CISW 250 Ethical Hacking and Countermeasures*

To understand why IT vulnerabilities exist, and how to protect a system or network against them, one must understand the nature of these vulnerabilities, and how they are used to gain access to networks and systems. In a closed, controlled setting, students will learn the methodologies, tools and techniques used by penetration testers in order to properly secure their networks and systems.

Credits

3 Credits

Semester Contact Hours Lecture

45

Prerequisite

CISW 240 and CISS 236

CISW 250Ethical Hacking and Countermeasures*

Please note: This is not a course syllabus. A course syllabus is unique to a particular section of a course by instructor. This curriculum guide provides general information about a course.

I. General Information

Department

Information Technology

II. Course Specification

Course Type

Program Requirement

Credit Hours Narrative

3 Credits

Semester Contact Hours Lecture

45

Prerequisite Narrative

CISW 240 and CISS 236

Grading Method

Letter grade

Repeatable

N

III. Catalog Course Description

To understand why IT vulnerabilities exist, and how to protect a system or network against them, one must understand the nature of these vulnerabilities, and how they are used to gain access to networks and systems. In a closed, controlled setting, students will learn the methodologies, tools and techniques used by penetration testers in order to properly secure their networks and systems.

IV. Student Learning Outcomes

Upon completion of this course, a student will be able to:

  • Describe penetration testing, and discuss its legal and practical ramifications.
  • Set up and maintain tools necessary for penetration testing.
  • Describe, and demonstrate the practice of each of the following technical areas: a. Reconnaissance: network/traffic/vulnerability analysis and similar topics b. Tools: using tools like Metasploit to exploit systemic weaknesses c. Web: Penetration testing websites and applications d. Systems: Penetration testing OS and services e. Offline: Exploiting information obtained through interaction with a system, such as a password analysis f. Maintaining Access: Post-exploitation and pivoting to other systems/networks

V. Topical Outline (Course Content)

VI. Delivery Methodologies