Syllabus - Cryptography and Network Security (CSIT-604 (A))

Introduction to Network Security, Computer Security and Cyber Security

Security Terminologies and Principle, Security Threats, Types of attacks (Operating System, application level, Shrink Wrap code, Misconfiguration attacks etc.). Introduction to Intrusion, Terminologies, Intrusion Detection System (IDS), Types of Intrusion Detection Systems, System Integrity Verifiers (SIVS).Indication of Intrusion: System Indications, File System Indications Network Indications. Intrusion Detection Tools ,Post attack IDS Measures & Evading IDS Systems. Penetration Testing, Categories of security assessments, Vulnerability Assessment, Types of Penetration Testing. Risk Management.

Cryptography, Classical Cryptographic Techniques, Encryption, Decryption, Code Breaking: Methodologies, Cryptanalysis, Cryptography Attacks, Brute-Force Attack, Use of Cryptography. Public key cryptography, Principles of Public key Cryptosystems, Cryptographic Algorithms RSA, Data Encryption Standard (DES), RC4, RC5, RC6, Blowfish, Key Management, Diffie-Hellman key exchange, elliptic curve cryptography.

Hash Functions, One-way Hash Functions, SHA (Secure Hash Algorithm), Authentication Requirements, Authentication Functions, Kerberos. Message Authentication codes, Message Digest Functions, MD5, SSL (Secure Sockets Layer), SSH (Secure Shell), Algorithms and Security, Disk Encryption, Government Access to Keys (GAK) Digital Signature: Analysis, Components, Method, Applications, Standard, Algorithm: Signature Generation/Verification, ECDSA, EIgamal Signature Scheme, Digital Certificates.

Trojans and Backdoors: Overt and Covert Channels, Working, Types (Remote Access Trojans, Data-Sending Trojans, Destructive Trojans, Trojans, Proxy Trojans, FTP Trojans, Security Software Disablers). Viruses and Worms: Characteristics, Working, Infection Phase, Attack Phase. Sniffers: Definition, spoofing, Sniffing, Vulnerable Protocols, Types.Phishing: Methods, Process, Attacks Types (Man-in-the-Middle Attacks, URL Obfuscation Attacks, Hidden Attacks, Client-side Vulnerabilities, Deceptive Phishing, Malware-Based Phishing, DNS Based Phishing, Content-Injection Phishing, Search Engine Phishing). Web Application Security- Secured authentication mechanism, secured session management, Cross-site Scripting, SQL Injection and other vulnerabilities Denial-of Service Attacks: Types of Attacks (Smurf Attack, Buffer Overflow Attack, Ping of Death Attack, Teardrop Attack, SYN Attack, SYN Flooding), DDoS Attack(Distributed DoS Attack.), Session Hijacking, Spoofing v Hijacking, TCP/IP hijacking, CAPTCHA Protection.

IP Security, Web Security, Firewalls: Types, Operation, Design Principles, Trusted Systems. Computer Forensics, Need, Objectives,Stages & Steps of Forensic Investigation in Tracking Cyber Criminals, Incident Handling. Hacking, Classes of Hacker (Black hats, grey hats, white hats, suicide hackers), Footprinting, Scanning (Types-Port, Network, Vulnerability), E-Mail Spiders, Overview of System Hacking Cycle.