Information Security (CS/SE/DS-3002)

Section 1:
Introduction

Course Outline & Overview

 Agenda
• Credits – 3+0
• Course Instructor’s introduction
• Course prerequisites
- Data Communication & Computer Networks Course
• What is IT security ?
- Info Security = Computer Sec + Network Sec
• Course contents (Detailed outline will be
reflected on LMS)
- Brief Overview
 Things you need to know
• Course Instructor:
PhD Candidate – Computer Science (Cyber-Security)
Engr. Asif Rafiq, Senior Lecturer/Assistant Director Quality
Enhancement Cell (MSc-IT from KTH Sweden, BCE from SSUET Karachi)
(Having more than 12 years of Industry/Professional Experience)

• E-post:
[email protected]
[email protected]
• Office Room #: SF – 231
Students’ Consultation Hours will be seen on faculty room’s Notice
Board.
• Student Consultation
Take appointment before meeting, preferably via above mentioned e-
posts
Things you need to know....
• Rules & Regulations: (Strictly Comply)

- Onsite Classes/Lectures are mandatory for all.

- Class decorum must be maintained (any gadgets including
Mobile Phones must be either in silent mode or better be
switched off)
- No late arrivals/comers will be entertained
- Attendance will be taken within 1st 10 minutes. (min 75%
attendance required for exams).
- No LAME excuses will be entertained
- No Make-ups/Late submissions for Assignments & Quizzes etc.
 Things you need to know....

Text Book:
• Principles of Information Security (5th Edition) –
Michael E. Whitman (available in Lib)

Reference Books:
• Network Security (2nd Edition) – Private
Communication in a Public World by Charlie
Kaufman & Radia Perlman
• Information Security – 6th Edition – William Stallings
Main Objectives Of IT Security (Security Services -
CIA)
• Confidentiality – Protects against disclosure to unauthorized
identities.
• Integrity – Protects from unauthorized data alteration.
Keeping info in its original form.
• Availability - ensures authorized people can access the
information when needed and that all hardware and software
are maintained properly and updated when necessary. DRC,
Auto Failover (PDC/BDC)etc.
 Three Foundations/Pillars Of IT Security
• People – Ex-employee, Employees need to train how to
implement security policies.
• Processes – acceptable rules for using/non using of things.
Check List/SOPs/Pre-defined Procedures.
• Technology – Hardware & software techniques to implement
security. Router/Firewalls/IPS etc.
 Course Sections

• Section 1:
– Introduction (General Security Architecture &
Frameworks)
• Section 2:
– The Threat Environment: Attackers & Their Attacks
• Section 3:
– Cryptography: An Introduction & detailed working
• Section 4:
– Network Security Related Topics
 Section 1: Introduction
• Course Introduction
- Computer Security - generic name for the
collection of tools designed to protect data
and to thwart hackers.
- Network Security - measures to protect data
during its transmission over a Network.
- Internet Security - measures to protect data
during its transmission over a collection of
interconnected networks
 Section 1: Introduction

• Course Introduction
• History Of Cryptography
• Types of Encryption
• Symmetric/Asymmetric Encryption Algorithms & Techniques
 Section 2: The Threat Environment

• The threat environment—attackers and their attacks (MITM)

• Basic security terminology
• Employee and ex-employee threats
• Traditional external attackers
 Section 3: Introduction To Cryptography…

• Definitions & concepts

• Types of ciphers: substitution and transposition
• Block and stream ciphers
• Symmetric vs. asymmetric algorithms
• Message integrity (one way hash)
• Message Authentication Code (MAC)
• Digital signatures
 …Section 3: Introduction To Cryptography

• PKI
• Key management (Deiffi Hellman)
• Email security (S/MIME, PGP)
• Internet security/web sec (SSL/TLS)
• Secure shell (SSH) – REMOTE LOGIN
• IPSEC (VPN)
 Section 4: Network Security Topics
• Enterprise network architecture
• Firewalls - TYPES
• Intrusion detection & prevention systems (IDPS/IPS)
• System & server security (MS/LINUX)
• Web application security
• Database security (SQL Injection)
• Vulnerability assessment & penetration testing (kali
linux)
• NAC, DLP, 2FA, & other security measures