
2/21

APPIN TECHNOLOGY LABFIRST SEMESTER

INTRODUCTION TO INFORMATION SECURITY

UNIT I

Introduction: Introduction to Data, Information, Knowledge, and Intelligence, Operating System Basics,DBMS Basics, Data Communication Basics, Basics of Computer networking, OSI model, TCP/IP protocol

suit, Networking devices. Security and its need, Cyber Threats.

UNIT II

Desktop & Server Security: Windows Security, Registries, Ports and Services, Vulnerabilities in Windows,

Intrusion into Windows, Counter Measure & Securing Windows, How to look for vulnerability? Deleted

file recovery, Introduction to LINUX.

UNIT III

Malwares: Malwares, VIRUS & Worm, Spy ware, Trojan, Bots, Logic Bomb, Counter Measures- Ant

viruses, Anti Spy Ware

UNIT IV

LAN Security: LAN Security, Setting up a LAN Network, Threats of LAN, Intruding MAC Address, Network

Scanners, Introduction to Wi-Fi LAN Security.

Firewall Security: Introduction to Firewalls, Working of a Firewall, Types of Firewall, Firewall

Application, Network Address Translation, Intrusion Detection, Logging, Port Filtering

UNIT V

Art of Googling: Terminologies, Basic Search Techniques, Advanced Search Techniques, Data Backup:

Introduction, Various Data Backup Strategies.

REFERENCE BOOKS:

1. Edward Halibozek, Robert Fischer, Introduction To Security, Author:, Apr 2008, David Walters,

Butterworth-heinemann.

2. Philip P. Purpura, Security: An Introduction, Mar 2010, Crc Press.

3. Khare, Information Security, 2006-10-01, Bpb.

4. Mark Merkow, James Breithaupt; Information Security : Principles And Practices, 01/01/2007,

Pearson

5. Niit, Information Security: An Overview, 2004, Phi Learning Pvt. Ltd


3/21

APPIN TECHNOLOGY LABOPERATING SYSTEMS AND BUSINESS PROCESSING

UNIT I

Introduction, What is an Operating System, Simple Batch Systems, Multiprogrammed Batches systems,

Time-Sharing Systems, Personal-computer systems, Parallel systems, Distributed Systems, Real-Time

Systems.

UNIT II

Memory Management: Background, Logical versus Physical Address space, swapping, Contiguous

allocation, Paging, Segmentation

Virtual Memory: Demand Paging, Page Replacement, Page-replacement Algorithms, Performance of

Demand Paging, Allocation of Frames, Thrashing, Other Considerations

UNIT III

Processes: Process Concept, Process Scheduling, Operation on Processes CPU Scheduling: Basic

Concepts, Scheduling Criteria, Scheduling Algorithms, Multiple-Processor Scheduling, Process

Synchronization: Background, The Critical-Section Problem, Synchronization Hardware, Semaphores,

Classical Problems of Synchronization

UNIT IV

Deadlocks: System Model, Deadlock Characterization, Methods for Handling Deadlocks, Deadlock

Prevention, Deadlock Avoidance, Deadlock Detection, Recovery from Deadlock,

Device Management: Techniques for Device Management, Dedicated Devices, Shared Devices, Virtual

Devices; Input or Output Devices, Storage Devices, Buffering, Secondary-Storage Structure: Disk

Structure, Disk Scheduling, Disk Management, Swap-Space Management, Disk Reliability

UNIT V

Information Management: Introduction, A Simple File System, General Model of a File System, Symbolic

File System, Basic File System, Access Control Verification, Logical File System, Physical File System File

System Interface: File Concept, Access Methods, Directory Structure, Protection, And Consistency

Semantics File-System Implementation: File-System Structure, Allocation Methods, And Free-Space

Management

REFERENCE BOOKS:

1. Silbersachatz and Galvin, Operating System Concepts, Pearson, 5th Ed., 2001

2. Madnick E., Donovan J., Operating Systems, Tata McGraw Hill, 2001

3. Tannenbaum, Operating Systems, PHI, 4th Edition, 2000

4. Shubhi Lall, Franklin S, Operating Systems & Business Data Processing, 2005, University Book

House (p) Ltd.

5. Silberschatz, Galvin, Gagne, Operating System Concepts,8Th Ed, International Student Version,2010, Wiley India Pvt Ltd


4/21

APPIN TECHNOLOGY LABC/C++ PROGRAMMING

UNIT I

C basics: C character set, Identifiers and keywords, Data types, constants, variables and arrays,

declarations, expressions statements, symbolic constants, compound statements, arithmetic operators,

unary operators, relational and logical operators, assignment operators, conditional operators, bit

operators. C constructs, loops, switch statement, nested control statement, break operator, continue

operator, comma operator, goto statement.

UNITII

C Functions: declaration, definition & scope, recursion, call by value, call by reference.

Storage Classes: automatic, external (global), static & registers. Arrays, pointers, array & pointer

relationship, pointer arithmetic, dynamic memory allocation, pointer to arrays, array of pointers,

pointers to functions, array of pointers to functions, Preprocessor directives. Structures: Structures,

unions, structure passing to functions, bit fields, file handling [text (ascii), binary], Standard library

functions from stdio.h, stdlib.h, conio.h, ctype.h, math.h, string.h, process.h

UNITIIIIntroduction: Object-Oriented Approach, Relating to other paradigms (functional, data decomposition).

Basic terms and ideas: Abstraction, Encapsulation, Inheritance, Polymorphism, Difference between C

and C++ - cin, cout, new, delete operators.

Classes and Objects: Encapsulation, information hiding, abstract data types, Object & classes, attributes,

methods, C++ class declaration, State identity and behavior of an object, Constructors and destructors,

instantiation of objects, Default parameter value, object types, C++ garbage collection, dynamic memory

allocation, Metaclass/abstract classes.

UNITIV

Inheritance and Polymorphism: Inheritance, multiple inheritance , Class hierarchy, derivation public,

private & protected, Aggregation, composition vs classification hierarchies, Polymorphism,

Categorization of polymorphism techniques, Polymorphism by parameter, Operator overloading,

Parametric polymorphism.

UNITV

Generic function template function, function name overloading. STL(Standard Template Library) . Files

and Exception Handling: Persistant objects, Streams and files, Namespaces, Exception handling, Generic

Classes.

REFERENCE BOOKS:

1. E. BalaGuruswamy, Programming in ANSI C, TMH, Latest Edition.

2. Al Kelly and Ira Pohl, A Book on C, (4th Ed.), Addison Wesley, Latest Edition.3. B. Kernighan and D. Ritchie, The ANSI C Programming Language, 2000, PHI.

4. Steven C. Lawlor, The Art of Programming Computer Science with C++, Vikas Publication.

5. Schildt Herbert, C++: The Complete Reference, 4th Ed., 1999, Tata McGraw Hill.


5/21

APPIN TECHNOLOGY LABNETWORKING

UNIT I

Devices: Repeaters, bridges, gateways, routers, The Network Layer, Design Issues, Routing Algorithms,

Congestion Control Algorithms, Quality of Service, Internetworking, Network-Layer in the Internet.

Transport and Upper Layers in OSI Model: Transport layer functions, connection management,

Functions of session layers, Presentation layer, and Application layer.

UNIT II

The Internet Protocol (IP): Introduction to IP, IP Packet Format, IP Address Classes, Transmission Control

Protocol, Subnetting & CIDR

IP Routing: Introduction to hardware & software related to IP routing, Routing information Protocol,

Enhanced Interior Routing Protocol, Open Shortest Path First

UNIT III

Switching & Bridging: Introduction of Switching & Bridging, STP & LAN Switch Types, VLAN - Virtual LAN,

Flexibility and Scalability

UNIT IV

Wide Area Network: Understanding WAN fundamentals, Understanding Tunneling Protocol & Frame-

Relay Fundamentals, VPN - Virtual Private Network, NAT - Network Address Translation

UNIT V

Network Configuration and Troubleshooting: Networking Introduction, LAN Switching, Wireless

Networking, Managing your network connections, Network Configuration and Troubleshooting: Layer

by Layer Troubleshooting with a Cisco Router, Router Troubleshooting at OSI Layers.

REFERENCE BOOKS:

1. D. E. Comer, Internetworking with TCP/IP, 2001, Pearson Education Asia,

2. Forouzan, Data Communications & Networking (SIE), 2009, Tata Mgraw Hill

3. Al Anderson, Head First Networking, 2009, Ryan Benedetti, Shroff/o'reilly

4. Craig Zacker, Networking: The Complete Reference, 2001, Tata Mgraw Hill

5. Balvir Singh, Networking, 2009, Firewall


6/21

APPIN TECHNOLOGY LABSECOND SEMESTER

VULNERABILITY ASSESSMENT & PENETRATION TESTING

UNIT I

INTRODUCTION: Important Technical Terms, Information Gathering, Scanning and fingerprintingVULNERABILITY ASSESSMENT: Vulnerabilities, Vulnerability Assessment, Approach to Data Security,

Protective Measures, Method

UNIT II

FOOTPRINTING: Introduction, VA - Right Tools To Protect Your Critical Data, Types of vulnerability

Assessment, The Challenges of Vulnerability Assessments, Appin Tool For Vulnerability Assessment,

Tools for VA

UNIT III

PENETRATION TESTING: Introduction and methodology, Types of Penetration Tests, Methodology

Penetration Testing Approach, Penetration Testing vs. Vulnerability Assessment

UNIT IV

IDENTIFYING THE VULNERABILITY: How Vulnerabilities Are Identified, Sample Penetration Testing

Report, Security services, Security Services Management Tools, Firewall

VULNERABILITY SCANNING: Scanning, Types of Vulnerability Scanning, Mannual Vulnerability Scanning,

Automated Vulnerability Scanning, An approach to vulnerability scanning

UNIT V

EXPLOITING VULNERABILITY: Password Cracking and Brute forcing, Denial of Service (DOS) Testing,

Penetration Testing Tools, Escalation of Privileges, ADVANCE EXPLOITS: Creating Backdoors, Gathering

remote shell automatically, Automatic VNC injection, Gathering Remote Desktop, Hash Dumping

REFERENCE BOOKS:

1. Thomas R. Peltier, John A. Blackley, Justin Peltier, Managing A Network Vulnerability

Assessment, Jan 2003, Auerbach Publications.

2. Ec-council, Security and Vulnerability Assessment [With Access Code], Apr 2010, Course

Technology.

3. Institute Of Civil Engineers, Of Civil E Institute of Civil, Penetration Testing, Dec 1989, American

Society Of Civil Engineers.

4. Alfred Basta, Wolf Halton , Computer Security And Penetration Testing, Aug 2007, Delmar

5. Frederic P. Miller, Agnes F. Vandome, John Mcbrewster, Penetration Test, Paperback,

Alphascript Publishing


7/21

APPIN TECHNOLOGY LABCYBER FORENSICS

UNIT I

CYBER FORENSIC: Basic of cyber Forensic, Introduction, Definition, Need Of Cyber Forensic, Principles

of cyber forensic, Cyber Crimes, Where and when do you use Cyber Forensics

UNIT II

CYBER INVESTIGATION METHODOLOGY: Introduction to Cyber Investigation, Investigation, Issues

involved in investigations, How to secure your investigations, Steps for cyber investigation,

Identification-documentation, Collection or extraction-documentation, Preservation-documentation,

Interpretation or analysis-documentation, Communication Procedures for Computer Evidence Seizure

UNIT III

CONCEPT OF FILE SYSTEMS AND HARD DISKS: Types of Hard Disk Interfaces, EFS Key, FAT vs. NTFS,

Windows Boot Process (XP/2003), and Windows based Forensic, Linux based Forensic, Basic Forensics

Tools.

DIGITAL EVIDENCES: What is Digital Evidences, How to identify digital evidence, How to treat digital

evidences, How to secure digital evidence, Evidence acquisition and Documentation, DATA IMAGINGAND IMAGING FORENSICS: Computer hard disk imaging, Terminology, Removable disks like pen drives,

CD/DVD, Removable hard disks, advanced techniques of data imaging, First Response Kit.

UNIT IV

RECOVERING OF DELETED FILES AND DELETED PARTITIONS: Recovering deleted files from computer,

Deleting Files, Files deleted into windows, Storage locations of recycle bin in NTFS and FAT system,

Recycle Bin Working, Damaged files in recycled folder, Recovering encrypted files (Decryption) e.g (MS

Office, Rar, etc.), Tools to recover deleted files, Recovering deleted files from Deleted Partition,

Recovering Deleted partitions, Deletion of partitions, Recovery of deleted partitions, Tools

UNIT V

NETWORK INTRUSION INVESTIGATION: Network Addressing Schemes, Sniffer, Tool: Tcpdump, Network

Sniffer, HTTP Sniffer, Ether Detect Packet Sniffer, Ethereal, IDS/IPS Log, Honey Pot Log, Honey Net Log

web application intrusion investigation: Types of Web Intrusions, SQL Injection Attack, Cross-Site

Scripting (XSS), Other Web Application Attack, Tools for Investigation, Case Studies and references

REFERENCE BOOKS:

1. Jerry Hatchett, Computer Forensics: A Real World Guide, Jul 2009, Auerbach Publications.

2. John R. Vacca, Computer Forensics: Computer Crime Scene Investigation, 2009, Firewall.

3. Linda Volonino, Reynaldo Anzaldua, Jana Godwin, Computer Forensics: Principles And Practices,

Aug 2006, Prentice Hall

4. Irons, Andersen, Laing, Computer Forensics, Cl Emea Higher EducationWarren G. Kruse, Jay G. Heiser, Computer Forensics: Incident Response Essentials, Sep 2001,

Addison-wesley Professional.


8/21

APPIN TECHNOLOGY LABDATA STRUCTURESUNIT-I

ARRAYS: Representation of single and multidimensional arrays; sparse arrays- lower and upper

triangular matrices and Tri-diagonal matrices,

UNIT-IISTACKS AND QUEUES: Introduction and primitive operations on stack; Stack application: Infix, postfix,

prefix expressions; Evaluation of postfix expression; Conversion from infix to postfix. Introduction and

primitive operation on queues, D-queues and priority queues.

UNIT-III

LISTS: Introduction to linked lists; Sequential and linked lists, operations such as traversal, insertion,

deletion, searching, Two way lists and Use of headers

Trees: Introduction and terminology; Traversal of binary trees; Recursive algorithms for tree operations

such as traversal, insertion, deletion;

UNIT-IVMULTILEVEL INDEXING AND B-TREES: Introduction: The invention of the B-tree; Statement of the

problem; Indexing with binary search trees; Multilevel indexing, a better approach to tree indexes; B-

trees: working up from the bottom; Example for creating a B-tree.

UNIT-V

SORTING TECHNIQUES: Insertion sort, selection sort, merge sort, heap sort.

Searching Techniques: linear search, binary search and hashing

REFERENCE BOOKS:

1. Lipschutz S, Data Structures (Special Indian Edition) (Schaum S Outline Series), 2008, Mcgraw-hillEducation (india) Ltd.

2. Yashavant Kanetkar, Written Test Questions In Data Structures, 2010-01-11, BPB Publications.

3. Debasis Samanta, Classic Data Structures, 2009, Phi Learning.

4. Alfred V. Aho, Jeffrey D. Ullman, John E. Hopcroft, Data Structures And Algorithms, 01/01/1983,Pearson.

5. Wirth, Niklaus, Algorithms + Data Structures = Programs2009, Phi Learning.


9/21


CYBER LAWS IN BUSINESS GROWTH

UNIT I

INTRODUCTION: Consumers & Cyberspace, Cyber stalking, Terrorism and Cybercrime, Crime: Meaning

& Concept, Rights and liability, Offences

UNIT II

CYBER LAW - INTERNATIONAL PERSPECTIVE: US Federal Act, Importance of trust and security on cyber-

space, General Laws and Procedures, Overview of IT Law, Data Protection Act, UK, Privacy Law

FUNDAMENTALS OF CYBER LAWS: Jurisprudence of Cyber Law in Indian context, Cyber laws in India,

The main scope and development of cyber-laws enforcement mechanisms

UNIT III

E-COMMERCE & E-GOVERNANCE ROLE: E-commerce, Introduction, Features, E- Governance, Cyber law

Issues, E-Business Management, Impediments in Implementing E-Governance Projects from Legal

Perspective, E- Courts, E-Contract, The Law of Contract, Construction of Electronic contracts, Issues of

security, Digital Signatures and certificates, Digital evidence

UNIT IV

CYBER CRIME AND DIGITAL EVIDENCETHE INDIAN PERSPECTIVE: The Information Technology Act,

2000, Introduction & application, Penalties & Offences, IT act 2008(Amendments), The Reserve Bank of

India Act, 1934, Cyber Theft and the Indian Telegraph Act, 1885, Negotiable Instrument Act, 1881

UNIT V

INTELLECTUAL PROPERTY ISSUES IN CYBER SPACE: IP Infringement, Copyright and Patent, Cyber

Squatting, Copyright on Web Content, Copyright on Software, Patent Issues in Cyber Space, ISSUES:

COMPLIANCE AND STANDARDIZATION: Issues in IT Industry, Cyber Law for Information Security in IT

industries, Cyber Ethics, CASE STUDIES: Latest Cyber crime cases, Need for Taking Steps Ahead,

Summary

REFERENCE BOOKS:

1. Tabraz Ahmad, Cyber Laws E-Commerce and M-Commerce, 2009, Aph Publishing Corporation.

2. Yatindra Singh, Cyber Laws, 2003, Universal Law Publishing Co. P Ltd.

3. L K Thakur, Asit Narayan, Internet Marketing, E-Commerce and Cyber Laws, 2000, Authorspress.

4. C K Punia, Cyber Laws, 2009, Sumit Enterprises

5. V. D. Dudeja, Information Technology And Cyber Laws, 2001, Commonwealth Publishers


10/21

APPIN TECHNOLOGY LABCOMPUTER AND INTERNET FUNDAMENTALS FOR MANAGERSUNIT I

THE ESSENTIALS: Computer Overview, the Front of a Computer and Peripheral Devices, the Inside of a

Computer, the Back of a Computer (Ports), System Bus and Expansion Cards, Memory Cache

UNIT IICOMPUTER PERFORMANCE: Understanding Hardware, Central Processing Unit (CPU) Memory, Printer

Basics, Types of Printers, Input/output Devices Exploring the Internet Introduction to the Internet.

UNIT III

CONNECTING TO THE INTERNET: Displaying a Specific Web Page, Browse the Web, Search the Web,

Adding a Web Page to Favorites and Changing your Home Page, Displaying a History of Visited Web

Pages Saving Pictures and Files to Disk (Downloading).

UNIT IV

HARDWARE: Computer hardware, fundamentals, parts, some components of hardware in details,

output/input devices, computer components, etc.

UNIT V

INTRODUCTION TO E-MAIL: Composing and Sending E-mail, Adding a Name to the Address Book,

Receiving E-mail, Replying to a Message, Forwarding and Deleting a Message.

REFERENCE BOOKS:

1. Sinha , Computer Fundamentals -4th Edition, 2003, Bpb.2. Shovan Lal Kundu, Foundation Of Programming With BASIC & Computer Fundamentals, 2001,

Macmillan Publishers India3.

Rohit Khurana, Computer Fundamentals and Internet Basics, 2010.

4. Computer Fundamentals And Information TechnologyRamesh Bangia, 2008, Firewall

5. Ms. S. N. Akhter, Computer Fundamentals (Concepts Systems Applications) Publishing Date:

2007, Shree Niwas Publications.


11/21

APPIN TECHNOLOGY LABTHIRD SEMESTER

DATA SECURITY IN BUSINESSUNIT I

Introduction: Overview, Data Security Management, Characteristics Of Access Security In The System,Data Security Issues And Solutions

UNIT II

Data Backup: Introduction, Data Backup Strategies

UNIT III

Cryptography: Cryptography, Strength Of The Cryptography, Goals Of Cryptography, Some Technical

Terms, Types Of Cipher Text, Types Of Cryptography,

UNIT IV

Data Encryption Standard (Des), Idea: International Data Encryption Algorithm, AsymmetricCryptography, Rsa Algorithm, Hash Functions, Digital Signatures, Digital Certification

UNIT V

Stagenography: Overview, How Does It Work?Steganography In Images, Steganography In Audio,

Genetic Algorithm Approach, Steganography In Video

REFERENCE BOOKS:

1. Paulus R. Wayleith, Data Security: Laws and Safeguards, 2008, Nova Science Publishers Inc.

2. LIC Books, Data Security: Information Security, Biometric Passport, Backup, Database Audit, Data

Remanence, Firewall, Drivesavers, Data Erasure, May 2010, Books Llc

3. Terry Bernstein, Anish B. Bhimani, Eugene Schultz, Carol A. Siegel, Internet Security For Business,

1996-07-23, John Wiley & Sons

4. Ivan B. Damgard, Lectures On Data Security: Modern Cryptology In Theory And Practice,Apr

1999, Springer-verlag.

5. Rita Tehan, Data Security Breaches: Context And Incident Summaries, Aug 2008, Nova Science

Publishers.


12/21

APPIN TECHNOLOGY LABWEB SECURITY

UNIT I

LAN SECURITY: Introduction to LAN, Why LAN Security is Important, LAN/WAN Components, Topology,

Protocols, Threats of LAN, Inappropriate Access to LAN Resources, Disclosure of Data, Unauthorized

Modification of Data and Software, Disclosure of LAN Traffic.

UNIT II

NETWORK SCANNING: Network Scanners, Types of Scanning, Scanning Methodology, Spoofing of LAN

Traffic, Disruption of LAN Functions, Security Services and Mechanisms, Intruding MAC Address.

FIREWALL SECURITY: Firewalls, Why Firewall, Working of firewall, Types of Firewall, Applications of

Firewall, Advantages and Disadvantages of Firewall.

UNIT III

INTERNET SECURITY: Introduction, Security Intrusions and Security Properties, Threats Faced on

Internet, Introduction to IP Addresses, Finding IP Address of a Remote System, Proxy Servers: Hiding

Your Identity: Anonymous Surfing, Proxy Server, Why Proxying?, Working of Proxy Server, Advantages of

Proxying, Disadvantage of Proxying, What is a SOCKS proxy server?

UNIT IV

E-MAIL SECURITY:Introduction, History of E-mail, Email addresses, How E-mail Works?, Various

Mail Servers, E-mail Protocols.

EMAIL TRACING AND SPAMMING: Analysis of Email Headers, Email Tracking, IP Tracking using Email,

Spamming, Ways to Prevent Spam, How to steal Data from an E-mail?

UNIT V

EMAIL EXCHANGE SERVER SECURITY: E-mail Exchange Server Security, Virus Protection, RPC over HTTP,

Protecting front-end Servers, Keep Exchange Server up-to-date, Cyber Laws Regarding Spamming,

Security Policies.

REFERENCE BOOKS:

1. Komunte Mary, Web Security, Prof Venansius Baryamureeba , Jul 2010, Lap Lambert Academic

Publishing.

2. Web Security Exploits: Trojan Horse, Cross-Site Scripting, Session Fixation, Idn Homograph

Attack, Cross-Site Request Forgery, Clickjacking, Llc Books, May 2010, Books Llc

3. Testing Web Security: Assessing The Security Of Web Sites And Applications, Steven Splaine,

October 2002, John Wiley & Sons.

4. Elfriede A. Dustin, Jeff Rashka, Douglas Mcdiarmid, Quality Web Systems: Performance, Security,

And Usability, Aug 2001, Addison-wesley Professional.

5. Rickland Hollar, Richard Murphy, Enterprise Web Services Security, 2006, Shroff/charles RiverMedia.


13/21

APPIN TECHNOLOGY LABNETWORK SECURITY

UNIT I

MOBILE SECURITY: what is mobile? Architecture of Mobile Communication, Mobile Generation,

Technology of Mobile Communication, Mobile Phone Standards, Protocols used in Mobile, SIM, Mobile

Safeguards and Solutions

UNIT II

VOICE OVER INTERNET PROTOCOL: Definition & Trends, Services, Types of VOIP, Components of VOIP,

IP telephony & IP Paging, Protocols and Acronyms, Reasons for VOIP, Problems in VOIP, SKYPE, VOIP

Security Scenario, How do we secure VOIP? VIRTUAL PRIVATE NETWORK SECURITY: Introduction to VPN,

Application & Requirements of VPN, VPN types, Open VPN, Models of VPN, IPSEC VPN.

UNIT III

WIRELESS LAN: Introduction, Basics of wireless LAN, Antennas, Access Point Positioning, Rogue Access

Point, Wired Equivalent Privacy, DOS attack, Man in Middle ATTACK (MITM), Tools, Wireless Intrusion

Detection, Open Source Scanning Software, ROUTER BASICS: What is a router? Static and dynamic

routing, Work to Router, Keeping the Messages Moving, Directing Traffic, Transmitting Packets.ROUTER SECURITY: Understanding the protocols, Tracing the message, Denial of service attack,

Configuration of Router, Protocols on a Router, RFC 1483, Handshake Protocols, NAT (Network Address

Translation), NAPT Services, ADSL Details, Trouble Shooting, Routing Table Problems, Various types of

Intrusion, Securing the Routers.

UNIT IV

INTRUSION DETECTION AND PREVENTION: Introduction, Intrusion, Detection and Prevention, IDS,

NEED of IDS, Components, types, What is not an IDS? Detection Methodologies, Various tools available,

Limitations of IDS, intrusion prevention system, types, network based IPS, Counter Measures taken by

an IPS, Risks involved.

UNIT V

ACCESS CONTROL SYSTEM: Introduction: What is Access Control, Access Control in Physical Security,

Access Control in Information Security, Need of an Access Control System, Some Concepts Related to

Access Control, Policies, Models, and Mechanisms, Discretionary Access CONTROL (DAC), Non-

Discretionary Access Control, Mandatory Access Control (MAC), Role-Based Access Control.

REFERENCE BOOKS:

1. Roberta Bragg, Network Security: The Complete Reference, 2004, Tata Mgraw Hill.

2. Shaffer, Simon, Network Security, 1994, Academic Press.

3. Nitesh Dhanjani, Network Security Tools, Justin Clarke, 2005, Shroff/o'reilly.

4. Andrew Lockhart, Network Security Hacks, 2004, Shroff/o'reilly.5. Venkataram, Wireless And Mobile Network Security, Mcgraw-hill (tmh).


14/21

APPIN TECHNOLOGY LABDESKTOP AND SERVER SECURITY

UNIT I

DESKTOP & SERVER SECURITY: Introduction, What Is Registry?, Registry Editing, Backups And Recovery,

Policy, .Ini File Virtualization

UNIT II

WINDOWS 9X OPERATING SYSTEMS: Steps to Create Registry Values, Some Of The Examples To Change

The Registry Default Settings, NT Security, Security Architecture Components

UNIT III

INTRODUCTION TO SECURING IN NT BOX: Backups, Windows Vulnerabilities And Threats, How To

Determine If You Are At Risk? Use Any Vulnerability Scanner,

UNIT IV

How To Protect Against The Windows Services Vulnerabilities, LINUX SECURITY: Introduction: Linux

Based, Benefits Of Linux, How Secure Should My Linux Be?

UNIT V

How To Set Up A Firewall Under Linux?, Windows Vs. Linux Design, Realistic Security And Severity

Metrics, Cert Vulnerability Notes Database Results

REFERENCE BOOKS:

1. Mike Danseglio, Securing Windows Server 2003, 2005, Shroff/o'reilly.

2. Mike Danseglio, Robbie Allen, Windows Server 2003 Security Cookbook, 2006, Shroff/o'reilly

3. Michael A. Caloyannides, Desktop Witness: The Do's And Don'ts Of Personal Computer Security,

Jul 2002, John Wiley & Sons

4. Roger A. Grimes, PROFESSIONAL WINDOWS DESKTOP & SERVER HARDENING, June 2006Wiley India Pvt Ltd

5. Ann-marie Kishel, Sheila Rivera, Server, Jan 2007, Lerner Classroom


15/21

APPIN TECHNOLOGY LABPROTECTION FROM HACKING ATTACKS

UNIT I

MALWARES: Introduction to Malwares, Types Of Malwares, Installing Bots On Target Machines,

Attacking Methods, Working Of Bots, Malware Detection Technique. Counter measures.

UNIT II

NETWORK INTRUSION: Introduction To Intrusion, Types of Intrusions, Non-Technical Intrusion,

Technical intrusion, Backtrack, live examples, tools, intrusion tricks.

UNIT III

BACKDOORS: Backdoors, Root kits, glossary, malware glossary, more to backdoors.

UNIT IV

ART OF GOOGLING: Introduction, The Google Toolbar, Searching Techniques, Directory Listing,

More to googling, Google intruding tricks.

UNIT V

ADVANCES INTRUSION: Locating Cgi-Bin, Camera Intruding, Some Tricks, More Tricks, live

images, tools.

REFERENCE BOOKS:

1. Mcclure, Web Hacking: Attacks & Defects, 01/01/2003, Dorling Kindersley India.2. Andrew Whitaker, Keatron Evans, Jack Voth, Chained Exploits: Advanced Hacking Attacks from

Start to Finish, Nov 2008, Addison-wesley Professiona.

3. John Chirillo, Hack Attacks Revealed: A Complete Reference With Custom Security HackingToolkit, 2001-04-05, John Wiley & Sons.

4. Himanshu Dwivedi, Hacking VoIP: Protocols, Attacks, And Countermeasures, Oct 2008, NoStarch Press.

5. Ec-council, Ec-council, Ethical Hacking And Countermeasures: Attack Phases, Sep 2009, CourseTechnology.


16/21

APPIN TECHNOLOGY LABFOURTH SEMESTER

INFORMATION MANAGEMENT SYSTEM

UNIT I

INTRODUCTION TO INFORMATION SECURITY AUDITING: ISO 27001, History of ISO 27001, Standardsand International Organization for Standardization, BS7799 / ISO 1799, ISO 27001, Domain of BS 7799-1,

Improvement in ISO 27001 over BS 7799, Control objective and controls in ISO 27001, Selection and

Implementation of Controls, Developing and Adopting Policies, Mandatory requirements, Information

security management system, Management responsibility, Management Review of the ISMS.

UNIT II

MANAGING SECURITY AWARENESS: ISMS, ISMS implementation, Management security, Managing

Security Awareness, Need for Security Management, Impact of a sound Security Management System,

and Security awareness usually fails, WHY? ISO 27001 certification, Role of auditors, Marketing ISO

27001 to Senior Management, Preparing for Certification, Compliance accreditation and certification.

UNIT IIIRISK ASSESSMENT, BUSINESS CONTINITY: What is Risk, What is Risk Assessment, Kind of Risk, Stage of

Risk Assessment, Approaches to Risk Assessment, Qualitative Risk Assessment, Quantitative Risk

Assessment, Popular methodologies for Risk Assessment, Business continuity. DISASTER MANAGEMENT

SYSTEM: Disasters, Types of Disasters, Local site disasters, Site disaster - encompass the whole building,

Area disaster - cover the whole area/vicinity, On the basis of the cause of origin, Elements of a good

Business Continuity Plan, Building a Business Continuity Plan, Assess Business Requirements, Identify the

IT requirements, Building the Backup/recovery solution.

UNIT IV

ISMS AUDITS AND METHODOLOGY: Audit concepts, Audit fundamentals, Audit management standard,

Types of Audits, Audit planning, Audit Execution, Audit reporting, Audit follow-up, SECURITY

MANAGEMENT PRACTICES AND FRAMEWORK: Security Management Practices, The Big Three: CIA,

Security Management Practices, Identification of Assets, Determining Value of Assets, Threats on Assets

RISK MANAGEMENT: Risk Identification, Principles of Risk Management, Safeguard Selection, Data

Classification, Classification Criteria, Information Classification Procedure Assets Protection.

UNIT V

SECURITY FRAMEWORKS: What is Security, Adequate Security? What is required for Adequate Security?

Aspects of Security, Framework 1: Defense in Depth (DID) Secure Environment, Framework 2: OCTAVE,

Framework 3: Security Risk Analysis, Framework 4: Threat Modeling, Stride, Dread

REFERENCE BOOKS:

1. R. G. Murdick, J. E. Ross and J. R. Clagget, Information Systems for Modern Management, 3rdEdition by, PHI 1994.

2. Parker, Charles Case, Thomas, Management Information System: Strategy & Action, 2nd

Edition, TMH, 1993.

3. Thitima Pitinanondha, Operational Risk Management Systems, Mar 2010, Vdm Verlag Dr. Muller

Aktiengesellschaft.

4. Gurpreet Dhillon, Managing Information Systems Security, 1997, Palgrave Macmillan.

5. Mahadeo Jaiswal, Management Information Systems, 2004-07-15, Oxford.


17/21

APPIN TECHNOLOGY LABSECURED PROGRAMMING

UNIT I

SECURE PROGRAMMING CONCEPTS AND PRINCIPLES: Designing for security, Threat modeling,

decompose a system, develop and use Threat Trees, Efforts for protecting information, Why deploying

redundant security measures is appropriate, Planning of code failure in a secure manner, Executing code

with minimum rights, Does security though hiding implementation details work, Remaining alert andstaying aware.

UNIT II

SECURE PROGRAMMING ISSUES AND TECHNIQUES: Implementing authentication username/password,

biometrics, Digital Certificates, Commonly used systems such as X.509 Certificate Authentication,

Kerberos, Microsoft Passport, Authorization, Using Access Control Lists (ACLs), Implementing encryption,

Using auditing in applications, Denial of service and techniques for increasing availability, Spoofing

Identity, Tempering With Data, Repudiation, Information Disclosure, Denial of Service.

UNIT III

COMMON METHODS OF ATTACK AND HOW TO PREVENT THEM: Buffer overflows, protecting against

buffer overflows, avoiding dangerous calls, Malicious input, Input issues and trust boundaries, Raceconditions, Avoiding deadlocks, Avoiding TOCTOU (Time of Change/Time of Use) race conditions,

Remedies, Spoofing, Spoofing types and defenses.

UNIT IV

SECURITY TESTING: Fundamental differences from functional testing, The most common security flaws,

Using code coverage as a metric, Using threat coverage as a metric, How to assess the vulnerability of

your system, How to assess the vulnerability of your own code, How to assess the vulnerability of

commercial products such as databases, communication packages, server software, operating systems.

UNIT V

C SECURED PROGRAMMING: Introduction, General Types of intrusions can be possible, Architectural

Principle, Design Ideas, Language Specific Tips, C++ SECURED PROGRAMMING: Introduction, GeneralTypes of intrusion can be possible, Architectural Principle, Design Ideas, Language Specific Tips, and

Source Level Security Auditing Tools, Physical threats, Electronic threats, The Threat Equation, Handling

risks in software.

REFERENCE BOOKS:

1. Brian Chess, Jacob West, Secure Programming with Static Analysis, 2007, Addison-wesley

Professional.

2. Jon Viega, Matt Messier, Zachary Girouard, Secure Programming Cookbook for C and C++, Jul

2003, O'reilly Media.

3. Wei Hu , DCE Security Programming, 1995, O*reilly & Associates, Incorporated.

4. J. Vitek, C. Damsgaard Jensen, Secure Internet Programming: Security Issues, Jul 1999, Springer-verlag Berlin And Heidelberg Gmbh.

5. Alpay Doruk, Security Review Program Requirements For Intrusion Management Systems, Lap

Lambert Academic Publishing


18/21

APPIN TECHNOLOGY LABDATABASE MANAGEMENT SYSTEM (DBMS)

UNIT I

Introduction: DBMS Definition Continuation, Database, Management concepts and systems, Database

Languages, DLL, Data Independence, Advantages and Disadvantages.

UNIT II

Entity Relationship Model: ER diagrams, Relationship sets, Degree, Attributes,Concepts of Entity,Relationship, Types, and Roles, Cardinality Constraints, Aggregation,

UNIT III

Indexing & hashing: Basic concept, Ordered Indices, Index Files, Static Hashing, Hash Functions,

Dynamic Hashing,

UNIT IV

Relational Data Model: Terminology, Set operations, union and join,

SQL (Structural Query Language): SQL, Sql database-table, functions, Relational Database Design by ER-and EER-to-Relational Mapping, Mapping EER Model to Relations,

UNIT V

Data Normalization: Normalization and its process, The Raw Database, Data Redundancy, The Normal

Forms, Transaction: Transaction concepts, ACID Properties, Transaction State, Schedules, Concurrency

Control: Lock Conversions, Lock Table , Multiple Granularity, Deadlock Recovery, Recovery Techniques,

Data Access, Deferred Database Modification

REFERENCE BOOKS:

1. R. Elmarsi and SB Navathe, Fundamentals of Database Systems, Addison Wesley, 4th Ed., 20042. Abraham Silberschatz, Henry Korth, S. Sudarshan, Database Systems Concepts, 4th Edition,

McGraw Hill, 1997.

3. Jim Melton, Alan Simon, Understanding the new SQL: A complete Guide, Morgan Kaufmann

Publishers, 1993.

4. A. K. Majumdar, P. Battacharya, Data Base Management Systems, TMH, 1996.

5. Bipin Desai, An Introduction to database Systems, Galgotia Publications, 1991.


19/21

APPIN TECHNOLOGY LABPROJECT WORK

Student is required to undertake a Project Work at Ist Semester of online MBA and to prepare and

submit a project report as a fulfillment of the course.

Selection of Project Topic (Title):- Student has to identify and define topic of the project in the specific subject of Course. The project work should be conducted individually by field work in any

organization/market/library relevant to the topic.

The project work can be based on primary or secondary information and data. The project report should be presented in approximately 150-200 pages and should be

approved by the guiding teacher.

Guiding faculty:-The student should approach to any teaching faculty of MBA for approval and decide the title of

the project in consultation with guiding teacher. A form prescribed for the project work duly

filled should be submitted to Appin and registration should be obtained.

Weightage of marks:-The project work carries total weightage of 6 credits out of which, the report carries the

weightage of 2 credits and Presentation and project done carries the weightage of 4 credits.

It is compulsory for each participant to prepare project report in consultation and under the able

guidance of Project Guide/Supervisor and submit copy of Outline of Project Proposal in specified form

(Enclosed herewith) duly signed by you and your Guide to the Appin office.

Your outline of Project Proposal should clearly state following:

A Brief Conceptual introduction of the Project work. Objectives of the Project work Sources of information Structure of the Project work Significance of the Project work

Key points in Submission of Project Report:

The Project report should be submitted in A-4 size (29-20cm) in a bound volume and also onecopy to be uploaded online on the students account.

The length of the Project report shall be about 60 to 75 double spaced computerized print outpages.

The Font Size shall be preferably of 12 or 11 and in Times Roman Letters.

You need to submit only two hard and also a soft copy (CD) of Project Report

The project report must include certificate of originality of the work carrying that the workundertaken by him/her is an original one and has not been submitted earlier either to this

University or to any other institution for fulfillment of the requirement of a course of study that

is to be signed and approved by Project Guide/Supervisor and to be countersigned by you.

The Project Report once submitted will not be returned to the student. The Project Report should be submitted before the given deadline.

PROFORMA FOR APPROVAL OF TOPIC OF PROJECT REPORT SUBMISSION


20/21


Name: ______________________________________________________________________

Roll No. ____________

Address for Communication:

____________________________________________________________________________

____________________________________________________________________________

____________________________________________________________________________

Contact No: (R) ____________ (M) ______________

Email: ______________________________________

TITLE OF THE PROJECT:________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

(Note: Attach a Brief outl ine duly signed by you and Guid e without fai l)

Name of Project Guide: ________________________________________________________Note: Your Guide should be faculty memb er for the course.

Educational Qualifications (in Brief)____________________________________________________________________________

Whether your Project Guide is Employed (if yes please Answer Following)Designation: ________________________ Contact No. (s)______________________

Office Address:________________________________________________________________________________________________________________________________________________________

________________________________________________________________________________________________________________________________________________________

Date: (Signature of Guide) (Signature of Student)


21/21

APPIN TECHNOLOGY LABPOSSIBLE WAYS OF UNDERTAKING A PROJECT WORK:

A Comprehensive organizational Case Study of an Organization: Based on Field WorkOrganization, Company, Firm, Market & Library, security concerns of a firm.

She/he May Focus on Problem Formulation, Analysis & Recommendations. An Inter-organizational Study on Management Practices, security practices. She/he can carry out An Exploratory Study of Market/Organizations Based On Primary Information/Secondary Data, etc. The Project Work Based On Secondary Data & Information Supported With Field Work In A Fairly Big Organization, Company, Firm, Market, and Library. She/he May Undergo a Training in an Organization, Company, Firm as the case may be. The Project Work Can Be Based On Primary Data On A Chosen Topic.

A BRIEF ABOUT HOW TO PREPARE PROPOSAL:

Introduction Review of Literature Objectives of the Project Research Design Research Methodology

(1) Sources of Information

(i) Secondary Data

(ii) Primary Data

(2) Research Tool

(3) Sampling Decisions

(i) Sampling units

(ii) A Representative Sample

(iii) Sampling Size

(iv) Sampling Method

(4) Data Analysis and Interpretation

Significance of the Study Relevance of the Study (consider its need to the present day problems and society as well as

country)

Contribution to Knowledge Limitations of the Study Selected References

appin technology lab (network security courses )

Documents