COURSE SUMMARY
Course Title: 
Advanced Network Security
Course Code: 
18SN706
Year Taught: 
2018
Degree: 
Postgraduate (PG)
School: 
School of Engineering
Center: 
Cyber Security
Campus: 
Amritapuri

"Advanced Network Security" is an elective course offered in the third semester of M. Tech. in Cyber Security Systems & Networks program at School of Engineering, Amrita Vishwa Vidyapeetham, Amritapuri.

Application Security – Introduction – Overview of Attacks Against Applications, AttackingSUID Programs, Environment Attacks, Input Argument Attacks, File Access Attacks, Smashing the Stack for Fun and Profit, Format String Attacks, Assembly Primer, ELF File Format, PLT and GOT, Data and BSS Overflow,Array Overflow, Non-terminated String Overflow, Heap Overflow, Tools and Defenses.

Network Security – Introduction – Overview of Network Attacks, Network Protection -IDS, Types of IDS's, Issues in Intrusion Detection, Challenges in Intrusion Detection, Taint Analysis, Network Based IDS, Problems in NIDS, Impact Analysis, TCP Overview - Connection Setup/Teardown, Packet Sniffing, Detecting Sniffers on your network, IP Spoofing, ARP Poisoning, UDP Hijacking, Fragmentation Attack- Ping of Death, Evasion & Denial of Service, UDP Hijacking, TCP Spoofing, TCP Hijacking - Mitnick attack, Joncheray attack, SYN Flood Attack, Denial of Service Attack, Port Scanning Techniques, ICMP, ICMP Attacks – ICMP Echo Attacks, Smurf Attacks, ICMP Redirect Attacks, WLAN, 802.11, Wireless Security Overview, Attacks Against Wireless Networks – Eavesdropping, WEP Attacks, Injection Attacks -, WEP Encryption, WEP Attacks, FMS Attack, Denial of Service, Man-in-the-Middle Attack, Protection Mechanisms and Tools, War Driving, Vulnerabilities in Internet Applications(SMTP, FTP, DNS, Remot Access), SPAM, DNS Zones, Zone Transfer, BIND, DNS Spoofing, DNS Cache Poisoning,IPSec – Introduction, Tunnel & Transfer Modes, IPSec Authentication Header, Encapsulating Security Header and Payload, IPSec Key Exchange, VPNs, FTP Protocol,Exploiting FTP, FTP Bounce

Web Security – HTTP Challenge Response Protocol, Web-based Authentication, Man-in-the-Middle Attacks, Cookies, Sessions, CGI, Active Server Pages (ASP), Servlets, Java Server Pages, PHP, Web Framework, Client-side Scripting , DOM and BOM, Javascript Security, Browser Security, AJAX, Web Attacks, SQL Injection, XSS, Authentication Attacks, Authorization Attacks, Command Injection Attacks, Server-Side Includes(SSI)

  1. Charlie Kaufman, Radia Perlman and Mike Speciner, “Network Security: PRIVATECommunication in a PUBLIC world”, Second Edition, Prentice Hall, 2002.
  2. Eric Rescoria, “SSL and TLS : Designing and Building Secure Systems”, Addison-Wesley Professional, 2000.
  3. Jonathan Katz, YahudaLindell, Introduction to Modern Cryptography, CRC Press
  4. Larry L.Peterson, Bruce S. Davie, Computer Networks: A Systems Approach
  5. Jon Ericson, Hacking: The Art of Exploitation , Second Edition, No Starch Press, 2008