Hardware : N/A

NAME OF LABORATORY: VSB LAB 1

LAB SUBJECT CODE: IT-801

NAME OF DEPARTMENT: CSE/IT

EXPERIMENT NO. 1

NETWORK SECURITY FUNDAMENTALS

Date of conduction:- Batch B1 24-01-14 and Batch B2 27-01-14

Date of submission:- Batch B1 31-01-14 and Batch B2 03-02-14

Submitted by other members:- All the Students.

Group no:- Not Applicable

Signature

Name of faculty incharge: Ms. Swati Agarwal

Name of Technical Assistant: Mr. Vivek Kamthan

Page 1 of 60





NETWORK SECURITY FUNDAMENTALS

Objective: - To

Study Network Security fundamentals –



Ethical Hacking



Social Engineering practices.

Appratus:-

Hardware : N/A

Software : N/A

Theory: -

Ethical Hacking Ethical hacking and a ethical hacker are terms that describe hacking performed to help a company or individual identify potential threats on the computer or network. An ethical hacker attempts to hack their way past the system security, finding any weak points in the security that could be exploited by other hackers. The organization uses what the ethical hacker finds to improve the system security, in an effort to minimize, if not eliminate any potential hacker attacks.

In order for hacking to be deemed ethical, the hacker must obey the below rules.

1.

You have permission to probe the network and attempt to identify potential security risks.

It's recommended that if you are the person performing the tests that you get written consent.

2.

You respect the individual's or company's privacy and only go looking for security issues.

3.

You report all security vulnerabilities you detect to the company, not leaving anything open for you or someone else to come in at a later time.

4.

You let the software developer or hardware manufacturer know of any security vulnerabilities you locate in their software or hardware if not already known by the company.

The term "ethical hacker" has received criticism at times from people who say that there is no such thing as an "ethical" hacker. Hacking is hacking, no matter how you look at it and those who do the hacking are commonly referred to as computer criminals. However, the work that ethical hackers do for organizations has helped improve system security and can be said to be quite successful.

Individuals interested in becoming an ethical hacker can work towards a certification to become a

Certified Ethical Hacker. This certification is provided by the International Council of E-Commerce

Consultants (EC-Council).

Page 2 of 60




Social Engineering practices: The practice of deceiving someone, either in person, over the phone, or using a computer, with the express intent of breaching some level of security either personal or professional. Social engineering techniques are considered con games which are performed by con artists. The targets of social engineering may never realize they have been victimized.

Also Known As: Con Games

Examples:

Using social engineering techniques, the hacker managed to get the network administrator to provide him the username and password needed to gain access to the company's server.

SOCIAL ENGINEERING TACTICS AND TOOLS – USING DECEPTION TO

BREAK IN

Social engineering attacks are based on one thing – information. Without information about your customers, social engineers aren’t able to use the elicitation and pretesting tactics that are described below.

This information is relatively simple to obtain. A good social engineer can spend a few hours researching a target online and have enough information to make even the most seasoned contact center agent believe the social engineer is someone they are not. The increasing amount of personal information that’s available using search engines, who is databases, social media (Facebook,

LinkedIn, MySpace, Twitter, etc.), blogs, wikis, and photo sharing sites makes it very simple for them to find or determine:

Even social security numbers are available from some paid research services.

Once the social engineer has relevant information, they use it in these highly effective human hacking tactics:

• Elicitation

• Pretexting

Procedure:

-

N/A

Observation Table:- N/A

Calculation

:-

N/A

Results:

-

N/A

Conclusion:- N/A

Page 3 of 60




Precautions:- N/A

Suggestions:- N/A

Lab Quiz :-

1.

Gaining unauthorized access to a computer system would fall under which category of computer crime?

2.

Destruction of data and software.

3.

Hacking.

4.

Theft.

5.

Theft of services.

6.

Data theft.

2. Which legislation covers the act of selling or disclosing personal data?

 1.

Copyright, Designs & Patents Act (1988).

 2.

Data Protection Act (1984).

 3.

Criminal Damage Act (1971).

 4.

Computer Misuse Act (1990).

 5.

None of the above.

3. Intercepting personal communications, such as telephone calls, is known as

1.

Hacking.

2.

Copyright theft.

3.

Computer monitoring.

4.

Reverse engineering.

5.

electronic eavesdropping

4. A close friend is curious about your job at work. He convinces you to invite him over to see the operation and test out your high-speed Internet connection. Next week, your boss tells you that your computer has a virus. Which of the following methods is the root cause for the virus in this situation?

1.

DDOS

Page 4 of 60




1.

DDOS

2.

DOS

3.

Social Engineering

4.

IP Spoofing

5. What is the security term that describes the following condition? A worker has been tricked into providing confidential or restricted data about the network or organization.

1.

Social Engineering

2.

Social Pioneering

3.

Sabotage

4.

Espionage

6. Which of the following statements are true about Birthday Attacks?

1.

1.

2.

2.

3.

3.

4.

4.

7. Which group of individuals might be described as those who seek to obtain data by any means necessary, whether legal or illegal

1.

Crackers.

2.

Hackers.

3.

Information warriors.

4.

Software pirates.

Page 5 of 60




5.

Computer criminals.

8. Which element of the Intellectual property law provides the creator of a work exclusive right for 17 Years?

1. Patent

2.

Copyright

3. Trade secret

4. Trademark

9. A hacker that changes or forges information in an electronic resource is engaging 1. 1. 1.

Denial of service

2. Sniffing

3. Terrorism

4. Data diddling

10. A hacker contacts you my phone or email and attempts to acquire your password.

1 . Spoofing

2. Phishing

3. Spamming

4. Bugging

Further reading resources:

Book: Lab experiment related theory available in following books:

Book Name Author Page No.

1.

Cryptography and Network Security”, TMH Atual Kahate

2.

Cryptography and Network Security”, Person William Stalling

Page 6 of 60





System threat attacks - Denial of Services.





Signature



Page 7 of 60





System threat attacks - Denial of Services.

Objective: -

The goal of a denial of service attack is to deny legitimate users access to a particular resource.

Appratus:-

Hardware : N/A

Software : N/A

Theory: -

The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident is considered an attack if a malicious user intentionally disrupts service to a computer or network resource. Denial of service (DoS) attacks has become a major threat to current computer networks. To have a better understanding on DoS attacks, In particular, we network based and host based DoS attack techniques to illustrate attack principles. DoS attacks are classified according to their major attack characteristics. Current counterattack technologies are also reviewed, including major defense products in deployment and representative defense approaches in research. Finally,

DoS attacks and defenses in 802.11 based wireless networks are explored at physical, MAC and network layers.

OVERVIEW OF DOS ATTACKS IN THE INTERNET

In this section, we overview the common DDoS attack techniques and discuss why attacks succeed fundamentally.

Attack Techniques

Many attack techniques can be used for DoS purpose as long as they can disable service, or downgrade service performance by exhausting resources for providing services. Although it is

Impossible to enumerate all existing attack techniques, we describe several representatives network based and host based attacks in this section to illustrate attack principles. Readers can also find complementary information on DoS attacks in Handley et al. 2006 and Mirkovic et al.

2005.

Network Based Attacks

Page 8 of 60




TCP SYN Flooding . DoS attacks often exploit stateful network protocols (Jian 2000, Shannon et al. 2002), because these protocols consume resources to maintain states. TCP SYN flooding is one of such attacks and had a wide impact on many systems. When a client attempts to establish a TCP connection to a server, the client first sends a SYN message to the server. The server then acknowledges by sending a SYN-ACK message to the client. The client completes the establishment by responding with an ACK message. The connection between the client and the server is then opened, and the service-specific data can be exchanged between them. The abuse arises at the half-open state when the server is waiting for the client’s ACK message after sending the SYN-ACK message to the client (CERT 1996). The server needs to allocate memory for storing the information of the half-open connection. The memory will not be released until either the server receives the final ACK message or the half-open connection expires. Attacking hosts can easily create half-open connections via spoofing source IPs in SYN messages or ignoring SYN-ACKs. The consequence is that the final ACK message will never be sent to the victim. Because the victim normally only allocates a limited size of space in its process table, too many half-open connections will soon fill the space. Even though the half-open connections will eventually expire due to the timeout, zombies can aggressively send spoofed TCP SYN packets requesting connections at a much higher rate than the expiration rate. Finally, the victim will be unable to accept any new incoming connection and thus cannot provide services.

ICMP Smurf Flooding.

ICMP is often used to determine if a computer in the Internet is responding. To achieve this task, an ICMP echo request packet is sent to a computer. If the computer receives the request packet, it will return an ICMP echo reply packet. In a smurf attack, attacking hosts forge ICMP echo requests having the victim's address as the source address and the broadcast address of these remote networks as the destination address (CERT 1998). As depicted in Figure 1, if the firewall or router of the remote network does not filter the special

6/28 crafted packets, they will be delivered (broadcast) to all computers on that network. These computers will then send ICMP echo reply packets back to the source (i.e., the victim) carried in the request packets. The victim’s network is thus congested.

UDP Flooding.

By patching or redesigning the implementation of TCP and ICMP protocols, current networks and systems have incorporated new security features to prevent TCP and ICMP attacks. Nevertheless, attackers may simply send a large amount of UDP packets towards a victim. Since an intermediate network can deliver higher traffic volume than the victim network can handle, the flooding traffic can exhaust the victim's connection resources. Pure flooding can be done with any type of packets. Attackers can also choose to flood service requests so that the victim cannot handle all requests with its constrained resources (i.e., service memory or CPU cycles). Note that UDP flooding is similar to flash crowds that occur when a large number of users try to access the same server simultaneously. However, the intent and the triggering mechanisms for DDoS attacks and flash crowds are different.

Page 9 of 60




Intermittent Flooding . Attackers can further tune their flooding actions to reduce the average flooding rate to a very low level while achieving equivalent attack impacts on legitimate TCP connections. In shrew attacks (Kuzmanovic et al. 2003), attacking hosts can flood packets in a burst to congest and disrupt existing TCP connections. Since all disrupted TCP connections will wait a specific period (called retransmission-time-out (RTO)) to retransmit lost packets, attacking hosts can flood packets at the next RTO to disrupt retransmission. Thereby, attacking hosts can synchronize their flooding at the following RTOs and disable legitimate TCP connections as depicted in Figure 2. Such collaboration among attacking hosts not only reduces overall flooding traffic, but also helps avoid detection. Similar attack techniques targeting services with congestion control mechanisms for Quality of Service (QoS) have been discovered by Guirguis et al. (2005). When a QoS enabled server receives a burst of service requests, it will temporarily throttle incoming requests for a period until previous requests have been processed.

Thus, attackers can flood requests at a pace to keep the server throttling the incoming requests and achieve the DoS effect. Guirguis’s study showed that a burst of 800 requests can bring down a web server for 200 seconds, and thereby the average flooding rate could be as low as 4 requests per second.

Procedure:

-

N/A


Calculation

:-

N/A

Results:

-

N/A

Page 10 of 60




Lab Quiz :-

1.

What is one of the most common and simplest attacks on a system?

A.

Denial of service

B.

Buffer overflow

C.

Session hacking

D.

Password cracking

2.

Which of the following is not a valid way to define a computer’s workload?

A.

Number of simultaneous users

B.

Storage capacity

C.

Maximum voltage

D.

Speed of network connection

3.

What do you call a DoS launched from several machines simultaneously?

A.

Wide-area attack

B.

Smurf attack

C.

SYN flood

D.

DDoS attack

4.

Leaving a connection half open is referred to as what?

A.

Smurf attack

B.

Partial attack

C.

SYN flood attack

D.

DDoS attack

Page 11 of 60




5.

What is the basic mechanism behind a DoS attack?

A.

Computers don’t handle TCP packets well.

B.

Computers can only handle a finite load.

6

.

A network of computers used in a denial-of-service (DoS) attack is called a (an):

A.

Worm.

B.

Botnet.

C.

Rootkit.

D.

Splog

7. Which of the following are types of DoS attacks? (Choose three)

A.

Smurf attack

B.

Packet sniffer

C.

DDoS

D.

TCP SYN attack

8. What are the three common classes of attack?

A. Access attack

B. DoS attack

C. Smurf attack

D. Reconnaissance attack

9) Suppose you leave your PC connected to internet all the time. Some one has

Decided to use your PC’s processor cycles for some of his work which is

Computationally intensive. If we regard this as a breach of security which way would you classify it:

A . Disclosure of information

B . Compromising integrity of the PC

C.

Denial of service attack

Page 12 of 60




10.

A hacker that changes or forges information in an electronic resource is engaging in

__________.

1. Denial of service

2. Sniffing

3. Terrorism

4. Data diddling




1.Cryptography and Network Security, TMH Atual Kahate

2.Cryptography and Network Security, Person William Stalling

Page 13 of 60





Sniffing and Spoofing.





Signature



Page 14 of 60





Sniffing and Spoofing.

Objective: -

Packet sniffing and spoofing are the two important concepts in network security; they are two major threats in network communication. Being able to understand these two threats is essential for understanding security measures in networking

Appratus:-

Hardware : N/A

Software : N/A

Theory: -

There are many packet sniffing and spoofing tools, such as Wireshark, Tcpdump, Netwox, etc.

Some of these tools are widely used by security experts, as well as by attackers.Being able to use these tools is important for students, but what is more important for students in a network security course is to understand how these tools work, i.e., how packet sniffing and spoofing are implemented in software. The objective of this lab is for students to master the technologies underlying most of the sniffing and spoofing tools. Students will play with some simple sniffer and spoofing programs, read their source code, modify them, and eventually gain an in-depth understanding on the technical aspects of these programs.

Spoofing is an active attack by one machine on another. A dishonest person with less-thanhonorable motives represents himself as being someone else or coming from somewhere else. The spoofer appears to be familiar. It’s a way of gaining access that is otherwise denied to the individual. Perhaps the person intends to cause problems or perhaps the individual just wants to have a look around where he’s not supposed to be.

Sniffing refers to the use of software or hardware to watch data as it travels over the Internet. There are some legitimate uses for the process. It is then called network analysis and helps network administrators diagnose problems. In the hands of the wrong person, however, a sniffing program can collect passwords and read email. Sniffing is considered a passive security attack, according to

TechiWarehouse.

Page 15 of 60




What problems can result?

Sniffing means a loss of privacy for those on a network. Along with the loss of privacy goes a loss of trust, which is necessary in many situations.

 Sniffing can compromise the privacy of passwords. An Ethernet sniffer can easily detect passwords.

 Sniffing can allow unauthorized persons access to financial information, including account numbers for banking and credit cards.

 Sniffing private and confidential information contained in email is very common. Having an email viewed by someone other than the intended recipient can cause problems ranging from embarrassment to a breach of national security.

 Sniffing can yield low-level protocol information. Anyone who is interested in attacking a network will then have the needed information.

Prevention

New data suggests that there is no way to detect when your computer has been sniffed. They also advise that while people can take measures to make sniffing difficult, it may be almost impossible to totally prevent being sniffed.

Encryption helps. Replacing the hub with a switch may also add protection. Taking care when using public Wi-Fi may also help reduce exposure.

Consumer Fraud Reporting adds that you can help protect against spoofing by following these suggestions:







Don’t click on an email link that requests personal information, even if it looks like a legitimate site.

Be suspicious of anyone asking for personal information.

Don’t send personal information or financial information through a Web site.

If you’ve been caught in a moment of carelessness and provided information you should not have, such as passwords or personal identification, notify the companies you do business with right away to put a fraud alert on your account. Also contact Consumer Fraud Reporting, a free service that helps protect consumers against fraud.

Page 16 of 60




Procedure:

-

N/A


Calculation

:-

N/A

Results:

-

N/A

Lab Quiz :-

1. Hackers often gain entry to a network be pretending to be at a legitimate computer.

A) Spoofing

B) Forging

C) IP spoofing

D) ID theft

2. A hacker contacts you my phone or email and attempts to acquire your password.

A) Spoofing

B) Phishing

C) Spamming

D) Bugging

3. A hacker that changes or forges information in an electronic resource, is engaging in

__________.

A) denial of service

B) sniffing

C) terrorism

D) data diddling

Page 17 of 60




4. What floods a Web site with so many requests for service that it slows down or crashes the site?

A) Denial-of-service attack

B) Spoofing

C) Sniffer

D) None of the above

5.

Software that sits on the Internet analyzing Web traffic is referred to as a :

A. worm.

B. cracker.

C. cookie.

D. sniffer

6.

Tricking people into revealing their password by pretending to be legitimate users or members of a company in need of information is called:

A. snooping.

B. social engineering.

C. spoofing.

D. spamming

7. Which of the following computer attack methods does not require a hardware or software tool?

(a) Spoofing

(b) Social engineering

(c) Port scanning

(d) Packet sniffing

8. Which of the following computer attacks is spoofing?

Page 18 of 60




(a) Using one computer to impersonate another

(b) Monitoring a network to intercept data

(c) Using a program to decrypt passwords

(d) Accessing an unprotected port on a computer

9. Attacking a computer by sending it an excessive number of email messages is known as

(a) spamming

(b) spoofing

(c) Smurfing

(d) pinging

10. What does a packet sniffer do?

(a) Causes one computer to impersonate another

(b) Captures data packets that are transmitted through a network

(c) Converts encrypted passwords to plain text

(d) Renders a computer network unusable

Further reading resources





Page 19 of 60





Web Based Password Capturing

Date of conduction:-

Date of submission:-



Signature



Page 20 of 60





Web Based Password Capturing

Objective: -

Study of Techniques uses for Web Based Password Capturing.

Appratus:-

Hardware : N/A

Software : N/A

Theory: -

Many people don’t understand how easy it is for attackers to take advantage of weak passwords, and therefore don’t use a password manager or other means to make their passwords stronger. This post describes 9 common ways passwords get captured, roughly ordered from most to least common. Proper use of a password manager can thwart some of these attacks and limit damages from most other types of attacks.

1: You Hand it Over Voluntarily

People frequently hand over their passwords via phishing, other forms of social engineering, or when a person or entity asks for temporary use of a password.

Protection: The simplest defense is to NEVER share your password for any account with any person, organization, or web site. An additional good defense is to develop “net smarts” analogous to “street smarts” to avoid phishing scams or other forms of social engineering. If you must temporarily share your password (i.e. to import contacts into Facebook), then change your password immediately after its temporary use is complete.

Damage Control: Your damages are limited to one account if you have a unique password for each account. Immediately change the password of the affected account.

Page 21 of 60




2: You Hand it Over Unknowingly

This overlaps with the previous attack. You think you are on the web site you intended but you actually mistyped it by one character, you clicked a bad link to get there, or you were tricked by tab napping. So you end up on a fake or spoof web site that looks legitimate.

When you log in, it collects your credentials then passes you on to the real site. A variation on this theme is an attack which layers extra fields over a legitimate web site. You are tricked into typing private personal information such as birthday, mother’s maiden name, social security number, etc. and then this information is used to “recover” your account .

Protection: A good defense against this ploy is to only login to a web site by selecting it from your password manager’s drop down menu (even if the tab was one you thought you opened yourself).

This will automatically log you in to the correct site, which the password manager stores. Another type of defense is for your browser to use a security service that warns you when you might be about to open a hazardous web site – but this may slow down browsing.


3: Mass Theft of Password Files

Most people don’t realize that user names and passwords routinely get stolen while your computer is off and disconnected from the internet. How? Web sites with many users and weak security are prime targets for attackers who want to steal a password file which lists all user names and passwords. Recent examples include Monster.com and RockYou.com. While most sites do not store passwords as clear text, many sites store passwords in a form that can be read using widely available rainbow table software. For people who use the same password on many sites, the theft of this password on one site can be the starting point for an attack on all of your accounts.

Protection: A simple and effective defense for users is to only use long, randomly generated passwords. How long? 15 characters. Rainbow tables easily crack passwords 8 or fewer characters long and in some cases up to 14 characters.

Damage Control: In the unlikely case that a rainbow table attack manages to crack one of your 15 character passwords, at least your damages will be limited to one account if you have a unique password for each account. Change the password of any account that becomes compromised due to mass theft.

4: Brute Force

Brute Force refers to discovering passwords through trial and error, similar to trying every possible combination on a lock. The most well known form of brute force attack is for password cracking

Page 22 of 60



NAME OF DEPARTMENT: CSE/IT software to methodically try millions of passwords on one specific user name on a specific account.

A typically weak password can be cracked in less than a day using this method.

Security conscious online vendors like banks or e-mail services provide some protection against such brute force attempts by denying access if there are too many attempts per hour. However, different forms of brute force can be used to get around these safeguards. A common example is software which automatically logs in to millions of different accounts per day by combining popular user names, passwords, and web sites (i.e. try password1 at Jsmith@gmail.com, 123456 at dj@facebook.com, qwerty at Mrodriguez@yahoo.com, etc.). As such methods become more widely adopted, it would not be surprising if nearly all accounts with short user names and short passwords get compromised.

Brute force is also used as a supplementary attack after a first password is captured. For example, if the password badpassword1 was captured by phishing, brute force can be used to try similar passwords on other accounts.

Protection: Brute force attacks are highly unlikely to crack very strong passwords. So just use strong passwords. I suggest randomized 15 character jumbles.


5: Eavesdropping: Keystroke Logger on Your Browser

Many people believe that nothing bad can happen to people who only visit safe, well respected sites. They are wrong. Malicious JavaScript can be injected into any browser on any system, visiting any web site. Keystroke logging is something that is done by some of these JavaScript injections. In most browsers, malicious JavaScript can log keystrokes in all open tabs, until the browser is closed. Usernames and passwords entered during the session can be captured this way.

Protection: Keystroke logging via browser is growing more common but is unfortunately one of the more difficult threats to defend against. Defenses include:





Use Firefox in conjunction with the No Script extension. While this is a strong defense, the overall complication of using No Script (popup, white lists, and blacklists) is more of a hassle than the average Joe wants to deal with.

Some security suites attempt to defend against this threat with browser plug-ins, but these can

 dramatically slow down browsing.

A simpler option is to only access the internet using the Google Chrome browser, which is designed so that malicious JavaScript can be theoretically contained to a single tab. At least other tabs will be safe.



Some password managers such as RoboForm enter passwords and usernames in a way which most

JavaScript keystroke loggers cannot intercept.

None of these suggestions are sure to stop browser-based keystroke loggers, but if you implement one or more of these suggestions you’ll at least reduce your chances of getting your usernames and

Page 23 of 60



NAME OF DEPARTMENT: CSE/IT passwords logged by malicious JavaScript. The only perfect defense is to not connect to the internet at all.

Damage Control: Your damages are limited to logins captured while browsing, so long as you have a unique password for each account. Immediately change the password of the affected accounts. If using a browser-based or web-based password manager, you should also change your master password.

6: Eavesdropping: Public Wi-Fi Monitoring

Passwords are frequently stolen on public computers and over public Wi-Fi connections, using free

Wi-Fi traffic monitoring software that is simple to operate.

Protection: Never log in to online accounts using a public computer. When using open Wi-Fi hot spots, you should only log in with your own notebook with services that enforce secure log-ins and sessions (HTTPS), perhaps using the Firefox Add-on HTTPS Everywhere to help. It is far safer to access email and other accounts using your phone data service, if you have one.

Damage Control: If you discover that this type of attack has occurred, then you will need to change the password for all of your accounts as well as your master password. If you know exactly when the attack occurred, you can change passwords only for the accounts you used during that session.

Procedure:

-

N/A


Calculation

:-

N/A

Results:

-

N/A

Lab Quiz :-

1. What consideration should go into choosing a pass-word a. It should be short and easy to remember word b. It should be long and difficult word c. It should be difficult to guess or synthesize but easy to recall d. It should be an unusual combination of alphabets, digits and special characters which may be changed frequently.

2. Which of the following can be used to prevent social engineering attacks?

Page 24 of 60




Verifying identities of people requesting sensitive information

Using data encryption

Being aware of computer fraud schemes

(a) III only

(b) I and III only

(c) I, II, and III

(d) II and III only

3.It is a prepared application that takes advantage of the known weakness a. security exploit b. vulnerability scanner c. packet sniffer d. rootkit

4. The __________ of a threat measures its potential impact on a system.

A) vulnerabilities

B) countermeasures

C) degree of harm

D) susceptibility

5) Even though passwords can be sent as hashed values rather than clear text, several tools, including L0pht Crack, are able to obtain user passwords. What types of attack are represented by this example? (Select all that apply.) a.

Logic Bomb b.

Dictionary c.

Buffer Overflow d.

Brute Force

6) Hashed passwords are vulnerable to which of the following types of attack? (Select all that apply.) a.

Man in the Middle

Page 25 of 60



NAME OF DEPARTMENT: CSE/IT a.

Man in the Middle b.

Dictionary c.

Brute Force d.

Reverse Engineering

7)Which of the following is a primary method to illegally capture user sensitive information such as user passwords on a network? a.

Spamming b.

Spoofing c.

Sniffing d.

Smirking

8) Which specific method does the L0pht Crack utility use to attempt to gain user authentication information? (Select the best answer.) a.

Strong Keys b.

Replay c.

Brute Force d.

Weak Keys

9) A fraud perpetrated by tricking a person into disclosing confidential information, such as a password, is called:

A. Trojan horse.

B. hacking.

C. social engineering.

D. scavenging.

Page 26 of 60




E. password cracking.

F. none of the above.

10) Portable computers create a number of fraud threats. What policies might help a company protect itself against losses due to portable computers?

A. Monitor hacker information

B. Monitor system activities

C. Segregate duties

D. Use fraud detection software

E. Require vacations

None of the above






Page 27 of 60





Virus and Trojans.





Signature



Page 28 of 60





Virus and Trojans.

Objective: -

Study of Different attacks causes by Virus and Trojans.

Appratus:-

Hardware : N/A

Software : N/A

Theory: -

Virus: The most potent and vulnerable threat of computer users is virus attacks.

Virus attacks hampers important work involved with data and documents. It is imperative for every computer user to be aware about the software and programs that can help to protect the personal computers from attacks. One must take every possible measure in order to keep the computer systems free from virus attacks. The top sources of virus attacks are highlighted below:





Downloadable Programs

 Cracked Software

Email Attachments

 Internet

 Booting From CD

Trojans: Trojan horse attacks pose one of the most serious threats to computer security. If you were referred here, you may have not only been attacked but may also be attacking others unknowingly. This page will teach you how to avoid falling prey to them, and how to repair the damage if you already did. According to legend, the Greeks won the Trojan war by hiding in a huge, hollow wooden horse to sneak into the fortified city of Troy. In today’s computer world, a

Trojan horse is defined as a “malicious, security-breaking program that is disguised as something benign”. For example, you download what appears to be a movie or music file, but when you click on it, you unleash a dangerous program that erases your disk, sends your credit card numbers and passwords to a stranger, or lets that stranger hijack your computer to commit illegal denial of service attacks.

The following general information applies to all operating systems, but by far most of the damage is done to/with Windows users due to its vast popularity and many weaknesses. Linux, MacOS X, and other operating systems are not as frequently infected, but they are far from immune.

Page 29 of 60




Repairing the Damage

1.

Anti-Virus Software : Some of these can handle most of the well known trojans, but none are perfect, no matter what their advertising claims. You absolutely MUST make sure you have the very latest update files for your programs, or else they will miss the latest trojans.

Compared to traditional viruses, today’s trojans evolve much quicker and come in many seemingly innocuous forms, so anti-virus software is always going to be playing catch up.

Also, if they fail to find every trojan, anti-virus software can give you a false sense of security, such that you go about your business not realizing that you are still dangerously compromised. There are many products to choose from, but the following are generally effective: AVP, PC-cillin, and McAfee Virus Scan. All are available for immediate downloading typically with a 30 day free trial. For a more complete review of all major antivirus programs, including specific configuration suggestions for each, see the Hack Fix

Project’s anti-virus software page .When you are done, make sure you’ve updated Windows with all security patches .

2.

Anti-Trojan Programs : These programs are the most effective against trojan horse attacks, because they specialize in trojans instead of general viruses. A popular choice is The

Cleaner, $30 commercial software with a 30 day free trial. To use it effectively when you are done, make sure you’ve updated Windows with all security patches, then change all your passwords because they may have been seen by every “hacker” in the world.

Procedure:

-

N/A


Calculation

:-

N/A

Results:

-

N/A

Lab Quiz :-

1.

Which of the following best describes a computer virus? (Select three.) a.

Infects other programs.

Page 30 of 60



NAME OF DEPARTMENT: CSE/IT b.

Spreads to other programs. c.

Uses malicious code. d.

Forces users to open the program.

2.

Which of the following describes a computer virus? (Select all that apply.) a.

Exists to damage computer systems. b.

Has no productive purpose. c.

Uses a piece of malicious code. d.

Replicates itself.

3.

When comparing malicious code, which of the following propagates when the host is running after copying itself into the host program? a.

Back Door attacks b.

Worms like Code Red II c.

Viruses like Melissa d.

Trojan horses like I Love You

4 . Which of the following are applicable to Trojan horses? (Select all that apply.) a.

Make use of an application that appears to perform a useful function b.

Hide malicious code silently c.

May trick the user unknowingly d.

May use Social Engineering techniques

5.

Which of the following do not replicate or attach to other files?

Page 31 of 60



NAME OF DEPARTMENT: CSE/IT a.

Worms b.

Viruses c.

Trojan horses d.

Logic bombs

6.

Your company just fired the previous system administrator. After one week, you notice that files start deleting from the DNS server. What could be the cause? a.

Logic bomb b.

Worm c.

Trojan horse d.

Virus

7.

How can a logic bomb be triggered? (Select two correct answers.) a.

Through the Internet b.

By using a wireless device c.

By a specific event d.

To a predefined time

8.

Which of the following could be considered a computer parasite? a.

Logic bomb b.

Worm c.

Trojan horse d.

Virus

Page 32 of 60




9.

What are Sadmind, Adore, and Morris examples of? a.

Logic bombs b.

Worms c.

Trojan horses d.

Viruses

10.

This type of virus is activated when a user runs an application such as a word processor or spreadsheet. a. Boot-sector virus. b. Macro-virus. c. Worm. e. E-mail virus. f. Trojan virus.






Page 33 of 60





Anti-Intrusion Technique – Honey pot.





Signature



Page 34 of 60





Anti-Intrusion Technique – Honey pot.

Objective: -

Study of Anti-Intrusion Technique – Honey pot .

Appratus:-

Hardware : N/A

Software : N/A

Theory: -

Anti-Intrusion Technique: The basic underlying principles of intrusion control and distill the universe of anti-intrusion techniques into six high-level, mutually supportive approaches. System and network intrusions may be prevented, preempted, deflected, deterred, detected, and/or autonomously countered. This Anti-Intrusion Taxonomy (AINT) of anti-intrusion techniques considers less explored approaches on the periphery of "intrusion detection" which are independent of the availability of a rich audit trail, as well as better known intrusion detection techniques. Much like the Open Systems Reference Model supports understanding of communications protocols by identifying their layer and purpose, the authors believe this antiintrusion taxonomy and associated methods and techniques help clarify the relationship between anti-intrusion techniques described in the literature and those implemented by commercially available products. The taxonomy may be used to assess computing environments which perhaps already support Intrusion Detection System (IDS) implementations to help identify useful complementary intrusion defense approaches.

Honey pot: In computer terminology, a honey pot is a trap set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Generally, a honey pot consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.

This is similar to the police baiting a criminal and then conducting undercover surveillance.

Honeypots can be classified based on their deployment and based on their level of involvement.

Based on deployment, honeypots may be classified as:

1.

production honeypots

2.

research honeypots

Page 35 of 60




Production honeypots are easy to use, capture only limited information, and are used primarily by companies or corporations; Production honeypots are placed inside the production network with other production servers by an organization to improve their overall state of security. Normally, production honeypots are low-interaction honeypots, which are easier to deploy. They give less information about the attacks or attackers than research honeypots do.

Research honeypots are run to gather information about the motives and tactics of the Blackhat community targeting different networks. These honeypots do not add direct value to a specific organization; instead, they are used to research the threats organizations face and to learn how to better protect against those threats.Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations.

Procedure:

-

N/A


Calculation

:-

N/A

Results:

-

N/A

Lab Quiz :-

1. Homes for Viruses

(A) Boot Sector Viruses

(B) Memory-Resident Viruses

(C) Other Homes (like Application)

(D) All

2. Virus signatures are used by virus scanners to detect the virus in

(A) Storage Patterns

(B) Boot Sector

(C) Object code

(D) Others

3. Polymorphic Viruses using encryption contains three parts one of them:

(A) Encryption key

(B) Encrypted code

(C) Unencrypted object code of the decryption routine

(D) Others

Page 36 of 60




4. Preventing Virus Infection:

(A) Use only commercial software acquired from reliable, well established vendors

(B) Test all old software on an isolated computer

(C) Make many copies for your software

(D) Others

5. The Sources of Trapdoors are:

(A) Debug commands left is code before r testing

(B) Poor error checking

(C) A small amount of money is shaved from each computation

(D) Others

6. The Causes of Trapdoors are:

(A) Forgets to remove them

(B) Intentionally leaves them for programmers

(C) Intentionally leaves them for users

(D) Others

7. The Basic Principles of Software Engineering is:

(A) Division of Labour

(B) Reuse of Code

(C) Use of Standard Pre-constructed Software tools

(D) All

8. Characteristics of a Module are:

(A) Unity

(B) Reuse of Code

(C) Organized Activity

(D) Others

9. Program correctness proofs are hindered by:

(A) Program translation is error prone

(B) The logical engines are slow

(C) Proofs of correctness have not been consistently and successfully applied to large production systems

(D) all

Page 37 of 60




10. Characteristics of Trusted Software are:

(A) Functional Correctness

(B) Enforcement of Integrity

(C) Limited Privilege

(D) all






Page 38 of 60





Symmetric Encryption Scheme – RC4.





Signature



Page 39 of 60





Symmetric Encryption Scheme – RC4.

Objective: -

Study of Symmetric Encryption Scheme – RC4.

Appratus:-

Hardware : N/A

Software : N/A

Theory: -

RC4 Algorithm: RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA

Security. It is a variable keysize stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation. Analysis shows that the period of the cipher is overwhelmingly likely to be greater than 10100 [ROBS95]. Eight to sixteen machine operations are required per output byte, and the cipher can be expected to run very quickly in software. RC4 was kept as a trade secret by RSA

Security. In September 1994, the RC4 algorithm was anonymously posted on the Internet on the

Cypherpunks anonymous remailers list.

The RC4 algorithm is remarkably simply and quite easy to explain. A variable-length key of from 1 to 256 bytes (8 to 2048 bits) is used to initialize a 256-byte state vector S, with elements S[0], S[1], …, S[255]. At all times, S contains a permutation of all 8-bit numbers from

0 through 255. For encryption and decryption, a byte k (see Figure 1) is generated from S by selecting one of the 255 entries in a systematic fashion. As each value of k is generated, the entries in S are once again permuted.

Procedure:

- Initialization of S

-5-

To begin, the entries of S are set equal to the values from 0 through 255 in ascending order; that is; S[0] = 0, S[1] = 1, …, S[255] = 255. A temporary vector, T, is also created. If the length of the key K is 256 bytes, then K is transferred to T. Otherwise, for a key of length keylen bytes, the first keylen elements of T are copied from K and then K is repeated as many times as necessary to fill out T. These preliminary operations can be summarized as follows:

/* Initialization */ for i = 0 to 255 do

S[i] = i;

T[i] = K[i mod keylen];

Next we use T to produce the initial permutation of S. This involves starting with S[0] and going through to S[255], and, for each S[i], swapping S[i] with another byte in S according to a scheme dictated by T[i]:

Page 40 of 60




/* Initial Permutation of S */ j = 0; for i = 0 to 255 do j = (j + S[i] + T[i]) mod 256;

Swap (S[i], S[j]);

Because the only operation on S is a swap, the only effect is a permutation. S still contains all the numbers from 0 through 255.

Stream Generation

Once the S vector is initialized, the input key is no longer used. Stream generation involves starting with S[0] and going through to S[255], and, for each S[i], swapping S[i] with another byte in S according to a scheme dictated by the current configuration of S. After S[255] is reached, the process continues, starting over again at S[0]:

/* Stream Generation */ i, j = 0;

-6- while (true) i = (i + 1) mod 256; j = (j + S[i]) mod 256;

Swap (S[i], S[j]); t = (S[i] + S[j]) mod 256; k = S[t];

To encrypt, XOR the value k with the next byte of plaintext. To decrypt, XOR the value k with the next byte of ciphertext.


Calculation

:-

N/A

Results:

-

N/A

Lab Quiz :-

1. Which of the following Algorithms belong to symmetric encryption?

1. 3DES (TripleDES)

2. RSA

3. RC5

4. IDEA

Page 41 of 60




2. Assymmetric Encryption: Why can a message encrypted with the Public Key only be decrypted with the receiver's appropriate Private Key ?

1. Not true, the message can also be decrypted with the Public Key.

2. A so called "one way function with back door" is applyed for the encryption.

3. The Public Key contains a special function which is used to encrypt the message and which can only be reversed by the appropriate

Private Key.

4. The encrypted message contains the function for decryption which identifies the Private Key.

3. In which way does the Combined Encryption combine symmetric and assymmetric encryption ?

1. First, the message is encrypted with symmetric encryption and aferwards it is encrypted assymmetrically together with the key.

2. The secret key is symmetrically transmitted, the message itself assymmetrically.

3. First, the message is encrypted with assymmetric encryption and aferwards it is encrypted symmetrically together with the key.

4. The secret key is assymmetrically transmitted, the message itself symmetrically.

4. Which is the largest disadvantage of the symmetric Encryption?

1. More complex and therefore more time-consuming calculations.

2. Problem of the secure transmission of the Secret Key.

3. Less secure encryption function.

4. Isn't used any more.

5. Which of the following statements are correct?

1. PGP uses assymmetric encryption.

2. In the world wide web, primarly symmetric Encryption is used.

3. Symmetric encryption is applied in the transmission of PIN numbers from the EC automat to the server of the bank for example.

4. PGP uses combined encryption

Page 42 of 60




6. Which is the principle of the encryption using a key?

1. The key indicates which funcion is used for encryption. Thereby it is more difficult to decrypt a intercepted message as the function is unknown.

2. The key contains the secret function for encryption including parameters. Only a password can activate the key.

3. All functions are public, only the key is secret. It contains the parameters used for the encryption resp. decryption.

4. The key prevents the user of having to reinstall the software at each change in technology or in the functions for encryption.

7. A(n) ________ cipher, a pair of keys is used .

1. symmetric-key

2.

3.

asymmetric-key

either (a) or (b)

4.

neither (a) nor (b)

8. In an asymmetric-key cipher, the sender uses the__________ key.

1. private

2. public

3. either (a) or (b)

4. neither (a) nor (b)

9. What is the term that demonstrates vulnerability when patterns are frequently seen in an algorithm, for example in Data Encryption Standard (DES) some portion of the encryption is identical to the decryption?

1.

PKI

2.

Weak Keys

3.

Mathematical

Page 43 of 60




1.

PKI

4.

Public Keys

10. When many users use the same password this causes vulnerability. Which one of the following types of attacks is best suited to exploit this situation?

1.

Weak Keys

2.

DOS

3.

SYN attack

4.

Back Door






Page 44 of 60





Block Cipher – S-DES, 3-DES.





Signature

Name of faculty in charge: Ms. Swati Agarwal


Page 45 of 60





Block Cipher – S-DES, 3-DES.

Objective: -

Implementation of S-DES algorithm for data encryption

Appratus:-

Hardware : N/A

Software : N/A

Theory: -

S-DES algorithm uses bit wise operation on message letters to encrypt the data so it is more power full against the cryptanalysis attack. In this algorithm we will take 8-bits of the message at a time and operate on it using the 10-bit key and two rounds of iteration as

Explain below.

Procedure:

- Algorithm to generate key

As there are two rounds we have to generate two keys from the given 10-bit key

1: Apply permutation function P10 to 10 bit key

2: divide the result into two part each containing 5-bit L0 and L1

3: apply Circular Left Shift to both L0 and L1

4: combine both L0 and L1 which will form out 10-bit number

5: apply permutation function P8 on result to select 8 out of 10 bits for key K1 (for the first round)

6: again apply second Circular Left Shift to L0 and L1

7: combine the result, which will form out 10-bit number

8: apply permutation function P8 on result to select 8 out of 10 bits for key K2 (for the second round)

Algorithm for Encryption

1: get 8 bit message text (M) applied it to Initial permutation function (IP)

2: divide IP(M) into nibbles M0 and M1

3: apply function Fk on M0

4: XOR the result with M1 (M1 (+) Fk(M0))

5: Swap the result with M1 (i.e. make M1 as lower nibble (M0) and result as higher nibble (M1))

6: repeat the step 1 to 4 (go for the next round)

7: apply (IP-1) on the result to get the encrypted data

Algorithm for function Fk

1: give the 4-bit input to EP (Expansion function) the result will be a 8-bit expanded data

2: XOR the 8-bit expanded data with 8-bit key (K1 for the first round and K2 for the second round)

2: divide result into upper (P1) and lower (P2) nibble

Page 46 of 60




3: apply compression function S0 to P0 and S1 to P1, which will compress the 4-bit input to 2-bit output

4: combine 2-bit output from S0 and S1 to form a 4-bit digit

5: apply permutation function P4 to 4-bit result

Functions

P10 = 3 5 2 7 4 10 1 9 8 6

P8 = 6 3 7 4 8 5 10 9

P4 = 2 4 3 1

IP = 2 6 3 1 4 8 5 7

IP-1 = 4 1 3 5 7 2 8 6


Calculation

:-

N/A

Results:

-

N/A

Lab Quiz :-

1. A (n) ______ is a keyless substitution cipher with N inputs and M outputs that uses a formula to define the relationship between the input stream and the output stream.

A) S-box

B) P-box

C) T-box

D) none of the above

2. A (n) _______is a keyless transposition cipher with N inputs and M outputs that uses a table to define the relationship between the input stream and the output stream.

A) S-box

B) P-box

C) T-box


3. A modern cipher is usually a complex _____cipher made of a combination of different simple ciphers.

A)

B) round circle

C) square


Page 47 of 60




4. DES is a(n) ________ method adopted by the U.S. government.

A) symmetric-key

B) asymmetric-key

C) either (a) or (b)

D) neither (a) nor (b)

5. DES has an initial and final permutation block and _________ rounds.

A) 14

B) 15

C) 16


6. The DES function has _______ components.

A) 2

B) 3

C) 4

D) 5

7. DES uses a key generator to generate sixteen _______ round keys.

A) 32-bit

B) 48-bit

C) 54-bit

D) 42-bit

8. ________ DES was designed to increase the size of the DES key

A) Double

B) Triple

C) Quadruple


9. ______ is a round cipher based on the Rijndael algorithm that uses a 128-bit block of data.

A) AEE

B) AED

C) AER

D) AES

Page 48 of 60




10. What is data encryption standard (DES)?

A) block cipher

B) stream cipher

C) bit cipher

D) none of the mentioned






Page 49 of 60





Asymmetric Encryption Scheme – RSA.





Signature



Page 50 of 60





Asymmetric Encryption Scheme – RSA.

Objective: -

Implementation of Asymmetric Encryption Scheme – RSA.

Appratus:-

Hardware : N/A

Software : 1. Turbo C++ IDE (TurboC3)

2. Borland Turbo C++ (Version 4.5)

Theory: -

The RSA algorithm was invented by Ronald L. Rivest, Adi Shamir, and Leonard

Adleman in 1977 and released into the public domain on September 6, 2000.

Public-key systems–or asymmetric cryptography–use two different keys with a mathematical relationship to each other. Their protection relies on the premise that knowing one key will not help you figure out the other. The RSA algorithm uses the fact that it’s easy to multiply two large prime numbers together and get a product. But you can’t take that product and reasonably guess the two original numbers, or guess one of the original primes if only the other is known. The public key and private keys are carefully generated using the RSA algorithm; they can be used to encrypt information or sign it.

Procedure:

- Key generation

1) Pick two large prime numbers p and q, p != q;

2) Calculate n = p × q;

3) Calculate ø (n) = (p − 1)(q − 1);

4) Pick e, so that gcd(e, ø (n)) = 1, 1 < e < ø (n);

5) Calculate d, so that d · e mod ø (n) = 1, i.e., d is the multiplicative inverse of e in mod ø (n);

6) Get public key as KU = {e, n};

7) Get private key as KR = {d, n}.

Encryption

For plaintext block P < n, its ciphertext C = P^e (mod n).

Decryption

For ciphertext block C, its plaintext is P = C^d (mod n).

/* C program for the Implementation Of RSA Algorithm Encrypt the text data and Decrypt the same */

Page 51 of 60




#include<stdio.h>

#include<conio.h> int phi,M,n,e,d,C,FLAG; int check()

{ int i; for(i=3;e%i==0 && phi%i==0;i+2)

{

FLAG = 1; return;

}

FLAG = 0;

} void encrypt()

{ int i;

C = 1; for(i=0;i< e;i++)

C=C*M%n;

C = C%n; printf(“\n\tEncrypted keyword : %d”,C);

} void decrypt()

{ int i;

M = 1; for(i=0;i< d;i++)

M=M*C%n;

M = M%n; printf(“\n\tDecrypted keyword : %d”,M);

} void main()

{ int p,q,s; clrscr(); printf(“Enter Two Relatively Prime Numbers\t: “); scanf(“%d%d”,&p,&q); n = p*q; phi=(p-1)*(q-1); printf(“\n\tF(n) phi value\t= %d”,phi);

Page 52 of 60



NAME OF DEPARTMENT: CSE/IT do

{ printf(“\n\nEnter e which is prime number and less than phi \t: “,n); scanf(“%d”,&e); check();

}while(FLAG==1); d = 1; do

{ s = (d*e)%phi; d++;

}while(s!=1); d = d-1; printf(“\n\tPublic Key\t: {%d,%d}”,e,n); printf(“\n\tPrivate Key\t: {%d,%d}”,d,n); printf(“\n\nEnter The Plain Text\t: “); scanf(“%d”,&M); encrypt(); printf(“\n\nEnter the Cipher text\t: “); scanf(“%d”,&C); decrypt(); getch();

}


Calculation

:-

N/A

Results:

-

N/A

Lab Quiz :-

1. In asymmetric key cryptography, the private key is kept by a) sender b) receiver c) sender and receiver d) all the connected devices to the network

2. Which one of the following algorithm is not used in asymmetric-key cryptography?

a) RSA algorithm

Page 53 of 60



NAME OF DEPARTMENT: CSE/IT b) diffie-hellman algorithm c) electronic code book algorithm d) none of the mentioned

3. One commonly used public-key cryptography method is the ______ algorithm.

a) RSS b) RAS c) RSA d) RAA

4. he ________ method provides a one-time session key for two parties.

a) Diffie-Hellman b) RSA c) DES d) AES

5. Asymmetric Encryption: Why can a message encrypted with the Public Key only be decrypted with the receiver's appropriate Private Key? a) Not true, the message can also be decrypted with the Public Key. b) A so called "one way function with back door" is applyed for the encryption. c) The Public Key contains a special function which is used to encrypt the message and which can only be reversed by the appropriate

Private Key. d) The encrypted message contains the function for decryption which identifies the Private Key.

6. Select the answer/s that correctly apply to an RSA digital signature.

a) A digital signature provides a message digest.

b) A digital signature facilitates non-repudiation.

c) A digital signature proves to a recipient that the sender is authentic.

d) A digital signature ensures that a message is correctly encrypted.

7. A certificate, in the RSA system, indicates to the receiving party that the sender's public key used

Page 54 of 60



NAME OF DEPARTMENT: CSE/IT to encrypt a message is in fact genuine .

a)True

b) False

8.

A (n) ________ cipher, a pair of keys is used.

a) symmetric-key

b) asymmetric-key

c) either (a) or (b)

d) neither (a) nor (b)

9. In an asymmetric-key cipher, the sender uses the__________ key.

a) private

b) public



10. In an asymmetric-key cipher, the receiver uses the ______ key.

a) private

b) public








Page 55 of 60





IP based Authentication.





Signature



Page 56 of 60





IP based Authentication.

Objective: -

Study of IP based Authentication.

Appratus:-

Hardware : N/A

Software : N/A

Theory: -

IP security refers to security mechanisms implemented at the IP (Internet Protocol) Layer to ensure integrity, authentication and confidentiality of data during transmission in the open Internet environment. The primary objective of recent work in this area, mainly by members in the IETF IP

Security (IPsec) working group is to improve the robustness of the cryptographic key-based security mechanisms at IP layer for users who request security.How can IP Security be achieved?

Currently, there are two specific headers that can be attached to IP packet to achieve security. They are the IP Authentication Header (AH) and the IP Encapsulating Security Payload (ESP) header.

If confidentiality is not required, the Authentication Header (AH) alone can provide security (in this case, connectionless data integrity and data origin authentication) to IP datagram. The implementation can be host-host, host-gateway or gateway-gateway. But only host-host implementation is encouraged. The reason is that, in the case that security gateway provides security service for the trusted hosts behind the gateway, The security attack can still arise when the trusted hosts become untrusted. In other words the security can be violated for two communicating end user if the security (without confidentiality) does not cover completely the communicating path, but instead stop at the gateway, even though SA is established. Certainly in any kind of implementation, the untrusted systems (i.e., the systems that don't have the SA established) can't have the ability to attack data authentication (always referring to both data integrity and data origin authentication.

The IP Encapsulating Security Payload (ESP) header provides integrity, authentication, and confidentiality to IP datagram. It can provide a mix of optional security. ESP header can be applied alone, in combination with the IP Authentication Header (AH), or in a nested way, e. g. by using

Tunnel-mode. The ESP header implementation can be host-host, host-gateway, or gatewaygateway. The ESP header is inserted after the IP header and before a higher-level protocol header

(Transport-mode) or the encapsulated IP header (Tunnel-mode). Gateway-to-gateway ESP implementation, using encryption/decryption , is critical for building Private Virtual Networks

(PVN) across an untrusted backbone in an open environment such as the Internet.

Procedure:

-

N/A

Page 57 of 60





Calculation

:-

N/A

Results:

-

N/A

Lab Quiz :-

1. Release of message contents means:

(A) Obtain information that is being transmitted.

(B) Telephone conversation, email message and transferred files.

(C) Attack that have a specific target

(D) Others

2. The basic elements of model of access control are:

(A) Subject, Object, Access right

(B) Capability list, Object, Access right

(C) Centralized, Decentralized

(D) Other

3. In the boot sector viruses, virus:

(A) Gains control very early in the boot process before most detection tools are active

(B) Gains control very early in the boot process after most detection tools are active

(C) Gains control in AUTOEXEC.BAT batch file

(D) Others

4. By Salami Attack virus we mean:

(A) Control viruses

(B) A small amount of money is shaved from each computation

(C) Trapdoors persist

(D) Others

5. The main idea of peer review is:

(A) Each team member has a clear design document

(B) Team members review each others’ code

(C) All team members recognize that the product belongs to the group

Page 58 of 60




(D) ALL the above

6.

What is a network?

(A) A single main processor

(B) More than one independent processor.

(C) More users and computing systems have access

(D) Others

7. Complexity is one of network security problems that mean:

(A) Network may combine two or more dissimilar operating systems with mechanisms for interhost connection

(B) Sensitive data

(C) Insertion of bogus messages

(D) Others

8. Authentication is:

(A) Modification

(B) Insertion

(C) Hard to assure identity of user on a remote system

(D) Others

9. Copyrights means:

(A) Protect expression of ideas

(B) Protect inventions

(C) Allows the distribution of the result of the secret

(D) Others

10. Trade Secret means:

(A) Information that gives one company a competitive edge over others

(B) Provides protection for the source code and not the algorithm

(C) Copy distributed that must be marked

(D) Others

Page 59 of 60









Page 60 of 60

Hardware : N/A

EXPERIMENT NO. 1

NETWORK SECURITY FUNDAMENTALS

EXPERIMENT NO. 1

NETWORK SECURITY FUNDAMENTALS

Study Network Security fundamentals –

Ethical Hacking

Social Engineering practices.

SOCIAL ENGINEERING TACTICS AND TOOLS – USING DECEPTION TO

BREAK IN

EXPERIMENT NO. 2

System threat attacks - Denial of Services.

EXPERIMENT NO. 2

System threat attacks - Denial of Services.

EXPERIMENT NO. 3

Sniffing and Spoofing.

EXPERIMENT NO. 3

Sniffing and Spoofing.

EXPERIMENT NO. 4

Web Based Password Capturing

EXPERIMENT NO. 4

Web Based Password Capturing

1: You Hand it Over Voluntarily

2: You Hand it Over Unknowingly

3: Mass Theft of Password Files

4: Brute Force

5: Eavesdropping: Keystroke Logger on Your Browser

6: Eavesdropping: Public Wi-Fi Monitoring

EXPERIMENT NO. 5

Virus and Trojans.

EXPERIMENT NO. 5

Virus and Trojans.

EXPERIMENT NO. 6

Anti-Intrusion Technique – Honey pot.

EXPERIMENT NO. 6

Anti-Intrusion Technique – Honey pot.

EXPERIMENT NO. 7

Symmetric Encryption Scheme – RC4.

EXPERIMENT NO. 7

Symmetric Encryption Scheme – RC4.

EXPERIMENT NO. 8

Block Cipher – S-DES, 3-DES.

EXPERIMENT NO. 8

Block Cipher – S-DES, 3-DES.

EXPERIMENT NO. 9

Asymmetric Encryption Scheme – RSA.

EXPERIMENT NO. 9

Asymmetric Encryption Scheme – RSA.

EXPERIMENT NO. 10

IP based Authentication.

EXPERIMENT NO. 10

IP based Authentication.

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib