Chhattisgarh Swami Vivekanand Technical University, Bhilai (C.G.

)
Scheme of Teaching and Examination
M.Tech. Computer Science & Engineering
Specialization in Cyber Forensic & Information Security
Semester – II

Scheme Of
Periods
Examination
Board of Subject per week Total Credit
S.No Subject
studies Code Marks L+(T+P)/2
Theory/Practical
L T P ESE CT TA
Computer Security
1. Sc. & 587211(22) Threats & 3 1 - 100 20 20 140 4
Engg. Vulnerability
Computer Security
2. Sc. & 587212(22) Architecture 3 1 - 100 20 20 140 4
Engg. Design
Ethetical
Computer
Hacking &
3. Sc. & 587213(22) 3 1 - 100 20 20 140 4
Digital
Engg.
Forensics
Computer Advanced
4. Sc. & 587214(22) Data Base 3 1 - 100 20 20 140 4
Engg Technology
5. Refer Table – II Elective – II 3 1 - 100 20 20 140 4
Computer
Ethical
6. Sc. & 587221(22) - - 3 75 - 75 150 2
Hacking Lab
Engg
Network
Computer
Simulation
7. Sc. & 587222(22) - - 3 75 - 75 150 2
& Security
Engg
Lab
Total 15 5 6 650 100 250 1000 24

L – Lecture, T – Tutorial, P – Practical, ESE – End Semester Examination, CT – Class Test, TA –

Teacher Assessment.

Table - II
Elective – II

S. No. Board of Study Subject

Information security Policies &
1. Computer Science & Engg. 587231(22)
Procedure
Professional Ethical Cyber
2. Computer Science & Engg. 587232(22)
Security
3. Computer Science & Engg. 587233(22) Storage Management & Security
Semester : II Branch: Cyber Forensic & Information Security
Subject: Security Threats & Vulnerabilities Code : 587211(22)
Total Theory Periods: 40 Total Tutorial Periods: 12
Total Marks in End Semester Exam: 100 Minimum number of Class tests to be
conducted: 02

Unit I
Threats and Vulnerabilities to Information and Computing Infrastructures:
Internal Security Threats, Physical Security Threats, Fixed-Line Telephone System Vulnerabilities, E-
mail Threats and Vulnerabilities, E-Commerce Vulnerabilities, Hacking Techniques in Wired Networks ,
Hacking Techniques in Wireless Networks,Computer Viruses and Worms, Trojan Horse Programs, Hoax
Viruses and Virus Alerts,Hostile Java Applets, Spyware

Unit II
Wireless Threats and Attacks
Wireless Threats and Attacks,,WEP Security ,Bluetooth Security,,Cracking WEP,Denial of Service
Attacks,Network Attacks, Fault Attacks, Side-Channel Attacks

Unit III
Prevention: Keeping the Hackers and Crackers at Bay
RFID and Security ,Cryptographic Privacy Protection Techniques, Cryptographic Hardware Security
Modules,Smart Card Security,Client-Side Security,Server-Side Security ,Protecting WebSites ,Database
Security,Medical Records Security,Access Control: Principles and Solutions, Password Authentication
,Computer and Network Authentication,Antivirus Technology,Biometric Basics and Biometric
Authentication

Unit IV
Detection and Recovery
Intrusion Detection Systems Basics, Host-Based Intrusion Detection Systems , Network-Based Intrusion
Detection Systems, Use of Agent Technology for Intrusion Detection, Contingency Planning
Management, Computer Security Incident Response Teams (CSIRTs) , Implementing a Security
Awareness Program, Risk Assessment for Risk Management, Security Insurance and Best Practices.
Auditing Information Systems Security, Evidence Collection and Analysis Tools, Information Leakage:
Detection and Countermeasures

Unit V
Management and Policy Considerations
Digital Rights Management , Web Hosting , Managing a Network Environment , E-Mail and Internet
Use
Policies, Forward Security: Adoptive Cryptography Time Evolution , Security Policy Guidelines , The
Asset-Security Goals Continuum: A Process for Security , Multilevel Security, Multilevel Security
Models ,Security Architectures , Quality of Security Service: Adaptive Security, Security Policy
Enforcement ,Guidelines for a Comprehensive Security System

Text Book:
1. Handbook of Information Security, Volume 3, Threats, Vulnerabilities,Prevention,Detection, and
Management by Hossein Bidgoli, Ph.D.,
2. The Executive Guide to Information Security by Mark Egan

Reference Book:
1.Handbook of Loss Prevention and Crime Prevention by Lawrence J Fennelly
2.Handbook of Information Security Management by Tipton Ruthbe Rg
Semester : II Branch: Cyber Forensic & Information Security
Subject: Security Architecture Design Code : 587212(22)
Total Theory Periods: 40 Total Tutorial Periods: 12
Total Marks in End Semester Exam: 100 Minimum number of Class tests to be conducted: 02

Unit I
Security Policies standards and Guidelines- Different types of Policies standards, Policy Creation,
Regulatory Consideration, Information Classification and Access control plan.

Unit II
Security Infrastructure Design Principles- Components of Infrastructure, Goals of Infrastructure, Design
Guidelines, Case Study Overview.

Unit III
Virtual Private Networks -VPN Features, Technology and Solutions.

Unit IV
Wireless Security- Bluetooth, Wireless Application Protocol, Platform Hardening, Intrusion Detection
System.

Unit V
Security- Application Security, Pki Component and application, Security Management,
Validation and Maturity.

Text Book:
1. Information Security Architecture: An Integrated Approach to Security in the Organization, Second
Edition [Hardcover] Jan Killmeyer (Author)
2. Designing Security Architecture Solutions [Paperback] Jay Ramachandran (Author)

References:
1. Security Architecture: Design, Deployment and Operations [Paperback]Christopher
King (Author), Ertem Osmanoglu (Author), Curtis Dalton (Author).
2. Enterprise Security Architecture: A Business-Driven Approach [Hardcover] John
Sherwood (Author), Andrew Clark (Author), David Lynas (Author)
Semester : II Branch: Cyber Forensic & Information Security
Subject: Ethical Hacking and Digital Forensics Code : 587213(22)
Total Theory Periods: 40 Total Tutorial Periods: 12
Total Marks in End Semester Exam: 100 Minimum number of Class tests to be
conducted: 02

UNIT I
Hacking windows – Network hacking – Web hacking – Password hacking. A study on various attacks –
Input validation attacks – SQL injection attacks – Buffer overflow attacks - Privacy attacks.

UNIT II
TCP / IP – Checksums – IP Spoofing port scanning, DNS Spoofing. Dos attacks – SYN attacks, Smurf
attacks, UDP flooding, DDOS – Models. Firewalls – Packet filter firewalls, Packet Inspection firewalls –
Application Proxy Firewalls. Batch File Programming.

UNIT III
Fundamentals of Computer Fraud – Threat concepts – Framework for predicting inside attacks –
Managing the threat – Strategic Planning Process.

UNIT IV
Architecture strategies for computer fraud prevention – Protection of Web sites – Intrusion detection
system – NIDS, HIDS – Penetrating testing process – Web Services – Reducing transaction risks.

UNIT V
Key Fraud Indicator selection process customized taxonomies – Key fraud signature selection process –
Accounting Forensics – Computer Forensics – Journaling and it requirements – Standardized logging
criteria – Journal risk and control matrix – Neural networks – Misuse detection and Novelty detection.

Text Book
1.” The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics” , John
Sammons
2. “The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and
Practice “,Jason Andress
REFERENCES
1. Kenneth C.Brancik “Insider Computer Fraud” Auerbach Publications Taylor & Francis Group–
2008.
2. Ankit Fadia “ Ethical Hacking” second edition Macmillan India Ltd, 2006
Semester : II Branch: Cyber Forensic & Information Security
Subject: Advanced Database Technology Code : 587214(22)
Total Theory Periods: 40 Total Tutorial Periods: 12
Total Marks in End Semester Exam: 100 Minimum number of Class tests to be conducted: 02

UNIT I
Parallel And Distributed Databases
Database System Architectures: Centralized and Client-Server Architectures – Server System
Architectures
– Parallel Systems- Distributed Systems – Parallel Databases: I/O Parallelism – Inter and Intra Query
Parallelism – Inter and Intra operation Parallelism – Distributed Database Concepts - Distributed Data
Storage – Distributed Transactions – Commit Protocols – Concurrency Control – Distributed Query
Processing – Three Tier Client Server Architecture- Case Studies.

UNIT II
Object And Object Relational Databases
Concepts for Object Databases: Object Identity – Object structure – Type Constructors – Encapsulation
of
Operations – Methods – Persistence – Type and Class Hierarchies – Inheritance – Complex Objects –
Object Database Standards, Languages and Design: ODMG Model – ODL – OQL – Object Relational
and Extended – Relational Systems : Object Relational featuresinSQL/Oracle – Case Studies.

UNIT III
Xml Databases
XML Databases: XML Data Model – DTD - XML Schema - XML Querying – Web Databases – JDBC
–
Information Retrieval – Data Warehousing – Data Mining

UNIT IV
Mobile Databases
Mobile Databases: Location and Handoff Management - Effect of Mobility on Data Management -
Location Dependent Data Distribution - Mobile Transaction Models - Concurrency Control - Transaction
Commit Protocols- Mobile Database Recovery Schemes

UNIT V
Multimedia Databases
Multidimensional Data Structures – Image Databases – Text/Document Databases-Video Databases –
Audio Databases – Multimedia Database Design.

Text Books:
1. R. Elmasri, S.B. Navathe, “Fundamentals of Database Systems”, Fifth Edition, Pearson
Education/Addison Wesley, 2007
2. V.S.Subramanian, “Principles of Multimedia Database Systems”, Harcourt India Pvt Ltd., 2001.
3. Vijay Kumar, “ Mobile Database Systems”, John Wiley & Sons, 2006.

References.
1. Thomas Cannolly and Carolyn Begg, “ Database Systems, A Practical Approach to Design,
Implementation and Management”, Third Edition, Pearson Education,2007.
2. Henry F Korth, Abraham Silberschatz, S. Sudharshan, “Database System Concepts”, Fifth Edition,
McGraw Hill, 2006.
3. C.J.Date, A.Kannan and S.Swamynathan,”An Introduction to Database Systems”, Eighth Edition,
Pearson Education, 2006.
 nd
Semester:– 2 Branch: Cyber Forensic & Information Security
Subject: Information Security policies and Procedures (ELECTIVE – II)
Code : 587231(22)
Total Theory Periods: 40 Total Tutorial Periods: 12
Total Marks in ESE: 100 Minimum number of Class tests to be conducted: 02

Unit-I SECURITY AND COMPUTING

Characteristics of Computer Intrusion, Attacks, Security goals, Criminals, Methods of defense control,
Cryptography, Digital Signatures, Program Security, Protection in Operating System, Design of trusted
Operating Systems.

Unit-II ETHICAL ISSUES IN SECURITY

Database Security, Security in networks, Network Controls, Firewalls, Intrusion detection Systems,
Secure Email, Administrating Security, Organization Security polices, Legal privacy ethical issues in
computer security.

Unit-III SECURITY POLICIES AND PROCEDURES

Corporate policies, Legal requirements, Business requirements, Process Management, Planning and
preparation, Developing policies, Asset classification policy, Developing standards.

Unit-IV RESPONSIBILITIES AND CLASSIFICATION

Information Security, Fundamentals, Employee responsibilities, Information classification, Information
handling, Tools of information security, Information processing, Secure program administration.

Unit-V CASE STUDIES

Organization Security Model, Information handling procedures, Developing Information standard
manual, Developing Information security manual.

Text Books :
1. Willis H Ware, Charles P Pfleeger, and Shari Lawrence Pfleeger, “Security in Computing”, Prentice
Hall, 2003.
2. Thomas R. Peltier, “Information Security policies and procedures: A Practitioner’s Reference”, 2nd
Edition Prentice Hall, 2004.

Reference Books :
1 Thomas R Peltier, Justin Peltier, and John Blackley,” Information Security Fundamentals”, Second
Edition, Prentice Hall, 1996.
2. Jonathan Rosenoer, “Cyberlaw: the Law of the Internet”, Springer-Verlag, 1997.
 nd
Semester:– 2 Branch: Cyber Forensic & Information Security
Subject: Professional Ethics and Cyber Security Code : 587232(22)
Total Theory Periods: 40 Total Tutorial Periods: 12
Total Marks in ESE: 100 Minimum number of Class tests to be
conducted: 02

Unit I
Computer ethics and philosophical ethics: Vacuum of policies, conceptual muddles, social context,
moral and legal issues, uniqueness of ethical issues, role of analogy, descriptive and normative claims,
ethical relativism, utilitarianism, other theories
Professional Ethics:Characteristics, the system of professions, computing as a profession, professional
relationships, responsibilities, code of ethics and professional conduct.
Privacy: Computers and privacy issue, reframing this issue, legislative background, better privacy
Protection

Unit- II
Intellectual property issues in cyberspace:Introduction to intellectual property Protections via
Copyright,Trade Secrets, Trademarks, Patents, Contracting to protect intellectual property, Protection
options –Encryption, copyright on web-content, copyright on software
Ethical Decision Making:Types of ethical choices, Making defensible decisions, Ethical dilemmas, law
and ethics, Guidelines for dilemma (Informal and Formal), Four-step analysis process of solving dilemma
Case studies: i) A stolen password ii) Recovery of data leads to Discovery of confidential files iii) Do
copyright ethics change overseas?

Unit III
Crime incident Handling Basics:Hacking, cyber activism, Tracking hackers, clues to cyber crime,
privacy act, search warrants, common terms, organizational roles, procedure for responding to incidents,
reporting procedures, legal considerations Information Technology Act 2000:Scope, jurisdiction,
offense and contraventions, powers of police, adjudication

Unit IV
Cyber Forensics:Cyber forensics, cyber crime examples, forensics casework, investigative
incidentresponse actions, computer forensics tools, Threats in cyberspaces, Blended attacks Sample
Policy Documents: i) Antivirus Guidelines Policy ii) Internal Lab Security Policy iii) Server Security
Policy iv) Wireless Communications Policy

Unit V
Information Security Certifications, CISSP and SSCP, CISA and CISM, SCP, GIAC, certification
weaknesses, Role of these certified professionals, Windows Server 2003 Security FundamentalsT

Text Books:
1. Deborah G Johnson, “ Computer Ethics”, Pearson Education Pub., ISBN : 81-7758-593-2.
2. Earnest A. Kallman, J.P Grillo, “Ethical Decision making and IT: An Introduction with Cases”,
McGraw Hill Pub.
Reference Books
1. John W. Rittinghouse, William M. Hancock, “Cyber security Operations Handbook”, Elsevier Pub.
2. Michael E. Whitman, Herbert J. Mattord, “Principles of Information Security”, 2nd Edition,,
CengageLearning Pub.
3. Randy Weaver, Dawn Weaver, “Network Infrastructure Security”, Cengage Learning Pub.
 nd
Semester:– 2 Branch: Cyber Forensic & Information Security
Subject: Storage Management And Security Code : 587233(22)
Total Theory Periods: 40 Total Tutorial Periods: 12
Total Marks in ESE: 100 Minimum number of Class tests to be
conducted: 02

Unit I
Storage System- Intro to Information Storage and Management, Storage System Environment, Data
Protection : Raid, Intelligent Storage System.

Unit II
Storage Networking Technologies and Virtualization, Storage Networks, Network Attached Storage, IP
SAN, Content Addressed Storage, Storage Virtualization.

Unit III
Introduction to Business Continuity, Backup and Recovery, Local Replication, Remote Replication.

Unit IV
Securing the storage Infrastructure, Storage Security Framework, Risk Triad, Storage Security Domains,
Security Implementation in Storage Networking.

Unit V
Managing the Storage Infrastructure, Monitoring the Storage Infrastructure, Storage Management
Activities, Developing an Ideal Solution, Concepts in Practice,

Text Books:
1. Information Storage and Management: Storing, Managing, and Protecting Digital Information
[Hardcover] EMC (Author)
2. Storage Security: Protecting SANs, NAS and DAS[Paperback] John Chirillo (Author), Scott
Blaul (Author)
Reference Books:
3. Information Security Management Principles - An ISEB certificate David Alexander (Author), Amanda
French (Author), david Sutton (Author)
Semester : II Branch: Cyber Forensic & Information Security
Subject: Ethical Hacking Lab Code : 587221(22)
Total Marks in ESE: 75

Experiments to be performed:

1. Working with Trojans, Backdoors and sniffer for monitoring network communication
2. Denial of Service and Session Hijacking using Tear Drop, DDOS attack.
3. Penetration Testing and justification of penetration testing through risk analysis
4. Password guessing and Password Cracking.
5. Wireless Network attacks , Bluetooth attacks
6. Firwalls , Intrusion Detection and Honeypots
7. Malware – Keylogger, Trojans, Keylogger countermeasures
8. Understanding Data Packet Sniffers
9. Windows Hacking – NT LAN Manager, Secure 1 password recovery
10. Implementing Web Data Extractor and Web site watcher.

Text / Reference Books

1.” Ethical Hacking and Penetration Testing Guide” by Rafay Baloch

2. “A Complete Practical Guide To Ethical Hacking and Information Security” , MANIDEEP.K,
SCI.TECH
 nd
Semester: – 2 Branch : Cyber Forensic & Information Security
Subject: Network Simulation and Security Lab. Code : 587222(22)
Total Practical Periods: 40 Total Marks in End Semester Exam: 75

List of Experiments :

1. Installation and configuration of NS2.

2. Write a NS script for a simple network.
3. Write a Web Server simulation script and show its network topology.
4. Write a program to show network topology and simulation scenario.
5. Write a program for multicasting simulation script and show the NAM screen capture of the
simulation.
6. Implementation of ALOHA protocol for random access method.
7. Write a simulation script for a dynamic network where the routing adjusts to a link failure.
8. Write a script to simulate a very simple 2-node wireless scenario.
9. Simulation of UDP protocol.
10. Simulation of TCP protocol.

Text / Reference Books :

1. William Stallings, “Network Security”, PHI, Second Edition, 2005.

2. B. Forouzan, “Cryptography and Network Security”, McGraw-Hill, 2004.
3. NS2 MANUAL.