SYLLABUS

MQ – 9/21/14 Page 1 of 4

Code: NETW 238 Title: Hacker Techniques, Tools, and Incident Handling

Division: Business & Technology Department: Engineering and Technology Course Description: This course provides students with the theory and skills required in the fields of ethical hacking and incident handling. Areas of instruction include various tools and techniques, vulnerabilities of operating systems, software and networks used by hackers to access unauthorized information, and techniques and technologies to defend against these attacks. This course also addresses incident handling methods used when information security is compromised. This course requires three hours of lecture and additional independent time as necessary to complete course projects and assignments. Prerequisites: NETW 106, NETW 107, and NETW 110 (or two of the three and department permission) Corequisites: Prerequisites or Corequisites: Credits: 3 Lecture Hours: 3 Lab/Studio Hours:

REQUIRED TEXTBOOK/MATERIALS: Oriyano, Sean-Philip and Michael Gregg. Hacker Techniques, Tools, and Incident Handling. 2nd ed.

Sudbury, MA: Jones & Bartlett, 2014 Virtual Security Cloud Labs Video Demo Labs Student Lab Manual

ADDITIONAL TIME REQUIREMENTS: Additional lab time as required COURSE LEARNING OUTCOMES: Upon completion of this course, students will be able to:

Explain the ethical and legal implications of hacking and penetration testing. Identify common information gathering tools and techniques. Analyze how port scanning and fingerprinting are used by hackers. Analyze how enumeration is used in conjunction with system hacking. Analyze wireless network vulnerabilities exploited by hackers. Perform web and database attacks. Identify and remove common types of malware from infected systems. Identify Trojans, backdoors, and covert communication methods. Perform network traffic analysis and sniffing by using appropriate tools. Analyze systems using Linux tools. Perform incident handling by using appropriate methods. Compare and contrast defensive technologies.

SYLLABUS

MQ – 9/21/14 Page 2 of 4

GRADING STANDARD: The following scale will be used to determine the final course grade.

A 90 – 100 A- 87 - 89 B+ 85 - 86 B 80 - 84 B- 77 - 79 C+ 75 - 76 C 70 - 74 D 65 - 69 F 64 and below

STUDENT PERFORMANCE EVALUATION Students are expected to be present and punctual for all scheduled classes and labs.

Students will be evaluated according to performance in the following categories: Mid-Term Exam Final Exam Course Project Weekly Assignments Lab Activities Class Participation/Discussion

The final grade will be determined by the following:

Discussion 10% Assignment 15% Lab 15% Project 15% Mid-Term Exam 20% Final Exam 25%

TOTAL 100%

COURSE CONTENT: Lesson 1: Hacking: The Next Generation Readings Chapter 1, “Hacking: The Next Generation” Lab Develop an Attack and Penetration Test Plan Lesson 2: TCP/IP Review Readings Chapter 2, “TCP/IP Review” Assignment Developments in Hacking, Cybercrime, and Malware Lesson 3: Cryptographic Concepts Readings Chapter 3, “Cryptographic Concepts” Assignment Cryptography Lab Implement Hashing and Encryption for Secure Communications Project Project Part 1: Current Security Threats Lesson 4: Physical Security Readings Chapter 4, “Physical Security” Assignment Vulnerability of a Cryptosystem Lesson 5: Footprinting Tools and Techniques Readings Chapter 5, “Footprinting Tools and Techniques” Assignment Information Gathering Plan Lab Perform Data Gathering and Footprinting on a Targeted Website Lesson 6: Port Scanning Readings Chapter 6, “Port Scanning” Assignment Data Gathering and Footprinting Protection Plan Lab Compromise and Exploit a Vulnerable Microsoft® Workstation

SYLLABUS

MQ – 9/21/14 Page 3 of 4

Lesson 7: Enumeration and Computer System Hacking Readings Chapter 7, “Enumeration and Computer System Hacking” Assignment Top Ports and Rising Ports Review Lesson 8: Wireless Vulnerabilities Readings Chapter 8, “Wireless Vulnerabilities” Discussion Security Features of Wireless Technologies Assignment Wireless Exploit Research Lab Audit and Implement a Secure WLAN Solution Project Project Part 2: Vulnerability in Information Technology (IT) Security Lesson 9: Web and Database Attacks Readings Chapter 9, “Web and Database Attacks” Discussion Web Server Vulnerability Analysis Assignment Web Application Attacks Prevention Lab Perform a Web Site and Database Attack by Exploiting Identified Vulnerabilities Lesson 10: Malware, Worms, and Viruses Readings Chapter 10, “Malware, Worms, and Viruses” Assignment Malware Lifecycle Lab Identify and Mitigate Malware and Malicious Software on a Windows Server Lesson 11: Sniffers, Session Hijacking, and Denial of Service Attacks Readings Chapter 11, “Sniffers, Session Hijacking, and Denial of Service Attacks” Assignment Network Attacks Lab Conduct a Network Traffic Analysis and Baseline Definition Project Project Part 3: Investigative Findings on Malware Lesson 12: Linux and Penetration Testing Readings Chapter 12, “Linux and Penetration Testing” Assignment Basic Linux Commands Project Project Part 4: SQL Injection Lesson 13: Social Engineering Readings Chapter 13, “Social Engineering” Lesson 14: Incident Response Readings Chapter 14, “Incident Response” Lab Perform Incident Response for an Infected Microsoft Windows® Workstation Project Project Part 5: Analysis of Intrusion Detection System (IDS) Traffic with Inbound Attacks Lesson 15: Defensive Technologies Readings Chapter 15, “Defensive Technologies” Assignment Gaps in Incident Response Assignment Controls Lab Design and Implement SNORT as an Intrusion Detection System (IDS) Course Review and Final Examination Project Project Part 6: Defense Plan to Prevent Attacks Exam Final Examination

SYLLABUS

MQ – 9/21/14 Page 4 of 4

DEPARTMENT POLICIES: INCOMPLETE It is the student's responsibility to submit all classwork on a timely basis, and it is expected that all course requirements be completed by the last class meeting. In cases of hardship or emergency, your instructor may grant a grade of INC. In order to be considered for the grade INC, the student must have satisfactorily completed 80% of the course, have a passing test average, and must meet with the instructor prior to the last class meeting to discuss this option. Your instructor is under no obligation to grant an INC.

WITHDRAWING FROM CLASS Last day to withdraw from a class with a grade W is the 12th week. While a W does not affect your GPA, it may have impact if you are receiving Financial Aid. Before withdrawing from any class, you should consult with your counselor, or a Financial Aid representative.

ACADEMIC INTEGRITY

Academic integrity is submitting one's own work, and properly acknowledging the work of others. Any violation of this principle constitutes academic dishonesty. Forms of academic dishonesty include:

Plagiarism

Submitting another's work, in whole or part, as one's own. This includes an examination, a computer program, a laboratory report, or a written assignment.

Facilitating Academic Dishonesty

Helping another commit an act of dishonesty, such as substituting for an examination or completing an assignment for someone else.

Cheating

Using or attempting to use unauthorized materials on an examination or assignment, such as using unauthorized texts or notes or improperly obtaining, or attempting to obtain, copies of an examination or answers to an examination.

Illegal System Access

Altering, transmitting, or permitting unauthorized individuals access to your account, or an attempt to alter or destroy system files on any server or computer. This also includes altering, transmitting, or attempting to alter or transmit academic information or records by unauthorized individuals.

Students that participate in dishonest activities will receive a 0 for that project, examination, or assignment may be given a grade of F for the course may be reported to the Dean for disciplinary action

For additional information, refer to the current Brookdale Community College Student Handbook.

COLLEGE POLICIES: For information regarding: Brookdale’s Academic Integrity Code Student Conduct Code Student Grade Appeal Process

Please refer to the BCC STUDENT HANDBOOK AND BCC CATALOG.

NOTIFICATION FOR STUDENTS WITH DISABILITIES: Brookdale Community College offers reasonable accommodations and/or services to persons with disabilities. Students with disabilities who wish to self-identify must contact the Disabilities Services Office at 732-224-2730 (voice) or 732-842-4211 (TTY) to provide appropriate documentation of the disability, and request specific accommodations or services. If a student qualifies, reasonable accommodations and/or services, which are appropriate for the college level and are recommended in the documentation, can be approved.

ADDITIONAL SUPPORT/LABS: Virtual Security Cloud Labs This course has an accompanying Lab Manual that utilizes Virtual Security Cloud Labs. This virtual sandbox environment supports both onsite and online classrooms, and provides students with instant, unscheduled access to security-focused virtual lab environments from the convenience of a Web browser. These cloud-based labs reproduce the complex challenges of the real world without putting the institution’s IT assets at risk.