Embed Size (px)
Citation preview
Ethical HackingEthical Hacking
CISS 301 OrientationCISS 301 Orientation
Summer 2012Summer 2012
Instructor: Buddy SpisakInstructor: Buddy Spisak• Office Hours:Office Hours:
– Monday’s 6:30 -7:40 p.m. in BS-143 (Jun. 11 to Jul. 30, 2012)Monday’s 6:30 -7:40 p.m. in BS-143 (Jun. 11 to Jul. 30, 2012)– I am also available through email or you can chat with me using I am also available through email or you can chat with me using
Microsoft’s Windows Messenger (when I am available).Microsoft’s Windows Messenger (when I am available).
• Phone:Phone: (916) 568-3100 x14162 or (800) 486-8156 x14162 (916) 568-3100 x14162 or (800) 486-8156 x14162
• Email:Email: [email protected] (put “CISS 301” in the subject [email protected] (put “CISS 301” in the subject line). The turnaround time for most email is about one to two line). The turnaround time for most email is about one to two days. Be sure to include your name in each email so that I can days. Be sure to include your name in each email so that I can identify who you are and what the email is about.identify who you are and what the email is about.
• Course Web page:Course Web page: https://d2l.losrios.edu/ https://d2l.losrios.edu/
• Instructor Web page:Instructor Web page: http://crc.losrios.edu/spisakj/ http://crc.losrios.edu/spisakj/
• Microsoft Messenger:Microsoft Messenger: You can also add me to you contact list for You can also add me to you contact list for Windows Messenger. You can use my email address to find me.Windows Messenger. You can use my email address to find me.
CISS 301CISS 301 22
Course DetailsCourse Details
• Class Credits: 2 unitsClass Credits: 2 units
• Prerequisite: NonePrerequisite: None
• Advisory: CISC 323, CISC 356, and CISS Advisory: CISC 323, CISC 356, and CISS 300300
• Lecture: OnlineLecture: Online
• Lab Hours:Lab Hours:– Tuesday 6:00 to 9:10 p.m. in BS-153Tuesday 6:00 to 9:10 p.m. in BS-153
• Accepted for Credit: CSUAccepted for Credit: CSU
CISS 301CISS 301 33
Required Textbook:Required Textbook:
Hands-On Ethical Hacking and Network DefenseHands-On Ethical Hacking and Network DefenseSecond EditionSecond EditionAuthor: Michael T. SimpsonAuthor: Michael T. SimpsonPublisher: Thompson Course Technology, 2011Publisher: Thompson Course Technology, 2011ISBN10: 1-4354-8609-9ISBN10: 1-4354-8609-9ISBN13: 978-1-4354-8609-6ISBN13: 978-1-4354-8609-6
CISS 301CISS 301 44
Optional Materials:Optional Materials:
• 3-1/2” floppies or a flash drive to store your work 3-1/2” floppies or a flash drive to store your work for the class.for the class.
CISS 301CISS 301 55
Course Description:Course Description:
• With the threats of cyber-terrorism and corporate With the threats of cyber-terrorism and corporate espionage increasing, the need for trained network security espionage increasing, the need for trained network security professionals continues to grow. This course covers professionals continues to grow. This course covers penetration-testing tools and techniques that White Hat penetration-testing tools and techniques that White Hat Hackers and security testers use to protect computer Hackers and security testers use to protect computer networks. This course provides a structured knowledge networks. This course provides a structured knowledge base for preparing security professionals to discover base for preparing security professionals to discover vulnerabilities and recommend solutions for tightening vulnerabilities and recommend solutions for tightening network security and protecting data from potential network security and protecting data from potential attackers. The issue of ethics is also discussed.attackers. The issue of ethics is also discussed.
CISS 301CISS 301 66
Student Learning Outcomes Student Learning Outcomes and Course Objectives:and Course Objectives:As a result of completing this course, you will be As a result of completing this course, you will be
able to:able to:• SLO #01: UNDERSTAND ETHICAL HACKING CONCEPTS, INCLUDING THE SLO #01: UNDERSTAND ETHICAL HACKING CONCEPTS, INCLUDING THE
TERM "ETHICAL HACKER,” AS WELL AS PENETRATION AND SECURITY TERM "ETHICAL HACKER,” AS WELL AS PENETRATION AND SECURITY TESTING CONCEPTS AND THE DIFFERENCES BETWEEN THEM TESTING CONCEPTS AND THE DIFFERENCES BETWEEN THEM – Describe the role of an ethical hacker Describe the role of an ethical hacker – Differentiate between what you can or cannot do legally as an ethical Differentiate between what you can or cannot do legally as an ethical
hacker hacker
• SLO #02: DESCRIBE MAJOR CONCEPTS AND ASPECTS OF THE TCP/IP SLO #02: DESCRIBE MAJOR CONCEPTS AND ASPECTS OF THE TCP/IP PROTOCOL SUITE, INCLUDING EACH OF THE FOUR LAYERS OF THE PROTOCOL SUITE, INCLUDING EACH OF THE FOUR LAYERS OF THE PROTOCOL STACK: APPLICATION, TRANSPORT, INTERNET, AND NETWORK PROTOCOL STACK: APPLICATION, TRANSPORT, INTERNET, AND NETWORK – Describe the TCP/IP protocol stack and be able to review the addressing Describe the TCP/IP protocol stack and be able to review the addressing
schemes and how they relate to TCP/IP protocol and security schemes and how they relate to TCP/IP protocol and security – Explain the basic concepts of IP addressing Explain the basic concepts of IP addressing – Explain the binary, octal, and hexadecimal numbering systems Explain the binary, octal, and hexadecimal numbering systems
CISS 301CISS 301 77
Student Learning Outcomes Student Learning Outcomes and Course Objectives - and Course Objectives - Continued:Continued:• SLO #03: CATEGORIZE THE DIFFERENT TYPES OF MALICIOUS SLO #03: CATEGORIZE THE DIFFERENT TYPES OF MALICIOUS
SOFTWARE AND THEIR EFFECT ON SOFTWARE OR HARDWARE SOFTWARE AND THEIR EFFECT ON SOFTWARE OR HARDWARE – Critique the physical security attacks and their vulnerabilities Critique the physical security attacks and their vulnerabilities – Describe the different types of malicious software Describe the different types of malicious software – Classify the different methods of protecting against malware Classify the different methods of protecting against malware
attacks attacks – Evaluate the different types of network attacks and how they can Evaluate the different types of network attacks and how they can
be prevented be prevented
• SLO #04: EVALUATE THE VARIOUS TOOLS USED FOR PORT SCANNING SLO #04: EVALUATE THE VARIOUS TOOLS USED FOR PORT SCANNING – Research the different types of port scans currently being used, Research the different types of port scans currently being used,
the tools available to most hackers, the tools’ purpose and function the tools available to most hackers, the tools’ purpose and function – Reason what ping sweeps are used for Reason what ping sweeps are used for – Uncover how shell scripting is used to automate security tasks Uncover how shell scripting is used to automate security tasks
CISS 301CISS 301 88
Student Learning Outcomes Student Learning Outcomes and Course Objectives - and Course Objectives - Continued:Continued:• SLO #05: ANALYZE SEVERAL NETWORK SECURITY DEVICES THAT SLO #05: ANALYZE SEVERAL NETWORK SECURITY DEVICES THAT
SECURITY PROFESSIONALS AND NETWORK ADMINISTRATORS CAN SECURITY PROFESSIONALS AND NETWORK ADMINISTRATORS CAN USE TO BETTER PROTECT THEIR NETWORKS USE TO BETTER PROTECT THEIR NETWORKS – Critique the advantages and disadvantages of different Critique the advantages and disadvantages of different
Intrusion Detection (IDS) technology currently available Intrusion Detection (IDS) technology currently available – Critique the advantages and disadvantages of different Critique the advantages and disadvantages of different
software firewall technology currently available software firewall technology currently available – Investigate honeypots, their purpose and usefulness in a Investigate honeypots, their purpose and usefulness in a
network security plan network security plan
CISS 301CISS 301 99
Student Obligations:Student Obligations:
• It is important that you understand what is It is important that you understand what is expected of you in this course.expected of you in this course.
• Refer to the syllabus if you have any Refer to the syllabus if you have any questions.questions.
CISS 301CISS 301 1010
Attendance:Attendance:• Since this course is an online-hybrid class, only attendance at the Since this course is an online-hybrid class, only attendance at the
Final Exam on July 31, 2012 is necessary. There will be weekly lab Final Exam on July 31, 2012 is necessary. There will be weekly lab time on campus, and it is up to you to complete the lab time on campus, and it is up to you to complete the lab assignments during the lab time or at home. Please note that assignments during the lab time or at home. Please note that failure to complete 10% of the total course work by the third week failure to complete 10% of the total course work by the third week of the class may result in your being dropped from the course.of the class may result in your being dropped from the course.
• Doing the labs themselves is not optional, but doing them at the Doing the labs themselves is not optional, but doing them at the college is.college is.
• I will be giving credit for students attending the lab on-campus.I will be giving credit for students attending the lab on-campus.
• Typically, each week we will be covering two chapters in your Typically, each week we will be covering two chapters in your textbook.textbook.
• Attendance for the on-campus final exam is required. Photo Attendance for the on-campus final exam is required. Photo identification is required at the time of the exam to verify your identification is required at the time of the exam to verify your identity.identity.
CISS 301CISS 301 1111
Quizzes:Quizzes:
• Each week there will be a quiz that will Each week there will be a quiz that will test you on the material covered.test you on the material covered.
– It is open-book and open-notes.It is open-book and open-notes.– You can take the quiz multiple times to You can take the quiz multiple times to
improve your score, but be aware that the improve your score, but be aware that the questions may change each time you take questions may change each time you take quiz and that your last quiz score will be the quiz and that your last quiz score will be the one counted as your grade.one counted as your grade.
• Each quiz is worth 30 points.Each quiz is worth 30 points.
CISS 301CISS 301 1212
Discussions:Discussions:
• I want everyone to take a pro-active approach to I want everyone to take a pro-active approach to learning this material. This includes using the learning this material. This includes using the Discussions link to ask questions and also answer Discussions link to ask questions and also answer other students’ questions. I will be posting questions other students’ questions. I will be posting questions to further your understanding of the material.to further your understanding of the material.
• I expect each student to post two discussions each I expect each student to post two discussions each week unless otherwise noted.week unless otherwise noted.– You can accomplish this task by asking questions about the You can accomplish this task by asking questions about the
current discussion topic or by responding to existing current discussion topic or by responding to existing questions.questions.
– My expectation from you is that you will write at least 2- to My expectation from you is that you will write at least 2- to 3-sentence responses that add substance to the discussion.3-sentence responses that add substance to the discussion.
• Each discussion item is worth 20 points.Each discussion item is worth 20 points.
CISS 301CISS 301 1313
Labs:Labs:
• We will be spending a lot of time working on We will be spending a lot of time working on lab activities. There will be 7 labs credited for lab activities. There will be 7 labs credited for homework for the class. The labs will consist of homework for the class. The labs will consist of a combination of end-of-chapter questions a combination of end-of-chapter questions review questions, case studies, and activities.review questions, case studies, and activities.
• Each lab has a set of review questions that you Each lab has a set of review questions that you will need to answer in d2l in order for you to will need to answer in d2l in order for you to receive points for that assignment.receive points for that assignment.
• You are responsible for making sure that your You are responsible for making sure that your instructor receives your lab review.instructor receives your lab review.
• Each lab assignment is worth 50 points.Each lab assignment is worth 50 points.
CISS 301CISS 301 1414
Final Exam:Final Exam:
• The final exam will consist of two parts. The final exam will consist of two parts. One part will be a hands-on practical One part will be a hands-on practical demonstration of assigned tasks, and the demonstration of assigned tasks, and the other part will be an exam taken in d2l.other part will be an exam taken in d2l.
• The final exam will be on Tuesday, July 31, The final exam will be on Tuesday, July 31, 2012.2012.– I will be having a review session the week I will be having a review session the week
before to help you.before to help you.
CISS 301CISS 301 1515
Due Dates:Due Dates:
• Unless noted, all assignments will be submitted in Unless noted, all assignments will be submitted in d2l under the Dropbox link. d2l under the Dropbox link. – If, for any reason, you cannot access d2l or are unable to If, for any reason, you cannot access d2l or are unable to
submit the assignment on time, please email it to me submit the assignment on time, please email it to me instead so that you are not penalized for being late.instead so that you are not penalized for being late.
• Quizzes and the discussions items cannot be Quizzes and the discussions items cannot be taken past their due date.taken past their due date.– If you miss a quiz and you want to make up points, you If you miss a quiz and you want to make up points, you
can take advantage of the extra credit assignments can take advantage of the extra credit assignments posted in d2l.posted in d2l.
– Everyone is welcome to work on the extra credit Everyone is welcome to work on the extra credit assignments. Typically, they are 5 to 10 points each, assignments. Typically, they are 5 to 10 points each, depending on the difficulty of the assignment.depending on the difficulty of the assignment.
CISS 301CISS 301 1616
Late Work:Late Work:
• Unless noted, all assignments are due on Unless noted, all assignments are due on Tuesday by midnight each week.Tuesday by midnight each week.– I have identified the due dates in the course I have identified the due dates in the course
schedule.schedule.– Late work will be accepted ONLY if you have Late work will be accepted ONLY if you have
contacted me prior to the due date either by contacted me prior to the due date either by email or voice mail.email or voice mail.
– In general, late work is due the next week, and In general, late work is due the next week, and no late assignments may be turned in after one no late assignments may be turned in after one week from the original due date regardless of week from the original due date regardless of the reason.the reason.
– For every day an assignment is late, you will For every day an assignment is late, you will lose 10% of its grade.lose 10% of its grade.
CISS 301CISS 301 1717
Plagiarism Policy/Cheating:Plagiarism Policy/Cheating:
Plagiarism:Plagiarism:• It is inappropriate, and a violation of academic policy, to copy It is inappropriate, and a violation of academic policy, to copy
information from any source (including, but not limited to, textbooks, information from any source (including, but not limited to, textbooks, magazine articles, newspaper articles and internet articles) without magazine articles, newspaper articles and internet articles) without giving proper credit to the author by using standard quotation giving proper credit to the author by using standard quotation procedures such as in-line quotes, footnotes, endnotes, etc. Quotes procedures such as in-line quotes, footnotes, endnotes, etc. Quotes may not exceed 25% of the assignment's total length. You will receive may not exceed 25% of the assignment's total length. You will receive no credit (0 points) for any assignment that copies any material from no credit (0 points) for any assignment that copies any material from any other source without giving proper credit to the author(s). Repeat any other source without giving proper credit to the author(s). Repeat offenders of this policy are subject to academic discipline as outlined in offenders of this policy are subject to academic discipline as outlined in the policies published by the college. the policies published by the college.
Cheating:Cheating:• Students who cheat will receive a failing grade for the course. See the Students who cheat will receive a failing grade for the course. See the
Student Behavior and Academic Integrity page of the college website Student Behavior and Academic Integrity page of the college website (http://www.crc.losrios.edu/College_Catalog/General_Information/Stude(http://www.crc.losrios.edu/College_Catalog/General_Information/Student_Behavior_and_Academic_Integrity.htm).nt_Behavior_and_Academic_Integrity.htm).
CISS 301CISS 301 1818
CRC Honor Code:CRC Honor Code:
• Academic integrity requires honesty, Academic integrity requires honesty, fairness, respect and responsibility. See fairness, respect and responsibility. See the Cosumnes River College Honor Code the Cosumnes River College Honor Code posted on the college website posted on the college website (http://www.crc.losrios.edu/documents/res(http://www.crc.losrios.edu/documents/resourceguide/CRC-HonorCodeForm.pdf).ourceguide/CRC-HonorCodeForm.pdf).
CISS 301CISS 301 1919
Dropping:Dropping:
• Students are responsible for dropping the Students are responsible for dropping the course.course.
CISS 301CISS 301 2020
Email/Discussions Etiquette:Email/Discussions Etiquette:• Every student will be required to have an email Every student will be required to have an email
account. If you do not have an email account, the account. If you do not have an email account, the college provides free email accounts for all current college provides free email accounts for all current students. To activate your account, go to students. To activate your account, go to https://imail.losrios.edu/https://imail.losrios.edu/ and follow the directions and follow the directions provided.provided.
• I will not tolerate rude and demeaning comments or I will not tolerate rude and demeaning comments or emails to anyone in this class. Please keep your emails to anyone in this class. Please keep your comments and emails topic-related. If I determine that comments and emails topic-related. If I determine that a comment or email to anyone else in the class is rude a comment or email to anyone else in the class is rude or demeaning, I will warn you once. If your behavior or demeaning, I will warn you once. If your behavior continues to be unacceptable, I will refer you to the continues to be unacceptable, I will refer you to the administration of the college for disciplinary action.administration of the college for disciplinary action.
CISS 301CISS 301 2121
Personal Belongings:Personal Belongings:
• No food or drinks are allowed in the No food or drinks are allowed in the classroom.classroom.
• All cell phones, beepers, pagers, etc. All cell phones, beepers, pagers, etc. should be turned off or set to vibrate.should be turned off or set to vibrate.– Any telephone calls need to be taken outside.Any telephone calls need to be taken outside.
CISS 301CISS 301 2222
Disabilities:Disabilities:
• If you have a documented disability and If you have a documented disability and wish to discuss academic wish to discuss academic accommodations, please contact me after accommodations, please contact me after class or contact the Office of Disabled class or contact the Office of Disabled Student Programs and Services (DSPS) at Student Programs and Services (DSPS) at 691-7275 as soon as possible.691-7275 as soon as possible.
CISS 301CISS 301 2323
Campus PoliceCampus Police
• You can call 691-7777 to request a You can call 691-7777 to request a safety escort.safety escort.
CISS 301CISS 301 2424
Online Course Online Course Responsibilities: Responsibilities: • This course requires significant self-motivation. You must This course requires significant self-motivation. You must
not get behind. Labs and weekly assignments can take up not get behind. Labs and weekly assignments can take up to 8 hours to finish. Please don’t try to finish them in one to 8 hours to finish. Please don’t try to finish them in one day. Not all activities are created equal. Some may take a day. Not all activities are created equal. Some may take a bit longer than others. bit longer than others.
• You would normally spend 4 hours per week in class for this You would normally spend 4 hours per week in class for this course: total of 54 hours. Allow yourself at least 8 hours course: total of 54 hours. Allow yourself at least 8 hours per week to complete the activities online, including the per week to complete the activities online, including the time spent writing for the postings to the class discussions. time spent writing for the postings to the class discussions. You should plan additional time to read the textbook and You should plan additional time to read the textbook and study for the quizzes.study for the quizzes.
• Some people believe this is a much easier way to study this Some people believe this is a much easier way to study this subject than an on-campus framework because they love to subject than an on-campus framework because they love to read and avoid the parking problems. Others feel very read and avoid the parking problems. Others feel very intimidated at first. Be patient as you work your way intimidated at first. Be patient as you work your way through the activities. through the activities.
CISS 301CISS 301 2525
Using Desire 2 Learn (d2l):Using Desire 2 Learn (d2l):• How to log in:How to log in:
– You will not be able to participate in the online You will not be able to participate in the online portion of your class using Los Rios Online until portion of your class using Los Rios Online until you have enrolled in your course through your you have enrolled in your course through your college's registration system. college's registration system.
– Students registered as of the first day of the term Students registered as of the first day of the term should already have Los Rios Online accounts and should already have Los Rios Online accounts and be linked to the classes in which they are enrolled.be linked to the classes in which they are enrolled.
• To log on to your d2l account, open your web To log on to your d2l account, open your web browser and go to the following URL: browser and go to the following URL: https://d2l.losrios.edu.https://d2l.losrios.edu.
• Your User Name is the letter w followed by your Your User Name is the letter w followed by your Student ID number. Example: w0123456Student ID number. Example: w0123456
• Your password is your eServices password.Your password is your eServices password.
CISS 301CISS 301 2626
Grading:Grading: Course Topic
Points Total Approximate % the of Grade
Labs (6) 50 30040
Orientation Quiz (1) 10 10 1
Quizzes (4) 30 120 16
Discussions (6) 20 120 16
Final Exam (1) 200 200 27
Point System:Point System:There are 750 total assigned points.There are 750 total assigned points.
Grade Ranges:Grade Ranges:A= 675-750, B=600-674, C=525-599, D=450-524, F=0-449
CISS 301CISS 301 2727
Sample Schedule:Sample Schedule:
Day: Lecture/Lab Schedule:Assignment
Due:Due Date
(By Midnight):
Week 1 Tues. 6/12 Orientation and IntroductionsOrientation Disc.Orientation Quiz
Mon., 6/18
Ch 1: Ethical Hacking OverviewView the Online
Orientation
Ch 2: TCP/IP Concepts Review
Lab #1
Week 2 Tues. 6/19Ch 3: Network and Computer
AttacksDisc. #1 (Ch 1-2) Mon. , 6/25
Ch4: Footprinting and Social EngineeringLab Review #1
Lab #2
CISS 301CISS 301 2828
Conclusion:Conclusion:
• Log into d2l and take the Orientation Quiz. Log into d2l and take the Orientation Quiz. It is due on Monday, June 18, 2012. It is due on Monday, June 18, 2012.
• Go to the Orientation Discussion and Go to the Orientation Discussion and introduce yourself to the class.introduce yourself to the class.
• Registered students for the class have Registered students for the class have access to d2l and can log into the campus access to d2l and can log into the campus network.network.
• Email any questions you might have to Email any questions you might have to me.me.
CISS 301CISS 301 2929
