CST 285 - Network Intrusion Security TestingCredits: 3 Instructional Contact Hours: 3
Serves as a capstone for the Information Assurance track. Introduces security testing to protect networks and computers by using various tools to attempt entry into a network or computer. Credit may be earned in CST 158 or CST 285, but not both.
Prerequisite(s): CST 250W and CST 252 Corequisite(s): None Lecture Hours: 15 Lab Hours: 30 Meets MTA Requirement: None Pass/NoCredit: Yes
Outcomes and Objectives
- Test a network for proper security measures.
A. Discuss intrusion testing.
B. Discuss what can be done legally.
C. Discuss what cannot be done legally.
D. Discuss the importance of getting it in writing.
2. Discuss TCP/IP concepts.
A. Discuss proper TCP/IP security objectives.
B. Discuss IP addressing.
C. Discuss binary, octal, and hexadecimal numbering systems.
3. Discuss network and computer attacks.
A. Discuss malicious software.
B. Discuss protecting against malware attacks.
C. Discuss intruder attacks on networks and computers.
D. Discuss addressing physical security.
4. Discuss footprinting and social engineering.
A. Discuss using web tools for footprinting.
B. Discuss conducting competitive intelligence.
C. Discuss using DNS zone transfers.
D. Discuss social engineering.
5. Discuss port scanning.
A. Discuss types of port scans
B. Discuss using port scanning tools.
C. Discuss conducting ping sweeps.
D. Discuss shell scripting.
6. Discuss enumeration.
A. Discuss enumeration and what it is.
B. Discuss enumerating Microsoft Operating systems.
C. Discuss enumerating the NetWare Operating system.
D. Discuss enumerating the Unix Operating system.
7. Discuss Microsoft operating system vulnerabilities.
A. Discuss tools to identify vulnerabilities on Microsoft systems.
B. Discuss Microsoft OS vulnerabilities.
C. Discuss vulnerabilities in Microsoft services.
D. Discuss best practices for hardening Microsoft systems.
8. Discuss Linux operating system vulnerabilities.
A. Discuss Linux fundamentals.
B. Discuss Linux OS vulnerabilities.
C. Discuss remote access attacks on Linux systems.
D. Discuss countermeasures against Linux remote attacks.
9. Discuss web server vulnerabilities.
A. Discuss web applications.
B. Discuss web application vulnerabilities.
C. Discuss tools of web attackers and security tools.
10. Discuss cryptography.
A. Discuss cryptographic basics.
B. Discuss symmetric and asymmetric algorithms.
C. Discuss PKI.
D. Discuss cryptographic attacks.
11. Discuss protecting networks with security devices.
A. Discuss network security devices.
B. Discuss firewalls.
C. Discuss NIDS.
D. Discuss HIDS.
E. Discuss honeypots.
12. Identify network and application vulnerabilities using a scripting language.
A. Perform network attacks (including port scanning, port knocking, and brute-forcing logins).
B. Bypass antivirus products with a scripting language.
C. Find buffer overflow vulnerabilities with fuzz testing.
D. Create remote code execution exploits for Linux and Windows targets.
Add to Portfolio (opens a new window)
|