Computer Penetration Testing
This module will cover a range of elements concerned with digital penetration testing and security testing. Initial lectures consider important soft skills such as documentation techniques, reporting, the law, and risk assessment and management. The practical skills and their related theoretical knowledge include operating system weaknesses, information gathering (both passive and active), and various ethical hacking techniques and processes. Considerable practical focus is made on available tools to assist in auditing and penetration testing. Aspects targeted include operating systems, common network services, and network-based applications.
This module will cover elements of operating system disk-level architectures, such as Windows and Linux. This will allow students to study how operating systems store system and user data, and thus students will gain an understanding as to what information could technically be held on such systems. This data could include user files, as well as user activities such as login session data, browsing histories, operating system manipulation, and general user interactions with a variety of operating system tools. This understanding will be expanded through theoretical knowledge and practical exercises in extracting information from systems, using a variety of open source and commercial forensic analysis tools, and documenting the results of such a process using consistent and thorough evidential procedures. This includes the production of event timelines, as well as the analysis of system logs, operating system state, file systems, and application data. The module will also consider the ethical and professional issues related to digital forensics.
Incident Response and Malware Analysis
The aim of the module is to develop a deep understanding of advanced areas related to security and live/network forensics, with a strong focus on virtualised environments that will allow graduates to act professionally within incident response and in malware/threat analysis. An outline of the main areas includes:
• Threat Timelining This involves networks and host traces around key threats, such as DDoS, malware infection and data loss.
• Host Investigation Evidence Gathering: Windows, Linux, Android and Mac OS.
• System Architectures, Services and Devices. Networked infrastructures (Servers/Firewall/IDS/ Syslog).
• Network Protocol Analysis. Advanced Network Protocol Analysis, Advanced Trace Analysis, IDS Signature Detection, and Security Threat Network Traces.
• Log Capture/Analysis, and Time-lining. Creating large-scale data infrastructure and analysis methods such as Big Data, SIEM and cross-log analysis .
• Malware Forensics. Code Analysis, Host/Network Analysis, Reverse Engineering. Mobile/x86 architecture, Machine Code Analysis, Vulnerability Analysis and Sandboxed Analysis.
• Malware Analysis. Encoding methods. Static/Dynamic Analysis. Disassembly. Obfuscation. Behaviour Analysis. Encoding methods.
• Advanced Malware Analysis. Anti-disassembly, anti-debugging, packers and unpackers, malware launching, malware signatures, and shell code analysis.
• Data Hiding Data hiding methods, tunnelling, and disk encryption.
• Current Related Research.
The work for this module comprises the completion of an individual research project. Each student is assigned a personal Supervisor, and an Internal Examiner who monitors progress and feedback, inputs advice, examines the dissertation and takes the lead at the viva.
There are two preliminary deliverables prior to the submission of the final dissertation:
(1) Project proposal
(2) Initial Report including time plan and dissertation outline
The aim of the module is to develop a deep understanding of advanced areas related to security and digital forensics that will allow graduates to act professionally in the design, analysis, implementation, and reporting of network security strategies. An outline of the main areas includes:
• Introduction. Networking Concepts; Network Security Concepts; Network Threats and Attacks; Network Defense - Perimeter, Defence in Depth
• Firewalls. Concepts; Types - Host, Network; Technologies - Static packet filtering; Stateful packet filtering; Multilayer firewall; Architectures; Polices; and Implementation and Deployment.
• Intrusion Detection and Prevention Systems (IDPS). Concepts; Types; Alert Monitoring and Sensor Tuning; behavioural analysis, in-line/out-of-line.
• Access Control and Authentication. Concepts: Trust and Identity; Attacks; Models - Access Control Models; Network Device Access Control; AAA, Layer 2; Device Hardening.
• Remote Access and VPNs. Concepts; Cryptography; Types - L2, L3 and L4/5; Technologies; IPSec and SSL.
• Wireless Security. Wireless Overview; Attacks; Encryption; Authentication.
• CCNA Certification - Concepts. CIA; Attacks on CIA; Data Classification; Law and Ethics; Network policies; Risk Management and Secure Network Design; Security in the SDLC; Cisco self-defending network; Secure Administration.
• CCNA Certification - Secure Infrastructure and Extending Security. Cisco Layer 2 Security; Cisco IOS Firewalls. Cisco IOS IPS; Cisco VPN and Cryptographic Solutions; Digital Signatures and PKI.
Security Audit & Compliance
The aim of the module is to let you develop a deep understanding of the framework that information security operates in, and to give you an opportunity to express this in the form of professional written reports. Topics covered include:
• Overview of relevant laws and regulations: national and international, covering Data Protection, computer misuse and other legal issues.
• The relation between governance models and frameworks including: ISACA’s COBIT and ISO Standards (ISO27000 in particular)
• Role of the professions; difference between audit, forensics and security management. Professional ethics and codes of practice
• Risk management, contingency and continuity planning
• Understanding and application of the COBIT domains
The focus of this module is to provide a core understanding of the fundamental areas of cryptography and host-based security. It focuses on two core areas:
- Cryptography Fundamentals (GCD, Elliptic Curve, etc).
- Asymmetric Key Encryption. Including RSA and Elliptic Curve.
- Symmetric Key Encryption. Including AES and associated modes.
- Hashing and MAC Methods. Including MD5, SHA-1, SHA-256, SHA-3 and PBKDF2.
- Tunnelling. SSL/TLS, IPSec.
- Trust Infrastructures. Digital Certificates, Key Distribution Centres (Kerberos), Identity and role integration (Key pair identity, multi-factor, biometrics).
- Key Exchange. Diffie-Hellman Method, ECDH.
- Blockchain, Distributed Ledgers and Cryptocurrency. Ethereum, Smart Contracts, Data Tokenization.,Transactions.
- Future cryptography: Zero Knowledge Proof, Homomorphic Encryption, Light-weight cryptography, Quantum robust methods.
Host-based integration with domain infrastructures:
- Practical authentication methods (Linux/Windows).
- Host data analysis using data analysis tools.
- Host and domain system rights. Active Directory. Log integration and rights.
- Security auditing best-practice for hosts. Active patch management. Risk assessments.
* These are indicative only and reflect the course structure in the current academic year. Some changes may occur between now and the time that you study.