Computing Systems Security I

[M.Tech. (CrS) I]

Room No. SN Bose 718 (January-April, 2026)

• Lectures: Monday at 2:15 PM, Thursday at 2:15 PM

• Tutorial/Discussion:  Friday at 2:15 PM (CD Deshmukh, Room No. 407)

Evaluation

• Mid-Semester Examination - 30%

• End-Semester Examination - 50%

• Quizzes -  10%

• Assignments - 10%

Quizzes will be held on Feb 12 and Mar 16, 2026

Topics to be covered

• Introduction to basic security services: Confidentiality, integrity, availability, nonrepudiation, privacy.

• Anatomy of an Attack: Network Mapping using ICMP queries, TCP Pings, traceroutes, TCP and UDP port scanning, FTP bounce scanning, stack fingerprinting techniques, Vulnerability scanning, System and Network Penetration, Denial of Service.

• Network Layer Protocols attacks and defense mechanisms: Hacking Exploits in ARP, IP4, IPv6, ICMP based DOS, ICMP covert Tunneling, Network Controls against flooding, Network Monitoring, SSL, IPSEC.

• Transport Layer Protocols Attacks and Defense mechanisms: Covert TCP, TCP Synflooding DOS, TCP Sequence Number Prediction attacks, TCP session hijacking, UDP Hacking Exploits, Network security controls for defense mechanism, OS hardening, kernel parameter tuning, DDOS and DDOS Mitigation, Stateful firewall, application firewalls, HIDS, NIDS and IPS.

• Application Layer Protocol Attacks and Defense mechanisms: DNS spoofing attacks, DNS cache poisoning attacks, organization activity finger print- ing using DNS, SMTP vulnerability and Hacking Exploits, Mails relays, SMTP Security and Controls, HTTP hacking, Buffer Overflow Attacks, SQL Injection, Cross Side Scripting HTTP security and controls.

• Malware detection and prevention

References

1. Ross Anderson: Security Engineering, 2nd ed., Wiley. Available online: http://www.cl.cam.ac.uk/∼rja14/book.html.

2. C.P. Pfleeger, S.L. Pfleeger, J. Margulies: Security in Computing, 5th ed., Prentice Hall, 2015.

3. David Wheeler: Secure Programming HOWTO. Available online: https://dwheeler.com/secure-programs/.

4. Michal Zalewski: Browser Security Handbook, Michael Zalewski, Google. Available online: https://code.google.com/archive/p/browsersec/wikis/Main.wiki.

5. B. S. Schneier: Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition, John Wiley and Sons, New York, 1995.

6. A. Menezes, P. C. Van Oorschot and S. A. Vanstone: Handbook of Applied Cryptography, CRC Press, Boca Raton, 1996.

Course

• 05-January-2026: Confidentiality, integrity, availability

• 08-January-2026: Nonrepudiation, privacy

Reference: MIT LECTURE NOTES, SLIDE

• 12-January-2026: Network Mapping using ICMP queries [SLIDE]

• 15-January-2026: Ethical Hacking (lecture by Mr. Sabyasachi Mustafi,  Security Solution Architect, VAPT, ERICSSON)

• 19-January-2026: TCP Pings [SLIDE]

Surprise Test - 1

(Date: 19 January 2026)

• 22-January-2026: Holiday (ISI Kolkata Annual Sports Day)

• 26-January-2026: Holiday (Republic Day)

• 29-January-2026: Traceroutes, TCP and UDP Port Scanning [SLIDE1 and SLIDE2]

• 05-February-2026: FTP Bounce Scanning, Stack Fingerprinting Techniques [SLIDE1 and SLIDE2]

• 09-February-2026: Vulnerability Scanning [SLIDE]

• 16-February-2026: System and Network Penetration [SLIDE]

• 19-February-2026: Denial of Service [SLIDE]

Class Test - 1

(Date: 12 February 2026)

• 16-February-2026: System and Network Penetration [SLIDE]

• 19-February-2026: Denial of Service [SLIDE]