Cyber Security Course
The course has been designed to give students an extensive overview of cyber security issues, tools and techniques that are critical in solving problems in cyber security domains. The course aims at providing students with concepts of computer security, cryptography, digital money, secure protocols, detection and other security techniques. The course will help students to gauge understanding in essential techniques in protecting Information Systems, IT infrastructure, analysing and monitoring potential threats and attacks, devising security architecture and implementing security solutions. The students will also have a wider perspective to information security from national security perspective from both technology and legal perspective.
- Understand, appreciate, employ, design and implement appropriate security technologies and policies to protect computers and digital information.
- Identify & Evaluate Information Security threats and vulnerabilities in Information Systems and apply security measures to real time scenarios
- Identify common trade-offs and compromises that are made in the design and development process of Information Systems
- Demonstrate the use of standards and cyber laws to enhance information security in the development process and infrastructure protection
Duration : 28 hours
The course will cover the basics of information security & spread awareness of this field to help the participants understand the importance of security in their daily lives in the IT field.
Module 1: Cyber Security Concepts (3.5 hours)
Essential Terminologies: Introduction about CS, CIA, Threats, Vulnerability, Attacks, Hacking, Phases of hacking, NIST cyber security Model, Data Leakage prevention, Role of AI and ML in cyber Security, Information Gathering , Active and passive footprinting, Scanning, Social Engineering.Vulnerability scanning and Penetration Testing. Open Source/ Free/ Trial Tools: nmap, zenmap, Port Scanners, Network scanners (Nessus),ZAP,SEToolkit.
Module 2: Cryptography and Cryptanalysis (3 hours)
Introduction to Cryptography, Symmetric key Cryptography, DES Vs AES, Key sharing Algorithm (Deffie-helman), Asymmetric key Cryptography, RSA, Hashing, Digital Signatures. Security Protocols: Security at Transport Layer- SSL and TLS , VPN Security, Security at Network Layer-IPSec, security at the Application Layer- PGP, PKI , Cryptanalysis, Cryptographic attacks, Countermeasures. Intrusion Detection System, Host based and network based IDS, Advantages of IDS, Disadvantages. Overview of Firewalls- Types of Firewalls, Advantages, Disadvantages of Firewalls. Next generation Firewalls. Steganography, Types of steganography, Steganalysis. Open Source/ Free/ Trial Tools: Implementation of Cryptographic techniques, Hash Values Calculations MD5, SHA1, SHA256, SHA 512, Steganography (Snow, Quick stego)
Module 3: Infrastructure and Network Security (3.5 hours)
Introduction to Networks, Classification of Networks, Network Topologies, OSI and TCP/IP model, Network Security, Network Zoning, Défense in Depth, Network security concepts, SOC and SIEM, Network packet Sniffing, MAC flooding, ARP spoofing/Poisoning attacks, Man in the Middle attack. DOS/ DDOS attacks, Session Hijacking Concepts, Network level and application Level Session Hijacking, Session Fixation Attacks, Countermeasures. Open Source/ Free/ Trial Tools: DOS Attacks, DDOS attacks, Wireshark, Cain & abel.
Module 4: Cyber Security Vulnerabilities& Safe Guards (3 hours)
Internet Security, Web Server concepts, Web server Security, Web server Attacks, Web application Vulnerabilities, Web Application attacks, OWASP(Open Web Application Security Project) top 10 attacks, Countermeasures, Vulnerability Assessment. Cloud Computing &Security, IOT Security Open Source/ Free/ Trial Tools: Zap proxy (OWASP), burp suite, DVWA kit, Webgoat.
Module 5: Malware (2.5 hours)
Explanation of Malware, Types of Malware: Virus, Worms, Trojans, Rootkits, Adware’s, Spywares, Ransom wares. OS Hardening, Malware Analysis. Static and Dynamic Malware Analysis. Open Source/ Free/ Trial Tools: HTTP RAT, Windows Trojan, JPS virus Maker, WORM generator. OllyDbg, TCPview, Regedit, WinPatrol
Module 6: Security in Evolving Technology (2 hours)
Biometrics, Web server configuration and Security. Introduction, Basic security for HTTP Applications and Services, Basic Security for Web Services like SOAP, REST etc., Identity Management and Web Services, Authorization Patterns, Security Considerations, Challenges.
Module 7: Cyber Laws and Forensics (2.5 hours)
Introduction, Cyber Security Regulations, Roles of International Law, Cyber Security Standards. The INDIAN Cyberspace, National Cyber Security Policy 2013. Introduction to Cyber Forensics, Need of Cyber Forensics, Cyber Evidence, Documentation and Management of Crime Scene, Image Capturing and its importance. Order of Volatility, Image Analysis, Live and post-mortem Analysis, Memory Analysis. Open Source/ Free/ Trial Tools: Cyber Check, USB Image Acquisition using True Back, Memory dump using FTK imager, Sysinternals tool suite.
List of Practicals
- Implementation to gather information from any PC’s connected to the LAN using whois, NSlookup, Dig, Netcraft, port scanners, network scanning etc.
- Implementation of Symmetric and Asymmetric cryptography, Hashing.
- Implementation of Steganography.
- Implementation of MITM- attack using Cain/Abel.
- Implementation of DOS/DDOS attack using Hping3.
- Implementation of Windows security using firewall and other tools
- Implementation to identify web vulnerabilities, using OWASP project
- Implementation of malware analysis and Vulnerability assessment and generate the report.
- Implementation of Image Analysis and RAM dump analysis to collect the Artifacts and other information’s.
- Implementation of Cyber Forensics tools for Disk Imaging, Data acquisition, Data extraction and Data Analysis and recovery.