Information Security Education and Awareness project (ISEA)
From IIITM-k-wiki
Contents |
About the Programme
Information Security is an emerging area. At present there are very few information security professionals in the country. Also, the information security awareness level is low in the country. This necessitates development of specialized manpower, both at the high end and the low end. Realising the importance of cyber/Information security, the “Information Security Education & Awareness” project has been initiated by Department of Information Technology (DIT) under Ministry of Communication and Information and Technology (MCIT). The project is being implemented by 9 Resource Centers (RCs) and 32 Participating Institutes (PIs). DIT, MCIT has initiated this project with the following broad objectives.
Broad Aim of the Project
- Introduction of Information Security Curriculum at M.Tech & B.Tech level and Research Activity/PhD
- Education Exchange Programme
- Train System Administrators/Professionals
- Train Government Officers – Center and State, on Information Security issues i.e. computer networking, cyber hygiene, data security etc.
- Bring Information Security Awareness in the country
- Start Education Exchange Programme
Funded by
The project is funded by Department of Information Technology, Ministry of Communication and Information Technology, Government of India.
Launched by
The project is launched by Department of Information Technology, Ministry of Communication and Information Technology, Government of India in association with the following institutions.
Resource Centres
- IIT Delhi
- IIT Bombay
- IIT Madras
- IIT Guwahati
- IIT Kharagpur
- IIT Roorkee
- IIT Kanpur
- IISc Bangalore
- TIFR Mumbai
Participating Institutions
- NITs
- IIITs
- Premier Engineering Colleges
- Societies of DIT
Short courses on Security
Security Awareness Program
Target Audience: Govt officials Organisd by IIITM-K Duration: 50 Hours
Course Wiki College essay guidelines
Security Training Program
Target Audience: Fresh Graduates, System Administrators, Research Community
Duration: Two Weeks
Pre-requisites: Basic knowledge of computer systems
Learning Module I: Introduction to System Administration (4 hrs Lecture + 4 hrs Lab)
- Overview of Systems and network services - 20 min
- Introduction to Network Devices - 15 min
- Duties of System Administrators - 15 min
- Planning the Network - 30 min
- Shell Commands - 60 min
- Editors vi, pico, emacs - 40 min
- Shell Scripts - 60 min Total 240 min Lecture
- Lab: Exposure to network devices (NIC, Hub, Switch, router, Cables, sockets etc.., Shell commands, editors, shell scripts)
Learning Module II: System Installation and Management (4 hrs Lecture + 4 hrs Lab)
- Overview of System. Installation - 30 min
- Startup scripts and Configuration Files - 60 min
- Managing user accounts. - 30 min
- User/Group privileges [umask, groupadd, etc..] - 30 min
- SUID, GUID, Sticky bit - 45 min
- Software Package Installation - 45 min Total 240 mins Lecture
- Lab: OS installation – CD, Network-NFS, FTP,HTTP, Kickstart
Learning Module III: File Systems & Hierarchy
- Historical Perspective - 15 min
- Concept of File System and its types - 30 min
- Working with File Systems. [Hierarchy etc.] - 60 min
- Different types of files - 25 min
- File attributes and permissions[chattr, lsattr, setfacl etc..] - 60 min
- Mounting local and networked file system - 50 min Total 240 mins Lecture
- Lab: Exposure to file systems. [Exercise on locating important files and directories.], hard/soft links, changing attributes of a file, setting access controls, mounting file systems.
Learning Module IV: Networking
- Network resources- overview - 30 min
- TCP/IP Networking - 80 min
- Overview of Network Services - 40 min
- Network File Systems (NFS)
- Network Information Systems (NIS)
- Internetworking Concepts - 30 min Total 180 mins Lecture
- Lab:
Learning Module V: Internet Services and Security
- History of Internet - 20 min
- Internet Services - 60 min
- Domain name service
- Web and Email Service
- Remote Access Service
- Security - 90 min
- Definition of security & threat
- Concept of CIA
- Broad Classification
- Configuring iptables
- Best Practices Total 170 mins Lecture
- Lab:
Learning Module VI: Maintenance and Troubleshooting
- Periodic Maintenance [importance, highlights] - 20 min
- Performance Monitoring - 30 min
- Log Management [ syslog, logrotate etc.] - 60 min
- Upgradation and Patch - 20 min
- System analysis tools - 30 min Total 160 mins Lecture
- Lab:
Learning Module VII: Backup and Recovery
- Archiving and Compressing Files - 30 min
- Local and Remote backup. - 30 min
- Backup tools [dump etc] - 30 min
- Best Practices - 30 min Total 120 mins Lecture
- Lab:
Hands-On Session
Application Level Security
WebGoat Project is insecure Java application built to teach web application security vulnerabilities. The application presents some kind of security lapse and the users have to figure it out. The current version WebGoat 5.0 supports
- Cross Site Scripting (XSS)
- Thread Safety
- Hidden Form Field Manipulation
- Weak Session Cookies
- SQL Injection Fail
- Open Authentication
Network Level Security
Dsniff Project is collection of tools for penetration testing at the network level. Some of the tools and corresponding functionality available is listed as under: Passive Monitoring of network for passwords, e-mail, files, etc
- filesnarf
- mailsnarf
- msgsnarf
- urlsnarf
- webspy
Facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching).
- arpspoof
- dnsspoof
- macof
Implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI
- sshmitm
- webmitm
Snort Project is a an open source lightweight intrusion detection system (IDS)utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods as compared to comercially available systems. Over the years, Snort has evolved into a mature, feature rich technology that has become the de facto standard in intrusion detection and prevention.
RADIUS (Remote Authentication Dial In User Service) is an AAA (authentication, authorization and accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
FakeAP The polar opposite of hiding your network by disabling SSID broadcasts- Black Alchemy's Fake AP generates thousands of counterfeit 802.11b access points. As part of a honeypot or as an instrument of one's web-site security plan, Fake AP confuses Wardrivers, NetStumblers, Script Kiddies, and other scanners.
eISSA
Discussion with Prof K Subramanian, Monday October 01, 2007 Members Present
- Prof. K Subramanian
- Prof. KRS
- Dr. Venkatesh
- Prof. Peethambram
- Md. Meraj Uddin
Points Discussed
- Bring experts on various areas related to security and video record the entire session
- Prof. Balaki, IISc: Stegnography, Encryption...
- No digital watermarking, DRM
- Building Security at Design Level
- International curriculum on Information Security by USA... Prof. KS will make available a copy of the curriculum.
- 4 Compartment
- Cryptography
- Security holes lie with Application Program not with crypto algo...
- How to write secure code, Start a new course in this area
- Right management and Digital watermarking
- Course on IT
- Infrastructure
- Network
- Application
- Access Control
- Control System
- Delivery System
- Environment
- Courses are different for the different audience... Manager, IT experts
- Industry Academia Consortium
- Virtual Currency
- ISEA: There is no coordination among the members of RCs and PIs
