04-623   Cyber Defense

Course description

This course is designed to teach students the principles of cybersecurity and how they correlate to security practitioners and cyber adversaries. The course integrates networking and system management principles with a focus on system security through defensive strategies. Students will learn how to think like an attacker, how modern cyber-attacks and defenses work in practice, and how to evaluate risks and security systems. They will learn by working in a hands-on lab setting and participating in real-world internships while developing strong critical thinking skills. After completing this course, students will have the necessary core skills and understanding of typical risks and weaknesses as well as how to design a safe system using fundamental concepts and methodologies.

Learning objectives

• Determine the various levels of a cybersecurity evaluation
• Recognize the various types of cyber-threats
• Acquire the skills needed to conduct a hands-on cybersecurity assessment
• Use the learned techniques to defend IT assets against cyber-threats
• Understand the network, system, and application risks and how to manage them
• Understand techniques used by hackers to penetrate computer networks and systems
• Identify network, system, and application vulnerabilities and implement the strongest possible security countermeasure

Outcomes

Students will gain technical and intellectual skills in:

• Securing an IT infrastructure and examining and resolving security risks in networks and computer systems
• Creating, testing, and evaluating secure application software
• Developing policies and procedures for managing security risks in organizations

Content details

Cyber-threats, vulnerabilities, and attacks: Cyber Threats Summary, Vulnerabilities Review, Common avenues of Cyber-attack, The Global Cyber Threat Landscape, Threat Actor Types, Cybercriminals, Non-Adversarial Employees, Adversarial Employees, Nation State Actors, Hacktivists, Threat Modeling Fundamentals, State Espionage, Sabotage.

Incident response: External Attack on Servers, Suspicious Unauthorized Access, DDOS TCP-SYN Attacks, Web Shell Attack, Client-Side Attacks, Suspicious Email attacks, Detection techniques of Reverse Shell Connectivity, Data Breach Investigation, Malicious Command Execution, Internal Reconnaissance, Data Exfiltration, Anomaly Detection and Investigation, Hacking Tool Investigation, Identifying and Reacting to a Malware Attacks, Malware Incident handling.

Protective cybersecurity technologies: The Cyber Kill Chain, Cyber Intelligence, Application Security Overview, Web Application Firewall (WAF), Application Security Testing, Techniques and Products, the NIST Cybersecurity Framework, Digital Rights Management, Endpoint Protection Platform (EPP), Application Whitelisting/Blacklisting, File Integrity Monitor, Full Disk Encryption, Data Encryption and Key Management, Data Masking and Tokenization, Network Access Control, Data Leakage Prevention (DLP), Data Intrusion Prevention Systems, Secure Web Gateway, Secure Cloud Access Security Broker, Cloud Security Posture Management, and Cloud Security Overview

Prerequisites 

Any of the following fall semester courses:

• 04-720 Ethical Hacking
• 18-731 Network Security
• 04-721 Vulnerability Assessment and Testing

Alternatively, if a student does not have the prerequisites listed above, they should possess the following skills:

• Basic C or Python programming language skills
• Basic Linux commands and operations
• Knowledge of TCP/IP networking
• A strong background in cybersecurity threat models

Faculty

Jema David Ndibwile