Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Computer Security

Download as pdf or txt
Download as pdf or txt
You are on page 1of 7

Course Code:CM4110

Government Polytechnic, Pune


'180 OB' – Scheme

Programme Diploma in Computer Engineering


Programme code 01/02/03/04/05/06/07/08/15/16/17/18/19/21/22/23/24/26
Name of Course Computer Security
Course Code CM4110
Prerequisite course code and name NA
Class Declaration No

1. TEACHING AND EXAMINATION SCHEME

Teaching Scheme Total Examination Scheme


(In Hours) Credits Theory Practical Total
(L+T+P) Marks
L T P C ESE PA $ESE PA
Marks 80 20 25 25 150
03 00 02 05 Exam
3 Hrs 1 Hr
Duration
Legends: L- Lecture, P- Practical, T- Tutorial, C- Credit, ESE-End Semester Examination,
PA- Progressive Assessment (Test I, II/Term Work), *- Practical Exam, $- Oral Exam, #-
Online Examination each Lecture/Practical period is of one clock hour

2. RATIONALE
In today’s Digital Era, due to various threats, designing security in organization is an
important consideration. It is essential to understand basic security principles,
various threats to security and techniques to address these threats. The student will be
able to recognize potential threats to Computer Security and also able to implement
various computer security policies. This course will introduce basic cryptographic
techniques, fundamentals of computer/network security, Biometrics, Public Key
Infrastructure. It focuses on concepts and methods associated with planning
managing and auditing security at all levels including networks.

3. COMPETENCY
The aim of this course is to help the student to attain the following industry identified
competency through various teaching learning experiences:
 Maintain system and network security of organization.

4. COURSE OUTCOMES (COs)


The theory, practical experiences and relevant soft skills associated with this course
are to be taught and implemented, so that the student demonstrates the following
industry-oriented COs associated with the above-mentioned competency:
1. Know the basics of Computer Security and identify various software threats and
attacks on operating system.
2. Adopt security measures for vital data and identify role of people in security.
3. Apply cryptographic algorithms to maintain Computer Security.
4. Know the procedure to obtain digital certificate and PKI.
5. Apply various Security mechanisms to provide security of network and system.

COMP, GPP Page 321 of 400 180 OB


Course Code:CM4110

5. SUGGESTED PRACTICALS/ EXERCISES

Relevant Approximate
Sr. Unit Practical Exercises
CO Hours
No. No. (Outcomes in Psychomotor Domain)
Required.
1. 1 Study of IT Act and Cyber Laws 1 02
2 02
Install and configure Antivirus software on system
2. 2
(any).
3. 2 Practice use of data recovery tools 2 04
Write a program to implement any 3 04
4. 3
Substitution/Transposition Technique.
Install any Cryptographic tool (For. Eg. Cryptool 3 02
5. 3
Software)
Perform various Encryption/Decryption 3 04
6. 3
techniques using Cryptographic Tool.
4 04
Install and Configure firewall settings on any
7. 4
operating system
Create and verify Digital Certificate using tool 4 04
8. 4
(e.g., Cryptool)
5 02
Trace the origin of email using any tool (e.g.,
9. 5
emailTrackerPro)
10. 5 Trace the path of web site using Tracert Utility 5 02
Micro-project 02
11. All All COs
(Refer point 11 for micro project list)
Total Hrs 32

S.No. Performance Indicators Weightage in %


a. Correctness of the flow of procedure. 30
b. Application of basic security design principle and techniques to 20
address threats.
c. Use of various security tools and utilities. 10
d. Quality of input and output displayed (messaging and 10
formatting)
e. Answer to sample questions 20
f. Submit report in time 10
Total 100

6. MAJOR EQUIPMENT/ INSTRUMENTSREQUIRED


The major equipment with broad specification mentioned here will usher in uniformity in
conduct of practical, as well as aid to procure equipment by authorities concerned.

Sr.No. Major Equipment/ Instruments Required Experiment Sr. No.


1 Any Anti-Virus Software 2
2 Cryptographic Tool (For. E.g. Cryptool software) 5,6,7
3 Email Tracing Utility (For eg. Email TrakerPro) 8

COMP, GPP Page 322 of 400 180 OB


Course Code:CM4110

7. THEORY COMPONENTS

Unit Outcomes (UOs) Topics and Sub-topics


(in cognitive domain)
Unit - I. Introduction to computer security (Weightage -16, Hours-12)

1.1 Foundations of Computer Security: Definition and Need of


computer security, Security basics: Confidentiality, Integrity,
Availability, Accountability, Non-repudiation, Reliability,
1a. Explain the importance of Authentication.
given pillars of computer 1.2 Risk and Threat Analysis: Assets, Vulnerability, Threats,
security. Risks, Counter measures.
1b.Explain the characteristics 1.3 Threat to Security: Viruses, Phases of Viruses, Types of
of given type of threat. Virus, Dealing with Viruses, Worms, Trojan horse, Intruders,
1c.Explain types of attacks Insiders, Ransomware.
related with security. 1.4 Type of attacks: Active and Passive attacks, Denial of service,
DDOS, backdoors and trapdoors, sniffing, phishing, spoofing,
man in the middle, replay, TCP/IP Hacking, encryption
attacks. Steps in Attacks.

Unit - II. User Authentication & Access Control (Weightage-14, Hours-08)

2a. Explain how to construct 2.1 Identification and Authentication: User name & Password,
good/strong password) Guessing password, Password attacks-Piggybacking,
2b. Explain the given method Shoulder surfing, Dumpster diving
of Biometric. 2.2 Biometrics: finger prints, hand prints, Retina, patterns, voice
2c. Explain Authentication patterns, signature and writing patterns, keystrokes.
and Authorization with 2.3 Access controls: Definition, Authentication Mechanism,
example. principle Authentication, Authorization, Audit, Policies:
2d. Describe the features of DAC, MAC, RBAC
given access control policy. 2.4 Social Engineering.

Unit - III. Cryptography ( Weightage- 20 , Hours- 12)

3a. Define terms related to 3.1 Introduction: Plain Text and Cipher Text, Cryptography,
cryptography. Cryptanalysis, Cryptology, Encryption, Decryption.
3b. Encrypt/Decrypt the 3.2 Substitution techniques: Caesar’s cipher, mono alphabetic,
given text using different poly alphabetic, Vigenere cipher
substitution/transposition 3.3 Transposition techniques: Rail fence technique, simple
techniques. columnar, Vernam Cipher (One-Time Pad)
3c. Describe various 3.4 Steganography: Procedure, Hashing: Definition , Hashing
encryption algorithms Algorithms: MD-5, SHA
3d. Explain Hashing with 3.5 Symmetric and Asymmetric cryptography:
properties. Introduction to Symmetric encryption, DES (Data encryption
Standard) algorithm, Asymmetric key cryptography: Digital
Signature

COMP, GPP Page 323 of 400 180 OB


Course Code:CM4110

Unit Outcomes (UOs) Topics and Sub-topics


(in cognitive domain)
Unit - IV. Public Key Infrastructure (Weightage-14, Hours- 08)

4.1 Public key infrastructures: basics, digital certificates,


4a. Explain working of PKI. certificate authorities, registration authorities
4b. Describe Public Key 4.2 Steps for obtaining a digital certificate
Infrastructure 4.3 Trust and certificate verification
4c. Describe steps for 4.4 Digital certificates: certificate attributes, certificate extensions
obtaining digital certificate 4.5 Certificate life cycles: registration & generations, renewal,
4d. Explain digital certificate revocation, CRL distribution, suspension, key destruction
life cycle 4.6 Centralized and decentralized infrastructure

Unit - V. System Security & Network Security (Weightage-16, Hours-08)

5.1 Firewall: Need of firewall, types of firewall- packet filters,


5a. Explain need of firewalls. application gateways, circuit gateways
5b. Explain Intrusion 5.2 Kerberos. Intrusion Detection: Network-Based IDS, Host-
Detection system. Based IDS
5c. Classify IDS techniques. 5.3 Honeypots.
5d. Explain different ways to 5.6 Operating system security: Operating system updates : hot fix,
implement IP Security patch, service pack
5e. Explain protocols related 5.7 IP security: overview, Protocols- AH, ESP, Modes- transport
to Email security & Tunnel
5.8 Email security: SMTP, PEM, and PGP.

8. SUGGESTED SPECIFICATION TABLE FORQUESTION PAPER DESIGN

Unit Unit Title Teaching Distribution of Theory Marks


No. Hours R U A Total
Level Level Level Marks
I Introduction to computer
12 06 06 04 16
security
II User Authentication & Access
08 04 06 04 14
Control
III Cryptography 12 04 08 08 20
IV Public key infrastructure 08 04 06 04 14
V Network Security and System
08 04 06 06 16
Security
Total 48 22 32 26 80

COMP, GPP Page 324 of 400 180 OB


Course Code:CM4110

9. SUGGESTED STUDENT ACTIVITIES

Other than the classroom and laboratory learning, following are the suggested
student-related co-curricular activities which can be undertaken to accelerate
the attainment of the various outcomes in this course: Students should conduct
following activities in group and prepare reports of about 5 pages for each
activity, also collect/record physical evidences for their (student’s) portfolio
which will be useful for their placement interviews:
a. Prepare journal of practicals.
b. Use Cryptographic Tools and Utilities.

10. SUGGESTED SPECIAL INSTRUCTIONAL STRATEGIES (if any)


These are sample strategies, which the teacher can use to accelerate the attainment
of the various outcomes in this course:
a. Massive open online courses (MOOCs) may be used to teach various
topics/sub topics.
b. About 15-20% of the topics/sub-topics which is relatively simpler or
descriptive in nature is to be given to the students for self-directed learning
and assess the development of the COs through classroom presentations.
c. With respect to item No.9, teachers need to ensure to create opportunities
and provisions for co-curricular activities.
d. Use different Audio-Visual media for Concept understanding.
e. Guide student(s) in undertaking micro-projects.
f. Demonstrate students thoroughly before they start doing the practice.
g. Observe continuously and monitor the performance of students in Lab.

11. SUGGESTEDMICRO-PROJECTS

Only one micro-project is planned to be undertaken by a student that needs to be


assigned to him/her. In special situations where groups have to be formed for
micro-projects, the number of students in the group should not exceed three.The
micro-project could be industry application based, internet-based, workshop-
based, laboratory-based or field-based. Each micro-project should encompass two
or more COs which are in fact, an integration of PrOs, UOs and ADOs. (Affective
Domain Outcomes). Each student will have to maintain activity chart consisting of
individual contribution in the project work and give a seminar presentation of it
before submission. The student ought to submit micro-project by the end of the
semester to develop the industry-oriented COs.
A suggestive list of micro-projects is given here. Similar micro-projects
could be added by the concerned faculty:

a. Study of any Real Case of Malware Attacks:


i. Understand Computer Virus and Malware Attack
ii. Analyze Phases of Virus
iii. Study and Analyze any Real Case of Malware Attacks for. eg
CryptoLocker , ransomware, 2013, ILOVEYOU, worm, 2000,11.
Melissa, virus, 1999 etc

b. Study and Analyze Small Business Cyber security Case Study:


i. Understand the type of attack,
ii. Analyze the Response and Impact of the attack

COMP, GPP Page 325 of 400 180 OB


Course Code:CM4110

iii. Find Preventive /curative measures against damages by attack

c. Study and analyze Social Site cyber attack case study:


i. Understand the type of attack,
ii. Analyze the Response and Impact of the attack
iii. Find Preventive /curative measures against damages by attack

d. Any other Relevant Case Study of Student’s / Faculty’s Choice.


12. SUGGESTED LEARNING RESOURCES

Publisher, Edition and Year of


S.N. Title Author
publication, ISBN Number
Principles of Wm.Arthur Conklin McGraw Hill Technology Education
computer security Dwayne Williams Gregory International Edition2005
1
Security+and Beyond B. White Roger L.Davis  ISBN-13: 978-0072255096
Chuck Cothren,  ISBN-10: 0072255099
Cryptography And Behrouz A Forouzan, De McGraw Hill Technology Education
2 Network Security Anza College, Deepak International 2nd Edition
Mukopadhay  ISBN- 9780070702080.
Computer Security Dieter Gollmann Wiley Publication
3 Third Edition  ISBN : 978-0-470-74115-3
Cryptography and Atul Kahate McGraw Hill Education, New Delhi
4 Network Security  ISBN 13: 978-1-25-902988-2
Third Edition

13. SOFTWARE/LEARNING WEBSITES

1. https://www.tutorialspoint.com//computer_security/computer_security_quick_
guide.htm
2. https://freevideolectures.com/course/3027/cryptography-and-network-security
3. https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_process.htm
4. https://www.cybrary.it/
5. https://www.tutorialspoint.com/cryptography/index.htm
6. https://www.geeksforgeeks.org/ip-security-ipsec/
7. https://www.open.edu/openlearn/ocw/mod/oucontent/view.php?id=48325&sec
tion=1

COMP, GPP Page 326 of 400 180 OB


Course Code:CM4110

14. PO - COMPETENCY- CO MAPPING

PO1 PO2 PO3 PO4 PO5 PO6 PO7


CO1 2 - - - 3 - 2
CO2 2 3 2 - 3 1 3
CO3 3 3 3 3 3 3 2
CO4 2 1 2 2 3 1 2
CO5 2 3 3 1 2 2 2

PSO1 PSO2
CO1 - 1
CO2 1 2
CO3 - 3
CO4 1 2
CO5 3 3

Sign: Sign:

Name: Name:
Smt. S.P. Ambavane Shri.U. V. Kokate
Smt. K. S. Sathawane Dr.S.B.Nikam
(Course Expert /s) (Head of Department)
(Department of Computer Engineering)
Sign: Sign:

Name: Name:
Shri.U. V. Kokate Shri A.S.Zanpure
Dr.S.B.Nikam (CDC Incharge )
(Programme Head)
(Department of Computer Engineering)

COMP, GPP Page 327 of 400 180 OB

You might also like