INT244: SECURING COMPUTING SYSTEMS

Lecture Zero
 Course details

• LTP – 2 0 2 Credits: 3

• Text Book
• CEH V9: Certified Ethical Hacker - Version 9 Study Guide, By
Sean-Philip Oriyano, Publisher: Sybex

• Reference Book
• Mastering Kali Linux For Advanced Penetration Testing By Vijay
Kumar Velu, Publisher: Packt Publishing
Course Assessment Model
• Marks break up*
• Attendance 5
• CA (Two best out of three tasks) 25
• MTE 20
• ETE 50
• Total 100
 Details of Academic Task(s)
Academic Objective Detail of Academic Task Academic Mark Allottme
Task Task Mode s nt /
submissi
on Week

Test 1 – MCQs To evaluate subject Test 1 will be conducted in the form MCQs Online 30 3/5
knowledge of each questions inline with CEH (certified ethical
and every student hacker) certification. Total number of
individually questions will be 30,each question will carry
1 mark (no negative marking).

Test 2 – To evaluate subject Test 2 will be based on scenario-based Offline 30 8 / 10

Scenario- knowledge of each questions having 4 questions (2 questions
based and every student of 10 marks each and 2 questions of 5
questions marks each) based on the syllabus covered.

BYOD- To evaluate subject CA 3 will be hands-on practical based on Online 30 11 / 13

Practical knowledge of each the practical covered till week 9, having 2
and every student questions of 15 marks each.
individually
Name of Certification

• Industry Certification -> Certified Ethical Hacker

https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/
 About the course
Course Outcomes :Through this course students should be able to

• CO1 :: define the basic concepts of operating systems, cryptography and ethical hacking

• CO2 :: demonstrate various methods of performing footprinting and scanning the target
systems

• CO3 :: illustrate the process of enumerating and compromising a target system

• CO4 :: examine the usage of sniffers, social engineering techniques and denial of service
attacks for compromising the target

• CO5 :: analyze the functionality of session hijacking, web applications and SQL injection in
testing the security of target

• CO6 :: list the process of identifying the threats to WiFi, Bluetooth, mobile devices, cloud
services and implementing SOC and SIEM solutions
 Program Outcomes
• PO 1: Engineering knowledge: Apply the knowledge of mathematics, science,
engineering fundamentals, and an engineering specialization for the solution of
complex engineering problems.

• PO 2: Problem analysis: Identify, formulate, research literature, and analyse

complex engineering problems reaching substantiated conclusions using first
principles of mathematics, natural sciences, and engineering sciences.

• PO 3: Design/Development of Solutions: Design solutions for complex engineering

problems and design system components or processes that meet the specified needs
with appropriate consideration for public health and safety, and cultural, societal, and
environmental considerations.

• PO 4: Conduct investigations of complex problems: Use research-based knowledge

and research methods including design of experiments, analysis and interpretation of
data, and synthesis of the information to provide valid conclusions.

• PO 5: Modern tool usage: Create, select, and apply appropriate techniques,

resources, and modern engineering and IT tools including prediction and modelling to
complex engineering activities with an understanding of the limitations.
 Program Outcomes
• PO 6: The engineer and society: Apply reasoning informed by the contextual
knowledge to assess societal, health, safety, legal, and cultural issues and the
consequent responsibilities relevant to the professional engineering practice.

• PO 7: Environment and sustainability: Understand the impact of the professional

engineering solutions in societal and environmental contexts, and demonstrate the
knowledge of, and the need for sustainable development.

• PO 8: Ethics: Apply ethical principles and commit to professional ethics and

responsibilities and norms of the engineering practice.

• PO 9: Individual and team work: Function effectively as an individual, and as a

member or leader in diverse teams, and in multidisciplinary settings.

• PO 10: Communication: Communicate effectively on complex engineering

activities with the engineering community and with the society at large, such as being
able to comprehend and write effective reports and design documentation, make
effective presentations, and give and receive clear instructions.
 Program Outcomes
• PO 11: Project management and finance: Demonstrate knowledge and
understanding of the engineering and management principles and apply these to one’s
work, as a member and leader in a team, to manage projects and in multidisciplinary
environments.

• PO 12: Life-long learning: Recognize the need for, and have the preparation and
ability to engage in independent and life-long learning in the broadest context of
technological change.
Revised Bloom’s Taxonomy
 Unit 1
• Introduction to Ethical Hacking : Hacking Evolution, What Is an
Ethical Hacker?, Ethical hacking and Penetration testing, Hacking
methodologies
• System Fundamentals : Fundamental of computer networks,
Exploring TCP/IP ports, Understanding network devices, Proxies,
Firewall and Network Security, Knowing Operating
Systems(Windows, Mac, Android and Linux)
• Cryptography : History of cryptography, Symmetric
cryptography, Asymmetric cryptography, Understanding Hashing,
Issues with cryptography, Application of cryptography(IPsec, PGP,
SSl)
 Unit 2
• Footprinting : What is Footprinting, Threats Introduced by
Footprinting, The Footprinting process, Using (Search engine,
Google hacking, Social networking and Financial services)
Information gathering
• Scanning : What is Scanning, Types of Scans, Family tree of
Scans, OS fingerprinting, Countermeasure, Vulnerability Scanning
and Using Proxies
 Unit 3
• Enumeration : What is Enumeration, Windows Enumeration,
Enumeration with SNMP, LDAP and Directory Service Enumeration,
SMTP Enumeration
• System Hacking : What is System Hacking, Password cracking,
Authentication on Microsoft Platforms, Executing Applications
• Malware : Malware and the law, Categories of Malware(Viruses,
worms, spyware, Adware, Scareware Ransomware and Trojans),
Overt and Covert Channels
 Unit 4
• Sniffers : Understanding Sniffers, Using a Sniffer, Switched
network Sniffing, MAC Flooding, ARP Poisoning, MAC Spoofing,
Port Mirror and SPAN Port, Detecting Sniffing Attacks
• Social Engineering : What is Social Engineering, Social
Engineering Phases, Commonly Employed Threats, Identity Theft
• Denial of Service : Understanding DoS, Understanding DDoS,
DoS Tools, DDoS Tools, DoS Pen- Testing Considerations
 Unit 5
• Session Hijacking : Understanding Session Hijacking, Exploring
Defensive Strategies, Network Session Hijacking
• Web Servers and Applications : Exploring the Client-Server
Relationship, The client and the server, Vulnerabilities of Web
Servers and Application, Testing Web Application
• SQL Injection : Introducing SQL Injection, Databases and Their
Vulnerabilities, Anatomy of a SQL Injection Attack, Altering Data
with a SQL Injection Attack, Evading Detection Mechanisms, SQL
Injection Countermeasures
 Unit 6
• Hacking Wi-Fi and Bluetooth : What Is a Wireless Network, A
Close Examination of Threats, Hacking Bluetooth
• Mobile Device Security : Mobile OS Models and Architectures,
Goals of Mobile Security, Device Security Models, Countermeasures
• Cloud Technologies and Security : What Is the Cloud, Threats
to Cloud Security, Cloud Computing Attacks, Testing Security in
the Cloud
 List of practical/ experiments
• Foot-printing: Demonstration of the process of active and active and passive
information gathering using search engines, GHDB and Netcraft
• Scanning: Demonstration of port, network and vulnerability scanning with the help of
Nmap, Nessus and Rapid7 and AngryIP
• Enumeration: Demonstration of windows, Linux enumeration and network protocol
enumeration with the help of inbuilt utilities and open-source tools
• System Hacking: Demonstration of offline and online password cracking with the
help of dictionary, brute force and hybrid attack and generating rainbow tables
• Sniffing: Demonstration of network sniffing with the help of packet sniffers such as
Wireshark, Tcpdump and Dsniff and understand the data that is being sniffed by the
respective tools
• Denial of Service: Demonstration of various Dos attacks such as Service Request
Floods, ICMP Flooding, Smurf and Fraggle Attacks using different tools
• SQL Injection: Demonstration of various types of SQL injection with the help of
different tools
• SIEM: Demonstration of Log Data Management, Network visibility, Threat
Intelligence, Analytics, Real-time Alerting
 Web References

• https://www.cybrary.it/course/ethical-hacking/

• https://www.cybrary.it/course/metasploit/

• https://www.exploit-db.com/google-hacking-database

• https://www.professormesser.com/security-plus/sy0-501/sy0-50
1-training-course/

• https://crucialexams.com/exams/comptia/security+/sy0-501/