Professional Documents
Culture Documents
INT515 Database Security 14105::ramandeep Singh 3.0 0.0 0.0 3.0 Courses With Conceptual Focus
INT515 Database Security 14105::ramandeep Singh 3.0 0.0 0.0 3.0 Courses With Conceptual Focus
Course Code INT515 Course Category Course Title DATABASE SECURITY Courses with conceptual focus Course Planner 14105::Ramandeep Singh Lectures 3.0 Tutorials Practicals Credits 0.0 0.0 3.0
TextBooks Sr No T-1 Title Information Security The Complete Reference Reference Books Sr No R-1 Title Beginning Microsoft SQL Server 2008 Administration Author Chris Leiter, Dan Wood, Michael Cierkowski, Albert Boettger Edition 1st Year 2009 Publisher Name Wiley Author Mark Rhodes-Ousley Edition 2nd Year 2013 Publisher Name Tata McGraw - Hill Education
Relevant Websites Sr No RW-1 RW-2 RW-3 RW-4 (Web address) (only if relevant to the course) http://www.w3schools.com/sql/sql_injection.asp http://download.oracle.com/oll/tutorials/SQLInjection/index.htm http://www.oracle.com/technetwork/database/features/plsql/overview/how-to-writeinjection-proof-plsql-1-129572.pdf http://sec4app.com/download/SqlInjection.pdf Salient Features SQL Injection Methods Oracle Tutorials about Preventing against SQL Injection Attacks Oracle Book for Writting SQL Injection Proof PL/SQL Code SQL Injection Book
Audio Visual Aids Sr No AV-1 AV-2 (AV aids) (only if relevant to the course) http://www.youtube.com/watch?v=PB7hWlqTSqs http://www.youtube.com/watch?v=gK3no-TYNRQ Salient Features SQL Injection Tutorial SQL Injection Hacking
LTP week distribution: (LTP Weeks) Weeks before MTE Weeks After MTE Spill Over 7 7 3
Week Number
Lecture Number
Other Readings, Lecture Description Relevant Websites, Audio Visual Aids, software and Virtual Labs Discussion about the need of Information Protection
Learning Outcomes
Pedagogical Tool Demonstration/ Case Study / Images / animation / ppt etc. Planned
Week 1
Lecture 1
Information Security Overview (Importance of Information Protection) Information Security Overview (Evolution of Information Security) Information Security Overview (Weakest Link)
T-1:Chapter 1
Students will know Class Discussion about the importance of information security Class Discussion
Lecture 2
T-1:Chapter 1
Discussion about the Knowledge about the evaluation of information evaluation of security program information security program
Lecture 3
T-1:Chapter 1
Discussion about Knowledge about Class Discussion vulnerabilities present in vulnerabilities present Security Infrastructure. in Security Infrastructure and what is to be done to deal with these vulnerability Discussion about building a security program Discussion about using security metrics to justify the investment in security program. Discussion about threat analysis Discussion about threat analysis Knowledge about building a security program Class Discussion
Week 2
Lecture 4
Information Security Overview (Building a Security Program) Information Security Overview (Justifying Security Investment)
T-1:Chapter 1
Lecture 5
T-1:Chapter 1
Knowledge about using Brainstorming Session security metrics to justify the investment in security program. Knowledge about Risk Class Discussion Analysis Knowledge about Risk Class Discussion Analysis
Lecture 6
Risk Analysis for Data and Information Security(Threat Definition) Risk Analysis for Data and Information Security(Threat Sources and Types)
T-1:Chapter 2
T-1:Chapter 2
Week 3
Lecture 7
Risk Analysis for Data and Information Security(Types of Attacks) Risk Analysis for Data and Information Security(Risk Analysis) SQL Server Database(Planning for a Microsoft SQL Server Installation) SQL Server Database(Installation)
T-1:Chapter 2
Discussion about Knowledge about Class Discussion Different type of threats. different type of threats. Discussion about what is Knowledge about what Class Discussion Risk Analysis and how is Risk Analysis and to conduct it. how to conduct it. Discussion about the knowledge about the initial steps for installing initial steps for SQL Server installing SQL Server Installing SQL Server Knowledge about installing SQL Server. Knowledge about installing SQL Server. Demonstration with SQL Server SQL Server Installation Demonstration SQL Server Installation Demonstration
Lecture 8
T-1:Chapter 2
Lecture 9
R-1:Chapter 2
Week 4
Lecture 10
R-1:Chapter 2
Lecture 11
R-1:Chapter 2
Week 4
Lecture 12
SQL Server Database (Configuration) SQL Server Database (Configuration) SQL Server Database(Additional Security Considerations)
R-1:Chapter 2
Configuring SQL Server Configuring SQL for Use. Server for Use. Configuring SQL Server Configuring SQL for Use. Server for Use. Discussion about additional considerations for SQL Server Installation Term Paper,Test1 Discussion about how we can use SQL Server authorization feature for database security. Discussion about SQL Server Roles
Demonstration through Projector and SQL Server Demonstration through Projector and SQL Server
Week 5
Lecture 13
R-1:Chapter 2
Lecture 14
R-1:Chapter 2
Knowledge about Demonstrations of additional SQL Server considerations for SQL Server Installation Knowledge about how SQL Server we can use SQL Server Demonstration about authorization feature for Authorization database security. Knowledge about how SQL Server Roles can be used for Authorization and Database Security Knnowledge about creating users and enforcing password policy on Users. Knnowledge about creating users and enforcing password policy on Users. Knowledge about how database policies can help in enforcing database security measures. Knowledge about how database policies can help in enforcing database security measures. SQL Server Demonstration about SQL Server Roles
Lecture 17
R-1:Chapter 6
Lecture 18
R-1:Chapter 6
Discussion about creating users and enforcing password policy on Users. Discussion about creating users and enforcing password policy on Users. Discussion abut how database policies can help in enforcing database security measures. Discussion abut how database policies can help in enforcing database security measures.
SQL Server Demonstration about SQL Authentication SQL Server Demonstration about SQL Authentication Class Discussion and Demonstration
Week 7
Lecture 19
R-1:Chapter 6
Lecture 20
R-1:Chapter 6
Lecture 21
R-1:Chapter 6
MID-TERM
Week 8 Lecture 22 Authentication and Authorization (Authentication Techniques, Authorization Techniques) Authentication and Authorization (Authentication Techniques, Authorization Techniques) R-1:Chapter 6 Discussion about using authorization and authentication in SQL Server Security Discussion about using authorization and authentication in SQL Server Security Knowledge about using Class Discussion authorization and authentication in SQL Server Security Knowledge about using Class Discussion authorization and authentication in SQL Server Security
Lecture 23
R-1:Chapter 6
Week 8
Lecture 24
Authentication and Authorization (Authentication Techniques, Authorization Techniques) Storage Security(Evolution and Modern Security , Best Practicies)
R-1:Chapter 6
Discussion about using authorization and authentication in SQL Server Security Discussion about Backups, Restores and Encryption at the Storage level with Encryption key Management Discussion about Backups, Restores and Encryption at the Storage level with Encryption key Management Discussion about Backups, Restores and Encryption at the Storage level with Encryption key Management Discussion about Backups, Restores and Encryption at the Storage level with Encryption key Management Discussion about the importance of Operating System security for Database Security.Operating System Vulnerability and Patching Discussion about the importance of Operating System security for Database Security.Operating System Vulnerability and Patching Term Paper,Test2 RW-1 RW-1 Introduction to SQL Injection Introduction to SQL Injection
Knowledge about using Class Discussion authorization and authentication in SQL Server Security Knowledge about Backups, Restores and Encryption at the Storage level with Encryption key Management Knowledge about Backups, Restores and Encryption at the Storage level with Encryption key Management Knowledge about Backups, Restores and Encryption at the Storage level with Encryption key Management Knowledge about Backups, Restores and Encryption at the Storage level with Encryption key Management Knowledge about the importance of Operating System security for Database Security Demonstrations and Discussion
Week 9
Lecture 25
R-1:Chapter 10
Lecture 26
R-1:Chapter 10
Lecture 27
R-1:Chapter 10
Week 10
Lecture 28
R-1:Chapter 10
Lecture 29
T-1:Chapter 19
Class Discussion
Lecture 30
T-1:Chapter 19
Knowledge about the importance of Operating System security for Database Security
Class Discussion
Week 11
Lecture 31 Lecture 32 Lecture 33 SQL Injection(Understanding SQL Injection) SQL Injection(Understanding SQL Injection) T-1:Chapter 7 T-1:Chapter 7
Week 12
Lecture 34
SQL Injection(Identifying Vulnerabilities) SQL Injection(Exploitation of Privileges and Passwords) SQL Injection(Exploitation and Information Gathering)
T-1:Chapter 7
RW-2
Discussion about SQL Injection Vulnerability Scan Discussion about SQL Injection Vulnerability Scan Discussion about SQL Injection Vulnerability Scan Term Paper,Test,Mini project3
Knowledge about SQL Class Discussion Vulnerability Scan Knowledge about SQL Class Discussion Injection Vulnerability Scan Knowledge about SQL Class Discussion Injection Vulnerability Scan
Lecture 35
T-1:Chapter 7
RW-3
Lecture 36
T-1:Chapter 7
RW-3
Week 13
Lecture 37 Lecture 38 Lecture 39 SQL Injection(Defending Against Exploitation) SQL Injection(Defending Against Exploitation) Disaster Recovery and Business Continuity Plans(Disaster Recovery, Business Continuity Planning, Backups,High Availability) Disaster Recovery and Business Continuity Plans(Disaster Recovery, Business Continuity Planning, Backups,High Availability) Disaster Recovery and Business Continuity Plans(Disaster Recovery, Business Continuity Planning, Backups,High Availability) T-1:Chapter 7 T-1:Chapter 7 T-1:Chapter 29 R-1:Chapter 9 RW-2 RW-2
Writing Scripts which are SQL injection Proof Writing Scripts which are SQL injection Proof Discussion about Disaster Recovery in SQL Server and Business Continuity Plan Discussion about Disaster Recovery in SQL Server and Business Continuity Plan Discussion about Disaster Recovery in SQL Server and Business Continuity Plan
Writing Scripts which Discussion are SQL injection Proof Writing Scripts which Discussion are SQL injection Proof about Disaster Recovery in SQL Server and Business Continuity Plan about Disaster Recovery in SQL Server and Business Continuity Plan about Disaster Recovery in SQL Server and Business Continuity Plan Class Discussion and Demonstration through SQL Server
Week 14
Lecture 40
Lecture 41
T-1:Chapter 29 R-1:Chapter 9
Lecture 42
T-1:Chapter 29 R-1:Chapter 9
SPILL OVER
Week 15 Lecture 43 Lecture 44 Lecture 45 Spill Over Spill Over Spill Over
AT No.
Objective
Evaluation Mode
Test1
To test the student Questions will be from syllabus upto week 5. Test Will contain 6 Individual knowledge for the question of 5 marks each or vice versa. Questions will be a mix of syllabus which have analytical and descriptive questions. been covered in the class upto week 5
Answer sheets submitted by the students will be evaluated and marks shall be awarded according to the same. Report and Presentation will be evaluated by the class teacher and marks will be according to that.
Term Paper1
To gice students an Topics will be allocated to the student they will conduct research Individual oppurtunity to and submit a written report to the instructor followed by research and come presentation. up with various technologies, vulnerabilities and incidents which have taken place in the feild of database security and analysis of effectiveness. To test the student Questions will be from syllabus from week 6upto week 10. Test knowledge for the Will contain 6 question of 5 marks each or vice versa. Questions syllabus covered in will be a mix of analytical and descriptive questions. the class from week 6 to week 10 Individual
4 / 12
Test2
8 / 10
List of suggested topics for term paper[at least 15] (Student to spend about 15 hrs on any one specified term paper) Sr. No. Topic 1 Authentication techniques based on Hash Functions 2 Ethical hacking Tools & Techniques 3 Cryptography and Overview of crypto Systems 4 Use of stegnography in Information Security 5 Security Concerns in Internet Banking 6 Intrusion Detection System 7 Viruses- Types, Damages and Laws 8 Cyber Crime Laws 9 Phishing Techniques
10 Antivirus Applications Types and Working 11 Comparative Anallysis of Access Control Techniques 12 Firewall - Types and Role in information Security 13 Security and Portability Concern with Smart Cards 14 SQL Injection and How it Work 15 SQL Injection Vulnerability Scan