University of BaltimoreMerrick School of Business
University of Baltimore
Merrick School of Business
| office | BC 473 | v-mail | 837-5272 |
| abento@ubalt.edu | URL | http://home.ubalt.edu/abento |
Topics include security framework overview, footprinting, scanning, enumeration, hacking framework, backdoor servers and Trojans, rootkits, Windows (98,2000,XP, VISTA) and Linux vulnerabilities, dialup, VPN and network devices vulnerabilities, firewalls, Intrusion Detection System (IDS), Denial of Service (DoS) and DDoS, buffer overflows, spyware, phishing, social engineering and protecting the Web end-user. This is a project-oriented course using a restricted access UB Lab to practice the use of hacking and security tools.
Class meetings: In the first part of the class we will discuss the content of the book chapter(s) assigned for that day, and I will try to show live examples of software tools using my Laptop. The second part of the class will be dedicated to additional tools, topics, reviews,etc.
All software used in the course is free so that students can install the software in their PCs. Students will also have accounts in the MIS Lab and will be able to install the software in the Lab machines and use the Windows XP and Linux versions of the software when available.
Special note: Do not use the tools discussed in class outside of the MIS Lab, unless I specifically say so.
The pre-requisites for this course are a working knowledge of Telecommunications (see INSS650) and Operating Systems.
| Assignments (weekly) | 10% |
| Mini-projects (6) | 40% |
| Mid-term exam | 20% |
| Final exam | 30% |
The assignments are to take part on an on-line Forum discussion on issues related to internet and network security. The assignments are to be done individually, and posted on the WebTycho up to 11 PM of the day before class meets. You are supposed to post a contribution to the discussions -- read what was posted before and add something new. I will post a question for discussion every week, and you should post follow-up messages to my questions. Please take into consideration what others have already said and what I may have already replied. If you miss posting your comments in a given week you will get a D for that week. Therefore, if you travel, be sure to take a laptop with you to post your messages, for no late postings make sense in this context.
The mini-projects are hands-on exercises in a given security aspect. Your grade in the mini-projects will depend upon the content and structure of the final written report. The mini-projects are to be made in groups of two to three students. Each group will be assigned to work in a machine throughout the semester, and will have administrative privileges in their respective machine. Each group will create a report with screen capture of what you did (download free software for screen capture from Nonags) and post it as a file in WebTycho. If the files become too large, please zip them before posting (again download free software from Nonags, if you do not have it).
Mid-term Exam
The mid-term exam is a multiple-choice in-class, open book exam, covering the applied materials seen in the first part of the course.
Final Exam
The final exam is a multiple-choice in-class, open book exam, covering the applied materials seen in the second part of the course.
Scambray,J., McClure,S., and Kurtz, G. Hacking Exposed, 5th Ed, McGraw-Hill Professional Publishing, 2005. ISBN 0072260815. Book Web site
Web references:
to be added throughout the semester, in addition to the ones available in the book Web site.| OUTLINE | |||
|---|---|---|---|
| Day | 5:30 - 6:50 | 7:00 - 8:00 | Assignments |
| 08/27 | Course overview, Security overview | Windows XP review | Check information in WebTycho and introduce yourself |
| 09/03 | Labor Day holiday | no classes | |
| 09/10 | Footprinting and Scanning and Google hacking. [1,2] | tools for footprinting and scanning | |
| 09/17 | Enumeration [3] | Enumeration Tools | mp 1 - footprinting, scanning and enumeration. |
| 09/24 | Hacking Win 9x/ME [4] | Review of Ethernet LANs and TCP/IP in Windows. | |
| 10/01 | Hacking Windows [4] | Readings on security in Windows | mp 2 - testing Windows security |
| 10/08 | Overview of Linux, and Hacking UNIX/Linux [5]. SSH in Linux and Windows. | More on Linux and review of Networking in Linux. | |
| 10/15 | Dialup, VPN and Network devices [6,7]. | Readings in VPN and Network devices security | mp 3 - testing UNIX/Linux security. |
| 10/22 | Mid-Term exam | Mid-Term exam | |
| 10/29 | Wireless hacking [8] | Readings in wireless security | mp 4 - testing network and wireless devices |
| 11/05 | Firewalls [9] | Intrusion Detection Systems | |
| 11/12 | Hacking Code [11] and DoS attacks [10] | Other resources on hacking code: packetstorm and bugtraq and Other articles in DoS. | mp 5 - remote control, Trojans and rootkits, firewalls and IDS. |
| 11/19 | No class meeting | ||
| 11/26 | Web hacking and the Internet user [12, 13] | Readings on security of the Internet user | mp 6 - testing Internet users |
| 12/03 | Final Exam review | Final Exam review | |
| 12/10 | Final Exam | Final Exam | last day to re-submit mini-projects. |
This page is maintained by Al Bento who can be reached at abento@ubalt.edu. This page was last updated on October 29, 2007. Although we will attempt to keep this information accurate, we can not guarantee the accuracy of the information provided.