Netwrk Security.less Plan

8/18/2019 Netwrk Security.less Plan

1/19

ASKB Charitable Foundation Trust

Atria Institute of Technology, Bangalore – 24

D!A"T#$T %F &CT"%$ICS A$D C%##'$ICATI%$ $(I$"I$(

Subject / Course Lesson Plan

Semester: )III Year: 2016

Subject Name:Network Security Subject Code* +C-.2

Total Teaching Hours* 52 hrs Duration of Exam* .hours

Exam Marks* 100 IA Marks* 25

esson !lan Author * '/a/a Kousar Date" #$ %eb $'

Checked ()" Date* #$ %eb $'

Prerequisites: The student should have undergone the course on the following topics

Basic 0no1ledge of net1or0ing concets3

Basics of crytograhy3 %SI #odel and its secifications3

)irus attac0s infor/ation3

Subject/Course Learnin !bjecti"es:

At the end of the course the student should be able to*

Illustrate the basic funda/ental net1or0ing concets and %SI /odel for security3

'nderstand the different tyes of crytograhies3

Introduce authentication techniues3

Discuss 5arious tyes of 5irus and construction of fire1alls3

Subject/Course Outcomes:

After co/leting this course the student /ust de/onstrate the 0no1ledge and ability to*

+3 Build a funda/ental understanding of the ob6ecti5es of crytograhy and net1or0 security323 Beco/e fa/iliar 1ith the crytograhic techniues that ro5ides infor/ation and net1or0 security3

.3 I/art 0no1ledge on ncrytion techniues, Design !rinciles and #odes of oeration3

43 Analy7e a gi5en syste/ 1ith resect to security of the syste/3

83 'nderstand the Key #anage/ent techniues and $u/ber Theory3

93 Create an understanding of Authentication functions the /anner in 1hich #essage AuthenticationCodes and :ash Functions 1or0s3

;3


2/19




Subject/Course %rticulation &atri': &a((in o# Subject Learnin !bjecti"es )SL!/CL!*with N+%,2015 tier 1 -2 )Course outco.es*

Sub6ect $a/e*$et1or0 Security Course code*+C-.2

Se/ester* )III =ear* 2+8 > 2+9 ?5en Se/@

Subject/Course Learnin!bjecti"es,SL!/CL!

1 2 5 6 $ 10 11 12

3 n i n e e r i n k n o w l e 4 e

P r o b l e . a n a l y s i s

5 e s i n / 4 e " e l o ( . e n t o # s o l u t i o n s

C o n 4 u c t i n " e s t i a t i o n s o # c o . ( l e ' ( r o b l e . s

& o 4 e r n t o o l u s a e :

6 h e e n i n e e r a n 4 s o c i e t y :

3 n " i r o n . e n t a n 4 s u s t a i n a b i l i t y

3 t h i c s

7 n 4 i " i 4 u a l a n 4 t e a . w o r k

C o . . u n i c a t i o n

P r o j e c t . a n a e . e n t a n 4 # i n a n c e :

L i # e , l o n l e a r n i n

+3 Build a funda/entalunderstanding of theob6ecti5es of crytograhyand net1or0 security3

: & # & : & & & # : & #

23 Beco/e fa/iliar 1ith thecrytograhic techniuesthat ro5ides infor/ationand net1or0 security3

: & # & : # & & # : # :

.3 I/art 0no1ledge onncrytion techniues,Design !rinciles and#odes of oeration3

: : : # : # & # # : #

:

43 Analy7e a gi5en syste/1ith resect to security of the syste/3

: # & # # # & & & # &#

83 'nderstand the Key#anage/ent techniuesand $u/ber Theory3

: # # : & # & # # : #&

93 Create an understanding

of Authentication functionsthe /anner in 1hich#essage AuthenticationCodes and :ash Functions1or0s3

: : & : : & & # & : #

&

;3


3/19




Syllabus Content

Subject Co4e: 103C2

Subject Na.e:Network Security 7%: 25

eachin 8ours: 52 3'a. &arks: 100 Part 9%

UNIT – 1

Services,mechanisms and attacks,The OSI security achitecture,A model for network

security

6 hours

UNIT – 2

SYMMETRIC CI!ERS" Symmetric Ci#her Model, Su$stitution Techni%ues,

Trans#osition Techni%ues, Sim#lified &ES, &ata encry#tion standard '&ES(, The

stren)th of &ES, &ifferential and *inear Cry#tanalysis, +lock Ci#her &esi)n rinci#les

and Modes of O#eration, Evaluation Criteria for Advanced Encry#tion Standard, TheAES Ci#her

hours

UNIT – 3

rinci#les of u$lic-.ey Cry#tasystems, The RSA al)orithm, .ey Mana)ement, &iffie

/ !ellman .ey E0chan)e, Elli#tic Curve Arithmetic, Authentication functions, !ash

1unctions.6 hours

UNIT – 4

&i)ital si)natures, Authentication rotocols, &i)ital Si)nature Standard hours

Part9+

UNIT – 5

2e$ Security Consideration, Security socket layer 'SS*( and Trans#ort layer security,

Secure Electronic Transaction6 hours

UNIT – 6

Intruders, Intrusion &etection, assword Mana)ement. 6 hours

UNIT – 7

MA*ICIO3S SO1T2ARE" 4iruses and Related Threats, 4irus Countermeasures hours

UNIT – 8

MA*ICIO3S SO1T2ARE" 4iruses and Related Threats, 4irus Countermeasures 6 hours

TEXT BOOKS:

5 Cry#to)ra#hy and 6etwork Security, 2illiam Stallin), earson Education, 7889

REFERENCE BOOKS:

5 Cry#to)ra#hy and 6etwork Security, +ehrou: A 1orou:an, TM!, 788;

7 Cry#to)ra#hy and 6etwork Security, Atul .ahate, TM!, 7889

Pae o# 1$


4/19




3"aluation Sche.eI Scheme

%ssess.ent eihtae in &arks

Internal Assess/ent


5/19




;nit ise Plan;nit , 7

Subject Code and Name" $#EC*+& Net,ork Securit)

$-./er/ie,0Cr)1togra1hic Conce1ts !lanned Hours" #'

)earning Objectives

At the end of this chater student should be able to*

+3 !ro5ide an introduction to the funda/ental rinciles of crytograhy and its alications on thenet1or0 security do/ain3

23 Illustrate the concets of crytograhy3

)earning Outcomes

+3


6/19




< DoS is aA

.

Disk operating

system

B. Denial of service

attack

C. Detected on-goingservice

Critical =uestions:

+3


7/19




*eview +uestions:+3 hat are the essential ingredients of a sy//etric ciher2 hat are the t1o basic functions used in encrytion algorith/s. :o1 /any 0eys are reuired for t1o eole to co//unicate 5ia a ciher4 hat is the difference bet1een a bloc0 ciher and a strea/ ciher8 hat are the t1o general aroaches to attac0ing a ciher

9 &ist and briefly define tyes of crytanalytic attac0s based on 1hat is 0no1n to theattac0er3

+ui"& ,ultiple Choices:

1< hich of the follo1ing net1or0 oerating syste/ logon restrictions is /ost li0ely to sto a hac0er 1ho isatte/ting to disco5er so/eones ass1ord through a brute force or dictionary attac0

A

.

Total time

logged on

B. Time

of day

C. Period of time after which a password

expires

D.Number of unsuccessful logonattempts

2< =ou need to use /ultile anti5irus alications on the sa/e co/uter3

A

.

T

r

u

e

B. F

a

l

s

e

< hat is the /ain roble/ of a /odernanti5irus

A

.

High price and the absence of free telephone

support

B. False

positives

C. Dependence on antivirus

signatures

D. High memory

and cpu

< hat is a hash

A

.

An encrypted

value

B. A

decryption

key

C. Code used to compress

data

5< hich of the follo1ing is /ost li0ely to steal youridentity

A

.

T

r

oj

a

n

B. W

o

r

Pae o# 1$


8/19




m

C. V

i

r

u

sD. Spy

war

e

E. Ad

wa

re

Critical =uestions:

+3


9/19




+- :e) Management0 Diffie < Hellman :e) Exchange

2- Elli1tic Cur/e Arithmetic

3- Authentication functions

'- Hash %unctions

*eview +uestions:+3 hat are the rincial ele/ents of a ublic>0ey crytosyste/

2 hat are the roles of the ublic and ri5ate 0ey

. hat are three broad categories of alications of ublic>0ey crytosyste/s


1< Deliberate soft1are attac0s are referred toas*

A

.

Mal

ware

B. Malicious

code

C. Malicious

software

D. All of the above

21ay function

.3 hat is a tra>door one>1ay function

43 Describe in general ter/s an efficient rocedure for ic0ing a ri/e nu/ber3

Challenin =uestions:+3 In using the "SA algorith/, if a s/all nu/ber of reeated encodings gi5e bac0 the lainte


10/19




2


11/19




hat reuire/ents should a digital signature sche/e satisfy

Critical =uestions:

+3 hat is the difference bet1een direct and arbitrated digital signature

2eal i.e %((lications/&ini Projects:+3 It is te/ting to try to de5elo a 5ariation on Diffie>:ell/an that could be used as a digital signature3 :ere is one

that is si/ler than DSA and that does not reuire a secret rando/ nu/ber in addition to the ri5ate 0ey3

Public ele.ents:

a a 9 5 and a is a ri/iti5e root of 5

5 ri/e nu/ber

Pri"ate key: J J 9

Public key: = H aJ /od

To sign a /essage , co/ute , 1hich is the hash code of the /essage3e reuire that 3 If not, aend the hash to

the /essage and calculate a ne1 hash3 Continue this rocess until a hash code is roduced that is relati5ely ri/e

to 3Then calculate to satisfy 3The signature of the /essage is 3 To 5erify the signature, a user 5erifies that

a< Sho1 that this sche/e 1or0s3That is, sho1 that the 5erification rocess roduces an euality if the signature is

5alid3b< Sho1 that the sche/e is unaccetable by describing a si/le techniue for forging a userGs signature on an

arbitrary /essage3

;nit 9 5

Subject Code and Name" $#EC*+& Net,ork securit)

>nit Number and Title* 3-=eb Securit) Consideration !lanned Hours" #'

)earning Objectives


+3 Discuss SS& record rotocol323 Discuss Secure lectronic Transaction rotocol3

)earning Outcomes

+3


12/19




3- Trans1ort la)er securit)

'- Secure Electronic Transaction

*eview +uestions:+3hat are the ad5antages of each of the three aroaches

2 hat rotocols co/rise SS&

hat is the difference bet1een an SS& connection and an SS& session

hat stes are in5ol5ed in the SS& "ecord !rotocol trans/ission


1


13/19




l

s

e

5< hat IDS identifies intrusions based on a reset database that identifies 0no1n attac0signatures

A

.HostBased IDS

B. Behavior

Based IDS

C. Knowledge

Based IDS

D. Network

Based IDS

6nit Number and Title* '-Intruders !lanned Hours" #'

)earning Objectives


+3 Describe Intrusion detection /echanis/s3

23


14/19




)earning Outcomes

+3 &ist three classes of intruders3

23 Illlustrate ass1ord selection techniues3

)esson Schedule$- Intruders9Intrusion Techni5ues

&- Intrusion Detection

+- Audit records0Statistical Anomal) Detection

2- ;ule (ased Intrusion Detection0The (ase9;ate %allac)

3- Distributed Intrusion Detection0Intrusion Detection Exchange %1rmat

'- !ass,ord Management9 !rotection and Selection Strategies

*eview +uestions:+3 #ist and brie$" de%ne three classes o intruders.2 &hat are two common techniques used to protect a password %le'3 &hat are three bene%ts that can be pro(ided b" an intrusion detection s"stem'4 &hat is the di)erence between statistical anomal" detection and rule*based intrusiondetection'


1< DoS attac0s cannot be launched againstrouters3

A

.

T

r

u

e

B. Fa

l

s

e

1< Lone Alar/ is an e


15/19




A

.

Only I can see and

use it.

B. Only someone who knows the decryption password can see and

use it.

C. No one can see it, but everyone can

use it.D. No one can use it, but other administrators may see it with my

permission.

Critical =uestions:1. &hat metrics are useul or pro%le*based intrusion detection'2.&hat is the di)erence between rule*based anomal" detection and rule*based penetrationidenti%cation'3. &hat is a hone"pot'4. &hat is a salt in the context o U+- password management'5.#ist and brie$" de%ne our techniques used to a(oid guessable passwords.

Challenin =uestions:.An example o a host*based intrusion detection tool is the tripwire program.This is a %le integrit"checing tool that scans %les and directories on the s"stem on a regular basis and noti%es theadministrator o an" changes. t uses a protected database o cr"ptographic checsums or each %lecheced and compares this (alue with that recomputed on each %le as it is scanned. t must becon%gured with a list o %les and directories to chec, and what changes, i an", are permissible toeach. t can allow, or example, log %les to ha(e new entries appended, but not or existing entries tobe changed.&hat are the ad(antages and disad(antages o using such a tool' /onsiderthe problem o determining which %les should onl" change rarel", which %les ma" change more otenand how, and which change requentl" and hence cannot be checed. 0ence consider the amount owor in both the con%guration o the program and on the s"stem administrator monitoring theresponses generated.

Case Stu4ies/>eal i.e %((lications/&ini Projects:

.A taxicab was in(ol(ed in a atal hit*and*run accident at night. Two cab companies, the 1reen andthe Blue, operate in the cit".2ou are told that34 567 o the cabs in the cit" are 1reen and 67 are Blue.4 A witness identi%ed the cab as Blue.

The court tested the reliabilit" o the witness under the same circumstances that existed on the nighto the accident and concluded that the witness was correct in identi"ing the color o the cab 587 othe time.&hat is the probabilit" that the cab in(ol(ed in the incident was Blue rather than 1reen'

;nit 9

Subject Code and Name" $#EC*+& Net,ork Securit)

4-Malicious Soft,are !lanned Hours" #4

)earning Objectives At the end of this chater student should be able to*

+3 Describe /alicious rogra/3

)earning Outcomes

+3


16/19




4- (eha/iour9(locking Soft,are

*eview +uestions:+3 &hat is the role o compression in the operation o a (irus'2 &hat is the role o encr"ption in the operation o a (irus'3 &hat are t"pical phases o operation o a (irus or worm'4 &hat is a digital immune s"stem'


12


17/19




oj

a

n

B. W

o

rm

C. V

i

r

u

s

D. Spy

war

e

E. Ad

wa

re

Critical =uestions:1. 0ow does beha(ior*blocing sotware wor'2. n general terms, how does a worm propagate'3. !escribe some worm countermeasures.4. &hat is a !!o9'

Challenin =uestions:

.The list o passwords used b" the :orris worm is pro(ided at this boo’s &eb site.a. The assumption has been expressed b" man" people that this list represents words commonl"used as passwords. !oes this seem liel"' ;usti" "our answer.b. the list does not re$ect commonl" used passwords, suggest some approaches that :orris ma"ha(e used to construct the list.

Case Stu4ies/>eal i.e %((lications/&ini Projects:.9uggest some methods o attacing the


18/19




3- Trusted S)stems

'- Data Access Control

4- The Conce1t of Trusted S)stems

*- Trojan Horse Defense

*eview +uestions:.#ist three design goals or a %rewall.2 #ist our techniques used b" %rewalls to control access and enorce a securit" polic".3 &hat inormation is used b" a t"pical pacet %ltering %rewall'4 &hat are some weanesses o a pacet %ltering %rewall'

Critical =uestions:+.&hat is the di)erence between a pacet %ltering %rewall and a stateul inspection %rewall'2.&hat is an application*le(el gatewa"'3.&hat is a circuit*le(el gatewa"'

Challenin =uestions:

+3&hat are the common characteristics o a bastion host'2.&h" is it useul to ha(e host*based %rewalls'3. &hat is a !:= networ and what t"pes o s"stems would "ou expect to %nd on such


1< Security udates are neededto*

A

.

Improve flaws in installed programs and operating systems to resolve

vulnerabilities

B. Improve program design and

functionality

C. Make programs easier

to use

D. To boost vendor’s

profits

2< hich of the follo1ing is less li0ely to be detected 1ith standard anti5irussoft1are

A

.

T

r

oj

a

n

B. V

i

r

u

s

C. Spy

war

e

D. Ad

wa

re

< hat ort does secure :TT! useA

.

1

70

1

B. 1

Pae 1 o# 1$


19/19




5

1

2

C. 4

4

3D. 8

0

< !ass1ords sto an intruder 1ho gains hysical access to a co/uter3A

.

T

r

u

e

B. F

a

l

s

e

5eal i.e %((lications/&ini Projects:+3 A common management requirement is that >all external &eb trafc must $ow (ia theorgani?ation’s &eb prox".@ 0owe(er, that requirement is easier stated than implemented. !iscuss the(arious problems and issues, possible solutions, and limitations with supporting this requirement. nparticular consider issues such as identi"ingexactl" what constitutes >&eb trafc@ and how it ma" be monitored, gi(en the large range o portsand (arious protocols used b" &eb browsers and ser(ers.

Documents

Netwrk Security.less Plan