Post Graduate Diploma in Cyber Security

1 Year Program
Detailed course content

SEMESTER I SEMESTER II

S. NO. Subject S. NO. Subject

1 Introduction to Information Security 1 VAPT

2 Operating System Security 2 Advanced Network Security

3 Server Security (Linux & Windows) 3 IT Security Auditing & ISMS

4 Data Security/ Cloud Computing 4 Prevention Against Hacking Attacks

5 Web Security 5 Cyber Laws

The PGDCS program ends with a Dissertation/ Thesis on Information Security subjects that gets
published in the defined International Journals or IEEE Conferences.
 FIRST SEMESTER

MOD 1. INTRODUCTION OF INFORMATION SECURITY

 The Digital Space

 Security and its need
 Hacking (types and methods)
 Security Service Life Cycle
 Security Mechanisms (Corporate Implementation Case Studies)
 Fundamental Concepts
 Standard Reference Models
 Case Study

TOOLS:
Wire shark
Ether cap
TCP dump (bt)
Cola soft packet builder
Hping packet crafting tool
Scapy
System maintenance tools—Tune up utilities/ cc cleaner /folder lock/ease US partition magic

REFERENCE BOOKS:
1. Edward Halibozek, Robert Fischer, Introduction To Security, Author:, Apr 2008, David
Walters, Butterworth-heinemann.
2. Philip P. Purpura, Security: An Introduction, Mar 2010, Crc Press.
3. Khare, Information Security, 2006-10-01, Bpb.
4. Mark Merkow, James Breithaupt; Information Security : Principles And Practices,
01/01/2007, Pearson
5. Niit, Information Security: An Overview, 2004, Phi Learning Pvt. Ltd

MOD 2: OPERATING SYSTEM SECURITY

UNIT I
WINDOWS SECURITY

 OS Architecture
 Introduction to Windows NT
 Ini file virtualization
 Security architecture components
 Windows 7 Security Features
 Registry
 Windows level vulnerability.
 File systems
 Virtual machines
 Windows OS vulnerability assessment
 OS hardening
  Sysinternals Forensics Toolkit (with Case Study)
 Introduction to Windows 8 security features
 Case study

TOOLS:
Registry cleaner
Deskman pro
Windows 7 security features
Computer forensics and incident response using command prompt
Regedit (registry tricks)/ (group policy editor)
Sys internal Tool kit

UNIT II
LINUX INTERNALS AND SECURITY
 Introduction to LINUX
 LINUX operating system
 Inter process communication
 Linux file system
 Linux security features
 Multiprocessing

TOOLS:
Linux security toolkit

REFERENCE BOOKS:
1. Silbersachatz and Galvin, ―Operating System Concepts‖, Pearson, 5th Ed., 2001
2. Madnick E., Donovan J., ―Operating Systems‖, Tata McGraw Hill, 2001
3. Tannenbaum, ―Operating Systems‖, PHI, 4th Edition, 2000
4. Shubhi Lall, Franklin S, Operating Systems & Business Data Processing, 2005, University
Book House (p) Ltd.
5. Silberschatz, Galvin, Gagne, Operating System Concepts,8Th Ed, International Student
Version, 2010, Wiley India Pvt Ltd

MOD 3: SERVER SECURITY (LINUX & WINDOWS)

 Introduction to servers
 Types of Servers
 Client-server architecture
 Windows 2003 /2008 server implementation (with practical steps)
 LINUX server implementation (with practical steps)
 VPN Windows Server (with practical steps)
 Client-server security issues: threats, vulnerabilities and case studies
TOOLS:
ISA 2006 implementation and server security toolkit (BT 5)
MOD 4: DATA SECURITY / CLOUD COMPUTING

 Data Security
 Data Backup
 Data Recovery
 Cloud Computing Architecture
TOOLS:
 Data recovery tools: ( Recuva, Ease US data recovery, Photo rec, Test disc, Digital forensics (bt)
Tool kit)
 Online backup tools: (I drive, Sky drive etc.)
 Offline backup: (Windows system image, Windows backup Helix (incident response)
 Steganography using command prompt
 Truecrypt
 Trinity
 PGP implementation

REFERENCE BOOKS:

1. Paulus R. Wayleith, Data Security: Laws and Safeguards, 2008, Nova Science Publishers Inc.
2. LIC Books, Data Security: Information Security, Biometric Passport, Backup, Database Audit,
Data Remanence, Firewall, Drivesavers, Data Erasure, May 2010, Books Llc
3. Terry Bernstein, Anish B. Bhimani, Eugene Schultz, Carol A. Siegel, Internet Security For
Business, 1996-07-23, John Wiley & Sons
4. Ivan B. Damgard, Lectures On Data Security: Modern Cryptology In Theory And
Practice,Apr 1999, Springer-verlag.
5. Rita Tehan, Data Security Breaches: Context And Incident Summaries, Aug 2008, Nova
Science Publishers.

MOD 5: WEB SECURITY

 Introduction to Internet
 Browser Security
 IP security
 E-mail security
 Exchange Mail Server Security
 Social networking

TOOLS:
 Retina scanner
 Sam spade
 NS tool kit (network scanning )
 Elite proxy switcher
 Net stumbler
 Installation of mail server
 Microsoft outlook
 SET social engineering tool kit (email spoofing)
 Tor browser
 NS auditor (n/w and port scanning)
 Path analyzer pro
  Netfilter
 Squid

REFERENCE BOOKS:

1. Komunte Mary, Web Security, Prof Venansius Baryamureeba , Jul 2010, Lap Lambert
Academic Publishing.
2. Web Security Exploits: Trojan Horse, Cross-Site Scripting, Session Fixation, Idn Homograph
Attack, Cross-Site Request Forgery, Clickjacking, Llc Books, May 2010, Books Llc
3. Testing Web Security: Assessing The Security Of Web Sites And Applications, Steven
Splaine, October 2002, John Wiley & Sons.
4. Elfriede A. Dustin, Jeff Rashka, Douglas Mcdiarmid, Quality Web Systems: Performance,
Security, And Usability, Aug 2001, Addison-wesley Professional.
5. Rickland Hollar, Richard Murphy, Enterprise Web Services Security, 2006, Shroff/charles
River Media.
 SECOND SEMESTER
MOD 6: VULNERABILITY ASSESSMENT & PENETRATION TESTING
 Vulnerability Assessment -Introduction
 -Types of Vulnerabilities
 -Information Gathering
 -Vulnerability Assessment Methodology -Foot-printing
 -Network Enumeration Penetration Testing
TOOLS:
 NS auditor
 Acunetix
 W3af
 Nessus
 Net sparker
 Samurai
 HT track
 Nikto
 Retina network scanner
 Maltego
REFERENCE BOOKS:

1. Thomas R. Peltier, John A. Blackley, Justin Peltier, Managing A Network

Vulnerability Assessment, Jan 2003, Auerbach Publications.
2. Ec-council, Security and Vulnerability Assessment [With Access Code], Apr 2010,
Course Technology.
3. Institute Of Civil Engineers, Of Civil E Institute of Civil, Penetration Testing, Dec 1989,
American Society Of Civil Engineers.
4. Alfred Basta, Wolf Halton , Computer Security And Penetration Testing, Aug 2007, Delmar
5. Frederic P. Miller, Agnes F. Vandome, John Mcbrewster, Penetration Test,
Paperback, Alphascript Publishing

MOD 7: ADVANCED NETWORK SECURITY

 Wired LAN
 Wireless LAN
 Firewalls
 Router security
 Access control
 VOIP
 Intrusion Detection System
 Unified threat management

TOOLS:
 Router security:
 [Router configuration and security features ( wired)
 Router configuration and security features (wireless)]
  Intrusion detection & prevention: (Snort, Sys internals, OSSIM)
 Access control: [SE linux, UTM (Unified threat management)]
 VOIP: (Skype security configurations, VLAN ping, Wireshark)
 VPN: (Implementation, Firewall, SSL putty)
 Wireless LAN: (Aircrack, Aero peek, Air snort, Kismet,WEP crack, Airsnort, BT scanner, Wids)
 Lan administration—classroom spy pro/ tight VNC / router configuration …configuration
 Windows based LAN config and LINUX based NMAP
 Technitium MAC changer Ether change
 Firewalls—comodo/ zonealarm WIN & LINUX Proxy server/websites etc in
windows, linux and BT Snort IDS
 Paros proxy GFI languard

REFERENCE BOOKS:

1. Roberta Bragg, Network Security: The Complete Reference, 2004, Tata Mgraw Hill.
2. Shaffer, Simon, Network Security, 1994, Academic Press.
3. Nitesh Dhanjani, Network Security Tools, Justin Clarke, 2005, Shroff/o'reilly.
4. Andrew Lockhart, Network Security Hacks, 2004, Shroff/o'reilly.
5. Venkataram, Wireless And Mobile Network Security, Mcgraw-hill (tmh).

MOD 8: INFORMATION SECURITY AUDITING

 ISMS
 Preparation of an audit report
TOOLS:
 Windows and LINUX based auditing tools

REFERENCE BOOKS:
1. R. G. Murdick, J. E. Ross and J. R. Clagget, ―Information Systems for Modern Management‖, 3rd
Edition by, PHI – 1994.
2. Parker, Charles Case, Thomas, ―Management Information System: Strategy & Action‖, 2nd
Edition, TMH, 1993.
3. Thitima Pitinanondha, Operational Risk Management Systems, Mar 2010, Vdm Verlag Dr.
Muller Aktiengesellschaft.
4. Gurpreet Dhillon, Managing Information Systems Security, 1997, Palgrave Macmillan.
5. Mahadeo Jaiswal, Management Information Systems, 2004-07-15, Oxford.

MOD 9: PREVENTION AGAINST HACKING ATTACKS

 Malwares
 Attacks
 Honeypot
TOOLS: (All tutorial are for educational purpose with preventive measures)
 Virus creation and disinfection
 Bot injection and disinfection (some RAT tool)
 Antivirus configuration (Quick Heal, Windows defender)
  Phishing (SET bt; manual)+ tabnabbing (SET bt; manual) Social Engineering
Demonstration.
 Cookie hijacking (Cookie capturing & injection)
 Keylogger (aradmax, LKL; linux, anti keylogger )
 SQL injection (havij, SQL map, SQL ninja, w3af)
 Google tricks
 Password cracking tools
 Hiren boot CD
 Metasploit—armitage
 Netcat
 LOIC (Low Orbit Ion Cannon-DOS attack--- live demo) plus live IDS prevention

REFERENCE BOOKS:

1. Mcclure, Web Hacking: Attacks & Defects, 01/01/2003, Dorling Kindersley India.
2. Andrew Whitaker, Keatron Evans, Jack Voth, Chained Exploits: Advanced Hacking Attacks from
Start to Finish, Nov 2008, Addison-wesley Professiona.
3. John Chirillo, Hack Attacks Revealed: A Complete Reference With Custom Security
Hacking Toolkit, 2001-04-05, John Wiley & Sons.
4. Himanshu Dwivedi, Hacking VoIP: Protocols, Attacks, And Countermeasures, Oct 2008, No
Starch Press.
5. Ec-council, Ec-council, Ethical Hacking And Countermeasures: Attack Phases, Sep 2009, Course
Technology.

MOD 14: CYBER LAWS

 Introduction
 National /International Law Enforcement Agencies and Policies
 Cyber Offences
 Cyber Terrorism
 IPR Laws
 IT ACT 2000

REFERENCE BOOKS:

1. Tabraz Ahmad, Cyber Laws E-Commerce and M-Commerce, 2009, Aph Publishing Corporation.
2. Yatindra Singh, Cyber Laws, 2003, Universal Law Publishing Co. P Ltd.
3. L K Thakur, Asit Narayan, Internet Marketing, E-Commerce and Cyber Laws, 2000,
Authorspress.
4. C K Punia, Cyber Laws, 2009, Sumit Enterprises
5. V. D. Dudeja, Information Technology And Cyber Laws, 2001, Commonwealth Publishers
THESIS WORK
Student is required to undertake a Thesis Work at last Semester of PGDCS and to prepare and
submit a thesis report as a fulfillment of the course.

Selection of Thesis Topic (Title):-

Student has to identify and define topic of the thesis in the specific subject of Course.
The thesis work should be conducted individually by field work in any
organization/market/library relevant to the topic.
The thesis work can be based on primary or secondary information and data.
The thesis report should be presented in approximately 150-200 pages and should be
approved by the guiding teacher.

Guiding faculty:-
The student should approach to allocated supervisor for approval and decide the title of the thesis
in consultation with guiding teacher. A form prescribed for the thesis work duly filled should be
submitted to Appin and registration should be obtained.

Weightage of marks:-
The thesis work carries total weightage of 6 credits out of which, the report carries the
weightage of 2 credits and Presentation and thesis done carries the weightage of 4 credits.

It is compulsory for each participant to prepare thesis report in consultation and under the able guidance
of Thesis Guide/Supervisor and submit copy of ―Outline of Thesis Proposal‖ in specified form
(Enclosed herewith) duly signed by you and your Guide to the Appin office.

Your outline of Thesis Proposal should clearly state following:

A Brief Conceptual introduction of the Thesis work.
Objectives of the Thesis work
Sources of information
Structure of the Thesis work
Significance of the Thesis work

Key points in Submission of Thesis Report:

The Thesis report should be submitted in A -4 size (29-20cm) in a bound volume and also
one copy to be uploaded online on the student’s account.
The length of the Thesis report shall be about 60 to 75 double spaced computerized print out
pages.
The Font Size shall be preferably of 12 or 11 and in Times Roman Letters.

You need to submit only two hard and also a soft copy (CD) of Thesis Report

The thesis report must include certificate of originality of the work carrying that the work
undertaken by him/her is an original one and has not been submitted earlier either to this
University or to any other institution for fulfillment of the requirement of a course of study
that is to be signed and approved by Thesis Guide/Supervisor and to be countersigned by you.
The Thesis Report once submitted will not be returned to the student.
The Thesis Report should be submitted before the given deadline.

PROFORMA FOR APPROVAL OF TOPIC OF THESIS REPORT SUBMISSION

POSSIBLE WAYS OF UNDERTAKING A THESIS WORK:

A Comprehensive organizational Case Study of an Organization: Based on Field

Work Organization, Company, Firm, Market & Library, security concerns of a firm.
She/he May Focus on Problem Formulation, Analysis & Recommendations.
An Inter-organizational Study on Management Practices, security practices.
She/he can carry out An Exploratory Study of Market/Organizations Based On
Primary Information/Secondary Data, etc.
The Thesis Work Based On Secondary Data & Information Supported With Field
Work In A Fairly Big Organization, Company, Firm, Market, and Library.
She/he May Undergo a Training in an Organization, Company, Firm as the case may be.
The Thesis Work Can Be Based On Primary Data On A Chosen Topic.

A BRIEF ABOUT HOW TO PREPARE PROPOSAL:

Introduction
Review of Literature
Objectives of the Thesis
Research Design
Research Methodology
(1) Sources of Information
(i) Secondary Data
(ii) Primary Data
(2) Research Tool
(3) Sampling Decisions
(i) Sampling units
(ii) A Representative Sample
(iii) Sampling Size
(iv) Sampling Method
(4) Data Analysis and Interpretation
Significance of the Study
Relevance of the Study (consider its need to the present day problems and society as well as
country)
Contribution to Knowledge
Limitations of the Study
Selected References