ENPM 808D - Office of Advanced Engineering Education

Syllabus
ENPM 808D: Security Tools for Information Security
Summer 2015
Instructor: Kevin Shivers
Office: 4417 Computer & Space Sciences Building
Contact: (301) 405-8836, [email protected]
Class hours: Wed, 1 June – 23 Aug, 5:30-8:45 PM
Class location: JMP 2121 (DETS)
Course objective:
This course is designed to give a broad survey of tools which are commonly used by Cybersecurity professionals.
Modern OSes (Windows. Linux, OSX) and scripting languages (BASH, Python, PERL, Ruby, Powershell) will be
discussed as well as utilities (grep, awk, sed, netstat, nbtstat, tracert, etc.) and technologies that enable them (such
as regular expressions.) Topics including securing and hardening installations (Bastille, CIS, Microsoft Baseline
Security Analyzer,) incident response and recovery (lsof, Sysinternals, Tripwire) vulnerability assessment and
compliance and configuration auditing (Nessus, Metasploit,) and network surveillance (tcpdump, Wireshark, Snort,
Bro.) Enterprise tools will also be examined (SIEM tools, Log correlation engines, etc.) In addition to the weekly
reading, there will be weekly individual projects (“homework”) and students will complete a final project. Students
taking this course do not need to have any previous programming experience, but will find familiarity with the
fundamental concepts of programming or scripting very helpful.
Grading:
The tentative final grade breakdown is as follows:
Homework (6x10%)
Final Project
Class Participation



60%
25%
15%
It is the student's responsibility to inform the instructor of any intended absences for religious observances in
advance. Notice should be provided as soon as possible but no later than the end of the schedule adjustment
period.
Academic Integrity: The University's Code of Academic Integrity is designed to ensure that the principle of
academic honesty is upheld. All students are expected to adhere to this Code. The Master’s in Cybersecurity
Program does not tolerate academic dishonesty. All acts of academic dishonesty will be dealt with in
accordance with the provisions of this code. Please visit the following website for more information on the
University's Code of Academic Integrity:
http://www.studenthonorcouncil.umd.edu/code.html
Honor Pledge: All assignments and exams for this course are governed by the Honor Pledge: “I pledge on my
honor that I have not given or received any unauthorized assistance on this exam/assignment.”
Tentative Syllabus:
Week Topics
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Intro
Overview of tasks to accomplish, Cybersecurity Domains
Linux and OSX
OS Tools
Utilities
Shell scripting (BASH)
Windows
OS Tools
Utilities
PowerShell Scripting
Introduction to scripting languages
Scripting structures
Ruby, Python, Perl, PowerShell
Task Focus
Configuration management, Audit and Compliance
Configuration and Patch Management tools
Defense in Depth
Perimeter defense
Firewalls, Proxies, IPS. Oh my!
Task focus
Securing and hardening
Bastille, CIS, MS Baseline, et.al.
Vulnerability Assessment tools
Nessus, OpenVAS, Nexpose, et. Al.
Penetration Testing tools
Metasploit et. al.
Anatomy of an Attack
Or, Why we need all these tools
Task Focus
Incident Response
Investigation
Network Tools
Flows
Tcpdump/wireshark
Task Focus
Data Recovery
Task Focus
Forensics and E-discovery
Data encryption, decryption and cryptography
TBD