...IS3340 —Windows Security E-mail: E-mail: VShafer@itt-tech.edu Cell Phone#: 865-236-1869 Title: Analyzing Windows Application Software for Security Vulnerabilities Learning Objective ▪ Design techniques to protect given Windows application software from security vulnerabilities. Key Concepts ▪ Vulnerabilities to Microsoft server and client applications ▪ Strategies for securing Microsoft server and client applications ▪ Procedures for securing Microsoft applications Class/Content Outline: 5:00pm – 5:50pm Theory 7 (50 min.) 1. Roll / Lesson Plan / Handouts 2. Review/ Discuss Unit 8 ~ ▪ Chapter 12 “Microsoft Application Security”; pp. 271-296 3. In Class IS3340.U8.GA1 ~ Unit 8 Assignment 1: Policy for Securing Windows Environment ▪ You will select from the list of security controls that best addresses to each given ERP vulnerabilities. (*Note: You will refer to the Unit 1 case scenario IS3340.U1.TS3.doc for the Ken 7 Windows Limited details.) We will discuss the correct answers in class 6:00pm – 7:40pm Lab 1 (100 min.) 4. Lab 8 ~ Apply Security Hardening on Windows Microsoft Server & Microsoft Client Applications; pp. 68-73 8:00pm – 9:40pm Theory 7 (100 min.) & 9:50pm – 10:45pm Theory 7 (55 min.) 5. IS3340.U8.GA2 ~ Unit 8 Assignment 2: Best Procedures to Secure Windows Applications ▪ To complete IS3340.U8.GA2.doc ~ You will write a Windows application policy and define its procedure for...
Words: 630 - Pages: 3
...Technical Institute IS3340 Windows Security Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory Hours, 30 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisite: NT2580 Introduction to Information Security or equivalent Course Description: This course examines security implementations for a variety of Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA NT2580 NT2670 Introduction to Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to Security Auditing for Compliance Countermeasures Information Security Email and Web Services NT1230 NT1330 Client-Server Client-Server Networking I Networking II IS3230 IS3350 NT1230 NT1330 Issues Client-Server Client-Server SecurityContext in Legal Access Security Networking I Networking II NT1110 ...
Words: 2305 - Pages: 10
...Week 3 Lab Part 1: Web and Database Attacks & Malware and Malicious Software Learning Objectives and Outcomes Upon completing this lab, students will be able to: * Identify web application and web server backend database vulnerabilities as viable attack vectors * Develop an attack plan to compromise and exploit a web site using cross-site scripting (XSS) against sample vulnerable web applications * Conduct a manual Cross-site Scripting (XSS) attack against sample vulnerable web applications * Perform SQL injection attacks against sample vulnerable web applications with e-commerce data entry fields * Mitigate known web application and web server vulnerabilities with security countermeasures to eliminate risk from compromise and exploitation Overview This Lab will demonstrate a Cross-site Scripting (XSS) exploit and an SQL Injection attack on the test bed web application and web server using the Damn Vulnerable Web App (DVWA) loaded on an Apache Web Server on “TargetUbuntu01” Linux VM server. They will first identify the IP target host, identify known vulnerabilities and exploits, and then attack the web application and web server using XSS and an SQL Injection to exploit the web application using a web browser and some simple command strings. Assignment Requirements Watch the Demo Lab in Learning Space Unit 5 and then answer questions 1-10 below. Lab Assessment Questions & Answers 1. Why is it critical...
Words: 1054 - Pages: 5
...|ELECTRONIC BUSINESS | | | |STUDY GUIDE FOR | |INYM 225 MEC | |*INYM225MEC* | |FACULTY OF COMMERCE AND ADMINISTRATION | |MAFIKENG CAMPUS | Study guide compiled by: Ms S.T. Nthutang Instructional Design by Mrs Annelize Cronje,Senior Academic Development Advisor, ADC Page layout by Roxanne Bremner, Academic Development Centre Printing arrangements and distribution by Department Logistics (Distribution Centre). Printed by Nashua Digidoc Centre (018) 299 2827 Copyright ( 2014 edition. Date of revision 2016. North-West University, Mafikeng Campus. No part of this book may be reproduced in any form or by any means without written permission from the publisher TABLE OF CONTENTS Module information vii Study guide title: Electronic Business vii Module qualification:...
Words: 8803 - Pages: 36
...E-COMMERCE (TIT-501) UNIT I Introduction What is E-Commerce, Forces behind E-Commerce Industry Framework, Brief history of ECommerce, Inter Organizational E-Commerce Intra Organizational E-Commerce, and Consumer to Business Electronic Commerce, Architectural framework Network Infrastructure for E-Commerce Network Infrastructure for E-Commerce, Market forces behind I Way, Component of I way Access Equipment, Global Information Distribution Network, Broad band Telecommunication. UNIT-II Mobile Commerce Introduction to Mobile Commerce, Mobile Computing Application, Wireless Application Protocols, WAP Technology, Mobile Information Devices, Web Security Introduction to Web security, Firewalls & Transaction Security, Client Server Network, Emerging Client Server Security Threats, firewalls & Network Security. UNIT-III Encryption World Wide Web & Security, Encryption, Transaction security, Secret Key Encryption, Public Key Encryption, Virtual Private Network (VPM), Implementation Management Issues. UNIT - IV Electronic Payments Overview of Electronics payments, Digital Token based Electronics payment System, Smart Cards, Credit Card I Debit Card based EPS, Emerging financial Instruments, Home Banking, Online Banking. UNIT-V Net Commerce EDA, EDI Application in Business, Legal requirement in E -Commerce, Introduction to supply Chain Management, CRM, issues in Customer Relationship Management. References: 1. Greenstein and Feinman, “E-Commerce”, TMH 2. Ravi Kalakota, Andrew Whinston...
Words: 2913 - Pages: 12
...BCO1102 Information Systems for Business 2014 Semester 1 Prepared by Paul Darbyshire Prepared by Paul Darbyshire Welcome Welcome to BCO1102 Information Systems for Business for Semester 1, 2014. For the vast majority of you it will be a compulsory unit of study as it is part of the Business Core in all undergraduate Bachelor of Business degrees. The major focus of this unit is on how computer- based information systems can support decision making in organizations and businesses. Those decisions often need to be made by professionals who come from discipline areas you are studying such as accounting, management, information systems or marketing. One of the most important elements of an information system is people, so all of us need to know what role we can play and what role information and communication technologies (ICT) can play in supporting decisions. This unit will look at the theoretical side of information systems as well as personal productivity tools such as spread sheets and databases. In addition we will look at global trends in information systems and in particular the emerging use of Cloud Computing and Social Networking, which is sometimes called Web 2.0. The unit of study requires the textbook Introduction to Information Systems by Rainer, Prince and Cegielski 5th Edition. The textbook is used for the theory and some of the practical work in tutorials. All reading for this subject during the semester is assigned from this textbook. Feedback from previous...
Words: 3033 - Pages: 13
...TECHNICAL INSTITUTE NT1210 Introduction to Networking Onsite Course GRADED ASSIGNMENTS Graded Assignment Requirements Retain all handouts issued in every unit, as well as any assignment, research, or lab documents you prepare as part of assignments and labs. Some may be used more than once in different units. NOTE: Always check with your instructor for specific due dates of assignments. Graded Assignments Unit 1 Assignment 1: Computer Basics Review Course Objectives and Learning Outcomes Identify the major needs and major stakeholders for computer networks and network applications. Describe how digital devices store data. Describe the differences between input and output devices. Assignment Requirements In the Chapter Review Activities at the end of Chapter 1 in the Odom textbook (answers can be found in the textbook): Respond to the multiple-choice questions. Complete the List the Words inside Acronyms table. Required Resources Odom textbook Computer with word processing software Internet access Printer Submission Requirements: Submit your responses as a typed document using Arial or Times New Roman 12-point font, double-spaced. Label your assignment Unit 1 Assignment 1. Unit 2 Assignment 1: Identifying Network Topologies Course Objectives and Learning Outcomes * Identify the major needs and major stakeholders for computer networks and network applications. * Identify the classifications of networks and how they are applied to...
Words: 16182 - Pages: 65
...Introduction to Information Systems Security Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security Capstone Project 400 Level IS404 Access Control, Authentication & KPI IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications IS418 Securing Linux Platforms & Applications IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications 300 Level IS305 Managing Risk in...
Words: 4114 - Pages: 17
...Introduction to Networking Onsite Course GRADED ASSIGNMENTS Graded Assignment Requirements Retain all handouts issued in every unit, as well as any assignment, research, or lab documents you prepare as part of assignments and labs. Some may be used more than once in different units. NOTE: Always check with your instructor for specific due dates of assignments. Graded Assignments Unit 1 Assignment 1: Computer Basics Review Course Objectives and Learning Outcomes * Identify the major needs and major stakeholders for computer networks and network applications. * Describe how digital devices store data. * Describe the differences between input and output devices. Assignment Requirements In the Chapter Review Activities at the end of Chapter 1 in the Odom textbook (answers can be found in the textbook): * Respond to the multiple-choice questions. * Complete the List the Words inside Acronyms table. Required Resources * Odom textbook * Computer with word processing software * Internet access * Printer Submission Requirements: Submit your responses as a typed document using Arial or Times New Roman 12-point font, double-spaced. Label your assignment Unit 1 Assignment 1. Unit 2 Assignment 1: Identifying Network Topologies Course Objectives and Learning Outcomes * Identify the major needs and major stakeholders for computer networks and network applications. * Identify the classifications of networks and...
Words: 16043 - Pages: 65
...Belong? 1st QTR GS1140 NT1110 GS1145 Problem Solving Theory Computer Structure and Logic Strategies for the Technical Professional 2nd QTR NT1210 Introduction to Networking NT1230 Client-Server Networking I MA1210 College Mathematics I 3rd QTR NT1310 NT1330 MA1310 4th QTR PT1420 NT1430 EN1320 5th QTR PT2520 NT2580 EN1420 6th QTR NT2640 NT2670 CO2520 7th QTR NT2799 SP2750 Physical Networking Client-Server Networking II College Mathematics II Introduction to Programming Linux Networking Composition I Database Concepts Introduction to Information Security Composition II IP Networking Email and Web Services Communications Network Systems Administration Capstone Project Group Theory The follow diagram indicates how this course relates to other courses in the NSA program: 1 Date: 8/31/2012 Client-Server Networking I Syllabus NT2799 NSA Capstone Project NT2580 Introduction to Information Security NT2670 Email and Web Services NT2640 IP Networking PT2520 Database Concepts NT1330 Client-Server Networking II NT1230 Client-Server Networking I NT1430 Linux Networking PT1420...
Words: 1834 - Pages: 8
...Introduction to Networking Onsite Course GRADED ASSIGNMENTS Graded Assignment Requirements Retain all handouts issued in every unit, as well as any assignment, research, or lab documents you prepare as part of assignments and labs. Some may be used more than once in different units. NOTE: Always check with your instructor for specific due dates of assignments. Graded Assignments Unit 1 Assignment 1: Computer Basics Review Course Objectives and Learning Outcomes * Identify the major needs and major stakeholders for computer networks and network applications. * Describe how digital devices store data. * Describe the differences between input and output devices. Assignment Requirements In the Chapter Review Activities at the end of Chapter 1 in the Odom textbook (answers can be found in the textbook): * Respond to the multiple-choice questions. * Complete the List the Words inside Acronyms table. Required Resources * Odom textbook * Computer with word processing software * Internet access * Printer Submission Requirements: Submit your responses as a typed document using Arial or Times New Roman 12-point font, double-spaced. Label your assignment Unit 1 Assignment 1. Unit 2 Assignment 1: Identifying Network Topologies Course Objectives and Learning Outcomes * Identify the major needs and major stakeholders for computer networks and network applications. * Identify the classifications of networks and...
Words: 16043 - Pages: 65
...Systems Security [Onsite] Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Credit hours: 4 Contact hours: 50 (30 Theory Hours, 20 Lab Hours) Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security 400 Level Capstone Project IS418 IS404 Access Control, Authentication & KPI IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications Securing Linux Platforms & Applications 300 Level IS305 Managing Risk in Information Systems IS308 Security Strategies...
Words: 4296 - Pages: 18
...Networking Application Services and Security Course Revision Table Footer Date: 09/30/07 10/10/07 Section: All All Reason for Change: New Curriculum QA Edits Implementation Date: December 2007 December 2007 © ITT Educational Services, Inc. Date: 10/10/07 Exams & Answer Keys [Exam I —Unit 6] DATE: ________________________________ STUDENT NAME: ________________________________ COURSE NUMBER: ________________________________ INSTRUCTOR: ________________________________ ITT COLLEGE: ________________________________ General Instructions: 1. This is a closed-book, closed-notes Exam. No reference material (including assignments and lab) will be permitted for use during the exam session. 2. The exam contains true/false and multiple choice types of questions. 3. Please use the separate answer sheet provided to you for marking your answers. 4. Each question is worth two points. Good luck! © ITT Educational Services, Inc. Date: 10/10/07 Exams & Answer Keys 1. The most common cause of security breaches is ______. a. no alarm system b. weak passwords c. untrained security guards d. poor perimeter lighting 2. Windows Server administrators should not use the Administrator account for everyday activity. They should use the ________ command, only when performing administrative functions. a. super user b. run as c. task manager d. power user 3. For organizations with wireless networks, deployment of ________ is necessary to vastly increase the security of the wireless...
Words: 3277 - Pages: 14
...every day there are reports of information security breaches and resulting monetary losses in the news. Businesses and governments have increased their security budgets and undertaken measures to minimize the loss from security breaches. While cyberlaws act as a broad deterrent, internal controls are needed to secure networks from malicious activity. Internal controls traditionally fall into two major categories: prevention and detection. Intrusion prevention systems (IPS) block the IP traffic based on the filtering criteria that the information systems security practitioner must configure. Typically, the LAN-to-WAN domain and Internet ingress/egress point is the primary location for IPS devices. Second to that would be internal networks that have or require the highest level of security and protection from unauthorized access. If you can prevent the IP packets from entering the network or LAN segment, then a remote attacker can’t do any damage. A host-based intrusion detection system (IDS) is installed on a host machine, such as a server, and monitors traffic to and from the server and other items on the system. A network-based IDS deals with traffic to and from the network and does not have access to directly interface with the host. Intrusion detection systems are alert-driven, but they require the information systems security practitioner to configure them properly. An IDS provides the ability to monitor a network, host or application, and report back when suspicious activity...
Words: 3209 - Pages: 13
... |Department of Computer Science | | |http://csc.csudh.edu | |Course Title: |Communication Systems Security | |Course Number: |CTC 362 | |Instructor Name: | Mehrdad S. sharbaf, ph.d. msharbaf@csudh.edu, Office: tba, phone: tba, office Hours: tba | |Date: |Spring Semester, 2016 | |Course Length: |_15_ Weeks | |Web Companion |N/A | |Blackboard Web Site |HTTP://toro.csudh.edu...
Words: 1433 - Pages: 6