ITOP 2415: Network Exploits, Vulnerabilities and Penetration Testing
Effective date
September 2021
School
Continuing Studies
Description
This course introduces students to the art of ethical hacking and security testing. The course covers the legality of ethical hacking, TCP/IP, malicious software, security attacks, enumeration, programming concepts, vulnerabilities of operating systems, cryptography basics and network protection systems. Students will learn up-to-date techniques in protecting and defending their networks for internal and external intruders. Students will work in groups to find vulnerabilities in the network and try to exploit that vulnerability using various hacking tools.
Year of study
2nd Year Post-secondary
Prerequisites
ITOP 2411; ITOP 2204.
Course Learning Outcomes
Upon successful completion of this course, students will be able to:
- Describe the role of an ethical hacker
- Describe methods of protecting against malware attacks
- Explain different types of port scans
- Discuss the enumeration step of security testing
- Use basic tools used to perform attacks on web servers
- Describe intrusion detection systems
Prior Learning Assessment & Recognition (PLAR)
Please see Program Content Guide.
Hours
Lecture, Online, Seminar, Tutorial: 72
Total Hours: 72
Instructional Strategies
Students will engage with the material through a combination of interactive learning methods, such as hands-on activities, case studies, simulations, group work/discussions, demonstration and troubleshooting of problem-based tasks, projects, and exams.
Grading System
Letter Grade (A-F)
Evaluation Plan
Type
|
Percentage
|
Assessment activity
|
Assignments
|
50
|
Five to ten assignments (in-class and take home)
|
Quizzes/Tests
|
20
|
Two to four quizzes.
|
Final Exam
|
30
|
|
Course topics
- Introduction to Ethical Hacking
Overview of TCP/IP, IP Addressing, numbering system
Malicious software and malware/intruder attacks
Addressing physical security
Using web tools for footprinting
Conducting competitive intelligence
Using DNS zone transfers
Social engineering
Port scanning and tools, and ping sweeps
Understanding scripting
Enumeration - Windows and Unix-like OS
Programming concepts
Vulnerabilities (OS/web-applications) and tools for identification
Hardening an OS
Tools for web attackers and security testers
Wireless technologies, authentication, war driving and wireless hacking
Cryptography basics, algorithms, PKI, and attacks
Routers, firewalls, IDS, IPS, and honeypots
Security devices
Trivial File Transfer Protocol (TFTP) server
Password and hashcat cracking
Vulnerability testing
Password recovery
Social-Engineer Toolkit
Penetration testing, remediation, and reporting
Metasploit framework
Attacker techniques and methodologies
Learning resources
Hands-On Ethical Hacking and Network Defense by Michael Simpson and Nicholas Antill
Notes:
- Course contents and descriptions, offerings and schedules are subject to change without notice.
- Students are required to follow all College policies including ones that govern their educational experience at VCC. Policies are available on the VCC website at:
https://www.vcc.ca/about/governance--policies/policies/.
- To find out if there are existing transfer agreements for this course, visit the BC Transfer Guide at https://www.bctransferguide.ca.