|
|
(5 intermediate revisions by one other user not shown) |
Line 1: |
Line 1: |
− | {{Admon/important|This WIKI is a Draft|This is '''NOT''' a finalized version for SEC520. This SEC520 WIKI resource is scheduled to be used for the '''Fall 2012''' sesemster.}}
| |
| | | |
− | [[Category:SEC520]]
| |
− |
| |
− | {|width="100%" border="1" cellspacing="2"
| |
− | | style="width: 10%;" |
| |
− | :'''Week'''
| |
− | | style="width: 25%;" |
| |
− | :'''Objectives and Tasks'''
| |
− | | style="width: 35%;" |
| |
− | :'''Course Notes / Assigned Reading'''
| |
− | |
| |
− | :'''Labs'''
| |
− | |- valign="top"
| |
− | |
| |
− | :'''Week 1'''
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Course Introduction:'''
| |
− | ::* SEC520 WIKI
| |
− | ::* Course Outline
| |
− | ::* Course Policies
| |
− | ::* Required Materials
| |
− | ::* Lab Setup
| |
− |
| |
− |
| |
− | : '''Developing a "Security Mind":'''
| |
− | ::*4 Virtues of Internet Security
| |
− | ::*8 Rules of Internet Security
| |
− | ::*Penetration Testing:
| |
− | :::*Reconnaissance:
| |
− | ::::*Information Gathering
| |
− | ::::*Foot-printing
| |
− | ::::*User Information
| |
− | ::::*Verification
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Slides (Concepts):'''
| |
− | ::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.ppt ppt] ] Course Intro / The "Security Mind"
| |
− | ::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.ppt ppt] ] Penetration Testing: Reconnaissance
| |
− |
| |
− | :'''Reading References:'''
| |
− | ::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)
| |
− | ::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)
| |
− |
| |
− | :'''YouTube Videos:'''
| |
− | ::*[http://www.youtube.com/watch?v=NDQffaAMLQc Reconnaissance]
| |
− |
| |
− | :'''Resources:'''
| |
− | ::* [http://zenit.senecac.on.ca/wiki/index.php/SEC520 SEC520 WIKI]
| |
− | ::* [https://scs.senecac.on.ca/course/sec520 Course Outline]
| |
− | ::* [https://cs.senecac.on.ca/~scs/DonMillsPolicies/policy.html Course Policies]
| |
− | ::* [http://zenit.senecac.on.ca/wiki/index.php/SEC520#Supplies_Checklist_.28Required_for_Second_Class.29 Required Materials]
| |
− | ::* [http://google.ca Google Link]
| |
− | |
| |
− |
| |
− |
| |
− | :'''Lab 1:'''
| |
− | ::Set-Up for Labs:
| |
− | <!-- Old Link::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_1.html Setup Hard Disk Pack for Labs]-->
| |
− | ::*[https://wiki.cdot.senecacollege.ca/wiki/SEC520/labs/Lab_1 Setup Hard Disk Pack for Labs]
| |
− |
| |
− | :'''Lab 2:'''
| |
− | ::Pentration Testing:
| |
− | <!-- Old Link ::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_2.html Reconnaissance]-->
| |
− | ::*[https://wiki.cdot.senecacollege.ca/wiki/SEC520/labs/Lab_2 Reconnaissance]
| |
− | |- valign="top"
| |
− | |
| |
− | :'''Week 2'''
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Scanning, Enumeration, & Vulnerability Testing:'''
| |
− | ::*Penetration Testing (Continued):
| |
− | :::*Scanning
| |
− | :::*Enumeration
| |
− | ::*Vulnerability Testing
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Slides (Concepts):'''
| |
− | ::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.ppt ppt] ] Scanning & Enumeration
| |
− | ::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.ppt ppt] ] Vulnerability Testing
| |
− |
| |
− | :'''Reading References:'''
| |
− | ::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)
| |
− |
| |
− | :'''YouTube Videos:'''
| |
− | ::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Scanning 1] , [http://www.youtube.com/watch?v=WKLNAAt57Wg Scanning 2]
| |
− | ::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Enumeration]
| |
− | ::*[https://www.youtube.com/watch?v=FMgAIfcPsyw Vulnerability Testing - Overview]
| |
− | ::*[https://www.youtube.com/watch?v=lNjxwvQT-os Nessus]
| |
− | ::*[http://www.youtube.com/watch?v=TfZt70TYujg Metasploit]
| |
− |
| |
− | :'''Resources:'''
| |
− | ::*[http://atlas.arbor.net/ ATLAS Web-page] (Active Threat Level Analysis System)
| |
− | ::*[http://www.sans.org/top-cyber-security-risks/summary.php Top Security Risks 2009 (SANS Institute)]
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Lab 3:'''
| |
− | ::Penetration Testing / Continued:
| |
− | <div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:50px; margin-right:10px; padding-left: 45px;">
| |
− | <div style="float: left; margin-left: -40px;"></div>
| |
− | <div><b>WARNING!</b><br />Scanning ports must require the permission of Server Owner (preferably in writing). Student must either work in Security lab to scan each others' ports, or sign an agreement to scan the Tank server within or outside Seneca College.</div>
| |
− | </div>
| |
− |
| |
− |
| |
− | <!-- Old Link ::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_3.html Scanning, Enumeration, & Vulnerability Testing]-->
| |
− | ::*[https://wiki.cdot.senecacollege.ca/wiki/SEC520/labs/Lab_3 Scanning, Enumeration, & Vulnerability Testing]
| |
− |
| |
− |
| |
− | :'''Assignment #1 Posted:'''
| |
− | ::*Details: N/A
| |
− |
| |
− |
| |
− | |- valign="top"
| |
− | |
| |
− | :'''Week 3'''
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''System Hardening in Linux:'''
| |
− | ::*Purpose
| |
− | ::*Rule of Preventative Action
| |
− | ::*Rule of Separation
| |
− | ::*Rule of Least Privilege
| |
− | :::*AAA Protocol (Authentication):
| |
− | ::::*PKI
| |
− | ::::*PAM
| |
− | ::::*Kerebos
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Slides (Concepts):'''
| |
− | ::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.ppt ppt] ] Linux Hardening (part 1)
| |
− |
| |
− | :'''Reading References:'''
| |
− | ::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook (E-book)]<br />(Chapter 4 - Pages: )
| |
− |
| |
− | :'''YouTube Videos:'''
| |
− | ::*Linux Hardening
| |
− | :::[http://www.youtube.com/watch?v=GJMKgV8V4FI Part1] | [http://www.youtube.com/watch?v=M9LdGH_AIZo Part 2] | [http://www.youtube.com/watch?v=0tEBXWU6Au4 Part 3]
| |
− | ::*[http://www.youtube.com/watch?v=yy1NR74ttAw&feature=results_main&playnext=1&list=PL48E055817B95897B PAM]
| |
− |
| |
− | :'''Resources:'''
| |
− | ::* [http://www.ibm.com/developerworks/linux/library/l-pam/index.html Understanding and Configuring PAM]
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− |
| |
− | :'''Lab 4:'''
| |
− | ::System Hardening
| |
− | <!-- Old Link ::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_4.html Linux System Hardening (part 1)]-->
| |
− | ::*[https://wiki.cdot.senecacollege.ca/wiki/SEC520/labs/Lab_4 Linux System Hardening (part 1)]
| |
− |
| |
− |
| |
− | |- valign="top"
| |
− | |
| |
− | :'''Week 4'''
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''System Hardening in Linux / Continued:'''
| |
− | ::*AAA Protocol (Authorization):
| |
− | :::*ACLs
| |
− | :::*SELinux
| |
− | :::*Sudo
| |
− | :::*Cron Jobs
| |
− | :::*Turning Off Xwindows
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Slides (Concepts):'''
| |
− | ::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.ppt ppt] ] Linux Hardening (part 2)
| |
− |
| |
− | :'''YouTube Videos:'''
| |
− | ::*[http://www.youtube.com/watch?v=6piQXXHTmqk ACLs]
| |
− | ::*[http://www.youtube.com/watch?v=fpXuWhshKVA SELinux]
| |
− | ::*[http://www.youtube.com/watch?v=imnEUvvDxc4 Sudo]
| |
− | ::*[http://www.youtube.com/watch?v=4Icg3MYZZqI Cron Jobs]
| |
− |
| |
− | :'''Reading References:'''
| |
− | ::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook]<br />(Chapter 5 - Pages: )
| |
− | ::*[http://lcweb.senecac.on.ca:2063/0131963694?uicode=seneca SELinux by Example]<br />(Chapter x - Pages: )
| |
− |
| |
− | :'''Resources:'''
| |
− | ::* [http://www.linuxquestions.org/linux/answers/security/acls_extended_filepermissions How to Use ACLs]
| |
− | ::* SELinux
| |
− | ::* [http://www.sudo.ws/sudo/intro.html Sudo In a Nutshell]
| |
− | |
| |
− |
| |
− |
| |
− | :'''Lab 5:'''
| |
− | ::System Hardening
| |
− | <!--Old Link::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_5.html Linux System Hardening (part 2)]-->
| |
− | ::*[https://wiki.cdot.senecacollege.ca/wiki/SEC520/labs/Lab_5 Linux System Hardening (part 2)]
| |
− |
| |
− | |- valign="top"
| |
− | |
| |
− | :'''Week 5'''
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Midterm (Test #1) Review:'''
| |
− | ::*Complete Labs 1 - 5
| |
− | ::*Submit Assignment #1
| |
− | ::*Review for Midterm
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Assignment #1 Due:'''
| |
− | ::* Assignment Submission Instructions
| |
− |
| |
− | |- valign="top"
| |
− | |
| |
− | :'''Week 6'''
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Midterm (Test #1):'''
| |
− | ::*Test Details
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− |
| |
− | |- valign="top"
| |
− | |
| |
− |
| |
− | :'''Week 7'''
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Types of Attacks:'''
| |
− | ::*Client-side Attacks
| |
− | :::*Phishing
| |
− | :::*Webbrowser - Malicious Payloads
| |
− | :::*IP Spoofing (Man in the Middle) / Password
| |
− | ::*Server-side Attacks
| |
− | :::*Out-dated Software Patches
| |
− | :::*Database Injection
| |
− | :::*Password Cracking
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Slides (Concepts):'''
| |
− | ::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.ppt ppt] ] Types of Attacks
| |
− |
| |
− | :'''YouTube Videos:'''
| |
− | ::*[http://www.youtube.com/watch?v=ZUygX8TBBw0 Phishing]
| |
− | ::*[http://www.youtube.com/watch?v=PqfZM3Lxrmg Malicious Payload]
| |
− | ::*[http://www.youtube.com/watch?v=-hd7XG-b6uk IP Spoofing]
| |
− | ::*[http://www.youtube.com/watch?v=AhTfo6pWBIM Database Injection]
| |
− | ::*[http://www.youtube.com/watch?v=Iyh_w0Ix2bc Password Cracking]
| |
− |
| |
− | :'''Reading References:'''
| |
− | ::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapters 4,5,6)
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Lab 6:'''
| |
− | :'''Attack Categories:'''
| |
− | <div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:50px; margin-right:10px; padding-left: 45px;">
| |
− | <div style="float: left; margin-left: -40px;"></div>
| |
− | <div><b>WARNING!</b><br />Scanning ports and exploiting servers must require the permission of Server Owner (preferably in writing). Student must either work in Security lab to scan each others' ports, or sign an agreement to scan the Tank server within or outside Seneca College.</div>
| |
− | </div>
| |
− |
| |
− |
| |
− | <!--Old Link::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_6.html Types of Attacks]-->
| |
− | ::*[https://wiki.cdot.senecacollege.ca/wiki/SEC520/labs/Lab_6 Types of Attacks]
| |
− |
| |
− |
| |
− |
| |
− |
| |
− | |- valign="center"
| |
− | !colspan="4"|'''Study Week'''
| |
− | |- valign="top"
| |
− | |
| |
− |
| |
− |
| |
− | :'''Week 8'''
| |
− | |
| |
− |
| |
− |
| |
− | :'''Hardening Windows 2003 Server:'''
| |
− | ::*Installing and Configuring Security Configuration Wizard
| |
− | ::*Using New Technology File System (NTSF)
| |
− | ::*Configuring Automatic Updates
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Slides (Concepts):'''
| |
− | ::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w8_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w8_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w8_l1.ppt ppt] ] Hardening Windows
| |
− |
| |
− | :'''Reading References:'''
| |
− | ::* [http://lcweb.senecac.on.ca:2052/toc.aspx?site=RYW9D&bookid=12602 Hardening Windows, 2nd Edition]<br />(Chapter 5 - Pages: )
| |
− |
| |
− | :'''YouTube Videos:'''
| |
− | ::*[http://www.youtube.com/watch?v=df1_yx2fa8g Security Configuration Wizard 2003]
| |
− |
| |
− | :'''Resources:'''
| |
− | ::*
| |
− | |
| |
− |
| |
− |
| |
− | :'''Lab 7:'''
| |
− | ::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_7.html Hardening Windows 2003 Server]
| |
− | <!--Old Link::*[https://wiki.cdot.senecacollege.ca/wiki/SEC520/labs/Lab_7 Hardening Windows 2003 Server]-->
| |
− |
| |
− |
| |
− | |- valign="top"
| |
− | |
| |
− |
| |
− |
| |
− | :'''Week 9'''
| |
− | |
| |
− |
| |
− |
| |
− | :'''Intrusion Detection:'''
| |
− | ::*Purpose
| |
− | ::*Logs
| |
− | ::*Monitoring
| |
− | ::*Iptables
| |
− | ::*Using Tripwire
| |
− |
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Slides (Concepts):'''
| |
− | ::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.ppt ppt] ] Intrusion Detection / Using Tripwire
| |
− |
| |
− | :'''Reading References:'''
| |
− | ::*[http://www.sans.org/score/checklists/ID_Linux.pdf Intrusion Discovery - Linux]
| |
− |
| |
− | ::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook]<br />(Chapter 1 - Pages: )
| |
− |
| |
− | :'''YouTube Videos:'''
| |
− | ::*[http://www.youtube.com/watch?v=kUdCsZpt2ew Iptables]
| |
− |
| |
− | :'''Additional Resources (for interest):'''
| |
− | ::*[http://www.sans.org/score/checklists/ID_Windows.pdf Intrusion Discovery - Windows]
| |
− | |
| |
− |
| |
− |
| |
− | :'''Lab 8:'''
| |
− | ::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_8.html Intrusion Detection]
| |
− |
| |
− | :'''Assignment #2 Posted:'''
| |
− | ::*Details - N/A
| |
− | |- valign="top"
| |
− | |
| |
− | :'''Week 10'''
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Additional Considerations:'''
| |
− | ::*Decoys: Honey-Pots
| |
− | ::*Disaster Recovery
| |
− | ::*The BIGGER Picture
| |
− | |
| |
− |
| |
− |
| |
− | :'''Slides:'''
| |
− | ::* <div style="background:#ffff00">[odp] [pdf] [ppt] Additional Considerations</div>
| |
− |
| |
− | :'''Reading References:'''
| |
− | ::*
| |
− |
| |
− | :'''YouTube Videos:'''
| |
− | ::*
| |
− |
| |
− | :'''Resources:'''
| |
− | ::*
| |
− | |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− | |- valign="top"
| |
− | |
| |
− | :'''Week 11'''
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Test #2:'''
| |
− | ::*Test Details
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− | <!-- * SELinux and httpd -->
| |
− | |
| |
− |
| |
− |
| |
− | |- valign="top"
| |
− | |
| |
− | :'''Week 12'''
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Assignment #2 Evaluation:'''
| |
− | ::*Presentations
| |
− | ::*Evaluate Secured System
| |
− | |
| |
− |
| |
− | |
| |
− | :'''Assignment #2 Due:'''
| |
− | ::* Assignment Submission Instructions
| |
− |
| |
− | |- valign="top"
| |
− | |
| |
− |
| |
− |
| |
− | :'''Week 13'''
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Final Exam Review'''
| |
− | ::* Details
| |
− | |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− | |- valign="top"
| |
− | !colspan="4"|Exam Week - TBA
| |
− |
| |
− | |}
| |