Laboratory Modules

 Laboratory modules are used for teaching, research and outreach, and the design of laboratory modules reflect these uses. We use two different laboratory settings for our cybersecurity concentration courses – virtual and face-to-face.

The virtual laboratory is from the NDG NetLAB+ (https://www.netdevgroup.com/content/cybersecurity). This platform provides our students with  laboratory experiences on number of cybersecurity and computer science topics in an online environment. Our students conduct experiments in NISGTC Security+NISGTC Network SecurityNISGTC ForensicsNISGTC Ethical HackingCSSIA CompTIA Security+This laboratory is also used by our academic partners at a distance.

The face-to-face to laboratory is designed with laboratory units/workstations from Marcraft (https://tech-labs.com/products/marcraft-cyber-security-essentials-concepts-practices). We use these workstations/units to provide our students with hands-on laboratory experiences on application security, medical security, enterprise security, network security and ethical hacking. Both NDG labs and Marcraft labs are easy to use and pre-designed labs with instructions.

 
https://www.netdevgroup.com/content/cybersecurity/labs/

 

FORENSICS SUPPORTED LABS

Lab

Title

Objective

Objective Description

1

Introduction to File Systems

Digital Forensics Fundamentals

The candidate will demonstrate an understanding of forensic methodology, key forensics concepts, and identifying types of evidence on current Windows operating systems.

2

Common Locations of Windows Artifacts

Digital Forensics Fundamentals

The candidate will demonstrate an understanding of forensic methodology, key forensics concepts, and identifying types of evidence on current Windows operating systems.

3

Hashing Data Sets

Digital Forensics Fundamentals

The candidate will demonstrate an understanding of forensic methodology, key forensics concepts, and identifying types of evidence on current Windows operating systems.

4

Drive Letter Assignments in Linux

Evidence Acquisition, Preparation and Preservation

The candidate will demonstrate understanding of evidence chain-of-custody and integrity, E-discovery concepts, evidence acquisition and preservation, and the tools and techniques used by computer forensic examiners.

5

The Imaging Process

Evidence Acquisition, Preparation and Preservation

The candidate will demonstrate understanding of evidence chain-of-custody and integrity, E-discovery concepts, evidence acquisition and preservation, and the tools and techniques used by computer forensic examiners.

6

Introduction to Single Purpose Forensic Tools

Digital Forensics Fundamentals

The candidate will demonstrate an understanding of forensic methodology, key forensics concepts, and identifying types of evidence on current Windows operating systems.

7

Introduction to Autopsy Forensic Browser

Evidence Acquisition, Preparation and Preservation

The candidate will demonstrate understanding of evidence chain-of-custody and integrity, E-discovery concepts, evidence acquisition and preservation, and the tools and techniques used by computer forensic examiners.

8

Introduction to PTK Forensics Basic Edition

Evidence Acquisition, Preparation and Preservation

The candidate will demonstrate understanding of evidence chain-of-custody and integrity, E-discovery concepts, evidence acquisition and preservation, and the tools and techniques used by computer forensic examiners.

9

Analyzing a FAT Partition with Autopsy

File and Program Activity Analysis

The candidate will demonstrate an understanding of how the Windows registry, file metadata, memory, and filesystem artifacts can be used to trace user activities on suspect systems.

10

Analyzing a NTFS Partition with PTK

File and Program Activity Analysis

The candidate will demonstrate an understanding of how the Windows registry, file metadata, memory, and filesystem artifacts can be used to trace user activities on suspect systems.

11

Browser Artifact Analysis

Browser Forensics

The individual will demonstrate a solid understanding of Browser Forensics.

12

Communication Artifacts

User Communications Analysis

The candidate will demonstrate an understanding of forensic examination of user communication applications and methods, including host-based and mobile email applications, Instant Messaging, and other software and Internet-based user communication applications.

13

User Profiles and the Windows Registry

System and Device Profiling and Analysis

The candidate will demonstrate an understanding of the Windows registry structure, and how to profile Windows systems and removable devices.

14

Log Analysis

Log Analysis

The candidate will demonstrate an understanding of the purpose of the various types of Windows event, service and application logs, and the types of information they can provide.

15

Memory Analysis

File and Program Activity Analysis

The candidate will demonstrate an understanding of how the Windows registry, file metadata, memory, and filesystem artifacts can be used to trace user activities on suspect systems.

16

Forensic Case Capstone

Capstone Lab Covering all Objectives

Refer to descriptions above.


 ETHICAL HACKING SUPPORTED LABS

Lab

Title

Certified Ethical Hacking (CEH) Domain

1

Using Active and Passive Techniques to Enumerate Network Hosts

  • Introduction to Ethical Hacking
  • Scanning Networks
  • Enumeration
  • Sniffers

2

Conducting Active and Passive Reconnaissance Against a Target

  • Introduction to Ethical Hacking
  • Footprinting and Reconnaissance
  • Scanning Networks
  • Social Engineering

3

Using the SYSTEM account

  • System Hacking

4

Poison Ivy – Remote Access Trojan

  • System Hacking
  • Trojans and Backdoors
  • Viruses and Worms

5

Using the SHARK Remote Administration Tool

  • System Hacking
  • Trojans and Backdoors
  • Viruses and Worms

6

Utilizing Malware - Dark Comet

  • System Hacking
  • Trojans and Backdoors
  • Viruses and Worms

7

Breaking Windows Passwords

  • System Hacking

8

Using John the Ripper to Crack Linux Passwords

  • System Hacking

9

Using Spear Phishing to Target an Organization

  • System Hacking
  • Social Engineering
  • Session Hijacking

10

Breaking WEP and WPA Encryption

  • Hacking Wireless Networks

11

Using Metasploit to Attack a Remote System

  • Scanning Networks
  • Enumeration
  • Sniffers
  • Evading IDS, Firewalls, and Honeypots

12

Using Armitage to Attack the Network

  • Introduction to Ethical Hacking
  • Footprinting and Reconnaissance
  • Scanning Networks
  • System Hacking
  • Penetration Testing

13

Exploitation with IPv6

  • System Hacking

14

Creating MSFPAYLOADS

  • System Hacking
  • Trojans and Backdoors
  • Viruses and Worms
  • Penetration Testing

15

Abusing SYSTEMS

  • Denial of Service

16

SQL Injection

  • Hacking Webservers
  • Hacking Web Applications
  • SQL Injection

17

Launching a Buffer Overflow

  • System Hacking
  • Buffer Overflow

18

Intrusion Detection

  • Evading IDS, Firewalls, and Honeypots

19

Using Certificates to Encrypt Email

  • Cryptography

 


 

 NISGTC SECURITY+ SUPPORTED LABS

Lab

Title

Objective(s)

1

Network Devices and Technologies - Capturing Network Traffic

  • 1.1: Implement security configuration parameters on network devices and other technologies
  • 1.4: Given a scenario, implement common protocols and services

2

Configuring the pfSense Firewall

  • 1.1: Implement security configuration parameters on network devices and other technologies
  • 1.2: Given a scenario, use secure network administration principles

3

Protocols and Default Network Ports - Connecting to a Remote System

  • 1.1: Implement security configuration parameters on network devices and other technologies
  • 1.4: Given a scenario, implement common protocols and services

4

Secure Implementation of Wireless Networking

  • 1.5: Given a scenario, troubleshoot security issues related to wireless networking
  • 2.8: Explain types of wireless attacks

5

Incident Response Procedures<

  • 2.3: Given a scenario, implement appropriate risk mitigation strategies
  • 2.4: Given a scenario, implement basic forensic procedures

6

Secure Network Administration Principles Log Analysis

  • 1.2: Given a scenario, use secure network administration principles
  • 3.2: Summarize various types of attacks
  • 3.6: Analyze a scenario and select the appropriate type of mitigation and deterrent techniques

7

Analyze and Differentiate Types of Attacks and Mitigation Techniques

  • 3.2: Summarize various types of attacks

8

Mitigation and Deterrent Techniques – Password Cracking

  • 3.2: Summarize various types of attacks
  • 3.6: Analyze a scenario and select the appropriate type of mitigation and deterrent techniques

9

Identifying & Analyzing Network/Host Intrusion Detection System (NIDS/HIDS) Alerts

  • 1.1: Implement security configuration parameters on network devices and other technologies
  • 2.1: Explain the importance of risk related concepts
  • 2.5: Summarize common incident response procedures
  • 3.6: Analyze a scenario and select the appropriate type of mitigation and deterrent techniques
  • 3.7: Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities

10

Analyze and Differentiate Types of Malware & Application Attacks

  • 3.1: Explain types of malware
  • 3.2: Summarize various types of attacks
  • 3.5: Explain types of application attacks
  • 3.7: Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities

11

Discovering Security Threats and Vulnerabilities

  • 3.6: Analyze a scenario and select the appropriate type of mitigation and deterrent techniques
  • 3.7: Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities
  • 3.8: Explain the proper use of penetration testing versus vulnerability scanning

12

Importance of Data Security – Securing Data Using Encryption Software

  • 2.9: Given a scenario, select the appropriate control to meet the goals of security
  • 4.4: Implement the appropriate controls to ensure data security

13

Analyzing Types of Web Application Attacks

  • 3.5: Explain types of application attacks
  • 4.1: Explain the importance of application security controls and techniques

14

Authentication, Authorization and Access Control

  • 5.2: Given a scenario, select the appropriate authentication, authorization or access control
  • 5.3: Install and configure security controls when performing account management, based on best practices

15

Implementing Common Protocols and Services for Basic Security Practices

  • 1.1: Implement security configuration parameters on network devices and other technologies
  • 1.4: Given a scenario, implement common protocols and services
  • 6.1: Given a scenario, utilize general cryptography concepts
  • 6.2: Given a scenario, use appropriate cryptographic methods
  • 6.3: Given a scenario, use appropriate PKI, certificate management and associated components

16

General Cryptography Concepts

  • 2.9: Given a scenario, select the appropriate control to meet the goals of security
  • 6.1: Given a scenario, utilize general cryptography concepts
  • 6.2: Given a scenario, use appropriate cryptographic methods
  • 6.3: Given a scenario, use appropriate PKI, certificate management and associated components

  


 

NETWORK SECURITY SUPPORTED LABS

Lab1

Title

1

Configuring a Windows based Firewall to Allow Incoming Traffic

2

Configuring a Linux based Firewall to Allow Incoming and Outgoing Traffic

3

Implementing Secure DHCP and DNS

4

Configuring a Linux based Firewall to Allow Outgoing Traffic

5

Configuring Access Control Lists on a Linux Based Firewall

6

Configuring a Virtual Private Network with PPTP

7

Configuring a Virtual Private Network with OpenVPN

8

Implementing RIP, RIPv2, and Securing RIP

9

Intrusion Detection using Snort

10

Writing Custom Rules

12

Configuring RADIUS

14

Configuring a Site to Branch a Virtual Private Network

 


 

MARCRAFT LAB GROUPS

CYBER SECURITY ESSENTIALS (Concepts, Practices, Environments, and Testing)

Lab group 1 – Infrastructure Security and Surveillance Systems (These hands-on procedures are based on a two-part lab station that contains a security system trainer and an integrated multi-camera surveillance system)

Lab group 2 – Local Computer Security Options (The procedures in this lab group deal with security tools located on the local computer.)

Lab group 3 – Network Security Essentials (This lab group deals with basic networking, router configuration and wireless network setup activities.)

Lab group 4 – Implementing Cyber Security (Authentication protocols, disk, file and folder level encryption schemes and VPN configurations.)

Lab group 5 – Enterprise Network Security Systems (In this lab group, students will configure different enterprise networking security settings. Also, involves multiple routers and servers.)

Lab group 6 – Industrial and Utility Network Security (Students will turn their attention and activities to a network arrangement that is attached to the industrial process panel. They will examine the level of knowledge required to exploit the vulnerabilities of this type of configurations.)

Lab group 7 – Medical Network Security (Students will create and transport patient records while observing legal reuirements for handling medical records. They will also involve the server system, wireless router, medical sensors and loggers.)

Lab group 8 – Introduction to Ethical Hacking Tools (Students will be introduced to a number of different tools commonly used by hackers to attack and defend IT and ICS systems. Tools – Port scanners, packet construction tools, Network Analyzers, Penetration Testers, and Network traffic probes)

 

INDUSTRIAL NETWORK CYBER SECURITY

Lab group 1 – Basic ICS Networking: This lab group includes hands-on procedures that provide an introduction to computing devices and networking components typically encountered in an Operational Technology (OT) network environment. This includes PLC programming, building a SCADA system configuration and controlling/operating a multi-unit production process.

Lab group 2 – IT/OT Vulnerabilities: While penetration testing by its nature suggests attacking from outside the network, the facts are that majority of successful cyber-attacks involve either complete orchestration from inside threats, or some level of cooperation with an inside agent. As part of the pentest process, the procedures in this lab group examine common insider exploits.

Lab group 3 – Cyber Vulnerabilities: This lab group contains procedures and processes for pentesting the outer perimeter of the network. Hands-on activities explore both active and passive reconnaissance techniques, as well as methods of covering the existence of the pentester in the network after the network has been penetrated. This hands-on procedures in this lab group are designed to display options for determining how to pivot in the network and begin carrying out actions on task after gaining access.

Lab group 4 – Defending the OT Network

After completing the pentesting, the final step is to suggest solutions to the vulnerabilities that have been discovered. The hands-on activities in this lab group are designed to prove how defensive network structures are implemented to mitigate the vulnerabilities uncovered in the previous lab groups.

Lab group 5 – Incident Response and Handling

The key to successfully managing events is having a well-developed and tested incident response plan and being knowledgeable of incident recognition, triage and remediation/recovery steps and techniques. The initial procedures in this lab group deal with ongoing security in the form of tools used for the event, network, and security monitoring, logging and auditing activities to identify activities that may indicate the network is being threatened or has already been compromised. The lab group concludes with an examination of system backup and restoration options and practices, used to recover from a successful attack or natural disaster.

 

DIGITAL FORENSICS

Lab group 1 – Digital Forensics: Students will begin their journey along the digital forensics pathway by exploring digital footprints. They will discover that digital footprints can be found both online and in metadata.

Lab group 2 – Investigative Procedure: Students will practice investigative procedures including bagging and tagging evidence, following chain of custody and photographing evidence at the scene.

Lab group 3 – Data Storage:  Students will extract and examine potential evidence. They will learn how to use a file carver, recovery software and a hex editor.

Lab group 4 – Storage Media and Hardware Devices: Students will learn how to remove a suspect’s hard drive from a computer while observing safety precautions. They will use the Registry to determine the dates and times. USB flash drives were in a computer.

 Lab group 5 – Dealing with Passwords:  Students will use a password recovery program and hash generator. Students will also examine the contents of a live memory dump in an attempt to discover passwords.

Lab group 6 – Forensics Tools of the Trade: Students will learn how to encrypt and decrypt files.

Lab group 7 – Steganography: Students will use the QuickStego program to hide a message within an image. Students will also use the QuickStego program to display a hidden message.

Lab group 8 – Static Acquisition: Students will use a hardware write-blocker to prevent data from being written to a suspect’s drive while creating a forensic image. Students will also learn how to create a forensic image.

Lab group 9 – Live Acquisition: Students will create a memory dump while performing a live acquisition. They will also learn how to determine if a suspect has employed BitLocker.

Lab group 10 – Mobile Forensics: Students will learn how to use a Faraday bag to prevent remote tampering of evidence on mobile devices. They will also learn how to track suspects using WiFi hotspots. In addition, students will use Autopsy to examine potential evidence on an SD card. Finally, they will learn how to locate cellular towers through the use of online tools.

Lab group 11 – Network Forensics: Students will use a packet analyzer to examine packets traversing a network. They will use an OUI lookup tool to determine the manufacturer of a suspect’s network adapter. They will also learn how to use command-line tools.

Lab group 12 – Email and Cloud Evidence: Students will determine geolocation based on an IP address. They will also learn how to examine email headers and retrieve a search history on a suspect’s computer.