Syllabus (COMPUTER APPLICATION)

Course Type: MAJ-11

Semester: 7

Course Code: BCAMAJ11C

Course Title: Cyber Security

(L-P-Tu): 4-2-0

Credit: 6

Practical/Theory: Combined

Course Objective: Course Objectives: Students who complete this course will have the fundamental know-how and abilities needed to manage cyber security risks and threats at an organizational level. The types and scope of current cyberthreats, case studies in threat prevention and incident management, organizational mechanisms, policies, and procedures for reducing the risks and costs associated with breaches, current trends and developments in threats and mitigation, and resources for identifying new threats and approaches to mitigation are among the lessons that students will learn.

Learning Outcome: Course Outcomes: On successful completion of the course, students will be able to: Analyse and evaluate the cyber security needs of an organization. Conduct a cyber security risk assessment. Measure the performance and troubleshoot cyber security systems. Implement cyber security solutions. Use cyber security, information assurance, and cyber/computer forensics software/tools. Identify the key cyber security vendors in the marketplace. Design and develop a security architecture for an organization. Design operational and strategic cyber security strategies and policies.

Syllabus:

Unit I :Theory Credit: 4(L 60)

Introduction to Cyber Security: Overview of Cyber Security, Internet Governance – Challenges and Constraints, Cyber Threats: - Cyber Warfare-Cyber Crime-Cyber Terrorism- Cyber Espionage, need for a Comprehensive Cyber Security Policy, Need for a Nodal Authority, Need for an International convention on Cyberspace. [L 4]

Cyber Security Vulnerabilities and Cyber Security Safeguards: Cyber Security Vulnerabilities Overview, System administration, Complex Network Architectures, Open Access to Organizational Data, Weak Authentication, Unprotected Broadband communications, Poor Cyber Security Awareness, Cyber Security Safeguards- Overview, Access control, Audit, Authentication, Biometrics, Cryptography, Deception, Denial of Service Filters, Ethical Hacking, Firewalls, Intrusion Detection Systems. [L 6]

Securing Web Application, Services and Servers: Introduction, Basic security for HTTP Applications and Services, Basic Security for SOAP Services, Identity Management and Web Services, Authorization Patterns, Security Considerations, Challenges. [L 6]

Intrusion Detection and Prevention: Intrusion, Physical Theft, Abuse of Privileges, Unauthorized Access by Outsider, Malware infection, Intrusion detection and Prevention Techniques, Anti-Malware software, Network based Intrusion detection Systems, Network based Intrusion Prevention Systems. [L 6]

Malware Analysis & Reverse Engineering: Fundamentals of Malware Analysis (MA), Reverse Engineering Malware (REM) Methodology. [L 5]

Cryptography and Network Security: Introduction to Cryptography, Symmetric key Cryptography, Asymmetric key Cryptography, Message Authentication, Digital Signatures, Applications of Cryptography. Overview of Firewalls- Types of Firewalls. [L 10]

Cyberspace and the Law: Concept of Cyberspace, Issues of Jurisdiction in Cyberspace: Jurisdiction Principles under International law, Jurisdiction in different states, Position in India. [L 6]

Ethical Hacking and Response: Ethical hacking process, Hackers behaviour & mindset, Maintaining Anonymity, Hacking Methodology, Information Gathering, Active and Passive Sniffing, Physical security vulnerabilities and countermeasures. Internal and External testing. Preparation of Ethical Hacking and Penetration Test Reports and Documents, Social Engineering attacks and countermeasures. Password attacks, Privilege Escalation and Executing Applications, Network Infrastructure Vulnerabilities, IP spoofing, DNS spoofing, Wireless Hacking: Wireless footprint, Wireless scanning and enumeration, Gaining access (hacking 802.11), WEP, WPA, WPA2, DoS attacks. Web server and application vulnerabilities, SQL injection attacks, Vulnerability Analysis and Reverse Engineering, Buffer overflow attacks. Client-side browser exploits, Exploiting Windows Access Control Model for Local Elevation Privilege. Exploiting vulnerabilities in Mobile Application, Introduction to Metasploit, Metasploit framework, Metasploit Console, Payloads, Metrpreter, Introduction to Armitage, Installing and using Kali Linux Distribution, Introduction to penetration testing tools in Kali Linux. Case Studies of recent vulnerabilities and attacks. [L 17]

Unit II: Cyber Security Lab Credit: 2 (L 60)

Set up of virtual ethical hacking lab, Introduction to key MA tools and techniques, Introduction to Network based Intrusion Prevention Systems.

Kali Linux: Installing and using of Kali Linux Distribution, Kali Linux command line, working with files, directories, key strokes, shell variables, vi, vim, nano, bash shell scripting, user management, group management, file permission, networking, password breaking, ethical hacking tools in Kali linux, Introduction to penetration testing tools in Kali Linux, social engineering attacks such as phishing, malware, spyware, adware, ransomware and Bluetooth attacks, Case Studies of recent vulnerabilities and attacks.

Ethical hacking tools: Penetration testing and collecting data for exploration using Sniper,nmap scan using Brutex, XSS scanner using Dalfox,web application security testing using OWASP Zed Attack Proxy (ZAP), Footprining tools, Location tracer, Website copier, Foca, Whois, IP and DNS Lookup.

Metasploit framework, Metagoofil: How to install Metagoofil, information gathering Metagoofil, Maltego: Find IP, location, domain using Maltego; Different kinds of system attack,Introduction to Cyber Forensics tools.

Reading References:

1. R. Baloch, Ethical Hacking and Penetration Testing Guide, CRC Press.
2. K. Beaver, Hacking for Dummies, 3rded. John Wiley & sons.
3. B. A. Forouzan, Cryptography & Network Security. Tata McGraw-Hill Education.
4. Michael Sikorski, Andrew Honig, Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software, William Pollock.
5. John Sammons, The Basics of Digital Forensics, Elsevier, 1st Edition.
6. Davidoff, Sherri, Network forensics: Tracking hackers through cyberspace, Pearson education India private limited.
7. Dr. Farooq Ahmad, Cyber Law in India, Allahbad Law Agency- Faridabad.
8. J. P. Sharma, Sunaina Kanojia, Cyber Laws.