77744 501 THU 6 pm - 9 pm Science 215
|
Catalog Description
Students learn how hackers attack computers and networks, and how to protect systems from
such attacks, using both Windows and Linux systems. Students will learn legal restrictions and
ethical guidelines, and will be required to obey them. Students will perform many hands-on labs,
both attacking and defending, using port scans, footprinting, exploiting Windows and Linux
vulnerabilities, buffer overflow exploits, SQL injection, privilege escalation, Trojans, and
backdoors.
Prerequisites: CNIT 106 and 120 or equivalent familiarity with the fundamentals
of networking and security.
Upon successful completion of this course, the student will be
able to:
- Explain what an ethical hacker can and can not do legally, and explain the credentials and roles of penetration testers.
- Define the types of malicious software found in modern networks.
- Explain the threats and countermeasures for physical security and social engineering.
- Perform footprinting to learn about a company and its network.
- Perform port scans to locate potential entry points to servers and networks.
- Perform enumeration (finding resources, accounts, and passwords) on Microsoft, Netware, and Unix/Linux targets.
- Perform very simple programming in C, HTML, and Perl, specifically oriented towards the needs of network security professionals.
- Learn how to identify Microsoft Windows vulnerabilities and to harden systems.
- Learn how to identify Linux vulnerabilities and to protect servers.
- Describe how to take control of Web Servers, and how to protect them.
- Locate and hack into wireless networks, and protect them.
- Explain how cryptography and hashing work, and perform attacks against them such as password cracking and man-in-the-middle attacks.
- Describe and deploy security devices, including routers, firewalls, Intrusion Detection Systems, and honeypots.
Textbooks
Hands-On Ethical Hacking and Network Defense by Michael T. Simpson -- ISBN: 0-619-21708-1
Buy from Amazon
CNIT 123: Ethical Hacking and Network Defense -- Lecture Notes and Projects by Sam Bowne
(buy it at the CCSF Bookstore)
|
Schedule (may be revised) |
Date | Quiz | Topic |
Thu 8-16 | |
Ch 1: Ethical Hacking Overview |
Thu 8-23 | |
Ch 2: TCP/IP Concepts Review |
Thu 8-30 | Quiz on Ch 1 & 2 Proj 1-3 due |
Ch 3: Network and Computer Attacks |
Fri 8-31 |
Last Day to Add Classes |
Thu 9-6 | Quiz on Ch 3 Proj 4&5 due |
Ch 4: Footprinting and Social Engineering |
Thu 9-13 | Quiz on Ch 4 Proj 6&7 due |
Ch 5: Port Scanning |
Mon 9-17 |
Last Day to Request CR/NC Grading |
Thu 9-20 | Quiz on Ch 5 Proj 8&9 due |
Ch 6: Enumeration |
Thu 9-27 | Quiz on Ch 6 Proj 10&11 due |
Ch 7: Programming for Security Professionals |
Thu 10-4 | Quiz on Ch 7 Proj 12&13 due |
Ch 8: Microsoft Operating System Vulnerabilities |
Thu 10-11 | Quiz on Ch 8 Proj 14&15 due |
Ch 9: Linux Operating System Vulnerabilities |
Thu 10-18 | Class Cancelled for Toorcon |
Thu 10-25 | Quiz on Ch 9 Proj 16&17 due |
Ch 10: Hacking Web Servers |
Thu 11-1 | Quiz on Ch 10 Proj 18 due |
Ch 11: Hacking Wireless Networks |
Thu 11-8 | Quiz on Ch 11 Proj 19&20 due |
Ch 12: Cryptography |
Tue 11-13 |
Last Day to Withdraw |
Thu 11-15 | Quiz on Ch 12 Proj 22&23 due |
Ch 13: Protecting Networks with Security Devices |
Thu 11-22 |
Holiday - No Class |
Thu 11-29 | Quiz on Ch 13 Proj 21&22 due |
Lecture 14: More Wireless Hacking -- Cracking WEP Encryption (not in textbook) |
Thu 12-6 | No Quiz Proj 23 due |
Lecture 15: Man-in-the-Middle Attack (not in textbook) |
Thu 12-13 | |
Final Exam: 6 PM Room 215 |
Hacker's Bookshelf |
Non-Technical |
|
The Art of Deception: Controlling the Human Element of Security (2003)
by Kevin D. Mitnick, William L. Simon, Steve Wozniak |
|
The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers (2005)
by Kevin D. Mitnick, William L. Simon |
|
Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw-By the Man Who Did It (1996)
by Tsutomu Shimomura, John Markoff |
|
The Hacker Crackdown: Law And Disorder On The Electronic Frontier (1993)
by Bruce Sterling |
|
Hackers: Heroes of the Computer Revolution (2001)
by Steven Levy |
|
Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age (2002)
by Steven Levy |
|
Brute Force: Cracking the Data Encryption Standard (2005)
by Matt Curtin |
Fiction With Technical Information |
|
Stealing the Network: How to Own the Box (2003)
by Ryan Russell, Ido Dubrawsky, FX, Joe Grand, Tim Mullen |
|
Stealing the Network: How to Own a Continent (2004)
by FX, Paul Craig, Joe Grand, Tim Mullen, Fyodor, Ryan Russell, Jay Beale |
|
Stealing the Network: How to Own an Identity (2005)
by Raven Alder, Chris Hurley, Tom Parker, Ryan Russell, Jay Beale, Riley Eller, Brian Hatch, Jeff Moss |
|
Zero Day Exploit: Countdown to Darkness (2004)
by Rob Shein, David Litchfield, Marcus Sachs |
Technical |
|
Gray Hat Hacking : The Ethical Hacker's Handbook (2004)
by Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Michael Lester |
|
Hacker's Challenge : Test Your Incident Response Skills Using 20 Scenarios (2001)
by Mike Schiffman |
|
Hacker's Challenge 2: Test Your Network Security & Forensic Skills (2002)
by Mike Schiffman, Bill Pennington, David Pollino, Adam J. O'Donnell |
|
Hacker's Challenge 3 (2006)
by David Pollino, Bill Pennington, Tony Bradley, Himanshu Dwivedi |
|
Google Hacking for Penetration Testers (2004)
by Johnny Long, Ed Skoudis, Alrik van Eijkelenborg |
|
Wi-Foo: The Secrets of Wireless Hacking (2004)
by Andrew Vladimirov, Konstantin V. Gavrilenko, Andrei A. Mikhailovsky |