GOVERNMENT INSTITUTE OF ELECTRONICS,

SECUNDERABAD
(AN ISO 9001:2018 Certified Institution)

Department of Cyber-Physical Systems

C21 - IV semister

NETWORK SECURITY
CPS-406

Lab RECORD

Name: ____________________________________

PIN: _____________________________________

Batch: ____________________________________
 GOVERNMENT INSTITUTE OF ELECTRONICS,
SECUNDERABAD
(AN ISO 9001:2018 Certified Institution)

CERTIFICATE

This is to certify that this is the bonofied record of

Mr./Ms.……………………………………………………………………………….………
…PIN………………………………in the Subject: NETWORK
SECURITY Lab, from Cyber physical systems & security
branch, 2rd Year/ IV semester, during the academic year
2022-2024

Date: ............................................

Internal Examiner External Examiner

1.Learn to install Wine/Virtual Box/ or any other
equivalent s/w on the host OS.

Virtualization is the process of emulating hardware inside a virtual machine.

Virtualization can include the following:

✓ Application Virtual Machines.

✓ Mainframe Virtual Machines.

✓ Parallel Virtual Machines.

✓ Operating System Virtual Machines.

Download the latest version of Sun Virtual Box from the website.

The installation steps are

1. Double Click on Virtual Box Executable File.

2. Welcome to the Oracle VM appears [Setup Wizard] Click Next.

3. Custom Setup Screen with all the features of VM appears Click Next.

4. Options to create shortcut on Desktop and Quick launch bar Click Next.

5. Ready to Install Click on Install button.

6. Click Finish Start Oracle VM Virtual Box. And now install any kind of Operating Systems as Guest
Operating System. The Configuration of Guest OS is shown below
2 . PERFORM AN EXPERIMENT TO GRAB A BANNER WITH
TELNET AND PERFORM THE TASK USING NETCAT UTILITY.
Banner Grabbing is a technique to determine which application or service
is running on the specified port by attempting to make a connection to
this host.

Banner Grabbing can be performed in two ways.

1.ONLINE (Thru Internet connection by connecting to remote websites)
2.OFFLINE (Thru Local LAN or with Virtual Box Guest OS)

1. First Enable the TELNET service on your computer by typing the

command given;
Type the command SERVICES.MSC in run command menu, Click on
Telnet service and enable the service, select it automatic and
Click Start.
2. Open Command prompt and type the following ;

telnet www.rediff.com 80 (http port) and press enter key twice.

3. Now you can see the rediff website web server’s information.
4. You can also try it on your local machine connecting to your
Guest OS like telnet Guest IP address(example:
192.168.56.101) 80 and press enter twice.
5. The same Banner grabbing can also perform by the NETCAT
utility available at http://netcat.sourceforge.net the
compressed file.
6. Extract on your local drive and perform the following in the
command prompt; Netcat www.rediff.com 80 (http port) and
press enter twice to see the result.
7. Use the same procedure on Guest Operating System like
But before using netcat command please install the IIS (Internet
Information Server) from Add/Remove components on your Guest
OS, then apply this; Netcat –vv –n guest ip address(example:
192.168.56.101) 80 and press enter twice to see the result.
-vv=verbose mode , -n=numerical IP address only.
3. PERFORM AN EXPERIMENT FOR PORT SCANNING WITH NMAP,
SUPERSCANOR ANY OTHER SOFTWARE.
Port Scanning is the process of connecting to TCP and UDP port for the purpose of
finding which services and applications are open on the Target Machine.
TCP establishes a connection by using what is called a Three way handshake. The TCP
header contains one byte field for the flags. These flags include the following;
ACK → The receiver will send an Ack to acknowledge data.
SYN → Setup to begin communication on initial sequence number.
FIN → Inform the other host that the sender has no more data to send.
RST → Abort operation.
PSH→Force data delivery without waiting for buffers to fill.
URG→Indicate priority data.
The port numbers are unique only within a computer system. Port numbers are 16-bit
unsigned numbers. The port numbers are divided into three ranges: the Well Known
Ports (0-1023), the Registered Ports (1024-49151), and the Dynamic and/or Private
Ports (49152-65535). All the operating systems now honor the tradition of permitting
only the super-user open the ports numbered 0 to 1023. Some are listed below:
Echo 7/tcp Echo
ftp-data 20/udp File Transfer [Default Data]
ftp 21/tcp File Transfer [Control]
ssh 22/tcp SSH Remote Login Protocol
telnet 23/tcp Telnet
domain 53/udp Domain Name Server
www-http 80/tcp World Wide Web HTTP
Nmap ("Network Mapper") is a free and open source utility for network exploration or
security auditing. The FIVE port states recognized by Nmap such as:
1.Closed 2. Filtered 3. UnFiltered 4.Open-Filtered 5. Closed-Filter Download Super
Scan3.0 tool from the WebSite and Execute the following
 4. USING NMAP 1)FIND OPEN PORTS ON A SYSTEM 2) FIND
THE MACHINES WHICH ARE ACTIVE 3)FIND THE VERSION OF
REMOTE OS ON OTHER SYSTEMS 4)FIND THE VERSION OF S/W
INSTALLED ON OTHER SYSTEM
1. Download Nmap from www.nmap.org and install the Nmap Software with WinPcap
Driver utility.
2. Execute the Nmap-Zenmap GUI tool from Program Menu or Desktop Icon.
3. Type the Target Machine IP Address(ie.Guest OS or any website Addresses
4. Perform the profiles shown in the utility.
5. PERFORMA AN EXPERIMENT TO DEMONSTRATE HOW TO
SNIFF FOR ROUTER TRAFFIC BY USING THE TOOL WIRESHARK.
A packet sniffer, sometimes referred to as a network monitor or network analyzer, can
be used by a network or system administrator to monitor and troubleshoot network
traffic. Using the information captured by the packet sniffer an administrator can
identify erroneous packets and use the data to pinpoint bottlenecks and help maintain
efficient network data transmission.
In its simple form a packet sniffer simply captures all of the packets of data that pass
through a given network interface. By placing a packet sniffer on a network in
promiscuous mode, a Malicious intruder can capture and analyze all of the network
traffic. Wireshark is a network packet analyzer. A network packet analyzer will try to
capture network packets and tries to display that packet data as detailed as possible.
Download and install wireshark network analyzer.
Steps to capture traffic:
1. Open Wireshark network analyzer.
2. Select interface: Goto capture option in menu bar and select interface

3. Start Caputuring
6.Perform an experiment on how to use Dumpsec.
AIM : Perform an experiment on how to use Dumpsec.

TOOLS REQUIRED:

1.personal computer.
2.Dumpsec software tool.

T HEORY:
DumpSec is a utility tool that can be used to gather detailed information about user and group
permissions, file and folder permissions, and other security-related information on a Windows
system.

DumpSec is a security auditing program for Microsoft Windows NT/XP/200x. It dumps the
permissions and audit settings for the file system, registry, printers and shares in a concise,
readable format, so that holes in system security are readily apparent. DumpSec also dumps
user. group and replication information. Verifying periodically the security of a certain system
can tackle a variety of aspects and among them the permissions are of the utmost importance,
because through them it is decided which user can access one resource or another.
The DumpSec installation is simple and the program is easy to run. Run DumpSec executable
file ".exe" so that you get the DumpSec window.
It can be used to dump security settings of the local system or of a remote system. In order for
Dumpsec to access a remote system, you must first login to the remote user with administrative
previliges.

PROCEDURE:
1.Download and install DumpSec: The first step is to download DumpSec from the official
website or a reliable source. Once downloaded, run the installation file and follow the
instructions to install it on your system.
2.Launch DumpSec: After installation, launch DumpSec from the Start menu or by clicking on its
desktop icon.
3.Connect to the target system: In the DumpSec main window, select the "Scan" tab and click
on the "Target" button. Enter the name of the target system, its IP address, or the network path
to connect to it. You can also specify the login credentials if necessary.
4.Select the scan options: In the Scan tab, you can select the scan options to choose which
security-related information you want to collect. You can select options such as User Rights,
Group Memberships, Share Permissions, NTFS Permissions, and more.
5.Start the scan: After selecting the scan options, click on the "Start" button to begin the scan
process. Depending on the size of the target system and the options selected, the scan process
may take some time.
6.View the results: Once the scan is complete, you can view the results in the DumpSec main

window. You can export the results to a file, print them, or copy them to the clipboard for further
analysis.
7.Interpret the results: The results obtained from DumpSec can provide valuable insights into
the security settings of the target system. You can use the results to identify potential security
vulnerabilities, check for compliance with security policies, and perform other security-related
tasks.
RESULT:performed the experiment how to use dumpsec.
7. PERFORM AN EXPERIMENT TO SNIFF TRAFFIC USING ARP
POISIONING

1. ARP (address resolution protocol) is a stateless

protocol used for resolving the IP address to machine mac
address. It is also called ARP spoofing
2. ARP spoofing constructs a large number of forged
ARP requests and reply packets to overload the switch.
3. It is a man in the middle attack.
PROCEDURE :
1. Open kali linux .
2. Open root terminal and type this command “IFCONFIG” and enter.

3. Copy the IP address.

4. Then open “ettercap-graphical” tool from application list.

5. Click on ✅ button
6. Click on option button. “Scan for host”.
7. Click on option button. “Hosts list”.

8. Some hosts are displayed on display.

9. Select any target host add the targeted host to “Target 1”.

10. Then click on “⋮”.

11. Click on ARP poisoning.
12. Then open “WIRE SHARK” tool from application list.

13. Double click on “Any option”.

OUTPUT:
 8.DEMONSTRATE INTRUSION DETECTION SYSTEM (IDS) USING ANY
TOOL E.G.SNORT OR ANY OTHER SOFTWARE.
AIM :TO DEMONSTRATE INTRUSION DETECTION SYSTEM (IDS) USING ANY TOOL
e.g.SNORT OR ANY OTHER SOFTWARE

Intrusion Detection System : Intrusion detection system (IDS) is a type of

security system for computers and computer networks. Intrusion Detection
basically helps in detecting outer and inner attacks performed by either user
or hackers.
An ID system collects information from various sources and analyzes
information from various areas within a computer or a network to identify
possible security breaches, which include both intrusions (attacks from
outside the organization) and misuse (attacks from within the organization).
ID uses vulnerability assessment (sometimes referred to as scanning), which
is a technology developed to assess the security of a computer system or
network
SNORT : Snort is a light-weight intrusion detection tool which logs the
packets coming through the network and analyzes the packets. Snort checks
the packets coming against the rules written by the user and generate alerts
if there are any matches found. The rules are written by the user in a text file
which is linked with snort.conf file where all the snort configurations are
mentioned. There are few commands which is used to get snort running so
that it can analyze network behavior. Snort IPS uses a series of rules that
help define malicious network activity and uses those rules to find packets
that match against them and generates alerts .
SNORT can be configured to run in three modes:
1. Sniffer mode

2. Packet Logger mode

3. Network Intrusion Detection System mode

Sniffer mode :

→Snort –v Print out the TCP/IP packets header on the screen

Snort –vd show the TCP/IP ICMP header with application data in transit.
Packet Logger mode :

→Snort –dev –l c:\log [create this directory in the C drive] and snort will
Automatically know to go into packet logger mode, it collects every Packet it
sees and places it in log directory.
 Snort –dev –l c:\log –h ip address/24 This rule tells snort that you want To
print out the data link and TCP/IP headers as well as application data Into the
log directory.
Snort –l c:\log –b This is binary mode logs everything into a single file.
Network Intrusion Detection System mode :

→Snort –d c:\log –h ipaddress/24 –c snort.conf This is a configuration file

applies rule to each packet to decide it an action based upon the rule type
in the file.

Snort –d –h ipaddress/24 –l c:\log –c snort.conf This will configure snort to

run in its most basic NIDS form, logging packets that trigger rules Specifies
in the snort.conf

INSTALLING SNORT 2.9.17 ON W INDOWS :

1. For Windows SNORT’s executable file can be downloaded Fromm
https://www.snort.org/downloads#
2. Open the downloaded snort executable file.

3. Click On ‘I Agree’ on the license agreement.

Figure 01: License agreement for Snort 2.9.1
 4. Choose components of Snort to be installed.

CHOOSING COMPONENTS FOR SNORT 2.9.17

5. Click “Next” and then choose install location for snort preferably
a separate folder in Windows C Drive.

CHOOSE INSTALL LOCATION FOR SNORT 2.9.17

6. Click “Next” Installation process starts and then it completes as shown
in figure 04:

Setup Complete for Snort 2.9.17

7. When you click “ Close” you are prompted with this dialogue box:
8. Installing Npcap is required by snort for proper functioning.

9. Npcap for Windows 10 can be downloaded from here.

10. Opening Npcap setup file, Click on ‘I Agree’ To license agreement.

:License agreement for Npcap 1.10

11.Now we proceed to choose which components of Npcap

are to be installed and then clicking on “Install”.
Choose Components to install for Npcap 1.10

12. Installation process starts and completes. Clicking on “Next” we have:

Setup completed for Npcap 1.10

13. Now the window for installation of Npcap shows it has been installed.
Clicking “Finish”.
Successful installation for Npcap 1.10 completed

14. After installing Snort and Npcap enter these commands in windows
10 Command prompt to check snorts working

Successfully running Snort on Windows 10 through command prompt

15. As you can see in the above figure that snort runs successfully.

This is how you can download and install Snort along with its
dependency i.e. Npcap.

Running Snoít

You can now staít Snoít. ľhe command foímat is:

sudo snort -d -l /var/log/snort/ -h 192.168.1.0/24 -A console -c

/etc/snort/snort.conf
Substitute youí own netwoík IP íange in place of the 192.168.1.0/24. ľhe

command-line options used in this command aíe:

 -d: Filteís out the application layeí packets.

 -l /vaí/log/snoít/: Sets the logging diíectoíy.
 -h 192.168.1.0/24: ľhis doesn’t set the home netwoík, that was set in the “snoít.conf”
file. With this value set to the same value as the home netwoík, the logs aíe stíuctuíed
so that content fíom suspicious íemote computeís islogged into diíectoíies named
afteí each íemote computeí.
 -A console: Sends aleíts to the console window.
 -c /etc/snoít/snoít.conf: Indicates which Snoít configuíation file to use.

Snoít scíolls a lot of output in the teíminal window, then enteís its monitoíing an
analysis mode. Unless it sees some suspicious activity, you won’t see any moíe
scíeen output.

Fíom anotheí computeí, we staíted to geneíate malicious activity that was diíectly
aimed at ouí test computeí, which was íunning Snoít.
Snoít identifies the netwoík tíaffic as potentially malicious, sends aleíts to the
console window, and wíites entíies into the logs.

Attacks classified as “Infoímation Leaks” attacks indicate an attempt has been

made to inteííogate youí computeí foí some infoímation that could aid an attackeí.
ľhis píobably indicates that someone is peífoíming íeconnaissance on youí
system.

Attacks classified as “Denial of Seívice” attacks indicate an attempt to flood youí

computeí with false netwoík tíaffic. ľhe attack tíies to oveíwhelm youí computeí
to the point that it cannot continue to píovide its seívices.

ľo veíify that píomiscuous mode is opeíating coííectly and we’íe safeguaíding

the entiíe netwoík addíess íange, we’ll fiíe some malicious tíaffic at a diffeíent
computeí, and see whetheí Snoít detects it.
ľhe activity is detected and íepoíted, and we can see that this attack was diíected
against a diffeíent computeí with an IP addíess of 192.168.1.26. Snoít is monitoíing
the entiíe address range of this netwoík.
9. Install the JCrypt tool (or any other equivalent) and demonstrate
Asymmetric, Symmetric crypto algorithm, Hash and Digital/PKI signatures.

Aim: Install the JCrypt tool (or any other equivalent) and demonstrate Asymmetric,
Symmetric crypto algorithm, Hash and Digital/PKI signatures .

INTRODUCTION: In this experiment, we will install the JCrypt tool, which is a Java-based
cryptographic library. We will use this tool to demonstrate the working of different types of
cryptographic algorithms such as symmetric, asymmetric encryption, hash functions, and
digital signatures.

PREREQUISITES: To perform this experiment, you will need the following:

◾A computer running on Windows, macOS, or Linux

◾ Java installed on your computer

◾ JCrypt tool downloaded and installed on your computer

◾ Basic knowledge of cryptography

STEPS to install Jcrypt:

STEP 1: Install JCrypt tool

 JCrypt is a Java-based cryptographic library that provides various encryption and

decryption algorithms. To install the JCrypt tool, follow the below steps:

 Go to the JCrypt website (https://www.jcrypt.org/) and download the latest version of the
tool.
 Extract the downloaded file and place it in a folder.
 Open the terminal/command prompt and navigate to the folder where the JCrypt tool is
extracted.
 Run the command java -jar jcrypt.jar to start the JCrypt tool.
 ASYMMETRIC ALGORITHM

o Download the Jcrypt tool from Crypt tool Website and Install

o Open Jcrypt Software and Click on NEW text editor, type the text information into it.
 o Click on the Algorithm menu bar and Select Asymmetric algorithm RSA for encryption.
o Click create a New KeyPair and type in the contact name[#####] and enter the
password and confirm password, then Click finish again.
o same output bin file to decrypt select RSA Algorithm and Click on Decrypt, Select key
name you have declared earlier and Click Finish.
o Enter the password to Decrypt and see the output with original Decrypted text on the
Screen.

SYMMETRIC ALGORITHM
o Click on Algorithm Menu bar Select Symmetric➡️ AES and Click on it.
o Click on create a new key, type contact name and enter the password and confirm,
Click finish ➡️Click finish again.
o Enter the password to open the output file.
o To Decrypt Select Algorithms➡️Symmetric➡️ Select the key which you have created
and Click ➡️Finish.
o Enter the password and see the result in output bin file with
hexadecimal values and plain text.
HASH GENERATION
o Click on Algorithms, Click on Hash➡️Select MD5 ➡️ Click Finish.
o Nowview the output bin file HASH generated.
o Practice using SHA and SHA3 and verify the result on the screen

DIGITAL SIGNATURE
o Click on algorithms, Click on Signature, Select DSA and Click on it.
o Select sign operation and Click on create a new key.
O Enter the password and save the file and Click finish.
o To verify Click on Algorithm, Click on Signature and Click DSA.
o Select verify operation, Click open and type the password and Click finish.
o The Signature file is opened and verified.

Result: Installed the JCrypt tool (or any other equivalent) and demonstrated Asymmetric,
Symmetric crypto algorithm, Hash and Digital/PKI signatures .
10. Understand a Java Program to implement Digital Signature scheme.
DIGITAL S IGNATURE JAVA PROGRAM
 CREATING AN INITIAL PROGRAM STRUCTURE

GenerateDigitalSignature.java
1. import java.io.*; //input the file data to be signed
2. import java.security.*; //provides methods for signing the data
3. public class GenerateDigitalSignature
4. {
5. public static void main(String args[])
6. {
7. /* Generate a DSA signature */
8. if (args.length != 1)
9. {
10. System.out.println("Usage: nameOfFileToSign");
11. }
12. else try
13. {
14. // the rest of the code goes here
15. }
16. catch (Exception e)
17. {
18. System.err.println("Caught exception " + e.toString());
19. }
20. }
21. }
 GENERATING PUBLIC AND PRIVATE KEY

Creating a Key Pair Generator

As we discussed above, a digital signature required a private key. Also, the corresponding
public key is required in order to verify the signature. But sometimes the key pair already
available in files. If not available, we need to generate it.
We can generate the key pair by using the KeyPairGenerator class. It generates keys with a
1024-bit length.
We invoke the getInstance() method of the KeyPairGenerator class. There are the two forms
of the getInstance() method. Both have two arguments, algorithm as the first argument and
provider as the second argument of type String.
1. KeyPairGenerator keygen = KeyPairGenerator.getInstance("DSA",
"SUN");
Where DSA (Digital Signature Algorithm) is an algorithm to use and SUN is the default
provider that is in-built in JDK.
Now, we will initialize the key pair Generator.
Initialize the Key Pair Generator
All the key pair generator provides the concept of key size and randomness. The initialize()
method of the KeyPairGenerator class accepts these two as a parameter.
For DSA, the key size is 1024. So, will set the key size to 1024. Another parameter
randomness must the instance of the SecureRandom class. It provides a cryptographically
strong random number generator (RNG). It uses the SHA1PRNG algorithm provided by the
built-in SUN provider.
1. SecureRandom random = SecureRandom.getInstance("SHA1PRNG",
"SUN");
2. keyGen.initialize(1024, random); //generate key pair
Java 8 provides a list of known strong SecureRandom. It belongs to the
securerandom.strongAlgorithms property of the java.security.Security class. So, we can also
use SecureRandom.getInstanceStrong() method as it obtains an instance of the known
strong algorithms.
At last, generate a pair of keys.
Generate the Pair of Keys
Using the KeyPair class, we generate the public and private keys.
1. KeyPair pair = keyGen.generateKeyPair();

2. PrivateKey priv = pair.getPrivate(); //generates private key

3. PublicKey pub = pair.getPublic(); //generates public key
Next, step is to sign the data.
Sign the Data
Java provides the Signature class that can be used to create a digital signature.
Getting Signature Object

1. Signature dsa = Signature.getInstance("SHA1withDSA", "SUN");

//generating signature by using the DSA algorithm
In the above syntax, a point to note that we have mentioned the signature algorithm name
with the message-digest algorithm that is used by the signature algorithm i.e. SHA1withDSA.
Where SHA-1 is a message-digest algorithm and DSA is a signature algorithm. In
combination, it is a way to specify the DSA algorithm with the SHA-1 algorithm.
Initialize Signature Object
The signature object must be initialized before using it. The initialization method for signing
requires a private key. So, we will use the object (priv) of the PrivateKey that we have created
above.
1. dsa.initSign(priv); //initializing signature
Supply the Signature Object the data to be Signed
It uses the data to be signed. In order to supply the data, we use the update() method
provided by the Signature class.
1. FileInputStream fis = new FileInputStream(""); //specify the file name
2. BufferedInputStream bufin = new BufferedInputStream(fis);
3. byte[] buffer = new byte[1024];
4. int len;
 5. while ((len = bufin.read(buffer)) >= 0)
6. {
7. dsa.update(buffer, 0, len);
8. };
9. bufin.close();
Generate the Signature
When we supplied all the data to the Signature object, it allows us to generate a digital
signature for that data.

1. byte[] realSig = dsa.sign();

In the next step, we will save the signature.
 S AVE THE SIGNATURE AND THE PUBLIC KEYS IN FILES

In the previous step, we have generated signature bytes. In this step, we will save both
signature and public keys in two separate files so that it can share with someone.
Saving Signature
We will save the signature in a file named sig by using the following code.
1. //saving signature
2. FileOutputStream sigfos = new FileOutputStream("sig"); //saving
signature in the file sig
3. sigfos.write(realSig); //writes in the file
4. sigfos.close(); //closes the file
Saving Public Key
Here, we will save the encoded public key. We get the encoded key by using the
getEncoded() method. It returns the encoded byte. We will store the same bytes in a file.
1. //saving public key
2. byte[] key = pub.getEncoded(); //getting encoded key in bytes
3. FileOutputStream keyfos = new FileOutputStream("publickey"); //file
name in which key will store
4. keyfos.write(key); //writes in the file
5. keyfos.close(); //closes the file
 COMPILE AND RUN THE PROGRAM

After completing all the above steps, we get the following source code.
GenerateDigitalSignature.javimport java.io.*;
Remember: Do not forget to specify the file name to be signed. We have used the file
Program:
import java.security.*;
public class GenerateDigitalSignature
{
public static void main(String args[])
{
/* Generate a DSA signature */
if (args.length != 1)
{
System.out.println("Usage: nameOfFileToSign");
}
else try
{
/* Generate a key pair */
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA", "SUN");
SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
keyGen.initialize(1024, random);
KeyPair pair = keyGen.generateKeyPair();
PrivateKey priv = pair.getPrivate();
PublicKey pub = pair.getPublic();
/* Create a Signature object and initialize it with the private key */
Signature dsa = Signature.getInstance("SHA1withDSA", "SUN");
dsa.initSign(priv);
/* Update and sign the data */
FileInputStream fis = new FileInputStream("F:\\Digital Signature Demo\\digital.txt");
BufferedInputStream bufin = new BufferedInputStream(fis);
byte[] buffer = new byte[1024];
int len;
while (bufin.available() != 0)
{
len = bufin.read(buffer);
dsa.update(buffer, 0, len);
};
bufin.close();
/* Now that all the data to be signed has been read in,
generate a signature for it */
byte[] realSig = dsa.sign();
/* Save the signature in a file */
FileOutputStream sigfos = new FileOutputStream("F:\\Digital Signature
Demo\\signature.txt");
sigfos.write(realSig);
sigfos.close();
/* Save the public key in a file */
byte[] key = pub.getEncoded();
FileOutputStream keyfos = new FileOutputStream("F:\\Digital Signature
Demo\\publickey.txt");
keyfos.write(key);
keyfos.close();
}
catch (Exception e)
{
System.err.println("Caught exception " + e.toString());
}
};
}
Output:

When we execute the program, it generates two files named publickey.txt and signature.txt
files at the specified location.

Let's see what inside the files.

💠Digital.txt 💠 Publickey.txt

💠 signature.txt

We see that both files have encrypted data that cannot be read by humans
11. Installation And Study of Various parameters of Firewall
Aim: Installation And Study of Various parameters of Firewall

Theory:

Firewall:
A firewall can be defined as a special type of network security device or a software program
that monitors and filters incoming and outgoing network traffic based on a defined set of
security rules. It acts as a barrier between internal private networks and external sources
(such as the public Internet).

The primary purpose of a firewall is to allow non-threatening traffic and prevent malicious or
unwanted data traffic for protecting the computer from viruses and attacks. A firewall is a
cybersecurity tool that filters network traffic and helps users block malicious software from
accessing the Internet in infected computers.

Various parameters of firewall:

● source IP address (or range of IP addresses)
● Destination IP address (or range of IP addresses)
● Destination port (or range of ports)
● Protocol of the traffic (TCP, ICMP, or UDP)

Specify source IP addresses:

If the service should be accessible to everyone on the Internet, then any source IP address is
the correct option. In all other cases, you should specify the source address.
It’s acceptable to enable all source addresses to access your HTTP server. It’s not
acceptable to enable all source addresses to access your server management ports or
database ports. The following is a list of common server management ports and database
ports:
Server management ports:
● Linux®SSH : Port 22
● Windows® RDP: Port 3389
Database ports:
● SQL® Server : Port 1433
● Oracle® : Port 1521
● MySQL® : Port 2206
Be specific about who can reach these ports. When it is impractical to define source IP
addresses for network management, you might consider another solution like a remote access
VPN as a compensating control to allow the access required and protect your network.

Specify the destination IP address:

The destination IP address is the IP address of the server that runs the service to which you
want to enable access. Always specify which server or servers are accessible. Configuring a
destination value of any could lead to a security breach or server compromise of an unused
protocol that might be accessible by default. However, destination IPs with a destination value
of any can be used if there is only one IP assigned to the firewall. The value any can also be
used if you want both public and servicenet access to your configuration.

Specify the destination port:

The destination port corresponds to the accessible service. This value of this field should
never be any. The service that runs on the server and needs to be accessed is defined, and
only this port needs to be allowed. Allowing all ports affects the security of the server by
allowing dictionary attacks as well as exploits of any port and protocol that is configured on
the server.

Avoid using too wide a range of ports. If dynamic ports are used, firewalls sometimes offer
inspection policies to securely allow them through.

Protocol of the traffic (TCP, ICMP, or UDP):

A very brief summary is that most traffic that will reach your firewall will be Internet Protocol
(IP) traffic using one of the three major Transport Layer protocols: TCP, UDP, or ICMP. All
three types have a source address and a destination address that designate the computer
that sent or is to receive a packet of data uniquely. Both TCP and UDP also have port
numbers, a number between 0 and 65,535 that helps identify the application that initiated the
connection. For example, most web servers use TCP port 80, so a packet headed for a web
server should have the destination address of the web server and a destination port number
of 80. ICMP does not use port numbers, but instead has a type code that identifies what the
purpose of the packet is. ICMP is generally used for debugging network problems or informing
systems of a problem. If you've ever used the ping command, you've generated ICMP
packets.
Procedure :

1. Start Window in Software Computer

2. Search Control panel and Click on it

3. Click System and Security

4. Select program features
5. Choose firewall settings for different Network location types
6. Then Turn on windows firewall settings in software.

Installation of Evorim Free firewall:

1. Open any browser and enter https://www.evorim.com/free-firewall

2. Click on free download,after completion of download install it on pc.

3. After the setup of firewall.
4. Open the application and enable the firewall .
Result : Hence, Installation of firewall has done successfully.
12. GENERATE MINIMUM 10 PASSWORDS OF LENGTH 12 CHARACTERS
USING OPENSSL COMMAND

AIM:GENERATE MINIMUM 10 PASSWORDS OF LENGTH 12 CHARACTERS USINGOPENSSL COMMAND

THEORY:
OPENSSL:

 OpenSSL is an open-source software library that provides

cryptographic functions for secure communication over computer networks.

 It is widely usedfor implementing the Transport Layer Security

(TLS) and Secure Sockets Layer(SSL) protocols, which are used to secure web
communications such asHTTPS.

 OpenSSL provides a set of cryptographic functions that include

encryption,decryption, digital signature generation and verification, and
messageauthentication.

 It also provides a set of tools for managing digital certificates, which are
used to establish the identity of parties in a communication and to facilitate secure key
exchange.
PWGEN COMMAND : T HE PWGEN COMMAND COMPUTES THE HASH OF A PASSWORD TYPED AT RUN -
TIME OR THE HASH OF EACH PASSWORD IN A LIST. THE PASSWORD LIST IS TAKEN FROM THE
NAMED FILE FOR OPTION - IN FILE , FROM STDIN FOR OPTION
-stdin, or from the command line, or from the terminal otherwise.

PROCEDURE:

1.Open computer system and go to virtualbox.

2.Open kali linux.

3.Go to root terminal. command: ( sudo su )

4.To Install openssl in kali linux use below command. command: ( apt install openssl )
5.Use rand command to generate password.

command: (opensslrand -base64 12 ) output: uisOUrODCoefkBXK

6.To generate 10 passwords of length 12 characters at a time usethe below command:

command: ( pwgen 12 10 )

OUTPUT:

Tuu0ahLohJ6u Eetooz2kohqu EeVeghoo5koo

ohsh2Aixosh0 VuQuaet9utai aeGh7guegoe9 waibo5weoS4e
xaigh9miuHai 0iJ5ohNg4tae 0hraifo3aAhxa

RESULT:

Hence it generate 10 passwords of length 12

characters using openssl command.
13.set up a honeypot and monitor the honeypot on network.
Aim: To set up a honeypot and monitor the honeypot on network

Software Required: 1. Personal computer

2. Virtual box 3.Guest

3. Kali Linux OS

THEOY
:

A honeypot is a security mechanism that creates a virtual trap to lure attacker

One honeypot definition comes from the world of espionage, where Mata
Hari-style spies who use a romantic relationship as a way to steal secrets are
described as setting a ‘honey trap’ or ‘honeypot
Well with the help of honeypot, you can easily monitor your own OS
and can track every activity of the hacker or you can say that, its the best
way to hack the hacker. Every big company is already using smart
honeypots in their backend like Google, Facebook and Microsoft because
they don’t want to compromise. They actually want to trace all the activities
of all the users and if they found any illegal or malicious activity found then
honeypot has the capability to block that IP address immediately.
How to set a honeypot in Kali Linux

As you all knows Kali Linux is one the most popular pentesting operating used
having more than 600+ inbuilt hacking/attacking tools pre-installed in it.
PROCEDURE :

To install honeypot in your Kali Linux machine, you need to download

and install Pentbox which you can easily find it through Github repository.
Command: git clone https://github.com/whitehatpanda/pentbox-1.8.git

After downloading, you can simply run the pentbox by typing “./pentbox.rb” from
pentbox1.8 folder. Command:”./pentbox.rb”
 Which you can easily perform with PentBox as follows:

1.Cryptography Tools
2.Network Tools
3.Web
4.IP Grabber
5.Geolocation IP
6.Mass Attack
7.License and contact
8.Exit
To use Cryptography Tools, just type “1” and it will shows another 4 options such as
“Base64Encoder/Decoder“, “Multi-Digest“, “Hash Password Cracker” and “Secure
Password Generator“.
You can use any of the option depending upon your need.
 Now we have Network Tools in option no. 2 through which you can
perform “Net Dos Tester“, “TCP port scanner“, “Honeypot“, “Fuzzer“, “DNS and
Host gathering” and “Mac address geolocation“.

 To use honeypot, just type “3” in your terminal.

 Now you can see there are two options, through which you can
configure your honeypot.

a) Fast Auto Configuration

b) Manual Configuration (For Advanced Users)

 You can choose any of the option but for easy and for newbies users,
you can choose Fast Auto Configuration. As you can see, the honeypot is started
in above screenshot.
 As you can see, your honeypot will monitor all activities on PORT 80
only, but if you want to monitor some activities on some other port, you can
choose second Manual Configuration option.
OUTPUT:

 Port 80 means, when someone opens your IP/Host in his/her web

browser, then it will immediately record that request and will display all possible
information of that request shown below:

The information you

can see: IP Address

Details of his/her
OS Web browser

Result : Hence, I have learned how to setup a honeypot and monitor it over the network
14.WORKING WITH NET STUMBLER TO PERFORM WIRELESS AUDITON A
ROUTER

Aim: To perform wireless audit on an access point or a router and decrypt WEP
and WPA (Net Stumbles).

INTRODUCTION:
NET STUMBLER:

Net Stumbler (Network Stumbles) is one of the Wi -Fi hacking tool which
only compatible with windows, this tool also a freeware. With I his
program, we can search for wireless network which open and infiltrate the
network. Its having some compatibility and network adapter issues. Net
Stumbler is a tool for Windows that allows you io detect Wireless Local
Area Networks (W LA Ns) using 802.1 lb, 802.11a and 802.1 lg. It runs
on Microsoft Windows operating systems from Windows 2000 to Windows
XP. A trimmed -down version called Mini Stumbler is available for the
handheld Windows CE operating system.
It has many uses:

 Verify that your network is set up the way you

intended Find locations with poor coverage in your
WLAN.
 Detect other networks that may be causing interference
on your network Detect unauthorized "rogue” access
points in your workplace
 Help aim directional antennas for long-
haul WLAN links. Use it recreationally
for Wardriving.

PROCEDURE:

STEP-1: Download and install Net stumbler.

STEP-2: It is highly recommended that the PC should have wireless network card
in order to access wireless router.
STEP-3: Now Run Net stumbler in record mode and configure wireless card.
STEP-4: There are several indicators regarding the strength of the signal, such as
GREEN indicates Strong. YELLOW and other color indicates a weaker
 signal, RED indicates a very weak and GREY indicates a signal loss.
STEP-5: Lock symbol with GREEN bubble indicates the Access point
has encryption enabled.

STEP-6: MAC ASSIGNED TO W IRELESS ACCESS POINT IS DISPLAYED ON RIGHT HAND

PANE .

STEP-7: THE NEXT COLUMN DISPLAYS THE ACCESS POINTS SERVICE SET IDENTIFIER{SS
ID] WHICH IS
useful to crack the password.

STEP-8: To decrypt use Wireshark tool by selecting Edit G preferences IEEE 802 1.1.

STEP-9: ENTER THE WEP KEY› AS A STRING OF HEXADECIMAL NUMBERS AS AL B2C

3D4E5.

SCREENSHOTS:
ADDING KEYS : WIRELESS T OOLBAR

If the system is having the Window's version of Wireshark and have an AerCap
adapter. then we can add decryption keys using the wireless toolbar. If the
toolbar isn't visible. you can show' it by selecting Vie w' G Wireless Toolbar.
Click on the Decryption Keys button on the toolbar

A THIS WILL OPEN THE DECRYPTION KEY MANAGEMENT WINDOW . AS SHOWN IN THE

WINDOW YOU CAN SELECT BETWEEN THREE DECRYPTION MODES : NONE, W IRESHARK
AND DRIVER:

RESULT : Thus the wireless audit on an access point or a router and decrypt WEP and
WPA (Net Stumbler) was done successfully
15.To practice on NAYAN, GYN, CHAKRA, DARPAN S3.

Aim: To practice on NAYAN, GYN, CHAKRA, DARPAN S3.

Software/Hardware Required: NAYAN, GYN, CHAKRA, DARPAN S3.

Theory :

1) NAYAN :

NAYAN (Network Abhigan niYantran) - End point authentication and access control
solution

NAYAN addresses the access control and authentication requirements of a local area
network. NAYAN controls the access to different network services at the end system level,
protecting internal network from rapidly propagating threats and network misuse. NAYAN
unifies End System Authentication, Desktop Firewall with Centralized Administration,
Automatic Policy Updating and Role Based Access Control.

The primary objective of NAYAN is to ease the Enforcement of Network Access Control
Policies at the end systems in the network. NAYAN having the feature Centralized &
Remote Administration helps the administrator, control access to network services and to
monitor from anywhere in the network. NAYAN supports Automatic Policy
Updating feature, which time-to-time pushes policies specific to each end system. NAYAN
has a unique way of authenticating an end system based on the Machine
Fingerprint generated from various system parameters CPU, OS, Hard disk, Network and
RAM details. NAYAN blocks port scanning and also unwanted traffic flowing across end
systems. Role Based Access Control ensures that only authorized personnel have access
to configuration and personal information. Policies for accessing the network services are
defined based on protocols (TCP, UDP, and ICMP), Source and Destination IP and ports,
Roles assigned to the users and time of effect. A Desktop Firewall component of NAYAN
enforces the Network Access Control policies at every end system. Network usage can be
monitored by the NACS log, and the access to the end systems can be reviewed at every
end system using the Activity log.

Features of the solution are as follows:

 User and End System Authentication

 Desktop Firewall
 Centralized Policy Management
 Automatic Policy Updating
 Role and Time Based Network Access Control
 Activity and Network Log
2) GYN (Guard Your Network) Intrusion Detection /Prevention System:

GYN is a Network Intrusion Detection / Prevention Appliance developed by C-DAC. GYN

shall work in bridge mode (in-line) for providing protection. It analyzes the packets to take
preventive measures after validating the critical attacks by carrying out multi-method
detection using SNORT compatible signatures and anomaly detection mechanism.
GYN Analyzer capabilities include analysis of packets and network flow records with user
friendly web-based Management facility. Internal Architecture of GYN includes Signature
based protection and flow based anomaly detection. It also provides comprehensive threat
analysis.

 Key features :
 Signature based attack Detection and prevention
 DoS/DDoS Detection
 Flood Detection
 Reconnaissance Detection
 Real-time Traffic Monitoring
 Traffic Anomaly Detection
 Flow Based Analysis
 Comprehensive Threat Analysis
 Alert and Attack Analysis

3) CHAKRA- Dynamic Firewall :

Chakra is a powerful, flexible and feature rich network based dynamic firewall solution. Apart
from having regular firewall features like traffic filtering, Chakra also provides unique
functionalities like dynamic rule generation through network traffic monitoring, analysis and
alert correlation. Chakra collects, analyze and correlate the outputs from multiple network
monitoring sources like SNMP, network flow and IDS to generate dynamic firewall rules.
Chakra can generate and configure firewall rules automatically for attack which change the
traffic pattern of network such as DoS, DDoS, flood etc. It is capable to generate flexible
reports related to traffic trend, security events and alerts. Chakra provides the flexibility and
control over firewall for monitoring, configuration and management in critical attack scenarios
through an interactive web based interface.

 Dynamic Rule Generation

 Traffic Monitoring
 Traffic Trend Analysis
 SNMP and Flow analyzer
 Multi source input analysis & correlation
 DoS and DDoS detection
 Anomaly detection
 Role based Authentication
 Flexible Report Generation
 System and Event log
 System resource Monitoring
 Web based GUI

4) DARPAN S3(Series 3) :
The Network Management System (DARPAN S3 NMS) is a policy based autonomic network
and cloud management suite of solutions for heterogeneous multi-vendor IP networks and
developed is based on ITU -T recommended FCAPS Model which includes the following
areas:
a) Fault management
b) Configuration management
c) Accounting management
d) Performance management
e) Security management

Platform required(if any)

Basic - Red Hat Linux Enterprise Edition/ Cent OS 6.x, 8GB RAM, 500GB HDD
Large Enterprise- Red Hat Linux Enterprise Edition/Cent OS 6.x, 16 GB RAM, 500GB HDD
Large Enterprise - Red Hat Linux Enterprise Edition/ Cent OS 6.x, 32GB RAM, 1TB HDD