The course has been designed to give students an extensive overview of cyber security issues, tools and techniques that are critical in solving problems in cyber security domains. The course aims at providing students with concepts of computer security, cryptography, digital money, secure protocols, detection and other security techniques. The course will help students to gauge understanding in essential techniques in protecting Information Systems, IT infrastructure, analysing and monitoring potential threats and attacks, devising security architecture and implementing security solutions. The students will also have a wider perspective to information security from national security perspective from both technology and legal perspective.
- Understand, appreciate, employ, design and implement appropriate security technologies and policies to protect computers and digital information.
- Identify & Evaluate Information Security threats and vulnerabilities in Information Systems and apply security measures to real time scenarios
- Identify common trade-offs and compromises that are made in the design and development process of Information Systems
- Demonstrate the use of standards and cyber laws to enhance information security in the development process and infrastructure protection
Duration : 45 hours
The course aims at providing students with concepts of computer security, cryptography, digital money, secure protocols, detection and other security techniques.
Module 1Cyber Security Concepts : (2 hours)
Essential Terminologies: Introduction about CS, CIA, Risks, Breaches, Threats, Attacks, Exploits. Information Gathering (Social Engineering, Foot Printing & Scanning). Open Source/ Free/ Trial Tools: nmap, zenmap, Port Scanners, Network scanners.
Module 2Cryptography and Cryptanalysis: (4 hours)
Introduction to Cryptography, Symmetric key Cryptography, Asymmetric key Cryptography, Message Authentication, Digital Signatures, Applications of Cryptography. Overview of Firewalls- Types of Firewalls, User Management, VPN Security, Security Protocols: - security at the Application Layer- PGP and S/MIME, Security at Transport Layer- SSL and TLS, Security at Network Layer-IPSec. Open Source/ Free/ Trial Tools: Implementation of Cryptographic techniques, OpenSSL, Hash Values Calculations MD5, SHA1, SHA256, SHA 512, Steganography (Stools)
Module 3Infrastructure and Network Security : (6 hours)
Introduction to System Security, Server Security, OS Security, Physical Security, Introduction to Networks, Network packet Sniffing, Network Design Simulation. DOS/ DDOS attacks. Asset Management and Audits, Vulnerabilities and Attacks. Intrusion detection and Prevention Techniques, Host based Intrusion prevention Systems, Security Information Management, Network Session Analysis, System Integrity Validation. Open Source/ Free/ Trial Tools: DOS Attacks, DDOS attacks, Wireshark, Cain & abel, iptables/ Windows Firewall, snort, suricata, fail2ban
Module 4Cyber Security Vulnerabilities& Safe Guards : (8 hours)
Internet Security, Cloud Computing &Security, Social Network sites security, Cyber Security Vulnerabilities-Overview, vulnerabilities in software, System administration, Complex Network Architectures, Open Access to Organizational Data, Weak Authentication, Authorization, Unprotected Broadband communications, Poor Cyber Security Awareness. Cyber Security Safeguards- Overview, Access control, IT Audit, Authentication. Open Web Application Security Project (OWASP), Web Site Audit and Vulnerabilities assessment. Open Source/ Free/ Trial Tools: WinAudit, Zap proxy (OWASP), burp suite, DVWA kit.
Module 5Malware : (8 hours)
Explanation of Malware, Types of Malware: Virus, Worms, Trojans, Rootkits, Robots, Adware’s, Spywares, Ransom wares, Zombies etc., OS Hardening (Process Management, Memory Management, Task Management, Windows Registry/ services another configuration), Malware Analysis. Open Source/ Free/ Trial Tools: Antivirus Protection, Anti Spywares, System tuning tools, Anti Phishing.
Module 6Security in Evolving Technology : (8 hours)
Biometrics, Mobile Computing and Hardening on android and ios, IOT Security, Web server configuration and Security. Introduction, Basic security for HTTP Applications and Services, Basic Security for Web Services like SOAP, REST etc., Identity Management and Web Services, Authorization Patterns, Security Considerations, Challenges. Open Source/ Free/ Trial Tools: adb for android, xcode for ios, Implementation of REST/ SOAP web services and Security implementations.
Module 7Cyber Laws and Forensics: (9 hours)
Introduction, Cyber Security Regulations, Roles of International Law, the state and Private Sector in Cyberspace, Cyber Security Standards. The INDIAN Cyberspace, National Cyber Security Policy 2013. Introduction to Cyber Forensics, Need of Cyber Forensics, Cyber Evidence, Documentation and Management of Crime Sense, Image Capturing and its importance, Partial Volume Image, Web Attack Investigations, Denial of Service Investigations, Internet Crime Investigations, Internet Forensics, Steps for Investigating Internet Crime, Email Crime Investigations. Open Source/ Free/ Trial Tools: Case Studies related to Cyber Law, Common Forensic Tools like dd, md5sum, sha1sum, Ram dump analysis, USB device
List of Practicals
- Implementation to gather information from any PC’s connected to the LAN using whois, port scanners, network scanning, Angry IP scanners etc.
- Implementation of Symmetric and Asymmetric cryptography.
- Implementation of Steganography.
- Implementation of MITM- attack using wireshark/ network sniffers
- Implementation of Windows security using firewall and other tools
- Implementation to identify web vulnerabilities, using OWASP project
- Implementation of IT Audit, malware analysis and Vulnerability assessment and generate the report.
- Implementation of OS hardening and RAM dump analysis to collect the Artifacts and other information’s.
- Implementation of Mobile Audit and generate the report of the existing Artiacts.
- Implementation of Cyber Forensics tools for Disk Imaging, Data acquisition, Data extraction and Data Analysis and recovery.