JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY HYDERABAD

M.Tech. (COMPUTER NETWORKS)

COURSE STRUCTURE AND SYLLABUS
I Year – II Semester
Course Title Int. Ext. L P C
marks marks
Core Course IV Network Security 25 75 4 -- 4
Core Course V Wireless Networks 25 75 4 -- 4
Core Course VI Network Security Standards and Applications 25 75 4 -- 4
Core Elective III 1. Internet Technologies and Services 25 75 4 -- 4
2. Digital Water Marking and Steganography
3. Security Threats
4. Network Management and Performance
Evaluation
Core Elective IV 1. Storage Area Networks 25 75 4 -- 4
2. Distributed Systems Security
3. Cyber Security
4. Information Systems control and Audit
Open Elective II Open Elective – 2 25 75 4 -- 4
Laboratory II Network Security Lab 25 75 -- 4 2
Seminar II Seminar 50 -- -- 4 2
Total Credits 24 8 28
 JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY HYDERABAD

M.Tech-CN - I Year - II Sem

NETWORK SECURITY
Objectives:
 Understand the basic categories of threats to computers and networks
 Understand various cryptographic algorithms.
 Describe public-key cryptosystem.
 Describe the enhancements made to IPv4 by IPSec
 Understand Intrusions and intrusion detection
 Discuss the fundamental ideas of public-key cryptography.
 Generate and distribute a PGP key pair and use the PGP package to send an encrypted e-mail
message.
 Discuss Web security and Firewalls

UNIT – I
Attacks on Computers and Computer Security: Introduction, The need for security, Security
approaches, Principles of security, Types of Security attacks, Security services, Security Mechanisms, A
model for Network Security Cryptography: Concepts and Techniques: Introduction, plain text and
cipher text, substitution techniques, transposition techniques, encryption and decryption, symmetric and
asymmetric key cryptography, steganography, key range and key size, possible types of attacks.
UNIT – II
Symmetric key Ciphers: Block Cipher principles & Algorithms(DES, AES,Blowfish), Differential and
Linear Cryptanalysis, Block cipher modes of operation, Stream ciphers, RC4,Location and placement of
encryption function, Key distribution Asymmetric key Ciphers: Principles of public key cryptosystems,
Algorithms(RSA, Diffie-Hellman,ECC), Key Distribution
UNIT – III
Message Authentication Algorithms and Hash Functions: Authentication requirements, Functions,
Message authentication codes, Hash Functions, Secure hash algorithm, Whirlpool, HMAC, CMAC, Digital
signatures, knapsack algorithm Authentication Applications: Kerberos, X.509 Authentication Service,
Public – Key Infrastructure, Biometric Authentication
UNIT – IV
E-Mail Security: Pretty Good Privacy, S/MIME IP Security: IP Security overview, IP Security
architecture, Authentication Header, Encapsulating security payload, combining security associations, key
management
UNIT – V
Web Security: Web security considerations, Secure Socket Layer and Transport Layer Security, Secure
electronic transaction Intruders, Virus and Firewalls: Intruders, Intrusion detection, password
management, Virus and related threats, Countermeasures, Firewall design principles, Types of firewalls
Case Studies on Cryptography and security: Secure Inter-branch Payment Transactions, Cross site
Scripting Vulnerability, Virtual Elections
TEXT BOOKS:
1. Cryptography and Network Security : William Stallings, Pearson Education,5th Edition
2. Cryptography and Network Security: Atul Kahate, Mc Graw Hill, 2nd Edition.
3. Network Security and Cryptography: Bernard Menezes, CENGAGE Learning
REFERENCE BOOKS:
1. Cryptography and Network Security: C K Shyamala, N Harini, Dr T R Padmanabhan, Wiley India,
1st Edition.
2. Cryptography and Network Security : Forouzan Mukhopadhyay, Mc Graw Hill, 2nd Edition
3. Information Security, Principles and Practice : Mark Stamp, Wiley India.
4. Principles of Computer Sceurity: WM.Arthur Conklin, Greg White, TMH
5. Introduction to Network Security: Neal Krawetz, CENGAGE Learning.
6. Principles of Information security by Michael E Whitman and Herbert J.Mattord.
 JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY HYDERABAD

M.Tech-CN - I Year - II Sem

WIRELESS NETWORKS
Objectives:
 To identify the principal components of telecommunications networks and key networking technologies.
 To implement how the Internet and Internet technology works.
 To identify the principal technologies and standards for wireless networking, communication, and
Internet access.
 To describe troubleshooting techniques for wireless networks.

UNIT I
Overview of Wireless Networks: Introduction, Different generations of wireless networks. Characteristics
of The Wireless Medium: Introduction, radio propagation mechanisms, path-loss modeling and signal
coverage, effects of multi path and Doppler, channel measurement and modeling techniques.

UNIT II
Physical Layer Alternatives for Wireless Networks: Introduction, applied wireless transmission techniques,
short distance base band transmission, UWB pulse transmission, Carrier Modulated transmission,
Broadband modems for higher speeds, Spread Spectrum transmissions, High-speed Modems for Spread
spectrum technology, Diversity and Smart Receiving Techniques, Comparison of modulation schemes,
Coding techniques for wireless communications.

UNIT III
Wireless Medium Access Alternatives: Introduction, fixed-assignment access for Voice-Oriented
networks, Random access for Data-Oriented Networks, Integration of Voice and Data Traffic. Network
Planning: Introduction, wireless network topologies, Cellular Topology, Cell Fundamentals, Signal-to-
interference ratio calculation, capacity Expansion Techniques, network planning for CDMA systems.

UNIT IV
Wireless Network Operation: Introduction, mobility management, radio resources and power
management, security in wireless networks. Wireless Application Protocol: Design and Principles of
Operation, WAP Architecture & Components, WAE Overview, WAE Model, WTA Architecture, WTA
Framework Components, WSP Specification, WTP Specification, WTLS Specification, WDP Specification

UNIT V
Bluetooth Design and Principles of Operation, Transmitter Characteristics, Bluetooth Security, Link
Manager Protocol, Logical Link Control and Adaptation Layer Protocol, Alternatives to Bluetooth.
WIRELESS LANs: Benefits of WLANs, Design and principles of Operation, WLAN Configurations,
Microcells and Roaming, Types of WLANS, IEEE802.11, IEEE802.11a, IEEE802.11b

TEXT BOOKS:
1. Kaveh Pahlavan and Prashant Krishnamurthy,” Principles of Wireless Networks-a Unified approach”,
Pearson, 2004.
2. Gary S.Rogers et al, “An Introduction to Wireless Technology”, Pearson, 2007.

REFERENCE BOOKS:
1. William Stallings, “Wireless communications and Networks”, Pearson education, 2005, ISBN 81-7808-
560-7
2 Jim Geier, “Wireless Networks first-step”, Pearson, 2005.
3 Sumit Kasera et al, “2.5G Mobile Networks: GPRS and EDGE”, TMH, 2008.
4 Matthew S.Gast, “802.11 Wireless Networks”, O’Reilly, Second Edition, 2006.
5. Theodore s. Rappaport, “Wireless Communications –principles and practice”, second edition, PHI,
2002
6. C.S.R.Prabhu et al, “Bluetooth Technology and its Applications with Java and J2ME”, PHI, 2007.
 JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY HYDERABAD

M.Tech-CN - I Year - II Sem

NETWORK SECURITY STANDARDS AND APPLICATIONS

Objectives:
 Compile, analyze, and assess the applicability of best practices in addressing information security
issues relevant to the cyber security community
 Evaluate the impact of business constraints and processes on the implementation of network
security programs
 Integrate principles and techniques of risk analysis, project planning and change management in the
development of network security strategies
 Demonstrate secondary research skills in the investigation and selection of best practice solutions to
address network security challenges
 Demonstrate mastery of theory, concepts and skills in addressing specialized aspects of network
security Applications

UNIT I
Introduction to Information Security: Introduction, Critical Characteristics, threats to information Security,
Attacks on Information Security, Security Professionals and the Organization, Information Security
Policies, Standards and Practices, Frameworks for Industry Standards in Information Security.

UNIT II
Auditing, Monitoring, and Logging: Monitoring Network Systems, Configuration and Change
Management,
Introduction to security audits, need for security audits, organizational roles, Auditor’s roles, Types of
security audits, Audit approaches, Technology based audits ,Auditing (Formal Reviews), Systems
Certification, Accreditation and Authorization,

UNIT III
Contingency Planning and Networking Incident Response: Introduction, What is Contingency
Planning?, Incedent Response Plan,
Network Authentication and Remote Access Using VPN: Introduction, Access Control, Virtual Private
Networks.

UNIT IV
Network Monitoring and Intrusion Detection and Prevention Systems: Introduction, Network
monitoring Software : Packet Sniffing, Intrusion Detection and Prevention Systems, Honeypots and
Honeynets.

UNIT V
Wireless Network Security: Introduction, Wireless Technologies and Standards, Wireless
Architectures and Topologies, Wireless Security Protocols, WLAN Security Concerns, Bluetooth

TEXT BOOKS:
1. Guide to Network Security by Michael Whitman, Herb Mattord,David Mackey, Andrew Green
Cengage Learinng
2. Information Systems Security, Nina Godbole, Wiley India, 2009
3. Principles and Practices of Information Security. Michael E. Whitman, Herbert J. Mattord, Cengage
Learning,

REFERENCES:
1. Microsoft Security Risk Management Guide
2. Risk Management Guide for Information Technology Systems
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
3. OCTAVE approach http://www.cert.org/octave/
4. COBIT http://www.isaca.org/
5. Guide to Firewalls and Policies (Unit 3) http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf
6. Firewalls and Network Security, Micheal E.Whitman, et al. Cengage Learning, 2008
7. Audit Trails (Unit 7) http://csrc.nist.gov/publications/nistpubs/800-12/800-12-html/chapter18.html
8. Information Security Management Handook, Harold F. Tipton, CRC Press, 2012
9. Information Security Policies and Procedures, 2nd Edition, Thomas R. Peltier, Auerbach, 2004
 JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY HYDERABAD

M.Tech-CN - I Year - II Sem

INTERNET TECHNOLOGIES AND SERVICES

(Core Elective-III)
Objective:
The student who has knowledge of programming with java should be able to develop web based
solutions using multi-tier architecture. S/he should have good understanding of different technologies on
client and server side components as Follows:
Client Side: HTML5, CSS3, Javascript, Ajax, JQuery and JSON
Server Side: Servlets, JSP
Database: MySQL with Hibernate and Connection Pooling
Framework: Struts with validation framework, Internationalization (I18N)
SOA: Service Oriented Architecture, Web services fundamentals, Axis framework for WS

UNIT I
Client Side Technologies: Overview of HTML - Common tags, XHTML, capabilities of HTML5
Cascading Style sheets, CSS3 enhancements, linking to HTML Pages, Classes in CSS
Introduction to JavaScripts, variables, arrays, methods and string manipulation, BOM/DOM
(Browser/Document Object Model), accessing elements by ID, Objects in JavaScript
Dynamic HTML with JavaScript and with CSS, form validation with JavaScript, Handling Timer Events
Simplifying scripting with JQuery, JASON for Information exchange.

UNIT II
Introduction to Java Servlets: Introduction to Servlets: Lifecycle of a Servlet, Reading request and
initialization parameters, Writing output to response, MIME types in response, Session Tracking: Using
Cookies and Sessions
Steps involved in Deploying an application
Database Access with JDBC and Connection Pooling
Introduction to XML, XML Parsing with DOM and SAX Parsers in Java
Ajax - Ajax programming with JSP/Servlets, creating XML Http Object for various browsers, Sending
request, Processing response data and displaying it.
Introduction to Hibernate

UNIT III
Introduction to JSP: JSP Application Development: Types of JSP Constructs (Directives, Declarations,
Expressions, Code Snippets), Generating Dynamic Content, Exception Handling, Implicit JSP Objects,
Conditional Processing, Sharing Data Between JSP pages, Sharing Session and Application Data, Using
user defined classes with jsp:useBean tag, Accessing a Database from a JSP

UNIT IV
Introduction to Struts Framework: Introduction to MVC architecture, Anatomy of a simple struts2
application, struts configuration file, Presentation layer with JSP, JSP bean, html and logic tag libraries,
Struts Controller class, Using form data in Actions, Page Forwarding, validation frame work,
Internationalization

UNIT V
Service Oriented Architecture and Web Services Overview of Service Oriented Architecture – SOA
concepts, Key Service Characteristics, Technical Benefits of a SOA
Introduction to Web Services– The definition of web services, basic operational model of web services,
basic steps of implementing web services.
Core fundamentals of SOAP – SOAP Message Structure, SOAP encoding, SOAP message exchange
models,
Describing Web Services –Web Services life cycle, anatomy of WSDL
Introduction to Axis– Installing axis web service framework, deploying a java web service on axis.
Web Services Interoperability – Creating java and .Net client applications for an Axis Web Service
(Note: The Reference Platform for the course will be open source products Apache Tomcat Application
Server, MySQL database, Hibernate and Axis)

TEXT BOOKS:

1. Web Programming, building internet applications, Chris Bates 3rd edition, WILEY Dreamtech .
2. The complete Reference Java 7th Edition , Herbert Schildt., TMH.
3. Java Server Pages,Hans Bergsten, SPD, O’Reilly.
4. Professional Jakarta Struts - James Goodwill, Richard Hightower, Wrox Publishers.
5. Developing Java Web Services, R. Nagappan, R. Skoczylas, R.P. Sriganesh, Wiley India, rp –
2008.
6. Understanding SOA with Web Services, Eric Newcomer and Greg Lomow, Pearson Edition –
2009
7. Java Web Service Architecture, James McGovern, Sameer Tyagi et al., Elsevier - 2009

REFERENCE BOOKS:
1. Programming the world wide web,4th edition,R.W.Sebesta,Pearson
2. Core SERVLETS ANDJAVASERVER PAGES VOLUME 1: CORE
3. TECHNOLOGIES , Marty Hall and Larry Brown Pearson
4. Internet and World Wide Web – How to program , Dietel and Nieto PHI/Pearson.
5. Jakarta Struts Cookbook , Bill Siggelkow, S P D O’Reilly.
6. Professional Java Server Programming,S.Allamaraju & othersApress(dreamtech).
7. Java Server Programming ,Ivan Bayross and others,The X Team,SPD
8. Web Warrior Guide to Web Programmming-Bai/Ekedaw-Cengage Learning.
9. Beginning Web Programming-Jon Duckett ,WROX.
 JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY HYDERABAD

M.Tech-CN - I Year - II Sem

DIGITAL WATERMARKING AND STEGANOGRAPHY

(Core Elective-III)

Objectives:

To learn about the watermarking models and message coding

To learn about watermark security and authentication.
To learn about steganography. Perceptual models

Unit I
INTRODUCTION: Information Hiding, Steganography and Watermarking – History of watermarking –
Importance of digital watermarking – Applications – Properties – Evaluating watermarking systems

WATERMARKING MODELS & MESSAGE CODING: Notation – Communications – Communication

based models – Geometric models – Mapping messages into message vectors – Error correction coding
– Detecting multi-symbol watermarks.

Unit II
WATERMARKING WITH SIDE INFORMATION & ANALYZING ERRORS: Informed Embedding –
Informed Coding – Structured dirty-paper codes - Message errors – False positive errors – False negative
errors – ROC curves – Effect of whitening on error rates.

Unit III
PERCEPTUAL MODELS: Evaluating perceptual impact – General form of a perceptual model –
Examples of perceptual models – Robust watermarking approaches - Redundant Embedding, Spread
Spectrum Coding, Embedding in Perceptually significant coefficients

Unit IV
WATERMARK SECURITY & AUTHENTICATION: Security requirements – Watermark security and
cryptography – Attacks – Exact authentication – Selective authentication – Localization – Restoration.

Unit V
STEGANOGRAPHY: Steganography communication – Notation and terminology – Information-theoretic
foundations of steganography – Practical steganographic methods – Minimizing the embedding impact –
Steganalysis

REFERENCES:
1. Ingemar J. Cox, Matthew L. Miller, Jeffrey A. Bloom, Jessica Fridrich, Ton Kalker, “Digital
Watermarking and Steganography”, Margan Kaufmann Publishers, New York, 2008.
2. Ingemar J. Cox, Matthew L. Miller, Jeffrey A. Bloom, “Digital Watermarking”, Margan Kaufmann
Publishers, New York, 2003.
3. Michael Arnold, Martin Schmucker, Stephen D. Wolthusen, “Techniques and Applications of Digital
Watermarking and Contest Protection”, Artech House, London, 2003.
4. Juergen Seits, “Digital Watermarking for Digital Media”, IDEA Group Publisher, New York, 2005.
5. Peter Wayner, “Disappearing Cryptography – Information Hiding: Steganography & Watermarking”,
Morgan Kaufmann Publishers, New York, 2002.
 JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY HYDERABAD

M.Tech-CN - I Year - II Sem

SECURITY THREATS
(Core Elective-III)

Objectives :

To learn about the various security threats, essentials

To learn about the network threats
To learn about the authorization and authentication
To learn about the access control.

Unit-I
Introduction: Security threats - Sources of security threats- Motives - Target Assets and vulnerabilities –
Consequences of threats- E-mail threats - Web-threats - Intruders and Hackers, Insider threats, Cyber
crimes.

Unit-II
Network Threats: Active/ Passive – Interference – Interception – Impersonation – Worms – Virus –
Spam’s – Ad ware - Spy ware – Trojans and covert channels – Backdoors – Bots - IP Spoofing - ARP
spoofing - Session Hijacking - Sabotage-Internal treats- Environmental threats - Threats to Server
security.

Unit-III
Security Threat Management: Risk Assessment - Forensic Analysis - Security threat correlation – Threat
awareness - Vulnerability sources and assessment- Vulnerability assessment tools -Threat identification -
Threat Analysis - Threat Modeling - Model for Information Security Planning.

Unit-IV
Security Elements: Authorization and Authentication - types, policies and techniques - Security
certification - Security monitoring and Auditing - Security Requirements Specifications - Security Polices
and Procedures, Firewalls, IDS, Log Files, Honey Pots

Unit-V
Access control, Trusted Computing and multilevel security - Security models, Trusted Systems, Software
security issues, Physical and infrastructure security, Human factors – Security awareness, training , Email
and Internet use policies.

REFERENCES
1. Joseph M Kizza, “Computer Network Security”, Springer Verlag, 2005
2. Swiderski, Frank and Syndex, “Threat Modeling”, Microsoft Press, 2004.
3. William Stallings and Lawrie Brown, “Computer Security: Principles and Practice”, Prentice Hall, 2008.
4. Thomas Calabres and Tom Calabrese, “Information Security Intelligence: Cryptographic Principles &
Application”, Thomson Delmar Learning, 2004.
 JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY HYDERABAD

M.Tech-CN - I Year - II Sem

NETWORK MANAGEMENT AND PERFORMANCE EVALUATION

(Core Elective-III)
Objectives:

•To describe bridging/switching technologies and apply them to network design.

• To apply algorithms to solve network design problems.
• To analyze network traffic flow and evaluate its performance.
• To demonstrate understanding of network management standards, SNMP.

UNIT I
Introduction to Network Management: Analogy of Telephone Network Management, Communications
protocols and Standards, Case Histories of Networking and Management, Challenges of Information
Technology Managers, Network Management: Goals, Organization, and Functions, Network and System
Management. Network Management System Platform, Current Status and future of Network
Management

UNIT II
SNMP v1 Network Management: Organization and Information Models : The History of SNMP
Management The SNMP Mode, The Organization Model, System Overview, The Information Model. The
SNMP Communication Model, Functional model
SNMP Management: SNMP v2
Major Changes in SNMPv2, SNMPv2 System Architecture, SNMPv2 Structure of Management
Information , The SNMPv2 Management Information Base, SNMPv2 Protocol, Compatibility with SNMP
v1

UNIT III
Network Management Tools and Systems : Network Management Tools, Network Statistics Measurement
Systems, History of Enterprise Management, Network Management systems, Commercial network
management Systems, System Management, and Enterprise Management Solutions
Web-Based Management: NMS with Web Interface and Web-Based Management, Web Interface to
SNMP Management, Embedded Web-Based Management, Desktop management Interface, Web-Based
Enterprise Management,

UNIT IV
WBEM: Windows Management Instrumentation. Java management Extensions, Management of a
Storage Area Network: Future Directions
Performance Modeling and Estimation: Overview of Probability and Stochastic Processes – Probability,
Random Variables Stochastic Processes, Queuing Analysis - How Queues Behave—A Simple Example
Why Queuing Analysis. Queuing Models, Single-Server Queues. Multi server Queues, Examples, Queues
with Priorities, Networks of Queues, Other Queuing Models. Estimating Model Parameters

UNIT V
Modeling and Estimation of Self-Similar Traffic : Self-Similar Traffic - Self-Similarity, Self-Similar Data
Traffic, Examples of Self-Similar Data Traffic, Performance Implications of Self-Similarity. Modeling and
Estimation of Self-Similar Data Traffic
Quality of Service in IP Networks : Exterior Routing Protocols and Multicast - Path-Vector Protocols: BGP
and IDRP. Multicasting, Integrated and Differentiated Services - Integrated Services Architecture (ISA),
Queuing Discipline, Random Early Detection. Differentiated Services, Protocols for QOS Support -
Resource Reservation: RSVP. Multi protocol Label Switching, Real-Time Transport Protocol (RTP)
TEXT BOOKS:
1. Mani Subramanian, “Network Management, Principles and Practice”, Pearson Education, 2000,
rp2007.
2. William Stallings, “High-Speed Networks and Internets: Performance and Quality of Service – 2ed”,
Prentice Hall/Pearson Education, 2002.

REFERENCES BOOKS:

1. Benoit Claise and Ralf Wolter, “Network Management: Accounting and Performance Strategies”,
Pearson Education, 2007, rp2008.
2. J. Richard Burke, “Network Management – Concepts and Practice: A Hands-on Approach”, PHI,
2004, rp2008.
3. Stephen B. Morris, “Network Management, MIBs and MPLS”, Pearson Education, 2003, rp 2008.
4. Anurag Kumar, D.Manjunath and Joy Kuri, “Communication Networking: An Analytical Approach”,
Elsevier, 2004.
5. Engineering Internet Qos, Sanjay Jha and Mahbub Hassan, Artech House, 2002
6. Thomas G. Robertazzi, “Conputer Networks and Systems – Queuing Theory and Performance
Evaluation – 3ed”, Springer, 2000, rp2002.
7. Gary N. Higginbottom, “Performance Evaluation of Communication Networks”, Artech House, 1998.
 JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY HYDERABAD

M.Tech-CN - I Year - II Sem

STORAGE AREA NETWORKS

(Core Elective-IV)
Objectives:

 To understand Storage Area Networks characteristics and components.

 To become familiar with the SAN vendors and their products
 To learn Fibre Channel protocols and how SAN components use them to communicate with each
other
 To become familiar with Cisco MDS 9000 Multilayer Directors and Fabric Switches
Thoroughly learn Cisco SAN-OS features.
 To understand the use of all SAN-OS commands. Practice variations of SANOS features

UNIT I
Introduction to Storage Technology Review data creation and the amount of data being created and
understand the value of data to a business, challenges in data storage and data management, Solutions
available for data storage, Core elements of a data center infrastructure, role of each element in
supporting business activities

UNIT II
Storage Systems Architecture Hardware and software components of the host environment, Key
protocols and concepts used by each component ,Physical and logical components of a connectivity
environment ,Major physical components of a disk drive and their function, logical constructs of a physical
disk, access characteristics, and performance Implications, Concept of RAID and its components ,
Different RAID levels and their suitability for different application environments: RAID 0, RAID 1, RAID 3,
RAID 4, RAID 5, RAID 0+1, RAID 1+0, RAID 6, Compare and contrast integrated and modular storage
systems ,High-level architecture and working of an intelligent storage system

UNIT III
Introduction to Networked Storage Evolution of networked storage, Architecture, components, and
topologies of FC-SAN, NAS, and IP-SAN, Benefits of the different networked storage options, Understand
the need for long-term archiving solutions and describe how CAS fulfills the need , Understand the
appropriateness of the different networked storage options for different application environments

UNIT IV
Information Availability & Monitoring & Managing Datacenter List reasons for planned/unplanned
outages and the impact of downtime, Impact of downtime, Differentiate between business continuity (BC)
and disaster recovery (DR) ,RTO and RPO, Identify single points of failure in a storage infrastructure and
list solutions to mitigate these failures, Architecture of backup/recovery and the different backup/recovery
topologies , replication technologies and their role in ensuring information availability and business
continuity, Remote replication technologies and their role in providing disaster recovery and business
continuity capabilities
Identify key areas to monitor in a data center, Industry standards for data center monitoring and
management, Key metrics to monitor for different components in a storage infrastructure, Key
management tasks in a data center

UNIT V
Securing Storage and Storage Virtualization Information security, Critical security attributes for
information systems, Storage security domains, List and analyzes the common threats in each domain,
Virtualization technologies, block-level and file-level virtualization technologies and processes
Case Studies
The technologies described in the course are reinforced with EMC examples of actual solutions.
Realistic case studies enable the participant to design the most appropriate solution for given sets of
criteria.

TEXT BOOK:
1. EMC Corporation, Information Storage and Management, Wiley.

REFERENCE BOOKS:
2. Robert Spalding, “Storage Networks: The Complete Reference“, Tata McGraw Hill, Osborne, 2003.
3. Marc Farley, “Building Storage Networks”, Tata McGraw Hill, Osborne, 2001.
4. Meeta Gupta, Storage Area Network Fundamentals, Pearson Education Limited, 2002.
 JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY HYDERABAD

M.Tech-CN - I Year - II Sem

DISTRIBUTED SYSTEMS SECURITY

(Core Elective-IV)
Objective :

To learn about the distributed systems and security

To learn about the host-level, application level threats and vulnerabilities
To learn about service –level solutions

Unit-I
Introduction – Distributed Systems, Distributed Systems Security. Security in Engineering: Secure
Development Lifecycle Processes - A Typical Security Engineering Process – Security Engineering
Guidelines and Resources. Common Security Issues and Technologies: Security Issues, Common
Security Techniques.

Unit-II
Host-level Threats and Vulnerabilities: Transient code Vulnerabilities - Resident Code Vulnerabilities -
Malware: Trojan Horse – Spyware - Worms/Viruses – Eavesdropping – Job Faults. Infrastructure-Level
Threats and Vulnerabilities: Network-Level Threats and Vulnerabilities - Grid Computing Threats and
Vulnerabilities – Storage Threats and Vulnerabilities – Overview of Infrastructure Threats and
Vulnerabilities.

Unit-III
Application-Level Threats and Vulnerabilities: Application-Layer Vulnerabilities –Injection Vulnerabilities -
Cross-Site Scripting (XSS) - Improper Session Management - Improper Error Handling - Improper Use of
Cryptography - Insecure Configuration Issues - Denial of Service - Canonical Representation Flaws -
Overflow Issues. Service-Level Threats and Vulnerabilities: SOA and Role of Standards - Service-Level
Security Requirements - Service-Level Threats and Vulnerabilities - Service-Level Attacks - Services
Threat Profile.

Unit-IV
Host-Level Solutions: Sandboxing – Virtualization - Resource Management - Proof-Carrying Code -
Memory Firewall – Antimalware. Infrastructure-Level Solutions: Network-Level Solutions - Grid-Level
Solutions - Storage-Level Solutions. Application-Level Solutions: Application-Level Security Solutions.

Unit-V
Service-Level Solutions: Services Security Policy - SOA Security Standards Stack – Standards in Dept -
Deployment Architectures for SOA Security - Managing Service-Level Threats - Compliance in Financial
Services - SOX Compliance - SOX Security Solutions – Multilevel Policy-Driven Solution Architecture -
Case Study: Grid - The Financial Application – Security Requirements Analysis. Future Directions - Cloud
Computing Security – Security Appliances - Usercentric Identity Management - Identity-Based Encryption
(IBE) - Virtualization in Host Security.

REFERENCES
1. Abhijit Belapurakar, Anirban Chakrabarti and et al., “Distributed Systems Security: Issues. Processes
and solutions”, Wiley, Ltd., Publication, 2009.
2. Abhijit Belapurkar, Anirban Chakrabarti, Harigopal Ponnapalli, Niranjan Varadarajan, Srinivas
Padmanabhuni and Srikanth Sundarrajan, “Distributed Systems Security: Issues, Processes and
Solutions”, Wiley publications, 2009.
3. Rachid Guerraoui and Franck Petit, “Stabilization, Safety, and Security of Distributed Systems”,
Springer, 2010.
 JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY HYDERABAD

M.Tech-CN - I Year - II Sem

CYBER SECURITY
(Core Elective-IV)
Objectives:
To learn about cyber crimes and how they are planned
To learn the vulnerabilities of mobile and wireless devices
To learn about the crimes in mobile and wireless devices

UNIT-I
Introduction to Cybercrime: Introduction, Cybercrime and Information security, who are cybercriminals,
Classifications of Cybercrimes, Cybercrime: The legal Perspectives and Indian Perspective, Cybercrime
and the Indian ITA 2000, A Global Perspective on Cybercrimes.
Cyber offenses: How criminals Plan Them: Introduction, How Criminals plan the Attacks, Social
Engineering, Cyber stalking, Cyber cafe and Cybercrimes, Botnets: The Fuel for Cybercrime, Attack
Vector, Cloud Computing.

UNIT-II
Cybercrime: Mobile and Wireless Devices: Introduction, Proliferation of Mobile and Wireless Devices,
Trends in Mobility, Credit card Frauds in Mobile and Wireless Computing Era, Security Challenges Posed
by Mobile Devices, Registry Settings for Mobile Devices, Authentication service Security, Attacks on
Mobile/Cell Phones, Mobile Devices: Security Implications for Organizations, Organizational Measures for
Handling Mobile, Organizational Security Policies an Measures in Mobile Computing Era, Laptops.
UNIT III
Cybercrimes and Cyber security: the Legal Perspectives
Introduction. Cyber Crime and Legal Landscape around the world, Why Do We Need Cyber laws: The
Indian Context, The Indian IT Act, Challenges to Indian Law and Cybercrime Scenario In India, Digital
signatures and the Indian IT Act, Amendments to the Indian IT Act, Cybercrime and Punishment
Cyber law, Technology and Students: Indian Scenario.

UNIT IV
Understanding Computer Forensics: Introduction, Historical background of Cyber forensics, Digital
Forensics Science, The Need for Computer Forensics, Cyber Forensics and Digital evidence, Forensics
Analysis of Email, Digital Forensics Lifecycle, Chain of Custody concept, Network Forensics, Approaching
a computer, Forensics Investigation, Challenges in Computer Forensics, Special Tools and Techniques
Forensics Auditing

UNIT V
Cyber Security: Organizational Implications: Introduction, Cost of Cybercrimes and IPR issues, Web
threats for Organizations, Security and Privacy Implications, Social media marketing: Security Risks and
Perils for Organizations, Social Computing and the associated challenges for Organizations.

TEXT BOOK:
1. Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal Perspectives,
Nina Godbole and Sunil Belapure, Wiley INDIA.
2. Introduction to Cyber Security , Chwan-Hwa(john) Wu,J.David Irwin.CRC Press T&F Group
REFERENCE BOOK:
1. Cyber Security Essentials, James Graham, Richard Howard and Ryan Otson, CRC Press.
 JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY HYDERABAD

M.Tech-CN - I Year - II Sem

INFORMATION SYSTEMS CONTROL AND AUDIT

(Core Elective-IV)

Objectives:
To learn about the information system control
To learn about the information system auditing
To learn about the management control, application control framework.
To learn about collection of evidence, evaluation of evidence

Unit- I
Overview of Information System Auditing, Effect of Computers on Internal Controls, Effects of Computers
on Auditing, Foundations of information Systems Auditing, Conducting an Information Systems Audit.
The management Control Framework-I: Introduction, Evaluating the planning Function, Evaluating the
Leading Function, Evaluating the Controlling Function, Systems Development Management Controls,
Approaches to Auditing Systems Development, Normative Models of the Systems Development Process,
Evaluating the Major phases in the Systems Development Process, Programming Management Controls,
Data Resource Management Controls.

Unit- II
The Management Control Framework-II: Security Management Controls, Operations management
Controls Quality assurance Management Controls.
The Application Control Framework-I: Boundary Controls, Input Controls, Communication Controls.

Unit-III
The Application Control Framework-II: Processing Controls, Database Controls, output Controls.

Unit- IV
Evidence Collection: Audit Software, Code Review, Test Data, and Code Comparison, Concurrent
Auditing techniques, Interviews, Questionnaires, and Control Flowcharts. Performance Management
tools.

Unit -V
Evidence Evaluation: Evaluating Asset Safeguarding and Data Integrity, Evaluating System
Effectiveness, Evaluating System Efficiency.

REFERENCES
1. Ron Weber, Information Systems Control and Audit, Pearson Education, 2002.
2. M.Revathy Sriram, Systems Audit, TMH, New Delhi, 2001.
3. Jalote : Software Project Mangement in Practice, Pearson Education
4. Royce : Software Project Management, Pearson Education.
 JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY HYDERABAD

M.Tech-CN - I Year - II Sem

NETWORK SECURITY LAB.

Objectives:
• The Network Security Lab tries to present several hands-on exercises to help reinforce the
students knowledge and understanding of the various network security aspects.
•To implement of cryptographic algorithms.

The following exercises are based on the cryptographic algorithms. They can be implemented
using C, C++, Java, etc.
1. Write a C program that contains a string(char pointer) with a value ‘Hello world’. The
program should XOR each character in this string with 0 and displays the result.
2. Write a C program that contains a string(char pointer) with a value ‘Hello world’. The
program should AND or and XOR each character in this string with 127 and display the
result.
3. Write a Java program to perform encryption and decryption using the following
algorithms
a. Ceaser cipher b. Substitution cipher c. Hill Cipher
4. Write a C program to implement the DES algorithm logic.
5. Write a JAVA program to implement the DES algorithm logic.
6. Write a Java program that contains functions, which accept a key and input text to be
encrypted/decrypted. This program should use the key to encrypt/decrypt the input by
using the triple Des algorithm. Make use of Java Cryptography package.
7. Write a C/JAVA program to implement the Blowfish algorithm logic.
8. Write a C/JAVA program to implement the Rijndael algorithm logic.
9. Write the RC4 logic in Java
10. Using Java cryptography, encrypt the text “Hello world” using Blowfish. Create your
own key using Java keytool.
11. Implement DES-2 and DES-3 using Java cryptography package.
12. Write a Java program to implement RSA algorithm.
13. Implement the Diffie-Hellman Key Exchange mechanism using HTML and JavaScript.
Consider the end user as one of the parties(Alice) and the JavaScript application as the
other party(Bob)
14. Calculate the message digest of a text using the SHA-1 algorithm in JAVA.
15. Calculate the message digest of a text using the MD5 algorithm in JAVA.
16. Explore the Java classes related to digital certificates.
17. Create a digital certificate of your own by using the Java keytool.
18. Write a Java program to encrypt users passwords before they are stored in a database
table, and to retrieve them whenever they are to be brought back for verification.
19. Key generation(public and private key pair) can be performed using Java. Write a
program which can do this.
20. Write a program in java, which performs a digital signature on a given text.
21. Study phishing in more detail. Find out which popular bank sites have been phished and
how.
TEXT BOOK:
1. Build Your Own Security Lab, Michael Gregg, Wiley India.
PART - B
The following exercises have to be performed using various software tools/utilities mentioned
1. Passive Information Gathering
a. IP Address and Domain Identification of log entries – DNS, RIR, etc tools
b. Information Gathering of a web site: WHOIS, ARIN, etc tools
c. Banner Grabbing: Netcat, etc tools
2. Detecting Live Systems
 a. Port Scanning : Nmap,SuperScan
b. Passive Fingerprinting: Xprobe2
c. Active Fingerprinting: Xprobe2
3. Enumerating Systems
a. SNMP Enumeration: SolarWinds IP Network Browser,
www.solarwinds.com/downloads
b. Enumerating Routing Protocols: Cain & Abel tool, www.oxid.it
4. Automated Attack and Penetration Tools
a. Exploring N-Stalker, a Vulnerability Assessment Tool, www.nstalker.com
5. Defeating Malware
a. Building Trojans, Rootkit Hunter: www.rootkit.nl/projects/rootkit_hunter.html
b. Finding malware
6. Securing Wireless Systems
a. Scan WAPs: NetStumbler, www.netstumbler.com/downloads
b. Capture Wireless Traffic: Wireshark, www.wireshark.org

TEXT BOOK:
1. Build Your Own Security Lab, Michael Gregg, Wiley India.