APPIN TECHNOLOGY LAB

APPIN PATHFINDER
3-year Undergraduate Program COURSE STRUCTURE
FIRST SEMESTER
Computer and Internet Technology C Programming Introduction to Information Security Desktop and Server Security

SECOND SEMESTER
Introduction to Java Programming Data Structures Data Security Web Security

THIRD SEMESTER
C++ Programming Data Communication and Networking Information Security Management Systems Protection from Hacking Attacks

FOURTH SEMESTER
Microsoft .Net Advanced Networking Network Security Cyber Forensics

FIFTH SEMESTER
Vulnerability Assessment and Penetration Testing Cyber Laws and IT Acts Secured Programming Cryptography

SIXTH SEMESTER EXAMINATION

Internship/ Project Work

APPIN TECHNOLOGY LAB

DETAILED COURSE CONTENT
FIRST SEMESTER
PAPER I: COMPUTER AND INTERNET TECHNOLOGY
UNIT-I The Essentials, Computer Overview, The Front of a Computer and Peripheral Devices, The Inside of a Computer, The Back of a Computer (Ports), System Bus and Expansion Cards, Memory Cache UNIT-II Computer Performance, Understanding Hardware, Central Processing Unit (CPU) Memory, Printer Basics, Types of Printers, Input/output Devices Exploring the Internet Introduction to the Internet. UNIT-III Connecting to the Internet, Displaying a Specific Web Page, Browse the Web, Search the Web, Adding a Web Page to Favorites and Changing your Home Page, Displaying a History of Visited Web Pages Saving Pictures and Files to Disk (Downloading). UNIT-IV Introduction to E-mail, Composing and Sending E-mail, Adding a Name to the Address Book, Receiving Email, Replying to a Message, Forwarding and Deleting a Message.

PAPER II: C PROGRAMMING

UNIT I C basics: C character set, Identifiers and keywords, Data types, constants, variables and arrays, declarations, expressions statements, symbolic constants, compound statements, arithmetic operators, unary operators, relational and logical operators, assignment operators, conditional operators, bit operators. C constructs: If statement, if.else statement, if..else if.else statement, while statement, do.while statement, for statement, switch statement, nested control statement, break operator, continue operator, comma operator, goto statement. UNIT II C Functions: Function: declaration, definition & scope, recursion, call by value, call by reference. Storage Classes: automatic, external (global), static & registers. Arrays: Arrays, pointers, array & pointer relationship, pointer arithmetic, dynamic memory allocation, pointer to arrays, array of pointers, pointers to functions, array of pointers to functions, Preprocessor directives: #include, #define, macros with arguments, the operators # and ##, conditional compilations, multiple file programming. UNIT III Structures: Structures, unions, structure passing to functions, bit fields, file handling [text (ascii), binary], UNIT IV Standard library functions from stdio.h, stdlib.h, conio.h, ctype.h, math.h, string.h, process.h

APPIN TECHNOLOGY LAB

PAPER: III: INTRODUCTION TO INFORMATION SECURITY
UNIT I Introduction: IT security and intrusion Combo, Essential Terminologies, Security and its nees, Aspects of Security, need for enhanced security, UNIT II Why IT is security Necessary: IT security services life cycle, Operating system basics, objectives of operating system, Services provided by operating systems. UNIT III Data communication Basics: Networking basics, Data communication, OSI/ TCP models, Cyber Threats and Issues UNIT IV An approach towards intrusion: Intrusion basics, Intrusion methodology, types of intruders, challenges. Protecting your computer: Physical security, Laptop, Desktop, network components, Software security, Protecting against Intruders, viruses, spywares, unwanted e-mails, UNIT V Software security for portable computers: Social engineering, defending against social engineers, Phishers, Protecting Password, logging on safely and securely, tips for creating secure password, keeping password secure, selecting tools, safety rules. UNIT VI Case studies, Hack reports-2000, Reports-2005 to 2009, Picture into intrusion and cyber crimes-20092010, CERT-IN reports, security tools

PAPER: IV: DESKTOP AND SERVER SECURITY

UNIT I Desktop & Server Security: Introduction, What Is Registry?, Registry Editing, Backups And Recovery, Policy, .Ini File Virtualization UNIT - II Windows 9x Operating Systems: Steps to Create Registry Values, Some Of The Examples To Change The Registry Default Settings, NT Security, Security Architecture Components UNIT - III Introduction To Securing In Nt Box: Backups, Windows Vulnerabilities And Threats, How To Determine If You Are At Risk? Use Any Vulnerability Scanner, How To Protect Against The Windows Services Vulnerabilities UNIT IV Linux Security: Introduction: Linux Based, Benefits Of Linux, How Secure Should My Linux Be?, How To Set Up A Firewall Under Linux?, Windows Vs. Linux Design, Realistic Security And Severity Metrics , Cert Vulnerability Notes Database Results

APPIN TECHNOLOGY LAB

SECOND SEMESTER
PAPER I: INTRODUCTION TO JAVA PROGRAMMING
UNIT - I Introduction to Java: Beginning of java, C to C++, Java Technology, JVN, JIT, Features of JAVA; Java language fundamentals: JAVA tokens, Data Types, Default Values, A Simple Program in Java, Tools of JDK, Operators, Statements, Loops, Arrays. UNIT - II OOPS Concepts: Classes and Object, Methods and Instance Variable, Polymorphism, Variable Hiding, Abstract classes and interfaces, Access Specifier in Java, Using Package; Exception Handling: Fundamental of Exception Handling, Types of Errors, Exception Categories, Handling Exception. UNIT - III Multi-Threading: Java Thread Modal, Thread Priorities, Synchronization, Messaging, Creating Thread, Starting the Thread, Multithreading and Context Switching; File Handling(I/O Streams): I/O Fundamentals, File Handling, Streams, Character Streams, Binary Streams UNIT - IV Collection Framework: Introduction, Benefits, Collection APIs, Creating Collection, Interfaces in Collection, SortedSet, SortedMap, Working with Map Based Collection, Map Building, The collection Algorithm; Applet and Swing: Applet Basics, Life Cycle, Simple Applet Designing, Introduction to Swing, JFC/Swing Technology UNIT - V Event Handling: What is an Event, Purpose, Delegation Model, The Event Handler Class, How to Write and Action Listener, The Action Listener API; JDBC (Java Database Connectivity): Role Of JDBC, JDBC Introduction, Architecture, Two-Tier and Three-tier Processing Models, Using the DriverManager Class, DataSource Object, JDBC-ODBC Bridge Driver, ResultSet.

PAPER II: DATA STRUCTURES

UNIT - I Arrays: Representation of single and multidimensional arrays; sparse arrays- lower and upper triangular matrices and Tri-diagonal matrices, Stacks and Queues: Introduction and primitive operations on stack; Stack application: Infix, postfix, prefix expressions; Evaluation of postfix expression; Conversion from infix to postfix. Introduction and primitive operation on queues, D-queues and priority queues. UNIT - II Lists: Introduction to linked lists; Sequential and linked lists, operations such as traversal, insertion, deletion, searching, Two way lists and Use of headers Trees: Introduction and terminology; Traversal of binary trees; Recursive algorithms for tree operations such as traversal, insertion, deletion; UNIT - III Multilevel indexing and B-Trees: Introduction: The invention of the B-tree; Statement of the problem; Indexing with binary search trees; Multilevel indexing, a better approach to tree indexes; B-trees: working up from the bottom; Example for creating a B-tree.

APPIN TECHNOLOGY LAB

UNIT - IV Sorting Techniques: Insertion sort, selection sort, merge sort, heap sort. Searching Techniques: linear search, binary search and hashing

PAPER III: DATA SECURITY

Unit - I Introduction: Overview, Data Security Management, Characteristics Of Access Security In The System, Data Security Issues And Solutions Unit - II Data Backup: Introduction, Data Backup Strategies Unit - III Cryptography: Cryptography, Strength Of The Cryptography, Goals Of Cryptography, Some Technical Terms, Types Of Cipher Text, Types Of Cryptography, Data Encryption Standard (Des), Idea: International Data Encryption Algorithm, Asymmetric Cryptography, Rsa Algorithm, Hash Functions, Digital Signatures, Digital Certification Unit - IV Stagenography: Overview, How Does It Work? , Steganography In Images, Steganography In Audio, Genetic Algorithm Approach, Steganography In Video.

PAPER IV: WEB SECURITY

UNIT - I Lan Security: Introduction to LAN, Why LAN Security is Important, LAN/WAN Components, Topology, Protocols, Threats of LAN, Inappropriate Access to LAN Resources, Disclosure of Data, Unauthorized Modification of Data and Software, Disclosure of LAN Traffic UNIT - II Network Scanning: Network Scanners, Types of Scanning, Scanning Methodology, Spoofing of LAN Traffic, Disruption of LAN Functions, Security Services and Mechanisms, Intruding MAC Address UNIT - III Firewall Security: Firewalls, Why Firewall, Working of firewall, Types of Firewall, Applications of Firewall, Advantages and Disadvantages of Firewall UNIT IV Internet Security: Introduction, Security Intrusions and Security Properties, Threats Faced on Internet, Introduction to IP Addresses, Finding IP Address of a Remote System UNIT - V Proxy Servers: Hiding Your Identity: Anonymous Surfing, Proxy Server, Why Proxying?, Working of Proxy Server, Advantages of Proxying, Disadvantage of Proxying, What is a SOCKS proxy server? UNIT - VI EMail Security: Introduction, History of E-mail, Email addresses, How E-mail Works?, Various Mail Servers, E-mail Protocols UNIT - VII Email Tracing And Spamming: Analysis of Email Headers, Email Tracking, IP Tracking using Email,

APPIN TECHNOLOGY LAB

Spamming, Ways to Prevent Spam, How to steal Data from an E-mail? UNIT - VIII Email Exchange Server Security: E-mail Exchange Server Security, Virus Protection, RPC over HTTP, Protecting front-end Servers, Keep Exchange Server up-to-date, Cyber Laws Regarding Spamming, Security Policies.

THIRD SEMESTER
PAPER I: C++ PROGRAMMING
UNIT I Introduction: Object-Oriented Approach, Relating to other paradigms (functional, data decomposition). Basic terms and ideas: Abstraction, Encapsulation, Inheritance, Polymorphism, Difference between C and C++ - cin, cout, new, delete operators. UNIT II Classes and Objects: Encapsulation, information hiding, abstract data types, Object & classes, attributes, methods, C++ class declaration, State identity and behavior of an object, UNIT III Constructors and destructors, instantiation of objects, Default parameter value, object types, C++ garbage collection, dynamic memory allocation, Metaclass/abstract classes. UNIT IV Inheritance and Polymorphism: Inheritance, multiple inheritance, Class hierarchy, derivation public, private & protected, Aggregation, composition vs classification hierarchies, UNIT V Polymorphism, Categorization of polymorphism techniques, Polymorphism by parameter, Operator overloading, Parametric polymorphism. UNIT VI Generic function template function, function name overloading. STL (Standard Template Library) . UNIT VII Files and Exception Handling: Persistant objects, Streams and files, Namespaces, Exception handling, Generic Classes.

PAPER II: DATA COMMUNICATIONS AND NETWORKING

UNIT I Basic Concepts: Components of data communication, distributed processing, standards and organizations. Line configuration, topology, transmission mode, and categories of networks. OSI and TCP/IP Models: Layers and their functions, comparison of models. Digital Transmission: Interfaces and Modems: DTE-DCE Interface, modems, cable modems. Transmission Media: Guided and unguided, Attenuation, distortion, noise, throughput, propagation speed and time, wavelength, Shannon Capacity, comparison of media

APPIN TECHNOLOGY LAB

UNIT II Data Link Layer: Multiplexing, error detection and correction: Many to one, one to many, WDM, TDM, FDM, circuit switching, packet switching and message switching. Data Link control protocols: Line discipline, flow control, error control, synchronous and asynchronous protocols, character and bit oriented protocols, Link access procedures. Point to point protocols: Transmission states, PPP layers, LCP, Authentication, NCP. ISDN: Services, historical outline, subscri bers access, ISDN, Layers, and broadband ISDN. UNIT III Devices: Repeaters, bridges, gateways, routers, The Network Layer, Design Issues, Routing Algorithms, Congestion Control Algorithms, Quality of Service, Internetworking, Network-Layer in the Internet. UNIT IV Transport and upper layers in OSI Model: Transport layer functions, connection management, Functions of session layers, Presentation layer, and Application layer.

PAPER III: ISMS

UNIT - I Introduction To Information Security Auditing: ISO 27001, History of ISO 27001, Standards and International Organization for Standardization, BS7799 / ISO 1799, ISO 27001, Domain of BS 7799-1, Improvement in ISO 27001 over BS 7799, Control objective and controls in iso 27001, Selection and Implementation of Controls, Developing and Adopting Policies, Mandatory requirements, Information security management system, Management responsibility, Management Review of the ISMS, ISMS Improvement UNIT - II Managing Security Awareness: ISMS, ISMS implementation, Management security, Managing Security Awareness, Need for Security Management, Impact of a sound Security Management System, and Security awareness usually fails, WHY? ISO 27001 certification, Role of auditors, Marketing ISO 27001 to Senior Management, Preparing for Certification, Compliance accreditation and certification, The 6-step process for Certification, Return On Investment, Where to invest first, Security Policies, Training and Awareness, System Administration, Establish Effective Security Configurations, Maintain Software, Detect Security Breaches, Respond intelligently to incidents, Security Evaluations UNIT - III Risk Assessment, Business Continity: What is Risk, What is Risk Assessment, Kind of Risk, Stage of Risk Assessment, Approaches to Risk Assessment, Qualitative Risk Assessment, Quantitative Risk Assessment, Popular methodologies for Risk Assessment, Business continuity, Business Continuity Planning UNIT - IV Disaster Management System: Disasters, Types of Disasters, Local site disasters, Site disaster encompass the whole building, Area disaster - cover the whole area/vicinity, On the basis of the cause of origin, Elements of a good Business Continuity Plan, Building a Business Continuity Plan, Assess Business Requirements, Identify the IT requirements, Building the Backup/recovery solution, Select products to match the design of the solution, Implement the solution, Keep the solution up-to-date

APPIN TECHNOLOGY LAB

UNIT - V Isms Audits And Methodology: Audit concepts, Audit fundamentals, Audit management standard, Types of Audits, Audit planning, Audit Execution, Audit reporting, Audit follow-up UNIT - VI Security Management Practices And Framework: Security Management Practices, The Big Three: CIA, Security Management Practices, Identification of Assets, Determining Value of Assets, Threats on Assets UNIT - VII Risk Management: Risk Identification, Principles of Risk Management, Safeguard Selection, Data Classification, Classification Criteria, Information Classification Procedure Assets Protection & Approving Security Changes, Monitoring Security Of the Networks UNIT - VIII Security Frameworks: What is Security, Adequate Security? What is required for Adequate Security? Aspects of Security, Framework 1 : Defense in Depth (DID) Secure Environment, Framework 2 : OCTAVE, Framework 3 : Security Risk Analysis, Framework 4 : Threat Modeling, Stride, Dread

PAPER IV: PROTECTION FROM HACKING ATTACKS

UNIT - I Info gathering and intrusions, Scanning, Fingerprinting, And Information Gathering: Daemon-Banner grabbing, Port Scanning, ICMP Scanning, Active and Passive Fingerprinting, Intruding the System, Types of intrusions, Non Technical/Social engineering Intrusion, Pretesting and Phishing Techniques. UNIT - II Technical Intrusions, DOS Ping of Death, Land intrusion, Smurf intrusion, Tear drop intrusion, Flood Intrusion, DOS Vs DDOS Intrusion, Input Validation Intrusion, SQL injection Intrusion, XSS Intrusion, Buffer Overflow Intrusion, Key logger Intrusion, Sniffing Intrusion, Other types of High Level Intrusion, Password Cracking/ Enumeration, Default password, Dictionary based intrusion, Brute force Intrusion, Art of Googling, Basic Search Techniques, Advanced Search Techniques UNIT - III Data Backup, Various Data Backup Strategies, Data Recovery, Current Issues, Intrusion Detection, Industry Issues For 2007, Mobile Threats, Spyware Protection, Types Of Spyware Compliance Auditing, Identity Management, Trends, IPv6, Smart Card, Types of Smart Card Biometrics, Application Level Protection UNIT - IV Secure Computer Physically, Physical Security, What is physical security, Protection From Facilities From Theft, Vandalism, Natural Disaster, Fire protection, Intrusion Detection & Video Monitoring, Closed Circuit Television, Role of Security Guards

APPIN TECHNOLOGY LAB

FOURTH SEMESTER
PAPER I: INTRODUCTION TO .NET
UNIT - I Introduction to .NET framework and C#: Overview, services, advantages of .NET, Architecture, CLR, compilation, Execution, Codes in C#, multi-tier application; Understanding .NET framework: Versions, assemblies, namespace, comparison with J2EEE. UNIT - II C# basics: History, features, programs, identifiers, keywords, variables, data types, Boxing, Unboxing, and Classification; OOPS concepts in C#: classes, parameters, params, inheritance, interface in C#, abstract class, polymorphism, constructors destructors. UNIT - III Arrays in C#: arrays, initialization, multidimensional, jagged arrays, array class, creating, sorting, copying array; C# operators and data types: operators, precedence, data types, conversions, loops in C#. UNIT - IV Delegates, file handling Threading: Delegates , events, Anonymous methods, file handling, stream writer, stream reader, What is thread, delegates, wait handle, background thread, thread priority, controlling threads, thread pools, deadlocks. UNIT - V Exception Handling: What is exception, try and throw, types of exceptions. Windows Forms: Controls, MDI, Button, List box, Textbox, etc, Dialog boxes. ADO .NET: What is ADO.NET, using SQL server, some IDB commands.

PAPER II: ADVANCED NETWORKING

UNIT I Introduction to networking: Constructing Data Links, Capitalizing on Ethernet, Implementing Security Best Practices; TCP/IP: The Internet Protocol (IP), Internetworking with IP Routers, Transport and Protocols: TCP and UDP, Applications and Management Protocols, Exploring Internet Services; Switches and Routers: LAN Technologies, LAN Switching, Interconnecting LANs, Routing: The Network Layer, Routing Protocols. UNIT II Network configuration and troubleshooting : Networking Overview, Connecting the Physical Layer, Building and Switching at the Data Link Layer, Wireless Networking, Integrating the Network & Transport Layers, Troubleshooting the Application Layer, Managing Your Network ; Implementing and Troubleshooting Wi-Fi Networks: The Wireless LAN Revolution, Wireless Network Fundamentals, Troubleshooting and Optimization, Planning & Deploying Large-Scale Networks, Securing the Network, Increasing Mobile Productivity; Migrating to IPv6: Current IP-Based Networks, Modernizing Networks Through IPv6, Leveraging the Address Space, Extending Functionality with ICMPv6 , Migrating from IPv4 to IPv6, Optimizing Routing with IPv6, Securing Your Enhanced Network, Maintaining IPv6 at Your Organization.

APPIN TECHNOLOGY LAB

UNIT III Installing, Managing and Troubleshooting windows XP: Installation, Configuring Devices, Managing User accounts policies, Configuring Network, Dial Up and Remote Access Services , Performance Tuning, Tools and Troubleshooting; Troubleshooting Common Desktop Application: Troubleshoot common desktop application , Like MS-Outlook, Internet Explorer, and MS-Office etc.; Implementing and maintaining Network Infrastructure: Server Windows server 2003: Intro to Windows Server 2003, Configuring Routing and remote Access Services, IP addressing and DHCP, Configure and manage DNS, Configure and Manage WINS, Secure Network traffic using IPSec & Certificates, Configure Network Access. UNIT IV Introduction to telecommunication: Introduction and Overview, Comparing Transmission Media, Mastering Basic Telephony, Modern Telephony and Video Conferencing, Voice over IP (VoIP), Signaling, Deploying Data Communications Networks, Planning Voice/Data/Video Convergence; Voice over IP: Introduction to VoIP, Applying VoIP Fundamentals, Leverage SIP for Seamless , communication, Voice Quality Engineering, Designing Networks to Carry VoIP, Delivering Quality on Real Networks; Working with Linux: Intro to Linux, Understanding basics configuring and managing Linux, Installation, Shell Commands, Shell Programming. UNIT V Implementing and maintaining Network Infrastructure: Server Red Hat Linux :Configuring Routing and remote Access Services, IP addressing and DHCP, Configure and manage DNS, Configure and Manage WINS, Secure Network traffic using IPSec & Certificates, Configure Network Access; IT Infrastructure Platforms and Applications: Web servers, Mail Servers, FTP Servers; IT Infrastructure and Administering Network Operating System:Server- Red Hat Linux: User Account management, Group Account management, Audit Accounts, Resources configuring Devices, System performance.

PAPER III: NETWORK SECURITY

UNIT - I Mobile Security: what is mobile? Architecture of Mobile Communication, Mobile Generation, Technology of Mobile Communication, Mobile Phone Standards, Protocols used in Mobile, SIM, Mobile Safeguards and Solutions UNIT - II Voice over Internet Protocol: Definition & Trends, Services, Types of VOIP, Components of VOIP, IP telephony & IP Paging, Protocols and Acronyms, Reasons for VOIP, Problems in VOIP, SKYPE, VOIP Security Scenario , How do we secure VOIP? UNIT - III Virtual Private Network Security: Introduction to VPN, Application & Requirements of VPN, VPN types, Open VPN, Models of VPN, IPSEC VPN, VPN Security Framework, VPN Security Issues, General Security Risks, SSL VPN Risks, Other VPN Threats UNIT - IV Wireless LAN: Introduction, Basics of wireless LAN, Antennas, Access Point Positioning, Rogue Access Point, Wired Equivalent Privacy, DOS, Man in Middle (MITM), Tools, Wireless Intrusion Detection, Open Source Scanning Software

APPIN TECHNOLOGY LAB

UNIT - V Router Basics: What is a router? Static and dynamic routing, Work to Router, Keeping the Messages Moving, Directing Traffic, Transmitting Packets, Knowing Where to Send Data, MAC Addresses UNIT - VI Router Security: Understanding the protocols, Tracing the message, Denial of service, Configuration of Router, Protocols on a Router, RFC 1483, Handshake Protocols, NAT (Network Address Translation), NAPT Services, ADSL Details, Trouble Shooting, Routing Table Problems, Various types of Intrusions, Securing the Routers UNIT - VII Intrusion Detection And Prevention: Introduction, Intrusion, Detection and Prevention, IDS, NEED of IDS, Components, types, What is not an IDS? Detection Methodologies, Various tools available, Limitations of IDS, intrusion prevention system, types, network based IPS, Counter Measures taken by an IPS, Risks involved UNIT - VIII Access Control System: Introduction: What is Access Control, Access Control in Physical Security, Access Control in Information Security, Need of an Access Control System, Some Concepts Related to Access Control, Policies, Models, and Mechanisms, Discretionary Access CONTROL (DAC), Non-Discretionary Access Control, Mandatory Access Control (MAC), Role-Based Access Control, Temporal Constraints, Workflow, Chinese Wall, Access Control Management Introduction

PAPER IV: CYBER FORENSICS

UNIT I Basics of cyber forensics: need, illegal activities, principles of cyber forensics, Cyber crimes, where and when is it used, Cyber Law: Introduction, need, IT ACT, 2000, digital signatures, E-Governance, IT act2008, Legal Perspective: searching for and seizing informations, introduction, information as contraband, instrumentally, information as evidence, priveledge confidential information, searching for information, UNIT II Crime investigation methodology: Steps in investigation, identification, collection or extraction, preservation, interpretation, analysis, communication, procedures. Concpt of file system and hard disks: intro, hard disk, types, windows encryption file system, FAT, FAT 32, NTFS, windos boot up process, windows based forensics, tools, Crime SCENE Management: Overview, maaning of crime scene investigation, Some incident response tools. UNIT III Digital Evidences: Introduction, Digital Evidence, Types of Digital Evidence, What is Digital Forensics?, How to Identify Digital Evidence, How to treat digital evidences, Software Tools Data Imaging and Imaging Forensics:Imaging, Image Analysis, Image Running Tools, Restore Access to EFS-Encrypted Files:Case Studies, Why Encrypted Files Become Inaccessible, Recovering Encrypted Files, Instant Access,; Steganography: Learning Objectives, Requirements, Background Information, Uses of steganography, Steganalysis. LIMITATIONS IN STEGANALYSIS, Steganographic Techniques, Steganography vs. Cryptography, Steganography Applications, Steganalysis Tools

APPIN TECHNOLOGY LAB

UNIT IV Recovering of Deleted Files and deleted partitions: Recycle Bin, Recover deleted files in Windows XP or Vista, Recovering deleted files from Deleted Partition, Introduction to mobile and PDA forensics, Forensic Tools, Handset Tools, PDA Forensic, FORENSICS with PDA, Password Cracking, Brute Force Intrusion, Dictionary intrusion, RAR Password Crackers, Password Guessing, CMOS Level Password Cracking, PDF Password Crackers, Password Cracking Tools, Common Recommendations for Improving Password Security, Standard Password Advice. UNIT- V Network Intrusions Investigation: Sniffer, Network Addressing Schemes, Tool: Tcpdump, Network Sniffer, HTTP Sniffer, EtherDetect Packet Sniffer, Ethereal, Honey Pot Log, Honey Net Log, Web Application Intrusions Investigation, Vulnerability of web services, Vulnerabilities, Web Application Intrusions ,SQL Injection Intrusion, Price Manipulation, Cross-Site Scripting, Other Web Application Intrusion, Web Application Forensic, Tools, Digital Storage Devices, Magnetic Tape, Floppy Disk, Compact Disk, etc, Flash Memory, Secure Digital memory Card, Compact Flash (CF) Memory Card, Memory Stick (MS) Memory Card, Multi Media Memory Card (MMC), xD-Picture Card (xD) UNIT VI Trademark and Copyright Infringement Issue: Introduction, Trademark, Copyright, Patent, Copyright Infringement, Report Generation, Importance of reports, REPORT PREPARATION, Stages of Report Preparation, Gathering the Data, Analyzing and Sorting the Results, Outlining the Report, Case Studies and references

FIFTH SEMESTER
PAPER I: VAPT
UNIT - I Introduction: Important Technical Terms, Information Gathering, Scanning and fingerprinting UNIT - II Vulnerability Assessment: Vulnerabilities, Vulnerability Assessment, Approach to Data Security, Protective Measures, Method UNIT - III Footprinting: Introduction, VA - Right Tools To Protect Your Critical Data, Types of vulnerability Assessment, The Challenges of Vulnerability Assessments, Appin Tool For Vulnerability Assessment, Tools for VA UNIT - IV Penetration Testing: Introduction and methodology, Types of Penetration Tests, Methodology Penetration Testing Approach, Penetration Testing vs. Vulnerability Assessment UNIT - V Identifying The Vulnerability: How Vulnerabilities Are Identified, Sample Penetration Testing Report, Security services, Security Services Management Tools, Firewall

APPIN TECHNOLOGY LAB

UNIT - VI Vulnerability Scanning: Scanning, Types of Vulnerability Scanning, Mannual Vulnerability Scanning, Automated Vulnerability Scanning, An approach to vulnerability scanning UNIT - VII Exploiting Vulnerability: Password Cracking and Brute forcing, Denial of Service (DOS) Testing, Penetration Testing Tools, Escalation of Privileges UNIT - VIII Advance Exploits: Creating Backdoors, Gathering remote shell automatically, Automatic VNC injection, Gathering Remote Desktop, Hash Dumping

PAPER II: CYBER LAWS

UNIT - I Introduction: Consumers & Cyberspace, Cyber stalking, Terrorism and Cybercrime, Crime: Meaning & Concept, Rights and liability, Offences UNIT - II Cyber Law - International Perspective: US Federal Act, Importance of trust and security on cyber-space, General Laws and Procedures, Overview of IT Law, Data Protection Act, UK, Privacy Law UNIT - III Fundamentals Of Cyber Laws: Jurisprudence of Cyber Law in Indian context, Cyber laws in India, The main scope and development of cyber-laws enforcement mechanisms UNIT - IV E-Commerce & E-Governance Role: E-commerce, Introduction, Features, E- Governance, Cyber law Issues, E-Business Management, Impediments in Implementing E-Governance Projects from Legal Perspective, E- Courts, E-Contract, The Law of Contract, Construction of Electronic contracts, Issues of security, Digital Signatures and certificates, Digital evidence UNIT - V Cyber Crime And Digital Evidence The Indian Perspective: The Information Technology Act, 2000, Introduction & application, Penalties & Offences, IT act 2008(Amendments), The Reserve Bank of India Act, 1934, Cyber Theft and the Indian Telegraph Act, 1885, Negotiable Instrument Act, 1881 UNIT - VI Intellectual Property Issues In Cyber Space: IP Infringement, Copyright and Patent, Cyber Squatting, Copyright on Web Content, Copyright on Software, Patent Issues in Cyber Space UNIT - VII Issues: Compliance And Standardization: Issues in IT Industry, Cyber Law for Information Security in IT industries, Cyber Ethics UNIT - VIII Case Studies: Latest Cyber crime cases, Need for Taking Steps Ahead, Summary

APPIN TECHNOLOGY LAB

PAPER III: SECURED PROGRAMMING
UNIT - I Overview Of Threats And Risks: Physical threats, Electronic threats, The Threat Equation, Handling risks in software UNIT - II Secure Programming Concepts And Principles: Designing for security, Threat modeling, decompose a system, develop and use Threat Trees, Efforts for protecting information?, Why deploying redundant security measures is appropriate (practicing "defense in depth"), Planning of code failure in a secure manner, Executing code with minimum rights (the principle of "least privilege"), Does security though hiding implementation details work ("security through obscurity")?, Remaining alert and staying aware UNIT - III Secure Programming Issues And Techniques: Implementing authentication username/password, biometrics, Digital Certificates, Commonly used systems such as X.509 Certificate Authentication, Kerberos, Microsoft Passport, etc., Authorization, Using Access Control Lists (ACLs), Implementing encryption, Using auditing in applications, Denial of service and techniques for increasing availability UNIT - IV Stride Model: Spoofing Identity, Tempering With Data, Repudiation, Information Disclosure, Denial of Service, Escalation of Privileges UNIT - V Common Methods Of Intrusion And How To Prevent Them: Buffer overflows, protecting against buffer overflows, Avoiding dangerous calls, Malicious input, Input issues and trust boundaries, Treating all input as malicious and always validating it, Race conditions, Avoiding deadlocks, Avoiding TOCTOU (Time of Change/Time of Use) race conditions, Remedies, Spoofing, Spoofing types and defenses UNIT - VI Security Testing: Fundamental differences from functional testing, The most common security flaws, Using code coverage as a metric, Using threat coverage as a metric, How to assess the vulnerability of your system, How to assess the vulnerability of your own code, How to assess the vulnerability of commercial products such as databases, communication packages, server software, operating systems UNIT - VII C Secured Programming: Introduction, General Types of Intrusions can be possible, Architectural Principle, Design Ideas, Language Specific Tips UNIT - VIII C++ Secured Programming: Introduction, General Types of intrusions can be possible, Architectural Principle, Design Ideas, Language Specific Tips, and Source Level Security Auditing Tools

PAPER IV: CRYPTOGRAPHY

UNIT - I Introduction: Essentials of Cryptography, Balancing Crypto Use with Your Objectives, Essentials of Networking and Internet, Protocol Layers and Network, Products, Internet Technology, Internet Protocols in Your Host, Internet Security Problem, Internet Rogue's Gallery, Cryptographic Techniques, Classical Crypto Techniques, Modern Crypto Techniques, Legal Restrictions

APPIN TECHNOLOGY LAB

UNIT II Encryption Basics: Encryption Building Blocks, Stream Ciphers, Block Ciphers, How Crypto Systems Fail, Cryptanalysis and Modern Codes, Brute Force Cracking of Secret Keys, Intrusions on Improper Crypto Use, Choosing Between Strong and Weak Crypto, Properties of Good Crypto Algorithms, Crypto Algorithms, Selecting a Block Cipher Mode, Identifying a Safe Key Length, Levels of Risk for Different Applications UNIT - III Link Encryption: Security Objectives, Product Example: In-line Encryptor, Red/Black Separation, Crypto Algorithm and Keying, Encryptor Vulnerabilities, Product Security Requirements, Key Recovery and Escrowed Encryption UNIT - IV Management Of Secret Keys: Basic Issues in Secret Key Management, Technology: Random Key Generation, Random Seeding, Pseudorandom Number Generators, Technical Security Requirements, Key Distribution Centers (KDCs), Maintaining Keys and System Security UNIT - V Security at the IP Layer: Basic Issues with Using IPSEC, Technology: Cryptographic Checksums, One-way Hash Functions, Technical Security Requirements, IPSEC: IP Security Protocol, IPSEC Authentication, IPSEC Encryption, IPSEC Key Management, Other TCP/IP Network Security Protocols UNIT - VI Public Key Cryptography And SSL: Public Key Cryptography, Evolution of Public Key Crypto, DiffieHellman Public Key Technique, Brute Force Intrusions on RSA, Other RSA Vulnerabilities, Technical Security Requirements, Technology: Secret Key Exchange with RSA Crypto, Intruding Public Key Distribution, Public Key versus Secret Key Exchange, Technical Security Requirements, Secure Sockets Layer (SSL), Other SSL Properties, Basic Intrusions Against SSL, SSL Security Evolution UNIT - VII Secured Electronic Mail: E-Mail Security, Basics of Internet Electronic Mail, Internet E-Mail Software Architecture, E-Mail Security Problems, Technology: Off-line Message Keying, Encryption Tokens, Technical Security Requirements, Technology: Digital Signatures, Intrusions on Digital Signatures, The Digital Signature Standard, Technical Security Requirements, E-Mail Deployment UNIT - VIII Public Key Certificates: Security Objectives, Distributing Public Keys, Technology: Public Key Certificates, Generating Public Key Pairs, Certificate Revocation, Certification Authority Workstation, Technical Security Requirements, Certificate Distribution, Transparent Distribution, Interactive Distribution, Centralized Certification Authority, Netscape Server Authentication, Handling Multiple Certification Authorities, Hierarchical Certification Authority, PEM Internet Certification Hierarchy, Private Trees, PGP "Web of Trust"

SIXTH SEMESTER
INTERNSHIP/PROJECT WORK