EX.

NO:
Ex.No. 1 : Implement symmetric key algorithms
DATE:

AIM:

To implement a Symmetric Key Encryption and Decryption algorithm using

AES (Advanced Encryption Standard) in Java.

ALGORITHM:

1. Input the plaintext from the user.

2. Generate a secret key using the AES algorithm.
3. Initialize the cipher for encryption mode.
4. Encrypt the plaintext using the secret key.
5. Print the encrypted text in Base64 format for readability.
6. Initialize the cipher for decryption mode.
7. Decrypt the encrypted text back to the original plaintext.
8. Print the decrypted text to verify correctness.

PROGRAM:
import javax.crypto.Cipher;
import
javax.crypto.KeyGenerator;
import
javax.crypto.SecretKey;
import java.util.Scanner;

public class SymmetricKeyExample

{
public static void main(String[] args) throws Exception
{
// Get plaintext input from the user
Scanner scanner = new Scanner(System.in);
System.out.print("Enter the text to encrypt:
"); String plainText = scanner.nextLine();

// Generate AES Key

KeyGenerator keyGen =
KeyGenerator.getInstance("AES"); keyGen.init(128);
SecretKey secretKey = keyGen.generateKey();

// Initialize Cipher
Cipher cipher = Cipher.getInstance("AES");

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

// Encrypt
cipher.init(Cipher.ENCRYPT_MODE,
secretKey); byte[] encrypted =
cipher.doFinal(plainText.getBytes());
System.out.println("Encrypted Text (Base64 Encoded): " +
java.util.Base64.getEncoder().encodeToString(encrypted));

// Decrypt
cipher.init(Cipher.DECRYPT_MODE,
secretKey); byte[] decrypted =
cipher.doFinal(encrypted);
System.out.println("Decrypted Text: " + new String(decrypted));
}
}

OUTPUT:

RESULT:
The implementation of AES Symmetric Key Encryption and Decryption
was successfully executed.

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:
Ex.No.2: Implement asymmetric key algorithms and key exchange
DATE: algorithms

AIM:

To implement Asymmetric Key Cryptography using the RSA algorithm and perform
key exchange for secure communication.

ALGORITHM:

1. Generate an RSA key pair (Public Key & Private Key).

2. Accept plaintext input from the user.
3. Encrypt the plaintext using the Public Key.
4. Display the encrypted text in Base64 encoding for readability.
5. Accept encrypted input for decryption (Base64 format).
6. Decrypt the encrypted text using the Private Key.
7. Display the original decrypted message to verify correctness.

PROGRAM:
importjava.security.*;
import javax.crypto.Cipher;
import java.util.Scanner;

public class RSAExample {

// Generate RSA Key Pair

public static KeyPair generateKeyPair() throws NoSuchAlgorithmException {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(2048); // 2048-bit RSA key pair
return keyGen.generateKeyPair();
}

// Encrypt using Public Key

public static byte[] encrypt(String plainText, PublicKey publicKey) throwsException {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return cipher.doFinal(plainText.getBytes());

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

// Decrypt using Private Key

public static String decrypt(byte[] cipherText, PrivateKey privateKey) throws Exception {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE,
privateKey); byte[] decrypted =
cipher.doFinal(cipherText); return new
String(decrypted);
}

public static void main(String[] args) throws Exception {

Scanner scanner = new Scanner(System.in);

// Generate RSA Key Pair

KeyPair keyPair = generateKeyPair();
PublicKey publicKey =
keyPair.getPublic(); PrivateKey
privateKey = keyPair.getPrivate();

// Get plaintext input from the user

System.out.print("Enter the text to encrypt:
"); String message = scanner.nextLine();
System.out.println("Original Message: " +
message);

// Encrypt the message using the Public Key

byte[] encryptedMessage = encrypt(message, publicKey);
System.out.println("Encrypted Message (Base64): " +
java.util.Base64.getEncoder().encodeToString(encryptedMessage));

// Get encrypted input from the user for decryption

System.out.print("Enter the encrypted text (Base64) to decrypt:
"); String encryptedInput = scanner.nextLine();
byte[] encryptedInputBytes = java.util.Base64.getDecoder().decode(encryptedInput);

// Decrypt the message using the Private Key

String decryptedMessage = decrypt(encryptedInputBytes, privateKey);
System.out.println("Decrypted Message: " + decryptedMessage);

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

}
}

OUTPUT:

RESULT:

The implementation of Asymmetric Key Encryption and Decryption using the RSA
Algorithm was successfully executed.

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:
Ex.No.3 Implement digital signature schemes
DATE:

AIM:

To implement a Digital Signature Scheme using the RSA algorithm and SHA-
256 hashing for message authentication and integrity verification.

ALGORITHM:

1. Generate an RSA Key Pair (Public Key & Private Key).

2. Accept a message from the user.
3. Generate a digital signature using the Private Key and SHA-256 hashing.
4. Display the generated signature in Base64 format for readability.
5. Verify the digital signature using the Public Key.
6. Test signature verification by altering the message and verifying again.
7. Display verification results, proving message integrity and authentication.

PROGRAM:
import java.security.*;
import java.util.Base64;
import java.util.Scanner;

public class DigitalSignatureExample {

// Generate RSA Key Pair

public static KeyPair generateKeyPair() throws NoSuchAlgorithmException {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(2048); // 2048-bit RSA key pair
return keyGen.generateKeyPair();
}

// Sign the message using the private key

public static byte[] signMessage(String message, PrivateKey privateKey) throws Exception {
Signature signature = Signature.getInstance(“SHA256withRSA”); // Use SHA-256 with
RSA
signature.intSign(privateKey);
signature.update(message.getBytes());
return signature.sign();
}

// Verify the signature using the public key

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

public static boolean verifySignature(String message, byte[] signatureBytes,

PublicKey publicKey) throws Exception {
signature signature = signature.getInstance(“SHA256withRSA”); // Use SHA-256 with
RSA
signature.initVerify(publicKey);
signature.update(message.getBytes());
return signature.verify(signatureBytes);
}

public static void main(String[] args) throws Exception {

Scanner scanner = new Scanner(System.in);

// Generate RSA Key Pair

KeyPair keyPair = generateKeyPair();
PrivateKey privateKey =
keyPair.getPrivate(); PublicKey
publicKey = keyPair.getPublic();

// Get the message from the user

System.out.print("Enter the message to sign:
"); String message = scanner.nextLine();
System.out.println("Original Message: " +
message);

// Sign the message

byte[] signatureBytes = signMessage(message, privateKey);
String signatureBase64 = Base64.getEncoder().encodeToString(signatureBytes);
System.out.println("Generated Signature (Base64): " + signatureBase64);

//Verify the signature using the public key

boolean isVerified = verifySignature(message, signatureBytes, publicKey);
System.out.println("Signature Verified: " + isVerified);

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

// Example of a manipulated message for testing signature verification

System.out.print("Enter a manipulated message to test verification: "); String
alteredMessage = scanner.nextLine();
boolean isAlteredMessageVerified = verifySignature(alteredMessage, signatureBytes,
publicKey);
System.out.println("Altered Message Signature Verified: " + isAlteredMessageVerified);
}
}

OUTPUT:

RESULT:
The implementation of Digital Signature Scheme using RSA and SHA-256 was
successfully executed

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:
Ex.No.4 Installation of Wire shark, tcpdump and observe data transferred in
DATE:
client-server communication using UDP/TCP and identify the UDP/TCP
datagram.

AIM:

To install and use Wireshark and tcpdump to observe network traffic and
analyze TCP/UDP datagrams in client-server communication.

PROCEDURE:

Step 1: Install Wireshark and tcpdump

● Open a terminal.
● Update your package list: sudo apt update
● Install Wireshark and tcpdump: sudo apt install wireshark tcpdump
● During the Wireshark installation, you may be prompted to allow non-
superusers to capture packets. Select Yes if you want to run Wireshark
without sudo.

STEP 2: CAPTURE NETWORK TRAFFIC USING WIRESHARK:

● Launch Wireshark:
sudo wireshark
● Select the network interface (e.g., eno1 for Ethernet).
● Start capturing packets by clicking the Start button.
● Use display filters to focus on specific traffic:
○ For TCP: tcp
○ For UDP: udp
● Observe the packets in the capture window. You can see details like source IP,
destination IP, ports, and payload.

USING TCPDUMP:

● Open a terminal.
● Capture TCP traffic:
sudo tcpdump -i <interface> tcp
Replace <interface> with your network interface (e.g., eno1).
● Capture UDP traffic:
sudo tcpdump -i <interface> udp

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

● Save the captured packets to a file for later

analysis: sudo tcpdump -i <interface> -w
capture.pcap
You can open the capture.pcap file in Wireshark for detailed analysis.

STEP 3: SET UP CLIENT-SERVER COMMUNICATION SET UP A SIMPLE TCP

SERVER AND CLIENT
● Start a TCP Server:
nc -l 12345
CONNECT WITH A TCP CLIENT:

nc localhost 12345
● Type messages in the client and observe transmission.

SET UP A SIMPLE UDP SERVER AND CLIENT

● Start a UDP Server:

nc -u -l 12345
CONNECT WITH A UDP CLIENT:
nc -u localhost 12345
● Type messages and observe the interaction.

STEP 5: ANALYZE THE CAPTURED PACKETS

1. Use Wireshark or tcpdump to capture the traffic while running the

client-server communication.
2. In Wireshark:
○ Look for packets with the protocol UDP or TCP.
○ Expand the packet details to see the headers (source port,
destination port, checksum, etc.).
○ For TCP, observe the sequence numbers, acknowledgment numbers,
and flags (SYN, ACK, FIN, etc.).
○ For UDP, the header is simpler, containing only source port,
destination port, length, and checksum.
3. In tcpdump:
○ The output will show the source and destination IPs and ports, along
with the protocol (UDP/TCP).

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

STEP 6: IDENTIFY UDP/TCP DATAGRAMS

● UDP Datagram:
○ Connectionless protocol.
○ No handshake or acknowledgment.
○ Smaller header (8 bytes).
● TCP Datagram:
○ Connection-oriented protocol.
○ Three-way handshake (SYN, SYN-ACK, ACK).
○ Larger header (20 bytes) with sequence numbers, acknowledgment
numbers, and flags.

RESULT:

The installation of Wireshark and tcpdump was successful. Network traffic

was captured, and TCP/UDP datagrams were identified and analyzed.

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:
Ex.No.5 Check Message Integrity and Confidentiality using SSL
DATE:

Aim:

To demonstrate and verify message integrity and confidentiality using Secure

Sockets Layer (SSL) protocol.

PROCEDURE:

Step 1: Generate SSL Certificates and Keys

1. Open the terminal and navigate to your working

directory: mkdir ssl && cd ssl
2. Generate a private key:
openssl genpkey -algorithm RSA -out private_key.pem
3. Create a certificate signing request (CSR):
openssl req -new -key private_key.pem -out request.csr
4. Generate a self-signed certificate:
openssl x509 -req -days 365 -in request.csr -signkey private_key.pem -out
certificate.pem

Step 2: Secure a Message using SSL/TLS

1. Create a simple text message:
echo "This is a secure message" > message.txt
2. Extract the public key from certificate.pem
openssl x509 -pubkey -noout -in certificate.pem > public_key.pem
3. Encrypt the message using SSL:
openssl rsautl -encrypt -inkey public_key.pem -pubin -in message.txt -out
message.enc
4. Verify that the message is encrypted:
cat message.enc
○ The output should be unreadable binary data.

Step 3: Check Message Integrity

1. Generate a message digest (hash) using

SHA-256: openssl dgst -sha256
message.txt
2. Sign the message digest with a private key:
openssl dgst -sha256 -sign private_key.pem -out message.sig message.txt

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

3. Extract the public key from certificate.pem

openssl x509 -pubkey -noout -in certificate.pem > public_key.pem
4. Verify the signature:
openssl dgst -sha256 -verify public_key.pem -signature message.sig message.txt
○ If the message is unchanged, the output will confirm successful verification.

Step 4: Decrypt the Message

1. Decrypt the encrypted message using the private key:

openssl rsautl -decrypt -inkey private_key.pem -in message.enc -out
decrypted_message.txt
2. Verify the decrypted
message:
Cat decrypted_message.txt
○ The output should match the original message.

RESULT:

Thus, OpenSSL was installed successfully. Message encryption, decryption, and

integrity verification were performed using SSL, ensuring confidentiality and authenticity of
data.

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:
Ex.No.6. Experiment Eavesdropping, Dictionary attacks, MITM
DATE: attacks

AIM:

To study the Eavesdropping, Dictionary attacks, MITM attacks.

PROCEDURE:

A man-in-the-middle attack is a type of eavesdropping attack, where

attackers interrupt an existing conversation or data transfer. After inserting
themselves in the "middle" of the transfer, the attackers pretend to be both
legitimate participants. This enables an attacker to intercept information and
data from either party while also sending malicious links or other information to
both legitimate participants in a way that might not be detected until it is too late.

You can think of this type of attack as similar to the game of telephone where
one person's words are carried along from participant to participant until it has
changed by the time it reaches the final person. In a man-in-the-middle attack,
the middle participant manipulates the conversation unknown to either of the
two legitimate participants, acting to retrieve confidential information and
otherwise cause damage.

Man-in-the-middle attacks:

 Are a type of session hijacking

 Involve attackers inserting themselves as relays or proxies in an ongoing,
legitimate conversation or data transfer
 Exploit the real-time nature of conversations and data transfers to
go undetected
 Allow attackers to intercept confidential data
 Allow attackers to insert malicious data and links in a way indistinguishable
from legitimate data

EXAMPLES OF MITM ATTACKS

Although the central concept of intercepting an ongoing transfer remains the

same,
there are several different ways attackers can implement a man-in-the-middle
attack.

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

Scenario 1: Intercepting Data

1. The attacker installs a packet sniffer to analyze network traffic for insecure
communications.
2. When a user logs in to a site, the attacker retrieves their user information and
redirects them to a fake site that mimics the real one.
3. The attacker's fake site gathers data from the user, which the attacker can
then use on the real site to access the target's information.

In this scenario, an attacker intercepts a data transfer between a client and server.
By tricking the client into believing it is still communicating with the server and
the server into believing it is still receiving information from the client, the
attacker is able to intercept data from both as well as inject their own false
information into any future transfers.

Scenario 2: Gaining Access to Funds

1. The attacker sets up a fake chat service that mimics that of a well-known
bank.
2. Using knowledge gained from the data intercepted in the first scenario, the
attacker pretends to be the bank and starts a chat with the target.
3. The attacker then starts a chat on the real bank site, pretending to be the
target and passing along the needed information to gain access to the target's
account.

In this scenario, the attacker intercepts a conversation, passing along parts of

the discussion to both legitimate participants.

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

REAL-WORLD MITM ATTACKS

In 2011, Dutch registrar site DigiNotar was breached, which enabled a threat
actor to gain access to 500 certificates for websites like Google, Skype, and
others. Access to these certificates allowed the attacker to pose as legitimate
websites in a MITM attack, stealing users' data after tricking them into entering
passwords on malicious mirror sites. DigiNotar ultimately filed for bankruptcy as
a result of the breach.

In 2017, credit score company Equifax removed its apps from Google and Apple
after a breach resulted in the leak of personal data. A researcher found that the
app did not consistently use HTTPS, allowing attackers to intercept data as users
accessed their accounts.

INTERACTIONS SUSCEPTIBLE TO MITM ATTACKS

Any improperly secured interaction between two parties, whether it's a data
transfer between a client and server or a communication between two
individuals over an internet messaging system, can be targeted by man-in-the-
middle attacks. Logins and authentication at financial sites, connections that
should be secured by public or private keys, and any other situation where an
ongoing transaction could grant an attacker access to confidential information
are all susceptible.

OTHER FORMS OF SESSION HIJACKING

Man-in-the-middle attacks are only one form of session hijacking. Others

include:

 Sniffing - An attacker uses software to intercept (or "sniff") data being sent
to or from your device.

 Sidejacking - An attacker sniffs data packets to steal session cookies from

your device, allowing them to hijack a user session if they find unencrypted
login information. 

 Evil Twin - An attacker duplicates a legitimate Wi-Fi network, enabling

them to intercept data from users who believe they are signing on to the real
network.

RESULT:
Thus the study of Eavesdropping, Dictionary attacks, MITM attacks is successfully
completed.

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:
Ex.No.7. Experiment with Sniff Traffic using ARP Poisoning
DATE:

AIM:

To demonstrate Intrusion Sniff Traffic using ARP Poisoning.

STEPS FOR CONFIGURING ARP:

ARP is the acronym for Address Resolution Protocol. It is used to

convert IP address to physical addresses [MAC address] on a switch. The host
sends an ARP broadcast on the network, and the recipient computer responds
with its physical address [MAC Address]. The resolved IP/MAC address is then
used to communicate. ARP poisoning is sending fake MAC addresses to the
switch so that it can associate the fake MAC addresses with the IP address
of a genuine computer on a network and hijack the traffic.

ARP Poisoning Countermeasures

Static ARP entries: these can be defined in the local ARP cache and the switch
configured to ignore all auto ARP reply packets. The disadvantage of this
method is, it’s difficult to maintain on large networks. IP/MAC address mapping
has to be distributed to all the computers on the network.

ARP poisoning detection software: these systems can be used to cross check
the IP/MAC address resolution and certify them if they are authenticated.
Uncertified IP/MAC address resolutions can then be blocked.

Operating System Security: this measure is dependent on the operating system

been used. The following are the basic techniques used by various operating
systems.

 Linux based: these work by ignoring unsolicited ARP reply packets.

 Microsoft Windows: the ARP cache behavior can be configured via the
registry. The following list includes some of the software that can be
used to protect networks against sniffing;

AntiARP– provides protection against both passive and

active sniffing

Agnitum Outpost Firewall–provides protection against

passive Sniffing.

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

 XArp– provides protection against both passive and active sniffing

Mac OS: ArpGuard can be used to provide protection. It protects against

both active and passive sniffing. 

Hacking Activity: Configure ARP entries in Windows

We are using Windows 7 for this exercise, but the commands should be able to
work on other versions of windows as well.

Open the command prompt and enter the following

command arp –a

HERE,

aprcalls the ARP configure program located in

Windows/System32 directory

 -a is the parameter to display to contents of the ARP cache

You will get results similar to the following.

Note: dynamic entries are added and deleted automatically when using TCP/IP sessions
with remote computers.

Static entries are added manually and are deleted when the computer is
restarted, and the network interface card restarted or other activities that affect
it.

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

ADDING STATIC ENTRIES

Open the command prompt then use the ipconfig /all command to get the IP and
MAC address.

The MAC address is represented using the Physical Address and the IP address is
IPv4Address.

Enter the following command

arp –s 192.168.1.38 60-36-DD-A6-C5-43

Note: The IP and MAC address will be different from the ones used here. This
is because they are unique.

Use the following command to view the ARP

cache arp –a

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

You will get the following results

Note the IP address has been resolved to the MAC address we provided and it is
of a static type.

Deleting an ARP cache entry

Use the following command to remove an
entry arp –d 192.168.1.38

P.S. ARP poisoning works by sending fake MAC addresses to the switch.

RESULT:
Thus the Sniff Traffic using ARP Poisoning is demonstrated successfully.

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:
Ex.No.8. Demonstration of Intrusion Detection System (IDS
DATE:

AIM:

To demonstrate Intrusion Detection System (IDS) using Snort software tool.

STEPS ON CONFIGURING AND INTRUSION DETECTION:

1. Download Snort from the Snort.org website. (http://www.snort.org/snort-

downloads)

2. Download Rules(https://www.snort.org/snort-rules). You must register to get

the rules. (You should download these often)

3. Double click on the .exe to install snort. This will install snort in
the “C:\Snort” folder.It is important to have WinPcap
(https://www.winpcap.org/install/) installed

4. Extract the Rules file. You will need WinRAR for the .gz file.

5. Copy all files from the “rules” folder of the extracted folder. Now paste the
rules into “C:\Snort\rules” folder.

6. Copy “snort.conf” file from the “etc” folder of the extracted folder. You must
paste it into “C:\Snort\etc” folder. Overwrite any
existing file. Remember if you modify your snort.conf file and download a new
file, you must modify it for Snort to work.

7. Open a command prompt (cmd.exe) and navigate to folder “C:\Snort\bin”

folder. (at the Prompt, type cd\snort\bin)

8. To start (execute) snort in sniffer mode use following

command: snort -dev -i 3

-i indicates the interface number. You must pick the correct interface number. In my
case, it is 3.

-dev is used to run snort to capture packets on your network.

To check the interface list, use following command:

snort -W

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

Finding an interface

You can tell which interface to use by looking at the Index number and finding
Microsoft. As you can see in the above example, the other interfaces are for
VMWare. My interface is 3.

9. To run snort in IDS mode, you will need to configure the file “snort.conf”
according to your network environment.

10. To specify the network address that you want to protect in snort.conf file,
look for the following line. var HOME_NET 192.168.1.0/24 (You will normally
see any here)

11. You may also want to set the addresses of DNS_SERVERS, if you have
some on your network.

Example:

example snort

12. Change the RULE_PATH variable to the path of rules

folder. var RULE_PATH c:\snort\rules

path to rules
13. Change the path of all library files with the name and path on your system.
and you must change the path of snort_dynamicpreprocessorvariable.

C:\Snort\lib\snort_dynamiccpreprocessor.

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

You need to do this to all library files in the “C:\Snort\lib” folder. The old path
might be: “/usr/local/lib/…”. you will need to replace that path with your
system path. Using C:\Snort\lib

14. Change the path of the “dynamicengine” variable value in the “snort.conf”
file.

Example:
dynamicengine C:\Snort\lib\snort_dynamicengine\sf_engine.dll

15 Add the paths for “include classification.config” and “include

reference.config” files.

include
c:\snort\etc\classification.config
include c:\snort\etc\reference.config

16. Remove the comment (#) on the line to allow ICMP rules, if it
is commented
with a #.
include $RULE_PATH/icmp.rules

17. You can also remove the comment of ICMP-info rules comment, if it is
commented.

include $RULE_PATH/icmp-info.rules

18. To add log files to store alerts generated by snort, search for the “output
log” test in snort.conf and add the following line: output alert_fast: snort-
alerts.ids

19. Comment (add a #) the whitelist $WHITE_LIST_PATH/white_list.rules and

the blacklist

Change the nested_ip inner, \ to nested_ip inner #, \

Comment out (#) following lines:

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

#preprocessor normalize_ip4
#preprocessor normalize_tcp: ips ecn
stream #preprocessor normalize_icmp4
#preprocessor normalize_ip6
#preprocessor normalize_icmp6

20. Save the “snort.conf” file

21. To start snort in IDS mode, run the following
command: snort -c c:\snort\etc\snort.conf -l c:\snort\log -i

(Note: 3 is used for my interface card)

If a log is created, select the appropriate program to open it. You can use
WordPard or NotePad++ to read the file.

To generate Log files in ASCII mode, you can use following command while
running snort in IDS mode:

snort -A console -i3 -c c:\Snort\etc\snort.conf -l c:\Snort\log -K ascii

22. Scan the computer that is running snort from another computer by using
PING or NMap (ZenMap).

After scanning or during the scan you can check the snort-alerts.ids file in the
log folder to insure it is logging properly. You will see IP address folders appear.

Snort monitoring traffic –

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

RESULT:
Thus the Intrusion Detection System (IDS) has been demonstrated by using the Open
Source Snort Intrusion Detection Tool.

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE: Ex.No.9. Explore network monitoring tools

AIM:

To download the N-Stalker Vulnerability Assessment Tool and exploring the

features.

EXPLORING N-STALKER:

 N-Stalker Web Application Security Scanner is a Web security

assessment tool.

 It incorporates with a well-known N-Stealth HTTP Security

Scanner and 35,000 Web attack signature database.

 This tool also comes in both free and paid version.

 Before scanning the target, go to “License Manager” tab, perform the

update.

 Once update, you will note the status as up to date.

 You need to download and install N-Stalker from www.nstalker.com.

1. Start N-Stalker from a Windows computer. The program is

installedunder Start ➪ Programs ➪ N-Stalker ➪ N-Stalker
Free Edition.

2. Enter a host address or a range of addresses to scan.

3. Click Start Scan.

4. After the scan completes, the N−Stalker Report Manager will prompt

5. you to select a format for the resulting report as choose Generate

HTML.

6. Review the HTML report for vulnerabilities

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

Now goto “Scan Session”, enter the target URL.

In scan policy, you can select from the four options,

 Manual test which will crawl the website and will be waiting
for manual attacks.

 full xss assessment

 owasp policy

 Web server infrastructure analysis.

Once, the option has been selected, next step is “Optimize settings” which will
crawl the whole website for further analysis.

In review option, you can get all the information like host information,
technologies used, policy name, etc.

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

Once done, start the session and start the scan.

The scanner will crawl the whole website and will show the scripts, broken
pages, hidden fields, information leakage, web forms related information which
helps to analyze further.

Once the scan is completed, the NStalker scanner will show details like severity
level, vulnerability class, why is it an issue, the fix for the issue and the URL
which is vulnerable to the particular vulnerability?

RESULT:
Thus the N-Stalker Vulnerability Assessment tool has been downloaded,
installed and the features has been explored by using a vulnerable website.

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE: Ex.No.10. Study to configure Firewall, VPN

AIM:

To configure the Firewall and VPN networks.

CONFIGURE FIREWALL RULES

When you configure Cloud VPN tunnels to connect to your peer network, review and
modify firewall rules in your Google Cloud and peer networks to make sure that they
meet your needs. If your peer network is another Virtual Private Cloud (VPC) network,
then configure Google Cloud firewall rules for both sides of the network connection.

GOOGLE CLOUD FIREWALL RULES

Google Cloud firewall rules apply to packets sent to and from virtual machine (VM)
instances within your VPC network and through Cloud VPN tunnels.

The implied allow egress rules allow VM instances and other resources in your Google
Cloud network to make outgoing requests and receive established responses. However,
the implied deny ingress rule blocks all incoming traffic to your Google Cloud
resources.

At a minimum, create firewall rules to allow ingress traffic from your peer network to
Google Cloud. If you created egress rules to deny certain types of traffic, you might
also need to create other egress rules.

Traffic containing the protocols UDP 500, UDP 4500, and ESP (IPsec, IP protocol 50)
is always allowed to and from one or more external IP addresses on a Cloud VPN
gateway. However, Google Cloud firewall rules do not apply to the post- encapsulated
IPsec packets that are sent from a Cloud VPN gateway to a peer VPN gateway.

EXAMPLE CONFIGURATIONS

For multiple examples of restricting ingress or egress traffic, see the configuration
examples in the VPC documentation.
The following example creates an ingress allow firewall rule. This rule permits all TCP,
UDP, and ICMP traffic from your peer network's CIDR to your VMs in your VPC
network.

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

PERMISSIONS REQUIRED FOR THIS TASK

1. In the Google Cloud console, go to the VPN tunnels

page. Go to VPN tunnels
2. Click the VPN tunnel that you want to use.
3. In the VPN gateway section, click the name of the VPC network. This action
directs you to the VPC network details page that contains the tunnel.
4. Click the Firewall rules tab.
5. Click Add firewall rule. Add a rule for TCP, UDP, and ICMP:
 Name: Enter allow-tcp-udp-icmp.
 Source filter: Select IPv4 ranges.
 Source IP ranges: Enter a Remote network IP range value from when you
created the tunnel. If you have more than one peer network range, enter each
one. Press the Tab key between entries. To allow traffic from all source IPv4
addresses in your peer network, specify 0.0.0.0/0.
 Specified protocols or ports: Select tcp and udp.
 Other protocols: Enter icmp.
 Target tags: Add any valid tag or tags.

6. Click Create.
If you need to allow access to IPv6 addresses on your VPC network from your
peer network, add an allow-ipv6-tcp-udp-icmpv6 firewall rule.

1. Click Add firewall rule. Add a rule for TCP, UDP, and ICMPv6:
 Name: Enter allow-ipv6-tcp-udp-icmpv6.
 Source filter: Select IPv6 ranges.
 Source IP ranges: Enter a Remote network IP range value from when you
created the tunnel. If you have more than one peer network range, enter each
one.
Press the Tab key between entries. To allow traffic from all source IPv6
addresses
in your peer network, specify::/0.
 Specified protocols or ports: Select tcp and udp.
 Other protocols: Enter 58. 58 is the protocol number for ICMPv6.
 Target tags: Add any valid tag or tags.

2. Click Create.
Create other firewall rules if necessary.

Alternatively, you can create rules from the Google Cloud console Firewall
page.

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No:

EX. NO:

DATE:

PEER FIREWALL RULES

When configuring your peer firewall rules, consider the following:

 Configure rules to allow egress and ingress traffic to and from the IP ranges
used by the subnets in your VPC network.

 You can choose to permit all protocols and ports, or you can restrict traffic to
only the necessary set of protocols and ports to meet your needs.

 Allow ICMP traffic if you need to use ping to be able to communicate among
peer systems and instances or resources in Google Cloud.

 If you need to access IPv6 addresses on your peer network with ping, allow
ICMPv6 (IP protocol 58) in your peer firewall.

 Both your network devices (security appliances, firewall devices, switches,

routers, and gateways) and software running on your systems (such as firewall
software included with an operating system) can implement on-premises
firewall rules. To allow traffic, configure all firewall rules in the path to your
VPC network appropriately.
 If your VPN tunnel uses dynamic (BGP) routing, make sure that you allow
BGP traffic for the link-local IP addresses. For more details, see the next
section.
BGP CONSIDERATIONS FOR PEER GATEWAYS
Dynamic (BGP) routing exchanges route information by using TCP port 179.
Some VPN gateways, including Cloud VPN gateways, allow this traffic
automatically when you choose dynamic routing. If your peer VPN gateway
does not, configure it to allow incoming and outgoing traffic on TCP port 179.
All BGP IP addresses use the link-local 169.254.0.0/16 CIDR block.
If your peer VPN gateway is not directly connected to the internet, make sure
that it and peer routers, firewall rules, and security appliances are configured to
at least pass BGP traffic (TCP port 179) and ICMP traffic to your VPN gateway.
ICMP is not required, but it is useful to test connectivity between a Cloud
Router and your VPN gateway. The range of IP addresses to which your peer
firewall rule should apply must include the BGP IP addresses of the Cloud
Router and your gateway.

RESULT:
Thus the study of Firewall and VPN is demonstrated successfully.

AALIM MUHAMMED SALEGH COLLGE OF ENGINEERING PAGE No: