You are on page 1of 12

NIT5140 – Information Security

Week 12 – Sample and Review

Prepared By: Dr. Khandakar Ahmed


Overview

Overview of
Information
Security

Cryptography

Malware & Social


Exam Paper
Engineering
Structure
Attack
Review
Application &
Review
Network Security

Access Control &


Vulnerability

OS & Cloud
Security

Problem Based
Question
Exam Paper Structure

• Number of questions (sets): 6


• Each question will have sub-question
• Number of questions to be attempted: 6
• Total Marks - 100
Exam Paper Structure

• Six set of questions out of the following clusters -


• Overview of Info. Security
• Cryptography & Steganography
• Malware & Social Eng. Attack
• Application & Network Security
• Access Control & Vulnerability
• OS & Cloud Security
• Problem Based Questions
Overview of Info. Security

• Week 1 - Overview of Information Security


• CIA, AAA
• Hackers – Black, White & Grey Hat
• Categories of Attackers
• Five Fundamental Security Principles
Cryptography & Steganography

• Week 2 – Cryptography I + Week 3 – Cryptography II +


Week 4 – Cryptography III
• Cryptography Terminologies
• Hashing
• Symmetric Cryptography
• Classical Encryption Techniques
• Asymmetric Cryptography
• Digital Signature
• Digital Certificate
• Trust Model
Malware & Social Eng. Attack

• Week 5 – Malware & Social Engineering Attack


• Malware
• Viruses, Worms and Trojans
• Social Engineering Attack
• Impersonation, Phishing, Spam, Hoaxes,
Application & Network Security

• Week 6 – Application & Network Based Attack + Week


7 - Network Security Fundamentals
• Server Side Web Application Attacks
• Cross-Site Scripting (XSS)
• SQL Injection
• Client Side Attacks
• Cookies, Types of Cookies
• DoS, DDoS
• ARP Poisoning
• DNS Poisoning
• Proxy and Reverse Proxy Server
• SMAP Filter
• NAT & PAT
• DMZ, Subnetting, VLAN
Access Control & Vulnerability

• Week 8 – Access Control Fundamentals + Week 9 –


Vulnerability Assessment
• Access Control Terminology
• Four access control models (DAC, MAC, RBAC, RBAC)
• Best Practices for access control
• Authentication Server
• RADIUS, Kerberos, TACACS
• Aspects of Vulnerability Assessment
• Attack Tree
• Risk Calculation Method
• Honeypots, Honeynets
• Vulnerability Scanning
• Penetration Testing
OS & Cloud Security

• Week 10 – OS Security + Week 11 – Cloud Security


• Key Functions of OS
• OS Security Environment
• Linux/Unix File Permission
• Virtualization
• Native Virtualization
• Hosted Virtualization
• Cloud Models
• Vulnerability management
• Identity and access management in Cloud
Problem Based Questions

• Based on Practicals
• Main focus on Wireshark Labs
Good Luck