38013 601 Lec SAT 09:00-12:00PM Science 215
|
Catalog Description
Students learn how hackers attack computers and networks, and how to protect systems from
such attacks, using both Windows and Linux systems. Students will learn legal restrictions and
ethical guidelines, and will be required to obey them. Students will perform many hands-on labs,
both attacking and defending, using port scans, footprinting, exploiting Windows and Linux
vulnerabilities, buffer overflow exploits, SQL injection, privilege escalation, Trojans, and
backdoors.
Prerequisites: CNIT 106 and 120 or equivalent familiarity with the fundamentals
of networking and security.
Upon successful completion of this course, the student will be
able to:
- Explain what an ethical hacker can and can not do legally, and explain the credentials and roles of penetration testers.
- Define the types of malicious software found in modern networks.
- Explain the threats and countermeasures for physical security and social engineering.
- Perform footprinting to learn about a company and its network.
- Perform port scans to locate potential entry points to servers and networks.
- Perform enumeration (finding resources, accounts, and passwords) on Microsoft, Netware, and Unix/Linux targets.
- Perform very simple programming in C, HTML, and Perl, specifically oriented towards the needs of network security professionals.
- Learn how to identify Microsoft Windows vulnerabilities and to harden systems.
- Learn how to identify Linux vulnerabilities and to protect servers.
- Describe how to take control of Web Servers, and how to protect them.
- Locate and hack into wireless networks, and protect them.
- Explain how cryptography and hashing work, and perform attacks against them such as password cracking and man-in-the-middle attacks.
- Describe and deploy security devices, including routers, firewalls, Intrusion Detection Systems, and honeypots.
Textbooks
Hands-On Ethical Hacking and Network Defense by Michael T. Simpson -- ISBN: 0-619-21708-1
Buy from Amazon
CNIT 123: Ethical Hacking and Network Defense -- Lecture Notes and Projects (Spring 2008 Revision) by Sam Bowne
(buy it at the CCSF Bookstore)
|
Schedule |
Date | Quiz | Topic |
Sat 1-19 | |
Ch 1: Ethical Hacking Overview |
Sat 1-26 | |
Ch 2: TCP/IP Concepts Review |
Fri 2-1 |
Last Day to Add Classes |
Sat 2-2 | Quiz on Ch 1 & 2 Proj 1-3 due |
Ch 3: Network and Computer Attacks |
Sat 2-9 | Quiz on Ch 3 Proj 4&5 due |
Ch 4: Footprinting and Social Engineering |
Sat 2-16 |
Holiday - No Class |
Tue 2-19 |
Last Day to Request CR/NC Grading |
Wed 2-20 |
Last Day to Remove an Incomplete Grade |
Sat 2-23 | Quiz on Ch 4 Proj 6&7 due |
Ch 5: Port Scanning |
Sat 3-1 | Quiz on Ch 5 Proj 8&9 due |
Ch 6: Enumeration |
Sat 3-8 | No Quiz Proj 10&11 due |
Ch 7: Programming for Security Professionals |
Sat 3-15 | Quiz on Ch 6&7 Proj 12&13 due |
Ch 8: Microsoft Operating System Vulnerabilities |
Sat 3-22 |
Holiday - No Class |
Sat 3-29 |
Holiday - No Class |
Sat 4-5 | No Quiz - MTV here Proj 14&15 due |
Ch 9: Linux Operating System Vulnerabilities |
4-7 through 4-11 |
RSA Security Conference (extra credit) |
Fri 4-11 |
Last Day to Withdraw |
Sat 4-12 | Quiz on Ch 8 & 9 Proj 16&17 due |
Ch 10: Hacking Web Servers |
Sat 4-19 | Quiz on Ch 10 Proj 18&19 due |
Ch 11: Hacking Wireless Networks |
Sat 4-26 | Quiz on Ch 11 Proj 20&21 due |
Ch 12: Cryptography |
Sat 5-3 | Quiz on Ch 12 Proj 22&23 due |
Ch 13: Protecting Networks with Security Devices |
Sat 5-10 | Quiz on Ch 13 -- Last Class Proj 24&25 due |
Lecture 14: More Wireless Hacking -- Cracking WEP Encryption &
Lecture 15: Man-in-the-Middle Attack (not in textbook) |
Sat 5-17 | |
Final Exam: 9 am Room 215 |
Fri 8-10 through Sun 8-12 | |
DEFCON in Las Vegas |
Hacker's Bookshelf |
Non-Technical |
|
The Art of Deception: Controlling the Human Element of Security (2003)
by Kevin D. Mitnick, William L. Simon, Steve Wozniak |
|
The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers (2005)
by Kevin D. Mitnick, William L. Simon |
|
Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw-By the Man Who Did It (1996)
by Tsutomu Shimomura, John Markoff |
|
The Hacker Crackdown: Law And Disorder On The Electronic Frontier (1993)
by Bruce Sterling |
|
Hackers: Heroes of the Computer Revolution (2001)
by Steven Levy |
|
Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age (2002)
by Steven Levy |
|
Brute Force: Cracking the Data Encryption Standard (2005)
by Matt Curtin |
Fiction With Technical Information |
|
Stealing the Network: How to Own the Box (2003)
by Ryan Russell, Ido Dubrawsky, FX, Joe Grand, Tim Mullen |
|
Stealing the Network: How to Own a Continent (2004)
by FX, Paul Craig, Joe Grand, Tim Mullen, Fyodor, Ryan Russell, Jay Beale |
|
Stealing the Network: How to Own an Identity (2005)
by Raven Alder, Chris Hurley, Tom Parker, Ryan Russell, Jay Beale, Riley Eller, Brian Hatch, Jeff Moss |
|
Zero Day Exploit: Countdown to Darkness (2004)
by Rob Shein, David Litchfield, Marcus Sachs |
Technical |
|
Gray Hat Hacking : The Ethical Hacker's Handbook (2004)
by Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Michael Lester |
|
Hacker's Challenge : Test Your Incident Response Skills Using 20 Scenarios (2001)
by Mike Schiffman |
|
Hacker's Challenge 2: Test Your Network Security & Forensic Skills (2002)
by Mike Schiffman, Bill Pennington, David Pollino, Adam J. O'Donnell |
|
Hacker's Challenge 3 (2006)
by David Pollino, Bill Pennington, Tony Bradley, Himanshu Dwivedi |
|
Google Hacking for Penetration Testers (2004)
by Johnny Long, Ed Skoudis, Alrik van Eijkelenborg |
|
Wi-Foo: The Secrets of Wireless Hacking (2004)
by Andrew Vladimirov, Konstantin V. Gavrilenko, Andrei A. Mikhailovsky |