APPIN TECHNOLOGY LAB

APPIN MASTERS 2 Year Post-Graduate Program

Detailed course content

SEMESTER I S. NO. 1 2 3 4 Subject Introduction to Information Security Operating Systems C/C++ Programming Networking S. NO. 1 2 3 4 5 Subject Vulnerability Assessment & Penetration Testing Cyber forensics Data Structure Cyber Laws Computer and Internet Fundamentals SEMESTER II

SEMESTER III S. NO. 1 2 3 4 5 SUBJECTS Data Security Web Security Network Security Desktop and Server Security Protection from Hacking Attacks S. NO. 1 2 3 4 SUBJECTS

SEMESTER IV

Information Security management Systems Secured Programming DBMS Project Work

APPIN TECHNOLOGY LAB

FIRST SEMESTER
INTRODUCTION TO INFORMATION SECURITY
UNIT I Introduction: Introduction to Data, Information, Knowledge, and Intelligence, Operating System Basics, DBMS Basics, Data Communication Basics, Basics of Computer networking, OSI model, TCP/IP protocol suit, Networking devices. Security and its need, Cyber Threats. UNIT II Desktop & Server Security: Windows Security, Registries, Ports and Services, Vulnerabilities in Windows, Intrusion into Windows, Counter Measure & Securing Windows, How to look for vulnerability? Deleted file recovery, Introduction to LINUX. UNIT III Malwares: Malwares, VIRUS & Worm, Spy ware, Trojan, Bots, Logic Bomb, Counter Measures- Ant viruses, Anti Spy Ware UNIT IV LAN Security: LAN Security, Setting up a LAN Network, Threats of LAN, Intruding MAC Address, Network Scanners, Introduction to Wi-Fi LAN Security. Firewall Security: Introduction to Firewalls, Working of a Firewall, Types of Firewall, Firewall Application, Network Address Translation, Intrusion Detection, Logging, Port Filtering UNIT V Art of Googling: Terminologies, Basic Search Techniques, Advanced Search Techniques, Data Backup: Introduction, Various Data Backup Strategies. REFERENCE BOOKS: 1. Edward Halibozek, Robert Fischer, Introduction To Security, Author:, Apr 2008, David Walters, Butterworth-heinemann. 2. Philip P. Purpura, Security: An Introduction, Mar 2010, Crc Press. 3. Khare, Information Security, 2006-10-01, Bpb. 4. Mark Merkow, James Breithaupt; Information Security : Principles And Practices, 01/01/2007, Pearson 5. Niit, Information Security: An Overview, 2004, Phi Learning Pvt. Ltd

APPIN TECHNOLOGY LAB

OPERATING SYSTEMS AND BUSINESS PROCESSING
UNIT I Introduction, What is an Operating System, Simple Batch Systems, Multiprogrammed Batches systems, Time-Sharing Systems, Personal-computer systems, Parallel systems, Distributed Systems, Real-Time Systems. UNIT II Memory Management: Background, Logical versus Physical Address space, swapping, Contiguous allocation, Paging, Segmentation Virtual Memory: Demand Paging, Page Replacement, Page-replacement Algorithms, Performance of Demand Paging, Allocation of Frames, Thrashing, Other Considerations UNIT III Processes: Process Concept, Process Scheduling, Operation on Processes CPU Scheduling: Basic Concepts, Scheduling Criteria, Scheduling Algorithms, Multiple-Processor Scheduling, Process Synchronization: Background, The Critical-Section Problem, Synchronization Hardware, Semaphores, Classical Problems of Synchronization UNIT IV Deadlocks: System Model, Deadlock Characterization, Methods for Handling Deadlocks, Deadlock Prevention, Deadlock Avoidance, Deadlock Detection, Recovery from Deadlock, Device Management: Techniques for Device Management, Dedicated Devices, Shared Devices, Virtual Devices; Input or Output Devices, Storage Devices, Buffering, Secondary-Storage Structure: Disk Structure, Disk Scheduling, Disk Management, Swap-Space Management, Disk Reliability UNIT V Information Management: Introduction, A Simple File System, General Model of a File System, Symbolic File System, Basic File System, Access Control Verification, Logical File System, Physical File System File System Interface: File Concept, Access Methods, Directory Structure, Protection, And Consistency Semantics File-System Implementation: File-System Structure, Allocation Methods, And Free-Space Management REFERENCE BOOKS: 1. 2. 3. 4. Silbersachatz and Galvin, Operating System Concepts, Pearson, 5th Ed., 2001 Madnick E., Donovan J., Operating Systems, Tata McGraw Hill, 2001 Tannenbaum, Operating Systems, PHI, 4th Edition, 2000 Shubhi Lall, Franklin S, Operating Systems & Business Data Processing, 2005, University Book House (p) Ltd. 5. Silberschatz, Galvin, Gagne, Operating System Concepts,8Th Ed, International Student Version, 2010, Wiley India Pvt Ltd

APPIN TECHNOLOGY LAB

C/C++ PROGRAMMING
UNIT I C basics: C character set, Identifiers and keywords, Data types, constants, variables and arrays, declarations, expressions statements, symbolic constants, compound statements, arithmetic operators, unary operators, relational and logical operators, assignment operators, conditional operators, bit operators. C constructs, loops, switch statement, nested control statement, break operator, continue operator, comma operator, goto statement. UNIT II C Functions: declaration, definition & scope, recursion, call by value, call by reference. Storage Classes: automatic, external (global), static & registers. Arrays, pointers, array & pointer relationship, pointer arithmetic, dynamic memory allocation, pointer to arrays, array of pointers, pointers to functions, array of pointers to functions, Preprocessor directives. Structures: Structures, unions, structure passing to functions, bit fields, file handling [text (ascii), binary], Standard library functions from stdio.h, stdlib.h, conio.h, ctype.h, math.h, string.h, process.h UNIT III Introduction: Object-Oriented Approach, Relating to other paradigms (functional, data decomposition). Basic terms and ideas: Abstraction, Encapsulation, Inheritance, Polymorphism, Difference between C and C++ - cin, cout, new, delete operators. Classes and Objects: Encapsulation, information hiding, abstract data types, Object & classes, attributes, methods, C++ class declaration, State identity and behavior of an object, Constructors and destructors, instantiation of objects, Default parameter value, object types, C++ garbage collection, dynamic memory allocation, Metaclass/abstract classes. UNIT IV Inheritance and Polymorphism: Inheritance, multiple inheritance , Class hierarchy, derivation public, private & protected, Aggregation, composition vs classification hierarchies, Polymorphism, Categorization of polymorphism techniques, Polymorphism by parameter, Operator overloading, Parametric polymorphism. UNIT V Generic function template function, function name overloading. STL(Standard Template Library) . Files and Exception Handling: Persistant objects, Streams and files, Namespaces, Exception handling, Generic Classes. REFERENCE BOOKS: 1. 2. 3. 4. 5. E. BalaGuruswamy, Programming in ANSI C, TMH, Latest Edition. Al Kelly and Ira Pohl, A Book on C, (4th Ed.), Addison Wesley, Latest Edition. B. Kernighan and D. Ritchie, The ANSI C Programming Language, 2000, PHI. Steven C. Lawlor, The Art of Programming Computer Science with C++, Vikas Publication. Schildt Herbert, C++: The Complete Reference, 4th Ed., 1999, Tata McGraw Hill.

APPIN TECHNOLOGY LAB

NETWORKING
UNIT I Devices: Repeaters, bridges, gateways, routers, The Network Layer, Design Issues, Routing Algorithms, Congestion Control Algorithms, Quality of Service, Internetworking, Network-Layer in the Internet. Transport and Upper Layers in OSI Model: Transport layer functions, connection management, Functions of session layers, Presentation layer, and Application layer. UNIT II The Internet Protocol (IP): Introduction to IP, IP Packet Format, IP Address Classes, Transmission Control Protocol, Subnetting & CIDR IP Routing: Introduction to hardware & software related to IP routing, Routing information Protocol, Enhanced Interior Routing Protocol, Open Shortest Path First UNIT III Switching & Bridging: Introduction of Switching & Bridging, STP & LAN Switch Types, VLAN - Virtual LAN, Flexibility and Scalability UNIT IV Wide Area Network: Understanding WAN fundamentals, Understanding Tunneling Protocol & FrameRelay Fundamentals, VPN - Virtual Private Network, NAT - Network Address Translation UNIT V Network Configuration and Troubleshooting: Networking Introduction, LAN Switching, Wireless Networking, Managing your network connections, Network Configuration and Troubleshooting : Layer by Layer Troubleshooting with a Cisco Router, Router Troubleshooting at OSI Layers. REFERENCE BOOKS: 1. 2. 3. 4. 5. D. E. Comer, Internetworking with TCP/IP, 2001, Pearson Education Asia, Forouzan, Data Communications & Networking (SIE), 2009, Tata Mgraw Hill Al Anderson, Head First Networking, 2009, Ryan Benedetti, Shroff/o'reilly Craig Zacker, Networking: The Complete Reference, 2001, Tata Mgraw Hill Balvir Singh, Networking, 2009, Firewall

APPIN TECHNOLOGY LAB

SECOND SEMESTER
VULNERABILITY ASSESSMENT & PENETRATION TESTING
UNIT I INTRODUCTION: Important Technical Terms, Information Gathering, Scanning and fingerprinting VULNERABILITY ASSESSMENT: Vulnerabilities, Vulnerability Assessment, Approach to Data Security, Protective Measures, Method UNIT II FOOTPRINTING: Introduction, VA - Right Tools To Protect Your Critical Data, Types of vulnerability Assessment, The Challenges of Vulnerability Assessments, Appin Tool For Vulnerability Assessment, Tools for VA UNIT III PENETRATION TESTING: Introduction and methodology, Types of Penetration Tests, Methodology Penetration Testing Approach, Penetration Testing vs. Vulnerability Assessment UNIT IV IDENTIFYING THE VULNERABILITY: How Vulnerabilities Are Identified, Sample Penetration Testing Report, Security services, Security Services Management Tools, Firewall VULNERABILITY SCANNING: Scanning, Types of Vulnerability Scanning, Mannual Vulnerability Scanning, Automated Vulnerability Scanning, An approach to vulnerability scanning UNIT V EXPLOITING VULNERABILITY: Password Cracking and Brute forcing, Denial of Service (DOS) Testing, Penetration Testing Tools, Escalation of Privileges, ADVANCE EXPLOITS: Creating Backdoors, Gathering remote shell automatically, Automatic VNC injection, Gathering Remote Desktop, Hash Dumping REFERENCE BOOKS: 1. Thomas R. Peltier, John A. Blackley, Justin Peltier, Managing A Network Vulnerability Assessment, Jan 2003, Auerbach Publications. 2. Ec-council, Security and Vulnerability Assessment [With Access Code], Apr 2010, Course Technology. 3. Institute Of Civil Engineers, Of Civil E Institute of Civil, Penetration Testing, Dec 1989, American Society Of Civil Engineers. 4. Alfred Basta, Wolf Halton , Computer Security And Penetration Testing, Aug 2007, Delmar 5. Frederic P. Miller, Agnes F. Vandome, John Mcbrewster, Penetration Test, Paperback, Alphascript Publishing

APPIN TECHNOLOGY LAB

CYBER FORENSICS
UNIT I CYBER FORENSIC: Basic of cyber Forensic, Introduction, Definition, Need Of Cyber Forensic, Principles of cyber forensic, Cyber Crimes, Where and when do you use Cyber Forensics UNIT II CYBER INVESTIGATION METHODOLOGY: Introduction to Cyber Investigation, Investigation, Issues involved in investigations, How to secure your investigations, Steps for cyber investigation, Identication-documentation, Collection or extraction-documentation, Preservation-documentation, Interpretation or analysis-documentation, Communication Procedures for Computer Evidence Seizure UNIT III CONCEPT OF FILE SYSTEMS AND HARD DISKS: Types of Hard Disk Interfaces, EFS Key, FAT vs. NTFS, Windows Boot Process (XP/2003), and Windows based Forensic, Linux based Forensic, Basic Forensics Tools. DIGITAL EVIDENCES: What is Digital Evidences, How to identify digital evidence, How to treat digital evidences, How to secure digital evidence, Evidence acquisition and Documentation, DATA IMAGING AND IMAGING FORENSICS: Computer hard disk imaging, Terminology, Removable disks like pen drives, CD/DVD, Removable hard disks, advanced techniques of data imaging, First Response Kit. UNIT IV RECOVERING OF DELETED FILES AND DELETED PARTITIONS: Recovering deleted files from computer, Deleting Files, Files deleted into windows, Storage locations of recycle bin in NTFS and FAT system, Recycle Bin Working, Damaged files in recycled folder, Recovering encrypted files (Decryption) e.g (MS Office, Rar, etc.), Tools to recover deleted files, Recovering deleted files from Deleted Partition, Recovering Deleted partitions, Deletion of partitions, Recovery of deleted partitions, Tools UNIT V NETWORK INTRUSION INVESTIGATION: Network Addressing Schemes, Sniffer, Tool: Tcpdump, Network Sniffer, HTTP Sniffer, Ether Detect Packet Sniffer, Ethereal, IDS/IPS Log, Honey Pot Log, Honey Net Log web application intrusion investigation: Types of Web Intrusions, SQL Injection Attack, Cross-Site Scripting (XSS), Other Web Application Attack, Tools for Investigation, Case Studies and references REFERENCE BOOKS: 1. Jerry Hatchett, Computer Forensics: A Real World Guide, Jul 2009, Auerbach Publications. 2. John R. Vacca, Computer Forensics: Computer Crime Scene Investigation, 2009, Firewall. 3. Linda Volonino, Reynaldo Anzaldua, Jana Godwin, Computer Forensics: Principles And Practices, Aug 2006, Prentice Hall 4. Irons, Andersen, Laing, Computer Forensics, Cl Emea Higher Education Warren G. Kruse, Jay G. Heiser, Computer Forensics: Incident Response Essentials, Sep 2001, Addison-wesley Professional.

APPIN TECHNOLOGY LAB

DATA STRUCTURES
UNIT-I ARRAYS: Representation of single and multidimensional arrays; sparse arrays- lower and upper triangular matrices and Tri-diagonal matrices, UNIT-II STACKS AND QUEUES: Introduction and primitive operations on stack; Stack application: Infix, postfix, prefix expressions; Evaluation of postfix expression; Conversion from infix to postfix. Introduction and primitive operation on queues, D-queues and priority queues. UNIT-III LISTS: Introduction to linked lists; Sequential and linked lists, operations such as traversal, insertion, deletion, searching, Two way lists and Use of headers Trees: Introduction and terminology; Traversal of binary trees; Recursive algorithms for tree operations such as traversal, insertion, deletion; UNIT-IV MULTILEVEL INDEXING AND B-TREES: Introduction: The invention of the B-tree; Statement of the problem; Indexing with binary search trees; Multilevel indexing, a better approach to tree indexes; Btrees: working up from the bottom; Example for creating a B-tree. UNIT-V SORTING TECHNIQUES: Insertion sort, selection sort, merge sort, heap sort. Searching Techniques: linear search, binary search and hashing REFERENCE BOOKS:

1. Lipschutz S, Data Structures (Special Indian Edition) (Schaum S Outline Series), 2008, Mcgraw-hill 2. 3. 4. 5.
Education (india) Ltd. Yashavant Kanetkar, Written Test Questions In Data Structures, 2010-01-11, BPB Publications. Debasis Samanta, Classic Data Structures, 2009, Phi Learning. Alfred V. Aho, Jeffrey D. Ullman, John E. Hopcroft, Data Structures And Algorithms, 01/01/1983, Pearson. Wirth, Niklaus, Algorithms + Data Structures = Programs 2009, Phi Learning.

APPIN TECHNOLOGY LAB

CYBER LAWS IN BUSINESS GROWTH
UNIT I INTRODUCTION: Consumers & Cyberspace, Cyber stalking, Terrorism and Cybercrime, Crime: Meaning & Concept, Rights and liability, Offences UNIT II CYBER LAW - INTERNATIONAL PERSPECTIVE: US Federal Act, Importance of trust and security on cyberspace, General Laws and Procedures, Overview of IT Law, Data Protection Act, UK, Privacy Law FUNDAMENTALS OF CYBER LAWS: Jurisprudence of Cyber Law in Indian context, Cyber laws in India, The main scope and development of cyber-laws enforcement mechanisms UNIT III E-COMMERCE & E-GOVERNANCE ROLE: E-commerce, Introduction, Features, E- Governance, Cyber law Issues, E-Business Management, Impediments in Implementing E-Governance Projects from Legal Perspective, E- Courts, E-Contract, The Law of Contract, Construction of Electronic contracts, Issues of security, Digital Signatures and certificates, Digital evidence UNIT IV CYBER CRIME AND DIGITAL EVIDENCE THE INDIAN PERSPECTIVE: The Information Technology Act, 2000, Introduction & application, Penalties & Offences, IT act 2008(Amendments), The Reserve Bank of India Act, 1934, Cyber Theft and the Indian Telegraph Act, 1885, Negotiable Instrument Act, 1881 UNIT V INTELLECTUAL PROPERTY ISSUES IN CYBER SPACE: IP Infringement, Copyright and Patent, Cyber Squatting, Copyright on Web Content, Copyright on Software, Patent Issues in Cyber Space, ISSUES: COMPLIANCE AND STANDARDIZATION: Issues in IT Industry, Cyber Law for Information Security in IT industries, Cyber Ethics, CASE STUDIES: Latest Cyber crime cases, Need for Taking Steps Ahead, Summary REFERENCE BOOKS: 1. 2. 3. 4. 5. Tabraz Ahmad, Cyber Laws E-Commerce and M-Commerce, 2009, Aph Publishing Corporation. Yatindra Singh, Cyber Laws, 2003, Universal Law Publishing Co. P Ltd. L K Thakur, Asit Narayan, Internet Marketing, E-Commerce and Cyber Laws, 2000, Authorspress. C K Punia, Cyber Laws, 2009, Sumit Enterprises V. D. Dudeja, Information Technology And Cyber Laws, 2001, Commonwealth Publishers

APPIN TECHNOLOGY LAB

COMPUTER AND INTERNET FUNDAMENTALS FOR MANAGERS
UNIT I THE ESSENTIALS: Computer Overview, the Front of a Computer and Peripheral Devices, the Inside of a Computer, the Back of a Computer (Ports), System Bus and Expansion Cards, Memory Cache UNIT II COMPUTER PERFORMANCE: Understanding Hardware, Central Processing Unit (CPU) Memory, Printer Basics, Types of Printers, Input/output Devices Exploring the Internet Introduction to the Internet. UNIT III CONNECTING TO THE INTERNET: Displaying a Specific Web Page, Browse the Web, Search the Web, Adding a Web Page to Favorites and Changing your Home Page, Displaying a History of Visited Web Pages Saving Pictures and Files to Disk (Downloading). UNIT IV HARDWARE: Computer hardware, fundamentals, parts, some components of hardware in details, output/input devices, computer components, etc. UNIT V INTRODUCTION TO E-MAIL: Composing and Sending E-mail, Adding a Name to the Address Book, Receiving E-mail, Replying to a Message, Forwarding and Deleting a Message. REFERENCE BOOKS: 1. Sinha , Computer Fundamentals -4th Edition, 2003, Bpb. 2. Shovan Lal Kundu, Foundation Of Programming With BASIC & Computer Fundamentals, 2001, Macmillan Publishers India 3. Rohit Khurana, Computer Fundamentals and Internet Basics, 2010. 4. Computer Fundamentals And Information Technology Ramesh Bangia, 2008, Firewall 5. Ms. S. N. Akhter, Computer Fundamentals (Concepts Systems Applications) Publishing Date: 2007, Shree Niwas Publications.

APPIN TECHNOLOGY LAB

THIRD SEMESTER
DATA SECURITY IN BUSINESS
UNIT I Introduction: Overview, Data Security Management, Characteristics Of Access Security In The System, Data Security Issues And Solutions UNIT II Data Backup: Introduction, Data Backup Strategies UNIT III Cryptography: Cryptography, Strength Of The Cryptography, Goals Of Cryptography, Some Technical Terms, Types Of Cipher Text, Types Of Cryptography, UNIT IV Data Encryption Standard (Des), Idea: International Data Encryption Algorithm, Asymmetric Cryptography, Rsa Algorithm, Hash Functions, Digital Signatures, Digital Certification UNIT V Stagenography: Overview, How Does It Work?Steganography In Images, Steganography In Audio, Genetic Algorithm Approach, Steganography In Video REFERENCE BOOKS: 1. Paulus R. Wayleith, Data Security: Laws and Safeguards, 2008, Nova Science Publishers Inc. 2. LIC Books, Data Security: Information Security, Biometric Passport, Backup, Database Audit, Data Remanence, Firewall, Drivesavers, Data Erasure, May 2010, Books Llc 3. Terry Bernstein, Anish B. Bhimani, Eugene Schultz, Carol A. Siegel, Internet Security For Business, 1996-07-23, John Wiley & Sons 4. Ivan B. Damgard, Lectures On Data Security: Modern Cryptology In Theory And Practice,Apr 1999, Springer-verlag. 5. Rita Tehan, Data Security Breaches: Context And Incident Summaries, Aug 2008, Nova Science Publishers.

APPIN TECHNOLOGY LAB

WEB SECURITY
UNIT I LAN SECURITY: Introduction to LAN, Why LAN Security is Important, LAN/WAN Components, Topology, Protocols, Threats of LAN, Inappropriate Access to LAN Resources, Disclosure of Data, Unauthorized Modification of Data and Software, Disclosure of LAN Traffic. UNIT II NETWORK SCANNING: Network Scanners, Types of Scanning, Scanning Methodology, Spoofing of LAN Traffic, Disruption of LAN Functions, Security Services and Mechanisms, Intruding MAC Address. FIREWALL SECURITY: Firewalls, Why Firewall, Working of firewall, Types of Firewall, Applications of Firewall, Advantages and Disadvantages of Firewall. UNIT III INTERNET SECURITY: Introduction, Security Intrusions and Security Properties, Threats Faced on Internet, Introduction to IP Addresses, Finding IP Address of a Remote System, Proxy Servers: Hiding Your Identity: Anonymous Surfing, Proxy Server, Why Proxying?, Working of Proxy Server, Advantages of Proxying, Disadvantage of Proxying, What is a SOCKS proxy server? UNIT IV E-MAIL SECURITY: Introduction, History of E-mail, Email addresses, How E-mail Works?, Various Mail Servers, E-mail Protocols. EMAIL TRACING AND SPAMMING: Analysis of Email Headers, Email Tracking, IP Tracking using Email, Spamming, Ways to Prevent Spam, How to steal Data from an E-mail? UNIT V EMAIL EXCHANGE SERVER SECURITY: E-mail Exchange Server Security, Virus Protection, RPC over HTTP, Protecting front-end Servers, Keep Exchange Server up-to-date, Cyber Laws Regarding Spamming, Security Policies. REFERENCE BOOKS: 1. Komunte Mary, Web Security, Prof Venansius Baryamureeba , Jul 2010, Lap Lambert Academic Publishing. 2. Web Security Exploits: Trojan Horse, Cross-Site Scripting, Session Fixation, Idn Homograph Attack, Cross-Site Request Forgery, Clickjacking, Llc Books, May 2010, Books Llc 3. Testing Web Security: Assessing The Security Of Web Sites And Applications, Steven Splaine, October 2002, John Wiley & Sons. 4. Elfriede A. Dustin, Jeff Rashka, Douglas Mcdiarmid, Quality Web Systems: Performance, Security, And Usability, Aug 2001, Addison-wesley Professional. 5. Rickland Hollar, Richard Murphy, Enterprise Web Services Security, 2006, Shroff/charles River Media.

APPIN TECHNOLOGY LAB

NETWORK SECURITY
UNIT I MOBILE SECURITY: what is mobile? Architecture of Mobile Communication, Mobile Generation, Technology of Mobile Communication, Mobile Phone Standards, Protocols used in Mobile, SIM, Mobile Safeguards and Solutions UNIT II VOICE OVER INTERNET PROTOCOL: Definition & Trends, Services, Types of VOIP, Components of VOIP, IP telephony & IP Paging, Protocols and Acronyms, Reasons for VOIP, Problems in VOIP, SKYPE, VOIP Security Scenario, How do we secure VOIP? VIRTUAL PRIVATE NETWORK SECURITY: Introduction to VPN, Application & Requirements of VPN, VPN types, Open VPN, Models of VPN, IPSEC VPN. UNIT III WIRELESS LAN: Introduction, Basics of wireless LAN, Antennas, Access Point Positioning, Rogue Access Point, Wired Equivalent Privacy, DOS attack, Man in Middle ATTACK (MITM), Tools, Wireless Intrusion Detection, Open Source Scanning Software, ROUTER BASICS: What is a router? Static and dynamic routing, Work to Router, Keeping the Messages Moving, Directing Traffic, Transmitting Packets. ROUTER SECURITY: Understanding the protocols, Tracing the message, Denial of service attack, Configuration of Router, Protocols on a Router, RFC 1483, Handshake Protocols, NAT (Network Address Translation), NAPT Services, ADSL Details, Trouble Shooting, Routing Table Problems, Various types of Intrusion, Securing the Routers. UNIT IV INTRUSION DETECTION AND PREVENTION: Introduction, Intrusion, Detection and Prevention, IDS, NEED of IDS, Components, types, What is not an IDS? Detection Methodologies, Various tools available, Limitations of IDS, intrusion prevention system, types, network based IPS, Counter Measures taken by an IPS, Risks involved. UNIT V ACCESS CONTROL SYSTEM: Introduction: What is Access Control, Access Control in Physical Security, Access Control in Information Security, Need of an Access Control System, Some Concepts Related to Access Control, Policies, Models, and Mechanisms, Discretionary Access CONTROL (DAC), NonDiscretionary Access Control, Mandatory Access Control (MAC), Role-Based Access Control. REFERENCE BOOKS: 1. 2. 3. 4. 5. Roberta Bragg, Network Security: The Complete Reference, 2004, Tata Mgraw Hill. Shaffer, Simon, Network Security, 1994, Academic Press. Nitesh Dhanjani, Network Security Tools, Justin Clarke, 2005, Shroff/o'reilly. Andrew Lockhart, Network Security Hacks, 2004, Shroff/o'reilly. Venkataram, Wireless And Mobile Network Security, Mcgraw-hill (tmh).

APPIN TECHNOLOGY LAB

DESKTOP AND SERVER SECURITY
UNIT I DESKTOP & SERVER SECURITY: Introduction, What Is Registry?, Registry Editing, Backups And Recovery, Policy, .Ini File Virtualization UNIT II WINDOWS 9X OPERATING SYSTEMS: Steps to Create Registry Values, Some Of The Examples To Change The Registry Default Settings, NT Security, Security Architecture Components UNIT III INTRODUCTION TO SECURING IN NT BOX: Backups, Windows Vulnerabilities And Threats, How To Determine If You Are At Risk? Use Any Vulnerability Scanner, UNIT IV How To Protect Against The Windows Services Vulnerabilities , LINUX SECURITY: Introduction: Linux Based, Benefits Of Linux, How Secure Should My Linux Be? UNIT V How To Set Up A Firewall Under Linux?, Windows Vs. Linux Design, Realistic Security And Severity Metrics, Cert Vulnerability Notes Database Results REFERENCE BOOKS: 1. Mike Danseglio, Securing Windows Server 2003, 2005, Shroff/o'reilly. 2. Mike Danseglio, Robbie Allen, Windows Server 2003 Security Cookbook, 2006, Shroff/o'reilly 3. Michael A. Caloyannides, Desktop Witness: The Do's And Don'ts Of Personal Computer Security, Jul 2002, John Wiley & Sons 4. Roger A. Grimes, PROFESSIONAL WINDOWS DESKTOP & SERVER HARDENING, June 2006 Wiley India Pvt Ltd 5. Ann-marie Kishel, Sheila Rivera, Server, Jan 2007, Lerner Classroom

APPIN TECHNOLOGY LAB

PROTECTION FROM HACKING ATTACKS UNIT I MALWARES: Introduction to Malwares, Types Of Malwares, Installing Bots On Target Machines, Attacking Methods, Working Of Bots, Malware Detection Technique. Counter measures. UNIT II NETWORK INTRUSION: Introduction To Intrusion, Types of Intrusions, Non-Technical Intrusion, Technical intrusion, Backtrack, live examples, tools, intrusion tricks. UNIT III BACKDOORS: Backdoors, Root kits, glossary, malware glossary, more to backdoors. UNIT IV ART OF GOOGLING: Introduction, The Google Toolbar, Searching Techniques, Directory Listing, More to googling, Google intruding tricks. UNIT V ADVANCES INTRUSION: Locating Cgi-Bin, Camera Intruding, Some Tricks, More Tricks, live images, tools.
REFERENCE BOOKS:

1. Mcclure, Web Hacking: Attacks & Defects, 01/01/2003, Dorling Kindersley India. 2. Andrew Whitaker, Keatron Evans, Jack Voth, Chained Exploits: Advanced Hacking Attacks from
Start to Finish, Nov 2008, Addison-wesley Professiona. 3. John Chirillo, Hack Attacks Revealed: A Complete Reference With Custom Security Hacking Toolkit, 2001-04-05, John Wiley & Sons. 4. Himanshu Dwivedi, Hacking VoIP: Protocols, Attacks, And Countermeasures, Oct 2008, No Starch Press. 5. Ec-council, Ec-council, Ethical Hacking And Countermeasures: Attack Phases, Sep 2009, Course Technology.

APPIN TECHNOLOGY LAB

FOURTH SEMESTER
INFORMATION MANAGEMENT SYSTEM
UNIT I INTRODUCTION TO INFORMATION SECURITY AUDITING: ISO 27001, History of ISO 27001, Standards and International Organization for Standardization, BS7799 / ISO 1799, ISO 27001, Domain of BS 7799-1, Improvement in ISO 27001 over BS 7799, Control objective and controls in ISO 27001, Selection and Implementation of Controls, Developing and Adopting Policies, Mandatory requirements, Information security management system, Management responsibility, Management Review of the ISMS. UNIT II MANAGING SECURITY AWARENESS: ISMS, ISMS implementation, Management security, Managing Security Awareness, Need for Security Management, Impact of a sound Security Management System, and Security awareness usually fails, WHY? ISO 27001 certification, Role of auditors, Marketing ISO 27001 to Senior Management, Preparing for Certification, Compliance accreditation and certification. UNIT III RISK ASSESSMENT, BUSINESS CONTINITY: What is Risk, What is Risk Assessment, Kind of Risk, Stage of Risk Assessment, Approaches to Risk Assessment, Qualitative Risk Assessment, Quantitative Risk Assessment, Popular methodologies for Risk Assessment, Business continuity. DISASTER MANAGEMENT SYSTEM: Disasters, Types of Disasters, Local site disasters, Site disaster - encompass the whole building, Area disaster - cover the whole area/vicinity, On the basis of the cause of origin, Elements of a good Business Continuity Plan, Building a Business Continuity Plan, Assess Business Requirements, Identify the IT requirements, Building the Backup/recovery solution. UNIT IV ISMS AUDITS AND METHODOLOGY: Audit concepts, Audit fundamentals, Audit management standard, Types of Audits, Audit planning, Audit Execution, Audit reporting, Audit follow-up, SECURITY MANAGEMENT PRACTICES AND FRAMEWORK: Security Management Practices, The Big Three: CIA, Security Management Practices, Identification of Assets, Determining Value of Assets, Threats on Assets RISK MANAGEMENT: Risk Identification, Principles of Risk Management, Safeguard Selection, Data Classification, Classification Criteria, Information Classification Procedure Assets Protection. UNIT V SECURITY FRAMEWORKS: What is Security, Adequate Security? What is required for Adequate Security? Aspects of Security, Framework 1: Defense in Depth (DID) Secure Environment, Framework 2: OCTAVE, Framework 3: Security Risk Analysis, Framework 4: Threat Modeling, Stride, Dread REFERENCE BOOKS: 1. R. G. Murdick, J. E. Ross and J. R. Clagget, Information Systems for Modern Management, 3rd Edition by, PHI 1994. 2. Parker, Charles Case, Thomas, Management Information System: Strategy & Action, 2nd Edition, TMH, 1993. 3. Thitima Pitinanondha, Operational Risk Management Systems, Mar 2010, Vdm Verlag Dr. Muller Aktiengesellschaft. 4. Gurpreet Dhillon, Managing Information Systems Security, 1997, Palgrave Macmillan. 5. Mahadeo Jaiswal, Management Information Systems, 2004-07-15, Oxford.

APPIN TECHNOLOGY LAB

SECURED PROGRAMMING
UNIT I SECURE PROGRAMMING CONCEPTS AND PRINCIPLES: Designing for security, Threat modeling, decompose a system, develop and use Threat Trees, Efforts for protecting information, Why deploying redundant security measures is appropriate, Planning of code failure in a secure manner, Executing code with minimum rights, Does security though hiding implementation details work, Remaining alert and staying aware. UNIT II SECURE PROGRAMMING ISSUES AND TECHNIQUES: Implementing authentication username/password, biometrics, Digital Certificates, Commonly used systems such as X.509 Certificate Authentication, Kerberos, Microsoft Passport, Authorization, Using Access Control Lists (ACLs), Implementing encryption, Using auditing in applications, Denial of service and techniques for increasing availability, Spoofing Identity, Tempering With Data, Repudiation, Information Disclosure, Denial of Service. UNIT III COMMON METHODS OF ATTACK AND HOW TO PREVENT THEM: Buffer overflows, protecting against buffer overflows, avoiding dangerous calls, Malicious input, Input issues and trust boundaries, Race conditions, Avoiding deadlocks, Avoiding TOCTOU (Time of Change/Time of Use) race conditions, Remedies, Spoofing, Spoofing types and defenses. UNIT IV SECURITY TESTING: Fundamental differences from functional testing, The most common security flaws, Using code coverage as a metric, Using threat coverage as a metric, How to assess the vulnerability of your system, How to assess the vulnerability of your own code, How to assess the vulnerability of commercial products such as databases, communication packages, server software, operating systems. UNIT V C SECURED PROGRAMMING: Introduction, General Types of intrusions can be possible, Architectural Principle, Design Ideas, Language Specific Tips, C++ SECURED PROGRAMMING: Introduction, General Types of intrusion can be possible, Architectural Principle, Design Ideas, Language Specific Tips, and Source Level Security Auditing Tools, Physical threats, Electronic threats, The Threat Equation, Handling risks in software. REFERENCE BOOKS: 1. Brian Chess, Jacob West, Secure Programming with Static Analysis, 2007, Addison-wesley Professional. 2. Jon Viega, Matt Messier, Zachary Girouard, Secure Programming Cookbook for C and C++, Jul 2003, O'reilly Media. 3. Wei Hu , DCE Security Programming, 1995, O*reilly & Associates, Incorporated. 4. J. Vitek, C. Damsgaard Jensen, Secure Internet Programming: Security Issues, Jul 1999, Springerverlag Berlin And Heidelberg Gmbh. 5. Alpay Doruk, Security Review Program Requirements For Intrusion Management Systems, Lap Lambert Academic Publishing

APPIN TECHNOLOGY LAB

DATABASE MANAGEMENT SYSTEM (DBMS)
UNIT I Introduction: DBMS Definition Continuation, Database, Management concepts and systems, Database Languages, DLL, Data Independence, Advantages and Disadvantages. UNIT II Entity Relationship Model: ER diagrams, Relationship sets, Degree, Attributes, Concepts of Entity, Relationship, Types, and Roles, Cardinality Constraints, Aggregation, UNIT III Indexing & hashing: Basic concept, Ordered Indices, Index Files, Static Hashing, Hash Functions, Dynamic Hashing, UNIT IV Relational Data Model: Terminology, Set operations, union and join, SQL (Structural Query Language): SQL, Sql database-table, functions, Relational Database Design by ERand EER-to-Relational Mapping, Mapping EER Model to Relations, UNIT V Data Normalization: Normalization and its process, The Raw Database, Data Redundancy, The Normal Forms, Transaction: Transaction concepts, ACID Properties, Transaction State, Schedules, Concurrency Control: Lock Conversions, Lock Table , Multiple Granularity, Deadlock Recovery, Recovery Techniques, Data Access, Deferred Database Modification REFERENCE BOOKS: 1. R. Elmarsi and SB Navathe, Fundamentals of Database Systems, Addison Wesley, 4th Ed., 2004 2. Abraham Silberschatz, Henry Korth, S. Sudarshan, Database Systems Concepts, 4th Edition, McGraw Hill, 1997. 3. Jim Melton, Alan Simon, Understanding the new SQL: A complete Guide, Morgan Kaufmann Publishers, 1993. 4. A. K. Majumdar, P. Battacharya, Data Base Management Systems, TMH, 1996. 5. Bipin Desai, An Introduction to database Systems, Galgotia Publications, 1991.

APPIN TECHNOLOGY LAB

PROJECT WORK
Student is required to undertake a Project Work at Ist Semester of online MBA and to prepare and submit a project report as a fulfillment of the course.

Selection of Project Topic (Title): Student has to identify and define topic of the project in the specific subject of Course. The project work should be conducted individually by field work in any organization/market/library relevant to the topic. The project work can be based on primary or secondary information and data. The project report should be presented in approximately 150-200 pages and should be approved by the guiding teacher. Guiding faculty:The student should approach to any teaching faculty of MBA for approval and decide the title of the project in consultation with guiding teacher. A form prescribed for the project work duly filled should be submitted to Appin and registration should be obtained. Weightage of marks:The project work carries total weightage of 6 credits out of which, the report carries the weightage of 2 credits and Presentation and project done carries the weightage of 4 credits. It is compulsory for each participant to prepare project report in consultation and under the able guidance of Project Guide/Supervisor and submit copy of Outline of Project Proposal in specified form (Enclosed herewith) duly signed by you and your Guide to the Appin office. Your outline of Project Proposal should clearly state following: A Brief Conceptual introduction of the Project work. Objectives of the Project work Sources of information Structure of the Project work Significance of the Project work Key points in Submission of Project Report: The Project report should be submitted in A-4 size (29-20cm) in a bound volume and also one copy to be uploaded online on the students account. The length of the Project report shall be about 60 to 75 double spaced computerized print out pages. The Font Size shall be preferably of 12 or 11 and in Times Roman Letters.

You need to submit only two hard and also a soft copy (CD) of Project Report

The project report must include certificate of originality of the work carrying that the work undertaken by him/her is an original one and has not been submitted earlier either to this University or to any other institution for fulfillment of the requirement of a course of study that is to be signed and approved by Project Guide/Supervisor and to be countersigned by you. The Project Report once submitted will not be returned to the student. The Project Report should be submitted before the given deadline. PROFORMA FOR APPROVAL OF TOPIC OF PROJECT REPORT SUBMISSION

APPIN TECHNOLOGY LAB

Name: ______________________________________________________________________ Roll No. ____________ Address for Communication: ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ Contact No: (R) ____________ (M) ______________ Email: ______________________________________ TITLE OF THE PROJECT: ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ (Note: Attach a Brief outline duly signed by you and Guide without fail) Name of Project Guide: ________________________________________________________ Note: Your Guide should be faculty member for the course. Educational Qualifications (in Brief) ____________________________________________________________________________ Whether your Project Guide is Employed (if yes please Answer Following) Designation: ________________________ Contact No. (s)______________________ Office Address: ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________ ____________________________________________________________________________

Date:

(Signature of Guide) (Signature of Student)

APPIN TECHNOLOGY LAB

POSSIBLE WAYS OF UNDERTAKING A PROJECT WORK: A Comprehensive organizational Case Study of an Organization: Based on Field Work Organization, Company, Firm, Market & Library, security concerns of a firm. She/he May Focus on Problem Formulation, Analysis & Recommendations. An Inter-organizational Study on Management Practices, security practices. She/he can carry out An Exploratory Study of Market/Organizations Based On Primary Information/Secondary Data, etc. The Project Work Based On Secondary Data & Information Supported With Field Work In A Fairly Big Organization, Company, Firm, Market, and Library. She/he May Undergo a Training in an Organization, Company, Firm as the case may be. The Project Work Can Be Based On Primary Data On A Chosen Topic.

A BRIEF ABOUT HOW TO PREPARE PROPOSAL: Introduction Review of Literature Objectives of the Project Research Design Research Methodology (1) Sources of Information (i) Secondary Data (ii) Primary Data (2) Research Tool (3) Sampling Decisions (i) Sampling units (ii) A Representative Sample (iii) Sampling Size (iv) Sampling Method (4) Data Analysis and Interpretation Significance of the Study Relevance of the Study (consider its need to the present day problems and society as well as country) Contribution to Knowledge Limitations of the Study Selected References