Course Title: Ethical Hacking for Cyber Security
Part A: Course Overview
Course Title: Ethical Hacking for Cyber Security
Credit Points: 12.00
145H Mathematical & Geospatial Sciences
|Sem 1 2006,
Sem 2 2007,
Sem 1 2009,
Sem 2 2010,
Sem 1 2012,
Sem 2 2013,
Sem 1 2015,
Sem 2 2016
171H School of Science
|Sem 1 2018,
Sem 2 2019
Course Coordinator: Associate Professor Serdar Boztas
Course Coordinator Phone: +61 3 9925 2285
Course Coordinator Email: firstname.lastname@example.org
Pre-requisite Courses and Assumed Knowledge and Capabilities
This is an elective course that builds on the overview presented in the above courses, and introduces a hands on study of practical methods for assessing the security information systems and services.
It is assumed that students are familiar with the following concepts and technologies:
• TCP/IP and HTTP protocols
• Linux and Windows Operating Systems (at user level)
• Client-server application architecture
• A programming/scripting language (e.g. Java, C#, Perl, Python, PHP, Ruby, JS, BASH, etc).
It is strongly recommended that students familiarize themselves with the basics of security testing methodologies, such as the OSSTMM - Open Source Security Testing Methodology Manual and the OWASP Testing Guide). These are Open Source documents that are compulsory pre-reading for this course.
This course is designed to build on top of this knowledge. Students without a technical foundation may struggle to understand the course content and practical assessments.
Required Prior Study:
INTE1120 Introduction to Information Security
INTE1122 Case Studies in Information Security
INTE1125 Cryptography and Security
This course focuses on web application and network security. Students will be taught how to think like a hacker and analyse systems in terms of abuse cases rather than use cases. The methodology and technical skills required for penetration testing will be taught in a hands on practical manner. Students will apply and demonstrate their knowledge in attacking systems within a virtual lab environment.You will complete group assignments in penetration testing of a web application and network servers, resulting in an industry style report of weaknesses including appropriate risk assessments.
A Work Integrated Learning (WIL) experience is included in which your knowledge and skills will be applied and assessed in a real or simulated workplace context and where feedback from industry and/or community is integral to your experience. You will use industry technology (specifically VMware virtualisation software) which simulates an enterprise security system. You will complete individual and group assignments in vulnerability testing of that system resulting in an industry style report of weaknesses to be presented to enterprise management.
Objectives/Learning Outcomes/Capability Development
On completion of this course you should be able to:
1. Identify common security tools and compare and contrast their features and purpose
2. Perform a realistic penetration test (as part of your assessment)
3. Develop technical skills that will enable you to further advance your knowledge of security assessment through independent study.
4. Recommend and implement common security testing techniques, methodologies and information security management policies and present security findings in industry consensus formats
5. Critically review the risks associated with common information systems
6. Acquire skills to perform security testing in an ethical manner in a wide variety of web technologies
This course contributes to the following Program Learning Outcomes for MC159 Master of Applied Science (Information Security and Assurance):
International Orientation and Strategic Thinking
• Graduates will have a strategic and practical overview of the issues in information security and assurance.
Critical Analysis and Problem Solving
• Evaluate information security risks across diverse service settings including the Internet and WWW based commerce systems, high bandwidth digital communications and funds transfer services,
• Undertake professional careers or postgraduate research in information security or other IT related fields, acquiring the required information needed to identify real world solutions to real world information security problems.
• Graduates will have the ability to communicate both technical and non-technical material in a range of forms (written, electronic, graphic, oral) and to tailor the style and means of communication to different audiences.
• Graduates will exhibit an ability to appreciate the ethical considerations that inform judgments and decision making in academic and professional settings.
Overview of Learning Activities
A variety of planned student learning experiences will accommodate the learning outcomes envisaged for this course. This includes individual and group activities and laboratory-based learning experiences.
A presentation format will provide an overview of the specified study area and direct you to foundational, analytical, and evidence-based readings about cryptography and its place in Information Security. Facilitated open discussions will draw on your capacity to solve problems, to think critically and analytically and reflect on your own relevant work and life experiences.
Individual and group activities, such as in-semester assessments, will provide you with on-going feedback on your progress. An end-of-semester examination will complement this aspect of your learning.
In-semester assessments may take the form of homework assignments, supervised class tests and/or computer-based project work. Presentation of project work may also form part of the assessment. The assessments will reinforce the material covered in lectures and in your personal study. Your capacity to solve problems and to think critically and analytically will also be addressed through problems presented in lectures and facilitated seminars. In-semester assessments will emphasize the role of ethics in the academic arena. You will be expected to understand the plagiarism policy enforced at RMIT.
The final examination will test your comprehension of the subject material and your ability to apply this understanding to real world problems. Laboratory projects and the class tests will test your comprehension of the subject material and your ability to apply this understanding to real world problems.
Face-to-face contact: 2 to 3 hours of lecture/discussion sessions per week based on the online lecture material uploaded to Blackboard in the days prior to the session. There will also be regular laboratory sessions during Weeks 1-8 which involve completion of exercises illustrating lecture content and assistance to achieve the CLOs.
In addition, you can expect to spend between 8 to 10 hours per week on independent study and research of the material assigned for the week.
Overview of Learning Resources
You will be expected to expand on the subject matter provided as lecture notes. This will take the form of accessing various external and internal resources, such as the library and the Internet. References to books, including text and reference books will be provided in class.
The Internet will be the most important source for academic, technical and white papers and you will be required to use this as a learning resource on a regular basis. In addition your classmates and tutor/lecturer are also important learning resources as will be demonstrated in facilitated discussions.
Blackboard: This course is supported online using Blackboard, which gives access to important announcements, a discussion forum, staff contact details, the teaching schedule, assessment timelines. You are advised to read your student EMS e-mail daily for important announcements. You should also visit the course Blackboard site at least once a day where you will find important announcements regarding the course and all key documents.
Overview of Assessment
☒This course has no hurdle requirements.
Continuous Assessment Task: Weekly Pop Quiz based on the material assigned for the week’s discussion session.
This assessment task supports CLOs 1, 3 & 5
Assessment Task 2 Information Gathering Report.
This assessment task supports CLOs 1 & 3
Assessment Task 3: Network Security Report and Video
This assessment task supports CLOs 1-6
Assessment Task 4: Web Application Security Team Report and Video
This assessment task supports CLOs 1- 5
Assessment 5: Final Exam
This assessment supports CLOs 1-6