CENTURION UNIVERSITY OF TECHNOLOGY

AND MANAGEMENT
ODISHA,INDIA,BHUBANESWAR CAMPUS
SCHOOL OF ENGINEERING AND TECHNOLOGY
[Link] PREPAREDNESS PRESENTATION
 Academic Year:2024-25
 Programme: [Link].
 Course Name: Information Security
 Semester: 7th
 Subject Code: CUTM1027
 Subject Type :T-P-P(01-02-00)
 Faculty: [Link] Patra
[Link] Objectives:

• The Objectives of this course is to focus on the

models, tools, and techniques for enforcement of
security.
• Students will learn security from multiple
perspectives.
• Get skills to understand, design and implement
appropriate security technologies and policies to
protect computers and digital information.
• Can perform job role of IT auditor.
[Link] Outcomes:
COs CO STATEMENTS
Explain the basic principles of information security and their
CO1
importance. (Understand, Remember)
Configure and manage Cisco security devices and
CO2
technologies. (Apply, Analyze)
Implement security policies and access controls. (Apply,
CO3
Create)
Conduct risk assessments and vulnerability analysis. (Evaluate,
CO4
Analyze)
Develop and implement strategies for incident response and
CO5
disaster recovery. (Apply, Evaluate)
 POs PSOs

PO PO PO PO PO PO PO PO PO PO PO PO PS PS PS
COs 1 2 3 4 5 6 7 8 9 10 11 12 O1 O2 O3

CO
3 2 2 1 2 _ _ _ 2 2 2 2 3 3 3
1
CO
3 3 3 2 3 _ _ _ 2 2 2 2 3 3 3
2
CO
3 3 3 3 3 _ _ _ 2 2 2 2 3 3 3
3
CO
3 3 3 2 3 _ _ _ 2 2 2 2 3 3 3
4
CO
3 3 3 3 3 _ _ _ 2 2 2 2 3 3 3
5
 [Link] Structure/Syllabus:
Course Name: Information Security
Code (Credit): CUTM1027(1-2-0)
Module-I (T-4hr P-4hr)
Viruses, Crypto-malware, Ransom ware, Worm, Trojan, Rootkit, Key logger, Adware
Spyware, Bots, Logic bomb Backdoor, Social engineering, Application/service attacks.
Injection, Wireless attacks, Types of actors, Attributes of actors, Active reconnaissance,
Passive reconnaissance
Practice1: Demonstrate WHOIS used to retrieve Domain Name Registration detail from domain
registers
Practice2: Domain Information Groper(dig) used for DNS lookups and examine how domains
resolve into IP addresses.
Practice 3: Use of trace route to identifies the path packets take from a computer to a remote
host.
Practice 4: Use of nslookup to query DNS records and troubleshoot domain name resolution
Module-II(T-2hr P-4hr)
Weak security configurations, Personnel issues, Baseline deviation, License compliance
violation (availability/integrity), Asset management, Authentication issues.
Practice-5:Study of Packet Sniffer Tools: Wireshark, Ethereal (deprecated), and tcpdump.
Practice-6: Observe the Performance in Promiscuous vs Non-Promiscuous Mode
Practice-7: Packet Filtering Based on Criteria:IP Filter, Protocol Filter, MAC Address
Practice-8: Packet Sniffing with Wireshark and tcpdump
Module-III (T-4hr P-4hr)
Antivirus, File integrity check, Host-based firewall, Application whitelisting, Removable
media control, Advanced malware tools, Patch management tools, UTM, DLP.
Data execution prevention, Web application firewall, Connection methods, Mobile device
management concepts, Enforcement and monitoring, Deployment models, Protocols.
Practice-9: Understand iptables basics and environment setup.
Practice-10: Creating Basic Firewall Rules and implements SSH traffic ICMP control
Practice-11: Implement custom filtering and logging: Block Specific IP Address, Prevent
brute force SSH.
Practice-12: Apply rules in real-world-like network scenarios:Create firewall rules,Backup
and Flush Rules
Module-IV(T-4hr P-4hr)
Regulatory compliance, Frameworks, Policies, Controls, Procedure, Patching, Verifications and
quality control, Security issues associated with context-based authentication, Security issues
associated with identities.
Security issues associated with context-based authentication, Security
issues associated with identities, Security issues associated with identity repositories.
Practice-13:Understand stack-based buffer overflow.
Practice-14: Simulate buffer overflow in a C program.
Practice-15: Observe how an attacker can manipulate control flow.
Practice-16: Learn basic mitigation techniques (e.g., stack canaries, ASLR).
Module-V(T-4hr P-4hr)
Cybercrimes and data breaches, Licensing and intellectual property requirements, Import/export
controls.
Trans-border data flow, Privacy policy requirements, Identify threats and vulnerabilities.
Practice-17: Installation & Introduction to Nmap
Practice-18: Basic Scanning Techniques:Ping Scan,TCP Connect Scan,Specific Port Scan,Verbose
Scan
Practice-19: Advanced Scanning Techniques: OS Fingerprinting, UDP Scan,TCP SYN Scan,
Module-VI(T-2hr P-4hr)
Risk assessment/analysis, Risk response, Countermeasure selection and implementation,
Applicable types of controls (e.g., preventive, detective, corrective).
Practice-21:Advanced Scanning Techniques: OS Fingerprinting, UDP Scan,TCP SYN Scan,
Service Version Detection
Practice-22: Combined Scans & Reporting:Aggressive Scan,Save Output to File,Analyze Results
Practice-23: Introduction and Environment Setup of ARP and ARP spooping
Practice-24: Configure ARPWATCH to monitor a specific interface (e.g., eth0 or wlan0)
Module-VII(T-4hr P-4hr)
Federated Role Based Access Control (RBAC), Rule-based access control
Mandatory Access Control (MAC), Discretionary Access Control (DAC), Attribute Based Access
Control (ABAC)
Practice-25: Introduction & Installation to Nessus and Tenable
Practice-26: Configuration & Target Selection
Practice-27: Performing the Scan:Nessus plugins and CVE mapping, Monitoring scan status.
Practice-28: Understanding vulnerability details: CVE IDs, risk factor, affected services.
Text Books:
[Link] Stallings, "Cryptography and Network Security", Fourth edition, PHI
2. Schneier, Bruce, "Applied Cryptography", John Wiley and Sons
Reference Books:
3. Douglas R. Stinson, "Cryptography: Theory and Practice", CRC Press
4. Behrouz A. Forouzan, "Cryptography and Network Security", Mc-Graw Hill
 [Link] Plan:(PP)
MOULE SL NO. TOPICS-(PP)

I 1 Viruses, Crypto-malware, Ransom ware, Worm, Trojan, Rootkit, Key

logger
2 Adware, Spyware, Bots, Logic bomb Backdoor, Social engineering,
Application/service attacks
3 Injection, Wireless attacks
4 Types of actors, Attributes of actors, Active reconnaissance, Passive
reconnaissance
II 5 Weak security configurations, Personnel issues, Baseline deviation

6 License compliance, violation (availability/integrity), Asset

management, Authentication issues.
III 7 Antivirus, File integrity check, Host-based firewall, Application
whitelisting, Removable media control, Advanced malware tools,
Patch management tools, UTM, DLP
8 Data execution, prevention, Web application firewall, Connection
methods, Mobile device management concepts, Enforcement and
monitoring, Deployment models, Protocols.
 [Link] Plan:(PP)
MOULE SL NO. TOPICS-(PP)

IV 9 Regulatory compliance, Frameworks, Policies, Controls, Procedure,

Patching, Verifications and quality control
10 Security issues associated with context-based authentication, Security
issues associated with identities, Security issues associated with
identity repositories.
V 11 Cybercrimes and data breaches, Licensing and intellectual property
requirements, Import/export controls
12 Trans-border data flow, Privacy policy requirements, Identify threats
and vulnerabilities.
VI 13 Risk assessment/analysis, Risk response, Countermeasure selection
and implementation,
14 Applicable types of controls (e.g., preventive, detective, corrective).
VII 15 Federated Role Based Access Control (RBAC), Rule-based access
control
16 Mandatory Access Control (MAC), Discretionary Access Control
(DAC), Attribute Based Access Control(ABAC)
 [Link] Plan:(PP)
Text 1. William Stallings, "Cryptography and Network Security", Fourth
Books: edition, PHI
2 Schneier, Bruce, "Applied Cryptography", John Wiley and Sons

Referenc 1 Douglas R. Stinson, "Cryptography: Theory and Practice", CRC Press

e Books:

2 Behrouz A. Forouzan, "Cryptography and Network Security", Mc-

Graw Hill
 [Link] Plan:(PR)
MOULE SL NO. TOPICS-(PR)
I 1 Demonstrate WHOIS used to retrieve Domain Name Registration
detail from domain registers
2 Domain Information Groper(dig) used for DNS lookups and examine
how domains resolve into IP addresses.
3 Use of traceroute to identifies the path packets take from a computer
to a remote host.
4 Use of nslookup to query DNS records and troubleshoot domain
name resolution issues.
II 5 Study of Packet Sniffer Tools:Wireshark, Ethereal (deprecated), and
tcpdump.
6 Observe the Performance in Promiscuous vs Non-Promiscuous Mode
7 Packet Filtering Based on Criteria:IP Filter, Protocol Filter,MAC
Address
8 Packet Sniffing with Wireshark and tcpdump
 [Link] Plan:(PR)
MOULE SL NO. TOPICS-(PR)
III 9 Understand iptables basics and environment setup.

10 Creating Basic Firewall Rules and implements SSH traffic ICMP

control
11 Implement custom filtering and logging: Block Specific IP Address,
Prevent brute force SSH
12 Apply rules in real-world-like network scenarios: Create firewall
rules, Backup and Flush Rules
IV 13 Understand stack-based buffer overflow.

14 Simulate buffer overflow in a C program.

15 Observe how an attacker can manipulate control flow.

16 Learn basic mitigation techniques (e.g., stack canaries, ASLR).

 [Link] Plan:(PR)
MOULE SL NO. TOPICS-(PR)
V 17 Installation & Introduction to Nmap

18 Basic Scanning Techniques:Ping Scan,TCP Connect Scan,Specific

Port Scan,Verbose Scan
19 Advanced Scanning Techniques: OS Fingerprinting, UDP Scan,TCP
SYN Scan, Service Version Detection
20 Combined Scans & Reporting:Aggressive Scan,Save Output to
File,Analyze Results
VI 21 Introduction and Environment Setup of ARP and ARP spooping

22 Configure ARPWATCH to monitor a specific interface (e.g., eth0 or

wlan0)
23 Simulate ARP Spoofing Attack

24 Interpret ARPWATCH alerts (e.g., new station, changed MAC,

flipflop messages)
 [Link] Plan:(PR)
MOULE SL NO. TOPICS-(PR)
VII 21 Introduction & Installation to Nessus and Tenable

22 Configuration & Target Selection

23 Performing the Scan:Nessus plugins and CVE mapping, Monitoring

scan status.
24 Understanding vulnerability details: CVE IDs, risk factor, affected
services.
6. Study /Reference Materials:
SL NO. LECTURER VIDEO LINKS
1. [Link]

2. [Link]

3. [Link]

4. [Link]

5. [Link]

6. [Link]

7. [Link]

8. [Link]

9. [Link]

10. [Link]
[Link] Scheme:

[Link] CRITERIA
a. Evaluation for Theory papers (T, TP & TPP)

[Link] semester theory examinations (50% weightage):

a. Duration – 3 hrs
b. Full Mark – 100. During result processing, it will be
proportionately added.
c. Distribution of marks (should cover all COs)
i. 10 short questions x 2 marks = 20 marks
ii.5 long questions x 12 marks = 60 marks
iii.4 short notes x 5 marks = 20 marks
[Link] Scheme:
ii. Continuous assessments: Details are as indicated in the table below:

SL No Continuous Assessment Score

Individual / Group Presentation
Rubric is as under:
1 Content & creativity – 05 10
Presentation & Discussion – 05
2 Mid-semester (Written Examination) 20
Mark Distribution:
5 short questions x 1 marks = 5 marks
2 long questions x 5 marks = 10 marks
2 short notes x 2.5 marks = 5 marks
3 Assignment (2 assignments x 5 marks each) 10
Learning Record (Based on the parameters indicated
in the learning record format, course faculty to
4 evaluate and award score) 10
[Link] Scheme:
a. Evaluation of Practice/ Laboratory Components
The evaluation of the practice component will be carried out 50% by
concerned faculty and 50% by the external examiner and will be
conducted as per the present policy. Details are as under:
Internal:
A Concept 10
B Planning & Execution/ Practical/ Simulation/ Programming 10

C Result and Interpretation 10

D Record/ Report 10
E Viva 10
Total 50
 [Link] Scheme:
External

A Execution & Result 20

B Record of Applied and Action Learning 10
C Viva 20
Total 50

a. Evaluation of Project Component

The evaluation of the project component will be completed 50% by
concerned faculty and 50% by the external examiner and will be
conducted as per the present policy. Following guideline may be
referred during evaluation of internal and external components :
[Link] Scheme:
Internal
Understanding the relevance, scope and dimension of the
A 10
project
B Methodology 10
C Quality of Analysis and Results 10
D Interpretations and Conclusions 10
E Report 10
Total 50
External
Understanding the relevance, scope, and dimension of the
A 10
project
B Report 20
C Viva 20
Total 50
PASS CRITERIA:
a. students from odd semester 2023-24 across all the programs.
[Link] CRITERIA

[Link] papers: students must secure a minimum of 30% in individual components (both
continuous assessment & end-semester theory) along with 40% in aggregate
[Link] & practice papers:
a. Theory component: minimum of 30% in individual components (both continuous assessment
& end-semester theory) along with 40% in aggregate
b. Practice component: minimum of 50% marks both in internal & external
[Link] & project type papers:
a. Theory component: minimum of 30% in individual components (both continuous assessment
& end-semester theory) along with 40% in aggregate
b. Project component: minimum of 50% marks both in internal & external
[Link], practice & project type papers:
a. Theory component: minimum of 30% in individual components (both continuous assessment
& end-semester theory) along with 40% in aggregate
b. Practice component: minimum of 50% marks both in internal & external
c. Project component: minimum of 50% marks both in internal & external
[Link] & project type papers:
a. Practice component: minimum of 50% marks both in internal & external
b. Project component: minimum of 50% marks both in internal & external
[Link] or Internship type papers: 50% in aggregate
Note: For further clarity, refer to the example given in the Annexure 1
Annexure 1:
Theory Practice Project

Full Full Full Full Full Full Full

Full Mark
Mark Mark Mark Mark Mark Mark Mark
50 100 150 50 50 50 50 Result
CA ESTH CA+ESTH IPR EPR IPRO EPRO

Pass Criteria 30% 30% 40% 50% 50% 50% 50%

Subject Type
Theory 15 30 45 150(∝100) Fail

Theory + Practice 15 30 45 25 25 250(∝100) Fail

TPP 15 30 45 25 25 25 25 350(∝100) Fail

Theory + Project 15 30 45 25 25 250(∝100) Fail

Theory 20 40 60 150(∝100) Pass

Theory + Practice 35 29 64 25 25 250(∝100) Fail

TPP 10 50 60 25 25 25 25 350(∝100) Fail

Theory + Project 15 45 60 25 25 250(∝100) Pass

Practice 25 25 100(∝100) Pass
Project 25 25 100(∝100) Pass
Workshop 50 100 Pass
Annexure 1:

*CA- Continuous Assessment

*IPR- Internal Practice
*IPRO- Internal Project
*ESTH-End Semester Theory
*EPR- External Practice
*EPRO-External Project
[Link] for Learning Record:
Conclusion/Feedbacks?

I would Like to Note the Valuable

Suggestions and Feed backs to
Implement in My Session Plan Before I
thank You all.
THANK U All