appin technology lab (network security courses )
TRANSCRIPT
-
7/27/2019 Appin Technology Lab (Network Security Courses )
1/21
APPIN TECHNOLOGY LAB
APPIN MASTERS
2 Year Post-Graduate Program
Detailed course content
SEMESTER I SEMESTER II
S. NO. Subject S. NO. Subject
1 Introduction to Information Security 1 Vulnerability Assessment & Penetration Testing
2 Operating Systems 2 Cyber forensics
3 C/C++ Programming 3 Data Structure
4 Networking 4 Cyber Laws
5 Computer and Internet Fundamentals
SEMESTER III SEMESTER IV
S. NO. SUBJECTS S. NO. SUBJECTS
1 Data Security 1 Information Security management Systems
2 Web Security 2 Secured Programming
3 Network Security 3 DBMS
4 Desktop and Server Security 4 Project Work
5 Protection from Hacking Attacks
-
7/27/2019 Appin Technology Lab (Network Security Courses )
2/21
APPIN TECHNOLOGY LABFIRST SEMESTER
INTRODUCTION TO INFORMATION SECURITY
UNIT I
Introduction: Introduction to Data, Information, Knowledge, and Intelligence, Operating System Basics,DBMS Basics, Data Communication Basics, Basics of Computer networking, OSI model, TCP/IP protocol
suit, Networking devices. Security and its need, Cyber Threats.
UNIT II
Desktop & Server Security: Windows Security, Registries, Ports and Services, Vulnerabilities in Windows,
Intrusion into Windows, Counter Measure & Securing Windows, How to look for vulnerability? Deleted
file recovery, Introduction to LINUX.
UNIT III
Malwares: Malwares, VIRUS & Worm, Spy ware, Trojan, Bots, Logic Bomb, Counter Measures- Ant
viruses, Anti Spy Ware
UNIT IV
LAN Security: LAN Security, Setting up a LAN Network, Threats of LAN, Intruding MAC Address, Network
Scanners, Introduction to Wi-Fi LAN Security.
Firewall Security: Introduction to Firewalls, Working of a Firewall, Types of Firewall, Firewall
Application, Network Address Translation, Intrusion Detection, Logging, Port Filtering
UNIT V
Art of Googling: Terminologies, Basic Search Techniques, Advanced Search Techniques, Data Backup:
Introduction, Various Data Backup Strategies.
REFERENCE BOOKS:
1. Edward Halibozek, Robert Fischer, Introduction To Security, Author:, Apr 2008, David Walters,
Butterworth-heinemann.
2. Philip P. Purpura, Security: An Introduction, Mar 2010, Crc Press.
3. Khare, Information Security, 2006-10-01, Bpb.
4. Mark Merkow, James Breithaupt; Information Security : Principles And Practices, 01/01/2007,
Pearson
5. Niit, Information Security: An Overview, 2004, Phi Learning Pvt. Ltd
-
7/27/2019 Appin Technology Lab (Network Security Courses )
3/21
APPIN TECHNOLOGY LABOPERATING SYSTEMS AND BUSINESS PROCESSING
UNIT I
Introduction, What is an Operating System, Simple Batch Systems, Multiprogrammed Batches systems,
Time-Sharing Systems, Personal-computer systems, Parallel systems, Distributed Systems, Real-Time
Systems.
UNIT II
Memory Management: Background, Logical versus Physical Address space, swapping, Contiguous
allocation, Paging, Segmentation
Virtual Memory: Demand Paging, Page Replacement, Page-replacement Algorithms, Performance of
Demand Paging, Allocation of Frames, Thrashing, Other Considerations
UNIT III
Processes: Process Concept, Process Scheduling, Operation on Processes CPU Scheduling: Basic
Concepts, Scheduling Criteria, Scheduling Algorithms, Multiple-Processor Scheduling, Process
Synchronization: Background, The Critical-Section Problem, Synchronization Hardware, Semaphores,
Classical Problems of Synchronization
UNIT IV
Deadlocks: System Model, Deadlock Characterization, Methods for Handling Deadlocks, Deadlock
Prevention, Deadlock Avoidance, Deadlock Detection, Recovery from Deadlock,
Device Management: Techniques for Device Management, Dedicated Devices, Shared Devices, Virtual
Devices; Input or Output Devices, Storage Devices, Buffering, Secondary-Storage Structure: Disk
Structure, Disk Scheduling, Disk Management, Swap-Space Management, Disk Reliability
UNIT V
Information Management: Introduction, A Simple File System, General Model of a File System, Symbolic
File System, Basic File System, Access Control Verification, Logical File System, Physical File System File
System Interface: File Concept, Access Methods, Directory Structure, Protection, And Consistency
Semantics File-System Implementation: File-System Structure, Allocation Methods, And Free-Space
Management
REFERENCE BOOKS:
1. Silbersachatz and Galvin, Operating System Concepts, Pearson, 5th Ed., 2001
2. Madnick E., Donovan J., Operating Systems, Tata McGraw Hill, 2001
3. Tannenbaum, Operating Systems, PHI, 4th Edition, 2000
4. Shubhi Lall, Franklin S, Operating Systems & Business Data Processing, 2005, University Book
House (p) Ltd.
5. Silberschatz, Galvin, Gagne, Operating System Concepts,8Th Ed, International Student Version,2010, Wiley India Pvt Ltd
-
7/27/2019 Appin Technology Lab (Network Security Courses )
4/21
APPIN TECHNOLOGY LABC/C++ PROGRAMMING
UNIT I
C basics: C character set, Identifiers and keywords, Data types, constants, variables and arrays,
declarations, expressions statements, symbolic constants, compound statements, arithmetic operators,
unary operators, relational and logical operators, assignment operators, conditional operators, bit
operators. C constructs, loops, switch statement, nested control statement, break operator, continue
operator, comma operator, goto statement.
UNITII
C Functions: declaration, definition & scope, recursion, call by value, call by reference.
Storage Classes: automatic, external (global), static & registers. Arrays, pointers, array & pointer
relationship, pointer arithmetic, dynamic memory allocation, pointer to arrays, array of pointers,
pointers to functions, array of pointers to functions, Preprocessor directives. Structures: Structures,
unions, structure passing to functions, bit fields, file handling [text (ascii), binary], Standard library
functions from stdio.h, stdlib.h, conio.h, ctype.h, math.h, string.h, process.h
UNITIIIIntroduction: Object-Oriented Approach, Relating to other paradigms (functional, data decomposition).
Basic terms and ideas: Abstraction, Encapsulation, Inheritance, Polymorphism, Difference between C
and C++ - cin, cout, new, delete operators.
Classes and Objects: Encapsulation, information hiding, abstract data types, Object & classes, attributes,
methods, C++ class declaration, State identity and behavior of an object, Constructors and destructors,
instantiation of objects, Default parameter value, object types, C++ garbage collection, dynamic memory
allocation, Metaclass/abstract classes.
UNITIV
Inheritance and Polymorphism: Inheritance, multiple inheritance , Class hierarchy, derivation public,
private & protected, Aggregation, composition vs classification hierarchies, Polymorphism,
Categorization of polymorphism techniques, Polymorphism by parameter, Operator overloading,
Parametric polymorphism.
UNITV
Generic function template function, function name overloading. STL(Standard Template Library) . Files
and Exception Handling: Persistant objects, Streams and files, Namespaces, Exception handling, Generic
Classes.
REFERENCE BOOKS:
1. E. BalaGuruswamy, Programming in ANSI C, TMH, Latest Edition.
2. Al Kelly and Ira Pohl, A Book on C, (4th Ed.), Addison Wesley, Latest Edition.3. B. Kernighan and D. Ritchie, The ANSI C Programming Language, 2000, PHI.
4. Steven C. Lawlor, The Art of Programming Computer Science with C++, Vikas Publication.
5. Schildt Herbert, C++: The Complete Reference, 4th Ed., 1999, Tata McGraw Hill.
-
7/27/2019 Appin Technology Lab (Network Security Courses )
5/21
APPIN TECHNOLOGY LABNETWORKING
UNIT I
Devices: Repeaters, bridges, gateways, routers, The Network Layer, Design Issues, Routing Algorithms,
Congestion Control Algorithms, Quality of Service, Internetworking, Network-Layer in the Internet.
Transport and Upper Layers in OSI Model: Transport layer functions, connection management,
Functions of session layers, Presentation layer, and Application layer.
UNIT II
The Internet Protocol (IP): Introduction to IP, IP Packet Format, IP Address Classes, Transmission Control
Protocol, Subnetting & CIDR
IP Routing: Introduction to hardware & software related to IP routing, Routing information Protocol,
Enhanced Interior Routing Protocol, Open Shortest Path First
UNIT III
Switching & Bridging: Introduction of Switching & Bridging, STP & LAN Switch Types, VLAN - Virtual LAN,
Flexibility and Scalability
UNIT IV
Wide Area Network: Understanding WAN fundamentals, Understanding Tunneling Protocol & Frame-
Relay Fundamentals, VPN - Virtual Private Network, NAT - Network Address Translation
UNIT V
Network Configuration and Troubleshooting: Networking Introduction, LAN Switching, Wireless
Networking, Managing your network connections, Network Configuration and Troubleshooting: Layer
by Layer Troubleshooting with a Cisco Router, Router Troubleshooting at OSI Layers.
REFERENCE BOOKS:
1. D. E. Comer, Internetworking with TCP/IP, 2001, Pearson Education Asia,
2. Forouzan, Data Communications & Networking (SIE), 2009, Tata Mgraw Hill
3. Al Anderson, Head First Networking, 2009, Ryan Benedetti, Shroff/o'reilly
4. Craig Zacker, Networking: The Complete Reference, 2001, Tata Mgraw Hill
5. Balvir Singh, Networking, 2009, Firewall
-
7/27/2019 Appin Technology Lab (Network Security Courses )
6/21
APPIN TECHNOLOGY LABSECOND SEMESTER
VULNERABILITY ASSESSMENT & PENETRATION TESTING
UNIT I
INTRODUCTION: Important Technical Terms, Information Gathering, Scanning and fingerprintingVULNERABILITY ASSESSMENT: Vulnerabilities, Vulnerability Assessment, Approach to Data Security,
Protective Measures, Method
UNIT II
FOOTPRINTING: Introduction, VA - Right Tools To Protect Your Critical Data, Types of vulnerability
Assessment, The Challenges of Vulnerability Assessments, Appin Tool For Vulnerability Assessment,
Tools for VA
UNIT III
PENETRATION TESTING: Introduction and methodology, Types of Penetration Tests, Methodology
Penetration Testing Approach, Penetration Testing vs. Vulnerability Assessment
UNIT IV
IDENTIFYING THE VULNERABILITY: How Vulnerabilities Are Identified, Sample Penetration Testing
Report, Security services, Security Services Management Tools, Firewall
VULNERABILITY SCANNING: Scanning, Types of Vulnerability Scanning, Mannual Vulnerability Scanning,
Automated Vulnerability Scanning, An approach to vulnerability scanning
UNIT V
EXPLOITING VULNERABILITY: Password Cracking and Brute forcing, Denial of Service (DOS) Testing,
Penetration Testing Tools, Escalation of Privileges, ADVANCE EXPLOITS: Creating Backdoors, Gathering
remote shell automatically, Automatic VNC injection, Gathering Remote Desktop, Hash Dumping
REFERENCE BOOKS:
1. Thomas R. Peltier, John A. Blackley, Justin Peltier, Managing A Network Vulnerability
Assessment, Jan 2003, Auerbach Publications.
2. Ec-council, Security and Vulnerability Assessment [With Access Code], Apr 2010, Course
Technology.
3. Institute Of Civil Engineers, Of Civil E Institute of Civil, Penetration Testing, Dec 1989, American
Society Of Civil Engineers.
4. Alfred Basta, Wolf Halton , Computer Security And Penetration Testing, Aug 2007, Delmar
5. Frederic P. Miller, Agnes F. Vandome, John Mcbrewster, Penetration Test, Paperback,
Alphascript Publishing
-
7/27/2019 Appin Technology Lab (Network Security Courses )
7/21
APPIN TECHNOLOGY LABCYBER FORENSICS
UNIT I
CYBER FORENSIC: Basic of cyber Forensic, Introduction, Definition, Need Of Cyber Forensic, Principles
of cyber forensic, Cyber Crimes, Where and when do you use Cyber Forensics
UNIT II
CYBER INVESTIGATION METHODOLOGY: Introduction to Cyber Investigation, Investigation, Issues
involved in investigations, How to secure your investigations, Steps for cyber investigation,
Identification-documentation, Collection or extraction-documentation, Preservation-documentation,
Interpretation or analysis-documentation, Communication Procedures for Computer Evidence Seizure
UNIT III
CONCEPT OF FILE SYSTEMS AND HARD DISKS: Types of Hard Disk Interfaces, EFS Key, FAT vs. NTFS,
Windows Boot Process (XP/2003), and Windows based Forensic, Linux based Forensic, Basic Forensics
Tools.
DIGITAL EVIDENCES: What is Digital Evidences, How to identify digital evidence, How to treat digital
evidences, How to secure digital evidence, Evidence acquisition and Documentation, DATA IMAGINGAND IMAGING FORENSICS: Computer hard disk imaging, Terminology, Removable disks like pen drives,
CD/DVD, Removable hard disks, advanced techniques of data imaging, First Response Kit.
UNIT IV
RECOVERING OF DELETED FILES AND DELETED PARTITIONS: Recovering deleted files from computer,
Deleting Files, Files deleted into windows, Storage locations of recycle bin in NTFS and FAT system,
Recycle Bin Working, Damaged files in recycled folder, Recovering encrypted files (Decryption) e.g (MS
Office, Rar, etc.), Tools to recover deleted files, Recovering deleted files from Deleted Partition,
Recovering Deleted partitions, Deletion of partitions, Recovery of deleted partitions, Tools
UNIT V
NETWORK INTRUSION INVESTIGATION: Network Addressing Schemes, Sniffer, Tool: Tcpdump, Network
Sniffer, HTTP Sniffer, Ether Detect Packet Sniffer, Ethereal, IDS/IPS Log, Honey Pot Log, Honey Net Log
web application intrusion investigation: Types of Web Intrusions, SQL Injection Attack, Cross-Site
Scripting (XSS), Other Web Application Attack, Tools for Investigation, Case Studies and references
REFERENCE BOOKS:
1. Jerry Hatchett, Computer Forensics: A Real World Guide, Jul 2009, Auerbach Publications.
2. John R. Vacca, Computer Forensics: Computer Crime Scene Investigation, 2009, Firewall.
3. Linda Volonino, Reynaldo Anzaldua, Jana Godwin, Computer Forensics: Principles And Practices,
Aug 2006, Prentice Hall
4. Irons, Andersen, Laing, Computer Forensics, Cl Emea Higher EducationWarren G. Kruse, Jay G. Heiser, Computer Forensics: Incident Response Essentials, Sep 2001,
Addison-wesley Professional.
-
7/27/2019 Appin Technology Lab (Network Security Courses )
8/21
APPIN TECHNOLOGY LABDATA STRUCTURESUNIT-I
ARRAYS: Representation of single and multidimensional arrays; sparse arrays- lower and upper
triangular matrices and Tri-diagonal matrices,
UNIT-IISTACKS AND QUEUES: Introduction and primitive operations on stack; Stack application: Infix, postfix,
prefix expressions; Evaluation of postfix expression; Conversion from infix to postfix. Introduction and
primitive operation on queues, D-queues and priority queues.
UNIT-III
LISTS: Introduction to linked lists; Sequential and linked lists, operations such as traversal, insertion,
deletion, searching, Two way lists and Use of headers
Trees: Introduction and terminology; Traversal of binary trees; Recursive algorithms for tree operations
such as traversal, insertion, deletion;
UNIT-IVMULTILEVEL INDEXING AND B-TREES: Introduction: The invention of the B-tree; Statement of the
problem; Indexing with binary search trees; Multilevel indexing, a better approach to tree indexes; B-
trees: working up from the bottom; Example for creating a B-tree.
UNIT-V
SORTING TECHNIQUES: Insertion sort, selection sort, merge sort, heap sort.
Searching Techniques: linear search, binary search and hashing
REFERENCE BOOKS:
1. Lipschutz S, Data Structures (Special Indian Edition) (Schaum S Outline Series), 2008, Mcgraw-hillEducation (india) Ltd.
2. Yashavant Kanetkar, Written Test Questions In Data Structures, 2010-01-11, BPB Publications.
3. Debasis Samanta, Classic Data Structures, 2009, Phi Learning.
4. Alfred V. Aho, Jeffrey D. Ullman, John E. Hopcroft, Data Structures And Algorithms, 01/01/1983,Pearson.
5. Wirth, Niklaus, Algorithms + Data Structures = Programs2009, Phi Learning.
-
7/27/2019 Appin Technology Lab (Network Security Courses )
9/21
APPIN TECHNOLOGY LAB
CYBER LAWS IN BUSINESS GROWTH
UNIT I
INTRODUCTION: Consumers & Cyberspace, Cyber stalking, Terrorism and Cybercrime, Crime: Meaning
& Concept, Rights and liability, Offences
UNIT II
CYBER LAW - INTERNATIONAL PERSPECTIVE: US Federal Act, Importance of trust and security on cyber-
space, General Laws and Procedures, Overview of IT Law, Data Protection Act, UK, Privacy Law
FUNDAMENTALS OF CYBER LAWS: Jurisprudence of Cyber Law in Indian context, Cyber laws in India,
The main scope and development of cyber-laws enforcement mechanisms
UNIT III
E-COMMERCE & E-GOVERNANCE ROLE: E-commerce, Introduction, Features, E- Governance, Cyber law
Issues, E-Business Management, Impediments in Implementing E-Governance Projects from Legal
Perspective, E- Courts, E-Contract, The Law of Contract, Construction of Electronic contracts, Issues of
security, Digital Signatures and certificates, Digital evidence
UNIT IV
CYBER CRIME AND DIGITAL EVIDENCETHE INDIAN PERSPECTIVE: The Information Technology Act,
2000, Introduction & application, Penalties & Offences, IT act 2008(Amendments), The Reserve Bank of
India Act, 1934, Cyber Theft and the Indian Telegraph Act, 1885, Negotiable Instrument Act, 1881
UNIT V
INTELLECTUAL PROPERTY ISSUES IN CYBER SPACE: IP Infringement, Copyright and Patent, Cyber
Squatting, Copyright on Web Content, Copyright on Software, Patent Issues in Cyber Space, ISSUES:
COMPLIANCE AND STANDARDIZATION: Issues in IT Industry, Cyber Law for Information Security in IT
industries, Cyber Ethics, CASE STUDIES: Latest Cyber crime cases, Need for Taking Steps Ahead,
Summary
REFERENCE BOOKS:
1. Tabraz Ahmad, Cyber Laws E-Commerce and M-Commerce, 2009, Aph Publishing Corporation.
2. Yatindra Singh, Cyber Laws, 2003, Universal Law Publishing Co. P Ltd.
3. L K Thakur, Asit Narayan, Internet Marketing, E-Commerce and Cyber Laws, 2000, Authorspress.
4. C K Punia, Cyber Laws, 2009, Sumit Enterprises
5. V. D. Dudeja, Information Technology And Cyber Laws, 2001, Commonwealth Publishers
-
7/27/2019 Appin Technology Lab (Network Security Courses )
10/21
APPIN TECHNOLOGY LABCOMPUTER AND INTERNET FUNDAMENTALS FOR MANAGERSUNIT I
THE ESSENTIALS: Computer Overview, the Front of a Computer and Peripheral Devices, the Inside of a
Computer, the Back of a Computer (Ports), System Bus and Expansion Cards, Memory Cache
UNIT IICOMPUTER PERFORMANCE: Understanding Hardware, Central Processing Unit (CPU) Memory, Printer
Basics, Types of Printers, Input/output Devices Exploring the Internet Introduction to the Internet.
UNIT III
CONNECTING TO THE INTERNET: Displaying a Specific Web Page, Browse the Web, Search the Web,
Adding a Web Page to Favorites and Changing your Home Page, Displaying a History of Visited Web
Pages Saving Pictures and Files to Disk (Downloading).
UNIT IV
HARDWARE: Computer hardware, fundamentals, parts, some components of hardware in details,
output/input devices, computer components, etc.
UNIT V
INTRODUCTION TO E-MAIL: Composing and Sending E-mail, Adding a Name to the Address Book,
Receiving E-mail, Replying to a Message, Forwarding and Deleting a Message.
REFERENCE BOOKS:
1. Sinha , Computer Fundamentals -4th Edition, 2003, Bpb.2. Shovan Lal Kundu, Foundation Of Programming With BASIC & Computer Fundamentals, 2001,
Macmillan Publishers India3.
Rohit Khurana, Computer Fundamentals and Internet Basics, 2010.
4. Computer Fundamentals And Information TechnologyRamesh Bangia, 2008, Firewall
5. Ms. S. N. Akhter, Computer Fundamentals (Concepts Systems Applications) Publishing Date:
2007, Shree Niwas Publications.
-
7/27/2019 Appin Technology Lab (Network Security Courses )
11/21
APPIN TECHNOLOGY LABTHIRD SEMESTER
DATA SECURITY IN BUSINESSUNIT I
Introduction: Overview, Data Security Management, Characteristics Of Access Security In The System,Data Security Issues And Solutions
UNIT II
Data Backup: Introduction, Data Backup Strategies
UNIT III
Cryptography: Cryptography, Strength Of The Cryptography, Goals Of Cryptography, Some Technical
Terms, Types Of Cipher Text, Types Of Cryptography,
UNIT IV
Data Encryption Standard (Des), Idea: International Data Encryption Algorithm, AsymmetricCryptography, Rsa Algorithm, Hash Functions, Digital Signatures, Digital Certification
UNIT V
Stagenography: Overview, How Does It Work?Steganography In Images, Steganography In Audio,
Genetic Algorithm Approach, Steganography In Video
REFERENCE BOOKS:
1. Paulus R. Wayleith, Data Security: Laws and Safeguards, 2008, Nova Science Publishers Inc.
2. LIC Books, Data Security: Information Security, Biometric Passport, Backup, Database Audit, Data
Remanence, Firewall, Drivesavers, Data Erasure, May 2010, Books Llc
3. Terry Bernstein, Anish B. Bhimani, Eugene Schultz, Carol A. Siegel, Internet Security For Business,
1996-07-23, John Wiley & Sons
4. Ivan B. Damgard, Lectures On Data Security: Modern Cryptology In Theory And Practice,Apr
1999, Springer-verlag.
5. Rita Tehan, Data Security Breaches: Context And Incident Summaries, Aug 2008, Nova Science
Publishers.
-
7/27/2019 Appin Technology Lab (Network Security Courses )
12/21
APPIN TECHNOLOGY LABWEB SECURITY
UNIT I
LAN SECURITY: Introduction to LAN, Why LAN Security is Important, LAN/WAN Components, Topology,
Protocols, Threats of LAN, Inappropriate Access to LAN Resources, Disclosure of Data, Unauthorized
Modification of Data and Software, Disclosure of LAN Traffic.
UNIT II
NETWORK SCANNING: Network Scanners, Types of Scanning, Scanning Methodology, Spoofing of LAN
Traffic, Disruption of LAN Functions, Security Services and Mechanisms, Intruding MAC Address.
FIREWALL SECURITY: Firewalls, Why Firewall, Working of firewall, Types of Firewall, Applications of
Firewall, Advantages and Disadvantages of Firewall.
UNIT III
INTERNET SECURITY: Introduction, Security Intrusions and Security Properties, Threats Faced on
Internet, Introduction to IP Addresses, Finding IP Address of a Remote System, Proxy Servers: Hiding
Your Identity: Anonymous Surfing, Proxy Server, Why Proxying?, Working of Proxy Server, Advantages of
Proxying, Disadvantage of Proxying, What is a SOCKS proxy server?
UNIT IV
E-MAIL SECURITY:Introduction, History of E-mail, Email addresses, How E-mail Works?, Various
Mail Servers, E-mail Protocols.
EMAIL TRACING AND SPAMMING: Analysis of Email Headers, Email Tracking, IP Tracking using Email,
Spamming, Ways to Prevent Spam, How to steal Data from an E-mail?
UNIT V
EMAIL EXCHANGE SERVER SECURITY: E-mail Exchange Server Security, Virus Protection, RPC over HTTP,
Protecting front-end Servers, Keep Exchange Server up-to-date, Cyber Laws Regarding Spamming,
Security Policies.
REFERENCE BOOKS:
1. Komunte Mary, Web Security, Prof Venansius Baryamureeba , Jul 2010, Lap Lambert Academic
Publishing.
2. Web Security Exploits: Trojan Horse, Cross-Site Scripting, Session Fixation, Idn Homograph
Attack, Cross-Site Request Forgery, Clickjacking, Llc Books, May 2010, Books Llc
3. Testing Web Security: Assessing The Security Of Web Sites And Applications, Steven Splaine,
October 2002, John Wiley & Sons.
4. Elfriede A. Dustin, Jeff Rashka, Douglas Mcdiarmid, Quality Web Systems: Performance, Security,
And Usability, Aug 2001, Addison-wesley Professional.
5. Rickland Hollar, Richard Murphy, Enterprise Web Services Security, 2006, Shroff/charles RiverMedia.
-
7/27/2019 Appin Technology Lab (Network Security Courses )
13/21
APPIN TECHNOLOGY LABNETWORK SECURITY
UNIT I
MOBILE SECURITY: what is mobile? Architecture of Mobile Communication, Mobile Generation,
Technology of Mobile Communication, Mobile Phone Standards, Protocols used in Mobile, SIM, Mobile
Safeguards and Solutions
UNIT II
VOICE OVER INTERNET PROTOCOL: Definition & Trends, Services, Types of VOIP, Components of VOIP,
IP telephony & IP Paging, Protocols and Acronyms, Reasons for VOIP, Problems in VOIP, SKYPE, VOIP
Security Scenario, How do we secure VOIP? VIRTUAL PRIVATE NETWORK SECURITY: Introduction to VPN,
Application & Requirements of VPN, VPN types, Open VPN, Models of VPN, IPSEC VPN.
UNIT III
WIRELESS LAN: Introduction, Basics of wireless LAN, Antennas, Access Point Positioning, Rogue Access
Point, Wired Equivalent Privacy, DOS attack, Man in Middle ATTACK (MITM), Tools, Wireless Intrusion
Detection, Open Source Scanning Software, ROUTER BASICS: What is a router? Static and dynamic
routing, Work to Router, Keeping the Messages Moving, Directing Traffic, Transmitting Packets.ROUTER SECURITY: Understanding the protocols, Tracing the message, Denial of service attack,
Configuration of Router, Protocols on a Router, RFC 1483, Handshake Protocols, NAT (Network Address
Translation), NAPT Services, ADSL Details, Trouble Shooting, Routing Table Problems, Various types of
Intrusion, Securing the Routers.
UNIT IV
INTRUSION DETECTION AND PREVENTION: Introduction, Intrusion, Detection and Prevention, IDS,
NEED of IDS, Components, types, What is not an IDS? Detection Methodologies, Various tools available,
Limitations of IDS, intrusion prevention system, types, network based IPS, Counter Measures taken by
an IPS, Risks involved.
UNIT V
ACCESS CONTROL SYSTEM: Introduction: What is Access Control, Access Control in Physical Security,
Access Control in Information Security, Need of an Access Control System, Some Concepts Related to
Access Control, Policies, Models, and Mechanisms, Discretionary Access CONTROL (DAC), Non-
Discretionary Access Control, Mandatory Access Control (MAC), Role-Based Access Control.
REFERENCE BOOKS:
1. Roberta Bragg, Network Security: The Complete Reference, 2004, Tata Mgraw Hill.
2. Shaffer, Simon, Network Security, 1994, Academic Press.
3. Nitesh Dhanjani, Network Security Tools, Justin Clarke, 2005, Shroff/o'reilly.
4. Andrew Lockhart, Network Security Hacks, 2004, Shroff/o'reilly.5. Venkataram, Wireless And Mobile Network Security, Mcgraw-hill (tmh).
-
7/27/2019 Appin Technology Lab (Network Security Courses )
14/21
APPIN TECHNOLOGY LABDESKTOP AND SERVER SECURITY
UNIT I
DESKTOP & SERVER SECURITY: Introduction, What Is Registry?, Registry Editing, Backups And Recovery,
Policy, .Ini File Virtualization
UNIT II
WINDOWS 9X OPERATING SYSTEMS: Steps to Create Registry Values, Some Of The Examples To Change
The Registry Default Settings, NT Security, Security Architecture Components
UNIT III
INTRODUCTION TO SECURING IN NT BOX: Backups, Windows Vulnerabilities And Threats, How To
Determine If You Are At Risk? Use Any Vulnerability Scanner,
UNIT IV
How To Protect Against The Windows Services Vulnerabilities, LINUX SECURITY: Introduction: Linux
Based, Benefits Of Linux, How Secure Should My Linux Be?
UNIT V
How To Set Up A Firewall Under Linux?, Windows Vs. Linux Design, Realistic Security And Severity
Metrics, Cert Vulnerability Notes Database Results
REFERENCE BOOKS:
1. Mike Danseglio, Securing Windows Server 2003, 2005, Shroff/o'reilly.
2. Mike Danseglio, Robbie Allen, Windows Server 2003 Security Cookbook, 2006, Shroff/o'reilly
3. Michael A. Caloyannides, Desktop Witness: The Do's And Don'ts Of Personal Computer Security,
Jul 2002, John Wiley & Sons
4. Roger A. Grimes, PROFESSIONAL WINDOWS DESKTOP & SERVER HARDENING, June 2006Wiley India Pvt Ltd
5. Ann-marie Kishel, Sheila Rivera, Server, Jan 2007, Lerner Classroom
-
7/27/2019 Appin Technology Lab (Network Security Courses )
15/21
APPIN TECHNOLOGY LABPROTECTION FROM HACKING ATTACKS
UNIT I
MALWARES: Introduction to Malwares, Types Of Malwares, Installing Bots On Target Machines,
Attacking Methods, Working Of Bots, Malware Detection Technique. Counter measures.
UNIT II
NETWORK INTRUSION: Introduction To Intrusion, Types of Intrusions, Non-Technical Intrusion,
Technical intrusion, Backtrack, live examples, tools, intrusion tricks.
UNIT III
BACKDOORS: Backdoors, Root kits, glossary, malware glossary, more to backdoors.
UNIT IV
ART OF GOOGLING: Introduction, The Google Toolbar, Searching Techniques, Directory Listing,
More to googling, Google intruding tricks.
UNIT V
ADVANCES INTRUSION: Locating Cgi-Bin, Camera Intruding, Some Tricks, More Tricks, live
images, tools.
REFERENCE BOOKS:
1. Mcclure, Web Hacking: Attacks & Defects, 01/01/2003, Dorling Kindersley India.2. Andrew Whitaker, Keatron Evans, Jack Voth, Chained Exploits: Advanced Hacking Attacks from
Start to Finish, Nov 2008, Addison-wesley Professiona.
3. John Chirillo, Hack Attacks Revealed: A Complete Reference With Custom Security HackingToolkit, 2001-04-05, John Wiley & Sons.
4. Himanshu Dwivedi, Hacking VoIP: Protocols, Attacks, And Countermeasures, Oct 2008, NoStarch Press.
5. Ec-council, Ec-council, Ethical Hacking And Countermeasures: Attack Phases, Sep 2009, CourseTechnology.
-
7/27/2019 Appin Technology Lab (Network Security Courses )
16/21
APPIN TECHNOLOGY LABFOURTH SEMESTER
INFORMATION MANAGEMENT SYSTEM
UNIT I
INTRODUCTION TO INFORMATION SECURITY AUDITING: ISO 27001, History of ISO 27001, Standardsand International Organization for Standardization, BS7799 / ISO 1799, ISO 27001, Domain of BS 7799-1,
Improvement in ISO 27001 over BS 7799, Control objective and controls in ISO 27001, Selection and
Implementation of Controls, Developing and Adopting Policies, Mandatory requirements, Information
security management system, Management responsibility, Management Review of the ISMS.
UNIT II
MANAGING SECURITY AWARENESS: ISMS, ISMS implementation, Management security, Managing
Security Awareness, Need for Security Management, Impact of a sound Security Management System,
and Security awareness usually fails, WHY? ISO 27001 certification, Role of auditors, Marketing ISO
27001 to Senior Management, Preparing for Certification, Compliance accreditation and certification.
UNIT IIIRISK ASSESSMENT, BUSINESS CONTINITY: What is Risk, What is Risk Assessment, Kind of Risk, Stage of
Risk Assessment, Approaches to Risk Assessment, Qualitative Risk Assessment, Quantitative Risk
Assessment, Popular methodologies for Risk Assessment, Business continuity. DISASTER MANAGEMENT
SYSTEM: Disasters, Types of Disasters, Local site disasters, Site disaster - encompass the whole building,
Area disaster - cover the whole area/vicinity, On the basis of the cause of origin, Elements of a good
Business Continuity Plan, Building a Business Continuity Plan, Assess Business Requirements, Identify the
IT requirements, Building the Backup/recovery solution.
UNIT IV
ISMS AUDITS AND METHODOLOGY: Audit concepts, Audit fundamentals, Audit management standard,
Types of Audits, Audit planning, Audit Execution, Audit reporting, Audit follow-up, SECURITY
MANAGEMENT PRACTICES AND FRAMEWORK: Security Management Practices, The Big Three: CIA,
Security Management Practices, Identification of Assets, Determining Value of Assets, Threats on Assets
RISK MANAGEMENT: Risk Identification, Principles of Risk Management, Safeguard Selection, Data
Classification, Classification Criteria, Information Classification Procedure Assets Protection.
UNIT V
SECURITY FRAMEWORKS: What is Security, Adequate Security? What is required for Adequate Security?
Aspects of Security, Framework 1: Defense in Depth (DID) Secure Environment, Framework 2: OCTAVE,
Framework 3: Security Risk Analysis, Framework 4: Threat Modeling, Stride, Dread
REFERENCE BOOKS:
1. R. G. Murdick, J. E. Ross and J. R. Clagget, Information Systems for Modern Management, 3rdEdition by, PHI 1994.
2. Parker, Charles Case, Thomas, Management Information System: Strategy & Action, 2nd
Edition, TMH, 1993.
3. Thitima Pitinanondha, Operational Risk Management Systems, Mar 2010, Vdm Verlag Dr. Muller
Aktiengesellschaft.
4. Gurpreet Dhillon, Managing Information Systems Security, 1997, Palgrave Macmillan.
5. Mahadeo Jaiswal, Management Information Systems, 2004-07-15, Oxford.
-
7/27/2019 Appin Technology Lab (Network Security Courses )
17/21
APPIN TECHNOLOGY LABSECURED PROGRAMMING
UNIT I
SECURE PROGRAMMING CONCEPTS AND PRINCIPLES: Designing for security, Threat modeling,
decompose a system, develop and use Threat Trees, Efforts for protecting information, Why deploying
redundant security measures is appropriate, Planning of code failure in a secure manner, Executing code
with minimum rights, Does security though hiding implementation details work, Remaining alert andstaying aware.
UNIT II
SECURE PROGRAMMING ISSUES AND TECHNIQUES: Implementing authentication username/password,
biometrics, Digital Certificates, Commonly used systems such as X.509 Certificate Authentication,
Kerberos, Microsoft Passport, Authorization, Using Access Control Lists (ACLs), Implementing encryption,
Using auditing in applications, Denial of service and techniques for increasing availability, Spoofing
Identity, Tempering With Data, Repudiation, Information Disclosure, Denial of Service.
UNIT III
COMMON METHODS OF ATTACK AND HOW TO PREVENT THEM: Buffer overflows, protecting against
buffer overflows, avoiding dangerous calls, Malicious input, Input issues and trust boundaries, Raceconditions, Avoiding deadlocks, Avoiding TOCTOU (Time of Change/Time of Use) race conditions,
Remedies, Spoofing, Spoofing types and defenses.
UNIT IV
SECURITY TESTING: Fundamental differences from functional testing, The most common security flaws,
Using code coverage as a metric, Using threat coverage as a metric, How to assess the vulnerability of
your system, How to assess the vulnerability of your own code, How to assess the vulnerability of
commercial products such as databases, communication packages, server software, operating systems.
UNIT V
C SECURED PROGRAMMING: Introduction, General Types of intrusions can be possible, Architectural
Principle, Design Ideas, Language Specific Tips, C++ SECURED PROGRAMMING: Introduction, GeneralTypes of intrusion can be possible, Architectural Principle, Design Ideas, Language Specific Tips, and
Source Level Security Auditing Tools, Physical threats, Electronic threats, The Threat Equation, Handling
risks in software.
REFERENCE BOOKS:
1. Brian Chess, Jacob West, Secure Programming with Static Analysis, 2007, Addison-wesley
Professional.
2. Jon Viega, Matt Messier, Zachary Girouard, Secure Programming Cookbook for C and C++, Jul
2003, O'reilly Media.
3. Wei Hu , DCE Security Programming, 1995, O*reilly & Associates, Incorporated.
4. J. Vitek, C. Damsgaard Jensen, Secure Internet Programming: Security Issues, Jul 1999, Springer-verlag Berlin And Heidelberg Gmbh.
5. Alpay Doruk, Security Review Program Requirements For Intrusion Management Systems, Lap
Lambert Academic Publishing
-
7/27/2019 Appin Technology Lab (Network Security Courses )
18/21
APPIN TECHNOLOGY LABDATABASE MANAGEMENT SYSTEM (DBMS)
UNIT I
Introduction: DBMS Definition Continuation, Database, Management concepts and systems, Database
Languages, DLL, Data Independence, Advantages and Disadvantages.
UNIT II
Entity Relationship Model: ER diagrams, Relationship sets, Degree, Attributes,Concepts of Entity,Relationship, Types, and Roles, Cardinality Constraints, Aggregation,
UNIT III
Indexing & hashing: Basic concept, Ordered Indices, Index Files, Static Hashing, Hash Functions,
Dynamic Hashing,
UNIT IV
Relational Data Model: Terminology, Set operations, union and join,
SQL (Structural Query Language): SQL, Sql database-table, functions, Relational Database Design by ER-and EER-to-Relational Mapping, Mapping EER Model to Relations,
UNIT V
Data Normalization: Normalization and its process, The Raw Database, Data Redundancy, The Normal
Forms, Transaction: Transaction concepts, ACID Properties, Transaction State, Schedules, Concurrency
Control: Lock Conversions, Lock Table , Multiple Granularity, Deadlock Recovery, Recovery Techniques,
Data Access, Deferred Database Modification
REFERENCE BOOKS:
1. R. Elmarsi and SB Navathe, Fundamentals of Database Systems, Addison Wesley, 4th Ed., 20042. Abraham Silberschatz, Henry Korth, S. Sudarshan, Database Systems Concepts, 4th Edition,
McGraw Hill, 1997.
3. Jim Melton, Alan Simon, Understanding the new SQL: A complete Guide, Morgan Kaufmann
Publishers, 1993.
4. A. K. Majumdar, P. Battacharya, Data Base Management Systems, TMH, 1996.
5. Bipin Desai, An Introduction to database Systems, Galgotia Publications, 1991.
-
7/27/2019 Appin Technology Lab (Network Security Courses )
19/21
APPIN TECHNOLOGY LABPROJECT WORK
Student is required to undertake a Project Work at Ist Semester of online MBA and to prepare and
submit a project report as a fulfillment of the course.
Selection of Project Topic (Title):- Student has to identify and define topic of the project in the specific subject of Course. The project work should be conducted individually by field work in any
organization/market/library relevant to the topic.
The project work can be based on primary or secondary information and data. The project report should be presented in approximately 150-200 pages and should be
approved by the guiding teacher.
Guiding faculty:-The student should approach to any teaching faculty of MBA for approval and decide the title of
the project in consultation with guiding teacher. A form prescribed for the project work duly
filled should be submitted to Appin and registration should be obtained.
Weightage of marks:-The project work carries total weightage of 6 credits out of which, the report carries the
weightage of 2 credits and Presentation and project done carries the weightage of 4 credits.
It is compulsory for each participant to prepare project report in consultation and under the able
guidance of Project Guide/Supervisor and submit copy of Outline of Project Proposal in specified form
(Enclosed herewith) duly signed by you and your Guide to the Appin office.
Your outline of Project Proposal should clearly state following:
A Brief Conceptual introduction of the Project work. Objectives of the Project work Sources of information Structure of the Project work Significance of the Project work
Key points in Submission of Project Report:
The Project report should be submitted in A-4 size (29-20cm) in a bound volume and also onecopy to be uploaded online on the students account.
The length of the Project report shall be about 60 to 75 double spaced computerized print outpages.
The Font Size shall be preferably of 12 or 11 and in Times Roman Letters.
You need to submit only two hard and also a soft copy (CD) of Project Report
The project report must include certificate of originality of the work carrying that the workundertaken by him/her is an original one and has not been submitted earlier either to this
University or to any other institution for fulfillment of the requirement of a course of study that
is to be signed and approved by Project Guide/Supervisor and to be countersigned by you.
The Project Report once submitted will not be returned to the student. The Project Report should be submitted before the given deadline.
PROFORMA FOR APPROVAL OF TOPIC OF PROJECT REPORT SUBMISSION
-
7/27/2019 Appin Technology Lab (Network Security Courses )
20/21
APPIN TECHNOLOGY LAB
Name: ______________________________________________________________________
Roll No. ____________
Address for Communication:
____________________________________________________________________________
____________________________________________________________________________
____________________________________________________________________________
Contact No: (R) ____________ (M) ______________
Email: ______________________________________
TITLE OF THE PROJECT:________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
(Note: Attach a Brief outl ine duly signed by you and Guid e without fai l)
Name of Project Guide: ________________________________________________________Note: Your Guide should be faculty memb er for the course.
Educational Qualifications (in Brief)____________________________________________________________________________
Whether your Project Guide is Employed (if yes please Answer Following)Designation: ________________________ Contact No. (s)______________________
Office Address:________________________________________________________________________________________________________________________________________________________
________________________________________________________________________________________________________________________________________________________
Date: (Signature of Guide) (Signature of Student)
-
7/27/2019 Appin Technology Lab (Network Security Courses )
21/21
APPIN TECHNOLOGY LABPOSSIBLE WAYS OF UNDERTAKING A PROJECT WORK:
A Comprehensive organizational Case Study of an Organization: Based on Field WorkOrganization, Company, Firm, Market & Library, security concerns of a firm.
She/he May Focus on Problem Formulation, Analysis & Recommendations. An Inter-organizational Study on Management Practices, security practices. She/he can carry out An Exploratory Study of Market/Organizations Based On Primary Information/Secondary Data, etc. The Project Work Based On Secondary Data & Information Supported With Field Work In A Fairly Big Organization, Company, Firm, Market, and Library. She/he May Undergo a Training in an Organization, Company, Firm as the case may be. The Project Work Can Be Based On Primary Data On A Chosen Topic.
A BRIEF ABOUT HOW TO PREPARE PROPOSAL:
Introduction Review of Literature Objectives of the Project Research Design Research Methodology
(1) Sources of Information
(i) Secondary Data
(ii) Primary Data
(2) Research Tool
(3) Sampling Decisions
(i) Sampling units
(ii) A Representative Sample
(iii) Sampling Size
(iv) Sampling Method
(4) Data Analysis and Interpretation
Significance of the Study Relevance of the Study (consider its need to the present day problems and society as well as
country)
Contribution to Knowledge Limitations of the Study Selected References