CSC8210 : Security Fundamentals and Tools
- Offered for Year: 2020/21
- Module Leader(s):
- Lecturer: Dr Charles Morisset
- Owning School: Computing
- Teaching Location: Newcastle City Campus
Semesters
| Semester 1 Credit Value: | 10 |
| ECTS Credits: | 5.0 |
Aims
It is often impossible to guarantee the complete security of a system, and a cyber-security analyst often aims instead to reveal gaps in security provisioning. The aim of this module is to develop skills to select and apply tools for carrying out security testing strategies including vulnerability scanning, penetration testing and ethical hacking.
Outline Of Syllabus
This module will look at a range of security tools and analysis, covering:
- Definition of Ethical Hacking
- Network Analysis (including host discovery and traffic analysis)
- Web Application Analysis (including XSS and vulnerability reporting)
- Operating System Analysis (including privilege escalation and buffer exploitation)
Teaching Methods
Please note that module leaders are reviewing the module teaching and assessment methods for Semester 2 modules, in light of the Covid-19 restrictions. There may also be a few further changes to Semester 1 modules. Final information will be available by the end of August 2020 in for Semester 1 modules and the end of October 2020 for Semester 2 modules.
Teaching Activities
| Category | Activity | Number | Length | Student Hours | Comment |
|---|---|---|---|---|---|
| Structured Guided Learning | Lecture materials | 20 | 0:15 | 5:00 | Short videos explaining the concepts and demonstrating the tools and techniques. |
| Structured Guided Learning | Lecture materials | 20 | 0:30 | 10:00 | Written and interactive material about the tools and techniques. |
| Guided Independent Study | Assessment preparation and completion | 20 | 1:00 | 20:00 | Completion of practical exercises in the lab. |
| Guided Independent Study | Assessment preparation and completion | 20 | 1:00 | 20:00 | Writing of the report accounting for and reflecting on the practical exercises (max 2,000 words) |
| Structured Guided Learning | Structured non-synchronous discussion | 20 | 0:30 | 10:00 | Engagement on discussion forums, discussion with demonstrators, module leaders and other students. |
| Scheduled Learning And Teaching Activities | Drop-in/surgery | 3 | 1:00 | 3:00 | Drop-in sessions organised with demonstrators (in-person or online, depending on availability) |
| Guided Independent Study | Independent study | 20 | 1:30 | 30:00 | Follow-up on the lecture material. |
| Scheduled Learning And Teaching Activities | Module talk | 2 | 1:00 | 2:00 | Online sessions by module leader, with Q&A session. |
| Total | 100:00 |
Jointly Taught With
| Code | Title |
|---|---|
| CSC8414 | Security Tools and Analysis |
Teaching Rationale And Relationship
This module follows a blended learning delivery method, articulated around 20 units of practical skill material. Each unit of material consists of a short video, accompanied by written and interactive material, including short formative quizzes. Learners are expected to discuss about the material on the discussion forum, curated by demonstrators and module lecturers. In addition, drop-in sessions (either online, using Zoom/Teams, or present-in-person, depending on availability) will offer learners the possibility to ask specific questions in small groups to demonstrators, and module talks will enable module leaders to reflect on the online discussion forums, and to discuss about points repeatedly mentioned. The assessment is done by realising a sequence of individualised practical exercises (i.e., given an exercise, the specific solution is different for each learner, even though the difficulty is the same), which are gradually released. Each practical corresponds to one or two units of material. Practical exercises are automatically verified, providing instant feedback to the learners. The final report consists of a reflection from the student on the different exercises done, steered by a specific essay question.
Note: This module corresponds to the first part of CSC8414.
Assessment Methods
Please note that module leaders are reviewing the module teaching and assessment methods for Semester 2 modules, in light of the Covid-19 restrictions. There may also be a few further changes to Semester 1 modules. Final information will be available by the end of August 2020 in for Semester 1 modules and the end of October 2020 for Semester 2 modules.
The format of resits will be determined by the Board of Examiners
Other Assessment
| Description | Semester | When Set | Percentage | Comment |
|---|---|---|---|---|
| Report | 1 | M | 100 | 2000 word report on practical work |
Formative Assessments
| Description | Semester | When Set | Comment |
|---|---|---|---|
| Report | 1 | M | Draft report including sample of reflective work, structure of the final report, and formatting style. |
Assessment Rationale And Relationship
The coursework consists of a series of practical tasks that need to be solved using security tools and analysis techniques covered in the module, as described in the syllabus. Most practical tasks will be automatically assessed during the module, following a Capture-the-Flag approach, thus enabling module participants to keep track of their progress. A final report should be submitted, including a reflection on the practical exercises, and how the student informed their choices. The report is worth 100% of the final mark and should be submitted at the end of the module.
Reading Lists
Timetable
- Timetable Website: www.ncl.ac.uk/timetable/
- CSC8210's Timetable