BSC-CA /IT/CS

COURSE CONTENT

RATHNAVEL SUBRAMANIAM COLLEGE OF ARTS AND SCIENCE (AUTONOMOUS)

SULUR, COIMBATORE
DEPARTMENT OF SCHOOL OF COMPUTER STUDIES – UG
SEMESTER VI
CYBER SECURITY II
ACADEMIC YEAR: 2021-22
BATCH: 2019

Course Title : CYBER SECURITY – II Course Code :

Semester : VI Course Group : DSE
Teaching Scheme in Hrs (L:T:P) : 5:0:0 Credit : 4 Credits
s
Map Code: D (THEORY-APPLICATION) Total Contact Hours: 60
CIA: 25 Marks SEE # : 75 Marks
Programme: BSc-CS/ BSc-IT/BCA # - Semester End Exam

Course Title : CYBER SECURITY – II Course Code :

Semester : VI Course Group : DSE
Teaching Scheme in Hrs (L:T:P) : 0:0:5 Credit : 2 Credits
s
Map Code: M (PRACTICAL-APPLICATION) Total Contact Hours: 60
CIA: 40 Marks SEE # : 60 Marks
Programme: BSc-CS/ BSc-IT/BCA # - Semester End Exam

Course Outcome:

POs &
No. Course Outcome Cl. Ses CL
PSOs

CO1 Describe packet sniffing and how it’s used, Use PSO1, PSO3 12T +12L Ap
Wireshark to view network activity and Interpret
through Wireshark
CO2 Explain the differences between three types of PSO1, PSO3 12T +12L Ap
password cracking attacks, Describe how a
rainbow table is generated and Explain how salt
is used to impede password attacks
Understand how systems initiate communication PSO1, PSO3
CO3 12T +12L Ap
through TCP Three-Way Handshake, Explain
why port scanning is used and how it works and

2019 1
BATCH
 BSC-CA /IT/CS

Describe the information that can be collected

through different types of port scans

CO4 Define key terms related to network attacks & PSO1, PSO3 6T +6L Ap
intrusions and Explain how recent widespread
attacks were able to compromise large numbers
of users
CO5 Use basic hacking tools to find and exploit PSO1, PSO3 6T +6L Ap
vulnerabilities

CO6 Describe Access Control Lists (ACLs), how PSO1, PSO3 12 T +12L Ap
they work and Correctly configure standard &
extended ACLs

UNIT : I (LECTURE HOURS: 12 + PRACTICAL HOURS: 12= 24Hours)

HOUR(S)
TOPIC(S) SUB TOPIC(S) MINUTES KEY POINT(S) for
TOPIC
Frame, implemented in
software or hardware,
monitor, verify, Analyze,
Introduction to Packet Sniffing 120
debug, gain information,
6
capture packets, detect
Packet network misuse, filter.
Sniffing
Promiscuous mode vs Monitor CAM/SAT, ARP Request &
120
mode and Virtualization ARP Reply, EAPoL

WinPcap, Kali Linux,

Sniffing on windows and inside 120 Virutal NICs, Wireless Pen
VMs Testing

Packet list, packet details,

Introduction to Wireshark 120 packet bytes, display filter,
capture filter

Packet Local Communication 60 Same subnet

Sniffing throughWireshark 6
Demos Different subnet, default
Remote Communication through 60 gateway
wireshark
UDP Datagram, CNAME
DNS through Wireshark 60
record

2019 2
BATCH
 BSC-CA /IT/CS

DORA Process
DHCP through Wireshark 60

To learn how to find and interpret

Assignment network activity within Wireshark 360 Interpretation In wire Shark 6
/ Lab
Exercises:
Packet To use different Wireshark filters
to view network traffic. 360 Interpretation In wire Shark 6
Sniffing

UNIT : II (LECTURE HOURS: 12 + PRACTICAL HOURS: 12 = 24

Hours)
Human error, password
Introduction to Password
120 guessing, online attacks,
cracking
hashing, current standards
Complex passwords, NIST
Brute force attacks 120
Guidelines, Crunch

Dictionary based attacks 60 Making a file, list of words

Password
Less processing, more 9
Cracking Rainbow table attacks 60
storage, reduction file
Parsing a rainbow table 60 Chains and Columns
Collection of random bits,
Salt 60 concatenated salt, password
database
High profile data breaches –
Real world password attacks 60
Yahoo, Linkedln
Brute force attack, social
engineering, passive
Wordlists with crunch 1 30 information gathering,
custom password cracking
wordlist
Password Wordlists with crunch 2 30 Pattern
cracking 3
Time needed to crack,
demos Dictionary attacks with John the
60 shadow file, single crack
Ripper
mode
The rockyou.txt wordlist 30 Huge wordlist
Rainbow table attacks with Free open-source program,
30
ophcrack user accounts, hashes
Assignment To understand how crunch 3
/ Lab generates lists and practice using
Exercises: 180 Exposure through Kali VM
commands to generate different
Password
Cracking types of passwords

2019 3
BATCH
 BSC-CA /IT/CS

To experience how John the 3

180 Exposure through Kali VM
Ripper cracks passwords
To see how using an additional 3
wordlist extends the capabilities of 180 Exposure through Kali VM
John the Ripper
To see how rainbow tables are 3
formed. 180 Exposure through Kali VM

UNIT : III (LECTURE HOURS: 12 + PRACTICAL HOURS: 12 = 24 Hours)

UDP, TCP, Email, HTTP,

SSL/TLS, FTP & SSH,
The TCP Three- way handshake 60
DNS, DHCP, Sequence no,
Ack no

Programs/services, state of
Introduction to port scanning 60
ports – open,closed, filtered

CFAA, Computer use laws,

Is port scanning legal? 60
denial of service attacks
Port TCP Header, flag, Nmap, 7
60
Scanning SYN and connect scans RST, TCP timer

Firewalls, administratively
60
FIN/XMAS Tree/Null scans dropped frame, windows

60 Filtered, unfiltered
ACK scan
Source port, destination port,
60 length of UDP datagram,
UDP scan
checksum
Display filter, SYN, SYN
The TCP Three way handshake 60
demo ACK, ACK
Host discovery, service &
60 version detection, OS
SYN scan demo
Port detection
scanning 5
demos 60 Root privileges
Connect scan demo
Port specifier, push & urge
60
NULL/FIN/XMAS scan demos flags
60 DNS traffic, unfiltered
UDP scan demo

2019 4
BATCH
 BSC-CA /IT/CS

To observe the TCP Three-Way Port Scanning through Kali

Handshake when contacting a 240
VM
website
Assignment / To execute a Connect scan and Port Scanning through Kali
240
Lab interpret the results VM 12
Exercises:
Port To execute Null, FIN, and Xmas Port Scanning through Kali
240
Scanning scans and interpret the results VM

To execute UDP scans and Port Scanning through Kali

120
interpret the results VM

UNIT : IV (LECTURE HOURS: 12 + PRACTICAL HOURS: 12 = 24 Hours)

Black hat hackers, white hat
Vulnerability, Exploit, Payload 120 hackers, weak passwords,
SQL injection attacks
Encrypted files, patches,
Exploits & Wannacry, Notpetya 120
upgrading 6
Exploiting Helping by hacking, connect
Bug Bounty programs 60
business with the hackers
Direct submissions, mailing
Exploit & Payload 60
list, vulnerable software
Postgresql Database service,
Starting metasploit 120 msfdb init, msfdb start,
msfconsole
Server message block
Exploit & Payload demo 60
security, remote host
Hashdump,migrate,
Exploit keyscan_start, win logon
60 6
Demos Meterpreter Demo process, keyscan_dump,
keyscan_stop
Backdoor demo 60 Net cat, Netcat Listener

Armitage demo 60 Nmap scan, MSF Prompt

To start Metasploit. 240 Using Meterpreter

To prepare a malicious file that
Assignment / will create a remote session on a
Lab 240 Remote Desktop
Windows 7 machine when double 12
Exercises:
clicked.
Exploits
To set up a simulated network in Design and trouble shooting
240
Packet Tracer network

UNIT : V (LECTURE HOURS: 12 + PRACTICAL HOURS: 12 = 24 Hours)

2019 5
BATCH
 BSC-CA /IT/CS

Inbound, outbound Mac

Introduction to ACLs 120
ACL, IP ACL
Source IP, destination IP,
Standard Vs Extended ACLs 120
protocol, port, latency

Wildcard masks 60 Subnet mask, host bits

Access
Implicit deny, explicitly 8
Control Lists 60
Standard ACLs configured statement
60 Inbound traffic, outbound
Applying ACLs to interfaces traffic, logic error
60 Source IP, destination IP,
Extended ACLs Protocol, port
Default gateway, ICMP echo
60
Pinging without an ACL reply, trace route utility

Configuring and testing a standard 60 Blocking traffic

ACL 4
ACL Demos
Configuring and testing asecond 60 Ping, interface
standard ACL
Global Configuration mode,
Configuring and testing an 60
TCP traffic
extended ACL
Assignment / To configure routers 360 Using Packet Tracer
Lab
12
Exercises: To configure, apply, and test 360 Using Packet Tracer
Access ACLs
Control List

REFERENCES:

R1. https://courses.edx.org/courses/course-v1:RITx+CYBER504x+3T2017/course/ :

Platform: Edx

Course: Network Security

University: Rochester Institute of Technology, New York

Instructor: Jonathan S. Weissman

R2. https://www.wireshark.org/#learnWS
R3. https://www.passwordping.com/surprising-new-password-guidelines-nist/
R4. https://nmap.org/book/man-port-scanning-basics.html

2019 6
BATCH
 BSC-CA /IT/CS

R5. https://www.theverge.com/2017/5/13/15635006/microsoft-windows-xp-
security-patch-wannacry- ransomware-attack
R6. https://www.techrepublic.com/article/cisco-ios-access-lists-10-things-you-should-know/

2019 7
BATCH