University of Baltimore
Merrick School of Business
INSS 453 - Internet and Network Security
Fall 2017
Thursdays 5:30 - 8:00 PM - BC 025, MIS Lab and on the Web
(every other week)
Professor Al Bento
| office |
BC 468 |
v-mail |
(410) 837-5272 |
| e-mail |
abento@ubalt.edu |
URL |
http://home.ubalt.edu/abento |
Office hours: Thursdays 3:30 - 5:00 PM every other week, and TBA.
[review project][projects][exams][outline] [SAKAI]
COURSE DESCRIPTION
The objectives of this course are to familiarize students with:
- basic security threats on netwoks connected to the Internet
- basic tools to provide user and system security, and
- security resources available on the Internet.
Topics include security framework overview, footprinting, scanning,
enumeration, hacking framework, backdoor servers and Trojans, rootkits,
Windows (7, 8, 10) and Linux vulnerabilities, dialup, VPN and
network devices vulnerabilities, firewalls, Intrusion Detection System
(IDS), Denial of Service (DoS) and DDoS, buffer overflows, spyware,
phishing, social engineering and protecting the Web end-user. This is a
project-oriented course using a restricted access UB Lab to practice
the use of hacking and security tools.
Class meetings: we will meet in class or in the MIS Lab every
other week , and on the Web in the other weeks.
All software used in the course is free so that students can install
the software in their PCs. Students will also have accounts in the MIS
Lab and will be able to install the software in the Lab machines and
use the Windows 10 and Linux versions of the software when
available.
Special note: Do not use the tools discussed in class outside of
the MIS Lab, unless I specifically say so.
The course pre-requisite is INSS300 basic knowledge of
Information Technology and Networking.
ASSIGNMENTS AND GRADING
Review project
|
5%
|
| Projects (7) |
40% |
| Mid-term exam |
25% |
| Final exam |
30%
|
Review Project
The review project objective is to make each group familiar with the
MIS Lab machine they will use during the semester and review
basic network commands seen in chapter 2 of the textbook and
prior courses as INSS427, e.g. ipconfig, ping, tracert, nslookup,
arp, net commands, etc.
Projects
The projects are hands-on exercises in a given security aspect.
Your grade in the projects will depend upon the content and
structure of the final written report. The projects are to be made
in groups of three to four students. Each group will be assigned
to work
in a MIS Lab machine throughout the semester, and will have
administrative
privileges in their respective machine. Each group will create a report
with screen capture of what you did and post
the report in the Assignments area of SAKAI. If the files become
too large,
please zip them before posting.
- fix SAM and SMB vulnerabilities
- footprinting, scanning and enumeration.
- testing Windows security.
- testing UNIX/Linux security.
- testing network and wireless devices.
- setup of firewalls and IDS
- scanning for remote control, Trojans and rootkits.
Exams
Mid-term Exam
The mid-term exam is an in-class, online, multiple-choice, open book
exam on October 12covering
class materials and textbook chapters 1,2,5,6,8,11 and 13. The exam
will be comprised of forty or fifty questions. The
grades will be posted immediately in SAKAI, but the comments will
only be available the next day. There will be a sign up page in
class and be sure that you sign it.
Final Exam
The final exam is an in-class, online, multiple-choice, open book
exam on December 14
covering class materials and textbook chapters 3,4,7,9,10,12 and 14.
The exam will be comprised of forty or fifty questions. The
grades will be posted immediately in SAKAI, but the comments will
only be available the next day. There will be a sign up page in
class and be sure that you sign it.
TEXTBOOK
Easttom, Chuck Computer
Security Fundamentals, 3rd ed, Pearson Education, Inc, 2016. ISBN
9780789757463
Suplemental reading (on reserve in
the Library) Content not included in course exams, will
help in the group projects.
Scambray,J., McClure,S., and Kurtz, G. Hacking
Exposed, 7th ed, McGraw-Hill Professional Publishing, 2012. ISBN
0071780289.
| OUTLINE |
| Day |
5:30 - 6:50 |
7:00 - 8:00 |
Assignments |
| 08/31 |
Course overview, Security
overview [1], Encryption.[8]
face-to-face meeting. |
Windows security
mechanisms. SAM vulnerabilities |
Introduce yourself and select group in SAKAI |
| 09/07 |
Basic
Communications Model and Ethernet LANs, Other Ethernet Technologies. [2]
Meet in MIS Lab
|
Microsoft Enterprise Concepts, TCP/IP
in Windows and Netbios
resolution [2]
|
Review project: MIS Lab acquaintance,
basic network tools due 09/13
|
| 09/14 |
Malware [5:1-17] Windows
Defender role change. Windows
Defender vulnerability and Microsoft
fix. Ransomware
overview and as a business. Microsoft OneDrive and Dropbox Ransomware recovery. |
Ransomware
and SMB SMB
levels and SMB
Vulnerability severity. Disable SMBv1. Hackers Playbook: Ransomware special edition.
|
Project 1: Fix SAM and SMB vulnerabilities due
09/20
|
| 09/21 |
Hacking Framework , Footprinting and
Scanning. Enumeration.
Tools for footprinting and scanning, and tools for enumeration (1,2,3) Meet in MIS Lab
|
Techniques Used by Hackers [6:1-14] , Google Hacking , Cyber Detective [13] |
Project 2 - footprinting, scanning and
enumeration. due 10/04 |
| 09/28 |
Checking and
hacking
Windows (4). Network and Vulnerability Scanning [11] using MSBA and Nessus.
|
Readings
on security in Windows Pwned Passwords |
Finish working on Project 2
|
| 10/05 |
Overview
of Linux, and SSH
in Linux and Windows. Installing Ubuntu bash shell in Windows 10.
Meet in MIS Lab |
Information in Linux , Handy Commands and Networking in
Linux. More in bash in Windows. |
Project 3 - testing Windows security
due 10/18 |
10/12
|
Midterm Exam
face-to-face meeting. |
Midterm Exam |
Finish working on Project 3 |
10/19
|
Hacking
UNIX/Linux (5)
face-to-face meeting.
|
More in Linux security
|
Project 4 - testing UNIX/Linux security
due 11/01
|
| 10/26 |
Wireless hacking
(8) Readings in
wireless security |
Remote
Connectivity, VPN and Network devices (7) and Readings
in VPN and Network devices security |
Finish working on Project 4
|
11/02
|
DoS
attacks [4] Other articles
in DoS.
face-to-face meeting. |
Firewalls
and Intrusion Detection
Systems [9] |
Project 5 - testing network and wireless
devices due 11/18
|
11/09
|
Hacking
Hardware (9) and Web hacking and the Internet user (10) |
Mobile Hacking
(11) |
Finish working on Project 5
|
11/16
|
Remote Control and Advanced Techniques and
More in Advanced Techniques. [5:18-34] Other resources on hacking code: packetstorm and bugtraq
face-to-face meeting. |
Techniques Used by Hackers [6:15-22], Exploitation:
Buffer Overflow,SQL injection, Adobe files and Kali Linux DB testing tools.
|
Project 6 - Setup of firewalls
and
IDS due 12/2 |
11/23
|
Thanksgiving
|
Thanksgiving
|
Finish working on Project 6
|
11/30
|
Security Policies [10] Introduction to
Forensics [14] and Kali Linux tools for forensics.
face-to-face meeting.
|
Cyber terrorism and Information warfare [12] and Final Exam review
|
Project 7 - Scanning for remote control,
Trojans and rootkits due 12/14
|
12/07
|
Cyber Stalking and Crime [3], Tech Support Scams,
|
Industrial Espionage in Cyberspace [7] |
Finish working on Project 7 |
12/14
|
Final Exam
face-to-face meeting.
|
Final Exam |
last day to re-submit projects. |
Note: [ ] chapters in Easttom Book and ( ) chapters in McClure Book
This page is maintained by Al
Bento who can be reached at abento@ubalt.edu.
This page was last updated on August 13, 2017. Although we will attempt
to keep this information accurate, we can not guarantee the accuracy of
the information provided.