https://wiki.cdot.senecacollege.ca/w/api.php?action=feedcontributions&user=Craig.barretto&feedformat=atom
CDOT Wiki - User contributions [en]
2024-03-28T14:08:17Z
User contributions
MediaWiki 1.30.0
https://wiki.cdot.senecacollege.ca/w/index.php?title=SEC520_Weekly_Schedule&diff=132546
SEC520 Weekly Schedule
2018-03-29T05:02:52Z
<p>Craig.barretto: /* Winter 2018 */</p>
<hr />
<div>[[Category:SEC520]]<br />
<br />
=SEC520 Weekly Schedule=<br />
== Winter 2018==<br />
::Instructor:<br />Austin (SAA)<br />Craig Barretto (craig.barretto@senecacollege.ca)<br />
1 credit<br />
::*Quiz and Labs ( 4 Quiz, 7 Labs (15%))<br />
::::'''Logbooks due April 10th, 2018'''<br />
::*Assignments (2) 20%<br />
::::'''Assignment 1 - Due Date March 9''''''<br />
::::'''Assignment 2 - Due Date TBA''''''<br />
::*Tests (2) 30%<br />
::::'''Written Test - March 8''''''<br />
::::'''Lab Test - March 15'''''<br />
::*Final Test 35%<br />
{|width="100%" border="1" cellspacing="2"<br />
| style="width: 10%;" |<br />
:'''Week'''<br />
| style="width: 25%;" |<br />
:'''Objectives and Tasks'''<br />
| style="width: 35%;" |<br />
:'''Course Notes / Assigned Reading'''<br />
|<br />
:'''Labs'''<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 1'''<br />
<br />
|<br />
<br />
<br />
:'''Course Introduction:'''<br />
::* SEC520 WIKI<br />
::* Course Outline<br />
::* Course Policies<br />
::* Required Materials<br />
::* Lab Setup<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.ppt ppt] ] Course Intro / The "Security Mind"<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://lcweb.senecac.on.ca:2053/0596006691 Computer Security Basics (E-book)]<br />(Chapter 1: The New Insecurity)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)<br />
<br />
<br />
:'''Resources:'''<br />
::* [http://zenit.senecac.on.ca/wiki/index.php/SEC520 SEC520 WIKI]<br />
::* [https://scs.senecac.on.ca/course/sec520 Course Outline]<br />
<br />
::* Required Materials are listed in your Supplies Checklist. Other materials and references are noted week by week.<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 1:'''<br />
::Set-Up for Labs:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_1.html Setup Hard Disk Pack for Labs]<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 2'''<br />
<br />
|<br />
<br />
<br />
: '''Developing a "Security Mind":'''<br />
::*4 Virtues of Internet Security<br />
::*8 Rules of Internet Security<br />
::*Penetration Testing:<br />
:::*Reconnaissance:<br />
::::*Information Gathering<br />
::::*Foot-printing<br />
::::*User Information<br />
::::*Verification<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.ppt ppt] ] Penetration Testing: Reconnaissance<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=NDQffaAMLQc Reconnaissance]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 2:'''<br />
::Pentration Testing:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_2.html Reconnaissance]<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 3'''<br />
<br />
|<br />
<br />
<br />
:'''Scanning, Enumeration, & Vulnerability Testing:'''<br />
::*Penetration Testing (Continued):<br />
:::*Scanning<br />
:::*Enumeration<br />
::*Vulnerability Testing<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.ppt ppt] ] Scanning & Enumeration<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Scanning 1] , [http://www.youtube.com/watch?v=WKLNAAt57Wg Scanning 2]<br />
::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Enumeration]<br />
::*[https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap Online Pen-Test Scanner]<br />
::*[https://www.youtube.com/watch?v=dR7NTYfmNcA Prep for Metasploit]<br />
<br />
:'''Resources:'''<br />
::*[http://nmap.org/book/man.html Nmap Reference Guide]<br />(How to use '''nmap''' utility to scan ports)<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 3:'''<br />
::Penetration Testing / Continued:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_3.html Scanning, Enumeration, & Vulnerability Testing]<br />
<br />
<br />
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:15px; margin-right:10px; padding-left: 20px;"><br />
<div style="float: left; margin-left: -40px;"></div><br />
<br />
</div><br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 4'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Scanning, Enumeration, & Vulnerability Testing:'''<br />
::*Vulnerability Testing<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.ppt ppt] ] Vulnerability Testing<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)<br />
<br />
:'''YouTube Videos:'''<br />
::*[https://www.youtube.com/watch?v=FMgAIfcPsyw Vulnerability Testing - Overview]<br />
::*[https://www.youtube.com/watch?v=lNjxwvQT-os Nessus]<br />
::*[https://www.youtube.com/watch?v=hRxOW37MRwc Accessing System Via Metasploit (web-browser)]<br />
<br />
:'''Resources:'''<br />
::*[https://www.youtube.com/watch?v=r4Qq2eVjiP0 Setting up the Metasploit database]<br />
::*[https://www.youtube.com/watch?v=x01ZErjNlX0 First Metasploit Payload]<br />
::*[http://www.youtube.com/watch?v=jJd5qg3fkyw Using Armitage] (Metasploit Framework)]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 3:'''<br />
::Continue Working on '''Lab 3'''<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 5'''<br />
|<br />
<br />
<br />
:'''Types of Attacks:'''<br />
::*Client-side Attacks<br />
:::*Phishing<br />
:::*Webbrowser - Malicious Payloads<br />
:::*IP Spoofing (Man in the Middle) / Password<br />
::*Server-side Attacks<br />
:::*Out-dated Software Patches<br />
:::*Database Injection<br />
:::*Password Cracking<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.ppt ppt] ] Types of Attacks<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=ZUygX8TBBw0 Phishing]<br />
::*[http://www.youtube.com/watch?v=PqfZM3Lxrmg Malicious Payload]<br />
::*[http://www.youtube.com/watch?v=-hd7XG-b6uk IP Spoofing]<br />
::*[http://www.youtube.com/watch?v=AhTfo6pWBIM Database Injection]<br />
::*[http://www.youtube.com/watch?v=Iyh_w0Ix2bc Password Cracking]<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapters 4,5,6)<br />
<br />
:'''Resources:'''<br />
<br />
::*[http://atlas.arbor.net/ ATLAS Web-page] (Active Threat Level Analysis System)<br />
::*[http://www.sans.org/top-cyber-security-risks/summary.php Top Security Risks 2009 (SANS Institute)]<br />
::*[https://github.com/WebGoat/WebGoat/wiki Webgoat]<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 4:'''<br />
:Attack Categories:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_4.html Types of Attacks]<br />
<br />
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:15px; margin-right:10px; padding-left: 20px;"><br />
<div style="float: left; margin-left: -40px;"></div><br />
<div><b>WARNINGS!</b><br /><ol><li>'''Scanning ports must require the permission of Server Owner''' (preferably in writing). Student must either work in Security lab to scan each others' ports, or sign an agreement to scan any server.<br /><br /></ol></div><br />
</div><br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 6'''<br />
<br />
More on mysql injection and Webgoat<br />
<br />
|<br />
<br />
<br />
::* [[https://www.youtube.com/watch?v=Rqt_BgG5YyI Blind MySQL injection video]]<br />
'''Moved until after the break'''<br />
:'''Hardening Windows 7/8/10'''<br />
::*Installing and Configuring Security Configuration Wizard<br />
::*Using New Technology File System (NTSF)<br />
::*Configuring Automatic Updates<br />
<br />
:'''Test #1: Details, March 6th'''<br />
::# Quiz 2 (February 22)<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.ppt ppt] ] Hardening - Basic Concepts<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.pptx pptx] ] Hardening Windows<br />
<br />
:'''Reading References:'''<br />
::*[https://www.sans.org/media/score/checklists/ID-Windows.pdf Intrusion Discovery - Windows]<br />
::* [http://lcweb.senecac.on.ca:2052/toc.aspx?site=RYW9D&bookid=12602 Hardening Windows, 2nd Edition]<br />(Chapter 5 - Pages: )<br />
::* [http://old.honeynet.org/papers/enemy/ "Know Your Enemy: The Script Kiddie"]<br />
<br />
:'''YouTube Videos:'''<br />
::*[]<br />
<br />
:'''Resources:'''<br />
::*<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
:'''Assignment #1:'''<br />
::* Assignment Instructions (N/A)<br />
::Continue working on '''Lab 4''' and install Webgoat<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 7'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Midterm (Test #1 March 6th):'''<br />
::*(Check course announcements for test details)<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Additional Tasks:'''<br />
:'''Lab 5:'''<br />
::*'''Hardening Windows 7/8/10'''<br />
::Work on '''Assignment #1'''<br />
<br />
|- valign="center"<br />
!colspan="4"|<br />'''Study Week'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 8'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Types of Penetration Testing'''<br />
::*Network<br />
::*Access Control<br />
::*Infrastructure / Patching<br />
::*Physical/Building Security<br />
::*Social Engineering<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts): See Blackboard'''<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 6:'''<br />
::Work on vulnerable Windows 7 VM CTF<br />
<br />
<br />
<br />
<br />
<br />
:'''Assignment #1 Due'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 9'''<br />
|<br />
<br />
<br />
:'''Passwords, Pwn'ing, & Pillaging'''<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts): See Blackboard'''<br />
<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
:'''Lab 7:'''<br />
::Continue to work on vulnerable Windows 7 VM CTF<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 10'''<br />
<br />
|<br />
<br />
<br />
:'''Metasploit and Metasploitable 2'''<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Labs:'''<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 11'''<br />
<br />
|<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
:'''Lab 8:'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 12'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Work on Assignment #2'''<br />
::*Complete Report<br />
<br />
|<br />
<br />
|<br />
:'''Assignment #2 Due:'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 13'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Final Exam Review'''<br />
::* Details<br />
|<br />
<br />
<br />
<br />
<br />
|<br />
<br />
|- valign="top"<br />
!colspan="4"|Exam Week - TBA<br />
<br />
|}</div>
Craig.barretto
https://wiki.cdot.senecacollege.ca/w/index.php?title=SEC520&diff=132336
SEC520
2018-03-21T05:37:42Z
<p>Craig.barretto: </p>
<hr />
<div>[[Category:SEC520]]<br />
<br />
<br />
{| style="float: right; margin: 0 0 3em 2em; border: 1px solid black;"<br />
!style="background: #cccccc"| Quick Links<br />
|-<br />
|<div style="background:#ffff00">[[SEC520_Weekly_Schedule|Weekly Schedule]]</div>[https://scs.senecac.on.ca/course/sec520 Course Outline]<br />[https://wiki.cdot.senecacollege.ca/wiki/Course_Policies Course Policies]]<br />Security Resources<br />Security Community<br />Instructor Resource<br />
|-<br />
!style="background: #cccccc"| Assignments<br />
|-<br />
|<!-- [[OPS235 FSOSS Bonus Assignment|FSOSS Bonus Assignment]]<br /> -->[https://scs.senecac.on.ca/~fac/sec520/assignments/SEC520_Assignment_1.html Assignment 1]<br /> [https://my.senecacollege.ca/webapps/blackboard/content/listContentEditable.jsp?content_id=_7617589_1&course_id=_563094_1&mode=reset Assignment 2]<br />
|}<br />
<br />
= Welcome to SEC520 - ''Internet Security'' =<br />
<br />
== What This Course is About ==<br />
<br />
This subject explores issues surrounding '''web site construction''', '''operation''', and '''maintenance''' from a '''security point of view'''. Students will learn how to:<br />
<br />
:*'''List basic rules''' regarding Internet Security.<br />
<br />
:*'''Identify attack types''' from both internal and external sources.<br />
<br />
:*'''Conduct safe authorized Penetration Testing''' (creating and using Virtual Machines).<br />
<br />
:*'''Build secure servers from Penetration Testing Results''' ("hardened" servers).<br />
<br />
<br />
Major topics will include '''document encryption''', '''server protection''', and '''defense strategies'''.<br />
<br />
Demonstration web servers for both '''Windows''' and '''Unix/Linux''' will be investigated during this one semester course.<br />
<br />
<br />
== Course Resources ==<br />
<br />
* [[https://wiki.cdot.senecacollege.ca/wiki/SEC520_Weekly_Schedule SEC520 Weekly Schedule]] (Course Notes / Labs)<br />
* [https://scs.senecac.on.ca/course/sec520 Course Outline]<br />
* [[https://wiki.cdot.senecacollege.ca/wiki/Course_Policies Course Policies]]<br />
<br />
== Supplies Checklist (Required Prior to First Class) ==<br />
<br />
<br />
<u>'''Hardware'''</u><br />
<br />
<br />
{|border="1" cellpadding="8"<br />
|-<br />
!Item<br />
!Item Details<br />
!Graphic<br />
|-<br />
!<br />
<br />
SATA Hard Disk in Removable Drive Tray<br />
<br />
|There are a few different methods of setting up for the SEC520 lab:<br />
<br />
<ol><br />
<li>Use '''removable SATA/SSD Removable Hard Disk''' (Kali Linux host, VMs for other vulnerable OS</li><br />
<li>Setup VirtualBox on '''existing Notebook/Netbook''', and '''create VMs for Kali Linux, vulnerable Windows (TBD) server, and vulnerable Linux server'''</li><br />
<li>'''Full dedicated install on a Notebook/Netbook for Kali Linux''', VMs to be installed for other vulnerable OS</li><br />
</ol><br />
<br />
<br />
Specification for SATA/SSD Hard Disk in Removable Drive Tray:<br /><br />Hard Disk Size: at least '''160GB''' ''(250 - 500 GB preferred)''.<br />'''Please buy the tray from ACS or the bookstore''' as not all trays are compatible.<br /><br />Mechanical shock from dropping a hard drive causes drive failure for several students each semester. If you use a mechanical hard drive, be careful not to drop it, and transport it in a padded container (e.g., a neoprene netbook sleeve, available from some dollar stores).<br /><br /> Solid state disks (SSDs) are becoming competitive in price, are faster, and are less susceptible to shock, so you may want to look for a deal on an SSD instead of a hard drive -- but check to ensure that your SSD will fit properly into your drive tray.<br /><br />Please tighten the drive screws securely to prevent the tray from jamming in the holder, or leave the screws off.<br /><br /><br />
|[[Image:hd-tray.jpg|thumb|center|180px|<b>Hard Disk in Disk Tray</b><br />At least <b>160 GB</b> (available at the Bookstore)]]<br />
<br />
|}<br />
<br />
<br />
<br />
<u>'''Bootable Operating System Images'''</u><br />
<br />
<br />
'''Note:''' Although instructions are provided to burn OS for VMs on CD/DVD, there are other methods of installing OS on VMs: '''USB stick''', '''network install''', or by '''downloaded image file'''. You can determine the best method to use. Here is a link to installing a VM from saved image file: [http://geekyprojects.com/tutorials/how-to-run-an-iso-image-file-in-virtualbox/ How to Run ISO Image File in VirtualBox]<br />
<br />
<br />
<br />
{|border="1" cellpadding="8" width="100%"<br />
|-<br />
!Storage Media<br />
!Download and Burning Options<br />
|-<br />
<br />
|[[Image:blank-cd.png|thumb|left|75px]]<br />
'''Kali Linux CD:'''<br />
<ul><br />
<li>'''Download URL (Select for appropriate machine 32/64-bit):''' [http://www.kali.org/downloads/ http://www.kali.org/downloads/] </li><br />
<li>[[Download and Burn Image in TEL Open Lab]] </li><br />
</ul><br />
<br />
<br />
<br />
<br />
<br />
[[Image:blank-cd.png|thumb|left|75px]]'''Fedora Core 7 or Centos 7 DVD:'''<br />
<ul><br />
<li>'''Download URL:''' <br />[http://dl.fedoraproject.org/pub/archive/fedora/linux/core/5/i386/iso/FC-5-i386-DVD.iso http://dl.fedoraproject.org/pub/archive/fedora/linux/core/5/i386/iso/FC-5-i386-DVD.iso] </li><br />
<li>[[Download and Burn Image in TEL Open Lab]] </li><br />
</ul><br />
<br />
<br />
<br />
<br />
<ul><br />
<li>[[Download and Burn Image in TEL Open Lab]]</li><br />
</ul><br />
<br />
<br />
|[[Image:ubs-key.png|thumb|center|75px|<b>USB keys to Installation Media</b> (Alternative to CD/DVD)]]<br />
<br />
<br />
|}<br />
<br />
<br />
<br />
<u>'''Study Aids'''</u><br />
<br />
<br />
{|border="1" cellpadding="8"<br />
|-<br />
!Item<br />
!Item Details<br />
!Graphic<br />
|-<br />
!Lab Log-Book<br />
|Download and Print: '''SEC520 Lab log book [ [http://cs.senecac.on.ca/~murray.saul/SEC520/SEC520_lab_logbook.pdf PDF] ] [ [http://cs.senecac.on.ca/~murray.saul/SEC520/SEC520_lab_logbook.odt odt] ]'''.<br /><br />Please note that '''you can use your log book during quizzes, written tests, practical tests and the final exam'''.<br /><br /> It's also the record that you have completed the labs, so don't lose it!<br />
|[[Image:log-book.png|thumb|center|200px|<b>Lab Log-Book</b><br />Used for '''marking labs''' and for an '''evaluation aid''']]<br />
|}<br />
<br />
= Important Information =<br />
<br />
{|cellpadding="15" width="100%" border="0"<br />
|-<br />
|<br />
<br />
{{Admon/caution|You are Playing With Fire!|''"A little bit of knowledge is a dangerous thing"''. '''You MUST carefully read and follow instructions in your SEC520 labs as well as heeding warning from your SEC520 instructor'''. Failing to use caution when learning in this environment can '''cause damage to computer systems and cause your computer account(s) to be taken away'''.<br /><br />'''Students will be required to "sign waivers" to promise to follow these rules carefully, and only perform certain operations in the computer lab indicated at the college'''.}}<br />
<br />
<br />
{{Admon/important|Share / Collaborate Problems and Solutions with Others (non-evaluation issues only)|Use the "lounge" section is Moodle to post concerns or solutions with other classmates regarding labs. The ability to collaborate with colleagues to solve problems instead of always asking your boss (or professor) is a very useful skill-set!}}<br />
{{Admon/important|Place your Full Name and Contact Information on the hard disk tray cover and directly on the disk drive.|Use an adhesive label and permanent marker, or a white marker on the black cover.}}<br /><br /><br />
<br />
{{Admon/important|Always "double-check" that you have removabled your hard disk tray prior to exiting the lab room.|You may have your hard drive tray stolen which will result in lost work!}}<br />
<br />
{{Admon/important|Do not share your SEC520 disk drive with another course.|The work you do in this course will render your other work inaccessible and may erase it.}}<br />
<br />
{{Admon/important|Earlier labs become the foundation for later labs.|Seemingly "small errors", or "skipping instructions" in earlier labs can have negative consequences when performing other dependent labs. Make backups when requested at the end of labs for "restoration points" in case something goes wrong while performing a lab.}}<br />
<br />
{{Admon/important|Always shut down your system under software control, rather than using the reset or power buttons. You can shutdown using the GUI or with the <code>poweroff</code>, <code>reboot</code>, <code>init</code>, or <code>shutdown</code> commands. Shut down your virtual machines before shutting down your main system.|}}<br />
<br />
|}<br />
<br />
= Course Faculty =<br />
<br />
''During the Winter 2018 semester, SEC520 is taught by:<br />
<br />
Anthony Austin anthony.austin@senecacollege.ca''<br />
<br />
x32267, Rm. D2096 (formerly TEL)<br />
<br />
= Wiki Participation =<br />
<br />
* You can edit these pages! Please feel free to fix typos or add links to additional resources. Please use this capability responsibly.<br />
* Some simple math skills required for saving edits... >:)</div>
Craig.barretto
https://wiki.cdot.senecacollege.ca/w/index.php?title=SEC520_Weekly_Schedule&diff=132307
SEC520 Weekly Schedule
2018-03-20T16:16:30Z
<p>Craig.barretto: /* Winter 2018 */</p>
<hr />
<div>[[Category:SEC520]]<br />
<br />
=SEC520 Weekly Schedule=<br />
== Winter 2018==<br />
::Instructor:<br />Austin (SAA)<br />Craig Barretto (craig.barretto@senecacollege.ca)<br />
1 credit<br />
::*Quiz and Labs ( 4 Quiz, 7 Labs (15%))<br />
::::'''Logbooks due February 22'''<br />
::*Assignments (2) 20%<br />
::::'''Assignment 1 - Due Date March 9''''''<br />
::::'''Assignment 2 - Due Date TBA''''''<br />
::*Tests (2) 30%<br />
::::'''Written Test - March 8''''''<br />
::::'''Lab Test - March 15'''''<br />
::*Final Test 35%<br />
{|width="100%" border="1" cellspacing="2"<br />
| style="width: 10%;" |<br />
:'''Week'''<br />
| style="width: 25%;" |<br />
:'''Objectives and Tasks'''<br />
| style="width: 35%;" |<br />
:'''Course Notes / Assigned Reading'''<br />
|<br />
:'''Labs'''<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 1'''<br />
<br />
|<br />
<br />
<br />
:'''Course Introduction:'''<br />
::* SEC520 WIKI<br />
::* Course Outline<br />
::* Course Policies<br />
::* Required Materials<br />
::* Lab Setup<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.ppt ppt] ] Course Intro / The "Security Mind"<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://lcweb.senecac.on.ca:2053/0596006691 Computer Security Basics (E-book)]<br />(Chapter 1: The New Insecurity)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)<br />
<br />
<br />
:'''Resources:'''<br />
::* [http://zenit.senecac.on.ca/wiki/index.php/SEC520 SEC520 WIKI]<br />
::* [https://scs.senecac.on.ca/course/sec520 Course Outline]<br />
<br />
::* Required Materials are listed in your Supplies Checklist. Other materials and references are noted week by week.<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 1:'''<br />
::Set-Up for Labs:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_1.html Setup Hard Disk Pack for Labs]<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 2'''<br />
<br />
|<br />
<br />
<br />
: '''Developing a "Security Mind":'''<br />
::*4 Virtues of Internet Security<br />
::*8 Rules of Internet Security<br />
::*Penetration Testing:<br />
:::*Reconnaissance:<br />
::::*Information Gathering<br />
::::*Foot-printing<br />
::::*User Information<br />
::::*Verification<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.ppt ppt] ] Penetration Testing: Reconnaissance<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=NDQffaAMLQc Reconnaissance]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 2:'''<br />
::Pentration Testing:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_2.html Reconnaissance]<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 3'''<br />
<br />
|<br />
<br />
<br />
:'''Scanning, Enumeration, & Vulnerability Testing:'''<br />
::*Penetration Testing (Continued):<br />
:::*Scanning<br />
:::*Enumeration<br />
::*Vulnerability Testing<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.ppt ppt] ] Scanning & Enumeration<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Scanning 1] , [http://www.youtube.com/watch?v=WKLNAAt57Wg Scanning 2]<br />
::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Enumeration]<br />
::*[https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap Online Pen-Test Scanner]<br />
::*[https://www.youtube.com/watch?v=dR7NTYfmNcA Prep for Metasploit]<br />
<br />
:'''Resources:'''<br />
::*[http://nmap.org/book/man.html Nmap Reference Guide]<br />(How to use '''nmap''' utility to scan ports)<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 3:'''<br />
::Penetration Testing / Continued:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_3.html Scanning, Enumeration, & Vulnerability Testing]<br />
<br />
<br />
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:15px; margin-right:10px; padding-left: 20px;"><br />
<div style="float: left; margin-left: -40px;"></div><br />
<br />
</div><br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 4'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Scanning, Enumeration, & Vulnerability Testing:'''<br />
::*Vulnerability Testing<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.ppt ppt] ] Vulnerability Testing<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)<br />
<br />
:'''YouTube Videos:'''<br />
::*[https://www.youtube.com/watch?v=FMgAIfcPsyw Vulnerability Testing - Overview]<br />
::*[https://www.youtube.com/watch?v=lNjxwvQT-os Nessus]<br />
::*[https://www.youtube.com/watch?v=hRxOW37MRwc Accessing System Via Metasploit (web-browser)]<br />
<br />
:'''Resources:'''<br />
::*[https://www.youtube.com/watch?v=r4Qq2eVjiP0 Setting up the Metasploit database]<br />
::*[https://www.youtube.com/watch?v=x01ZErjNlX0 First Metasploit Payload]<br />
::*[http://www.youtube.com/watch?v=jJd5qg3fkyw Using Armitage] (Metasploit Framework)]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 3:'''<br />
::Continue Working on '''Lab 3'''<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 5'''<br />
|<br />
<br />
<br />
:'''Types of Attacks:'''<br />
::*Client-side Attacks<br />
:::*Phishing<br />
:::*Webbrowser - Malicious Payloads<br />
:::*IP Spoofing (Man in the Middle) / Password<br />
::*Server-side Attacks<br />
:::*Out-dated Software Patches<br />
:::*Database Injection<br />
:::*Password Cracking<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.ppt ppt] ] Types of Attacks<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=ZUygX8TBBw0 Phishing]<br />
::*[http://www.youtube.com/watch?v=PqfZM3Lxrmg Malicious Payload]<br />
::*[http://www.youtube.com/watch?v=-hd7XG-b6uk IP Spoofing]<br />
::*[http://www.youtube.com/watch?v=AhTfo6pWBIM Database Injection]<br />
::*[http://www.youtube.com/watch?v=Iyh_w0Ix2bc Password Cracking]<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapters 4,5,6)<br />
<br />
:'''Resources:'''<br />
<br />
::*[http://atlas.arbor.net/ ATLAS Web-page] (Active Threat Level Analysis System)<br />
::*[http://www.sans.org/top-cyber-security-risks/summary.php Top Security Risks 2009 (SANS Institute)]<br />
::*[https://github.com/WebGoat/WebGoat/wiki Webgoat]<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 4:'''<br />
:Attack Categories:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_4.html Types of Attacks]<br />
<br />
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:15px; margin-right:10px; padding-left: 20px;"><br />
<div style="float: left; margin-left: -40px;"></div><br />
<div><b>WARNINGS!</b><br /><ol><li>'''Scanning ports must require the permission of Server Owner''' (preferably in writing). Student must either work in Security lab to scan each others' ports, or sign an agreement to scan any server.<br /><br /></ol></div><br />
</div><br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 6'''<br />
<br />
More on mysql injection and Webgoat<br />
<br />
|<br />
<br />
<br />
::* [[https://www.youtube.com/watch?v=Rqt_BgG5YyI Blind MySQL injection video]]<br />
'''Moved until after the break'''<br />
:'''Hardening Windows 7/8/10'''<br />
::*Installing and Configuring Security Configuration Wizard<br />
::*Using New Technology File System (NTSF)<br />
::*Configuring Automatic Updates<br />
<br />
:'''Test #1: Details, March 6th'''<br />
::# Quiz 2 (February 22)<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.ppt ppt] ] Hardening - Basic Concepts<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.pptx pptx] ] Hardening Windows<br />
<br />
:'''Reading References:'''<br />
::*[https://www.sans.org/media/score/checklists/ID-Windows.pdf Intrusion Discovery - Windows]<br />
::* [http://lcweb.senecac.on.ca:2052/toc.aspx?site=RYW9D&bookid=12602 Hardening Windows, 2nd Edition]<br />(Chapter 5 - Pages: )<br />
::* [http://old.honeynet.org/papers/enemy/ "Know Your Enemy: The Script Kiddie"]<br />
<br />
:'''YouTube Videos:'''<br />
::*[]<br />
<br />
:'''Resources:'''<br />
::*<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
:'''Assignment #1:'''<br />
::* Assignment Instructions (N/A)<br />
::Continue working on '''Lab 4''' and install Webgoat<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 7'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Midterm (Test #1 March 6th):'''<br />
::*(Check course announcements for test details)<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Additional Tasks:'''<br />
:'''Lab 5:'''<br />
::*'''Hardening Windows 7/8/10'''<br />
::Work on '''Assignment #1'''<br />
<br />
|- valign="center"<br />
!colspan="4"|<br />'''Study Week'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 8'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Types of Penetration Testing'''<br />
::*Network<br />
::*Access Control<br />
::*Infrastructure / Patching<br />
::*Physical/Building Security<br />
::*Social Engineering<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts): See Blackboard'''<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 6:'''<br />
::Work on vulnerable Windows 7 VM CTF<br />
<br />
<br />
<br />
<br />
<br />
:'''Assignment #1 Due'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 9'''<br />
|<br />
<br />
<br />
:'''Passwords, Pwn'ing, & Pillaging'''<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts): See Blackboard'''<br />
<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
:'''Lab 7:'''<br />
::Continue to work on vulnerable Windows 7 VM CTF<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 10'''<br />
<br />
|<br />
<br />
<br />
:'''Metasploit and Metasploitable 2'''<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Labs:'''<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 11'''<br />
<br />
|<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
:'''Lab 8:'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 12'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Work on Assignment #2'''<br />
::*Complete Report<br />
<br />
|<br />
<br />
|<br />
:'''Assignment #2 Due:'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 13'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Final Exam Review'''<br />
::* Details<br />
|<br />
<br />
<br />
<br />
<br />
|<br />
<br />
|- valign="top"<br />
!colspan="4"|Exam Week - TBA<br />
<br />
|}</div>
Craig.barretto
https://wiki.cdot.senecacollege.ca/w/index.php?title=SEC520_Weekly_Schedule&diff=132151
SEC520 Weekly Schedule
2018-03-09T05:52:37Z
<p>Craig.barretto: /* Winter 2018 */</p>
<hr />
<div>[[Category:SEC520]]<br />
<br />
=SEC520 Weekly Schedule=<br />
== Winter 2018==<br />
::Instructor:<br />Austin (SAA)<br />Craig Barretto (craig.barretto@senecacollege.ca)<br />
1 credit<br />
::*Quiz and Labs ( 4 Quiz, 7 Labs (15%))<br />
::::'''Logbooks due February 22'''<br />
::*Assignments (2) 20%<br />
::::'''Assignment 1 - Due Date March 9''''''<br />
::::'''Assignment 2 - Due Date TBA''''''<br />
::*Tests (2) 30%<br />
::::'''Written Test - March 8''''''<br />
::::'''Lab Test - March 15'''''<br />
::*Final Test 35%<br />
{|width="100%" border="1" cellspacing="2"<br />
| style="width: 10%;" |<br />
:'''Week'''<br />
| style="width: 25%;" |<br />
:'''Objectives and Tasks'''<br />
| style="width: 35%;" |<br />
:'''Course Notes / Assigned Reading'''<br />
|<br />
:'''Labs'''<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 1'''<br />
<br />
|<br />
<br />
<br />
:'''Course Introduction:'''<br />
::* SEC520 WIKI<br />
::* Course Outline<br />
::* Course Policies<br />
::* Required Materials<br />
::* Lab Setup<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.ppt ppt] ] Course Intro / The "Security Mind"<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://lcweb.senecac.on.ca:2053/0596006691 Computer Security Basics (E-book)]<br />(Chapter 1: The New Insecurity)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)<br />
<br />
<br />
:'''Resources:'''<br />
::* [http://zenit.senecac.on.ca/wiki/index.php/SEC520 SEC520 WIKI]<br />
::* [https://scs.senecac.on.ca/course/sec520 Course Outline]<br />
<br />
::* Required Materials are listed in your Supplies Checklist. Other materials and references are noted week by week.<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 1:'''<br />
::Set-Up for Labs:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_1.html Setup Hard Disk Pack for Labs]<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 2'''<br />
<br />
|<br />
<br />
<br />
: '''Developing a "Security Mind":'''<br />
::*4 Virtues of Internet Security<br />
::*8 Rules of Internet Security<br />
::*Penetration Testing:<br />
:::*Reconnaissance:<br />
::::*Information Gathering<br />
::::*Foot-printing<br />
::::*User Information<br />
::::*Verification<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.ppt ppt] ] Penetration Testing: Reconnaissance<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=NDQffaAMLQc Reconnaissance]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 2:'''<br />
::Pentration Testing:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_2.html Reconnaissance]<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 3'''<br />
<br />
|<br />
<br />
<br />
:'''Scanning, Enumeration, & Vulnerability Testing:'''<br />
::*Penetration Testing (Continued):<br />
:::*Scanning<br />
:::*Enumeration<br />
::*Vulnerability Testing<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.ppt ppt] ] Scanning & Enumeration<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Scanning 1] , [http://www.youtube.com/watch?v=WKLNAAt57Wg Scanning 2]<br />
::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Enumeration]<br />
::*[https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap Online Pen-Test Scanner]<br />
::*[https://www.youtube.com/watch?v=dR7NTYfmNcA Prep for Metasploit]<br />
<br />
:'''Resources:'''<br />
::*[http://nmap.org/book/man.html Nmap Reference Guide]<br />(How to use '''nmap''' utility to scan ports)<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 3:'''<br />
::Penetration Testing / Continued:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_3.html Scanning, Enumeration, & Vulnerability Testing]<br />
<br />
<br />
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:15px; margin-right:10px; padding-left: 20px;"><br />
<div style="float: left; margin-left: -40px;"></div><br />
<br />
</div><br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 4'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Scanning, Enumeration, & Vulnerability Testing:'''<br />
::*Vulnerability Testing<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.ppt ppt] ] Vulnerability Testing<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)<br />
<br />
:'''YouTube Videos:'''<br />
::*[https://www.youtube.com/watch?v=FMgAIfcPsyw Vulnerability Testing - Overview]<br />
::*[https://www.youtube.com/watch?v=lNjxwvQT-os Nessus]<br />
::*[https://www.youtube.com/watch?v=hRxOW37MRwc Accessing System Via Metasploit (web-browser)]<br />
<br />
:'''Resources:'''<br />
::*[https://www.youtube.com/watch?v=r4Qq2eVjiP0 Setting up the Metasploit database]<br />
::*[https://www.youtube.com/watch?v=x01ZErjNlX0 First Metasploit Payload]<br />
::*[http://www.youtube.com/watch?v=jJd5qg3fkyw Using Armitage] (Metasploit Framework)]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 3:'''<br />
::Continue Working on '''Lab 3'''<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 5'''<br />
|<br />
<br />
<br />
:'''Types of Attacks:'''<br />
::*Client-side Attacks<br />
:::*Phishing<br />
:::*Webbrowser - Malicious Payloads<br />
:::*IP Spoofing (Man in the Middle) / Password<br />
::*Server-side Attacks<br />
:::*Out-dated Software Patches<br />
:::*Database Injection<br />
:::*Password Cracking<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.ppt ppt] ] Types of Attacks<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=ZUygX8TBBw0 Phishing]<br />
::*[http://www.youtube.com/watch?v=PqfZM3Lxrmg Malicious Payload]<br />
::*[http://www.youtube.com/watch?v=-hd7XG-b6uk IP Spoofing]<br />
::*[http://www.youtube.com/watch?v=AhTfo6pWBIM Database Injection]<br />
::*[http://www.youtube.com/watch?v=Iyh_w0Ix2bc Password Cracking]<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapters 4,5,6)<br />
<br />
:'''Resources:'''<br />
<br />
::*[http://atlas.arbor.net/ ATLAS Web-page] (Active Threat Level Analysis System)<br />
::*[http://www.sans.org/top-cyber-security-risks/summary.php Top Security Risks 2009 (SANS Institute)]<br />
::*[https://github.com/WebGoat/WebGoat/wiki Webgoat]<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 4:'''<br />
:Attack Categories:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_4.html Types of Attacks]<br />
<br />
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:15px; margin-right:10px; padding-left: 20px;"><br />
<div style="float: left; margin-left: -40px;"></div><br />
<div><b>WARNINGS!</b><br /><ol><li>'''Scanning ports must require the permission of Server Owner''' (preferably in writing). Student must either work in Security lab to scan each others' ports, or sign an agreement to scan any server.<br /><br /></ol></div><br />
</div><br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 6'''<br />
<br />
More on mysql injection and Webgoat<br />
<br />
|<br />
<br />
<br />
::* [[https://www.youtube.com/watch?v=Rqt_BgG5YyI Blind MySQL injection video]]<br />
'''Moved until after the break'''<br />
:'''Hardening Windows 7/8/10'''<br />
::*Installing and Configuring Security Configuration Wizard<br />
::*Using New Technology File System (NTSF)<br />
::*Configuring Automatic Updates<br />
<br />
:'''Test #1: Details, March 6th'''<br />
::# Quiz 2 (February 22)<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.ppt ppt] ] Hardening - Basic Concepts<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.pptx pptx] ] Hardening Windows<br />
<br />
:'''Reading References:'''<br />
::*[https://www.sans.org/media/score/checklists/ID-Windows.pdf Intrusion Discovery - Windows]<br />
::* [http://lcweb.senecac.on.ca:2052/toc.aspx?site=RYW9D&bookid=12602 Hardening Windows, 2nd Edition]<br />(Chapter 5 - Pages: )<br />
::* [http://old.honeynet.org/papers/enemy/ "Know Your Enemy: The Script Kiddie"]<br />
<br />
:'''YouTube Videos:'''<br />
::*[]<br />
<br />
:'''Resources:'''<br />
::*<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
:'''Assignment #1:'''<br />
::* Assignment Instructions (N/A)<br />
::Continue working on '''Lab 4''' and install Webgoat<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 7'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Midterm (Test #1 March 6th):'''<br />
::*(Check course announcements for test details)<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Additional Tasks:'''<br />
:'''Lab 5:'''<br />
::*'''Hardening Windows 7/8/10'''<br />
::Work on '''Assignment #1'''<br />
<br />
|- valign="center"<br />
!colspan="4"|<br />'''Study Week'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 8'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Types of Penetration Testing'''<br />
::*Network<br />
::*Access Control<br />
::*Infrastructure / Patching<br />
::*Physical/Building Security<br />
::*Social Engineering<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts): See Blackboard'''<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 6:'''<br />
::Work on vulnerable Windows 7 VM CTF<br />
<br />
<br />
<br />
<br />
<br />
:'''Assignment #1 Due'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 9'''<br />
|<br />
<br />
<br />
:'''Passwords, Pwn'ing, & Pillaging'''<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts): See Blackboard'''<br />
<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
:'''Lab 7:'''<br />
::Continue to work on vulnerable Windows 7 VM CTF<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 10'''<br />
<br />
|<br />
<br />
<br />
:'''Application Security'''<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Labs:'''<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 11'''<br />
<br />
|<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
:'''Lab 8:'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 12'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Work on Assignment #2'''<br />
::*Complete Report<br />
<br />
|<br />
<br />
|<br />
:'''Assignment #2 Due:'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 13'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Final Exam Review'''<br />
::* Details<br />
|<br />
<br />
<br />
<br />
<br />
|<br />
<br />
|- valign="top"<br />
!colspan="4"|Exam Week - TBA<br />
<br />
|}</div>
Craig.barretto
https://wiki.cdot.senecacollege.ca/w/index.php?title=SEC520_Weekly_Schedule&diff=132146
SEC520 Weekly Schedule
2018-03-08T08:28:14Z
<p>Craig.barretto: /* Winter 2018 */</p>
<hr />
<div>[[Category:SEC520]]<br />
<br />
=SEC520 Weekly Schedule=<br />
== Winter 2018==<br />
::Instructor:<br />Austin (SAA)<br />Craig Barretto (craig.barretto@senecacollege.ca)<br />
1 credit<br />
::*Quiz and Labs ( 4 Quiz, 7 Labs (15%))<br />
::::'''Logbooks due February 22'''<br />
::*Assignments (2) 20%<br />
::::'''Assignment 1 - Due Date March 9''''''<br />
::::'''Assignment 2 - Due Date TBA''''''<br />
::*Tests (2) 30%<br />
::::'''Written Test - March 8''''''<br />
::::'''Lab Test - March 15'''''<br />
::*Final Test 35%<br />
{|width="100%" border="1" cellspacing="2"<br />
| style="width: 10%;" |<br />
:'''Week'''<br />
| style="width: 25%;" |<br />
:'''Objectives and Tasks'''<br />
| style="width: 35%;" |<br />
:'''Course Notes / Assigned Reading'''<br />
|<br />
:'''Labs'''<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 1'''<br />
<br />
|<br />
<br />
<br />
:'''Course Introduction:'''<br />
::* SEC520 WIKI<br />
::* Course Outline<br />
::* Course Policies<br />
::* Required Materials<br />
::* Lab Setup<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.ppt ppt] ] Course Intro / The "Security Mind"<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://lcweb.senecac.on.ca:2053/0596006691 Computer Security Basics (E-book)]<br />(Chapter 1: The New Insecurity)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)<br />
<br />
<br />
:'''Resources:'''<br />
::* [http://zenit.senecac.on.ca/wiki/index.php/SEC520 SEC520 WIKI]<br />
::* [https://scs.senecac.on.ca/course/sec520 Course Outline]<br />
<br />
::* Required Materials are listed in your Supplies Checklist. Other materials and references are noted week by week.<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 1:'''<br />
::Set-Up for Labs:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_1.html Setup Hard Disk Pack for Labs]<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 2'''<br />
<br />
|<br />
<br />
<br />
: '''Developing a "Security Mind":'''<br />
::*4 Virtues of Internet Security<br />
::*8 Rules of Internet Security<br />
::*Penetration Testing:<br />
:::*Reconnaissance:<br />
::::*Information Gathering<br />
::::*Foot-printing<br />
::::*User Information<br />
::::*Verification<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.ppt ppt] ] Penetration Testing: Reconnaissance<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=NDQffaAMLQc Reconnaissance]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 2:'''<br />
::Pentration Testing:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_2.html Reconnaissance]<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 3'''<br />
<br />
|<br />
<br />
<br />
:'''Scanning, Enumeration, & Vulnerability Testing:'''<br />
::*Penetration Testing (Continued):<br />
:::*Scanning<br />
:::*Enumeration<br />
::*Vulnerability Testing<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.ppt ppt] ] Scanning & Enumeration<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Scanning 1] , [http://www.youtube.com/watch?v=WKLNAAt57Wg Scanning 2]<br />
::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Enumeration]<br />
::*[https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap Online Pen-Test Scanner]<br />
::*[https://www.youtube.com/watch?v=dR7NTYfmNcA Prep for Metasploit]<br />
<br />
:'''Resources:'''<br />
::*[http://nmap.org/book/man.html Nmap Reference Guide]<br />(How to use '''nmap''' utility to scan ports)<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 3:'''<br />
::Penetration Testing / Continued:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_3.html Scanning, Enumeration, & Vulnerability Testing]<br />
<br />
<br />
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:15px; margin-right:10px; padding-left: 20px;"><br />
<div style="float: left; margin-left: -40px;"></div><br />
<br />
</div><br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 4'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Scanning, Enumeration, & Vulnerability Testing:'''<br />
::*Vulnerability Testing<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.ppt ppt] ] Vulnerability Testing<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)<br />
<br />
:'''YouTube Videos:'''<br />
::*[https://www.youtube.com/watch?v=FMgAIfcPsyw Vulnerability Testing - Overview]<br />
::*[https://www.youtube.com/watch?v=lNjxwvQT-os Nessus]<br />
::*[https://www.youtube.com/watch?v=hRxOW37MRwc Accessing System Via Metasploit (web-browser)]<br />
<br />
:'''Resources:'''<br />
::*[https://www.youtube.com/watch?v=r4Qq2eVjiP0 Setting up the Metasploit database]<br />
::*[https://www.youtube.com/watch?v=x01ZErjNlX0 First Metasploit Payload]<br />
::*[http://www.youtube.com/watch?v=jJd5qg3fkyw Using Armitage] (Metasploit Framework)]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 3:'''<br />
::Continue Working on '''Lab 3'''<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 5'''<br />
|<br />
<br />
<br />
:'''Types of Attacks:'''<br />
::*Client-side Attacks<br />
:::*Phishing<br />
:::*Webbrowser - Malicious Payloads<br />
:::*IP Spoofing (Man in the Middle) / Password<br />
::*Server-side Attacks<br />
:::*Out-dated Software Patches<br />
:::*Database Injection<br />
:::*Password Cracking<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.ppt ppt] ] Types of Attacks<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=ZUygX8TBBw0 Phishing]<br />
::*[http://www.youtube.com/watch?v=PqfZM3Lxrmg Malicious Payload]<br />
::*[http://www.youtube.com/watch?v=-hd7XG-b6uk IP Spoofing]<br />
::*[http://www.youtube.com/watch?v=AhTfo6pWBIM Database Injection]<br />
::*[http://www.youtube.com/watch?v=Iyh_w0Ix2bc Password Cracking]<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapters 4,5,6)<br />
<br />
:'''Resources:'''<br />
<br />
::*[http://atlas.arbor.net/ ATLAS Web-page] (Active Threat Level Analysis System)<br />
::*[http://www.sans.org/top-cyber-security-risks/summary.php Top Security Risks 2009 (SANS Institute)]<br />
::*[https://github.com/WebGoat/WebGoat/wiki Webgoat]<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 4:'''<br />
:Attack Categories:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_4.html Types of Attacks]<br />
<br />
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:15px; margin-right:10px; padding-left: 20px;"><br />
<div style="float: left; margin-left: -40px;"></div><br />
<div><b>WARNINGS!</b><br /><ol><li>'''Scanning ports must require the permission of Server Owner''' (preferably in writing). Student must either work in Security lab to scan each others' ports, or sign an agreement to scan any server.<br /><br /></ol></div><br />
</div><br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 6'''<br />
<br />
More on mysql injection and Webgoat<br />
<br />
|<br />
<br />
<br />
::* [[https://www.youtube.com/watch?v=Rqt_BgG5YyI Blind MySQL injection video]]<br />
'''Moved until after the break'''<br />
:'''Hardening Windows 7/8/10'''<br />
::*Installing and Configuring Security Configuration Wizard<br />
::*Using New Technology File System (NTSF)<br />
::*Configuring Automatic Updates<br />
<br />
:'''Test #1: Details, March 6th'''<br />
::# Quiz 2 (February 22)<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.ppt ppt] ] Hardening - Basic Concepts<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.pptx pptx] ] Hardening Windows<br />
<br />
:'''Reading References:'''<br />
::*[https://www.sans.org/media/score/checklists/ID-Windows.pdf Intrusion Discovery - Windows]<br />
::* [http://lcweb.senecac.on.ca:2052/toc.aspx?site=RYW9D&bookid=12602 Hardening Windows, 2nd Edition]<br />(Chapter 5 - Pages: )<br />
::* [http://old.honeynet.org/papers/enemy/ "Know Your Enemy: The Script Kiddie"]<br />
<br />
:'''YouTube Videos:'''<br />
::*[]<br />
<br />
:'''Resources:'''<br />
::*<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
:'''Assignment #1:'''<br />
::* Assignment Instructions (N/A)<br />
::Continue working on '''Lab 4''' and install Webgoat<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 7'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Midterm (Test #1 March 6th):'''<br />
::*(Check course announcements for test details)<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Additional Tasks:'''<br />
:'''Lab 5:'''<br />
::*'''Hardening Windows 7/8/10'''<br />
::Work on '''Assignment #1'''<br />
<br />
|- valign="center"<br />
!colspan="4"|<br />'''Study Week'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 8'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''System Hardening in Linux:'''<br />
::*Purpose<br />
::*Rule of Preventative Action<br />
::*Rule of Separation<br />
::*Rule of Least Privilege<br />
:::*AAA Protocol (Authentication):<br />
::::*PKI<br />
::::*PAM<br />
::::*Kerebos<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1b.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1b.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1b.pptx pptx] ] Linux Hardening - Part 1<br />
::*[[https://www.digitalocean.com/community/tutorials/how-to-use-pam-to-configure-authentication-on-an-ubuntu-12-04-vps PAM Configuration HOWTO]]<br />
::*[[http://hexten.net/assets/pam_abl_doc/index.html PAM Auto Blacklist Module HOWTO]]<br />
:'''Reading References:'''<br />
<br />
::*[https://www.sans.org/media/score/checklists/ID-Linux.pdf Intrusion Discovery - Linux]<br />
::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook (E-book)]<br />(Chapter 4 - Pages: )<br />
<br />
:'''YouTube Videos:'''<br />
::*Linux Hardening<br />
:::[http://www.youtube.com/watch?v=GJMKgV8V4FI Part1] | [http://www.youtube.com/watch?v=M9LdGH_AIZo Part 2] | [http://www.youtube.com/watch?v=0tEBXWU6Au4 Part 3]<br />
::*[http://www.youtube.com/watch?v=yy1NR74ttAw&feature=results_main&playnext=1&list=PL48E055817B95897B PAM]<br />
<br />
:'''Resources:'''<br />
::* [http://www.linuxdoc.org/HOWTO/User-Authentication-HOWTO/x115.html Why Use PAM?]<br />
::* [http://www.ibm.com/developerworks/linux/library/l-pam/index.html Understanding and Configuring PAM]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 6:'''<br />
::System Hardening<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_6.html Linux System Hardening (part 1)]<br />
<br />
<br />
<br />
<br />
<br />
:'''Assignment #1 Due'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 9'''<br />
|<br />
<br />
<br />
:'''System Hardening in Linux / Continued:'''<br />
::*AAA Protocol (Authorization):<br />
:::*ACLs<br />
:::*SELinux<br />
:::*Sudo<br />
:::*Cron Jobs<br />
:::*Turning Off Xwindows<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.ppt ppt] ] Linux Hardening - Part 2<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=6piQXXHTmqk ACLs]<br />
::*[http://www.youtube.com/watch?v=fpXuWhshKVA SELinux]<br />
::*[http://www.youtube.com/watch?v=imnEUvvDxc4 Sudo]<br />
::*[http://www.youtube.com/watch?v=4Icg3MYZZqI Cron Jobs]<br />
<br />
:'''Reading References:'''<br />
::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook]<br />(Chapter 5 - Pages: )<br />
::*[http://lcweb.senecac.on.ca:2063/0131963694?uicode=seneca SELinux by Example]<br />(Chapter x - Pages: )<br />
<br />
:'''Resources:'''<br />
::* [http://www.linuxquestions.org/linux/answers/security/acls_extended_filepermissions How to Use ACLs]<br />
::* SELinux<br />
::* [http://www.sudo.ws/sudo/intro.html Sudo In a Nutshell]<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
:'''Lab 7:'''<br />
::System Hardening<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_7.html Linux System Hardening (part 2)]<br />
<br />
<br />
<br />
:'''Assignment #2:'''<br />
::*Assignment Instructions (N/A)<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 10'''<br />
<br />
|<br />
<br />
<br />
:'''System Hardening in Linux / Continued:'''<br />
::*Complete Labs 6 and 7<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Labs:'''<br />
::*Complete Labs 6 and 7<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 11'''<br />
<br />
|<br />
<br />
<br />
:'''Intrusion Detection:'''<br />
::*Purpose<br />
::*Logs<br />
::*Monitoring<br />
::*Iptables<br />
::*Using Tripwire<br />
<br />
<br />
<br />
:'''Additional Considerations:'''<br />
::*Decoys: Honey-Pots<br />
::*DMZs<br />
::*Disaster Recovery<br />
::*The BIGGER Picture<br />
|<br />
<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.ppt ppt] ] Intrusion Detection / Using Tripwire<br />
<br />
:'''Reading References:'''<br />
::*[http://www.sans.org/score/checklists/ID_Linux.pdf Intrusion Discovery - Linux]<br />
::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook]<br />(Chapter 1 - Pages: )<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=kUdCsZpt2ew Iptables]<br />
<br />
:'''Additional Resources:'''<br />
::*<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
:'''Lab 8:'''<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_8.html Intrusion Detection]<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 12'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Work on Assignment #2'''<br />
::*Complete Report<br />
<br />
|<br />
<br />
|<br />
:'''Assignment #2 Due:'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 13'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Final Exam Review'''<br />
::* Details<br />
|<br />
<br />
<br />
<br />
<br />
|<br />
<br />
|- valign="top"<br />
!colspan="4"|Exam Week - TBA<br />
<br />
|}</div>
Craig.barretto
https://wiki.cdot.senecacollege.ca/w/index.php?title=SEC520_Weekly_Schedule&diff=132137
SEC520 Weekly Schedule
2018-03-07T05:15:25Z
<p>Craig.barretto: /* Winter 2018 */</p>
<hr />
<div>[[Category:SEC520]]<br />
<br />
=SEC520 Weekly Schedule=<br />
== Winter 2018==<br />
::Instructor:<br />Austin (SAA)<br />Craig Barretto<br />
1 credit<br />
::*Quiz and Labs ( 4 Quiz, 7 Labs (15%))<br />
::::'''Logbooks due February 22'''<br />
::*Assignments (2) 20%<br />
::::'''Assignment 1 - Due Date March 9''''''<br />
::::'''Assignment 2 - Due Date TBA''''''<br />
::*Tests (2) 30%<br />
::::'''Written Test - March 8''''''<br />
::::'''Lab Test - March 15'''''<br />
::*Final Test 35%<br />
{|width="100%" border="1" cellspacing="2"<br />
| style="width: 10%;" |<br />
:'''Week'''<br />
| style="width: 25%;" |<br />
:'''Objectives and Tasks'''<br />
| style="width: 35%;" |<br />
:'''Course Notes / Assigned Reading'''<br />
|<br />
:'''Labs'''<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 1'''<br />
<br />
|<br />
<br />
<br />
:'''Course Introduction:'''<br />
::* SEC520 WIKI<br />
::* Course Outline<br />
::* Course Policies<br />
::* Required Materials<br />
::* Lab Setup<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.ppt ppt] ] Course Intro / The "Security Mind"<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://lcweb.senecac.on.ca:2053/0596006691 Computer Security Basics (E-book)]<br />(Chapter 1: The New Insecurity)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)<br />
<br />
<br />
:'''Resources:'''<br />
::* [http://zenit.senecac.on.ca/wiki/index.php/SEC520 SEC520 WIKI]<br />
::* [https://scs.senecac.on.ca/course/sec520 Course Outline]<br />
<br />
::* Required Materials are listed in your Supplies Checklist. Other materials and references are noted week by week.<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 1:'''<br />
::Set-Up for Labs:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_1.html Setup Hard Disk Pack for Labs]<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 2'''<br />
<br />
|<br />
<br />
<br />
: '''Developing a "Security Mind":'''<br />
::*4 Virtues of Internet Security<br />
::*8 Rules of Internet Security<br />
::*Penetration Testing:<br />
:::*Reconnaissance:<br />
::::*Information Gathering<br />
::::*Foot-printing<br />
::::*User Information<br />
::::*Verification<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.ppt ppt] ] Penetration Testing: Reconnaissance<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=NDQffaAMLQc Reconnaissance]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 2:'''<br />
::Pentration Testing:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_2.html Reconnaissance]<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 3'''<br />
<br />
|<br />
<br />
<br />
:'''Scanning, Enumeration, & Vulnerability Testing:'''<br />
::*Penetration Testing (Continued):<br />
:::*Scanning<br />
:::*Enumeration<br />
::*Vulnerability Testing<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.ppt ppt] ] Scanning & Enumeration<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Scanning 1] , [http://www.youtube.com/watch?v=WKLNAAt57Wg Scanning 2]<br />
::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Enumeration]<br />
::*[https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap Online Pen-Test Scanner]<br />
::*[https://www.youtube.com/watch?v=dR7NTYfmNcA Prep for Metasploit]<br />
<br />
:'''Resources:'''<br />
::*[http://nmap.org/book/man.html Nmap Reference Guide]<br />(How to use '''nmap''' utility to scan ports)<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 3:'''<br />
::Penetration Testing / Continued:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_3.html Scanning, Enumeration, & Vulnerability Testing]<br />
<br />
<br />
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:15px; margin-right:10px; padding-left: 20px;"><br />
<div style="float: left; margin-left: -40px;"></div><br />
<br />
</div><br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 4'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Scanning, Enumeration, & Vulnerability Testing:'''<br />
::*Vulnerability Testing<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.ppt ppt] ] Vulnerability Testing<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)<br />
<br />
:'''YouTube Videos:'''<br />
::*[https://www.youtube.com/watch?v=FMgAIfcPsyw Vulnerability Testing - Overview]<br />
::*[https://www.youtube.com/watch?v=lNjxwvQT-os Nessus]<br />
::*[https://www.youtube.com/watch?v=hRxOW37MRwc Accessing System Via Metasploit (web-browser)]<br />
<br />
:'''Resources:'''<br />
::*[https://www.youtube.com/watch?v=r4Qq2eVjiP0 Setting up the Metasploit database]<br />
::*[https://www.youtube.com/watch?v=x01ZErjNlX0 First Metasploit Payload]<br />
::*[http://www.youtube.com/watch?v=jJd5qg3fkyw Using Armitage] (Metasploit Framework)]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 3:'''<br />
::Continue Working on '''Lab 3'''<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 5'''<br />
|<br />
<br />
<br />
:'''Types of Attacks:'''<br />
::*Client-side Attacks<br />
:::*Phishing<br />
:::*Webbrowser - Malicious Payloads<br />
:::*IP Spoofing (Man in the Middle) / Password<br />
::*Server-side Attacks<br />
:::*Out-dated Software Patches<br />
:::*Database Injection<br />
:::*Password Cracking<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.ppt ppt] ] Types of Attacks<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=ZUygX8TBBw0 Phishing]<br />
::*[http://www.youtube.com/watch?v=PqfZM3Lxrmg Malicious Payload]<br />
::*[http://www.youtube.com/watch?v=-hd7XG-b6uk IP Spoofing]<br />
::*[http://www.youtube.com/watch?v=AhTfo6pWBIM Database Injection]<br />
::*[http://www.youtube.com/watch?v=Iyh_w0Ix2bc Password Cracking]<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapters 4,5,6)<br />
<br />
:'''Resources:'''<br />
<br />
::*[http://atlas.arbor.net/ ATLAS Web-page] (Active Threat Level Analysis System)<br />
::*[http://www.sans.org/top-cyber-security-risks/summary.php Top Security Risks 2009 (SANS Institute)]<br />
::*[https://github.com/WebGoat/WebGoat/wiki Webgoat]<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 4:'''<br />
:Attack Categories:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_4.html Types of Attacks]<br />
<br />
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:15px; margin-right:10px; padding-left: 20px;"><br />
<div style="float: left; margin-left: -40px;"></div><br />
<div><b>WARNINGS!</b><br /><ol><li>'''Scanning ports must require the permission of Server Owner''' (preferably in writing). Student must either work in Security lab to scan each others' ports, or sign an agreement to scan any server.<br /><br /></ol></div><br />
</div><br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 6'''<br />
<br />
More on mysql injection and Webgoat<br />
<br />
|<br />
<br />
<br />
::* [[https://www.youtube.com/watch?v=Rqt_BgG5YyI Blind MySQL injection video]]<br />
'''Moved until after the break'''<br />
:'''Hardening Windows 7/8/10'''<br />
::*Installing and Configuring Security Configuration Wizard<br />
::*Using New Technology File System (NTSF)<br />
::*Configuring Automatic Updates<br />
<br />
:'''Test #1: Details, March 6th'''<br />
::# Quiz 2 (February 22)<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.ppt ppt] ] Hardening - Basic Concepts<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.pptx pptx] ] Hardening Windows<br />
<br />
:'''Reading References:'''<br />
::*[https://www.sans.org/media/score/checklists/ID-Windows.pdf Intrusion Discovery - Windows]<br />
::* [http://lcweb.senecac.on.ca:2052/toc.aspx?site=RYW9D&bookid=12602 Hardening Windows, 2nd Edition]<br />(Chapter 5 - Pages: )<br />
::* [http://old.honeynet.org/papers/enemy/ "Know Your Enemy: The Script Kiddie"]<br />
<br />
:'''YouTube Videos:'''<br />
::*[]<br />
<br />
:'''Resources:'''<br />
::*<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
:'''Assignment #1:'''<br />
::* Assignment Instructions (N/A)<br />
::Continue working on '''Lab 4''' and install Webgoat<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 7'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Midterm (Test #1 March 6th):'''<br />
::*(Check course announcements for test details)<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Additional Tasks:'''<br />
:'''Lab 5:'''<br />
::*'''Hardening Windows 7/8/10'''<br />
::Work on '''Assignment #1'''<br />
<br />
|- valign="center"<br />
!colspan="4"|<br />'''Study Week'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 8'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''System Hardening in Linux:'''<br />
::*Purpose<br />
::*Rule of Preventative Action<br />
::*Rule of Separation<br />
::*Rule of Least Privilege<br />
:::*AAA Protocol (Authentication):<br />
::::*PKI<br />
::::*PAM<br />
::::*Kerebos<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1b.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1b.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1b.pptx pptx] ] Linux Hardening - Part 1<br />
::*[[https://www.digitalocean.com/community/tutorials/how-to-use-pam-to-configure-authentication-on-an-ubuntu-12-04-vps PAM Configuration HOWTO]]<br />
::*[[http://hexten.net/assets/pam_abl_doc/index.html PAM Auto Blacklist Module HOWTO]]<br />
:'''Reading References:'''<br />
<br />
::*[https://www.sans.org/media/score/checklists/ID-Linux.pdf Intrusion Discovery - Linux]<br />
::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook (E-book)]<br />(Chapter 4 - Pages: )<br />
<br />
:'''YouTube Videos:'''<br />
::*Linux Hardening<br />
:::[http://www.youtube.com/watch?v=GJMKgV8V4FI Part1] | [http://www.youtube.com/watch?v=M9LdGH_AIZo Part 2] | [http://www.youtube.com/watch?v=0tEBXWU6Au4 Part 3]<br />
::*[http://www.youtube.com/watch?v=yy1NR74ttAw&feature=results_main&playnext=1&list=PL48E055817B95897B PAM]<br />
<br />
:'''Resources:'''<br />
::* [http://www.linuxdoc.org/HOWTO/User-Authentication-HOWTO/x115.html Why Use PAM?]<br />
::* [http://www.ibm.com/developerworks/linux/library/l-pam/index.html Understanding and Configuring PAM]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 6:'''<br />
::System Hardening<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_6.html Linux System Hardening (part 1)]<br />
<br />
<br />
<br />
<br />
<br />
:'''Assignment #1 Due'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 9'''<br />
|<br />
<br />
<br />
:'''System Hardening in Linux / Continued:'''<br />
::*AAA Protocol (Authorization):<br />
:::*ACLs<br />
:::*SELinux<br />
:::*Sudo<br />
:::*Cron Jobs<br />
:::*Turning Off Xwindows<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.ppt ppt] ] Linux Hardening - Part 2<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=6piQXXHTmqk ACLs]<br />
::*[http://www.youtube.com/watch?v=fpXuWhshKVA SELinux]<br />
::*[http://www.youtube.com/watch?v=imnEUvvDxc4 Sudo]<br />
::*[http://www.youtube.com/watch?v=4Icg3MYZZqI Cron Jobs]<br />
<br />
:'''Reading References:'''<br />
::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook]<br />(Chapter 5 - Pages: )<br />
::*[http://lcweb.senecac.on.ca:2063/0131963694?uicode=seneca SELinux by Example]<br />(Chapter x - Pages: )<br />
<br />
:'''Resources:'''<br />
::* [http://www.linuxquestions.org/linux/answers/security/acls_extended_filepermissions How to Use ACLs]<br />
::* SELinux<br />
::* [http://www.sudo.ws/sudo/intro.html Sudo In a Nutshell]<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
:'''Lab 7:'''<br />
::System Hardening<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_7.html Linux System Hardening (part 2)]<br />
<br />
<br />
<br />
:'''Assignment #2:'''<br />
::*Assignment Instructions (N/A)<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 10'''<br />
<br />
|<br />
<br />
<br />
:'''System Hardening in Linux / Continued:'''<br />
::*Complete Labs 6 and 7<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Labs:'''<br />
::*Complete Labs 6 and 7<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 11'''<br />
<br />
|<br />
<br />
<br />
:'''Intrusion Detection:'''<br />
::*Purpose<br />
::*Logs<br />
::*Monitoring<br />
::*Iptables<br />
::*Using Tripwire<br />
<br />
<br />
<br />
:'''Additional Considerations:'''<br />
::*Decoys: Honey-Pots<br />
::*DMZs<br />
::*Disaster Recovery<br />
::*The BIGGER Picture<br />
|<br />
<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.ppt ppt] ] Intrusion Detection / Using Tripwire<br />
<br />
:'''Reading References:'''<br />
::*[http://www.sans.org/score/checklists/ID_Linux.pdf Intrusion Discovery - Linux]<br />
::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook]<br />(Chapter 1 - Pages: )<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=kUdCsZpt2ew Iptables]<br />
<br />
:'''Additional Resources:'''<br />
::*<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
:'''Lab 8:'''<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_8.html Intrusion Detection]<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 12'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Work on Assignment #2'''<br />
::*Complete Report<br />
<br />
|<br />
<br />
|<br />
:'''Assignment #2 Due:'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 13'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Final Exam Review'''<br />
::* Details<br />
|<br />
<br />
<br />
<br />
<br />
|<br />
<br />
|- valign="top"<br />
!colspan="4"|Exam Week - TBA<br />
<br />
|}</div>
Craig.barretto
https://wiki.cdot.senecacollege.ca/w/index.php?title=SEC520_Weekly_Schedule&diff=132067
SEC520 Weekly Schedule
2018-03-03T05:12:50Z
<p>Craig.barretto: /* Winter 2018 */</p>
<hr />
<div>[[Category:SEC520]]<br />
<br />
=SEC520 Weekly Schedule=<br />
== Winter 2018==<br />
::Instructor:<br />Austin (SAA)<br />Craig Barretto<br />
1 credit<br />
::*Quiz and Labs ( 4 Quiz, 7 Labs (15%))<br />
::::'''Logbooks due February 22'''<br />
::*Assignments (2) 20%<br />
::::'''Assignment 1 - Due Date March 9''''''<br />
::::'''Assignment 2 - Due Date TBA''''''<br />
::*Tests (2) 30%<br />
::::'''Written Test - March 8''''''<br />
::::'''Lab Test - TBD'''''<br />
::*Final Test 35%<br />
{|width="100%" border="1" cellspacing="2"<br />
| style="width: 10%;" |<br />
:'''Week'''<br />
| style="width: 25%;" |<br />
:'''Objectives and Tasks'''<br />
| style="width: 35%;" |<br />
:'''Course Notes / Assigned Reading'''<br />
|<br />
:'''Labs'''<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 1'''<br />
<br />
|<br />
<br />
<br />
:'''Course Introduction:'''<br />
::* SEC520 WIKI<br />
::* Course Outline<br />
::* Course Policies<br />
::* Required Materials<br />
::* Lab Setup<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.ppt ppt] ] Course Intro / The "Security Mind"<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://lcweb.senecac.on.ca:2053/0596006691 Computer Security Basics (E-book)]<br />(Chapter 1: The New Insecurity)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)<br />
<br />
<br />
:'''Resources:'''<br />
::* [http://zenit.senecac.on.ca/wiki/index.php/SEC520 SEC520 WIKI]<br />
::* [https://scs.senecac.on.ca/course/sec520 Course Outline]<br />
<br />
::* [http://zenit.senecac.on.ca/wiki/index.php/SEC520#Supplies_Checklist_.28Required_for_Second_Class.29 Required Materials]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 1:'''<br />
::Set-Up for Labs:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_1.html Setup Hard Disk Pack for Labs]<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 2'''<br />
<br />
|<br />
<br />
<br />
: '''Developing a "Security Mind":'''<br />
::*4 Virtues of Internet Security<br />
::*8 Rules of Internet Security<br />
::*Penetration Testing:<br />
:::*Reconnaissance:<br />
::::*Information Gathering<br />
::::*Foot-printing<br />
::::*User Information<br />
::::*Verification<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.ppt ppt] ] Penetration Testing: Reconnaissance<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=NDQffaAMLQc Reconnaissance]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 2:'''<br />
::Pentration Testing:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_2.html Reconnaissance]<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 3'''<br />
<br />
|<br />
<br />
<br />
:'''Scanning, Enumeration, & Vulnerability Testing:'''<br />
::*Penetration Testing (Continued):<br />
:::*Scanning<br />
:::*Enumeration<br />
::*Vulnerability Testing<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.ppt ppt] ] Scanning & Enumeration<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Scanning 1] , [http://www.youtube.com/watch?v=WKLNAAt57Wg Scanning 2]<br />
::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Enumeration]<br />
::*[https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap Online Pen-Test Scanner]<br />
::*[https://www.youtube.com/watch?v=dR7NTYfmNcA Prep for Metasploit]<br />
<br />
:'''Resources:'''<br />
::*[http://nmap.org/book/man.html Nmap Reference Guide]<br />(How to use '''nmap''' utility to scan ports)<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 3:'''<br />
::Penetration Testing / Continued:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_3.html Scanning, Enumeration, & Vulnerability Testing]<br />
<br />
<br />
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:15px; margin-right:10px; padding-left: 20px;"><br />
<div style="float: left; margin-left: -40px;"></div><br />
<br />
</div><br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 4'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Scanning, Enumeration, & Vulnerability Testing:'''<br />
::*Vulnerability Testing<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.ppt ppt] ] Vulnerability Testing<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)<br />
<br />
:'''YouTube Videos:'''<br />
::*[https://www.youtube.com/watch?v=FMgAIfcPsyw Vulnerability Testing - Overview]<br />
::*[https://www.youtube.com/watch?v=lNjxwvQT-os Nessus]<br />
::*[https://www.youtube.com/watch?v=hRxOW37MRwc Accessing System Via Metasploit (web-browser)]<br />
<br />
:'''Resources:'''<br />
::*[https://www.youtube.com/watch?v=r4Qq2eVjiP0 Setting up the Metasploit database]<br />
::*[https://www.youtube.com/watch?v=x01ZErjNlX0 First Metasploit Payload]<br />
::*[http://www.youtube.com/watch?v=jJd5qg3fkyw Using Armitage] (Metasploit Framework)]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 3:'''<br />
::Continue Working on '''Lab 3'''<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 5'''<br />
|<br />
<br />
<br />
:'''Types of Attacks:'''<br />
::*Client-side Attacks<br />
:::*Phishing<br />
:::*Webbrowser - Malicious Payloads<br />
:::*IP Spoofing (Man in the Middle) / Password<br />
::*Server-side Attacks<br />
:::*Out-dated Software Patches<br />
:::*Database Injection<br />
:::*Password Cracking<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.ppt ppt] ] Types of Attacks<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=ZUygX8TBBw0 Phishing]<br />
::*[http://www.youtube.com/watch?v=PqfZM3Lxrmg Malicious Payload]<br />
::*[http://www.youtube.com/watch?v=-hd7XG-b6uk IP Spoofing]<br />
::*[http://www.youtube.com/watch?v=AhTfo6pWBIM Database Injection]<br />
::*[http://www.youtube.com/watch?v=Iyh_w0Ix2bc Password Cracking]<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapters 4,5,6)<br />
<br />
:'''Resources:'''<br />
<br />
::*[http://atlas.arbor.net/ ATLAS Web-page] (Active Threat Level Analysis System)<br />
::*[http://www.sans.org/top-cyber-security-risks/summary.php Top Security Risks 2009 (SANS Institute)]<br />
::*[https://github.com/WebGoat/WebGoat/wiki Webgoat]<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 4:'''<br />
:Attack Categories:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_4.html Types of Attacks]<br />
<br />
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:15px; margin-right:10px; padding-left: 20px;"><br />
<div style="float: left; margin-left: -40px;"></div><br />
<div><b>WARNINGS!</b><br /><ol><li>'''Scanning ports must require the permission of Server Owner''' (preferably in writing). Student must either work in Security lab to scan each others' ports, or sign an agreement to scan any server.<br /><br /></ol></div><br />
</div><br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 6'''<br />
<br />
More on mysql injection and Webgoat<br />
<br />
|<br />
<br />
<br />
::* [[https://www.youtube.com/watch?v=Rqt_BgG5YyI Blind MySQL injection video]]<br />
'''Moved until after the break'''<br />
:'''Hardening Windows 7/8/10'''<br />
::*Installing and Configuring Security Configuration Wizard<br />
::*Using New Technology File System (NTSF)<br />
::*Configuring Automatic Updates<br />
<br />
:'''Test #1: Details, March 6th'''<br />
::# Quiz 2 (February 22)<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.ppt ppt] ] Hardening - Basic Concepts<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.pptx pptx] ] Hardening Windows<br />
<br />
:'''Reading References:'''<br />
::*[https://www.sans.org/media/score/checklists/ID-Windows.pdf Intrusion Discovery - Windows]<br />
::* [http://lcweb.senecac.on.ca:2052/toc.aspx?site=RYW9D&bookid=12602 Hardening Windows, 2nd Edition]<br />(Chapter 5 - Pages: )<br />
::* [http://old.honeynet.org/papers/enemy/ "Know Your Enemy: The Script Kiddie"]<br />
<br />
:'''YouTube Videos:'''<br />
::*[]<br />
<br />
:'''Resources:'''<br />
::*<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
:'''Assignment #1:'''<br />
::* Assignment Instructions (N/A)<br />
::Continue working on '''Lab 4''' and install Webgoat<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 7'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Midterm (Test #1 March 6th):'''<br />
::*(Check course announcements for test details)<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Additional Tasks:'''<br />
:'''Lab 5:'''<br />
::*'''Hardening Windows 7/8/10'''<br />
::Work on '''Assignment #1'''<br />
<br />
|- valign="center"<br />
!colspan="4"|<br />'''Study Week'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 8'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''System Hardening in Linux:'''<br />
::*Purpose<br />
::*Rule of Preventative Action<br />
::*Rule of Separation<br />
::*Rule of Least Privilege<br />
:::*AAA Protocol (Authentication):<br />
::::*PKI<br />
::::*PAM<br />
::::*Kerebos<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1b.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1b.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1b.pptx pptx] ] Linux Hardening - Part 1<br />
::*[[https://www.digitalocean.com/community/tutorials/how-to-use-pam-to-configure-authentication-on-an-ubuntu-12-04-vps PAM Configuration HOWTO]]<br />
::*[[http://hexten.net/assets/pam_abl_doc/index.html PAM Auto Blacklist Module HOWTO]]<br />
:'''Reading References:'''<br />
<br />
::*[https://www.sans.org/media/score/checklists/ID-Linux.pdf Intrusion Discovery - Linux]<br />
::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook (E-book)]<br />(Chapter 4 - Pages: )<br />
<br />
:'''YouTube Videos:'''<br />
::*Linux Hardening<br />
:::[http://www.youtube.com/watch?v=GJMKgV8V4FI Part1] | [http://www.youtube.com/watch?v=M9LdGH_AIZo Part 2] | [http://www.youtube.com/watch?v=0tEBXWU6Au4 Part 3]<br />
::*[http://www.youtube.com/watch?v=yy1NR74ttAw&feature=results_main&playnext=1&list=PL48E055817B95897B PAM]<br />
<br />
:'''Resources:'''<br />
::* [http://www.linuxdoc.org/HOWTO/User-Authentication-HOWTO/x115.html Why Use PAM?]<br />
::* [http://www.ibm.com/developerworks/linux/library/l-pam/index.html Understanding and Configuring PAM]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 6:'''<br />
::System Hardening<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_6.html Linux System Hardening (part 1)]<br />
<br />
<br />
<br />
<br />
<br />
:'''Assignment #1 Due'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 9'''<br />
|<br />
<br />
<br />
:'''System Hardening in Linux / Continued:'''<br />
::*AAA Protocol (Authorization):<br />
:::*ACLs<br />
:::*SELinux<br />
:::*Sudo<br />
:::*Cron Jobs<br />
:::*Turning Off Xwindows<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.ppt ppt] ] Linux Hardening - Part 2<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=6piQXXHTmqk ACLs]<br />
::*[http://www.youtube.com/watch?v=fpXuWhshKVA SELinux]<br />
::*[http://www.youtube.com/watch?v=imnEUvvDxc4 Sudo]<br />
::*[http://www.youtube.com/watch?v=4Icg3MYZZqI Cron Jobs]<br />
<br />
:'''Reading References:'''<br />
::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook]<br />(Chapter 5 - Pages: )<br />
::*[http://lcweb.senecac.on.ca:2063/0131963694?uicode=seneca SELinux by Example]<br />(Chapter x - Pages: )<br />
<br />
:'''Resources:'''<br />
::* [http://www.linuxquestions.org/linux/answers/security/acls_extended_filepermissions How to Use ACLs]<br />
::* SELinux<br />
::* [http://www.sudo.ws/sudo/intro.html Sudo In a Nutshell]<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
:'''Lab 7:'''<br />
::System Hardening<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_7.html Linux System Hardening (part 2)]<br />
<br />
<br />
<br />
:'''Assignment #2:'''<br />
::*Assignment Instructions (N/A)<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 10'''<br />
<br />
|<br />
<br />
<br />
:'''System Hardening in Linux / Continued:'''<br />
::*Complete Labs 6 and 7<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Labs:'''<br />
::*Complete Labs 6 and 7<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 11'''<br />
<br />
|<br />
<br />
<br />
:'''Intrusion Detection:'''<br />
::*Purpose<br />
::*Logs<br />
::*Monitoring<br />
::*Iptables<br />
::*Using Tripwire<br />
<br />
<br />
<br />
:'''Additional Considerations:'''<br />
::*Decoys: Honey-Pots<br />
::*DMZs<br />
::*Disaster Recovery<br />
::*The BIGGER Picture<br />
|<br />
<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.ppt ppt] ] Intrusion Detection / Using Tripwire<br />
<br />
:'''Reading References:'''<br />
::*[http://www.sans.org/score/checklists/ID_Linux.pdf Intrusion Discovery - Linux]<br />
::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook]<br />(Chapter 1 - Pages: )<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=kUdCsZpt2ew Iptables]<br />
<br />
:'''Additional Resources:'''<br />
::*<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
:'''Lab 8:'''<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_8.html Intrusion Detection]<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 12'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Work on Assignment #2'''<br />
::*Complete Report<br />
<br />
|<br />
<br />
|<br />
:'''Assignment #2 Due:'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 13'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Final Exam Review'''<br />
::* Details<br />
|<br />
<br />
<br />
<br />
<br />
|<br />
<br />
|- valign="top"<br />
!colspan="4"|Exam Week - TBA<br />
<br />
|}</div>
Craig.barretto
https://wiki.cdot.senecacollege.ca/w/index.php?title=SEC520_Weekly_Schedule&diff=132066
SEC520 Weekly Schedule
2018-03-03T05:09:47Z
<p>Craig.barretto: /* Winter 2018 */</p>
<hr />
<div>[[Category:SEC520]]<br />
<br />
=SEC520 Weekly Schedule=<br />
== Winter 2018==<br />
::Instructor:<br />Austin (SAA)<br />
1 credit<br />
::*Quiz and Labs ( 4 Quiz, 7 Labs (15%))<br />
::::'''Logbooks due February 22'''<br />
::*Assignments (2) 20%<br />
::::'''Assignment 1 - Due Date March 9''''''<br />
::::'''Assignment 2 - Due Date TBA''''''<br />
::*Tests (2) 30%<br />
::::'''Written Test - March 8''''''<br />
::::'''Lab Test - TBD'''''<br />
::*Final Test 35%<br />
{|width="100%" border="1" cellspacing="2"<br />
| style="width: 10%;" |<br />
:'''Week'''<br />
| style="width: 25%;" |<br />
:'''Objectives and Tasks'''<br />
| style="width: 35%;" |<br />
:'''Course Notes / Assigned Reading'''<br />
|<br />
:'''Labs'''<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 1'''<br />
<br />
|<br />
<br />
<br />
:'''Course Introduction:'''<br />
::* SEC520 WIKI<br />
::* Course Outline<br />
::* Course Policies<br />
::* Required Materials<br />
::* Lab Setup<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.ppt ppt] ] Course Intro / The "Security Mind"<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://lcweb.senecac.on.ca:2053/0596006691 Computer Security Basics (E-book)]<br />(Chapter 1: The New Insecurity)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)<br />
<br />
<br />
:'''Resources:'''<br />
::* [http://zenit.senecac.on.ca/wiki/index.php/SEC520 SEC520 WIKI]<br />
::* [https://scs.senecac.on.ca/course/sec520 Course Outline]<br />
<br />
::* [http://zenit.senecac.on.ca/wiki/index.php/SEC520#Supplies_Checklist_.28Required_for_Second_Class.29 Required Materials]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 1:'''<br />
::Set-Up for Labs:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_1.html Setup Hard Disk Pack for Labs]<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 2'''<br />
<br />
|<br />
<br />
<br />
: '''Developing a "Security Mind":'''<br />
::*4 Virtues of Internet Security<br />
::*8 Rules of Internet Security<br />
::*Penetration Testing:<br />
:::*Reconnaissance:<br />
::::*Information Gathering<br />
::::*Foot-printing<br />
::::*User Information<br />
::::*Verification<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.ppt ppt] ] Penetration Testing: Reconnaissance<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=NDQffaAMLQc Reconnaissance]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 2:'''<br />
::Pentration Testing:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_2.html Reconnaissance]<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 3'''<br />
<br />
|<br />
<br />
<br />
:'''Scanning, Enumeration, & Vulnerability Testing:'''<br />
::*Penetration Testing (Continued):<br />
:::*Scanning<br />
:::*Enumeration<br />
::*Vulnerability Testing<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.ppt ppt] ] Scanning & Enumeration<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Scanning 1] , [http://www.youtube.com/watch?v=WKLNAAt57Wg Scanning 2]<br />
::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Enumeration]<br />
::*[https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap Online Pen-Test Scanner]<br />
::*[https://www.youtube.com/watch?v=dR7NTYfmNcA Prep for Metasploit]<br />
<br />
:'''Resources:'''<br />
::*[http://nmap.org/book/man.html Nmap Reference Guide]<br />(How to use '''nmap''' utility to scan ports)<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 3:'''<br />
::Penetration Testing / Continued:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_3.html Scanning, Enumeration, & Vulnerability Testing]<br />
<br />
<br />
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:15px; margin-right:10px; padding-left: 20px;"><br />
<div style="float: left; margin-left: -40px;"></div><br />
<br />
</div><br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 4'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Scanning, Enumeration, & Vulnerability Testing:'''<br />
::*Vulnerability Testing<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.ppt ppt] ] Vulnerability Testing<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)<br />
<br />
:'''YouTube Videos:'''<br />
::*[https://www.youtube.com/watch?v=FMgAIfcPsyw Vulnerability Testing - Overview]<br />
::*[https://www.youtube.com/watch?v=lNjxwvQT-os Nessus]<br />
::*[https://www.youtube.com/watch?v=hRxOW37MRwc Accessing System Via Metasploit (web-browser)]<br />
<br />
:'''Resources:'''<br />
::*[https://www.youtube.com/watch?v=r4Qq2eVjiP0 Setting up the Metasploit database]<br />
::*[https://www.youtube.com/watch?v=x01ZErjNlX0 First Metasploit Payload]<br />
::*[http://www.youtube.com/watch?v=jJd5qg3fkyw Using Armitage] (Metasploit Framework)]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 3:'''<br />
::Continue Working on '''Lab 3'''<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 5'''<br />
|<br />
<br />
<br />
:'''Types of Attacks:'''<br />
::*Client-side Attacks<br />
:::*Phishing<br />
:::*Webbrowser - Malicious Payloads<br />
:::*IP Spoofing (Man in the Middle) / Password<br />
::*Server-side Attacks<br />
:::*Out-dated Software Patches<br />
:::*Database Injection<br />
:::*Password Cracking<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.ppt ppt] ] Types of Attacks<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=ZUygX8TBBw0 Phishing]<br />
::*[http://www.youtube.com/watch?v=PqfZM3Lxrmg Malicious Payload]<br />
::*[http://www.youtube.com/watch?v=-hd7XG-b6uk IP Spoofing]<br />
::*[http://www.youtube.com/watch?v=AhTfo6pWBIM Database Injection]<br />
::*[http://www.youtube.com/watch?v=Iyh_w0Ix2bc Password Cracking]<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapters 4,5,6)<br />
<br />
:'''Resources:'''<br />
<br />
::*[http://atlas.arbor.net/ ATLAS Web-page] (Active Threat Level Analysis System)<br />
::*[http://www.sans.org/top-cyber-security-risks/summary.php Top Security Risks 2009 (SANS Institute)]<br />
::*[https://github.com/WebGoat/WebGoat/wiki Webgoat]<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 4:'''<br />
:Attack Categories:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_4.html Types of Attacks]<br />
<br />
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:15px; margin-right:10px; padding-left: 20px;"><br />
<div style="float: left; margin-left: -40px;"></div><br />
<div><b>WARNINGS!</b><br /><ol><li>'''Scanning ports must require the permission of Server Owner''' (preferably in writing). Student must either work in Security lab to scan each others' ports, or sign an agreement to scan any server.<br /><br /></ol></div><br />
</div><br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 6'''<br />
<br />
More on mysql injection and Webgoat<br />
<br />
|<br />
<br />
<br />
::* [[https://www.youtube.com/watch?v=Rqt_BgG5YyI Blind MySQL injection video]]<br />
'''Moved until after the break'''<br />
:'''Hardening Windows 7/8/10'''<br />
::*Installing and Configuring Security Configuration Wizard<br />
::*Using New Technology File System (NTSF)<br />
::*Configuring Automatic Updates<br />
<br />
:'''Test #1: Details, March 6th'''<br />
::# Quiz 2 (February 22)<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.ppt ppt] ] Hardening - Basic Concepts<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.pptx pptx] ] Hardening Windows<br />
<br />
:'''Reading References:'''<br />
::*[https://www.sans.org/media/score/checklists/ID-Windows.pdf Intrusion Discovery - Windows]<br />
::* [http://lcweb.senecac.on.ca:2052/toc.aspx?site=RYW9D&bookid=12602 Hardening Windows, 2nd Edition]<br />(Chapter 5 - Pages: )<br />
::* [http://old.honeynet.org/papers/enemy/ "Know Your Enemy: The Script Kiddie"]<br />
<br />
:'''YouTube Videos:'''<br />
::*[]<br />
<br />
:'''Resources:'''<br />
::*<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
:'''Assignment #1:'''<br />
::* Assignment Instructions (N/A)<br />
::Continue working on '''Lab 4''' and install Webgoat<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 7'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Midterm (Test #1 March 6th):'''<br />
::*(Check course announcements for test details)<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Additional Tasks:'''<br />
:'''Lab 5:'''<br />
::*'''Hardening Windows 7/8/10'''<br />
::Work on '''Assignment #1'''<br />
<br />
|- valign="center"<br />
!colspan="4"|<br />'''Study Week'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 8'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''System Hardening in Linux:'''<br />
::*Purpose<br />
::*Rule of Preventative Action<br />
::*Rule of Separation<br />
::*Rule of Least Privilege<br />
:::*AAA Protocol (Authentication):<br />
::::*PKI<br />
::::*PAM<br />
::::*Kerebos<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1b.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1b.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1b.pptx pptx] ] Linux Hardening - Part 1<br />
::*[[https://www.digitalocean.com/community/tutorials/how-to-use-pam-to-configure-authentication-on-an-ubuntu-12-04-vps PAM Configuration HOWTO]]<br />
::*[[http://hexten.net/assets/pam_abl_doc/index.html PAM Auto Blacklist Module HOWTO]]<br />
:'''Reading References:'''<br />
<br />
::*[https://www.sans.org/media/score/checklists/ID-Linux.pdf Intrusion Discovery - Linux]<br />
::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook (E-book)]<br />(Chapter 4 - Pages: )<br />
<br />
:'''YouTube Videos:'''<br />
::*Linux Hardening<br />
:::[http://www.youtube.com/watch?v=GJMKgV8V4FI Part1] | [http://www.youtube.com/watch?v=M9LdGH_AIZo Part 2] | [http://www.youtube.com/watch?v=0tEBXWU6Au4 Part 3]<br />
::*[http://www.youtube.com/watch?v=yy1NR74ttAw&feature=results_main&playnext=1&list=PL48E055817B95897B PAM]<br />
<br />
:'''Resources:'''<br />
::* [http://www.linuxdoc.org/HOWTO/User-Authentication-HOWTO/x115.html Why Use PAM?]<br />
::* [http://www.ibm.com/developerworks/linux/library/l-pam/index.html Understanding and Configuring PAM]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 6:'''<br />
::System Hardening<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_6.html Linux System Hardening (part 1)]<br />
<br />
<br />
<br />
<br />
<br />
:'''Assignment #1 Due'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 9'''<br />
|<br />
<br />
<br />
:'''System Hardening in Linux / Continued:'''<br />
::*AAA Protocol (Authorization):<br />
:::*ACLs<br />
:::*SELinux<br />
:::*Sudo<br />
:::*Cron Jobs<br />
:::*Turning Off Xwindows<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.ppt ppt] ] Linux Hardening - Part 2<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=6piQXXHTmqk ACLs]<br />
::*[http://www.youtube.com/watch?v=fpXuWhshKVA SELinux]<br />
::*[http://www.youtube.com/watch?v=imnEUvvDxc4 Sudo]<br />
::*[http://www.youtube.com/watch?v=4Icg3MYZZqI Cron Jobs]<br />
<br />
:'''Reading References:'''<br />
::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook]<br />(Chapter 5 - Pages: )<br />
::*[http://lcweb.senecac.on.ca:2063/0131963694?uicode=seneca SELinux by Example]<br />(Chapter x - Pages: )<br />
<br />
:'''Resources:'''<br />
::* [http://www.linuxquestions.org/linux/answers/security/acls_extended_filepermissions How to Use ACLs]<br />
::* SELinux<br />
::* [http://www.sudo.ws/sudo/intro.html Sudo In a Nutshell]<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
:'''Lab 7:'''<br />
::System Hardening<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_7.html Linux System Hardening (part 2)]<br />
<br />
<br />
<br />
:'''Assignment #2:'''<br />
::*Assignment Instructions (N/A)<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 10'''<br />
<br />
|<br />
<br />
<br />
:'''System Hardening in Linux / Continued:'''<br />
::*Complete Labs 6 and 7<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Labs:'''<br />
::*Complete Labs 6 and 7<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 11'''<br />
<br />
|<br />
<br />
<br />
:'''Intrusion Detection:'''<br />
::*Purpose<br />
::*Logs<br />
::*Monitoring<br />
::*Iptables<br />
::*Using Tripwire<br />
<br />
<br />
<br />
:'''Additional Considerations:'''<br />
::*Decoys: Honey-Pots<br />
::*DMZs<br />
::*Disaster Recovery<br />
::*The BIGGER Picture<br />
|<br />
<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.ppt ppt] ] Intrusion Detection / Using Tripwire<br />
<br />
:'''Reading References:'''<br />
::*[http://www.sans.org/score/checklists/ID_Linux.pdf Intrusion Discovery - Linux]<br />
::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook]<br />(Chapter 1 - Pages: )<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=kUdCsZpt2ew Iptables]<br />
<br />
:'''Additional Resources:'''<br />
::*<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
:'''Lab 8:'''<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_8.html Intrusion Detection]<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 12'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Work on Assignment #2'''<br />
::*Complete Report<br />
<br />
|<br />
<br />
|<br />
:'''Assignment #2 Due:'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 13'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Final Exam Review'''<br />
::* Details<br />
|<br />
<br />
<br />
<br />
<br />
|<br />
<br />
|- valign="top"<br />
!colspan="4"|Exam Week - TBA<br />
<br />
|}</div>
Craig.barretto
https://wiki.cdot.senecacollege.ca/w/index.php?title=SEC520_Weekly_Schedule&diff=132064
SEC520 Weekly Schedule
2018-03-03T05:06:34Z
<p>Craig.barretto: /* Winter 2018 */</p>
<hr />
<div>[[Category:SEC520]]<br />
<br />
=SEC520 Weekly Schedule=<br />
== Winter 2018==<br />
::Instructor:<br />Austin (SAA)<br />
1 credit<br />
::*Quiz and Labs ( 4 Quiz, 7 Labs (15%))<br />
::::'''Logbooks due February 22'''<br />
::*Assignments (2) 20%<br />
::::'''Assignment 1 Due Date March 7''''''<br />
::::'''Assignment 2 Due Date TBA''''''<br />
::*Tests (2) 30%<br />
::::'''Written Test March 8''''''<br />
::::'''Lab Test TBD'''''<br />
::*Final Test 35%<br />
{|width="100%" border="1" cellspacing="2"<br />
| style="width: 10%;" |<br />
:'''Week'''<br />
| style="width: 25%;" |<br />
:'''Objectives and Tasks'''<br />
| style="width: 35%;" |<br />
:'''Course Notes / Assigned Reading'''<br />
|<br />
:'''Labs'''<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 1'''<br />
<br />
|<br />
<br />
<br />
:'''Course Introduction:'''<br />
::* SEC520 WIKI<br />
::* Course Outline<br />
::* Course Policies<br />
::* Required Materials<br />
::* Lab Setup<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.ppt ppt] ] Course Intro / The "Security Mind"<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://lcweb.senecac.on.ca:2053/0596006691 Computer Security Basics (E-book)]<br />(Chapter 1: The New Insecurity)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)<br />
<br />
<br />
:'''Resources:'''<br />
::* [http://zenit.senecac.on.ca/wiki/index.php/SEC520 SEC520 WIKI]<br />
::* [https://scs.senecac.on.ca/course/sec520 Course Outline]<br />
<br />
::* [http://zenit.senecac.on.ca/wiki/index.php/SEC520#Supplies_Checklist_.28Required_for_Second_Class.29 Required Materials]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 1:'''<br />
::Set-Up for Labs:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_1.html Setup Hard Disk Pack for Labs]<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 2'''<br />
<br />
|<br />
<br />
<br />
: '''Developing a "Security Mind":'''<br />
::*4 Virtues of Internet Security<br />
::*8 Rules of Internet Security<br />
::*Penetration Testing:<br />
:::*Reconnaissance:<br />
::::*Information Gathering<br />
::::*Foot-printing<br />
::::*User Information<br />
::::*Verification<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.ppt ppt] ] Penetration Testing: Reconnaissance<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=NDQffaAMLQc Reconnaissance]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 2:'''<br />
::Pentration Testing:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_2.html Reconnaissance]<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 3'''<br />
<br />
|<br />
<br />
<br />
:'''Scanning, Enumeration, & Vulnerability Testing:'''<br />
::*Penetration Testing (Continued):<br />
:::*Scanning<br />
:::*Enumeration<br />
::*Vulnerability Testing<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.ppt ppt] ] Scanning & Enumeration<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Scanning 1] , [http://www.youtube.com/watch?v=WKLNAAt57Wg Scanning 2]<br />
::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Enumeration]<br />
::*[https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap Online Pen-Test Scanner]<br />
::*[https://www.youtube.com/watch?v=dR7NTYfmNcA Prep for Metasploit]<br />
<br />
:'''Resources:'''<br />
::*[http://nmap.org/book/man.html Nmap Reference Guide]<br />(How to use '''nmap''' utility to scan ports)<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 3:'''<br />
::Penetration Testing / Continued:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_3.html Scanning, Enumeration, & Vulnerability Testing]<br />
<br />
<br />
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:15px; margin-right:10px; padding-left: 20px;"><br />
<div style="float: left; margin-left: -40px;"></div><br />
<br />
</div><br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 4'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Scanning, Enumeration, & Vulnerability Testing:'''<br />
::*Vulnerability Testing<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.ppt ppt] ] Vulnerability Testing<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)<br />
<br />
:'''YouTube Videos:'''<br />
::*[https://www.youtube.com/watch?v=FMgAIfcPsyw Vulnerability Testing - Overview]<br />
::*[https://www.youtube.com/watch?v=lNjxwvQT-os Nessus]<br />
::*[https://www.youtube.com/watch?v=hRxOW37MRwc Accessing System Via Metasploit (web-browser)]<br />
<br />
:'''Resources:'''<br />
::*[https://www.youtube.com/watch?v=r4Qq2eVjiP0 Setting up the Metasploit database]<br />
::*[https://www.youtube.com/watch?v=x01ZErjNlX0 First Metasploit Payload]<br />
::*[http://www.youtube.com/watch?v=jJd5qg3fkyw Using Armitage] (Metasploit Framework)]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 3:'''<br />
::Continue Working on '''Lab 3'''<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 5'''<br />
|<br />
<br />
<br />
:'''Types of Attacks:'''<br />
::*Client-side Attacks<br />
:::*Phishing<br />
:::*Webbrowser - Malicious Payloads<br />
:::*IP Spoofing (Man in the Middle) / Password<br />
::*Server-side Attacks<br />
:::*Out-dated Software Patches<br />
:::*Database Injection<br />
:::*Password Cracking<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.ppt ppt] ] Types of Attacks<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=ZUygX8TBBw0 Phishing]<br />
::*[http://www.youtube.com/watch?v=PqfZM3Lxrmg Malicious Payload]<br />
::*[http://www.youtube.com/watch?v=-hd7XG-b6uk IP Spoofing]<br />
::*[http://www.youtube.com/watch?v=AhTfo6pWBIM Database Injection]<br />
::*[http://www.youtube.com/watch?v=Iyh_w0Ix2bc Password Cracking]<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapters 4,5,6)<br />
<br />
:'''Resources:'''<br />
<br />
::*[http://atlas.arbor.net/ ATLAS Web-page] (Active Threat Level Analysis System)<br />
::*[http://www.sans.org/top-cyber-security-risks/summary.php Top Security Risks 2009 (SANS Institute)]<br />
::*[https://github.com/WebGoat/WebGoat/wiki Webgoat]<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 4:'''<br />
:Attack Categories:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_4.html Types of Attacks]<br />
<br />
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:15px; margin-right:10px; padding-left: 20px;"><br />
<div style="float: left; margin-left: -40px;"></div><br />
<div><b>WARNINGS!</b><br /><ol><li>'''Scanning ports must require the permission of Server Owner''' (preferably in writing). Student must either work in Security lab to scan each others' ports, or sign an agreement to scan any server.<br /><br /></ol></div><br />
</div><br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 6'''<br />
<br />
More on mysql injection and Webgoat<br />
<br />
|<br />
<br />
<br />
::* [[https://www.youtube.com/watch?v=Rqt_BgG5YyI Blind MySQL injection video]]<br />
'''Moved until after the break'''<br />
:'''Hardening Windows 7/8/10'''<br />
::*Installing and Configuring Security Configuration Wizard<br />
::*Using New Technology File System (NTSF)<br />
::*Configuring Automatic Updates<br />
<br />
:'''Test #1: Details, March 6th'''<br />
::# Quiz 2 (February 22)<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.ppt ppt] ] Hardening - Basic Concepts<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.pptx pptx] ] Hardening Windows<br />
<br />
:'''Reading References:'''<br />
::*[https://www.sans.org/media/score/checklists/ID-Windows.pdf Intrusion Discovery - Windows]<br />
::* [http://lcweb.senecac.on.ca:2052/toc.aspx?site=RYW9D&bookid=12602 Hardening Windows, 2nd Edition]<br />(Chapter 5 - Pages: )<br />
::* [http://old.honeynet.org/papers/enemy/ "Know Your Enemy: The Script Kiddie"]<br />
<br />
:'''YouTube Videos:'''<br />
::*[]<br />
<br />
:'''Resources:'''<br />
::*<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
:'''Assignment #1:'''<br />
::* Assignment Instructions (N/A)<br />
::Continue working on '''Lab 4''' and install Webgoat<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 7'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Midterm (Test #1 March 6th):'''<br />
::*(Check course announcements for test details)<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Additional Tasks:'''<br />
:'''Lab 5:'''<br />
::*'''Hardening Windows 7/8/10'''<br />
::Work on '''Assignment #1'''<br />
<br />
|- valign="center"<br />
!colspan="4"|<br />'''Study Week'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 8'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''System Hardening in Linux:'''<br />
::*Purpose<br />
::*Rule of Preventative Action<br />
::*Rule of Separation<br />
::*Rule of Least Privilege<br />
:::*AAA Protocol (Authentication):<br />
::::*PKI<br />
::::*PAM<br />
::::*Kerebos<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1b.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1b.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1b.pptx pptx] ] Linux Hardening - Part 1<br />
::*[[https://www.digitalocean.com/community/tutorials/how-to-use-pam-to-configure-authentication-on-an-ubuntu-12-04-vps PAM Configuration HOWTO]]<br />
::*[[http://hexten.net/assets/pam_abl_doc/index.html PAM Auto Blacklist Module HOWTO]]<br />
:'''Reading References:'''<br />
<br />
::*[https://www.sans.org/media/score/checklists/ID-Linux.pdf Intrusion Discovery - Linux]<br />
::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook (E-book)]<br />(Chapter 4 - Pages: )<br />
<br />
:'''YouTube Videos:'''<br />
::*Linux Hardening<br />
:::[http://www.youtube.com/watch?v=GJMKgV8V4FI Part1] | [http://www.youtube.com/watch?v=M9LdGH_AIZo Part 2] | [http://www.youtube.com/watch?v=0tEBXWU6Au4 Part 3]<br />
::*[http://www.youtube.com/watch?v=yy1NR74ttAw&feature=results_main&playnext=1&list=PL48E055817B95897B PAM]<br />
<br />
:'''Resources:'''<br />
::* [http://www.linuxdoc.org/HOWTO/User-Authentication-HOWTO/x115.html Why Use PAM?]<br />
::* [http://www.ibm.com/developerworks/linux/library/l-pam/index.html Understanding and Configuring PAM]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 6:'''<br />
::System Hardening<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_6.html Linux System Hardening (part 1)]<br />
<br />
<br />
<br />
<br />
<br />
:'''Assignment #1 Due'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 9'''<br />
|<br />
<br />
<br />
:'''System Hardening in Linux / Continued:'''<br />
::*AAA Protocol (Authorization):<br />
:::*ACLs<br />
:::*SELinux<br />
:::*Sudo<br />
:::*Cron Jobs<br />
:::*Turning Off Xwindows<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.ppt ppt] ] Linux Hardening - Part 2<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=6piQXXHTmqk ACLs]<br />
::*[http://www.youtube.com/watch?v=fpXuWhshKVA SELinux]<br />
::*[http://www.youtube.com/watch?v=imnEUvvDxc4 Sudo]<br />
::*[http://www.youtube.com/watch?v=4Icg3MYZZqI Cron Jobs]<br />
<br />
:'''Reading References:'''<br />
::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook]<br />(Chapter 5 - Pages: )<br />
::*[http://lcweb.senecac.on.ca:2063/0131963694?uicode=seneca SELinux by Example]<br />(Chapter x - Pages: )<br />
<br />
:'''Resources:'''<br />
::* [http://www.linuxquestions.org/linux/answers/security/acls_extended_filepermissions How to Use ACLs]<br />
::* SELinux<br />
::* [http://www.sudo.ws/sudo/intro.html Sudo In a Nutshell]<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
:'''Lab 7:'''<br />
::System Hardening<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_7.html Linux System Hardening (part 2)]<br />
<br />
<br />
<br />
:'''Assignment #2:'''<br />
::*Assignment Instructions (N/A)<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 10'''<br />
<br />
|<br />
<br />
<br />
:'''System Hardening in Linux / Continued:'''<br />
::*Complete Labs 6 and 7<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Labs:'''<br />
::*Complete Labs 6 and 7<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 11'''<br />
<br />
|<br />
<br />
<br />
:'''Intrusion Detection:'''<br />
::*Purpose<br />
::*Logs<br />
::*Monitoring<br />
::*Iptables<br />
::*Using Tripwire<br />
<br />
<br />
<br />
:'''Additional Considerations:'''<br />
::*Decoys: Honey-Pots<br />
::*DMZs<br />
::*Disaster Recovery<br />
::*The BIGGER Picture<br />
|<br />
<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.ppt ppt] ] Intrusion Detection / Using Tripwire<br />
<br />
:'''Reading References:'''<br />
::*[http://www.sans.org/score/checklists/ID_Linux.pdf Intrusion Discovery - Linux]<br />
::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook]<br />(Chapter 1 - Pages: )<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=kUdCsZpt2ew Iptables]<br />
<br />
:'''Additional Resources:'''<br />
::*<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
:'''Lab 8:'''<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_8.html Intrusion Detection]<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 12'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Work on Assignment #2'''<br />
::*Complete Report<br />
<br />
|<br />
<br />
|<br />
:'''Assignment #2 Due:'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 13'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Final Exam Review'''<br />
::* Details<br />
|<br />
<br />
<br />
<br />
<br />
|<br />
<br />
|- valign="top"<br />
!colspan="4"|Exam Week - TBA<br />
<br />
|}</div>
Craig.barretto
https://wiki.cdot.senecacollege.ca/w/index.php?title=SEC520_Weekly_Schedule&diff=132065
SEC520 Weekly Schedule
2018-03-03T05:05:07Z
<p>Craig.barretto: /* Winter 2018 */</p>
<hr />
<div>[[Category:SEC520]]<br />
<br />
=SEC520 Weekly Schedule=<br />
== Winter 2018==<br />
::Instructor:<br />Austin (SAA)<br />
1 credit<br />
::*Quiz and Labs ( 4 Quiz, 7 Labs (15%))<br />
::::'''Logbooks due February 22'''<br />
::*Assignments (2) 20%<br />
::::'''Assignment 1 - Due Date March 7''''''<br />
::::'''Assignment 2 - Due Date TBA''''''<br />
::*Tests (2) 30%<br />
::::'''Written Test - March 8''''''<br />
::::'''Lab Test - TBD'''''<br />
::*Final Test 35%<br />
{|width="100%" border="1" cellspacing="2"<br />
| style="width: 10%;" |<br />
:'''Week'''<br />
| style="width: 25%;" |<br />
:'''Objectives and Tasks'''<br />
| style="width: 35%;" |<br />
:'''Course Notes / Assigned Reading'''<br />
|<br />
:'''Labs'''<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 1'''<br />
<br />
|<br />
<br />
<br />
:'''Course Introduction:'''<br />
::* SEC520 WIKI<br />
::* Course Outline<br />
::* Course Policies<br />
::* Required Materials<br />
::* Lab Setup<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.ppt ppt] ] Course Intro / The "Security Mind"<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://lcweb.senecac.on.ca:2053/0596006691 Computer Security Basics (E-book)]<br />(Chapter 1: The New Insecurity)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)<br />
<br />
<br />
:'''Resources:'''<br />
::* [http://zenit.senecac.on.ca/wiki/index.php/SEC520 SEC520 WIKI]<br />
::* [https://scs.senecac.on.ca/course/sec520 Course Outline]<br />
<br />
::* [http://zenit.senecac.on.ca/wiki/index.php/SEC520#Supplies_Checklist_.28Required_for_Second_Class.29 Required Materials]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 1:'''<br />
::Set-Up for Labs:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_1.html Setup Hard Disk Pack for Labs]<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 2'''<br />
<br />
|<br />
<br />
<br />
: '''Developing a "Security Mind":'''<br />
::*4 Virtues of Internet Security<br />
::*8 Rules of Internet Security<br />
::*Penetration Testing:<br />
:::*Reconnaissance:<br />
::::*Information Gathering<br />
::::*Foot-printing<br />
::::*User Information<br />
::::*Verification<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.ppt ppt] ] Penetration Testing: Reconnaissance<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)] (Chapters 1 - 3)<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=NDQffaAMLQc Reconnaissance]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 2:'''<br />
::Pentration Testing:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_2.html Reconnaissance]<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 3'''<br />
<br />
|<br />
<br />
<br />
:'''Scanning, Enumeration, & Vulnerability Testing:'''<br />
::*Penetration Testing (Continued):<br />
:::*Scanning<br />
:::*Enumeration<br />
::*Vulnerability Testing<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l1.ppt ppt] ] Scanning & Enumeration<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Scanning 1] , [http://www.youtube.com/watch?v=WKLNAAt57Wg Scanning 2]<br />
::*[http://www.youtube.com/watch?v=_Ch0RJlHFBo Enumeration]<br />
::*[https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap Online Pen-Test Scanner]<br />
::*[https://www.youtube.com/watch?v=dR7NTYfmNcA Prep for Metasploit]<br />
<br />
:'''Resources:'''<br />
::*[http://nmap.org/book/man.html Nmap Reference Guide]<br />(How to use '''nmap''' utility to scan ports)<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 3:'''<br />
::Penetration Testing / Continued:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_3.html Scanning, Enumeration, & Vulnerability Testing]<br />
<br />
<br />
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:15px; margin-right:10px; padding-left: 20px;"><br />
<div style="float: left; margin-left: -40px;"></div><br />
<br />
</div><br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 4'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Scanning, Enumeration, & Vulnerability Testing:'''<br />
::*Vulnerability Testing<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w2_l2.ppt ppt] ] Vulnerability Testing<br />
<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 3)<br />
<br />
:'''YouTube Videos:'''<br />
::*[https://www.youtube.com/watch?v=FMgAIfcPsyw Vulnerability Testing - Overview]<br />
::*[https://www.youtube.com/watch?v=lNjxwvQT-os Nessus]<br />
::*[https://www.youtube.com/watch?v=hRxOW37MRwc Accessing System Via Metasploit (web-browser)]<br />
<br />
:'''Resources:'''<br />
::*[https://www.youtube.com/watch?v=r4Qq2eVjiP0 Setting up the Metasploit database]<br />
::*[https://www.youtube.com/watch?v=x01ZErjNlX0 First Metasploit Payload]<br />
::*[http://www.youtube.com/watch?v=jJd5qg3fkyw Using Armitage] (Metasploit Framework)]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 3:'''<br />
::Continue Working on '''Lab 3'''<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 5'''<br />
|<br />
<br />
<br />
:'''Types of Attacks:'''<br />
::*Client-side Attacks<br />
:::*Phishing<br />
:::*Webbrowser - Malicious Payloads<br />
:::*IP Spoofing (Man in the Middle) / Password<br />
::*Server-side Attacks<br />
:::*Out-dated Software Patches<br />
:::*Database Injection<br />
:::*Password Cracking<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w7_l1.ppt ppt] ] Types of Attacks<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=ZUygX8TBBw0 Phishing]<br />
::*[http://www.youtube.com/watch?v=PqfZM3Lxrmg Malicious Payload]<br />
::*[http://www.youtube.com/watch?v=-hd7XG-b6uk IP Spoofing]<br />
::*[http://www.youtube.com/watch?v=AhTfo6pWBIM Database Injection]<br />
::*[http://www.youtube.com/watch?v=Iyh_w0Ix2bc Password Cracking]<br />
<br />
:'''Reading References:'''<br />
::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapters 4,5,6)<br />
<br />
:'''Resources:'''<br />
<br />
::*[http://atlas.arbor.net/ ATLAS Web-page] (Active Threat Level Analysis System)<br />
::*[http://www.sans.org/top-cyber-security-risks/summary.php Top Security Risks 2009 (SANS Institute)]<br />
::*[https://github.com/WebGoat/WebGoat/wiki Webgoat]<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 4:'''<br />
:Attack Categories:<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_4.html Types of Attacks]<br />
<br />
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; margin-left:15px; margin-right:10px; padding-left: 20px;"><br />
<div style="float: left; margin-left: -40px;"></div><br />
<div><b>WARNINGS!</b><br /><ol><li>'''Scanning ports must require the permission of Server Owner''' (preferably in writing). Student must either work in Security lab to scan each others' ports, or sign an agreement to scan any server.<br /><br /></ol></div><br />
</div><br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 6'''<br />
<br />
More on mysql injection and Webgoat<br />
<br />
|<br />
<br />
<br />
::* [[https://www.youtube.com/watch?v=Rqt_BgG5YyI Blind MySQL injection video]]<br />
'''Moved until after the break'''<br />
:'''Hardening Windows 7/8/10'''<br />
::*Installing and Configuring Security Configuration Wizard<br />
::*Using New Technology File System (NTSF)<br />
::*Configuring Automatic Updates<br />
<br />
:'''Test #1: Details, March 6th'''<br />
::# Quiz 2 (February 22)<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1.ppt ppt] ] Hardening - Basic Concepts<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/labs/sec520_lab5.pptx pptx] ] Hardening Windows<br />
<br />
:'''Reading References:'''<br />
::*[https://www.sans.org/media/score/checklists/ID-Windows.pdf Intrusion Discovery - Windows]<br />
::* [http://lcweb.senecac.on.ca:2052/toc.aspx?site=RYW9D&bookid=12602 Hardening Windows, 2nd Edition]<br />(Chapter 5 - Pages: )<br />
::* [http://old.honeynet.org/papers/enemy/ "Know Your Enemy: The Script Kiddie"]<br />
<br />
:'''YouTube Videos:'''<br />
::*[]<br />
<br />
:'''Resources:'''<br />
::*<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
:'''Assignment #1:'''<br />
::* Assignment Instructions (N/A)<br />
::Continue working on '''Lab 4''' and install Webgoat<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 7'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Midterm (Test #1 March 6th):'''<br />
::*(Check course announcements for test details)<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Additional Tasks:'''<br />
:'''Lab 5:'''<br />
::*'''Hardening Windows 7/8/10'''<br />
::Work on '''Assignment #1'''<br />
<br />
|- valign="center"<br />
!colspan="4"|<br />'''Study Week'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 8'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''System Hardening in Linux:'''<br />
::*Purpose<br />
::*Rule of Preventative Action<br />
::*Rule of Separation<br />
::*Rule of Least Privilege<br />
:::*AAA Protocol (Authentication):<br />
::::*PKI<br />
::::*PAM<br />
::::*Kerebos<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1b.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1b.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w3_l1b.pptx pptx] ] Linux Hardening - Part 1<br />
::*[[https://www.digitalocean.com/community/tutorials/how-to-use-pam-to-configure-authentication-on-an-ubuntu-12-04-vps PAM Configuration HOWTO]]<br />
::*[[http://hexten.net/assets/pam_abl_doc/index.html PAM Auto Blacklist Module HOWTO]]<br />
:'''Reading References:'''<br />
<br />
::*[https://www.sans.org/media/score/checklists/ID-Linux.pdf Intrusion Discovery - Linux]<br />
::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook (E-book)]<br />(Chapter 4 - Pages: )<br />
<br />
:'''YouTube Videos:'''<br />
::*Linux Hardening<br />
:::[http://www.youtube.com/watch?v=GJMKgV8V4FI Part1] | [http://www.youtube.com/watch?v=M9LdGH_AIZo Part 2] | [http://www.youtube.com/watch?v=0tEBXWU6Au4 Part 3]<br />
::*[http://www.youtube.com/watch?v=yy1NR74ttAw&feature=results_main&playnext=1&list=PL48E055817B95897B PAM]<br />
<br />
:'''Resources:'''<br />
::* [http://www.linuxdoc.org/HOWTO/User-Authentication-HOWTO/x115.html Why Use PAM?]<br />
::* [http://www.ibm.com/developerworks/linux/library/l-pam/index.html Understanding and Configuring PAM]<br />
<br />
<br />
|<br />
<br />
<br />
:'''Lab 6:'''<br />
::System Hardening<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_6.html Linux System Hardening (part 1)]<br />
<br />
<br />
<br />
<br />
<br />
:'''Assignment #1 Due'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 9'''<br />
|<br />
<br />
<br />
:'''System Hardening in Linux / Continued:'''<br />
::*AAA Protocol (Authorization):<br />
:::*ACLs<br />
:::*SELinux<br />
:::*Sudo<br />
:::*Cron Jobs<br />
:::*Turning Off Xwindows<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w4_l1.ppt ppt] ] Linux Hardening - Part 2<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=6piQXXHTmqk ACLs]<br />
::*[http://www.youtube.com/watch?v=fpXuWhshKVA SELinux]<br />
::*[http://www.youtube.com/watch?v=imnEUvvDxc4 Sudo]<br />
::*[http://www.youtube.com/watch?v=4Icg3MYZZqI Cron Jobs]<br />
<br />
:'''Reading References:'''<br />
::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook]<br />(Chapter 5 - Pages: )<br />
::*[http://lcweb.senecac.on.ca:2063/0131963694?uicode=seneca SELinux by Example]<br />(Chapter x - Pages: )<br />
<br />
:'''Resources:'''<br />
::* [http://www.linuxquestions.org/linux/answers/security/acls_extended_filepermissions How to Use ACLs]<br />
::* SELinux<br />
::* [http://www.sudo.ws/sudo/intro.html Sudo In a Nutshell]<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
:'''Lab 7:'''<br />
::System Hardening<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_7.html Linux System Hardening (part 2)]<br />
<br />
<br />
<br />
:'''Assignment #2:'''<br />
::*Assignment Instructions (N/A)<br />
<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 10'''<br />
<br />
|<br />
<br />
<br />
:'''System Hardening in Linux / Continued:'''<br />
::*Complete Labs 6 and 7<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
<br />
<br />
<br />
|<br />
<br />
<br />
:'''Labs:'''<br />
::*Complete Labs 6 and 7<br />
<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 11'''<br />
<br />
|<br />
<br />
<br />
:'''Intrusion Detection:'''<br />
::*Purpose<br />
::*Logs<br />
::*Monitoring<br />
::*Iptables<br />
::*Using Tripwire<br />
<br />
<br />
<br />
:'''Additional Considerations:'''<br />
::*Decoys: Honey-Pots<br />
::*DMZs<br />
::*Disaster Recovery<br />
::*The BIGGER Picture<br />
|<br />
<br />
<br />
<br />
:'''Slides (Concepts):'''<br />
::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w9_l1.ppt ppt] ] Intrusion Detection / Using Tripwire<br />
<br />
:'''Reading References:'''<br />
::*[http://www.sans.org/score/checklists/ID_Linux.pdf Intrusion Discovery - Linux]<br />
::*[http://lcweb.senecac.on.ca:2063/0596003919 Linux Security Cookbook]<br />(Chapter 1 - Pages: )<br />
<br />
:'''YouTube Videos:'''<br />
::*[http://www.youtube.com/watch?v=kUdCsZpt2ew Iptables]<br />
<br />
:'''Additional Resources:'''<br />
::*<br />
<br />
<br />
<br />
|<br />
<br />
<br />
<br />
:'''Lab 8:'''<br />
::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_8.html Intrusion Detection]<br />
<br />
|- valign="top"<br />
|<br />
:'''Week 12'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Work on Assignment #2'''<br />
::*Complete Report<br />
<br />
|<br />
<br />
|<br />
:'''Assignment #2 Due:'''<br />
<br />
<br />
|- valign="top"<br />
|<br />
<br />
<br />
:'''Week 13'''<br />
<br />
<br />
|<br />
<br />
<br />
:'''Final Exam Review'''<br />
::* Details<br />
|<br />
<br />
<br />
<br />
<br />
|<br />
<br />
|- valign="top"<br />
!colspan="4"|Exam Week - TBA<br />
<br />
|}</div>
Craig.barretto