SANDIP FOUNDATION'S SANDIP INSTITUTE OF TECHNOLOGY & RESEARCH CENTRE —Nethrovon inbok Road, al Ds Nosh 422213, Maheratia, Inia Department of E52 Tc és Set —tledQacrle Sece inn! dy bam sath 90618050 aa Title pase | ate Remarks | Sign. LjMesign 2 implement! 1 [@ - 1-23] fo i |_| chePauit 2, D>Dorads 1] }—{2ainted © Porodowed d¢roormmi tral 3 iQ Plointe xd 2 con Focayptien PL G | 19-)-29 decsypting fay drona + pasiliso ciphes | LAl Peyfoner eoceyotion 2] 1% 120-125 nryphicn Par iE Ciphers 41 Irie o program ta | 20 |3-2-23 |_[¥mplement digital 19 Ao bt ee a a 5 Toplemend of co Pay —_t__. This bs to certify that Mr. / Yi Dotsnah C tegthory og FE/Ie,reok. £-3.C___RolNo,_& Completed above experiments successtuly pte Head of Department subject Incharge —< ae ue ppt Scanned with CamScanner& SANDIP FOUNDATIONS. SANDrp _ SANDIPINSTITUTE OF TECHNOLOGY & RESEARCH CENTRE | TOUNTATION Mohiravani, himbok Road, fal, & Dist, Nashik-422213, Manarashira. Indio Department of -_E_§ Te’ aa Suiket nled Dork Aecumiby pam seat to, : T1906) 3050, a Title ] Fae | ate Remarks | Sign. || Pep atucy of woiseless | a [190.09 = pee eee §Peotine of tows |_of mobile Secuniiy fas ole — Hi BiTmplementotian of 149 |3-3-23 | DEA. Implementalion of | |10-3-23 | oe al 3 1a. Toptementotian IA -3-23 Hoth Puoction in.| Demanatrabe pr #4 _124-5-9 This isto certify that Mc/s. _Den soe 0. obleoy ot fle /sle.n€/o}€. 2-5 1 __—_—__ Rll No, 2-G_Completed above experiments successful, Date : Head of Department | _Subject tncharge ____ Scanned with CamScannerFoundation’s Sandip Institute of Technology & Research Centre, Nashik NAAC Accredited ‘A’ Grail, 9001:2008 ISO Certified Institute Department of Electronics & Telecommunication Engineering SUBJECT: Network Security Lab (304198) | EXPERIMENT NO.: 1 \TITLE OF EXPERIMENT: Design and implement for the insecurity of default | passwords, printed passwords and password transmitted in | plain text. | ‘ ate OF PERFORMANCE: 06-6) -2.3 ly [DATE OF SUBMISSION: 13-0\-25 Scanned with CamScannerSandip Foundation's : Sandip Institute of Technology & Research Centre, Nashik NAAC Accredited ‘A’ Grade, 9001:2008 ISO Certified partiaie Department of Electronics & Telecommunication Engineering Subject: Network Security Lab (304198) EXPERIMENT NO. 1 Date: / /20 AIM OF EXPERIMENT: Design and implement for the insecurity of default passwords, printed passwords and password transmitted in plain text. OBJECTIVE: To implement the password security process used for login. OUTCOME: The students will be able to demonstrate knowledge of implementing Password creation and handling process. Pre-lab Req) 1) Enlist different categories of security services. , : rs @ Data integrity @ non. we puirahon 2) What are types of security attacks? De Dannie attack DP Active attack poss SITRC, NASHIK NS LAB MANUAL Scanned with CamScanner: Sandip Foundation's Sandip Institute of Technology & Research C ‘entre, Nashik | NAAC Accredited ‘A’ Grade, 9001:2008 ISO Ceriiied Incinae SANDIP | Department of Electronics & Telecommunication Engineering Subject: Network Security Lab (304198) EXPERIMENT NO. 1 Date: 6) 12095 AIM OF EXPERIMENT: Design and implement for the insecurity of default passwords, Printed passwords and password transmitted in plain text EQUIPMENTS: Personal Computer with C++ compiler. THEORY: - 1. Default password Senerally uses a single default password, which can be easily found online through search or on websites that provide compiled lists. Default passwords are intended to be place holders and used only for the initial setup of hardware o after a factory reset. The user enters the password and is usually prompted to change it as part of the process, but not always, Left unchanged, default passwords provide an easy attack vector for home network equipment; if the owner also connects to a corporate network that risk extends to the business as well. An attacker who logs into a device successfully is likely to have administrative-level access. 2. Printed Password Basically it is taking the characters we enter through getch () function and print * instead of it for every letter we type. While writing a C++ program, if you want to type password and it should not be visible on screen or an * symbol is to be printed. 3. Password transmitted in plain text A plain text password is a way of writing (and sending) a password in a clear, readable format. Seiad is not encrypted and can be easily read by other humans and machines. If you store a password in clear, readable text, anyone who has unauthorized access to your account or device can read it. And if that person is a hacker who has just broken into the database, your ive data now belongs to him. ; Sharing paswords ina painfen! via email comes with a price. Usually the price i the main the-middle attack. It happens when data travels from a sender's device to receiver's device, and SITRC, NASHIK 2 NS LAB MANUAL. Scanned with CamScannerir ted in between them, the attacker gathers all the shared information, including unenerypt passwords. Solutions for secure storing and sharing passwords: + For storing passwords, fe epads and Sticky notes — use encrypted ored or sent in a readable format; th fay to share them, By implementing it, your ‘compromised neither during the sharing process, nor after the receiver gets it. PROCEDURE: 1. Write a ‘C+ program for password security process used for login. 2. Obtain the correct password or else wrong password. CONCLUSION: implement a relution fax cil tess io the insectitity adrociaded with default pass- word, printed posscord and posroords — sefullg addwessed this all things ond solve i. Post-lab Questionnaire: SITRC, NASHIK 3 NS LAB MANUAL, Scanned with CamScannerNSLAB MANUAL ‘Scanned with CamScanner| ‘Scanned with CamScanner 2 CH Code: int main(void){ char password[55]; print{("password:\n"); int p=0; dof password[p]=getch0; if(password[p]!="'){ printf("*"); 3 PF ile(passwordlp-!="5 password[p-1]="\0'; H ‘entered %s as password.",password); printf("\nYou have getchO; or You have entered sitre as password.say ] Sandip Foundation's Sandip Institute of Technology & Research Centre, Nashik NAC Accredited ‘A’ Grade, 9001:2008 ISO Certified Institute Department of Electronics & Telecommunication Engineering SUBJECT: Network Security Lab (304198) EXPERIMENT NO.: 2 TITLE OF EXPERIMENT: Perform encryption and decryption for t cipher. DATE OF PERFORMANCE: |3-0)- 25, DATE OF SUBMISSION: 9.0 - 0) = 23 Scanned with CamScannerScanned with CamScannerDate: 7 29 AIM OF EXPERIMENT: Perform Sneryplion and decryption for transposition cipher. EQUIPMENTS: Personal Computer with C+ ‘compiler. THEORY: - Introduction to Cryptography by a few elite specialists, Until; the advent of computers, one of the main consra cryptography had f + often on battle 7 NS LAB MANUAL SITRC, NASHIK Scanned with CamScannerIntruder can Plaintext. P d keys. We will use C es the ciphertext C again. It then follows Scanned with CamScannerin rows, padded to fill the matrix if need be. The next step is to make a guess at the number of columns. phrase may be guessed at from the For e.g. suppose that our eryptan somewhere in the message. Observe the probable phrase by a distance = different set of diagrams is produced in the ciphertext the cryptanalyst can often easily determine the key lengt! a}-leke|-|-Ja]ofulo elelefolalo|»fo| az =e ]2|s]o}e |= || a]m Figure 2.4 Transposition Cipher Plaintext: ; PleasetransferonemilliondollarstoMyswissbankaccountsixtwotwo Ciphertext: AFLLSKSOSELAWAIATOOSSCTCLNMOMANTESILYNTWRNNTSOWDPAEDOBUOERI RICXB ‘The remaining step is to order the columns. When the number of columns, k, is small, each of the k(k-1) column pairs can be examined to see if its diagram frequencies match those for English plaintext . The pair with the best match is assumed to be correctly positioned. Now each Femaining is tentatively tried as the successor to this pair, The column whose trigram and diagram frequencies give the best match is tentatively assumed to be corr edecessor column is found in the same way. The enti found. Chances are that the plaintext will be recognizable at this point (e.g is clear what the error is). PROCEDURE: SITRC, NASHIK ~ NS LAB MANUAL Scanned with CamScanneruurity process used for login. Scanned with CamScanner 1. Write a °C#++" program for password sec 2 Obtain the correct password or else wrong pussword. ae ved this ohfece- Post-lab Questionnaire: 1) Give the comparison between Active and Passive attacks. Passive Attack Active Addacls ct ) Difficult do clete a @ Don't affect dre _| Tt affect the syotem woke. SITRC, NASHIK 10 NS LAB MANUAL,iJeout<LOALANS SuLrs9UIsUq UOHLITUNUIUIODIIaT, 2 SoTUO.199]q Jo JUsUBAEdeg NOILYaNAO4 AIMINSUT PIYf4s7D OST 8007:1006 ‘@PVLD .¥, Panpas2oV DVWN | ylYyseN ‘a1juaD yoivasay 7 ASopouysay, jo a3njyysuy dipueg S,uoHnepuno,y dipurs Scanned with CamScanner(yorvos) ye Aysna9g 10MIN PANS Auy99ussuq uonwojunum0s9a], soquo.joayg Jo yuounawdag 106 2pt9 Vs PINPV IVEN. ‘Adojourj994,Jo aympsu dypues Scanned with CamScannerz IHSVN “ULES ‘IVANVIN AVI SN “unuofie Supuas v yo sojdurexo Teuonen ay