Aug 08, 2020  
2017-2018 Catalog 
2017-2018 Catalog [ARCHIVED CATALOG]

Add to Portfolio (opens a new window)

CIS 450 - Penetration Testing I

5 Credits
This course is the first course in the Penetration Testing certificate. Students begin by reviewing the five fundamentals: information gathering, scanning, enumeration, exploitation and reporting. They will examine actual exploitation techniques and the business practices needed to prevent the same. The course focuses on the penetration testing of large network infrastructures with layer 2 and layer 3 attacks. Students will use basic and advanced tools to examine packets and network traffic. Students will be exposed to service provider level attacks, including VPN and SSL attacks – and learn how to detect/defend against them. Students are introduced to creating a pen testing lab. Upon completing the course, students can sit for the Pen Testing Consultant certification exam.

Pre-requisite(s) CIS 370 and CIS 414 and CIS 420
Program Admission Required Yes Admitted Program BAS - CIS
Fees CF

Designed to Serve For students admitted to the BAS program in CyberSecurity and Forensics.
Active Date 2015-10-21

Grading System Decimal Grade
Class Limit 24
Contact Hours: Lecture 44 Lab 22 Worksite 0 Clinical 0 Other 0
Total Contact Hours 66
Degree Distributions:
Course Outline
I. Define Penetration Testing

II. Laws and relevant regulations

III. Business Practices and Policies

IV. Information Gathering

a. Common tools

b. Methodology

V. Scanning

a. Common tools

b. Methodology

VI. Enumeration

a. Common tools

b. Methodology

VII. Exploitation

a. Common tools

b. Methodology

VIII. Reporting

a. Common tools

b. Methodology

IX. Hardening and Testing Systems

X. Exploits and Payloads

XI. Service Provider Attacks

XII. Packet Capture and Analysis

XIII. Layer 2 Attacks

XIV. Layer 3 Attacks

XV. Attacks on Cisco Infrastructure

XVI. VPN Attacks

XVII. Exploiting Certificates and Trust on Networks

XVIII. Testing IDS and IPS Systems

XIX. Penetration Testing of Cloud Based Deployments

XX. Hardening and Retesting Systems

XXI. Reporting to the Client / Management

Student Learning Outcomes
Explain and report on the difference between penetration testing and hacking

Explain the laws and relevant regulations that apply to penetration testing of systems.

Apply the business practices and policies that should be in place.

Explain the application and use of the five fundamentals of penetration testing.

Demonstrate the use of common tools for information gathering, scanning, enumeration, exploitation and reporting.

Explain and demonstrate how to use the tools to harden and test systems

Explain and demonstrate the use of exploits with payloads.

Explain a service provider level attack

Demonstrate the capture and analysis of packets

Demonstrate and explain a Layer 2 attack

Add to Portfolio (opens a new window)