Hi Guest, 30 September 2020 Wednesday IST

About CUSAT | About Department | Alumni | Sitemap | Disclaimer  

     
 
  Home > Academic/Programmes > Programme Structure > SE (2012)
       
       
 
CSS3206: NETWORK FORENSICS

Core/Elective: Elective Semester: 2 Credits: 3

Course Description

This course will introduce the student to the essential aspects of information security and network forensics. The student will be provided with the tools, techniques and industry accepted methodologies so that upon completion of the course the student will be able to describe key concepts of network security and forensics and how those concepts apply to themselves and their organization.

Course Objectives

Describe key principles, such as defense in depth and demilitarized zones (DMZ)
Provide an overview of the requirement for intrusion detection systems (IDS) and their implementation
Provide an overview of network security devices and infrastructures, including proxy servers and firewalls
Describe the methodologies used in network forensics
Describe data hiding and obfuscation and outline obfuscation methods

Course Content

1. Introduction to Security -CIA and AAA - protecting against Intruders - Users, Systems, and Data -Services, Role-Based Security, and Cloud Computing - Security and Forensic Computing - ISO 27002 - Risks -Risk Management/Avoidance - Security Policies -Defining the Policy - Example Risks - Defense-in-Depth - Gateways and DMZ (Demilitarized Zones) - Layered Model and Security - Encryption - Layered Approach to Defense

2. Intrusion Detection SystemsTypes of Intrusion - Attack Patterns - Host/Network-Based Intrusion Detection - Placement of the IDS - Snort - Example Rules -Running Snort -User, Machine, and Network Profiling – Honeypots - In-Line and Out-of-Line IDSs - False and True - Customized Agent-Based IDS

3. Network Security Elements Objectives - Introduction - Router (Packet Filtering) Firewalls - Network Address Translation - PIX/ASA Firewall - Proxy Servers

4. Network Forensics Key Protocols - Ethernet, IP, and TCP Headers - TCP Connection – ARP – SYN - Application Layer Analysis - FTP - ICMP - DNS - Port Scan - SYN Flood - Spoofed Addresses - Application Layer Analysis - HTTP - Network Logs on Hosts - Tripwire

5. Data Hiding and Obfuscation Obfuscation Using Encryption - Obfuscation through Tunneling - Covert Channels - Watermarking and Stenography - Hiding File Contents - File Contents

REFERNCES

1. Buchanan, William J. (2011). Introduction to Security and Network Forensics, CRC Press, ISBN: 978-0-8493-3568-6
2. Computer Forensics: Investigating Network Intrusions and Cyber Crime (Ec-Council Press Series:Computer Forensics), 2010
3. Michael E. Whitman, Herbert J. Mattord, "Principles of Information Security", 2nd Edition,, Cengage Learning Pub., 2012
4. Eoghan Casey, Digital Evidence and Computer Crime Forensic science, Computers and Internet', Elsevier Academic Press -Second Edition, 2011
5. Christof Paar, Jan Pelzl, Understanding Cryptography: A Textbook for Students and Practitioners, 2nd Edition, Springer's, 2010


Copyright © 2009-20 Department of Computer Science,CUSAT
Design,Hosted and Maintained by Department of Computer Science
Cochin University of Science & Technology
Cochin-682022, Kerala, India
E-mail: csdir@cusat.ac.in
Phone: +91-484-2577126
Fax: +91-484-2576368