Professional Documents
Culture Documents
Computer and Network Security
Computer and Network Security
Computer And
Network
Security
Lab Manual
Practical 1
1. Arp
ARP stands for Address Resolution Protocol. Arp displays and modifies entries in the
Address Resolution Protocol (ARP) cache, which contains one or more tables that are used
to store IP addresses and their resolved Ethernet or Token Ring physical addresses.
2. Hostname
The hostname command is used to show or set a computer's host name and domain name.
3. Ipconfig
Ipconfig is designed to be run from the Windows command prompt. This utility allows you
to get the IP address information of a Windows computer. It also allows some control over
active TCP/IP connections.
4. Ping
The ping command is a command prompt command used to test the ability of the source
computer to reach a specified destination computer.
5. Nslookup
Nslookup is a command line tool included with most operating systems that allows a user to
look up a network name server, as well as return IP addresses and domain names for a
network server.
6. Tracert
The tracert command is used to visually see a network packet being sent and received and
the amount of hops required for that packet to get to its destination.
7. Netstat
The netstat command is used to display the TCP/IP network protocol statistics and
information.
Practical 2
4. Now type any strong password so that any extruder could not start your system
without your permission.
And if you want to provide any hint you can provide here.
4. Provide name and select type of that user account as Standard user and click on Create
account.
5. Now set password for that account. For this click on create a password.
6. Now just type the password for that account and click on create password.
7. Now login from that standard user and you can see that whenever you want to set
anything from control panel or any software installation, there is a pop-up box appearing
which says “Do you want to allow the following program to make changes to this
computer?” “To continue, type an administrator password.”
Practical 3
1. Open Google Chrome. Go to the Setting area, which can be accessed from the top right corner
of the browser.
2. If you are logged into Chrome, there is an option as Sync, click on it.
3. Under encryption section, you can find “Encrypt synced data with your own passphrase”. It
works as double password.
4. Now go to the bottom of the setting page, you find “Show advanced settings”, click on it.
5. In the privacy section, you will see an option as “send a “Do not track” request with your
browsing traffic”. Now turn on this setting.
6. Now you can see a pop-up box of “Do not track”. Here click on confirm.
11. In the “cookies section” select “keep local data only until you quit your browser”. Also check
the “block third party cookies and site data” option.
13. In the Plugin section, turn on“Ask when a site wants to use a plugin to access your computer”.
14. In the Downloads section, turn on “Ask where to save each file before downloading” option.
Practical 4
A backdoor in a system is a method of bypassing normal authentication and gain access. The
backdoor access method is sometimes written by the programmer who develops the program. It
is found in multi network scenario. A network administrator may intentionally create or install a
backdoor program for troubleshooting or other official use. Hackers use backdoors to install
malicious software files or programs, modify code or detect files and gain system access .
Practical 5
Sniffing is the process of monitoring and capturing all the packets passing through a given
network using sniffing tools. It is a form of “tapping phone wires” and get to know about the
conversation. It is also called wiretapping applied to the computer networks.
There is so much possibility that if a set of enterprise switch ports is open, then one of their
employees can sniff the whole traffic of the network. Anyone in the same physical location can
plug into the network using Ethernet cable or connect wirelessly to that network and sniff the
total traffic.
In other words, Sniffing allows you to see all sorts of traffic, both protected and unprotected. In
the right conditions and with the right protocols in place, an attacking party may be able to
gather information that can be used for further attacks or to cause other issues for the network or
system owner.
IP address spoofing or IP spoofing is the creation of Internet Protocol (IP) packets with a false
source IP address, for the purpose of hiding the identity of the sender or impersonating another
computing system.[1] One technique which a sender may use to maintain anonymity is to use a
proxy server.
A replay attack (also known as playback attack) is a form of network attack in which a valid data
transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the
originator or by an adversary who intercepts the data and re-transmits it, possibly as part of
a masquerade attack by IP packet substitution. This is one of the lower tier versions of a "Man in
the middle attack."
Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity,
which Alice dutifully provides (possibly after some transformation like a hash function);
meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the hash). After
the interchange is over, Eve (posing as Alice) connects to Bob; when asked for a proof of identity,
Eve sends Alice's password (or hash) read from the last session which Bob accepts, thus granting
Eve access.
Practical 6
How to Encrypt:
For every letter in the message M :
1. Convert the letter into the number that matches its order in the alphabet starting from 0, and call
this number X. ( A=0, B=1, C=2, ...,Y=24, Z=25)
3. Convert the number Y into a letter that matches its order in the alphabet starting from 0.
How to decrypt:
For every letter in the cipher text C :
1. Convert the letter into the number that matches its order in the alphabet starting from 0, and call
this number Y. (A=0, B=1, C=2, ..., Y=24, Z=25)
2. Calculate: X= (Y - 3) mod 26
3. Convert the number X into a letter that matches its order in the alphabet starting from 0. (A=0,
B=1, C=2, ..., Y=24, Z=25).
Practical 7
#include<stdio.h>
#include<conio.h>
void main()
clrscr();
int i;
char pt[30],et[30];
gets(pt);
for(i=0;pt[i]!=NULL;i++)
et[i]=' ';
else
if(pt[i]>='a'&& pt[i]<='z')
et[i]=pt[i]+3;
if (et[i]>'z')
et[i]=et[i]-26;
else
et[i]=pt[i]+3;
K.D POLYTECHNIC COMPUTER DEPARTMENT
Computer And Network Security [3350704] Computer Engineering[Semester – 5]
if(et[i]>'Z')
et[i]=et[i]-26;
et[i]=NULL;
getch();
OUTPUT
Practical 8
#include<string.h>
void main()
clrscr();
char ip[20],c[20]={0},p[10]={0};
int i,l,m;
scanf("%s",ip);
l=strlen(ip);
for(i=0;i<li++)
if(ip[i]<=90)
c[i]= (ip[i]+23);
else
c[i]= (ip[i]-'A'-3)%26+'A';
else
{
K.D POLYTECHNIC COMPUTER DEPARTMENT
Computer And Network Security [3350704] Computer Engineering[Semester – 5]
c[i]= (ip[i]+23);
else
c[i]= (ip[i]-'a'-3)%26+'a';
getch();
OUTPUT:-
OMS
LJP
Another Program
#include<stdio.h>
#include<conio.h>
void main()
clrscr();
int i;
char pt[30],et[30];
gets(et);
for(i=0;et[i]!=NULL;i++)
pt[i]=' ';
else
if(et[i]>='a'&& et[i]<='z')
pt[i]=et[i]-3;
if (pt[i]<'a')
pt[i]=pt[i]+26;
else
{
K.D POLYTECHNIC COMPUTER DEPARTMENT
Computer And Network Security [3350704] Computer Engineering[Semester – 5]
pt[i]=et[i]-3;
if(pt[i]<'A')
pt[i]=pt[i]+26;
pt[i]=NULL;
getch();
OUTPUT
Practical 9
How to Encrypt:
For every letter in the message M :
1. Convert the letter into the number that matches its order in the alphabet starting from 0, and call
this number X. ( A=0, B=1, C=2, ...,Y=24, Z=25)
2. Calculate: Y = (X + K) mod 26
3. Convert the number Y into a letter that matches its order in the alphabet starting from 0.
For Example: We agree with our friend to use the Shift Cipher with key K=19 for our message. We
encrypt the message "KHAN", as follows:
So, after applying the Shift Cipher with key K=19 our message text "KHAN" gave us cipher text
"DATG".
How to decrypt:
For every letter in the cipher text C :
1. Convert the letter into the number that matches its order in the alphabet starting from 0, and call
this number Y. (A=0, B=1, C=2, ..., Y=24, Z=25)
2. Calculate: X= (Y - K) mod 26
3. Convert the number X into a letter that matches its order in the alphabet starting from 0. (A=0,
B=1, C=2, ..., Y=24, Z=25)
Our friend now decodes the message using our agreed upon key K=19. As follows:
So, after decrypting the Shift Cipher with key K=19 our friend deciphers the cipher text "DATG"
into the message text "KHAN".
Practical 10
1. Treat every letter in the plain-text message as a number, so that A=0, B=1,…, Z=25.
2. The plain-text message is organized as a matrix of number, based on the above conversion.
For example, if our plain-text is CAT. Based on the above step, we know that C=2, A=0 and
T=19. Therefore, our plain-text matrix would look as follows:
2
[0]
19
3. Now, our plain-text matrix is multiplied by a matrix of randomly chosen keys. The key
consists of size n*n where n is the number of rows in our plain-text matrix. For example, we
take the following key matrix:
6 24 1
[13 16 10]
20 17 15
4. Now, multiply the two matrices, as shown below:
2 6 24 1 31
[0] * [13 16 10 ] = [216]
19 20 17 15 325
5. Now, compute a mod 26 value of above matrix. That is, take the remainder after dividing the
above matrix values by 26. That is
31 5
[216] mod 26 = [ 8 ]
325 13
6. (This is because: 31/26 = 1 with a remainder of 5: which goes in the above matrix, and so
on).
7. Now, translating the numbers to alphabets 5=F, 8=I, and 13=N. Therefore, our cipher text is
FIN.
8. For decryption, take the cipher-text matrix and multiply it by the inverse of our original key
matrix (explained later). The inverse of our original key matrix is
8 5 10
[21 8 21]
21 12 8
9. For decryption, take the cipher-text matrix and multiply it by the inverse of our original key
matrix (explained later). The inverse of our original key matrix is
8 5 10 5 210
[21 8 21] * [ 8 ] = [442]
21 12 8 13 305
11. Thus, our plain-text matrix contains 2, 0, 19; which corresponds to 2=C, 0=A, and 19=T.
This gives is the original plaintext back successfully.
Practical 11
1) Enter the keyword in the matrix row-wise left to right and top to bottom
2) Drop duplicate letters
3) Fill remaining space in matrix with the rest of English alphabet (A-Z) that were not a part of our
keyword, combine i and j in same cell of table.
Encryption process
1) If both alphabets are same (or only one is left), add an x after the first alphabet. Encrypt that
new pair and continue.
2) If both alphabets in pair appear in same row of our matrix, replace them with alphabet to their
immediate right respectively
3) If both the alphabets in the pair appears in same column of matrix, replace them with alphabets
immediately below them respectively.
4) If two letters in the pair are in different row and column then make a rectangle including this
two letters and write the cipher text letter which is at the end corner of the letter in the plaintext.
Decryption process
1) If both alphabets in pair appear in same row of our matrix, replace them with alphabet to their
immediate left respectively.
2) If both the alphabets in the pair appears in same column of matrix, replace them with alphabets
immediately above them respectively.
3) If two letters in the pair are in different row and column then make a rectangle including this
two letters and write the cipher text letter as a letter which is at the end corner of the letter in the
plaintext respectively.
Practical 12
Encryption
1. Treat each plain text alphabet as a number in an increasing sequence i.e. A=0,B=1,….,Z=25.
2. Take plaintext and write down the number equivalent to each plaintext letter.
3. Take key and write down the number equivalent to each key letter.
4. Now add each letter in plaintext and key.
5. Write the alphabet associated with the number which is the result of the addition, this is the
cipher text
6. If the result of the addition is greater than 25 then subtract 26 from it, and write the alphabet
associated with that number, this is the cipher text.
Decryption
1. Write the number associated with each letter in the cipher text.
4. Write the alphabet associated with the number which is the result of the subtraction, this is the
plain text.
5. If the result of the subtraction is negative number then add 26 to that number and write down the
alphabet associated with result number, this is the cipher text.
Practical 13
Example:
Key :deceptivewearediscoveredsav
Ciphertext :zicvtwqngkzeiigasxstslvvwla
Practical 14
A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures
needed to create, manage, distribute, use, store, and revoke digital certificates.
In cryptography, a PKI is an arrangement that binds public keys with respective user identities
by means of a certificate authority (CA). The user identity must be unique within each CA
domain. The third-party validation authority (VA) can provide this information on behalf of CA.
The binding is established through the registration and issuance process, which, depending on
the assurance level of the binding, may be carried out by software at a CA or under human
supervision. The PKI role that assures this binding is called the registration authority (RA),
which ensures that the public key is bound to the individual to which it is assigned in a way that
ensures non-repudiation.
Practical 15
In Public Key Infrastructure (PKI) keys are used for authentication and encryption.
1. Centralized 2. Decentralized
3. When individual computers may not have the necessary processing power to produce the keys in
an acceptable fashion.
In centralized infrastructure very high-end server with powerful processing abilities is used along
with a hardware-based random number generator.
2. Implementation of key recovery procedures is easier with central storage than with a
decentralized approach.
1. In centralized infrastructure the keys will be generated on a server, this keys need to be securely
transmitted to the individual clients that require them. This is difficult to accomplish.
2. A technology needs to be employed that will send the keys in an encrypted manner, ensure the
keys’ integrity, and make sure that only the intended user is receiving the key.
4. Since all the keys are in one place, the server is a prime target for an attacker, if the central key
server is compromised, the whole environment is compromised.
Practical 16
Types of XSS
1. Reflected XSS
2. Stored XSS
3. DOM-based XSS
1. Reflected XSS
Reflected cross-site scripting (or XSS) arises when an application receives data in an
HTTP request and includes that data within the immediate response in an unsafe way.
Suppose a website has a search function which receives the user-supplied search term
in a URL parameter:
https://insecure-website.com/search?term=gift
The application echoes the supplied search term in the response to this URL:
<p>You searched for: gift</p>
Assuming the application doesn't perform any other processing of the data, an attacker
can construct an attack like this:
https://insecure-website.com/search?term=<script>/*+Bad+stuff+here...+*/</script>
This URL results in the following response:
<p>You searched for: <script>/* Bad stuff here... */</script></p>
If another user of the application requests the attacker's URL, then the script supplied
by the attacker will execute in the victim user's browser, in the context of their session
with the application.
2. Stored XSS
Stored XSS (also known as persistent or second-order XSS) arises when an
application receives data from an untrusted source and includes that data within its
later HTTP responses in an unsafe way.
The data in question might be submitted to the application via HTTP requests; for
example, comments on a blog post, user nicknames in a chat room, or contact details
on a customer order. In other cases, the data might arrive from other untrusted
sources; for example, a webmail application displaying messages received over
SMTP, a marketing application displaying social media posts, or a network
monitoring application displaying packet data from network traffic.
The application doesn't perform any other processing of the data, so an attacker can
easily send a message that attacks other users:
3. DOM-based XSS
DOM-based XSS (also known as DOM XSS) arises when an application contains
some client-side JavaScript that processes data from an untrusted source in an unsafe
way, usually by writing the data back to the DOM.
In the following example, an application uses some JavaScript to read the value from
an input field and write that value to an element within the HTML:
If the attacker can control the value of the input field, they can easily construct a
malicious value that causes their own script to execute:
You searched for: <img src=1 onerror='/* Bad stuff here... */'>
In a typical case, the input field would be populated from part of the HTTP request,
such as a URL query string parameter, allowing the attacker to deliver an attack using
a malicious URL, in the same manner as reflected XSS.
Practical 17
Extranet
An extranet is an extension of a selected portion of a company's intranet to external partners. This
allows a business to share information with customers, suppliers, partners, and other trusted
groups while using a common set of Internet protocols to facilitate operations. Extranets can use
public networks to extend their reach beyond a company's own internal network, and some form
of security, typically VPN, is used to secure this channel. The use of the term extranet implies
both privacy and security. Privacy is required for many communications, and security is needed
to prevent unauthorized use and events from occurring. Both of these functions can be achieved
through the use of technologies. Proper firewall management, remote access, encryption,
authentication, and secure tunnels across public networks are all methods used to ensure privacy
and security for extranets.
VLANs
A local area network (LAN) is a set of devices with similar functionality and similar
communication needs, typically co-located and operated off a single switch. This is the lowest
level of a network hierarchy and defines the domain for certain protocols at the data link layer for
communication. Virtual LANs use a single switch and divide it into multiple broadcast domains
and/or multiple network segments, known as trunking. This very powerful technique allows
significant network flexibility, scalability, and performance.
Trunking
Trunking is the process of spanning a single VLAN across multiple switches. A trunk-based
connection between switches allows packets from a single VLAN to travel between switches.
VLAN 10 is implemented with one trunk and VLAN 20 is implemented by the other. Hosts on
different VLANs cannot communicate using trunks and are switched across the switch network.
Trunks enable network administrators to set up VLANs across multiple switches with minimal
effort. With a combination of trunks and VLANs, network administrators can subnet a network
by user functionality without regard to host location on the network or the need to recable
machines.
Practical 18
Introduction
Wireshark is a network packet analyzer. A network packet analyzer will try to capture network
packets and tries to display that packet data as detailed as possible.
You could think of a network packet analyzer as a measuring device used to examine what’s
going on inside a network cable, just like a voltmeter is used by an electrician to examine what’s
going on inside an electric cable (but at a higher level, of course).
In the past, such tools were either very expensive, proprietary, or both. However, with the
advent of Wireshark, all that has changed.
Wireshark is perhaps one of the best open source packet analyzers available today.
Purpose
Beside these examples Wireshark can be helpful in many other situations too.
Capturing Packets
After downloading and installing Wireshark, you can launch it and click the name of an interface
under Interface List to start capturing packets on that interface. For example, if you want to
capture traffic on the wireless network, click your wireless interface. You can configure
advanced features by clicking Capture Options, but this isn’t necessary for now.
As soon as you click the interface’s name, you’ll see the packets start to appear in real time.
Wireshark captures each packet sent to or from your system. If you’re capturing on a wireless
interface and have promiscuous mode enabled in your capture options, you’ll also see other the
other packets on the network.
Click the stop capture button near the top left corner of the window when you want to stop
capturing traffic.
Color Coding
You’ll probably see packets highlighted in green, blue, and black. Wireshark uses colors to help
you identify the types of traffic at a glance. By default, green is TCP traffic, dark blue is DNS
traffic, light blue is UDP traffic, and black identifies TCP packets with problems — for example,
they could have been delivered out-of-order.
Filtering Packets
The most basic way to apply a filter is by typing it into the filter box at the top of the window
and clicking Apply (or pressing Enter). For example, type “dns” and you’ll
see only DNS packets. When you start typing, Wireshark will help you autocomplete your filter.
You’ll see the full conversation between the client and the server.
Wireshark is an extremely powerful tool, and this tutorial is just scratching the surface of what
you can do with it. Professionals use it to debug network protocol implementations, examine
security problems and inspect network protocol internals.
Practical 19
2. Never click on any link provided on the suspected mail. This will lead to provide your private
information to that site or to the sender.
5. Creating filters
I. On any mail you want to create filter, just select it. Then click on More and select
filter messages like these.
III. Select any action you want to perform for them. And then click on create filter option.
Practical 20
Advantages of HIDS
1. They can be very operating system specific and have more detailed signatures.
2. They can reduce false positive rates.
3. They can examine data after it has been decrypted.
4. They can be very application specific.
5. They can determine whether or not an alarm may impact that specific system.
Disadvantages of HIDS
1. The IDS must have a process on every system you want to watch.
2. The IDS can have a high cost of ownership and maintenance.
3. The IDS uses local system resources.
4. The IDS has a very focused view and cannot relate to activity around it.
5. The IDS, if logged locally, could be compromised or disabled.
Practical 21
Network-based IDS is a system for examining network traffic to identify suspicious, malicious,
or undesirable behavior.
NIDS has visibility only into the traffic crossing the network link it is monitoring and
typically has no idea of what is happening on individual systems.
Advantages of NIDS
Disadvantages of NIDS
Practical 22
Demonstration of SQL-Injection.
❖ SQL Injection
Practical 23
Demonstration of readymade
encryption/decryption code
code
.
#include <stdio.h>
#include <string.h>
#include <conio.h>
/*Encryption Code*/
void encrypt(char password[],int key)
{
int i;
for(i=0;i<strlen(password);++i)
{
password[i] = password[i] - key;
}
}
/*Decryption Code*/
void decrypt(char password[],int key)
{
int i;
for(i=0;i<strlen(password);++i)
{
password[i] = password[i] + key;
}
}
Output