IF4301 Information and Network Security Syllabus:

IF4301 Information and Network Security Syllabus – Anna University PG Syllabus Regulation 2021

COURSE OBJECTIVES:

 To introduce the concepts and models of security.
 To understand the risk assessment and security standard.
 To plan for business continuity and incident response plan.
 To estimate the level of security risk faced by an organisation and the countermeasures to handle the risk.
 To understand potential vulnerabilities and to develop a security blueprint.

UNIT I INFORMATION SECURITY

Introduction to Information Security – Security Issues – CIA Triad – Parkerian Hexad – Introduction to Security Attacks – Types of Attacks – Threats, Vulnerabilities, and Risk – Risk Management – Incident Response Identification – Access Controls – Identity Verification – Authentication – Multifactor Authentication – Mutual Authentication – Passwords – Biometrics – Hardware Tokens.

UNIT II FUNDAMENTALS OF CRYPTOGRAPHY

Foundations of Cryptology – Cipher Methods – Cryptographic Algorithms – Kerckhoffs’s Principles. Keyword Ciphers – One-Time Pads – Symmetric and Asymmetric Cryptography Techniques – Hash Functions – SHA – MD5 – Digital Signatures – Certificates – Modern Cryptographic Tools.

UNIT III INTRUSION DETECTION

Threat Models – Secure Communications – Intrusion Detection Systems – Intrusion Detection and Prevention Systems – Honeypots – Scanning and Analysis Tools – Traditional Reconnaissance and Attacks – Malicious Software – Preventive Measures – Intrusion Monitoring and Detection – Reactive Measures – Network-Based Intrusion Protection.

UNIT IV NETWORK SECURITY

Kerberos – IP Security – IP Security architecture – Key Management – Email Security – Pretty Good Privacy, S/MIME – Public Key Infrastructure – Traffic flow security – Firewalls – Design and Types of Firewalls – Personal Firewalls

UNIT V APPLICATION SECURITY

Software Development Vulnerabilities – Buffer Overflows – Race Conditions – Input Validation Attacks – Authentication Attacks – Authorization Attacks – Cryptographic Attacks – Web Security – Client-Side Attacks – Server-Side Attacks – Database Security – Protocol Issues – Unauthenticated Access – Arbitrary Code Execution – Privilege Escalation – Application Security Tools – Sniffers – Web Application Analysis Tools – Fuzzers

SUGGESTED ACTIVITIES:

1: In-class activity to learn about various security services and attacks.
2: Analyse risk for any real time applications and prepare a blueprint for security to control the risk.
3: Develop an attack success scenario and assess the potential damage.
4: Prepare the contingency planning documents for business continuity.
5: Discussion on scanning and analysis tools for identifying the vulnerabilities.

COURSE OUTCOMES:

After completing the course students will be able to
CO1: Apply the basic security models and policies required by the computing system.
CO2: Apply a cryptographic algorithm to build a secure application.
CO3: Monitor, detect and prevent intrusions in a network.
CO4: Predict the vulnerabilities in any computing system and propose a security solution.
CO5: Understand the importance of network security and risk management of an organization.

TOTAL :45 PERIODS

REFERENCES

1. Cryptography and Network Security : William Stallings, Pearson Education, 7th Edition
2. Security in Computing, Fifth Edition, by Charles P. Pfleeger, Pearson Education
3. Foundations of Information Security: A Straightforward Introduction, Jason Andress. No Starch Press, 2019
4. Fundamentals of information systems security, Kim, David, Solomon, and Michael G. Jones & Bartlett Learning, third edition, 2018
5. Information Security: Foundations, technologies and applications, Ali Ismail Awad, Michael Fairhurst. Institution of Engineering & Technology, 2018
6. Computer and Information Security Handbook, John R. Vacca. Morgan Kaufmann, 2017
7. Software-Defined Networking and Security, Dijiang Huang, Ankur Chowdhary, and Sandeep Pisharody. CRC Press, 2018

Related posts:

  1. CP4153 Network Technologies Syllabus
  2. OTL553 Telecommunication Network Management Syllabus
  3. EC3401 Networks and Security Syllabus
  4. CP4391 Security Practices Syllabus
  5. ET4012 Embedded Systems Security Syllabus
  6. PS4001 Power System State Estimation and Security Assessment Syllabus
  7. OCE552 Geographic Information System Syllabus
  8. GI8014 Geographic Information System Syllabus
  9. PH8252 Physics for Information Science Syllabus
  10. PH3256 Physics for Information Science Syllabus
  11. RS4102 Geographical Information System Syllabus
  12. CM4016 Manufacturing Information Systems Syllabus
  13. CP4093 Information Retrieval Techniques Syllabus
  14. RS4111 Geographical Information System Laboratory Syllabus
  15. IM4202 Geographical Information Systems for Infrastructure Planning Syllabus