Course Objectives:
This course examines the methods for securing information existing in different forms. This course will provide an introduction to the different technical and administrative aspects of Information Security and Assurance. Also, one cannot protect his information assets if he doesn’t know how attackers think and what techniques attackers use to exploit systems. Hence, learning offensive security techniques like Ethical Hacking and penetration testing is becoming a need of future cyber security world. Objectives are: 1. To facilitate individual in gaining knowledge on information security management systems,.2. To facilitate individual in gaining knowledge on security standards like ISO-27001 standards, TCSEC, ITSEC, Secure coding etc. 3. To train individual to become competent information security professional by learning both theoretical as well as practical ethical hacking and penetration testing knowledge base.
Prerequisites: Basic computer networking, operating systems and computer programming knowledge is required.
Unit 1: Introduction to Information security, Concepts, Threats, Attacks, and Assets, Security Functional Requirements, Countermeasures , Access Control Principles, Access Rights , Discretionary Access Control, Role - Based Access Control, Mandatory Access Control , Trusted Computing and Multilevel Security, Security Design Principles, Cryptographic Tools, Common Criteria for Information Technology Security Evaluation, Information security management systems (ISMS), ISO27000 and other security standards, Management responsibility, Responsibilities of Chief Information Security Officer (CISO)
Unit 2: Security audits and assurance, Information Security Policy, Standards, and Practices, Asset Management, Human Resource Security, Security awareness training, Physical Security, Risk Management, Business continuity planning, Disaster Recovery planning, Penetration Testing Methodologies Security Assessments, Penetration Testing Methodologies, Penetration Testing Steps, Setting up own virtual ethical hacking lab for experimentation, Ethical Hacking and penetration Basics - Hacking terminology & attacks, Ethics, Legality.
Unit 3: Phases - Reconnaissance, Scanning,Gaining access, Maintaining access, Covering tracks; Reconnaissance - Information gathering,Vulnerability research, Foot -printing, whois, DNS enumeration, Social Engineering, E - Mail Tracking,Web Spiders; Scanning & Enumeration - Sniffing techniques & tools, arp/icmp/tcp/ip host discovery, types of Scanning , Ping Sweep Techniques, Nmap, Command Switches, SYN, Stealth, XMAS, NULL, IDLE, and FIN Scansdetecting OS fingerprinting, banner grabbing, Null Sessions, SNMP/DHCP/DNS enumeration, Proxy Servers, Anonymizers, HTTP Tunneling Techniques, IP Spoofing Techniques; Cryptographic Techniques
Unit 4: Attacking
System and Maintaining Access– Password/hashcracking, NetBIOS DoS Attacks,
PasswordCracking Countermeasures; escalating privileges - exploiting
vulnerabilities, Buffer Overflows,Rootkits, Hiding FilesNTFS Stream
Countermeasures, Steganography Technologies, Cover tracks and Erase Evidence,
Disabling Auditing, Clearing the event Log, Malware attacks-Trojan, Backdoor,
Viruses, Worms, DoS/DDoS; Attacks, Windows Hacking; Linux Hacking; Web and
Database Hacking; Google Hacking; Wireless Hacking; Mobile Hacking; Penetration
Testing Tools like Kali Linux, Metasploit ,Pen-Test Deliverables
1. Michael E Whitman, Herbert J Mattord, “Principles of Information Security”, Course Technology, 3rd Edition, 2008.
2. Dhavale, S. V. (2019). Constructing an Ethical Hacking Knowledge Base for Threat Awareness and Prevention (pp. 1-305). Hershey, PA: IGI Global.
3. Stuart McClure, Joel Scambray, George Kurtz, “Hacking Exposed:n/w sec secrets and solutions”, Mcgraw Hill, 2012Reference Books:
1. Various Security Standards - ISO 27000 series published by ISO.
2. Department of Defense Standard, Department of Defense, “Trusted Computer System Evaluation Criteria”, Orange Book.
3. Dieter Gollmann, “Computer Security”, John Wiley and Sons, Inc., 3rd edition, 2011
4. David Kennedy, Jim O’Gorman, Devon Kearns, and MatiAharoni, ”Metasploitpentest guide”,No starch Press, san Francisco, 2011
5. Bastian ballman, “Understanding n/w hacks:attack and defense with python”, Springer,2012
6. Rich Annings, HimanshuDwivedi, Zane Lackey, ”Hacking Exponsed Web 2.0”, Tata Mcgraw hill Edition
7. Research paper for study (if any) - White papers on multimedia from IEEE/ACM/Elsevier/Spinger/IBM/EC-Council sources
8. William Stallings and Lawrie Brown, “Computer Security: Principles and Practice”, 2nd edition, Pearson, 2012.
9. Krutz, R. L. & Vines, R. D., “The CISSP and CAP Prep Guide”, Platinum Edition, New York, Wiley Publishing., 2006.
10. Nina Godbole, “Information Systems Security: Security Management, Metrics, Frameworks and Best Practices”, Wiley India Pvt Ltd, 2012.