PCS332: NETWORK SECURITY
Introduction: The Security, functionality and ease of use Triangle, Essential Terminology, Elements of Security, Difference between Penetration Testing and Ethical Hacking, Deliverables ethics and legality, Computer Crimes and Implications.
Reconnaissance: Information Gathering Methodology, Locate the Network Range, Active and Passive reconnaissance.
Scanning: Scanning, Elaboration phase, active scanning, scanning tools nmap, hping2. Enumeration, DNS Zone transfer.
Trojans and Backdoors: Effect on Business, Trojan?, Overt and Covert Channels, Working of Trojans, Different Types of Trojans, Different ways a Trojan can get into a system, Indications of a Trojan Attack, Some famous Trojans and ports used by them.
Sniffers: Definition of sniffing, How a Sniffer works?, Passive Sniffing, Active Sniffing, Ethreal tool, Man-in-the-Midle Attacks, Spoofing and Sniffing Attacks, ARP Poisoning and countermeasures.
Denial of Service: What is Denial of Service? , Goal of DoS (Denial of Service), Impact and Modes of Attack.
Social Engineering: Social Engineering, Art of Manipulation, Human Weakness, Common Types of Social Engineering, Human Based Impersonation, Example of social engineering, Computer Based Social Engineering, Reverse Social Engineering, Policies and procedures, Security Policies-checklist.
Session Hijacking: Understanding Session Hijacking, Spoofing vs Hijacking, Steps in Session Hijacking, Types of Session Hijacking, TCP Concepts 3 Way and shake, Sequence numbers.
1. Hackers Beware, Eric Core, EC-Council Press (2003).
2. William Stallings, Network Security Essentials, Prentice-Hall (2006).
3. William R. Cheswick and Steven M. Bellovin, Firewalls and Internet Security, Addison Wesley (1999)
4. W. Stallings, Cryptography and Network Security, Prentice Hall (2002).