Software and Systems Security

Specific educational objectives:

The main aim of this module is to provide an introduction to the field of information security. The students learn about the technical as well as the management side of security in information systems. They acquire knowledge about fundamental principles of security and also about practical approaches to securing information systems.

Prerequisites:

Students should have a solid mathematical foundation and be familiar with basic programming concepts, data structures and algorithms. These prerequisites are covered in any Bachelor degree in Computer Science. Download course description from here.

Course syllabus:

Unit I

Introduction to Information Security:

•Introduction, security certificates, the need for security, security approaches and goals, Types of security attacks, security mechanisms, Best Programming Languages for Cyber Security.

Basics of Cryptography and Hash:

•Cryptography: Concepts and techniques, Cryptography Terminology, Cryptography and Security, Categories of Cryptographic Algorithms(Hash, Symmetric, Asymmetric), symmetric and asymmetric key cryptography, Cryptographic Attacks, Using Cryptography.

 

Unit II

Key Management:

•Introduction, Key Strength, Block Cipher Modes of Operation, Digital Certificates, Digital certificates, Certificate Management, Public Key Infrastructure, Trust Models, X.509, Crypto-graphic Transport Protocols.

Authentication, Access Control and Account Management:

•Introduction, Authentication Credentials, Password weakness, Password attack (Online and offline), Password security, Protecting Passwords, Authentication Credential, Access ControlTerminology, Access Control Models, Managing Access Through Account Management, Implementing Access Control, Identity and Access Services.

 

UNIT III

System Vulnerabilities and Risk Mitigation

•Vulnerability Assessment and Data Security: Assessing the Security Posture, VulnerabilityScanning, Penetration Testing.Risk Mitigation: Managing Risk, Strategies for ReducingRisk, Practices for Reducing Risk, Troubleshooting Common Security Issues.

Software Vulnerabilities and Coding for Penetration Testers(Security coding)

•Software Vulnerabilities: Introduction to Software Vulnerabilities, Characters and Numbers, Canonical Representations, Memory management (Buffer overflow, Stack Overflow, Heap Overflow, Type confusion) Data and Code (Scripting, SQL injection, Cross-site scripting (XSS)), directory traversal, Issues with (libraries, components, and dependencies), Issues with web services and APIs.Coding for Penetration Testers: Command shell scripting, Python, Perl, Ruby, Web scripting with PHP, Information gathering, What is Dark web andDeep Web?, Post-exploitation scripting.

 

UNIT IV

Security of Distributed Systems (Network Security):

Introduction to distributed systems, Networking-Based Attacks: (Interception, Poisoning), Server Attacks: (Denial of service, Web server application attacks, Session Hijacking and spoofing, Overflow attacks, Advertising attacks, Browser attacks).

Security by design:

Introduction to network security by design, Security Through Network Devices, Security Through Network Architecture, Security Through Network Technologies, Secure Network Protocols, Managing and Securing Network Platforms.

 

UNIT V

Short-range wireless communication Security:

Wireless Attacks [Bluetooth Attacks, Near Field Communication (NFC) Attacks, Radio Frequency Identification (RFID) Attacks, Wireless Local Area Network Attacks], Vulnerabilities of IEEE Wireless Security [ Wired Equivalent Privacy, Wi-Fi Protected Setup, MAC Address Filtering, SSID Broadcasting], Wireless Security Solutions [Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2).

Cellular Network Security:

Introduction to the cellular network, SIM card structure, 4G/LTE Network Architecture, Security in Wireless cellular network, Authentication in 4G, Attacks in Mobile Networks.

 

UNIT VI

Social Aspects of Security: 

Overview of Social Engineering, Social engineering attack techniques, Six Key Principles in Social Engineering, The Different Types of Social Engineers, Information Gathering, Elicitation, Manipulation, Mind Tricks, The Tools of the Social Engineer, Prevention and Mitigation.

Computer Forensics:

Introduction to computer forensics, Digital forensic phases, Network Forensics (What traffic protocols should be analysed, systems are used to collect network data).

Presentation and slides by demands.

 

References:

  •  “Principles of information security” 6th edition, Michael E. Whitman, Herbert J. Mattord, ISBN 978-1337102063
  •  “Cryptography and Network Security” Forouzan Mukhopadhyay, Mc Graw Hill, ISBN 9339220951, 9789339220952
  •  “CompTIA Security+ Guide to Network Security Fundamentals” 6th Edition, Mark Ciampa ISBN 978-1337288781
  •  “Computer security” 3rd edition, Rditiondieter gollmann, Wiley, ISBN10 0470741155
  •  “Coding for Penetration Testers: Building Better Tools”, Jason Andress, Ryan Linn, ISBN 9781597497299
  •  “Social Engineering: The Art of Human Hacking”, Christopher Hadnagy, ISBN 9780470639535