COLLEGE OF COMPUTER STUDIES

IT0007
(Information Assurance & Security 2)

EXERCISE

6
CREATING CODES

Student Name /
Group Name:
Name Role
Members (if Group):

Section:
Professor:

a. PROGRAM OUTCOME/S (PO) ADDRESSED BY THE LABORATORY EXERCISE

  Apply knowledge through the use of current techniques and tools necessary for the IT
profession. [PO: G]

b. COURSE LEARNING OUTCOME/S (CLO)ADDRESSED BY THE LABORATORY

EXERCISE
 Perform a vulnerability analysis of a system and explain how design, implementation, and
installation of hardware and software contribute to vulnerabilities of the organization.
[CLO: 2]

c. INTENDED LEARNING OUTCOME/S (ILO) OF THE LABORATORY EXERCISE

At the end of this exercise, students must be able to:
 Discuss and explain how devices and services are used to enhance network security.
 Discuss and explain how networks are attacked and various types of threats and
attacks.

d. BACKGROUND INFORMATION
 Nearly every “secure” system that is used today can be vulnerable to some type of
cyberattack.

e. GRADING SYSTEM/ RUBRIC

Trait (Excellent) (Good) (Fair) (Poor)
Able to identify Able to identify Able to identify only Unable to
correctly all input correctly all input one input or output identify any
Requirement and output and and output (22-14pts) input and output
Specification(30pts) provide alternative. (25-17pts) (20-11pts)
(28-20pts)

Able to apply Able to apply Able to identify Unable to

required data type required data type required data type or identify required
Data type(20pts) or data structure or data structure data structure but data type
and produce correct and produce does apply correctly (9-11pts)
results (18-20pts) partially correct (12-14pts)
results (15-17pts)
Input The program works The program The program The program
Validation(20pts) and meets all works and meets produces correct produce s
 specifications. all specifications. results but does not incorrect results
Does exception al Does some display correctly (9-11pts)
checking for errors checking for errors Does not check for
and out-of- range and out of range errors and out of
data (18-20pts) data (15-17pts) range data (12-14pts)
Unable to run Able to run Able to run program Able to run
program (10pts) program but have correctly without any program
Free from syntax, logic error (8-9pts) logic error and correctly without
logic, and runtime display inappropriate any logic error
errors (10pts) output (6-7pts) and display
appropriate
output (5pts)
The program was The program was The program was The program
delivered on time delivered after 5 delivered after 10 was delivered
(10pts) minutes from the minutes from the after 15 (or
Delivery (10pts)
time required. (8- time required. (6- more) minutes
9pts) 7pts) from the time
required. (5pts)
Use of Comments Specific purpose is Specific purpose is Purpose is noted for No comments
(10pts) noted for each noted for each each function. (6- included. (5pts)
function, control function and 7pts)
structure, input control structure.
requirements, and (8-9pts)
output results.
(10pts)

f. LABORATORY ACTIVITY
INSTRUCTIONS

Background / Scenario
There are several encryption algorithms that can be used to encrypt and decrypt messages. Virtual Private Networks
(VPNs) are commonly used to automate the encryption and decryption process.
In this lab, you and a lab partner will use an online tool to encrypt and decrypt messages.
Required Resources
PC with Internet access

Step 1: Search for an online encoding and decoding tool.

There are many different types of encryption algorithms used in modern networks. One of the most secure is the
Advanced Encryption Standard (AES) symmetric encryption algorithm. We will be using this algorithm in our
demonstration.
a. In a Web browser, search for “encrypt decrypt AES online”. Several different tools will be listed in the search
results.
b. Explore the different links provided and choose a tool. In our example, we used the tool available from:

http://aesencryption.net/
Step 2: Encrypt a message and email it to your lab partner.
In this step, each lab partner will encrypt a message and send the encrypted text to the other lab partner.
Note: Unencrypted messages are referred to as plaintext, while encrypted messages are referred to as ciphertext.
a. Enter a plaintext message of your choice in the text box. The message can be very short or it can be lengthy. Be
sure that your lab partner does not see the plaintext message.

A secret key (i.e., password) is usually required to encrypt a message. The secret key is used along with the
encryption algorithm to encrypt the message. Only someone with knowledge of the secret key would be able to
decrypt the message.

Enter a secret key. Some tools may ask you to confirm the password. In our example, we used the cyberops secret
key.

Next click on Encrypt.

In the “Result of encryption in base64” window, random text is displayed. This is then encrypted message.
d. Copy or Download the resulting message.
e. Email the encrypted message to your lab partner.
Step 3: Decrypt the ciphertext.
AES is a symmetric encryption algorithm This means that the two parties exchanging encrypted messages must
share the secret key in advance.
a. Open the email from your lab partner.
b. Copy the ciphertext and paste it in the text box.
c. Enter the pre-shared secret key.
Click on Decrypt and the original cleartext message should be displayed

What happens if you use a wrong secret key?

It won’t decode the encrypted message or will show a warning, saying that using a bad key
will cause issues to arise when used during decryption.