Read this page aloud What is Recite? skip to content
Quick Links Hints



Ethical Hacking for Computer Security BSc (Hons)

Module EN0561 - Principles of Ethical Hacking

(20.00 Credits)



SYNOPSIS OF MODULE
The aim of the module is to provide students with the opportunity to develop theory and practice in ethical hacking through the examination of the principles, theories, technical skills and research issues associated with the disciplines of ethical hacking and computer security.

The module develops the technical aspects of the subject with particular reference to enhancing computer and network security. Students will have the opportunity to practice techniques and tools associated with penetration testing and evaluate a range of threats, including the use of various hacking tools and techniques over a variety of operating systems and platforms. Students will also have the opportunity to develop their research skills in designing and evaluating security vulnerabilities and countermeasures.

By the end of the module students should be able to:

• Evaluate the principles of ethical hacking and appreciate where and in what situations these principles should be applied.

• Appreciate the legal and ethical issues associated with ethical hacking and be aware of the documentary and evidentiary standards expected in presenting the results of ethical hacking activities.

• Analyse and evaluate the professional requirements of an ethical hacker and critically discuss the challenges facing the ethical hacker

• Assess computer systems, information systems and networks to identify their vulnerabilities and weaknesses so as to be able to penetrate those systems or networks

• Evaluate the means by which systems or networks are penetrated and design and test countermeasures to address those weaknesses and vulnerabilities.

• Appreciate how the core concepts, knowledge and practice of computer security have developed through research.

Learning and teaching will take place through a variety of mechanisms, including lectures, seminars, practical sessions, research into current developments and issues, case studies and guest / expert input. The subject of ethical hacking is continuously developing, evolving and changing and as a result students will be expected to keep up to date with developments through independent research. The input from guest speakers (practitioners and industry experts will contribute to the currency of the subject material).

Topics will be introduced in lectures and discussed through seminar activities and guided learning activities. The theoretical material on ethical hacking will be re-enforced through the critical analysis and discussion of case studies in seminar sessions.

Students will be encouraged to adopt an independent learning style, acquiring and applying knowledge through their own research and enquiry, supported by a series of guided activities and exercises. Students will be encouraged to share the findings of their research through seminar presentations and participation in on-line discussions with the rest of the student cohort.

Summative assessment will be through the one piece of coursework.




INDICATIVE READING LIST OR OTHER LEARNING RESOURCES
McClure, S., Scambray, J and Kurtz, G., (2005) Hacking Exposed, Network Security Secrets and Solutions, 5th Edition, McGraw Hill

Harris, S., Harper, A., Eagle, C, Ness, J., and Lester, M., (2005) Gray Hat Hacking – the Ethical Hacker’s Handbook, McGraw Hill / Osborne

Additional recommended texts

Long, J., (2005) Google Hacking for Penetration Testers, Syngress

Khare, R., (2006) Network Security and Ethical Hacking, Luniver Press

Simpson, M. T., (2005) Hands-on Ethical Hacking and Network Defense, Course Technology

Casey, E., (2004) Digital Evidence and Computer Crime, 2nd edition Elsevier Academic Press

Bainbridge, D., (2004) Introduction to Computer Law, 5th edition, Longman





OUTLINE SYLLABUS
Principles of ethical hacking
The section of the syllabus will focus on the underpinning principles of ethical hacking – in particular professional responsibility and proper ethical disclosure. The principles and concepts of penetration testing, red teaming, cryptography and steganography will be discussed within the context of ethical hacking. The hacking stages of reconnaissance, scanning, gaining access, maintaining access and covering tracks will be examined with recourse to ethical hacking.

The ways in which ethical hacking principles can be used in assessing the vulnerability of systems and networks will be explored in order to identify potential security problems and how those principles, tools and techniques can be used to address the issues.

Professional and ethical considerations
The section will take further the principle of professional responsibility and liability and set it in the context of ethical behaviour through the application and discussion of ethical theory.

The material covered in this section will develop the ethical principles introduced in the L4 module, Introduction to Ethical Hacking, and propose a framework for professional responsibility within Ethical Hacking.

Professional and ethical issues will also be explored in relation to high profile hacking attacks.

Development of Ethical Hacking approaches
In this topic various approaches of attack will be the covered, including examination of the anatomy of typical attacks, discussion of the weaknesses that hackers look for, techniques used by hackers (including how information and data is gathered) and concepts of social engineering

Various approaches will be covered in this module, including;

• finding holes in networks and systems – including discussion of techniques used in attacking and seizing control of networks;
• ways in which to exploit simple security flaws (including active and passive sniffing, SQL attacks, Internet attacks, Google hacking, privilege escalation);
• ways in which to scan networks and discover available services;
• using root kits (including methods of exploitation using root kits, methods of planting a root kit);
• using keystroke loggers;
• Firewall and IDS evasion techniques;
• utilising password cracking software;
• techniques in which to install, use and hide trojans
• strategies for denial of service attack;
• utilising weaknesses with buffer overflows – buffer overflow vulnerability, buffer overflow exploits, reasons for buffer overflow attack
• considering techniques for bypassing security including hiding files, alternate data streams, NTFS streams, stealing files using word processing documents

Students will have the opportunity to engage in practical activities covering the above activities

Penetration Testing
This section will consist of the specific examination of the requirements and expectations of penetration testing, drawing on other parts of the module and hacking techniques in order to undertake ethical hacking activities within the professional and ethical framework presented in the module.

Penetration testing methodologies – internal and external assessments – will be covered and the difference between black hat and grey hat penetration testing will be considered.

Different penetration approaches depending on the type of network – including wireless networks – will be discussed and evaluated.

Design of Countermeasures
Ethical hacking principles will be used in order to consider ways to design of countermeasures for threats such as; social engineering; root kit exploitation; password cracking; NTFS streaming; Trojans; Viruses and worms

Relationship to cognate disciplines
This section will include an overview of cognate disciplines, primarily computer forensics and ways in which computer forensic principles can be utilised to detect when an attack has been attempted and to investigate the details of the attack.




AIMS OF MODULE
The aim of the module is to provide students with the opportunity to develop theory and practice in ethical hacking through the examination of the principles, theories, technical skills and research issues associated with the disciplines of ethical hacking and computer security.

The module develops the technical aspects of the subject with particular reference to enhancing computer and network security. Students will have the opportunity to practice techniques and tools associated with penetration testing and evaluate a range of threats, including the use of various hacking tools and techniques over a variety of operating systems and platforms. Students will also have the opportunity to develop their research skills in designing and evaluating security vulnerabilities and countermeasures.




LEARNING OUTCOMES
By the end of the module students should be able to:

1. Evaluate the principles of ethical hacking and appreciate where and in what situations these principles should be applied.

2. Appreciate the legal and ethical issues associated with ethical hacking and be aware of the documentary and evidentiary standards expected in presenting the results of ethical hacking activities.

3. Analyse and evaluate the professional requirements of an ethical hacker and critically discuss the challenges facing the ethical hacker

4. Assess computer systems, information systems and networks to identify their vulnerabilities and weaknesses so as to be able to penetrate those systems or networks

5. Evaluate the means by which systems or networks are penetrated and design and test countermeasures to address those weaknesses and vulnerabilities.

6. Appreciate how the core concepts, knowledge and practice of computer security have developed through research.



PREREQUISITES
EN0403 Introduction to Ethical Hacking


DISTANCE LEARNING DELIVERY
N/A


LEARNING AND TEACHING STRATEGY
Learning and teaching will take place through a variety of mechanisms, including lectures, seminars, practical sessions, research into current developments and issues, case studies and guest / expert input. The subject of ethical hacking is continuously developing, evolving and changing and as a result students will be expected to keep up to date with developments through independent research. The input from guest speakers (practitioners and industry experts will contribute to the currency of the subject material).

Topics will be introduced in lectures and discussed through seminar activities and guided learning activities. The theoretical material on ethical hacking will be re-enforced through the critical analysis and discussion of case studies in seminar sessions.

Students will be encouraged to adopt an independent learning style, acquiring and applying knowledge through their own research and enquiry, supported by a series of guided activities and exercises. Students will be encouraged to share the findings of their research through seminar presentations and participation in on-line discussions with the rest of the student cohort.

Students will require access to Blackboard and on-line library facilities.

The material presented in this module is potentially damaging if used maliciously and the capabilities developed in this module have potential for harm. Academics will emphasise the professional expectations of students and of persons working in this domain as well as stressing the students’ ethical and moral responsibilities to themselves and others, including the School and the University.




ASSESSMENT STRATEGY
The module will incorporate Assessment for Learning principles as identified by Northumbria University’s Centre for Excellence in Teaching and Learning (CETL). Specifically, the module assessment meets the following Assessment for Learning (AfL) conditions: ?

- emphasises authenticity and complexity in the content and methods of assessment rather than reproduction of knowledge and reductive measurement. ?
- uses high-stakes summative assessment rigorously but sparingly rather than as the main driver for learning. ?
- offers students extensive opportunities to engage in the kinds of tasks that develop and demonstrate their learning, thus building their confidence and capabilities before they are summatively assessed. ?
- provides an environment that is rich in feedback derived from formal mechanisms e.g. tutor comments on assignments, student self-review logs. ?
- provides an environment that is rich in informal feedback, e.g. peer review of draft writing, collaborative project work, which provides students with a continuous flow of feedback on ‘how they are doing’. ?
- develops students’ abilities to direct their own learning, evaluate their own progress and attainments and support the learning of others.

a Summative assessment and rationale for tasks
Summative assessment will be by a research report (assessing all module learning outcomes), will be based on a series of cases studies introduced in EN0403, dealing with the application of ethical hacking tools and techniques, the evaluation of the vulnerability and the production of countermeasure designs, and will be presented at Student Cyber Security Workshops.


b. Additional formative assessment – detail of process and rationale
Formative assessment activities will be provided to students through the work they do in seminars, presentations and practical sessions.

c. Indication of how students will get feedback and how this will support their learning
Formative feedback will be provided to students through the work they do in seminars, presentations and practical sessions.




IMPLICATIONS FOR CHOICE
None




 

 Back to Previous Page   |   Advanced Course Search   |   Browse All Courses


Was this page useful to you?

Northumbria University has taken reasonable care to ensure that the information published is accurate at the time of publication. However, the University gives no warranty or representation as to the quality, accuracy or completeness of the information.