of vulnerability assessment. Elements of a good vulnerability assessment. Risk analysis procedure
2 Rapid penetration testing
The use of a penetration testing application to give a quick snapshot of security of the target network. Advantages of rapid penetration testing. Types and uses of software.
3 Methodologies for Pentesting
Reviewing the various different methodologies that are used to execute a penetrating test
4 Systematic penetration testing techniques
Internal and external testing
5 Penetrating testing wireless LANs
Testing wireless devices. Wireless vulnerabilities and hacking methods. Advanced techniques of breaking wireless encryption security.
6 External Penetration testing
Penetration testing of Web Sites, Mail Servers, DNS Servers. Penetration testing of routers, switches and firewalls.
7 Network Vulnerability Assessment Report Writing
Project Overview Statements and the Project Scope Document.
8 Active Directory and Windows Exploits
Testing the Active Directory infrastructure of a windows server environment, exploring Domain and User enumeration and restriction bypass. Using PowerShell to exploit windows systems
9 Linux Exploits
Exploring SSH, rservices, Apache and X11 services
10 Post Exploitation Techniques
Techniques for further exploitation, pivoting and retaining access to the system
Statement on Teaching, Learning and Assessment
Content is delivered by means of lectures and seminars - many student-led - heavily re-inforced by practical exercises in the hacking laboratory. There will normally be several guest lectures on topics of relevance. Assessment is by means of a combination of coursework and examination. The Blackboard VLE will provide a gateway for students to access some learning resources and to submit work electronically. Other learning resources will be on a purpose built web site visible only within the hacking lab.
Teaching and Learning Work Loads
|Supervised Practical Activity||0|
|Unsupervised Practical Activity||0|
Credit Value – The total value of SCQF credits for the module. 20 credits are the equivalent of 10 ECTS credits. A full-time student should normally register for 60 SCQF credits per semester.