|
|
(109 intermediate revisions by 2 users not shown) |
Line 1: |
Line 1: |
− | {{Admon/important|This WIKI is a Draft|This is '''NOT''' a finalized version for SEC520. This SEC520 WIKI resource is scheduled to be used for the '''Fall 2012''' sesemster.}}
| |
| | | |
− | [[Category:SEC520]]
| |
− |
| |
− | {|width="100%" border="1" cellspacing="2"
| |
− | |
| |
− | :'''Week'''
| |
− | |
| |
− | :'''Objectives and Tasks'''
| |
− | |
| |
− | :'''Course Notes / Assigned Reading'''
| |
− | |
| |
− | :'''Labs'''
| |
− | |- valign="top"
| |
− | |
| |
− | :'''Week 1'''
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Course Introduction:'''
| |
− | ::* SEC520 WIKI
| |
− | ::* Course Outline
| |
− | ::* Course Policies
| |
− | ::* Required Materials
| |
− | ::* Lab Setup
| |
− |
| |
− |
| |
− | : '''Developing a "Security Mind":'''
| |
− | ::*4 Virtues of Internet Security
| |
− | ::*8 Rules of Internet Security
| |
− | ::*Penetration Testing:
| |
− | :::*Reconnaissance:
| |
− | ::::*Information Gathering
| |
− | ::::*Foot-printing
| |
− | ::::*User Information
| |
− | ::::*Verification
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Slides (Concepts):'''
| |
− | ::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.ppt ppt] ] Course Intro / The "Security Mind"
| |
− | ::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.ppt ppt] ] Penetration Testing: Reconnaissance
| |
− |
| |
− | :'''Reading References:'''
| |
− | ::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)
| |
− | ::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)
| |
− |
| |
− | :'''YouTube Videos:'''
| |
− | ::*[http://www.youtube.com/watch?v=NDQffaAMLQc Reconnaissance]
| |
− |
| |
− | :'''Resources:'''
| |
− | ::* [http://zenit.senecac.on.ca/wiki/index.php/SEC520 SEC520 WIKI]
| |
− | ::* [https://scs.senecac.on.ca/course/sec520 Course Outline]
| |
− | ::* [https://cs.senecac.on.ca/~scs/DonMillsPolicies/policy.html Course Policies]
| |
− | ::* [http://zenit.senecac.on.ca/wiki/index.php/SEC520#Supplies_Checklist_.28Required_for_Second_Class.29 Required Materials]
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Lab 1:'''
| |
− | ::Set-Up for Labs:
| |
− | ::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_1.html Install Vulnerable Linux OS<br />& Windows 2003 Server]
| |
− |
| |
− | :'''Lab 2:'''
| |
− | ::Pentration Testing:
| |
− | ::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_2.html Reconnaissance]
| |
− | |- valign="top"
| |
− | |
| |
− | :'''Week 2'''
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Scanning, Enumeration, & Vulnerability Testing:'''
| |
− | ::*Penetration Testing (Continued):
| |
− | :::*Scanning
| |
− | :::*Enumeration
| |
− | ::*Vulnerability Testing
| |
− | :::*Client-side Attacks:
| |
− | ::::*Human-side Errors
| |
− | ::::*Operating System / Applications (Metasploit)
| |
− | ::::*Phishing
| |
− | ::::*Social Networking
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Slides (Concepts):'''
| |
− | ::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.ppt ppt] ] Scanning & Enumeration
| |
− | ::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.ppt ppt] ] Vulnerability Testing
| |
− |
| |
− | :'''Reading References:'''
| |
− | ::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)
| |
− |
| |
− | :'''YouTube Videos:'''
| |
− | ::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Scanning 1] , [http://www.youtube.com/watch?v=WKLNAAt57Wg Scanning 2]
| |
− | ::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Enumeration]
| |
− | ::*[https://www.youtube.com/watch?v=FMgAIfcPsyw Vulnerability Testing - Overview]
| |
− | ::*[https://www.youtube.com/watch?v=lNjxwvQT-os Nessus]
| |
− | ::*[http://www.youtube.com/watch?v=TfZt70TYujg Metasploit]
| |
− |
| |
− | :'''Resources:'''
| |
− | ::*[http://atlas.arbor.net/ ATLAS Web-page] (Active Threat Level Analysis System)
| |
− | ::*[http://www.sans.org/top-cyber-security-risks/summary.php Top Security Risks 2009 (SANS Institute)]
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Lab 3:'''
| |
− | ::Penetration Testing / Continued:
| |
− | <div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:50px; margin-right:10px; padding-left: 45px;">
| |
− | <div style="float: left; margin-left: -40px;"></div>
| |
− | <div><b>WARNING!</b><br />Scanning ports must require the permission of Server Owner (preferably in writing). Student must either work in Security lab to scan each others' ports, or sign an agreement to scan the Tank server within or outside Seneca College.</div>
| |
− | </div>
| |
− |
| |
− |
| |
− | ::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_3.html Scanning, Enumeration, & Vulnerability Testing]
| |
− |
| |
− |
| |
− | :'''Assignment #1 Posted:'''
| |
− | ::*Details: N/A
| |
− |
| |
− |
| |
− | |- valign="top"
| |
− | |
| |
− | :'''Week 3'''
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''System Hardening in Linux:'''
| |
− | ::*Purpose
| |
− | ::*Rule of Preventative Action
| |
− | ::*Rule of Separation
| |
− | :::*Separate Servers, turn-off open ports, AAA Protocol (Authorization, Authentication, Accounting)
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Slides (Concepts):'''
| |
− | ::* [odp] [pdf] [ppt] Rules: Preventative Action / Separation
| |
− |
| |
− |
| |
− | :'''Reading References:'''
| |
− | ::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook]<br />(Chapter 4 - Pages: )
| |
− | ::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook]<br />(Chapter 4 - Pages: )
| |
− |
| |
− | :'''YouTube Videos:'''
| |
− | ::*[http://www.youtube.com/watch?v=GJMKgV8V4FI Hardening Linux - Part 1]
| |
− | ::*[http://www.youtube.com/watch?v=M9LdGH_AIZo Hardening Linux - Part 2]
| |
− | ::*[http://www.youtube.com/watch?v=0tEBXWU6Au4 Hardening Linux - Part 3]
| |
− | ::*[http://www.youtube.com/watch?v=yy1NR74ttAw&feature=results_main&playnext=1&list=PL48E055817B95897B Pluggable Authentication Modules]
| |
− | ::*[http://www.youtube.com/watch?v=6piQXXHTmqk Access Control Lists]
| |
− |
| |
− | :'''Resources:'''
| |
− | ::* [http://www.ibm.com/developerworks/linux/library/l-pam/index.html Understanding and Configuring PAM]
| |
− | ::* [http://www.linuxquestions.org/linux/answers/security/acls_extended_filepermissions How to Use ACLs]
| |
− | |
| |
− |
| |
− |
| |
− |
| |
− | :'''Lab 4:'''
| |
− | ::Linux System Hardening (Part 1)
| |
− | ::*<div style="background:#ffff00">[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_4.html Rules: Preventative Action/Trust]</div>
| |
− |
| |
− |
| |
− |
| |
− | |- valign="top"
| |
− | |
| |
− | :'''Week 4'''
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''System Hardening in Linux / Continued:'''
| |
− | ::*Rule of Least Priviledge / Rule of Trust
| |
− | :::*Password Policies
| |
− | :::*Cron Jobs
| |
− | :::*SELinux
| |
− | :::*Sudo
| |
− | :::*Iptables
| |
− | |
| |
− |
| |
− |
| |
− | :'''Slides (Concepts):'''
| |
− | ::* [odp] [pdf] [ppt] Rules: Least Priviledge / Trust
| |
− |
| |
− | :'''YouTube Videos:'''
| |
− | ::*[http://www.youtube.com/watch?v=fpXuWhshKVA Hardening Linux - Part 4]
| |
− | ::*[http://www.youtube.com/watch?v=imnEUvvDxc4 Configuring Sudo]
| |
− | ::*[http://www.youtube.com/watch?v=kUdCsZpt2ew Iptables]
| |
− |
| |
− | :'''Reading References:'''
| |
− | ::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook]<br />(Chapter 5 - Pages: )
| |
− | ::*[http://lcweb.senecac.on.ca:2063/0131963694?uicode=seneca SELinux by Example]<br />(Chapter x - Pages: )
| |
− |
| |
− | :'''Resources:'''
| |
− | ::* SELinux Links
| |
− | ::* [http://www.sudo.ws/sudo/intro.html Sudo In a Nutshell] (View samples and Slide Show)
| |
− | |
| |
− |
| |
− |
| |
− | :'''Lab 5:'''
| |
− | ::Linux System Hardening (Part 2)
| |
− | ::*<div style="background:#ffff00">[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_5.html Rules: Least Priviledge / Trust]</div>
| |
− |
| |
− | |- valign="top"
| |
− | |
| |
− | :'''Week 5'''
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Midterm (Test #1 )Review:'''
| |
− | ::*Complete Labs 1 - 5
| |
− | ::*Submit Assignment #1
| |
− | ::*Review for Midterm
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Assignment #1 Due:'''
| |
− | ::* Assignment Submission Instructions
| |
− |
| |
− | |- valign="top"
| |
− | |
| |
− | :'''Week 6'''
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Midterm (Test #1):'''
| |
− | ::*Test Details
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− |
| |
− | |- valign="top"
| |
− | |
| |
− |
| |
− | :'''Week 7'''
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Network-Side Attacks:'''
| |
− | ::*Database Services
| |
− | ::*TCP Stacks
| |
− | ::*Web Server / Web Applications
| |
− | |
| |
− |
| |
− |
| |
− | :'''Slides (Concepts):'''
| |
− | ::* [odp] [pdf] [ppt] Network-Side Attacks
| |
− |
| |
− | :'''Reading References:'''
| |
− | ::* x
| |
− |
| |
− | :'''YouTube Videos:'''
| |
− | ::*
| |
− |
| |
− | :'''Resources:'''
| |
− | ::*
| |
− | |
| |
− |
| |
− |
| |
− | :'''Lab 6:'''
| |
− | ::*<div style="background:#ffff00">[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_6.html Network-Side Attacks]</div>
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− | |- valign="center"
| |
− | !colspan="4"|'''Study Week'''
| |
− | |- valign="top"
| |
− | |
| |
− |
| |
− |
| |
− | :'''Week 8'''
| |
− | |
| |
− |
| |
− |
| |
− | :'''Hardening Windows:'''
| |
− | ::*Hardening Windows Systems
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Slides (Concepts):'''
| |
− | ::* [odp] [pdf] [ppt] Hardening Windows
| |
− |
| |
− |
| |
− | :'''Reading References:'''
| |
− | ::* [http://lcweb.senecac.on.ca:2052/toc.aspx?site=RYW9D&bookid=12602 Hardening Windows, 2nd Edition]<br />(Chapter 5 - Pages: )
| |
− |
| |
− | :'''YouTube Videos:'''
| |
− | ::*
| |
− |
| |
− | :'''Resources:'''
| |
− | ::*
| |
− | |
| |
− |
| |
− |
| |
− | :'''Lab 7:'''
| |
− | ::*<div style="background:#ffff00">[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_7.html Hardening Windows]</div>
| |
− |
| |
− |
| |
− | |- valign="top"
| |
− | |
| |
− |
| |
− |
| |
− | :'''Week 9'''
| |
− | |
| |
− |
| |
− |
| |
− | :'''Intrusion Detection (Linux / Windows):'''
| |
− | ::*Purpose
| |
− | ::*Logs
| |
− | ::*Monitoring
| |
− | ::*Using Tripwire
| |
− |
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Slides (Concepts):'''
| |
− | ::* [odp] [pdf] [ppt] Intrusion Detection / Using Tripwire
| |
− |
| |
− |
| |
− | :'''Reading References:'''
| |
− | ::*[http://www.sans.org/score/checklists/ID_Linux.pdf Intrusion Discovery - Linux]
| |
− | ::*[http://www.sans.org/score/checklists/ID_Windows.pdf Intrusion Discovery - Windows]
| |
− | ::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook]<br />(Chapter 1 - Pages: )
| |
− |
| |
− | :'''YouTube Videos:'''
| |
− | ::*
| |
− |
| |
− | :'''Resources:'''
| |
− | ::*
| |
− | |
| |
− |
| |
− |
| |
− | :'''Lab 8:'''
| |
− | ::*<div style="background:#ffff00">[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_8.html Intrusion Detection (Linux & Windows)]</div>
| |
− |
| |
− | :'''Assignment #2 Posted:'''
| |
− | ::*Details - N/A
| |
− | |- valign="top"
| |
− | |
| |
− | :'''Week 10'''
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Additional Considerations:'''
| |
− | ::*Decoys: Honeypots
| |
− | ::*Packet Sniffers
| |
− | ::*Malware
| |
− | ::*Trojan Horses
| |
− | |
| |
− |
| |
− |
| |
− | '''Slides:'''
| |
− | ::* [odp] [pdf] [ppt] Securing the Perimeter
| |
− |
| |
− | :'''Reading References:'''
| |
− | ::*
| |
− |
| |
− | :'''YouTube Videos:'''
| |
− | ::*
| |
− |
| |
− | :'''Resources:'''
| |
− | ::*
| |
− | |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− | |- valign="top"
| |
− | |
| |
− | :'''Week 11'''
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Test #2:'''
| |
− | ::*Test Details
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− | <!-- * SELinux and httpd -->
| |
− | |
| |
− |
| |
− |
| |
− | |- valign="top"
| |
− | |
| |
− | :'''Week 12'''
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− |
| |
− | :'''Assignment #2 Evaluation:'''
| |
− | ::*Presentations
| |
− | ::*Evaluate Secured System
| |
− | |
| |
− |
| |
− | |
| |
− | :'''Assignment #2 Due:'''
| |
− | ::* Assignment Submission Instructions
| |
− |
| |
− | |- valign="top"
| |
− | |
| |
− |
| |
− |
| |
− | :'''Week 13'''
| |
− |
| |
− |
| |
− | |
| |
− | '''Final Exam Review'''
| |
− | :* Details
| |
− | |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− | |
| |
− |
| |
− | |- valign="top"
| |
− | !colspan="4"|Exam Week - TBA
| |
− |
| |
− | |}
| |