Lovely Professional University, Punjab

Course Code INT515 Course Category Course Title DATABASE SECURITY Courses with conceptual focus Course Planner 14105::Ramandeep Singh Lectures 3.0 Tutorials Practicals Credits 0.0 0.0 3.0

TextBooks Sr No T-1 Title Information Security The Complete Reference Reference Books Sr No R-1 Title Beginning Microsoft SQL Server 2008 Administration Author Chris Leiter, Dan Wood, Michael Cierkowski, Albert Boettger Edition 1st Year 2009 Publisher Name Wiley Author Mark Rhodes-Ousley Edition 2nd Year 2013 Publisher Name Tata McGraw - Hill Education

Relevant Websites Sr No RW-1 RW-2 RW-3 RW-4 (Web address) (only if relevant to the course) http://www.w3schools.com/sql/sql_injection.asp http://download.oracle.com/oll/tutorials/SQLInjection/index.htm http://www.oracle.com/technetwork/database/features/plsql/overview/how-to-writeinjection-proof-plsql-1-129572.pdf http://sec4app.com/download/SqlInjection.pdf Salient Features SQL Injection Methods Oracle Tutorials about Preventing against SQL Injection Attacks Oracle Book for Writting SQL Injection Proof PL/SQL Code SQL Injection Book

Audio Visual Aids Sr No AV-1 AV-2 (AV aids) (only if relevant to the course) http://www.youtube.com/watch?v=PB7hWlqTSqs http://www.youtube.com/watch?v=gK3no-TYNRQ Salient Features SQL Injection Tutorial SQL Injection Hacking

LTP week distribution: (LTP Weeks) Weeks before MTE Weeks After MTE Spill Over 7 7 3

Detailed Plan For Lectures

Week Number

Lecture Number

Broad Topic(Sub Topic)

Chapters/Sections of Text/reference books

Other Readings, Lecture Description Relevant Websites, Audio Visual Aids, software and Virtual Labs Discussion about the need of Information Protection

Learning Outcomes

Pedagogical Tool Demonstration/ Case Study / Images / animation / ppt etc. Planned

Week 1

Lecture 1

Information Security Overview (Importance of Information Protection) Information Security Overview (Evolution of Information Security) Information Security Overview (Weakest Link)

T-1:Chapter 1

Students will know Class Discussion about the importance of information security Class Discussion

Lecture 2

T-1:Chapter 1

Discussion about the Knowledge about the evaluation of information evaluation of security program information security program

Lecture 3

T-1:Chapter 1

Discussion about Knowledge about Class Discussion vulnerabilities present in vulnerabilities present Security Infrastructure. in Security Infrastructure and what is to be done to deal with these vulnerability Discussion about building a security program Discussion about using security metrics to justify the investment in security program. Discussion about threat analysis Discussion about threat analysis Knowledge about building a security program Class Discussion

Week 2

Lecture 4

Information Security Overview (Building a Security Program) Information Security Overview (Justifying Security Investment)

T-1:Chapter 1

Lecture 5

T-1:Chapter 1

Knowledge about using Brainstorming Session security metrics to justify the investment in security program. Knowledge about Risk Class Discussion Analysis Knowledge about Risk Class Discussion Analysis

Lecture 6

Risk Analysis for Data and Information Security(Threat Definition) Risk Analysis for Data and Information Security(Threat Sources and Types)

T-1:Chapter 2

T-1:Chapter 2

Week 3

Lecture 7

Risk Analysis for Data and Information Security(Types of Attacks) Risk Analysis for Data and Information Security(Risk Analysis) SQL Server Database(Planning for a Microsoft SQL Server Installation) SQL Server Database(Installation)

T-1:Chapter 2

Discussion about Knowledge about Class Discussion Different type of threats. different type of threats. Discussion about what is Knowledge about what Class Discussion Risk Analysis and how is Risk Analysis and to conduct it. how to conduct it. Discussion about the knowledge about the initial steps for installing initial steps for SQL Server installing SQL Server Installing SQL Server Knowledge about installing SQL Server. Knowledge about installing SQL Server. Demonstration with SQL Server SQL Server Installation Demonstration SQL Server Installation Demonstration

Lecture 8

T-1:Chapter 2

Lecture 9

R-1:Chapter 2

Week 4

Lecture 10

R-1:Chapter 2

Lecture 11

SQL Server Database(Installation)

R-1:Chapter 2

Installing SQL Server

Week 4

Lecture 12

SQL Server Database (Configuration) SQL Server Database (Configuration) SQL Server Database(Additional Security Considerations)

R-1:Chapter 2

Configuring SQL Server Configuring SQL for Use. Server for Use. Configuring SQL Server Configuring SQL for Use. Server for Use. Discussion about additional considerations for SQL Server Installation Term Paper,Test1 Discussion about how we can use SQL Server authorization feature for database security. Discussion about SQL Server Roles

Demonstration through Projector and SQL Server Demonstration through Projector and SQL Server

Week 5

Lecture 13

R-1:Chapter 2

Lecture 14

R-1:Chapter 2

Knowledge about Demonstrations of additional SQL Server considerations for SQL Server Installation Knowledge about how SQL Server we can use SQL Server Demonstration about authorization feature for Authorization database security. Knowledge about how SQL Server Roles can be used for Authorization and Database Security Knnowledge about creating users and enforcing password policy on Users. Knnowledge about creating users and enforcing password policy on Users. Knowledge about how database policies can help in enforcing database security measures. Knowledge about how database policies can help in enforcing database security measures. SQL Server Demonstration about SQL Server Roles

Lecture 15 Week 6 Lecture 16 Authorization Authentication Roles(SQL Server Authorization) R-1:Chapter 6

Lecture 17

Authorization Authentication Roles(SQL Database Roles)

R-1:Chapter 6

Lecture 18

Authorization Authentication Roles(SQL Server Authentication)

R-1:Chapter 6

Discussion about creating users and enforcing password policy on Users. Discussion about creating users and enforcing password policy on Users. Discussion abut how database policies can help in enforcing database security measures. Discussion abut how database policies can help in enforcing database security measures.

SQL Server Demonstration about SQL Authentication SQL Server Demonstration about SQL Authentication Class Discussion and Demonstration

Week 7

Lecture 19

Authorization Authentication Roles(SQL Server Authentication)

R-1:Chapter 6

Lecture 20

Authorization Authentication Roles(SQL Server Database Policy)

R-1:Chapter 6

Lecture 21

Authorization Authentication Roles(SQL Server Database Policy)

R-1:Chapter 6

Class Discussion and Demonstration

MID-TERM
Week 8 Lecture 22 Authentication and Authorization (Authentication Techniques, Authorization Techniques) Authentication and Authorization (Authentication Techniques, Authorization Techniques) R-1:Chapter 6 Discussion about using authorization and authentication in SQL Server Security Discussion about using authorization and authentication in SQL Server Security Knowledge about using Class Discussion authorization and authentication in SQL Server Security Knowledge about using Class Discussion authorization and authentication in SQL Server Security

Lecture 23

R-1:Chapter 6

Week 8

Lecture 24

Authentication and Authorization (Authentication Techniques, Authorization Techniques) Storage Security(Evolution and Modern Security , Best Practicies)

R-1:Chapter 6

Discussion about using authorization and authentication in SQL Server Security Discussion about Backups, Restores and Encryption at the Storage level with Encryption key Management Discussion about Backups, Restores and Encryption at the Storage level with Encryption key Management Discussion about Backups, Restores and Encryption at the Storage level with Encryption key Management Discussion about Backups, Restores and Encryption at the Storage level with Encryption key Management Discussion about the importance of Operating System security for Database Security.Operating System Vulnerability and Patching Discussion about the importance of Operating System security for Database Security.Operating System Vulnerability and Patching Term Paper,Test2 RW-1 RW-1 Introduction to SQL Injection Introduction to SQL Injection

Knowledge about using Class Discussion authorization and authentication in SQL Server Security Knowledge about Backups, Restores and Encryption at the Storage level with Encryption key Management Knowledge about Backups, Restores and Encryption at the Storage level with Encryption key Management Knowledge about Backups, Restores and Encryption at the Storage level with Encryption key Management Knowledge about Backups, Restores and Encryption at the Storage level with Encryption key Management Knowledge about the importance of Operating System security for Database Security Demonstrations and Discussion

Week 9

Lecture 25

R-1:Chapter 10

Lecture 26

Storage Security(Evolution and Modern Security , Best Practicies)

R-1:Chapter 10

Demonstrations and Discussion

Lecture 27

Storage Security(Evolution and Modern Security , Best Practicies)

R-1:Chapter 10

Demonstrations and Discussion

Week 10

Lecture 28

Storage Security(Evolution and Modern Security , Best Practicies)

R-1:Chapter 10

Demonstrations and Discussion

Lecture 29

Operating System Security Models (Window Security)

T-1:Chapter 19

Class Discussion

Lecture 30

Operating System Security Models (Window Security)

T-1:Chapter 19

Knowledge about the importance of Operating System security for Database Security

Class Discussion

Week 11

Lecture 31 Lecture 32 Lecture 33 SQL Injection(Understanding SQL Injection) SQL Injection(Understanding SQL Injection) T-1:Chapter 7 T-1:Chapter 7

Introduction to SQL Injection Introduction to SQL Injection

Class Discussion Class Discussion

Week 12

Lecture 34

SQL Injection(Identifying Vulnerabilities) SQL Injection(Exploitation of Privileges and Passwords) SQL Injection(Exploitation and Information Gathering)

T-1:Chapter 7

RW-2

Discussion about SQL Injection Vulnerability Scan Discussion about SQL Injection Vulnerability Scan Discussion about SQL Injection Vulnerability Scan Term Paper,Test,Mini project3

Knowledge about SQL Class Discussion Vulnerability Scan Knowledge about SQL Class Discussion Injection Vulnerability Scan Knowledge about SQL Class Discussion Injection Vulnerability Scan

Lecture 35

T-1:Chapter 7

RW-3

Lecture 36

T-1:Chapter 7

RW-3

Week 13

Lecture 37 Lecture 38 Lecture 39 SQL Injection(Defending Against Exploitation) SQL Injection(Defending Against Exploitation) Disaster Recovery and Business Continuity Plans(Disaster Recovery, Business Continuity Planning, Backups,High Availability) Disaster Recovery and Business Continuity Plans(Disaster Recovery, Business Continuity Planning, Backups,High Availability) Disaster Recovery and Business Continuity Plans(Disaster Recovery, Business Continuity Planning, Backups,High Availability) T-1:Chapter 7 T-1:Chapter 7 T-1:Chapter 29 R-1:Chapter 9 RW-2 RW-2

Writing Scripts which are SQL injection Proof Writing Scripts which are SQL injection Proof Discussion about Disaster Recovery in SQL Server and Business Continuity Plan Discussion about Disaster Recovery in SQL Server and Business Continuity Plan Discussion about Disaster Recovery in SQL Server and Business Continuity Plan

Writing Scripts which Discussion are SQL injection Proof Writing Scripts which Discussion are SQL injection Proof about Disaster Recovery in SQL Server and Business Continuity Plan about Disaster Recovery in SQL Server and Business Continuity Plan about Disaster Recovery in SQL Server and Business Continuity Plan Class Discussion and Demonstration through SQL Server

Week 14

Lecture 40

Lecture 41

T-1:Chapter 29 R-1:Chapter 9

Class Discussion and Demonstration through SQL Server

Lecture 42

T-1:Chapter 29 R-1:Chapter 9

Class Discussion and Demonstration through SQL Server

SPILL OVER
Week 15 Lecture 43 Lecture 44 Lecture 45 Spill Over Spill Over Spill Over

Scheme for CA:

Component Term Paper,Test Frequency 2 Total :Out Of 3 Each Marks Total Marks 10 10 20 20

Details of Academic Task(s)

AT No.

Objective

Topic of the Academic Task

Nature of Academic Task (group/individuals/field work

Evaluation Mode

Allottment / submission Week 4/5

Test1

To test the student Questions will be from syllabus upto week 5. Test Will contain 6 Individual knowledge for the question of 5 marks each or vice versa. Questions will be a mix of syllabus which have analytical and descriptive questions. been covered in the class upto week 5

Answer sheets submitted by the students will be evaluated and marks shall be awarded according to the same. Report and Presentation will be evaluated by the class teacher and marks will be according to that.

Term Paper1

To gice students an Topics will be allocated to the student they will conduct research Individual oppurtunity to and submit a written report to the instructor followed by research and come presentation. up with various technologies, vulnerabilities and incidents which have taken place in the feild of database security and analysis of effectiveness. To test the student Questions will be from syllabus from week 6upto week 10. Test knowledge for the Will contain 6 question of 5 marks each or vice versa. Questions syllabus covered in will be a mix of analytical and descriptive questions. the class from week 6 to week 10 Individual

4 / 12

Test2

Marks will be awarded according to the solution submitted by the student.

8 / 10

List of suggested topics for term paper[at least 15] (Student to spend about 15 hrs on any one specified term paper) Sr. No. Topic 1 Authentication techniques based on Hash Functions 2 Ethical hacking Tools & Techniques 3 Cryptography and Overview of crypto Systems 4 Use of stegnography in Information Security 5 Security Concerns in Internet Banking 6 Intrusion Detection System 7 Viruses- Types, Damages and Laws 8 Cyber Crime Laws 9 Phishing Techniques

10 Antivirus Applications Types and Working 11 Comparative Anallysis of Access Control Techniques 12 Firewall - Types and Role in information Security 13 Security and Portability Concern with Smart Cards 14 SQL Injection and How it Work 15 SQL Injection Vulnerability Scan