On this module you will study computer systems and network infrastructure as an attractive target to attackers. Hackers often manipulate software vulnerabilities and poor configuration to successfully gain access and steal information. To secure a system it is essential for computer security professionals to understand the structure, configuration, tools and techniques that hackers rely upon to successfully commit their act. It is also important to test the network regularly and discover any vulnerability due to miss configuration or poor patching.

1. EXPLAIN AND CRITICALLY DISCUSS THE ETHICAL ISSUES RELATING TO THE PERFORMANCE OF PENETRATION TESTING.
Knowledge and Understanding, Learning

2. EXPLAIN AND ANALYSE THE STAGES REQUIRED BY AN ETHICAL HACKER TO SUCCESSFULLY COMPROMISE A TARGET.
Analysis, Problem Solving, Application

3. CRITICALLY EVALUATE SECURITY TECHNIQUES USED TO PROTECT SYSTEMS AND USER DATA. Analysis, Problem Solving

4. DEMONSTRATE A CRITICAL KNOWLEDGE OF THE TOOLS, METHODS AND PROCEDURES USED WITHIN THE NETWORK SECURITY ARENA.
Knowledge and Understanding, Reflection

5. COMMUNICATE EFFECTIVELY THE RESULTS OF PENETRATION TESTING.
Communication

Assignment 1 covers Learning Outcomes 1, 2 and 4.
A report based upon the 5 phases of Ethical Hacking. Students are required to demonstrate a range of tools within each of the 5 phases of hacking.

Assignment 2 covers Learning Outcomes 3 and 5
A report based upon the 5 phases of Ethical Hacking. Students are required to critically evaluate the security component implemented in each stage to counter the hacking activity. This should be demonstrated using appropriate tools.

26 hours of lectures and 52 hours of practical/tutorials

Students will be required to complete background reading prior to each lecture / tutorial. The background reading will help them underpin the practical demonstrations. Practical tasks will be used to re-enforce and apply theory to encourage an analytical and problem-based approach to penetration testing. Where appropriate students will be given informative assessment to complete and evaluate with their peers.

Data Protection Act 2018 and GDPR 2018 ISO/IEC/IEEE 29148:2011
Harris, S., Harper, A., Eagle, C. Ness, J (2011) Gray Hat Hacking: The Ethical Hacker's handbook, 3rd edition, New York, McGraw-Hill, ISBN:0071495681
ISO 8000-8:2015 Data quality -- Part 8: Information and data quality: Concepts and measuring
ISO 27002, Information technology, security techniques, code of practice for information security management, (2007). Geneva: ISO/IEC.
Pfleeger, C. and Pfleeger, S. (2012). Security in computing. Upper Saddle River: Prentice Hall. ISBN:978-0132390774
Simpson, M., Backman, K. and Corley, J. (2013). Hands-on ethical hacking and network defense. Boston, MA: Course Technology. ISBN: 1133935613
Stallings, W. (2008). Computer security: Principles and Practices. New Jersey: Pearson. ISBN:9780136004240
West-Brown, M. (2003). Handbook for Computer Security Incident Response Teams (CSIRTs). [United States]: Carnegie-Mellon University Pittsburgh PA Software Engineering Institute.

Access to a forensic / security lab
Access to Virtual Machines

None

This module has been designed to develop the skills required to test and evaluate the security and resilience of IT systems. It will principally focus on the following topics:

- Why businesses need to perform penetration testing.
- Overview of Ethical Hacking/Penetration Testing phases.
- Introduction to Linux.
- SQL Injection and common ways to gain access to system(s).
- Nmap and Metasploit.
- Firewalls using iptables I and II.
- Intrusion detection methods.
- Common Vulnerability Scoring Systems (CVSS).
- Introduction to active and passive data gathering.
- Understanding Footprinting and scanning.
- Advanced Linux topics.
- Basic scanning techniques.
- Tools and methods to perform an effective scanning to identify system vulnerabilities.
- System hacking and enumeration.