Description of Work Carried out:-

The Industrial Training was in the field of Information Security and Ethical Hacking.

Information Security protects information from a wide range of threats in order to

ensure business continuity , minimize business losses . It also protects the privacy of
an individual. Information Security is achieved by implementing a suitable set of
comtrols, which could be policies, practices, procedure, organisational structures and
software functions.

Information Security in IT World includes Data Security, Computer Security, LAN or

Network Security, Internet Security.

Whereas Hacking is unauthorized use or attempts to circumvent the security of an

Information System. In Ethical Hacking we try to track the person Hacking the
System.

In the training the aim was to try and secure the System against unauthorized access.
For Data Security Many already existing tools were used, Windows Registry was
edited so as to boost the security of a System. Many functionalities of Windows OS
which are used by Hackers were explored and exploited .

In Ethical Hacking the ways to track down the Hacker’s identity and location were
experimented with that too wihout revealing your own identity.

Cryptography, a prominent Information tool in security was discussed in detail and

practically implemented. RSA public key cryptography was implemented on a
Websites to protect user sent Data.

Finally the focus was on the Cyber Laws in India w.r.t. hacking and phishing.
DETAILS:

 Data Collected:-
o Working of a Web Server and Website.

o PHP basics and its working

o Java Script Basics

o The Working of intruders:- How they attack to gain illegal access to data.

 Analysis:
PHP is a server side language whereas Java Script is used on Client side, now in
general encryption is done on server side in php so as to store passwords etc. If we
send the data encrypted on client side itself it is more secure and safe to transfer.

So, we can encrypt the data (passwords and usernames) on client side using Java
Script wherein decrypting the same on Server side using PHP code for decryption.

We can use various Cryptographic Algorithms for the same, we used RSA Public Key
Cryptography for implementation on a Website.

• RSA Public-Key Cryptography:Implemented on Website

(Program Developement)

Introduction:

1.)Key generation:-
RSA involves a public key and a private key. The public key can be known to
everyone and is used for encrypting messages. Messages encrypted with the public
key can only be decrypted using the private key. The keys for the RSA algorithm are
generated the following way:

1. Choose two distinct prime numbers p and q.

 o For security purposes, the integers p and q should be chosen uniformly at
random and should be of similar bit-length. Prime integers can be
efficiently found using a primality test.
2. Compute n = pq.
o n is used as the modulus for both the public and private keys
3. Compute φ(pq) = (p − 1)(q − 1). (φ is Euler's totient function).
4. Choose an integer e such that 1 < e < φ(pq), and e and φ(pq) share no divisors
other than 1 (i.e., e and φ(pq) are coprime).
o e is released as the public key exponent.
o e having a short bit-length and small Hamming weight results in more
efficient encryption. However, small values of e (such as e = 3) have been
shown to be less secure in some settings.[4]
5. Determine d (using modular arithmetic) which satisfies the congruence relation
.
o Stated differently, ed − 1 can be evenly divided by the totient (p − 1)
(q − 1).
o This is often computed using the extended Euclidean algorithm.
o d is kept as the private key exponent.

The public key consists of the modulus n and the public (or encryption) exponent e.
The private key consists of the private (or decryption) exponent d which must be kept
secret.

Encryption:-
Sender A does the following:-

1. Obtains the recipient B's public key (n, e).

1. Represents the plaintext message as a positive integer m

NOTE:

When representing the plaintext octets as the representative integer m, it is usual to add
random padding characters to make the size of the integer m large and less susceptible to
certain types of attack. If m = 0 or 1 or n-1 there is no security as the ciphertext has the same
value.

2. Computes the ciphertext c = me mod n.

3. Sends the ciphertext c to B.

Decryption:-
Recipient B does the following:-

1. Uses his private key (n, d) to compute m = cd mod n.

2. Extracts the plaintext from the message representative m.
Digital signing:-
Sender A does the following:-

1. Creates a message digest of the information to be sent.

2. Represents this digest as an integer m between 0 and n-1.
3. Uses her private key (n, d) to compute the signature s = md mod n.
4. Sends this signature s to the recipient, B.

Signature verification:-
Recipient B does the following:-

1. Uses sender A's public key (n, e) to compute integer v = se mod n.

2. Extracts the message digest from this integer.
3. Independently computes the message digest of the information that has been
signed.
4. If both message digests are identical, the signature is valid.

Implementation in Project:
In the Project the RSA algorithm was implementated on a Website. There the
encryption of the data to be sent by user was done in javascript and the decryption on
the server side was implemented in PHP.

• Experiments Performed
 DNS Server on Windows Server

Domain Name Server is used to resolve the Client IP Address.

In it a Zone is established using an inbuilt configuration utility of Windows and

the Hostnames are added manually.

 DHCP Server Setup on Windows Server

Provides IP address to client that is braodcasting for IP address requisal over the
Network.

 DHCP Relay Agent

Relay Agent relay the request for an IP address from one DHCP server to other.

 Active Directory Setup

The centralized database structure that stores the information of user group and
objects.
 Setup Domain Controller

 Registry editing to make the System Secure from unauthorized access.

 Block Null Session

 Use admin Password

 SYSKEY password

 Enable LSA, SAM,SRM

 File Encryption

 Use Null Session to make connection to another computer on the network.

 How to create a Null Session

 Disabling default shares

 Email ID Tracking

 Hiding your External IP on Ineternet

 Active Finger Printing: To find the OS of a the System running a Webserver or

any other Remote Machine.

 ICMP Broadcasting to see the running running services and there ports on a
remote system.

Experiments Performed contd....

 PORT Scanning to find all the open ports.

 Trace the Route to a remote Machine.

 Smurf Attack, Tear Drop Attack, Distributed Denial of Service