Level 3 Technical Level IT: Cyber Security and Security Administration

Lesson plan

Level 3 Technical Level IT: Cyber Security and Security Administration

Unit name: Network and cyber security administration

Assessment outcome: AO7 - d

Tutor name:

Group or cohort
Week no. / 27
Date
Guidance notes
Penetration testing involves the practical use of hardware and software tools to investigate the vulnerabilities present in an organisation’s services and systems. This session provides learners with opportunities to test such tools in a controlled (and safe) environment.
Length – 3 hours
Resources:
Various websites may be used to illustrate key concepts:
SecTools.Org: Top 125 Network Security Tools
http://sectools.org/tag/vuln-scanners/
6 free network vulnerability scanners
http://www.networkworld.com/article/2176429/security/security-6-free-network-vulnerability-scanners.html
Five trustworthy password recovery tools
http://www.techrepublic.com/blog/five-apps/five-trustworthy-password-recovery-tools/
Introduction to Kali - The Linux Operating System Built for Hacking
https://www.youtube.com/watch?v=cLQ8Yd0C7sM
Online Penetration Testing Tools
https://pentest-tools.com/home
RFID with Arduino- Some Fun Hacking Cards
https://www.youtube.com/watch?v=Up-DSf98UFE
Many other resources are available, it will depend on the tutor’s selection of practical activities; those chosen here are to be considered as a representative sample only.
Links to other assessment or performance outcomes:
IT: Cyber Security
The following units within the qualification will benefit from aspects of this unit:
·  Unit 1 – Fundamental principles of computing
·  Unit 2 – Communication technologies
·  Unit 3 – Developing and maintaining computer networks.
IT: Cyber Security and Security Administration
The following units within the qualification will benefit from aspects of this unit:
·  Unit 1 – Fundamental principles of computing
·  Unit 2 – Communication technologies
·  Unit 3 – Developing and maintaining computer networks
·  Unit 4 – Network threats and vulnerabilities
·  Unit 5 – Maths for computing
·  Unit 7 – Managing Identity and Access to Systems
·  Unit 8 – Programming for Networking and Security
·  Unit 9 - Computer Forensic Investigation
Lesson objectives
·  Identify hardware and software tools used to perform a penetration test.
·  Describe the purpose and use of hardware and software tools used in penetration testing.
·  Confidently use a range of hardware and software tools in a controlled penetration test exercise. / Activities
Introduction to the lesson – register, learner-led progress, tutor led introduction to the topic.
Tutor led:
Present and (where practicable) demonstrate the hardware and software tools commonly used to perform a pentest. Software should minimally include:
·  Specialised operating system distributions, eg. Kali
·  Software frameworks and automation tools
·  Vulnerability scanners:
·  Password recovery tools (dictionary, brute-force or cryptanalysis, rainbow tables).
Hardware should include:
·  Frequency scanner, i.e. radio frequency identification (RFID)
·  Spectrum analyser.
·  USB adaptors (802.11, GPS etc).
Learner led:
Learners should use a range of software (including online applications) and hardware tools to perform typical penetration test probes on a quarantine network. This should be conducted under Tutor’s strict supervisor to minimise potential disruption.
Tutor led plenary – what have they learnt and how this will lead on to the next lesson.
Synoptic assessment
The learners will be able to draw from their knowledge, skills and understanding from the following units to support the learning within this lesson:
·  Unit 1 – Fundamental principles of computing
·  Unit 2 – Communication technologies
·  Unit 3 – Developing and maintaining computer networks
·  Unit 4 – Network threats and vulnerabilities
·  Unit 5 – Maths for computing
·  Unit 7 – Managing Identity and Access to Systems
·  Unit 8 – Programming for Networking and Security
·  Unit 9 - Computer Forensic Investigation / Stretch and Challenge activities?
If not covered as part of pen test, try, under strict supervision, any of the following:
·  Crack user password (testing password strength and policy)
·  Intercept unencrypted sensitive network data
·  Modify web content
·  Access or modify relational database content
·  Perform denial of service attacks
·  Perform remote audit and scan of a network to identify resources and services available
·  Perform SQL injection attacks on a web application
·  Use RF tools to analyse broadcast signals and identify traffic types and devices.
Transferable skills and/or soft skills
The following transferable skills are embedded into the activities for the group discussion, working in pairs and working through the scenarios:
·  analytical skills
·  attention to detail.
The following soft skills are embedded into the activities for the group discussion, working in pairs and working through the scenarios:
·  collaboration. / English and maths
There are many opportunities to reinforce mathematics in this topic, particularly in reference to the use of different number systems when dealing with encryption, network transmissions, operating system settings etc.
These include: numeral systems, positional weights, base or radix terms and correct notational use, common number bases, eg octal, hexadecimal, conversion of number systems, eg denary to octal, denary to hexadecimal.
Opportunities exist to reinforce English skills by expanding the learners’ subject terminology as specialist vocabulary, eg. encryption, packet injection, authentication, extensible, cipher, temporal, protocol etc,
Assessment
Assessment of learning having taken place will be based on:
·  observation of learner participation in-session.
·  observation of learner within practical environment and assessment of their practical abilities and number work
·  directed question and answer during the plenary. / Meaningful employer engagement
All of the activities in this topic can be discussed and referenced by individuals employed in the IT Security sector as occurring naturally in their day-to-day duties.
AQA Education (AQA) is a registered charity (number 1073334) and a company limited by guarantee registered in England and Wales (number 3644723). Our registered address is AQA, Devas Street, Manchester M15 6EX. / 2 of 4