Full Transcript

INT244:SECURING COMPUTING SYSTEMS L:2 T:0 P:2 Credits:3 Course Outcomes: Through this course students should be able to CO1 :: describe the basic concepts of operatin...

INT244:SECURING COMPUTING SYSTEMS L:2 T:0 P:2 Credits:3 Course Outcomes: Through this course students should be able to CO1 :: describe the basic concepts of operating systems, cryptography and ethical hacking CO2 :: discuss various methods of performing footprinting and scanning the target systems CO3 :: illustrate the process of enumerating and compromising a target system CO4 :: examine the usage of sniffers, social engineering techniques and denial of service attacks for compromising the target CO5 :: analyze the functionality of session hijacking, web applications and SQL injection in testing the security of target CO6 :: understand the process of identifying the threats to WiFi, Bluetooth, mobile devices, cloud services and SOC and SIEM solutions Unit I Introduction to Ethical Hacking : Hacking Evolution, What Is an Ethical Hacker?, Ethical hacking and Penetration testing, Hacking methodologies System Fundamentals : Fundamental of computer networks, Exploring TCP/IP ports, Understanding network devices, Proxies, Firewall and Network Security, Knowing Operating Systems(Windows, Mac, Android and Linux) Cryptography : History of cryptography, Symmetric cryptography, Asymmetric cryptography, Understanding Hashing, Issues with cryptography, Application of cryptography(IPsec, PGP, SSl) Unit II Footprinting : What is Footprinting, Threats Introduced by Footprinting, The Footprinting process, Using (Search engine, Google hacking, Social networking and Financial services) Information gathering Scanning : What is Scanning, Types of Scans, Family tree of Scans, OS fingerprinting, Countermeasure, Vulnerability Scanning and Using Proxies Unit III Enumeration : What is Enumeration, Windows Enumeration, Enumeration with SNMP, LDAP and Directory Service Enumeration, SMTP Enumeration System Hacking : What is System Hacking, Password cracking, Authentication on Microsoft Platforms, Executing Applications Malware : Malware and the law, Categories of Malware(Viruses, worms, spyware, Adware, Scareware Ransomware and Trojans), Overt and Covert Channels Unit IV Sniffers : Understanding Sniffers, Using a Sniffer, Switched network Sniffing, MAC Flooding, ARP Poisoning, MAC Spoofing, Port Mirror and SPAN Port, Detecting Sniffing Attacks Social Engineering : What is Social Enginnering, Social Engineering Phases, Commonly Employed Threats, Identity Theft Denial of Service : Understanding DoS, Understanding DDoS, DoS Tools, DDoS Tools, DoS Pen- Testing Considerations Unit V Session Hijacking : Understanding Session Hijacking, Exploring Defensive Strategies, Network Session Hijacking Web Servers and Applications : Exploring the Client-Server Relationship, The client and the server, Vulnerabilities of Web Servers and Application, Testing Web Application SQL Injection : Introducing SQL Injection, Databases and Their Vulnerabilities, Anatomy of a SQL Injection Attack, Altering Data with a SQL Injection Attack, Evading Detection Mechanisms, SQL Injection Countermeasures Unit VI Hacking Wi-Fi and Bluetooth : What Is a Wireless Network, A Close Examination of Threats, Hacking Bluetooth, Introduction to SIEM and SOC Solutions Mobile Device Security : Mobile OS Models and Architectures, Goals of Mobile Security, Device Security Models, Countermeasures Session 2024-25 Page:1/2 Unit VI Cloud Technologies and Security : What Is the Cloud, Threats to Cloud Security, Cloud Computing Attacks, Testing Security in the Cloud List of Practicals / Experiments: List of practical's/ experiment Foot-printing: Demonstration of the process of active and active and passive information gathering using search engines, GHDB and Netcraft Scanning: Demonstration of port, network and vulnerability scanning with the help of Nmap, Nessus and Rapid7 and AngryIP Enumeration: Demonstration of windows, Linux enumeration and network protocol enumeration with the help of inbuilt utilities and open-source tools System Hacking: Demonstration of offline and online password cracking with the help of dictionary, brute force and hybrid attack and generating rainbow tables Sniffing: Demonstration of network sniffing with the help of packet sniffers such as Wireshark, Tcpdump and Dsniff and understand the data that is being sniffed by the respective tools Denial of Service: Demonstration of various Dos attacks such as Service Request Floods, ICMP Flooding, Smurf and Fraggle Attacks using different tools SQL Injection: Demonstration of various types of SQL injection with the help of different tools Text Books: 1. MASTERING KALI LINUX FOR ADVANCED PENETRATION TESTING by VIJAY KUMAR VELU, PACKT PUBLISHING References: 1. CERTIFIED ETHICAL HACKER (CEH) V11 312-50 EXAM GUIDE by DALE MEREDITH, PACKT PUBLISHING Session 2024-25 Page:2/2

Use Quizgecko on...
Browser
Browser