University of Baltimore
Merrick School of Business
Topics include security framework overview, footprinting, scanning, enumeration, hacking framework, backdoor servers and Trojans, rootkits, Windows (XP, 7) and Linux vulnerabilities, dialup, VPN and network devices vulnerabilities, firewalls, Intrusion Detection System (IDS), Denial of Service (DoS) and DDoS, buffer overflows, spyware, phishing, social engineering and protecting the Web end-user. This is a project-oriented course using a restricted access UB Lab to practice the use of hacking and security tools.
Class meetings: In the first part of the class we will discuss the content of the book chapter(s) assigned for that day, and I will try to show live examples of software tools using my Laptop. The second part of the class will be dedicated to additional tools, topics, reviews,etc.
All software used in the course is free so that students can install the software in their PCs. Students will also have accounts in the MIS Lab and will be able to install the software in the Lab machines and use the Windows 7 and Linux versions of the software when available.
Special note: Do not use the tools discussed in class outside of the MIS Lab, unless I specifically say so.
The pre-requisites for this course are a working knowledge of Telecommunications (see INSS650) and Operating Systems.
The assignments are technical reports discussing recent security
incidents and potential remedial actions. The reports should be prepared in a word processor
and ONE file in RTF format should be posted on the corresponding Assignments area of SAKAI.
The projects are hands-on exercises in a given security aspect. Your grade in the mini-projects will depend upon the content and structure of the final written report. The mini-projects are to be made in groups of three to four students. Each group will be assigned to work in a machine throughout the semester, and will have administrative privileges in their respective machine. Each group will create a report with screen capture of what you did (download free software for screen capture from Nonags) and post in the Assignments area of SAKAI. If the files become too large, please zip them before posting (again download free software from Nonags, if you do not have it).
An on-line, multiple-choice exam due on March 11, covering class materials up to February 22nd. The exam will open March 8, and will be comprised of twenty randomized questions. The grades will be posted immediately in SAKAI, but the comments will only be available the day after the due date.
The final exam is a multiple-choice in-class, on-line, open book exam, covering the applied materials from February 29 on.
Scambray,J., McClure,S., and Kurtz, G. Hacking Exposed, 6th ed, McGraw-Hill Professional Publishing, 2009. ISBN 0071613749. Book Web site
to be added throughout the semester, in addition to the ones available in the book Web site.
|Day||5:30 - 6:50||7:00 - 8:00||Assignments|
|01/25||Course overview, Security overview||Windows 7 review||Introduce yourself and select group in SAKAI|
|02/01||Footprinting and Scanning and Google hacking. [1,2]||tools for footprinting and scanning||Assignment 1 due 02/07
|02/08||Enumeration ||Enumeration Tools||Project 1 - footprinting, scanning and enumeration. due 02/21
|02/15||Windows security mechanisms ||Review of Ethernet LANs and TCP/IP in Windows.||Finish working on Project 1
Assignment 2 due 02/28
|02/22||Hacking Windows ||Readings on security in Windows||Project 2 - testing Windows security due 03/06
|02/29||Overview of Linux, and Hacking UNIX/Linux . SSH in Linux and Windows. Meets in the MIS Lab||More on Linux and review of Networking in Linux.|| Finish working on Project 2
Assignment 3 due 03/17
||Dialup, VPN and Network devices [6,7].||Readings in VPN and Network devices security||Mid-Term exam due 03/12
Project 3 - testing UNIX/Linux security due 03/27
Wireless hacking  and Hacking Hardware 
||Readings in wireless security|| Continue working on Project 3
|| Spring Break
|03/28||Firewalls||Intrusion Detection Systems||Project 4 - testing network and wireless devices due 04/15|
|04/04||Threat infrastructure: proxies, botnets, fast-flux||Exploitation: Buffer Overflow,SQL injection, Adobe files||Finish working on Project 4
|04/11||DoS attacks [C]||Other articles in DoS.||Assignment 4 due 04/21|
||Hacking Code ||Other resources on hacking code: packetstorm and bugtraq|| Project 5 - scanning for remote control, Trojans,rootkits. Setup of firewalls and IDS. due 05/01
|04/25||Web hacking and the Internet user [11, 12]||Readings on security of the Internet user||Project 6 - testing Internet users due 05/08
|05/02||Hacking mobile devices||Final Exam review|| Finish working on Project 6
||Final Exam||last day to re-submit projects.|
This page is maintained by Al Bento who can be reached at firstname.lastname@example.org. This page was last updated on January 5, 2012. Although we will attempt to keep this information accurate, we can not guarantee the accuracy of the information provided.