CIS 2352 - Ethical Hacking

College of Computer & Information Technology

Credit(s): 3
Contact Hours: 47
Effective Term Summer 2021 (590)

Requisites

Prerequisite CIS 1358 with a minimum grade of C

Course Description

This course is designed to provide the student with an understanding of the techniques and methodologies of security penetration testing. This course provides hands-on instruction using the various tools and methods that security professionals use to analyze an information system in order to discover vulnerabilities and protect against information loss, cyber terrorism, and corporate espionage. The student will be introduced to fundamental security testing concepts, gain practical knowledge of computer programming, and learn how to properly document a security test. In addition to exploring the legal and ethical ramifications of penetration testing, students will also learn how to apply the appropriate countermeasures in order to reduce the risk that an organization faces. This course is aligned to prepare the student for the EC-Council Certified Ethical Hacker (CEH) industry certification exam. (Note: Credit is only given for CJE 1660 or CIS 2352.)

Learning Outcomes and Objectives

  1. The student will demonstrate knowledge of the definition of ethical hacking as well as the various laws that apply to hacking activities by:
    1. describing the role of an ethical hacker.
    2. describing what an ethical hacker can legally do.
    3. describing what laws apply to computer hacking.
  2. The student will demonstrate an understanding of basic concepts relating to the TCP/IP protocol by:
    1. describing the TCP/IP protocol stack and the various layers within the stack.
    2. explaining the basic concepts of IP addressing.
    3. explaining the binary, octal, and hexadecimal numbering systems.
  3. The student will demonstrate an understanding of attacks that threaten both networks and individual computers by:
    1. describing the different types of malicious software.
    2. describing the methods of protecting against malware attacks.
    3. describing the types of network attacks.
    4. identifying various physical security attacks and vulnerabilities.
  4. The student will gather information about computer systems by using footprinting methods and social engineering tactics by:
    1. using tools found on the World Wide Web for footprinting systems.
    2. conducting competitive intelligence activities.
    3. describing DNS zone transfers and their vulnerabilities.
    4. identifying the types of social engineering.
  5. The student will use various tools to conduct port scanning and system enumeration by:
    1. defining port scanning and describing different types of port scans.
    2. utilizing various port-scanning tools to scan a system and a network.
    3. explaining what ping sweeps are used for.
    4. explaining how shell scripting is used to automate security tasks.
    5. describing the enumeration step of security testing.
    6. enumerating targets that are running different operating systems.
  6. The student will identify various vulnerabilities of common operating systems by:
    1. describing the tools available to assess Microsoft system vulnerabilities.
    2. exploring the vulnerabilities of Microsoft operating systems.
    3. describing the vulnerabilities of services running on Microsoft operating systems.
    4. explaining the techniques used to harden Microsoft systems against common vulnerabilities.
    5. listing the best practices for securing Microsoft systems.
    6. describing the fundamentals of the Linux operating system.
    7. describing the vulnerabilities of the Linux operating system.
    8. conducting remote attacks against the Linux OS.
    9. explaining countermeasures for protecting the Linux operating system.
  7. The student will demonstrate an understanding of the vulnerabilities that exist in web server and wireless network hardware and software by:
    1. explaining Web application vulnerabilities.
    2. describing the tools used to attack Web servers.
    3. explaining wireless technology and describing wireless networking standards.
    4. describing wardriving and countermeasures to prevent information leakage.
    5. describing wireless hacking and tools used by hackers and security professionals.
  8. The student will demonstrate an understanding of how to protect networks with cryptography and other security devices by:
    1. describing symmetric and asymmetric cryptography algorithms.
    2. explaining public key infrastructure (PKI).
    3. identifying possible attacks on cryptosystems.
    4. describing network security devices.
    5. describing firewall technology.
    6. describing intrusion detection systems.

Criteria Performance Standard

Upon successful completion of the course the student will, with a minimum of 70% accuracy, demonstrate mastery of each of the above stated objectives through classroom measures developed by individual course instructors.

History of Changes

Eff 20071(0385). Prereq # chgd SCNS effective 20091(0415). Online 20092(0420). C&I Approval: 09/11/2007, BOT Approval: 10/16/2007, Effective Term: Spring 2010 (420). C&I Approval: , BOT Approval: , Effective Term: Fall 2015 (505). C&I Approval: 11/20/2015, BOT Approval: 03/15/2016, Effective Term: Fall 2016 (520). C&I Approval: 09/05/2019, BOT Approval: 09/24/2019, Effective Term: Spring 2020 (570).
C&I Approval: , BOT Approval: , Effective Term: Summer 2021 (590)

Related Programs

  1. Certified Ethical Hacker (CEH) (to DIGFORN-AS) (CEH3IC-AR) (600) (Active)
  2. Certified Ethical Hacker (CEH) (to ITSC-AS) (CEHIC-AR) (600) (Active)
  3. Certified Ethical Hacker (CEH) (to ITSC-CT) (CEH2IC-AR) (600) (Active)
  4. Cybersecurity (CYSEC-TR) (670) (Active)
  5. Cybersecurity (CYSEC-BAS) (610) (Active)
  6. Cybersecurity (ITSC-AS) (640) (Draft)
  7. Cybersecurity (ITSC-AS) (640) (Active)
  8. Cybersecurity (ITSC-CT) (510) (Active)
  9. Digital Forensics and Computer Investigations (DIGFORN-AS) (620) (Active)
  10. Technology Development & Management (TMGT-TR) (670) (Active)