0% found this document useful (0 votes)
386 views53 pages

17EGICS065 - Cyber Security Lab File

The document provides information on a Cyber Security lab file from Geetanjali Institute of Technical Studies. It includes the vision, mission, and course outcomes of the Computer Science and Engineering department. It also lists the recommended system requirements and textbooks for the lab. The laboratory outcomes are described as implementing cipher techniques, developing security algorithms, using open source security tools, and analyzing and resolving security issues. The document then provides the index of experiments to be performed in the lab on topics like substitution and transposition ciphers, Diffie-Hellman key exchange, and brute force attacks.

Uploaded by

Milind jain
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
386 views53 pages

17EGICS065 - Cyber Security Lab File

The document provides information on a Cyber Security lab file from Geetanjali Institute of Technical Studies. It includes the vision, mission, and course outcomes of the Computer Science and Engineering department. It also lists the recommended system requirements and textbooks for the lab. The laboratory outcomes are described as implementing cipher techniques, developing security algorithms, using open source security tools, and analyzing and resolving security issues. The document then provides the index of experiments to be performed in the lab on topics like substitution and transposition ciphers, Diffie-Hellman key exchange, and brute force attacks.

Uploaded by

Milind jain
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 53

Geetanjali Institute of Technical Studies

(Approved by AICTE, New Delhi and Affiliated to Rajasthan Technical University Kota (Raj.))

DABOK, UDAIPUR, RAJASTHAN 313022

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

B. Tech - VIII SEMESTER

ACADEMIC YEAR – 2020-21

CYBER SECURITY LAB FILE


(7CS4-22)

Submitted By:
MILIND D JAIN
17EGICS065
VISION & MISSION OF DEPARTMENT

VISION

To nurture the students to become employable graduates who can provide solutions to the societal
issues through ICT.

MISSION

• To focus on practical approach towards learning and exposing the students on the latest ICT
technologies.
• To foster logical thinking among the students to solve real-time problems using innovative
approaches.
• To provide state-of-the-art resources that contributes to inculcate ethical & life-long
learning environment.

COURSE OUTCOMES (COs)

Students will be able to solve and relate mathematic concepts behind the
CO1
cryptographic algorithms.

CO2 Students will be able to explain basic operations of cryptographic algorithms.

Students will be able to describe various private and public key security
CO3
algorithms used for network security along with its encryption and decryption.
Students will be able to evaluate various scenarios and apply the required type of
CO4
algorithm for ensuring security.
Students will be able analyze protocols for various security objectives with
CO5
cryptographic tools.
RECOMMENDED SYSTEM/SOFTWARE REQUIREMNTS
1. Intel based desktop PC with minimum, of 2.6 GHz or faster processor with at least 256 MB
RAM and 40 GB free disk drive.
2. Operation system: Any windows version
3. Software: Java JDK / Turbo C++ IDE (TurboC3), any cryptography tool.

TEXT / REFERENCE BOOKS

• Atul Kahate, Cryptography and Network Security, TMH Publications.


• William Stallings, Network Security, Pearson Publications.

LABORATORY OUTCOMES

• The student should be able to Implement the cipher techniques.


• Develop the various security algorithms.
• Use different open source tools for network security and analysis
• To learn & use the new tools and technologies used for designing some security principles.
• Analyse and resolve security issues in networks and computer systems to secure an IT
infrastructure.
Index

S.No. Program Title Date Remarks Signature

Implement the following Substitution &


Transposition Techniques concepts:
1
a) Caesar Cipher
b) Rail fence row & Column Transformation
Implement the Diffie-Hellman Key Exchange
2 mechanism Consider the end user as one of the
parties (Alice) and the other party (bob).

3 Implement the following Attack: Brute Force Attack

Installation of Wire shark, tcpdump, etc and


observe data transferred in client server
4
communication using UDP/TCP and identify the
UDP/TCP datagram.
Installation of rootkits and study about the variety
5
of options.
Perform an Experiment to Sniff Traffic using ARP
6
Poisoning.
Demonstrate intrusion detection system using any
7.
tool (snort or any other s/w).
Demonstrate how to provide secure data storage,
8. secure data transmission and for creating digital
signatures.
EXPERIMENT NO. 1

AIM: Implement the following Substitution & Transposition Techniques concepts:

a) Caesar Cipher

PROGRAM:
#include<stdio.h>
#include<string.h>
#include<conio.h>
#include <ctype.h>
void main()
{
char plain [10],ciphe[10];
int key, i, length;
int result; clrscr ();
printf ("\n Enter the plain text:");
scanf ("%s", plain);
printf ("\n Enter the key value:");
scanf ("%d", &key);
printf ("\n \n \t PLAIN TEXt: %s”, plain);
printf ("\n \n \t ENCRYPTED TEXT: ");
for(i = 0, length = strlen(plain); i < length; i++)
{
cipher[i]=plain[i] + key;
if (isupper(plain[i]) && (cipher[i] > 'Z')) cipher[i]cipher[i] - 26;

if (islower(plain[i]) && (cipher[i] > 'z')) cipher[i] =


cipher[i] - 26;
printf("%c", cipher[i]);
}
Printf ("\n \n \t AFTER DECRYPTION");
for (i=0; i<length;i++)
{
plain[i]=cipher[i]-key;
if(isupper(cipher[i])&&(plain[i]<'A'))
plain[i]=plain[i]+26;
if(islower(cipher[i])&&(plain[i]<'a'))
plain[i]=plain[i]+26; printf("%c",plain[i]);
}
getch ();
1
7CS4-22 CYBER SECURITY LAB 17EGICS065
}

SAMPLE INPUT-OUTPUT:

RESULT: Thus, the implementation of Caesar cipher had been executed successfully

2
7CS4-22 CYBER SECURITY LAB 17EGICS065
AIM: Implement the following Substitution & Transposition Techniques concepts:

b) Rail fence row & Column Transformation

PROGRAM:
#include<stdio.h>
#include<conio.h>
#include<string.h>
void main ()
{
int i, j, k ,l;
char a [20], c [20], d [20];
clrscr();
printf ("\n\t\t RAIL FENCE TECHNIQUE");
printf ("\n\nEnter the input string: ");
gets(a);
l=strlen(a);

/*Ciphering*/ for(i=0,j=0;i<l;i++)
{
if(i%2==0)
c[j++]=a[i];
}
for(i=0;i<l;i++)
{
if(i%2==1)
c[j++]=a[i];
}
c[j]='\0';
printf ("\nCipher text after applying rail fence :");
printf("\n%s",c);

/*Deciphering*/
if(l%2==0)
k=l/2;
else
k=(l/2)+1;
for(i=0,j=0;i<k;i++)
{
d[j]=c[i]; j=j+2;
3
7CS4-22 CYBER SECURITY LAB 17EGICS065
}
for(i=k,j=1;i<l;i++)
{
d[j]=c[i]; j=j+2;
}
d[l]='\0';
printf ("\nText after decryption: ");
printf ("%s”, d);
getch ();
}

4
7CS4-22 CYBER SECURITY LAB 17EGICS065
SAMPLE INPUT-OUTPUT:

RESULT: Thus, the rail fence algorithm had been executed successfully.

5
7CS4-22 CYBER SECURITY LAB 17EGICS065
EXPERIMENT NO. 2

AIM: Implement the Diffie-Hellman Key Exchange mechanism Consider the end user as one of the
parties (Alice) and the other party (bob).

PROGRAM:
#include<stdio.h>
#include<conio.h>
long long int power (int a, int b, int mod)
{
long long int t;
if(b==1)
return a; t=power(a,b/2,mod);
if(b%2==0)
return (t*t)%mod;
else
return (((t*t)%mod)*a)%mod;
}
long int calculate Key (int a, int x, int n)
{
return power (a ,x ,n);
}
void main ()
{
int n,g,x,a,y,b;
clrscr();
printf ("Enter the value of n and g: ");
scanf ("%d%d", &n, &g);
printf ("Enter the value of x for the first person: ");
scanf ("%d", &x);
a=power(g,x,n);
printf ("Enter the value of y for the second person: ");
scanf ("%d", &y);
b=power(g,y,n);

6
7CS4-22 CYBER SECURITY LAB 17EGICS065
printf ("key for the first person is :%lld\n",power(b,x,n));
printf ("key for the second person is :%lld\n",power(a,y,n));
getch ();
}

SAMPLE INPUT-OUTPUT:

RESULT:
Thus, the Diffie-Hellman key exchange algorithm had been successfully implemented
using C.

7
7CS4-22 CYBER SECURITY LAB 17EGICS065
EXPERIMENT NO. 3

AIM: Implement the following Attack: Brute Force Attack Using MD5 hashing technique

PROGRAM:
#include<stdlib.h>
#include <stdio.h>
#include <string.h>
#include <math.h>
#include<conio.h>
typedef union uwb
{
unsigned w; unsigned
char b[4];
} MD5union;
typedef unsigned DigestArray[4];
unsigned func0( unsigned abcd[] ){
return ( abcd[1] & abcd[2]) | (~abcd[1] & abcd[3]);}
unsigned func1 ( unsigned abcd[] ){
return ( abcd[3] & abcd[1]) | (~abcd[3] & abcd[2]);}
unsigned func2 ( unsigned abcd[] ){
return abcd[1] ^ abcd[2] ^ abcd[3];}
unsigned func3( unsigned abcd[] ){ return
abcd[2] ^ (abcd[1] |~ abcd[3]);}
typedef unsigned (*DgstFctn)(unsigned a[]);
unsigned *calctable( unsigned *k)
{
double s, pwr;
int i;
pwr = pow( 2, 32);
for (i=0; i<64; i++)
{
s = fabs(sin(1+i));
k[i] = (unsigned)( s * pwr );
8
7CS4-22 CYBER SECURITY LAB 17EGICS065
}
return k;
}
unsigned rol ( unsigned r, short N )
{
unsigned mask1 = (1<<N) -1;
return ((r>>(32-N)) & mask1) | ((r<<N) & ~mask1);
}

unsigned *md5( const char *msg, int mlen)


{
static DigestArray h0 = { 0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476 };
static DgstFctn ff[] = { &func0, &func1, &func2, &func3}; static short M[] = { 1, 5, 3,
7 };
static short O[] = { 0, 1, 5, 0 }; static short rot0[] = { 7,12,17,22}; static short rot1[] = {
5, 9,14,20}; static short rot2[] = { 4,11,16,23}; static short rot3[] = { 6,10,15,21};
static short *rots[] = {rot0, rot1, rot2, rot3 };
static unsigned kspace[64];
static unsigned *k;
static Digest Array h;
Digest Array abcd;
Dgst Fctn fctn;
short m, o, g; unsigned f; short *rotn; union
{

}mm;

unsigned w[16]; char b[64];

int os = 0;
int grp, grps, q, p; unsigned char *msg2;
if (k==NULL) k= calctable(kspace);

for (q=0; q<4; q++) h[q] = h0[q]; // initialize


{
grps = 1 + (mlen+8)/64; msg2 = malloc( 64*grps); memcpy( msg2, msg, mlen);

9
7CS4-22 CYBER SECURITY LAB 17EGICS065
msg2[mlen] = (unsigned char)0x80; q = mlen + 1;
while (q < 64*grps){ msg2[q] = 0; q++ ; }
{
MD5union u;
u.w = 8*mlen; q -= 8;
memcpy(msg2+q, &u.w, 4 );
}
}
for (grp=0; grp<grps; grp++)
{
memcpy( mm.b, msg2+os, 64);

for(q=0;q<4;q++) abcd[q] = h[q]; for (p = 0; p<4; p++)


{
fctn = ff[p]; rotn = rots[p];
m = M[p]; o= O[p];
for (q=0; q<16; q++)
{
g = (m*q + o) % 16;
f = abcd[1] + rol( abcd[0]+ fctn(abcd)+k[q+16*p]
+ mm.w[g], rotn[q%4]); abcd[0] = abcd[3];
abcd[3] = abcd[2];
abcd[2] = abcd[1]; abcd[1] = f;
}}
for (p=0; p<4; p++) h[p] += abcd[p];
os += 64;
}
return h;}
void main ()
{
int j, k;
const char *msg = "The quick brown fox jumps over the lazy dog";
unsigned *d = md5(msg, strlen(msg));
MD5union u;
Clrscr ();

10
7CS4-22 CYBER SECURITY LAB 17EGICS065
printf ("\t MD5 ENCRYPTION ALGORITHM IN C \n\n");
printf ("Input String to be Encrypted using MD5 :\n\t%s",msg);
printf ("\n\nThe MD5 code for input string is: \n");
printf ("\t= 0x");
for (j=0;j<4; j++)
{
u.w = d[j];
for (k=0;k<4;k++) printf("%02x",u.b[k]);

}
Printf ("\n");
Printf ("\n\t MD5 Encryption Successfully Completed!!!\n\n");
getch ();
system("pause");
getch ();
}

11
7CS4-22 CYBER SECURITY LAB 17EGICS065
SAMPLE INPUT-OUTPUT:

RESULT:

Thus, the implementation of MD5 hashing algorithm had been implemented successfully
using C.

12
7CS4-22 CYBER SECURITY LAB 17EGICS065
EXPERIMENT NO. 4

AIM: Installation of Wire shark, tcpdump, etc and observe data transferred in client server
communication using UDP/TCP and identify the UDP/TCP datagram.

INTRODUCTION:

Wireshark is an open-source packet analyser, which is used for education, analysis, software
development, communication protocol development, and network troubleshooting.

It is used to track the packets so that each one is filtered to meet our specific needs. It is
commonly called as a sniffer, network protocol analyser, and network analyser. It is also used by
network security engineers to examine security problems.

Wireshark can be used in the following ways:

1. It is used by network security engineers to examine security problems.


2. It allows the users to watch all the traffic being passed over the network.
3. It is used by network engineers to troubleshoot network issues.
4. It also helps to troubleshoot latency issues and malicious activities on your network.
5. It can also analyze dropped packets.
6. It helps us to know how all the devices like laptop, mobile phones, desktop, switch,
routers, etc., communicate in a local network or the rest of the world.

Installation of Wireshark Software

Below are the steps to install the Wireshark software on the computer:

o Open the web browser.


o Search for 'Download Wireshark.'
o Select the Windows installer according to your system configuration, either 32-bt or 64-
bit. Save the program and close the browser.
o Now, open the software, and follow the install instruction by accepting the license.
o The Wireshark is ready for use.

On the network and Internet settings option, we can check the interface connected to our
computer.
13
7CS4-22 CYBER SECURITY LAB 17EGICS065
If you are Linux users, then you will find Wireshark in its package repositories.

By selecting the current interface, we can get the traffic traversing through that interface. The
version used here is 3.0.3. This version will open as:

SCREENSHOTS:

14
7CS4-22 CYBER SECURITY LAB 17EGICS065
There will be detailed information on HTTP packets, TCP packets, etc. The red button is shown
below:

You can also select the connection to which your computer is connected. For example, in this PC,
we have chosen the current network, i.e., the ETHERNET.

15
7CS4-22 CYBER SECURITY LAB 17EGICS065
After connecting, you can watch the traffic below:

There is a filter block below the menu bar, from where a large amount of data can be filtered. For
example, if we apply a filter for HTTP, only the interfaces with the HTTP will be listed.

16
7CS4-22 CYBER SECURITY LAB 17EGICS065
Steps for the permanent colorization are: click on the 'View' option on the menu bar and select
'Coloring Rules.' The table will appear like the image shown below:

17
7CS4-22 CYBER SECURITY LAB 17EGICS065
Adding Keys: Wireless Toolbar

➢ If the system is having the Windows version of Wireshark and have an


AirPcap adapter, then we can add decryption keys using the wireless
toolbar.
➢ If the toolbar isn't visible, you can show it by selecting View
€Wireless Toolbar.
➢ Click on the Decryption Keys button on the toolbar:

18
7CS4-22 CYBER SECURITY LAB 17EGICS065
➢ This will open the decryption key management window. As shown in the
window you can select between three decryption modes: None, Wireshark
and Driver:

RESULT: Thus, Installation of Wire shark, tcpdump, etc and observe data transferred in client
server communication using UDP/TCP and identify the UDP/TCP datagram was done successfully.

19
7CS4-22 CYBER SECURITY LAB 17EGICS065
EXPERIMENT NO. 5

AIM: Installation of rootkits and study about the variety of options.

INTRODUCTION:

Breaking the term rootkit into the two component words, root and kit, is a useful way to define it.
Root is a UNIX/Linux term that's the equivalent of Administrator in Windows. The word kit
denotes programs that allow someone to obtain root/admin-level access to the computer by
executing the programs in the kit — all of which is done without end-user consent or knowledge.

A rootkit is a type of malicious software that is activated each time your system boots up. Rootkits
are difficult to detect because they are activated before your system's Operating System has
completely booted up. A rootkit often allows the installation of hidden files, processes, hidden
user accounts, and more in the systems OS. Rootkits are able to intercept data from terminals,
network connections, and the keyboard.

Rootkits have two primary functions: remote command/control (back door) and software
eavesdropping. Rootkits allow someone, legitimate or otherwise, to administratively control a
computer. This means executing files, accessing logs, monitoring user activity, and even changing
the computer's configuration. Therefore, in the strictest sense, even versions of VNC are
rootkits. This surprises most people, as they consider rootkits to be solely malware, but in of
themselves they aren't malicious at all.

The presence of a rootkit on a network was first documented in the early 1990s. At that time, Sun
and Linux operating systems were the primary targets for a hacker looking to install a rootkit.
Today, rootkits are available for a number of operating systems, including Windows, and are
increasingly difficult to detect on any network.

PROCEDURE:

STEP-1: Download Rootkit Tool from GMER website www.gmer.net.

STEP-2: This displays the Processes, Modules, Services, Files, Registry, RootKit /
Malwares, Autostart, CMD of local host.
STEP-3: Select Processes menu and kill any unwanted process if any.
STEP-4: Modules menu displays the various system files like .sys, .dll
STEP-5: Services menu displays the complete services running with Autostart,

20
7CS4-22 CYBER SECURITY LAB 17EGICS065
Enable, Disable, System, Boot.
STEP-6: Files menu displays full files on Hard-Disk volumes.
STEP-7: Registry displays Hkey_Current_user and Hkey_Local_Machine.
STEP-8: Rootkits / Malwares scans the local drives selected.
STEP-9: Autostart displays the registry base Autostart applications.
STEP-10:CMD allows the user to interact with command line utilities or Registry

SCREENSHOTS:

21
7CS4-22 CYBER SECURITY LAB 17EGICS065
22
7CS4-22 CYBER SECURITY LAB 17EGICS065
RESULT: Thus, the study of installation of Rootkit software and its variety of options were
developed successfully.

23
7CS4-22 CYBER SECURITY LAB 17EGICS065
EXPERIMENT NO. 6

AIM: Perform an Experiment to Sniff Traffic using ARP Poisoning.

INTRODUCTION:

Address Resolution Protocol (ARP) is a stateless protocol used for resolving IP addresses to
machine MAC addresses. All network devices that need to communicate on the network
broadcast ARP queries in the system to find out other machines’ MAC addresses. ARP Poisoning is
also known as ARP Spoofing.

ARP Poisoning − Exercise

In this exercise, we have used Better CAP to perform ARP poisoning in LAN environment using
VMware workstation in which we have installed Kali Linux and Ettercap tool to sniff the local
traffic in LAN.
For this exercise, you would need the following tools –

• VMware workstation
• Kali Linux or Linux Operating system
• Ettercap Tool
• LAN connection

Step 1 − Install the VMware workstation and install the Kali Linux operating system.
Step 2 − Login into the Kali Linux using username pass “root, toor”.
Step 3 − Make sure you are connected to local LAN and check the IP address by typing the
command ifconfig in the terminal.

24
7CS4-22 CYBER SECURITY LAB 17EGICS065
Step 4 − Open up the terminal and type “Ettercap –G” to start the graphical version of Ettercap.

Step 5 − Now click the tab “sniff” in the menu bar and select “unified sniffing” and click OK to select
the interface. We are going to use “eth0” which means Ethernet connection.

25
7CS4-22 CYBER SECURITY LAB 17EGICS065
Step 6 − Now click the “hosts” tab in the menu bar and click “scan for hosts”. It will start scanning
the whole network for the alive hosts.
Step 7 − Next, click the “hosts” tab and select “hosts list” to see the number of hosts available in
the network. This list also includes the default gateway address. We have to be careful when we
select the targets.

Step 8 − Now we have to choose the targets. In MITM, our target is the host machine, and the
route will be the router address to forward the traffic. In an MITM attack, the attacker intercepts
the network and sniffs the packets. So, we will add the victim as “target 1” and the router address
as “target 2.”
In VMware environment, the default gateway will always end with “2” because “1” is assigned to
the physical machine.
Step 9 − In this scenario, our target is “192.168.121.129” and the router is “192.168.121.2”. So we
will add target 1 as victim IP and target 2 as router IP.

Step 10 − Now click on “MITM” and click “ARP poisoning”. Thereafter, check the option “Sniff
remote connections” and click OK.

26
7CS4-22 CYBER SECURITY LAB 17EGICS065
Step 11 − Click “start” and select “start sniffing”. This will start ARP poisoning in the network which
means we have enabled our network card in “promiscuous mode” and now the local traffic can be
sniffed.

Step 12 − Now it’s time to see the results; if our victim logged into some websites. You can see the
results in the toolbar of Ettercap.

RESULT: Thus, Perform an Experiment to Sniff Traffic using ARP Poisoning were Implemented
successfully.

27
7CS4-22 CYBER SECURITY LAB 17EGICS065
EXPERIMENT NO. 7

AIM: Demonstrate intrusion detection system using any tool (snort or any other s/w).

INTRODUCTION:

INTRUSION DETECTION SYSTEM:


Intrusion detection is a set of techniques and methods that are used to detect suspicious
activity both at the network and host level. Intrusion detection systems fall into two basic
categories:
✓ Signature-based intrusion detection systems
✓ Anomaly detection systems.
Intruders have signatures, like computer viruses, that can be detected using software. You try
to find data packets that contain any known intrusion-related signatures or anomalies related
to Internet protocols. Based upon a set of signatures and rules, the detection system is able to
find and log suspicious activity and generate alerts.

Anomaly-based intrusion detection usually depends on packet anomalies present in protocol


header parts. In some cases, these methods produce better results compared to signature-
based IDS. Usually, an intrusion detection system captures data from the network and applies
its rules to that data or detects anomalies in it. Snort is primarily a rule-based IDS, however
input plug-ins are present to detect anomalies in protocol headers.
SNORT TOOL:

Snort is based on libpcap (for library packet capture), a tool that is widely used in TCP/IPtraffic
sniffers and analyzers. Through protocol analysis and content searching and matching, Snort
detects attack methods, including denial of service, buffer overflow, CGI attacks, stealth port
scans, and SMB probes. When suspicious behavior is detected, Snort sends a real-time alert
to syslog, a separate 'alerts' file, or to a pop-up window.

Snort is currently the most popular free network intrusion detection software. The advantages

28
7CS4-22 CYBER SECURITY LAB 17EGICS065
of Snort are numerous. According to the snort web site, “It can perform protocol

analysis, content searching/matching, and can be used to detect a variety of attacks and
probes, such as buffer overflow, stealth port scans, CGI attacks, SMB probes, OS fingerprinting
attempts, and much more” (Caswell).

One of the advantages of Snort is its ease of configuration. Rules are very flexible, easily
written, and easily inserted into the rule base. If a new exploit or attack is found a rule for the
attack can be added to the rule base in a matter of seconds. Another advantage of snort is
that it allows for raw packet data analysis.

SNORT can be configured to run in three modes:


1. Sniffer mode
2. Packet Logger mode
3. Network Intrusion Detection System mode

PROCEDURE:

STEP-1: Sniffer mode€ snort –v € Print out the TCP/IP packets header on the screen.
STEP-2: Snort –vd € Show the TCP/IP ICMP header with application data in transit.
STEP-3: Packet Logger mode € snort –dev –l c:\log [create this directory in the C drive] and
snort will automatically know to go into packet logger mode, it collects every packet it sees
and places it in log directory.
STEP-4: snort –dev –l c:\log –h ipaddress/24 € This rule tells snort that you want to print out
the data link and TCP/IP headers as well as application data into the log directory.
STEP-5: snort –l c:\log –b € this binary mode logs everything into a single file.
STEP-6: Network Intrusion Detection System mode € snort –d c:\log –h ipaddress/24 –c
snort.conf € This is a configuration file that applies rule to each packet to decide it an
action based upon the rule type in the file.
STEP-7: snort –d –h ip address/24 –l c:\log –c snort.conf € This will configure snort to run in

29
7CS4-22 CYBER SECURITY LAB 17EGICS065
its most basic NIDS form, logging packets that trigger rules specifies in the snort.conf.
STEP-8: Download SNORT from snort.org. Install snort with or without database support.
STEP-9: Select all the components and Click Next. Install and Close.
STEP-10: Skip the Win cap driver installation.
STEP-11: Add the path variable in windows environment variable by selecting new class
path.
STEP-12: Create a path variable and point it at snort.exe variable name € path and
variable value € c:\snort\bin.
STEP-13: Click OK button and then close all dialog boxes. Open command prompt and type
the following commands:

INSTALLATION PROCESS:

30
7CS4-22 CYBER SECURITY LAB 17EGICS065
31
7CS4-22 CYBER SECURITY LAB 17EGICS065
RESULT: Thus, the demonstration of the instruction detection using Snort tool was done
successfully.

32
7CS4-22 CYBER SECURITY LAB 17EGICS065
EXPERIMENT NO. 8

AIM: Demonstrate how to provide secure data storage, secure data transmission and for creating
digital signatures.

INTRODUCTION:

➢ Here’s the final guide in my PGP basics series, this time focusing on Windows
➢ The OS in question will be Windows 7, but it should work for Win8 and
Win8.1 as well
➢ Obviously, it’s not recommended to be using Windows to access the DNM,
but I won’t go into the reasons here.
➢ The tool well be using is GPG4Win

INSTALLING THE SOFTWARE:

1. Visit www.gpg4win.org. Click on the “Gpg4win 2.3.0” button

33
7CS4-22 CYBER SECURITY LAB 17EGICS065
2. On the following screen, click the “Download Gpg4win” button.

3. When the “Welcome” screen is displayed, click the “Next” button

34
7CS4-22 CYBER SECURITY LAB 17EGICS065
4. When the “License Agreement” page is displayed, click the “Next” button

5. Set the check box values as specified below, then click the “Next” button

35
7CS4-22 CYBER SECURITY LAB 17EGICS065
6. Set the location where you want the software to be installed. The default

location is fine. Then, click the “Next” button.

7. Specify where you want shortcuts to the software placed, then click the

“Next” button.

36
7CS4-22 CYBER SECURITY LAB 17EGICS065
8. If you selected to have a GPG shortcut in your Start Menu, specify the folder

in which it will be placed. The default “Gpg4win” is OK. Click the “Install”
button to continue

9. A warning will be displayed if you have Outlook or Explorer opened. If this

occurs, click the “OK” button.

37
7CS4-22 CYBER SECURITY LAB 17EGICS065
10. The installation process will tell you when it is complete.Click the

“Next” button

11. Once the Gpg4win setup wizard is complete, the following screen will be

displayed. Click the “Finish” button

12. If you do not uncheck the “Show the README file” check box, the

README file will be displayed. The window can be closed after you’ve
reviewed it.

38
7CS4-22 CYBER SECURITY LAB 17EGICS065
CREATING YOUR PUBLIC AND PRIVATE KEYS

GPG encryption and decryption is based upon the keys of the person who will be
receiving the encrypted file or message. Any individual who wants to send the person
an encrypted file or message must possess the recipient’s public key certificate to
encrypt the message. The recipient must have the associated private key, which is
different than the public key, to be able to decrypt the file. The public and private
key pair for an individual is usually generated by the individual on his or her computer
using the installed GPG program, called “Kleopatra” and the following procedure:

1. From your start bar, select the “Kleopatra” icon to start the Kleopatra

certificate management software

39
7CS4-22 CYBER SECURITY LAB 17EGICS065
2. The following screen will be displayed

40
7CS4-22 CYBER SECURITY LAB 17EGICS065
3. From the “File” dropdown, click on the “New Certificate” option

4. The following screen will be displayed. Click on “Create a personal

OpenGPG key pair” and the “Next” button

5. The Certificate Creation Wizard will start and display the following:

41
7CS4-22 CYBER SECURITY LAB 17EGICS065
6. Enter your name and e-mail address. You may also enter an optional

comment. Then, click the “Next” button

7. Review your entered values. If OK, click the “Create Key” button

8. You will be asked to enter a passphrase

42
7CS4-22 CYBER SECURITY LAB 17EGICS065
9. The passphrase should follow strong password standards. After you’ve
entered your passphrase, click the “OK” button.

10. You will be asked to re-enter the passphrase

11. Re-enter the passphrase value. Then click the “OK” button. If the passphrases
match, the certificate will be created.

43
7CS4-22 CYBER SECURITY LAB 17EGICS065
12. Once the certificate is created, the following screen will be displayed. You can
save a backup of your public and private keys by clicking the “Make a backup
Of Your Key Pair” button. This backup can be used to copy certificates onto
other authorized computers.

13. If you choose to backup your key pair, you will be presented with the
following screen:

44
7CS4-22 CYBER SECURITY LAB 17EGICS065
14. Specify the folder and name the file. Then click the “OK” button.

15. After the key is exported, the following will be displayed. Click the “OK” button

45
7CS4-22 CYBER SECURITY LAB 17EGICS065
16. You will be returned to the “Key Pair Successfully Created” screen. Click the
“Finish” button.

17. Before the program closes, you will need to confirm that you want to close the
program by clicking on the “Quit Kleopatra” button

DECRYPTING AN ENCRYPTED E-MAIL THAT HAS BEEN SENT TO YOU:

1. Open the e-mail message

46
7CS4-22 CYBER SECURITY LAB 17EGICS065
2. Select the GpgOL tab

3. Click the “Decrypt” button

47
7CS4-22 CYBER SECURITY LAB 17EGICS065
4. A command window will open along with a window that asks for the
Passphrase to your private key that will be used to decrypt the incoming
message.

5. Enter your passphrase and click the “OK” button

48
7CS4-22 CYBER SECURITY LAB 17EGICS065
6. The results window will tell you if the decryption succeeded. Click the “Finish”
button top close the window

7. When you close the e-mail you will be asked if you want to save the e-mail
message in its unencrypted form. For maximum security, click the “No” button.
This will keep the message encrypted within the e-mail system and will require
you to enter your passphrase each time you reopen the e-mail message

RESULT:
Thus, the secure data storage, secure data transmission and for creating digital signatures
(GnuPG) was developed successfully.

49
7CS4-22 CYBER SECURITY LAB 17EGICS065

You might also like