This module has been designed to develop the skills required to test and evaluate the security and resilience of IT systems. Main areas covered are: Computer Security Concept, the Detection and Identification of Threats in diverse Systems. Operating System Protection Mechanisms, Security Architecture, User Authentication, Access control, Intrusion detection, Foot-printing and scanning, Denial of Service, System hacking and enumeration, Common Vulnerability Scoring System, Multilevel security and Trusted Computing, Security Auditing, Security Policies and Planning, Legal and Ethical issues, Business aspects of Penetration Testing, Technical Foundation of Hacking.

The wide development of technologies has further destabilised the already fragile balance
between the defenders and the attackers of computing infrastructures. Human society is dependent on
vulnerable computers controlling priceless information. In this information environment, organizations have
been forced to allocate considerable resources for protecting their information assets. Unfortunately,
worldwide statistics are indicating that things do go wrong, with catastrophic results most of the time. In the
last 34 years we have learned that most risks cannot be avoided. Instead we should try to control them, to
some extent, in a practical and cost-effective manner. One tool in the arsenal of the defenders of computing
infrastructures, Hacking! To secure a system it is essential for computer security professionals to understand the structure, configuration, tools and techniques that hackers rely upon to successfully commit their act. On this module you will study computer systems and network infrastructure as an attractive target to attackers.

Lectures will introduce key topics and concepts with tutor-assisted practical sessions. In the practical sessions you will get hands-on experience of the principles and under-pinning knowledge taught in the lectures. Formative, self-directed exercises to support transfer of knowledge and understanding will be undertaken weekly. Self-directed learning using on-line material will also be used to help develop your research and analytical skills. There will be a weekly one-hour lecture to supplement on-line material.

Harper, A. et. al, (2018), Gray Hat Hacking: The Ethical Hacker's Handbook, Fifth Edition, McGraw-Hill Education, ISBN 9781260108415

Bishop, M, (2019), Computer Security: Art and Science, Pearson, ISBN 9780321712332

Dulaney, E, (2017), CompTIA Security+ Study Guide, Sybex (7th edition), ISBN 9781119416876

Walker, M, (2019), CEH Certified Ethical Hacker, McGraw-Hill Education (4th edition), ISBN 9781260455083

An annually updated keylinks online resource bank will be made available

Specialist Cyber Security laboratory.
Virtual machines for example Kali Linux, Parrot Security, Windows Server and Metasploitable VMs.

Other appropriate software for example Kiwi Syslog Server and Wireshark.

The assessment will discuss the constructs and approaches used in deployment of suitable cyber systems to protect users and data detailing underpinning research, evaluation and implementation of secure systems and identification of weaknesses and vulnerability.

1. DEMONSTRATE THE TECHNICAL PRINCIPLES AND CONCEPTS INVOLVED IN SECURING NETWORKED AND STAND-ALONE SYSTEMS.

Knowledge & Understanding
Reflection

2. CRITICALLY EVALUATE SECURITY TECHNIQUES USED TO PROTECT SYSTEMS AND USER DATA.
Analysis

Problem solving

3. CRITICALLY EVALUATE SECURITY IMPLEMENTATION IN A SYSTEM AND IDENTIFY CRITICAL POINTS OF FAILURE WHICH LEAD TO SYSTEM COMPROMISE.
Problem Solving

Knowledge & understanding

4. EXPLAIN AND JUSTIFY THE ETHICAL ISSUES RELATING TO THE PERFORMANCE OF PENETRATION TESTING.
Reflection, Communication