CISW 250 Ethical Hacking and Countermeasures

To understand why IT vulnerabilities exist, and how to protect a system or network against them, one must understand the nature of these vulnerabilities, and how they are used to gain access to networks and systems. In a closed, controlled setting, students will learn the methodologies, tools and techniques used by penetration testers in order to properly secure their networks and systems.

Credits

3

Semester Contact Hours Lecture

15

Semester Contact Hours Lab

60

General Education Competency

[GE Core type]

CISW 250Ethical Hacking and Countermeasures

Please note: This is not a course syllabus. A course syllabus is unique to a particular section of a course by instructor. This curriculum guide provides general information about a course.

I. General Information

Department

Information Technology

II. Course Specification

Course Type

Program Requirement

General Education Competency

[GE Core type]

Credit Hours Narrative

3

Semester Contact Hours Lecture

15

Semester Contact Hours Lab

60

Grading Method

Letter grade

Repeatable

N

III. Catalog Course Description

To understand why IT vulnerabilities exist, and how to protect a system or network against them, one must understand the nature of these vulnerabilities, and how they are used to gain access to networks and systems. In a closed, controlled setting, students will learn the methodologies, tools and techniques used by penetration testers in order to properly secure their networks and systems.

IV. Student Learning Outcomes

Upon completion of this course, a student will be able to:

  • Describe penetration testing, and discuss its legal and practical ramifications.
  • Set up and maintain tools necessary for penetration testing.
  • Describe, and demonstrate the practice of, each the following technical areas:
  • Reconnaissance: network/traffic/vulnerability analysis, and similar topics
  • Using tools like Metasploit to exploit systemic weaknesses
  • Penetration testing the web
  • Penetration testing OS and services
  • Exploiting information obtained through interaction with a system, such as password analysis
  • Maintaining Access: Post­exploitation and pivoting to other systems/networks

V. Topical Outline (Course Content)

VI. Delivery Methodologies