Difference between revisions of "SEC520 Weekly Schedule"

Revision as of 14:18, 22 October 2012

Week

Objectives and Tasks

Course Notes / Assigned Reading

Labs

Week 1

Course Introduction:

SEC520 WIKI
Course Outline
Course Policies
Required Materials
Lab Setup

Slides (Concepts):

[ odp ] [ pdf ] [ ppt ] Course Intro / The "Security Mind"

Reading References:

Inside the Security Mind, Making the Tough Decisions (E-Book) (Chapters 1 - 3)
Penetration Tester's Open Source Toolkit (E-book)
(Chapter 2: Reconnaissance)

Resources:

Lab 1:

Set-Up for Labs:

Setup Hard Disk Pack for Labs

Week 2

Developing a "Security Mind":

4 Virtues of Internet Security
8 Rules of Internet Security
Penetration Testing:

Reconnaissance:

Information Gathering
Foot-printing
User Information
Verification

Slides (Concepts):

[ odp ] [ pdf ] [ ppt ] Penetration Testing: Reconnaissance

Reading References:

Inside the Security Mind, Making the Tough Decisions (E-Book) (Chapters 1 - 3)
Penetration Tester's Open Source Toolkit (E-book)
(Chapter 2: Reconnaissance)

YouTube Videos:

Reconnaissance

Lab 2:

Pentration Testing:

Reconnaissance

Week 3

Scanning, Enumeration, & Vulnerability Testing:

Penetration Testing (Continued):

Scanning
Enumeration

Vulnerability Testing

Slides (Concepts):

[ odp ] [ pdf ] [ ppt ] Scanning & Enumeration

Reading References:

Penetration Tester's Open Source Toolkit (E-book)
(Chapter 3)

YouTube Videos:

Resources:

Nmap Reference Guide
(How to use nmap utility to scan ports)

Lab 3:

Penetration Testing / Continued:

Scanning, Enumeration, & Vulnerability Testing

WARNINGS!

Scanning ports must require the permission of Server Owner (preferably in writing). Student must either work in Security lab to scan each others' ports, or sign an agreement to scan the Tank server within or outside Seneca College.
Your instructor will hand-out permission forms to allow students to obtain Tank accounts, and allow students to perform ethical "penetration testing" on that server. Students must sign this form, hand back to the instructor, and await further instructions before proceeding with penetration testing on the tank server

Week 4

Scanning, Enumeration, & Vulnerability Testing:

Vulnerability Testing

Slides (Concepts):

[ odp ] [ pdf ] [ ppt ] Vulnerability Testing
[ odp ] [ pdf ] [ ppt ] Interpreting and Respecting the Rules for the Tank Server

Reading References:

Penetration Tester's Open Source Toolkit (E-book)
(Chapter 3)

YouTube Videos:

Resources:

Using Armitage (Metasploit Framework)

Lab 3:

Continue Working on Lab 3

Week 5

System Hardening in Linux:

Purpose
Rule of Preventative Action
Rule of Separation
Rule of Least Privilege

AAA Protocol (Authentication):

PKI
PAM
Kerebos

Slides (Concepts):

[ odp ] [ pdf ] [ ppt ] Linux Hardening (part 1)

Reading References:

Linux Security Cookbook (E-book)
(Chapter 4 - Pages: )

YouTube Videos:

Linux Hardening

Part1 | Part 2 | Part 3

PAM

Resources:

Lab 4:

System Hardening

Linux System Hardening (part 1)

Assignment #1 Posted:

Assignment Submission Instructions

Week 6

Midterm (Test #1) Review:

Complete Labs 1 - 5
Review for Midterm

Lab 4:

Continue Working on Lab 4

Work on Assignment #1

Week 7

Midterm (Test #1):

Test Details

Study Week

Week 8

System Hardening in Linux / Continued:

AAA Protocol (Authorization):

ACLs
SELinux
Sudo
Cron Jobs
Turning Off Xwindows

Hardening Windows 2003 Server:

Installing and Configuring Security Configuration Wizard
Using New Technology File System (NTSF)
Configuring Automatic Updates

Slides (Concepts):

[ odp ] [ pdf ] [ ppt ] Linux Hardening (part 2)

YouTube Videos:

Reading References:

Linux Security Cookbook
(Chapter 5 - Pages: )
SELinux by Example
(Chapter x - Pages: )

Resources:

Slides (Concepts):

[ odp ] [ pdf ] [ ppt ] Hardening Windows

Reading References:

Hardening Windows, 2nd Edition
(Chapter 5 - Pages: )

YouTube Videos:

Security Configuration Wizard 2003

Resources:

Lab 5:

System Hardening

Linux System Hardening (part 2)

Lab 7:

Hardening Windows 2003 Server

Assignment #1 Due

Week 9

Types of Attacks:

Client-side Attacks

Phishing
Webbrowser - Malicious Payloads
IP Spoofing (Man in the Middle) / Password

Server-side Attacks

Out-dated Software Patches
Database Injection
Password Cracking

Intrusion Detection:

Purpose
Logs
Monitoring
Iptables
Using Tripwire

Slides (Concepts):

[ odp ] [ pdf ] [ ppt ] Types of Attacks

YouTube Videos:

Reading References:

Penetration Tester's Open Source Toolkit (E-book)
(Chapters 4,5,6)

Resources:

ATLAS Web-page (Active Threat Level Analysis System)
Top Security Risks 2009 (SANS Institute)

Slides (Concepts):

[ odp ] [ pdf ] [ ppt ] Intrusion Detection / Using Tripwire

Reading References:

Intrusion Discovery - Linux

Linux Security Cookbook
(Chapter 1 - Pages: )

YouTube Videos:

Iptables

Additional Resources (for interest):

Intrusion Discovery - Windows

Lab 6:

Attack Categories:

Types of Attacks

WARNINGS!

Scanning ports must require the permission of Server Owner (preferably in writing). Student must either work in Security lab to scan each others' ports, or sign an agreement to scan the Tank server within or outside Seneca College.
Your instructor will hand-out permission forms to allow students to obtain Tank accounts, and allow students to perform ethical "penetration testing" on that server. Students must sign this form, hand back to the instructor, and await further instructions before proceeding with penetration testing on the tank server

Lab 8:

Intrusion Detection

Assignment #2 Posted:

Details - N/A

Week 10

Additional Considerations:

Decoys: Honey-Pots
DMZs
Disaster Recovery
The BIGGER Picture

Slides:

[odp] [pdf] [ppt] Additional Considerations

Reading References:

YouTube Videos:

Resources:

Week 11

Test #2:

Test Details

Week 12

Assignment #2 Evaluation:

Presentations
Evaluate Secured System

Assignment #2 Due:

Week 13

Final Exam Review

Details

Exam Week - TBA

@@ Line 25: / Line 25: @@
-: '''Developing a "Security Mind":'''
-::*4 Virtues of Internet Security
-::*8 Rules of Internet Security
-::*Penetration Testing:
-:::*Reconnaissance:
-::::*Information Gathering
-::::*Foot-printing
-::::*User Information
-::::*Verification
 |
@@ Line 40: / Line 32: @@
 :'''Slides (Concepts):'''
 ::* [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l1.ppt ppt] ] Course Intro / The "Security Mind"
-::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.ppt ppt] ] Penetration Testing: Reconnaissance
 :'''Reading References:'''
@@ Line 46: / Line 38: @@
 ::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)
-:'''YouTube Videos:'''
-::*[http://www.youtube.com/watch?v=NDQffaAMLQc Reconnaissance]
 :'''Resources:'''
@@ Line 62: / Line 52: @@
 ::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_1.html Setup Hard Disk Pack for Labs]
-:'''Lab 2:'''
-::Pentration Testing:
-::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_2.html Reconnaissance]
 |-  valign="top"
 |
@@ Line 71: / Line 59: @@
 |
+: '''Developing a "Security Mind":'''
+::*4 Virtues of Internet Security
+::*8 Rules of Internet Security
+::*Penetration Testing:
+:::*Reconnaissance:
+::::*Information Gathering
+::::*Foot-printing
+::::*User Information
+::::*Verification
+|
-|
+:'''Slides (Concepts):'''
+::*[ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.odp odp] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.pdf pdf] ] [ [http://cs.senecac.on.ca/~fac/sec520/slides/sec520_w1_l2.ppt ppt] ] Penetration Testing: Reconnaissance
+:'''Reading References:'''
+::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=86056&recCount=50&recPointer=0&bibId=263746 Inside the Security Mind, Making the Tough Decisions (E-Book)]  (Chapters 1 - 3)
+::* [http://libcat.senecac.on.ca/vwebv/holdingsInfo?searchId=89542&recCount=50&recPointer=0&bibId=315433 Penetration Tester's Open Source Toolkit (E-book)]<br />(Chapter 2: Reconnaissance)
+:'''YouTube Videos:'''
+::*[http://www.youtube.com/watch?v=NDQffaAMLQc Reconnaissance]
 |
+:'''Lab 2:'''
+::Pentration Testing:
+::*[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_2.html Reconnaissance]

Difference between revisions of "SEC520 Weekly Schedule"

Revision as of 14:18, 22 October 2012

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

get involved with CDOT

courses

course projects

links

Tools