Description
This module introduces issues relating to computer security and ethical hacking, including vulnerabilities and techniques for improving defences.
Aims
The aim of this module is to analyse how malicious hackers can gain unauthorised access and explore how organisations and individuals can improve their security
Learning Outcomes
By the end of this module the student should be able to:
1. Appraise and assess the relevance of the laws relating to computer crime.
2. Critically evaluate a broad range of techniques used to identify vulnerabilities in a system
3. Critically evaluate intrusion incidents and recommend appropriate countermeasures
Indicative Content
1 Computer Misuse Act
Detection, prevention and prosecution of computer crime in the UK/EU. Legality of penetration testing. History of relevant legal cases.
2 Privacy, Data Security and Data Protection
Privacy, Data Protection Act, GDPR, Surveillance, protecting personal data (UK and EU). Intellectual Property. Relevant cases. Employment issues with regards to the difference between private sector/government.
3 The Role of Penetration Testing
Overview of the different ‘nodes’ in an organisation which can impact on security. Different levels of threats, and their potential impacts. Countermeasures and techniques to reduce the impact of attacks. The role of penetration testing in an organisation. Reviewing the various different types of assessment methodologies for conducting a penetration test of a network. Report writing – document the findings of a penetration test for a client.
4 Design of a Penetration Test
Developing the penetration testing project scope. Goals of vulnerability assessment. Elements of a good vulnerability assessment. Risk analysis procedure. The use of a penetration testing application to give a quick snapshot of security of the target network. Advantages of rapid penetration testing. Types and uses of software.
5 Footprinting
Overview of passive reconnaissance, and its role in a penetration test. This covers social networking, web searching, DNS reconnaissance. How to use various different tools and resources such as authoritative bodies (regional registries) whois and DNS server tools to scrape information about an organisation. Countermeasures are also explored.
6 Open Source Intelligence Gathering
Alternative techniques for gathering information that may be of relevance to a penetration test. Tools and services such as Maltego, Shodan, Punkspider are explored in detail. The use of advanced google search operators to locate less visible content is also explored.
7 Scanning (including OS scanning and vulnerability scanning)
Different types of scanning, eg: ping and arp-scanning to identify active hosts, TCP connect scans, half-connect scans, UDP scans and stealth scans. TCP/IP and UDP protocols rules are examined, and the role of corresponding header control flags in identifying open, closed and filtered ports on a target. Scanning tools and appropriate switches are explored. Students practise the use of different scans to identify operating systems in use on the target and known vulnerabilities using tools like NMAP. CVE and CWE databases are also explored. Countermeasures are also explored.
8 Enumeration
Using enumeration techniques to identify resources on a network, eg usernames, SIDS, email addresses, last password change. Enumerating the network topology and architecture. The role of NetBIOS in networks, and its use in enumerating a network. Types of enumeration covered include NetBios, SMTP, SNMP, Active Directory, DNS.
9 System Hacking
Password cracking. Executing known exploits against the target system, using the results from the vulnerability assessment phase. Countermeasures are also explored.
10 Malware Analysis
Malware analysis techniques. A Comparison of static and dynamic analysis. The role of IDS in detecting malware. Some recent malware samples will be examined in detail, using various different tools. Malware removal techniques are also explored.
Teaching and Learning Work Loads
Teaching and Learning Method | Hours |
Lecture | 12 |
Tutorial/Seminar | 0 |
Practical Activity | 36 |
Assessment | 63 |
Independent | 89 |
Total | 200 |
Guidance notes
SCQF Level - The Scottish Credit and Qualifications Framework provides an indication of the complexity of award qualifications and associated learning and operates on an ascending numeric scale from Levels 1-12 with SCQF Level 10 equating to a Scottish undergraduate Honours degree.
Credit Value – The total value of SCQF credits for the module. 20 credits are the equivalent of 10 ECTS credits. A full-time student should normally register for 60 SCQF credits per semester.
Disclaimer
We make every effort to ensure that the information on our website is accurate but it is possible that some changes may occur prior to the academic year of entry. The modules listed in this catalogue are offered subject to availability during academic year 2021/22 , and may be subject to change for future years.