Lovely Professional University, Punjab

Course Code Course Title Course Planner Lectures Tutorials Practicals Credits
CAP562 CYBER SECURITY AWARENESS 16862::Puneet Kumar Kaushal 2 0 0 2
Course Weightage ATT: 5 CA: 25 MTT: 20 ETT: 50 Exam Category: 13: Mid Term Exam: All MCQ – End Term Exam: MCQ +
Subjective
Course Orientation KNOWLEDGE ENHANCEMENT

TextBooks ( T )
Sr No Title Author Publisher Name
T-1 INTRODUCTION TO COMPUTER CHWAN-HWA (JOHN) CRC PRESS
NETWORKS AND WU, J. DAVID IRWIN
CYBERSECURITY
Reference Books ( R )
Sr No Title Author Publisher Name
R-1 CYBER SECURITY ESSENTIALS JAMES GRAHAM, CRC PRESS
RYAN OLSON, RICK
HOWARD
Other Reading ( OR )

Sr No Journals articles as Compulsary reading (specific articles, complete reference)

OR-1 Race Condition Vulnerability Lab, Copyright c 2006 - 2009 Wenliang Du, Syracuse University. The development of this document is funded by the National
Science Foundation’s Course, Curriculum, and Laboratory Improvement (CCLI) program under Award No. 0618680 and 0231122. ,
Relevant Websites ( RW )
Sr No (Web address) (only if relevant to the course) Salient Features
RW-1 https://www.fireeye.com/current-threats/what-is-a-zero-day-exploit.html Students will get to know the examples of zero day vulnerabilities and its
signficance
RW-2 http://www.darkreading.com/the-7-best-social-engineering-attacks-ever/d/d-id/1319411 Students will get knowledge about the effects of social engineering

RW-3 http://oauth.net/articles/authentication/ Students will learn about the difference between open authenication and
open authorization
RW-4 https://www.sans.org/security-resources/idfaq/honeypot3.php Students will learn about the honepots and its significance

RW-5 http://www.infosec.gov.hk/english/yourself/soans.html This website will help the students to learn about different categories of
defensive measures of span and emails
RW-6 https://www.sans.org/security-resources/idfaq/polymorphic_shell.php Students will learn about the polymorphic shell

RW-7 https://www.acunetix.com/websitesecurity/sql-injection/ This website will help the students to learn different ways of injecting
databases

An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
updated on the contemporary issues related to the course. Upto 20% of the questions in any examination/Academic tasks can be asked from such issues even if not explicitly mentioned in the instruction plan.
 Audio Visual Aids ( AV )
Sr No (AV aids) (only if relevant to the course) Salient Features
AV-1 https://www.youtube.com/watch?v=pKmx8Io3dVo Students will know the effect of power grid effects by cyber crimes
AV-2 https://www.youtube.com/watch?v=xTKjHWkDwP0 This animated video will help the students to get a view of animated DNS
amplication attack
AV-3 https://www.youtube.com/watch?v=sXD6RqbRhMU This video demonstrates an example of digital signature
AV-4 https://www.youtube.com/watch?v=wf2ikTtz_gk Students will get a view of functioning of firewall
AV-5 https://www.youtube.com/watch?v=C6z-HadM258 Students will get a view of the phishing attack

LTP week distribution: (LTP Weeks)

Weeks before MTE 7
Weeks After MTE 7
Spill Over (Lecture)

Detailed Plan For Lectures

Week Lecture Broad Topic(Sub Topic) Chapters/Sections of Other Readings, Lecture Description Learning Outcomes Pedagogical Tool Live Examples
Number Number Text/reference Relevant Websites, Demonstration/
books Audio Visual Aids, Case Study /
software and Virtual Images /
Labs animation / ppt
etc. Planned
Week 1 Lecture 1 Cyber security overview T-1 L0: Zero lecture Students will learn ppt and discussion World trade
(introduction) presentation for the about the basic of center attack and
overview of the course, cyber security, its different flight
its significance and need and its effect in hijackers
academic task details. global aspect.

L1: Definition of cyber

and related terms,
security in global
aspects and its
provisioning sectors.

An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
updated on the contemporary issues related to the course. Upto 20% of the questions in any examination/Academic tasks can be asked from such issues even if not explicitly mentioned in the instruction plan.
Week 1 Lecture 1 Cyber security overview T-1 L0: Zero lecture Students will learn ppt and discussion World trade
(security from a global presentation for the about the basic of center attack and
perspective) overview of the course, cyber security, its different flight
its significance and need and its effect in hijackers
academic task details. global aspect.

L1: Definition of cyber

and related terms,
security in global
aspects and its
provisioning sectors.
Lecture 2 Cyber security overview T-1 RW-1 The mechanism to name Students will come to ppt
(vulnerability naming the vulnerability know about the
schemes) depending upon their naming procedures of
salient features and the vulnerabilities
effect of zero day and will understand
vulnerability. the effect of zero day
attack
Cyber security overview T-1 RW-1 The mechanism to name Students will come to ppt
(zero-day vulnerabilities) the vulnerability know about the
depending upon their naming procedures of
salient features and the vulnerabilities
effect of zero day and will understand
vulnerability. the effect of zero day
attack
Week 2 Lecture 3 Cyber security overview T-1 AV-1 The effects of cyber Students will learn ppt and audio Movie example
(attacks on the power grid crimes on national about the cyber video of American
and utility networks) resources crimes that disrupts Blackout
socioeconomic aspect
of a nation
Lecture 4 Vulnerabilities and R-1 OR-1 L4: Shellcode, buffer L4: Students will ppt and discussion non secure
exploitation(techniques to RW-6 overflows, string learn about different websites :
gain a foothold) RW-7 vulnerabilities procedures of University of
vulnerabilities of Pakistan
L5: Race condition, shell and stack
malicious pdf files and structure
allocation of term paper L5: Students will
learn about the
different procedures
of database and
coding attacks and

An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
updated on the contemporary issues related to the course. Upto 20% of the questions in any examination/Academic tasks can be asked from such issues even if not explicitly mentioned in the instruction plan.
Week 3 Lecture 5 Vulnerabilities and R-1 OR-1 L4: Shellcode, buffer L4: Students will ppt and discussion non secure
exploitation(techniques to RW-6 overflows, string learn about different websites :
gain a foothold) RW-7 vulnerabilities procedures of University of
vulnerabilities of Pakistan
L5: Race condition, shell and stack
malicious pdf files and structure
allocation of term paper L5: Students will
learn about the
different procedures
of database and
coding attacks and

Lecture 6 Vulnerabilities and R-1 RW-2 The procedures and Students will learn ppt + discussion Demonstration
exploitation(web exploit tools to exploit any about various tools with wireshark,
tools) website and the effect of for web exploit and nmap tool.
social engineering in also understand the
cyber crimes. social engineering
issues related with
cyber crime.
Vulnerabilities and R-1 RW-2 The procedures and Students will learn ppt + discussion Demonstration
exploitation(social tools to exploit any about various tools with wireshark,
engineering) website and the effect of for web exploit and nmap tool.
social engineering in also understand the
cyber crimes. social engineering
issues related with
cyber crime.
Week 4 Lecture 7 Vulnerabilities and R-1 AV-2 Functioning of domain Students will learn ppt and discussion
exploitation(dns name service and its about the
amplification attack) vulnerabilities amplification
problems of domain
name service and its
extension to security
vulnerability
Lecture 8 Fundamentals of T-1 Introduction to Students will learn ppt and discussion DES, RSA
cryptography(introduction to cryptography basics, and review of the
cryptography and its difference between cryptography
importance) block ciphers and stream primitives
ciphers and features of
public key cryptography
Fundamentals of T-1 Introduction to Students will learn ppt and discussion DES, RSA
cryptography(block Ciphers cryptography basics, and review of the
vs stream ciphers) difference between cryptography
block ciphers and stream primitives
ciphers and features of
public key cryptography

An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
updated on the contemporary issues related to the course. Upto 20% of the questions in any examination/Academic tasks can be asked from such issues even if not explicitly mentioned in the instruction plan.
Week 4 Lecture 8 Fundamentals of T-1 Introduction to Students will learn ppt and discussion DES, RSA
cryptography(public key cryptography basics, and review of the
cryptography characteristics) difference between cryptography
block ciphers and stream primitives
ciphers and features of
public key cryptography
Week 5 Lecture 9 Fundamentals of T-1 Definition of hashing, Students will learn ppt and discussion Multiplication
cryptography(authentication hashing features and about the use of and additive
with hash) utilization of hashing hashing in security modulo hash
function in authorization services.
Lecture 10 Test 1
Week 6 Lecture 11 Fundamentals of T-1 AV-3 Definition of digital Students will learn ppt use of pdf files
cryptography(digital signature, function of about the working of with digital
signature concept) digital signature and its digital signatures and signatures
advantages and its features
disadvantages
Lecture 12 Fundamentals of T-1 L12: Password Students will lean ppt and discussion
cryptography(password definition, password about the dictionary
concepts) usage. attacks in passwords,
L13: One time password rainbow table usage.
functions and its L13: Students will
features learn about the one
time password
function and its
significance
Week 7 Lecture 13 Fundamentals of T-1 L12: Password Students will lean ppt and discussion
cryptography(password definition, password about the dictionary
concepts) usage. attacks in passwords,
L13: One time password rainbow table usage.
functions and its L13: Students will
features learn about the one
time password
function and its
significance

SPILL OVER
Week 7 Lecture 14 Spill Over

MID-TERM
Week 8 Lecture 15 Firewalls(introduction to T-1 AV-4 Firewall definition, its Students will learn ppt and discussion Windows
firewalls) applications, gateways about the basics of firewall
and its uses, stateless firewall
and stateful packet
filtering and the types of
firewall

An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
updated on the contemporary issues related to the course. Upto 20% of the questions in any examination/Academic tasks can be asked from such issues even if not explicitly mentioned in the instruction plan.
Week 8 Lecture 15 Firewalls(stateless packet T-1 AV-4 Firewall definition, its Students will learn ppt and discussion Windows
filtering vs stateful packet applications, gateways about the basics of firewall
filtering) and its uses, stateless firewall
and stateful packet
filtering and the types of
firewall
Firewalls(gateways and its T-1 AV-4 Firewall definition, its Students will learn ppt and discussion Windows
applications) applications, gateways about the basics of firewall
and its uses, stateless firewall
and stateful packet
filtering and the types of
firewall
Firewalls(types of firewall) T-1 AV-4 Firewall definition, its Students will learn ppt and discussion Windows
applications, gateways about the basics of firewall
and its uses, stateless firewall
and stateful packet
filtering and the types of
firewall
Lecture 16 Firewalls(architecture of T-1 Design and architecture Students will learn ppt and discussion Cisco firewall
firewall) of firewall, emerging about the basic
technology in research architecture of the
for firewall functioning firewall and the
technological aspects
of firewall
Firewalls(emerging firewall T-1 Design and architecture Students will learn ppt and discussion Cisco firewall
technology) of firewall, emerging about the basic
technology in research architecture of the
for firewall functioning firewall and the
technological aspects
of firewall
Week 9 Lecture 17 Intrusion T-1 Intrusion definition, Students will learn ppt and discussion
detection/prevention system intrusion detection the basic view of
(introduction) needs, types of intrusion intrusion detection
detection and also learn about
its various types
Intrusion T-1 Intrusion definition, Students will learn ppt and discussion
detection/prevention system intrusion detection the basic view of
(types of intrusion detection) needs, types of intrusion intrusion detection
detection and also learn about
its various types
Lecture 18 Intrusion T-1 RW-4 Basic concepts of Students will learn ppt and discussion winie the pooh
detection/prevention system honeypots, its the usefulness of cartoon, SNORT
(honeypots) functionality, honeypots in cyber tool examples
advantages and security
disadvantages

An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
updated on the contemporary issues related to the course. Upto 20% of the questions in any examination/Academic tasks can be asked from such issues even if not explicitly mentioned in the instruction plan.
Week 9 Lecture 18 Intrusion T-1 RW-4 Basic concepts of Students will learn ppt and discussion winie the pooh
detection/prevention system honeypots, its the usefulness of cartoon, SNORT
(detection of polymorphic functionality, honeypots in cyber tool examples
worms) advantages and security
disadvantages
Week 10 Lecture 19 Intrusion T-1 Distributed approach for Students will learn ppt and examples SNORT
detection/prevention system applying intrusion about he SNORT of SNORT examples
(distributed intrusion detection analysis software execution
detection system and
standards)
Lecture 20 Cyber threats and their T-1 L20: Cache poisoning L20: Students will ppt and discussion
defense(domain name L21: domain name learn about the
system protection) service security technical functioning
extensions and of cache and the
deployment ways for poisoning it
and is significance.
L21: Students will
learn about the
domain name service
and its security
deployment
procedures.
Week 11 Lecture 21 Cyber threats and their T-1 L20: Cache poisoning L20: Students will ppt and discussion
defense(domain name L21: domain name learn about the
system protection) service security technical functioning
extensions and of cache and the
deployment ways for poisoning it
and is significance.
L21: Students will
learn about the
domain name service
and its security
deployment
procedures.
Lecture 22 Cyber threats and their T-1 BGP vulnerabilities and Students wil learn the discussion message
defense(router security) measures applicability of of information flow
BGP in concern with from one hand
routing to another hand
and how he
router maintains
security of those
hands.
Week 12 Lecture 23 Cyber threats and their T-1 RW-5 working of spam , Students will learn ppt and discussion, unnecessary
defense(email and phishing AV-5 measures to detect and about the relation demonstration in messages in
defensive measures) avoid, relation with web between web security inbox of our emails inbox
security and mail security
Lecture 24 Test 2

An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
updated on the contemporary issues related to the course. Upto 20% of the questions in any examination/Academic tasks can be asked from such issues even if not explicitly mentioned in the instruction plan.
 Week 13 Lecture 25 Cyber threats and their T-1 RW-3 HTTP response splitting Students will about ppt and discussion website of LPU
defense(web based attacks) and cross site scripting the security design of
webpages and related
issues
Lecture 26 Cyber threats and their T-1 SQL injection Students will learn ppt and discussion SQL injection
defense(database protection) about the secure SQL trials in different
query handling wensites
Week 14 Lecture 27 Cyber threats and their types of attacks and Students will learn discussion and Research papers
defense(botnet defensive countermeasures about the types of research papers
measures) attacks and its
preventive
mechanisms.

SPILL OVER
Week 14 Lecture 28 Spill Over
Week 15 Lecture 29 Spill Over
Lecture 30 Spill Over

Scheme for CA:

CA Category of this Course Code is:A0203 (2 best out of 3)

Component Weightage (%)

Term paper 50
Test 50
Test 50

Details of Academic Task(s)

Academic Task Objective Detail of Academic Task Nature of Academic Academic Task Marks Allottment /
Task Mode submission
(group/individuals) Week
Term paper To check the Individual topics will assigned to the students in the class Individual Online 30 3 / 10
students
informational
understanding of the
course

An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
updated on the contemporary issues related to the course. Upto 20% of the questions in any examination/Academic tasks can be asked from such issues even if not explicitly mentioned in the instruction plan.
Test 1 To check the Six questions each of 5 marks will be there in the test. The syllabus Individual Offline 30 4/5
students class will include he topics of : introduction, security from a global
understanding of the perspective, vulnerability naming schemes, zero-day vulnerabilities,
course attacks on the power grid and utility networks, techniques to gain a
foothold, web exploit tools, social engineering, dns amplification
attack, introduction to cryptography and its importance, block
Ciphers vs stream ciphers, public key cryptography characteristics.

Test 2 To check the Six questions each of 5 marks will be there in the test. The syllabus Individual Offline 30 11 / 12
students conceptual will include the following topics: introduction to firewalls, stateless
understanding of the packet filtering vs stateful packet filtering, gateways and its
course applications, types of firewall, architecture of firewall, emerging
firewall technology, introduction to intrusion detection, types of
intrusion detection, honeypots, detection of polymorphic worms,
distributed intrusion detection system and standards.

List of suggested topics for term paper[at least 15] (Student to spend about 15 hrs on any one specified term paper)

Sr. No. Topic

1 1 Cyberstalking and prevention.
2 Sinkhole attack in WSNs.
3 Watermark security issues.
4 Attacks against Bluetooth.
5 Segmentation attacks in CAPTCHAs.
6 Securing APIs.
7 Forensics applications of digital image processing.
8 Birthday attacks and hash functions.
9 CAPTCHA technology.
10 Preventing Mechanisms of Eavesdropping.
11 Issues in SSL.
12 Review on Phishing attacks.
13 Overview of security issues in VANETs.
14 Template free encryption.
15 Physical layer and data link security.

An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
updated on the contemporary issues related to the course. Upto 20% of the questions in any examination/Academic tasks can be asked from such issues even if not explicitly mentioned in the instruction plan.