Difference between revisions of "SEC520 Weekly Schedule"

Revision as of 13:14, 22 October 2012

Week

Objectives and Tasks

Course Notes / Assigned Reading

Labs

Week 1

Course Introduction:

SEC520 WIKI
Course Outline
Course Policies
Required Materials
Lab Setup

Developing a "Security Mind":

4 Virtues of Internet Security
8 Rules of Internet Security
Penetration Testing:

Reconnaissance:

Information Gathering
Foot-printing
User Information
Verification

Slides (Concepts):

[ odp ] [ pdf ] [ ppt ] Course Intro / The "Security Mind"
[ odp ] [ pdf ] [ ppt ] Penetration Testing: Reconnaissance

Reading References:

Inside the Security Mind, Making the Tough Decisions (E-Book) (Chapters 1 - 3)
Penetration Tester's Open Source Toolkit (E-book)
(Chapter 2: Reconnaissance)

YouTube Videos:

Reconnaissance

Resources:

Lab 1:

Set-Up for Labs:

Setup Hard Disk Pack for Labs

Lab 2:

Pentration Testing:

Reconnaissance

Week 2

Week 3

Scanning, Enumeration, & Vulnerability Testing:

Penetration Testing (Continued):

Scanning
Enumeration

Vulnerability Testing

Slides (Concepts):

[ odp ] [ pdf ] [ ppt ] Scanning & Enumeration

Reading References:

Penetration Tester's Open Source Toolkit (E-book)
(Chapter 3)

YouTube Videos:

Resources:

Nmap Reference Guide
(How to use nmap utility to scan ports)

Lab 3:

Penetration Testing / Continued:

Scanning, Enumeration, & Vulnerability Testing

WARNINGS!

Scanning ports must require the permission of Server Owner (preferably in writing). Student must either work in Security lab to scan each others' ports, or sign an agreement to scan the Tank server within or outside Seneca College.
Your instructor will hand-out permission forms to allow students to obtain Tank accounts, and allow students to perform ethical "penetration testing" on that server. Students must sign this form, hand back to the instructor, and await further instructions before proceeding with penetration testing on the tank server

Week 4

Scanning, Enumeration, & Vulnerability Testing:

Vulnerability Testing

Slides (Concepts):

[ odp ] [ pdf ] [ ppt ] Vulnerability Testing
[ odp ] [ pdf ] [ ppt ] Interpreting and Respecting the Rules for the Tank Server

Reading References:

Penetration Tester's Open Source Toolkit (E-book)
(Chapter 3)

YouTube Videos:

Resources:

Using Armitage (Metasploit Framework)

Lab 3:

Continue Working on Lab 3

Week 5

System Hardening in Linux:

Purpose
Rule of Preventative Action
Rule of Separation
Rule of Least Privilege

AAA Protocol (Authentication):

PKI
PAM
Kerebos

Slides (Concepts):

[ odp ] [ pdf ] [ ppt ] Linux Hardening (part 1)

Reading References:

Linux Security Cookbook (E-book)
(Chapter 4 - Pages: )

YouTube Videos:

Linux Hardening

Part1 | Part 2 | Part 3

PAM

Resources:

Lab 4:

System Hardening

Linux System Hardening (part 1)

Assignment #1 Posted:

Assignment Submission Instructions

Week 6

Midterm (Test #1) Review:

Complete Labs 1 - 5
Review for Midterm

Lab 4:

Continue Working on Lab 4

Work on Assignment #1

Week 7

Midterm (Test #1):

Test Details

Study Week

Week 8

System Hardening in Linux / Continued:

AAA Protocol (Authorization):

ACLs
SELinux
Sudo
Cron Jobs
Turning Off Xwindows

Hardening Windows 2003 Server:

Installing and Configuring Security Configuration Wizard
Using New Technology File System (NTSF)
Configuring Automatic Updates

Slides (Concepts):

[ odp ] [ pdf ] [ ppt ] Linux Hardening (part 2)

YouTube Videos:

Reading References:

Linux Security Cookbook
(Chapter 5 - Pages: )
SELinux by Example
(Chapter x - Pages: )

Resources:

Slides (Concepts):

[ odp ] [ pdf ] [ ppt ] Hardening Windows

Reading References:

Hardening Windows, 2nd Edition
(Chapter 5 - Pages: )

YouTube Videos:

Security Configuration Wizard 2003

Resources:

Lab 5:

System Hardening

Linux System Hardening (part 2)

Lab 7:

Hardening Windows 2003 Server

Assignment #1 Due

Week 9

Types of Attacks:

Client-side Attacks

Phishing
Webbrowser - Malicious Payloads
IP Spoofing (Man in the Middle) / Password

Server-side Attacks

Out-dated Software Patches
Database Injection
Password Cracking

Intrusion Detection:

Purpose
Logs
Monitoring
Iptables
Using Tripwire

Slides (Concepts):

[ odp ] [ pdf ] [ ppt ] Types of Attacks

YouTube Videos:

Reading References:

Penetration Tester's Open Source Toolkit (E-book)
(Chapters 4,5,6)

Resources:

ATLAS Web-page (Active Threat Level Analysis System)
Top Security Risks 2009 (SANS Institute)

Slides (Concepts):

[ odp ] [ pdf ] [ ppt ] Intrusion Detection / Using Tripwire

Reading References:

Intrusion Discovery - Linux

Linux Security Cookbook
(Chapter 1 - Pages: )

YouTube Videos:

Iptables

Additional Resources (for interest):

Intrusion Discovery - Windows

Lab 6:

Attack Categories:

Types of Attacks

WARNINGS!

Scanning ports must require the permission of Server Owner (preferably in writing). Student must either work in Security lab to scan each others' ports, or sign an agreement to scan the Tank server within or outside Seneca College.
Your instructor will hand-out permission forms to allow students to obtain Tank accounts, and allow students to perform ethical "penetration testing" on that server. Students must sign this form, hand back to the instructor, and await further instructions before proceeding with penetration testing on the tank server

Lab 8:

Intrusion Detection

Assignment #2 Posted:

Details - N/A

Week 10

Additional Considerations:

Decoys: Honey-Pots
DMZs
Disaster Recovery
The BIGGER Picture

Slides:

[odp] [pdf] [ppt] Additional Considerations

Reading References:

YouTube Videos:

Resources:

Week 11

Test #2:

Test Details

Week 12

Assignment #2 Evaluation:

Presentations
Evaluate Secured System

Assignment #2 Due:

Week 13

Final Exam Review

Details

Exam Week - TBA

@@ Line 103: / Line 103: @@
 :'''Slides (Concepts):'''
 ::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.ppt ppt] ]  Scanning & Enumeration
-::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.ppt ppt] ]  Vulnerability Testing
-::* [ [http://matrix.senecac.on.ca/~murray.saul/tank-rules.odp odp] ] [ [http://matrix.senecac.on.ca/~murray.saul/tank-rules.pdf pdf] ] [ [http://matrix.senecac.on.ca/~murray.saul/tank-rules.ppt ppt] ]  Interpreting and Respecting the Rules for the Tank Server
 :'''Reading References:'''
@@ Line 112: / Line 111: @@
 ::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Scanning 1] , [http://www.youtube.com/watch?v=WKLNAAt57Wg Scanning 2]
 ::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Enumeration]
-::*[https://www.youtube.com/watch?v=FMgAIfcPsyw Vulnerability Testing - Overview]
-::*[https://www.youtube.com/watch?v=lNjxwvQT-os Nessus]
-::*[https://www.youtube.com/watch?v=hRxOW37MRwc Accessing System Via Metasploit (web-browser)]
 :'''Resources:'''
 ::*[http://nmap.org/book/man.html Nmap Reference Guide]<br />(How to use '''nmap''' utility to scan ports)
-::*[http://www.commonexploits.com/?p=243 Using Armitage] (Metasploit Framework)
 |
@@ Line 142: / Line 139: @@
 |
+:'''Scanning, Enumeration, & Vulnerability Testing:'''
+::*Vulnerability Testing
+|
+:'''Slides (Concepts):'''
+::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.ppt ppt] ]  Vulnerability Testing
+::* [ [http://matrix.senecac.on.ca/~murray.saul/tank-rules.odp odp] ] [ [http://matrix.senecac.on.ca/~murray.saul/tank-rules.pdf pdf] ] [ [http://matrix.senecac.on.ca/~murray.saul/tank-rules.ppt ppt] ]  Interpreting and Respecting the Rules for the Tank Server
+:'''Reading References:'''
+::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)
-|
+:'''YouTube Videos:'''
+::*[https://www.youtube.com/watch?v=FMgAIfcPsyw Vulnerability Testing - Overview]
+::*[https://www.youtube.com/watch?v=lNjxwvQT-os Nessus]
+::*[https://www.youtube.com/watch?v=hRxOW37MRwc Accessing System Via Metasploit (web-browser)]
+:'''Resources:'''
+::*[http://www.commonexploits.com/?p=243 Using Armitage] (Metasploit Framework)
 |
+:'''Lab 3:'''
+::Continue Working on '''Lab 3'''

Difference between revisions of "SEC520 Weekly Schedule"

Revision as of 13:14, 22 October 2012

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

get involved with CDOT

courses

course projects

links

Tools