CYBER SECURITY LAB JOURNAL

20CS54I

20_ _ - 20_ _

CERTIFICATE
This is to certify that Shri / Miss _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ of V

Semester Diploma in Computer Science and Engineering has conducted the practical in Cyber

Security ( 20CS54I) satisfactorily during the year 20_ _ - 20_ _

Staff Member In charge Head of the Section

Prakash M
Lecturer, CSE
REGISTER NUMBER

Examiner’s Signature: 1.
2.
Date:
Place: Karwar
 INDEX

Page
Sl. No Name Remarks
No
1 What is a Firewall? Steps to Turn on the firewall 01
2 Managing your operating System: Setting up User 05
account and password
3 Managing your web browser: How to Secure Your 08
Web Browser
4 How to block ads on Google 11
5 Install antivirus and antispyware 13
6 Setup password protection 18
7 Write a python program to implement Caesar 23
Cipher Algorithm
8 Write a python program to implement Diffie- 24
Hellman Algorithm
9 Write a python program to implement RSA 26
Algorithm
10 Steps to inspect digital certificates using a web 27
browser (Google chrome)
11 Write procedure to install “Secret folder” on 29
widows
12 Steps to apply and Remove NTFS Permissions in 32
Widows system
13 Explain Dynamic Analysis using owasp zap tool 32
14 Introduce Manual Security Testing using OWASP 35
15 Create an AWS account 38

1
1. What is a Firewall? Steps to Turn on the firewall
A firewall is altering or firmware that forestalls unapproved consent to an affiliation. It explores
moving ever closer traffic utilizing a ton of rules to perceive and impede hazards. Firewalls are
used in both individual and experience settings, and various devices go with one fundamental,
including Mac, Windows, and Linux PCs. They are in general saw as a central piece of alliance
security.

Advantages of Firewall
1. A Firewall prevents hackers and remote access.
2. It protects data.
3. It ensures better privacy and security.
4. It protects from Trojans.
5. A network-based Firewall, like a router, can offer protection to multiple systems, while
an OS-based Firewall can protect individual systems.

Disadvantages of Firewall
1. Cost: Installation of a Firewall can be costly depending on the sophistication required.
2. Performance: This is affected as each packet has to be verified for authenticity before it
is allowed into the network.
3. Virus and Malware: There are a few limitations in a Firewall like its inability to prevent
virus and malware attacks for which separate applications would be required, at the
individual system level.
4. A network-level Firewall might bring in a false sense of security in employees and make
them slacken on securing individual systems.
5. Firewall maintenance and up-gradation require extra manpower and resources.

2
Features of firewall
1. Bandwidth control and monitoring.
2. Web filtering.
3. Internet aggregation.
4. Sandboxing.
5. VPN, Virtual Private Networks.
6. Deep Packet Inspection, DPI.

Setting up firewall on Windows

1. Select the Start button -> Settings -> Update & Security -> Windows Security and
then Firewall & network protection. Open windows security settings.

3
2. Select a network profile: Domain network, Private network, or Public network.

3. Under Microsoft Defender Firewall, switch the setting to On. If your device is connected to a
network, network policy settings might prevent you from completing these steps.

4
2. Managing your operating System: Setting up User account and password
Step 1: Select Start Windows logo start button.

Step 2: Settings Gear-shaped Settings icon

5
Step 3: Accounts Contact icon and then select Family & other users

Step 4: Add someone else to this PC.

6
Step 5: Fill the details below, and set Password, Click next

Step 6: Family and other issues.

7
3. MANAGING YOUR WEB BROWSER: How to Secure Your Web Browser
Some software features that provide functionality to a web browser, such as ActiveX, Java,
Scripting (JavaScript, VBScript, etc.), may also introduce vulnerabilities to the computer system.
These vulnerabilities may stem from poor implementation, poor design, or an insecure
configuration. For these reasons, you should understand which browsers support which features
and the risks they could introduce. Some web browsers permit you to fully disable the use of
these technologies, while others may permit you to enable features on a per-site basis.

How to Block a Website

Step 1: Go to chrome

Step 2: Search for the “Block Site” chrome extension and add it to your browser.

8
Step 3: Click “Add extension” in the pop-up box

Step 4: Check for the extension’s icon on the top-right hand corner of your chrome screen.

9
Step 5: Enter the website which you need to block with URL.

Step 6: Click on add item and Export.

10
Step 7: Now go to google and check the website which you have blocked using “Block site”

4. HOW TO BLOCK ADS ON GOOGLE

Step 1: Go to google chrome.

Step 2: Search Ad blocker extension.

11
Step 3: Click on Add to chrome.

Step 4: Click on add extension.

12
5. Install antivirus and antispyware
What is antivirus?
An antivirus product is a program designed to detect and remove viruses and other kinds of
malicious software from your computer or laptop. Malicious software - known as malware - is
code that can harm your computers and laptops, and the data on them.
Advantages of Antivirus
Virus Protection:
The main role of an antivirus program is to face viruses and other sorts of malware. The viruses
won’t only cause damages to your data, it can degrade the general system performance. All of
them can happen without your knowledge The antivirus programming introduced on your PC
distinguishes and eliminates this malware before they create any damages to your PC.

Spyware Protection:
Spyware because the name suggests may be quite a malware that spies on your computer stealing
all the confidential information. These details also include MasterCard details, passwords, and
other financial data. This ultimately results in fraud. The antivirus software has the potential to
stop these sorts of spyware attacks.

Web Protection:
While surfing the web, users can encounter various other sorts of threats. In untrustworthy sites,
cyber attackers can gather your MasterCard and checking account details. One among the thanks
for overcoming this is often by using antivirus software. Using an antivirus program you’ll
protect your valuable pieces of information while surfing online.

Spam Protection:
Viruses also can enter your computer through means of spam emails and ads. These emails and
ads can show up repeatedly albeit you haven’t any interest in it. Once the virus finds thanks to
sneak into your PC it causes irreversible damages. An Antivirus works by the way of blocking
these spam emails and ads.

13
Installation procedure
MALWAREBYTES

STEP 1: search for Malwarebytes on google.com . Click on the first link below

STEP 2: click on free download and download the setup file

14
STEP 3: Run the setup file

STEP 4: Click on install

STEP 5: Choose preferred information

STEP 6: After choosing the preference of the user the installation starts, wait for it to install

15
STEP 7: After installation click done

MALWAREBYTES INTERFACE

16
STEP 8: click on scan and the process will start, wait for 10 to 15 mins

STEP 9: view the scan results

Main features of Malware bytes are:

 Cleans infected devices.
 Shields vulnerable systems.
 Warning tools.
 Centralized threat reporting.
 Prevention tools.
 Stops ransomware attacks.
 Unifies multiple Malwarebytes.

17
6. Setup password protection
Password protection is an access control technique that helps keep important data safe from
hackers by ensuring it can only be accessed with the right credentials. All of your computing
devices, including PCs, laptops, tablets and smartphones, should be password protected to
prevent unauthorized access. Any stored information, especially sensitive or confidential data,
should be encrypted. You should only store necessary information on your mobile device, in case
it is stolen or lost.

You can take a number of measures to protect the data on your PC. Password protecting your
computer is the first step. In this, we will see how to protect your Windows computer with a
password.
Following are the ways to protect your Windows PC with a password:
 Add password to local user account
This method is for users who are using a local user account instead of a Microsoft account to
sign-in to Windows 10.
Step 1: Open Settings app. Navigate to Accounts > Sign-in options.

Step 2: Here, in Password section, click the Add button. As you can see, when your user account
is not protected with a password, Windows 10 displays “You must add a password before you
can use the other sign-in options” message.

Step 3: Click the Add button to see Create a password screen.

18
Step 4: In the New password field, type in a strong password. Next, in the Re-enter password
field, type the password again.

Type in a hint for the password but make sure that no one other than you can use that hint to
guess the password. Also, avoid common passwords such as 123456, your birth date, your name,
and your family member’s name. Click Next button.

Step 5: Finally, click Finish button to add password to your local user account.

19
 Deploy two-factor authentication
Setting up your 2-step verification for Gmail is fairly straightforward. You’ll just need access to
the internet, your phone of choice, and about 5 minutes. Here are the exact steps to follow:
Step 1: Navigate to Google’s 2-Step Verification page. Then click on the “Get Started Button”:

Step 2: If you are not already logged into your Google account, you will be taken to a page
where you can sign in:

Step 3: Once you sign in to your Google account — or if you were already signed in — you will
now be taken to the next page in the process. You will need to click on the “Get Started” button
near the bottom of this page:

20
Step 4: On this next page, you will see your devices which are available to receive the
verification code:

Confirm your device is listed. This will be the phone you use as your second step in the 2-step
verification process. If you do not see your device, make sure to sign into your Google account
on that device.

Step 5: After that, you have the following three options to choose from regarding how your 2-
step verification will work.

Step 6: You can choose to get a notification prompt from Google on your phone. How this
option works is this: when you see the Google verification notification, simply tap it to review
the message and sign in. If this is your desired option, you’ll just scroll down on the current page
and click “Continue” (then skip to step 8):
On the next page, you’ll need to add your phone number as a backup option. This is in case you
aren’t able to access your Google notifications when needing to verify your logins in the future.

21
Then click on “Send” to receive your code and be taken to the next screen: Enter code and hit
“Next”. After your backup phone number is confirmed, you’ll be taken to a page where you need
to confirm your details and hit “Turn On”:

After you hit “Turn On”, you’re all set! You’ll be taken to a confirmation page where you can
also adjust your verification settings if you wish:

22
7. Write a python program to implement Caesar Cipher Algorithm

def encrypt(text,s):
result = ""
for i in range(len(text)):
char = text[i]
if (char.isupper()):
result += chr((ord(char) + s-65) % 26 + 65)
else:
result += chr((ord(char) + s - 97) % 26 + 97)
return result

def decrypt(text,s):
result = ""
for i in range(len(text)):
char = text[i]
if (char.isupper()):
result += chr((ord(char) - s-65) % 26 + 65)
else:
result += chr((ord(char) - s - 97) % 26 + 97)
return result

23
text = "ATTACK"
s=5
print ("Text : " + text)
print ("Shift : " + str(s))
encryptword=encrypt(text,s)
print ("Cipher: " +encryptword)
decryptword=decrypt(encryptword,s)
print ("Plain Text: " +decryptword )

8. Write a python program to implement Diffie-Hellman Algorithm

P = 23
G=9
print('The Value of P is :%d'%(P))

24
print('The Value of G is :%d'%(G))

a=4
print('The Private Key a for Alice is :%d'%(a))
x = int(pow(G,a,P))

b=3
print('The Private Key b for Bob is :%d'%(b))
y = int(pow(G,b,P))

ka = int(pow(y,a,P))
kb = int(pow(x,b,P))

print('Secret key for the Alice is : %d'%(ka))

print('Secret Key for the Bob is : %d'%(kb))

25
9. Write a python program to implement RSA Algorithm

import math
def gcd(a, h):
temp = 0
while(1):
temp = a % h
if (temp == 0):
return h
a=h
h = temp

p=3

26
q=7
n = p*q
e=2
phi = (p-1)*(q-1)
while (e < phi):
if(gcd(e, phi) == 1):
break
else:
e = e+1

k=2
d = (1 + (k*phi))/e

msg = 12.0
print("Message data = ", msg)
c = pow(msg, e)
c = math.fmod(c, n)
print("Encrypted data = ", c)

m = pow(c, d)
m = math.fmod(m, n)
print("Original Message Sent = ", m)

10. Steps to inspect digital certificates using a web browser (Google chrome)

Step 1: Open Google chrome new tab

27
Step 2: Click on settings

Step 3: Select Privacy and security

Step 4: In advanced select “Certificates managed by Chrome”

28
Step 5: Digital certificates by Google chrome

11. Write procedure to install “Secret folder” on widows

Step 1: Click on “Start”.
Step 2: Select “Google Chrome”.

Step 3: Search for secret folder download.

Step 4: Click on any website of secret folder and download it.

29
Step 5: Open the downloaded file and select the language.

Step 6: Accept the agreement and click on next.

Step 7: After installation open the folder.

Step 8: Give a new password and email address. Click on OK.

30
Step 9: Click on “Add” and select a folder.

Step 10: After selecting the folder click on “Lock”.

Step 11: Now your folder is safely locked.

31
12. Steps to apply and Remove NTFS Permissions in Widows system
Apply or Set NTFS Permissions:
While any administrator knows how to set or change NTFS permission levels, the tricky part is
how to manage them consistently and efficiently for hundreds or thousands of different users.
1. In Windows Explorer, right-click a file, folder or volume and choose Properties from the
context menu. The Properties dialog box appears.
2. Click the Security tab.
3. Under Group or user names, select or add a group or user.
4. At the bottom, allow or deny one of the available permissions.

Remove NTFS Permissions

1. Select the folders from which permissions are to be removed.
2. Select the user account and / or groups for whom permissions should be changed.
3. Click the permissions drop down list choose the permissions set to be removed.
4. Finally choose the type of permission allow or deny.

13. Explain Dynamic Analysis using owasp zap tool

Dynamic analysis finds vulnerabilities in a runtime environment. Automated tools analyse the
input and output of an application for potential threats like SQL injection. Tools can also search
for other application-specific issues and analyze server configuration errors. The purpose of
dynamic analysis is to analyze the program as an attacker would, looking for entry points and
vulnerable sections during program execution.
Step 1: Click on “Start”
Step 2: Select ZAP 2.12.0

32
Step 3: Select mentioned button and click on start

Step 4: Click on “Automated Scan”

33
Step 5: In the URL to attack text box, enter the full URL of the web application you want to
attack. Click the Attack

34
Step 6: Find the alerts tab to view the captured data

Step 7: Click on “Stop” button

14. Introduce Manual Security Testing using OWASP

Manual testing is a software testing process in which test cases are executed manually without
using any automated tool. All test cases executed by the tester manually according to the end
user's perspective. It ensures whether the application is working, as mentioned in the requirement
document or not. Test cases are planned and implemented to complete almost 100 percent of the
software application. Test case reports are also generated manually.
Step 1: Click on “Start”
Step 2: Select ZAP 2.12.0

35
Step 3: Select mentioned button and click on start

36
Step 4: Click on “Manual Explore”

Step 5: In the text box, enter the full URL of the web application you want to test. Click on
“Launch Browser”

37
Step 6: Perform manual testing

15: Create an AWS account

 Navigate to AWS
Navigate to the Amazon Web Services website. https://aws.amazon.com/. Then, click
Create an AWS Account in the top-right corner. The Create an AWS Account page will
appear.

 Enter account information

Enter your desired email address and an AWS account name.

38
Then, click Verify email address.
Confirm your email accounts

Enter the code sent to your email in the Verification code text box and click Verify. A
success message will appear.

39
 Create your password

Enter and confirm your desired password. Click Continue (step 1 of 5).
 Enter contact information

First, select whether you wish to create a personal or business account. These account
types provide identical functionality.
If you select Professional, the system requires you to enter a company name in the
Organization name text box.
If you select Personal, the system removes that text box.

40
 Then, enter your contact information in the available text boxes, select the AWS
Customer Agreement, and click Continue. The Payment Information page will
appear.
 Enter billing information

Enter your credit or debit card information in the available text boxes. Then, click Verify
and Continue.
 Confirm your identity

Amazon must verify your identity before you finish account creation. This verification
prevents fraudulent accounts.

41
 To verify your identity, perform the following steps:
Select the Text message (SMS) or Voice call option for how you would prefer to receive
the verification code.
Enter your telephone information in the Country/Region code and Phone number text
box.
In the Security Check text box, enter the displayed characters.
Perform one of the following:
If you chose to receive a text message, click Send SMS. Enter the code sent to
your phone number in the Verify code text box. Click Continue.
If you choose to receive a voice call, click Call me now. The Call in progress…
section will appear, and you will immediately receive an automated phone call
from Amazon. On your phone’s keypad, enter the four-digit pin number that the
page displays.
The Select a Support Plan interface will appear.

 Select a support plan and finish account creation

The support plan that you choose determines the speed of Technical Support responses,
billing and account support, and other advanced services.

42
Select the desired support plan for your account. Then, click Complete sign up.

43