Course

Cyber Security Concepts: Essential Terminologies: CIA, Risks, Breaches, Threats, Attacks, Exploits. Information Gathering (Social Engineering, Foot Printing & Scanning). Open Source/ Free/ Trial Tools: nmap, zenmap, Port Scanners, Network scanners.

Cryptography and Cryptanalysis: Introduction to Cryptography, Symmetric key Cryptography, Asymmetric key Cryptography, Message Authentication, Digital Signatures, Applications of Cryptography. Overview of FirewallsTypes of Firewalls, User Management, VPN Security, Security Protocols: – security at the Application Layer- PGP and S/MIME, Security at Transport Layer- SSL and TLS, Security at Network Layer-IPSec. Open Source/ Free/ Trial Tools: Implementation of Cryptographic techniques, OpenSSL, Hash Values Calculations MD5, SHA1, SHA256, SHA 512, Steganography (Stools).

Infrastructure and Network Security: Introduction to System Security, Server Security, OS Security, Physical Security, Introduction to Networks, Network packet Sniffing, Network Design Simulation. DOS/ DDOS attacks. Asset Management and Audits, Vulnerabilities and Attacks. Intrusion detection and Prevention Techniques, Host based Intrusion prevention Systems, Security Information Management, Network Session Analysis, System Integrity Validation. Open Source/ Free/ Trial Tools: DOS Attacks, DDOS attacks, Wireshark, Cain & abel, iptables/ Windows Firewall, snort, suricata, fail2ban.

Cyber Security Vulnerabilities & Safe Guards: Internet Security, Cloud Computing &Security, Social Network sites security, Cyber Security Vulnerabilities-Overview, vulnerabilities in software, System administration, Complex Network Architectures, Open Access to Organizational Data, Weak Authentication, Authorization, Unprotected Broadband communications, Poor Cyber Security Awareness. Cyber Security Safeguards- Overview, Access control, IT Audit, Authentication. Open Web Application Security Project (OWASP), Web Site Audit and Vulnerabilities assessment. Open Source/ Free/ Trial Tools: WinAudit, Zap proxy (OWASP), burp suite, DVWA kit.

Malware: Explanation of Malware, Types of Malware: Virus, Worms, Trojans, Rootkits, Robots, Adware9s, Spywares, Ransom wares, Zombies etc., OS Hardening (Process Management, Memory Management, Task Management, Windows Registry/ services another configuration), Malware Analysis. Open Source/ Free/ Trial Tools: Antivirus Protection, Anti Spywares, System tuning tools, Anti Phishing.

Security in Evolving Technology: Biometrics, Mobile Computing and Hardening on Android and IOS, IOT Security, Web server configuration and Security. Introduction, Basic security for HTTP Applications and Services, Basic Security for Web Services like SOAP, REST etc., Identity Management and Web Services, Authorization Patterns, Security Considerations, Challenges. Open Source/ Free/ Trial Tools: adb for android, xcode for ios, Implementation of REST/ SOAP web services and Security implementations.

Cyber Laws and Forensics: Introduction, Cyber Security Regulations, Roles of International Law, the state and Private Sector in Cyberspace, Cyber Security Standards. The INDIAN Cyberspace, National Cyber Security Policy 2013. Introduction to Cyber Forensics, Need of Cyber Forensics, Cyber Evidence, Documentation and Management of Crime Sense, Image Capturing and its importance, Partial Volume Image, Web Attack Investigations, Denial of Service Investigations, Internet Crime Investigations, Internet Forensics, Steps for Investigating Internet Crime, Email Crime Investigations. Open Source/ Free/ Trial Tools: Case Studies related to Cyber Law, Common Forensic Tools like dd, md5sum, sha1sum, Ram dump analysis, USB device.

Suggested Lab Sessions:

• Implementation to gather information from any PC9s connected to the LAN using whois, port scanners, network scanning, Angry IP scanners etc.
• Implementation of Symmetric and Asymmetric cryptography.
• Implementation of Steganography.
• Implementation of MITM- attack using wireshark/ network sniffers
• Implementation of Windows security using firewall and other tools
• Implementation to identify web vulnerabilities, using OWASP project
• Implementation of IT Audit, malware analysis and Vulnerability assessment and generate the report.
• Implementation of OS hardening and RAM dump analysis to collect the Artifacts and other information9s.
• Implementation of Mobile Audit and generate the report of the existing Artiacts.
• Implementation of Cyber Forensics tools for Disk Imaging, Data acquisition, Data extraction and Data Analysis and recovery.

CO1: Understand, appreciate, employ, design and implement appropriate security technologies and policies to protect computers and digital information.

CO2: Identify & Evaluate Information Security threats and vulnerabilities in Information Systems and apply security measures to real time scenarios.

CO3: Identify common trade-offs and compromises that are made in the design and development process of Information Systems.

CO4: Demonstrate the use of standards and cyber laws to enhance information security in the development process and infrastructure protection

1.       William Stallings, Cryptography and Network Security, Pearson Education/PHI, 2006.

2.       V.K. Jain, Cryptography and Network Security, Khanna Publishing House.

3.       Gupta Sarika, Information and Cyber Security, Khanna Publishing House, Delhi.

4.       Atul Kahate, Cryptography and Network Security, McGraw Hill.