cyber_lab_record | PDF Host

1 R.M.K. COLLEGE OF ENGINEERING AND TECHNOLOGY (An Autonomous Institution) R.S.M. Nagar, Puduvoyal – 601 206 DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING (CYBER SECURITY) 22CY40 2 CYBER SECURITY ESSENTIALS (LAB INTEGRATED) LAB MANUAL R2022 - EVEN SEMESTER B.E. COMPUTER SCIENCE AND ENGINEERIN G (CYBER SECUR ITY) ACADEMIC YEAR: 2024 25 2 R.M.K. COLLEGE OF ENGINEERING AND TECHNOLOGY (An Autonomous Institution) R.S.M. Nagar, Puduvoyal – 601 206 DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING (CYBER SECUIRTY) 22CY40 2 CYBER SECURITY ESSENTIALS (LAB INTEGRATED) LAB MANUAL R2022 B.E. COMPUTER SCIENCE AND ENGINEERING (CYBER SECURITY) Prepared by Dr.Dharini N Associate Professor /CSE(CS) Checked by Dr. S.M. Udhay a Sankar Professor & Head / CSE (CS) Approved By Principal 2024 - 25 EVEN SEMESTER Dr.N.Suresh Kumar 3 R.M.K. COLLEGE OF ENGINEERING AND TECHNOLOGY (An Autonomous Institution) R.S.M. Nagar, Puduvoyal – 601 206 DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING (CYBER SECU RI TY) Vision To excel and take the lead in cyber security education, profession and research globally with a commitment to effectively address societal needs Mission ✤ To c ollaborate with innovators to provide real - world, standard - based cybersecurity capabilities that address business needs. ✤ To p repare the professionals in both academic and industrial settings capable of solving real world cybersecurity threats. ✤ To in culcate the students in designing and developing various projects in different areas of cybersecurity, by providing a distinguished and high - quality education. Program Educational Objectives Graduates of Computer Science and Engineering Program (Cyber Security) will be able to: PEO 1 : Acquire the knowledge, skills and the attitude necessary for the analysis of Cyber security. PEO 2 : Apply the cutting - edge latest technology within a professional, legal and ethical frame work and will operate effectively in a multidisciplinary stream. PEO 3 : Practice continued, self - learning to keep their knowledge and skills up to date and remain abreast of the latest developments in cyber security. Program Specific Outcome s Graduates of Computer Science and Engineering (Cyber Security) Program will be able : PSO 1 : To understand, analyze, design, and develop computing solutions by applying algorithms, web design, database management, networking & cyber security. PSO 2 : To develop cyber security skills including network defense, ethical hacking, penetration testing, application security and cryptography to provide real time solutions PSO 3 : To apply standard tools, practices and strategies in cyber security for successful career and entrepreneurship. 4 R.M.K. COLLEGE OF ENGINEERING AND TECHNOLOGY (An Autonomous Institution) R.S.M. Nagar, Puduvoyal – 601 206 DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING (CYBER SECURITY) OBJECTIVES • Understand the field of digital security and concepts of access control mechanisms. • To introduce keywords and jargons involved in securing browser • Understanding network basic and familiarize on security of network protocols • Awareness and understanding on cyber - attacks and data privacy LIST OF EXERCISES 1. Using basic tools: Using the Nslookup, Tracert Utilities, Ipconfig and Ping Command 2. Setting Password Policies 3. Capturing the Network Traffic and packets Using Wireshark 4. Creating a TCP Outbound Rule 5. Creating an ICMP Outbound Rule 6. Monitoring the Denial of Service (DoS) Attack 7. Viewing the Application, Security, and System Logs 8. Scanning Vulnerabilities Using Microsoft Baseline Security Analyzer 9. Adding Users or Groups in a Linux Distribution 10. Examining Browsing History Options 11. Configuring Pop - up Blocker Settings 12. Accessing the Security Settings in Internet Explorer & Adding a Site to a Security Zone 13. Scanning Network Using Nmap 14. Identifying and Defending Against Vulnerabilities by Creating a New Software Restriction Policy OUTCOMES CO1: Understand basic concepts of computer security, identify threats and vulnerabilities, and implement basic security measures. CO2: Comprehend security mechanisms in operating systems and networks, including rootkits and network protocols, and secure network servers. CO3: Protect personal computers and devices from malware, understand the importance of strong credentials, and secure web interactions. CO4: Understand cyber-attacks, data security principles, data privacy, and compliance standards. CO5: Develop security planning strategies, handle security incidents, understand emerging technologies,and comprehend legal aspects of cyberspace. CO6: Analyze and evaluate real-world case studies to apply concepts of computer security, operating system and network security, digital security, data privacy, and incident management. Upon completion of the course, the students will be able to: 5 Exp No:1 USING BASIC TOOLS Date: Aim To Apply different tools and utilities to various cybersecurity situations Procedure/Algorithm Commands 1. IFconfig/Ipconfig: This tool is used at the command line and presents you with the local system’s IP address and other basic network - configuration information. This tool is your first stop when you want to know the gateway’s IP address, where the system sends DNS queries, whether the system was served its IP address by DHCP or it was assigned statically, along with other useful information. Output IPCONFIG Output 2. Whois : Frequently, you will need to know some information about a domain. you can go to the website of virtually any domain registrar and use their Whois search tool to find information concerning ownership, administrative and technical responsibility, and the name of the server responsible for providing host information. Whois is also a command - line utility in some operating systems. 6 Output WHOIS Output 3. Nslookup : The nslookup command is a command - line DNS query tool that is typically the first tool used to gain DNS information about a website. The basic nslookup command returns the IP address information associated with a specified domain name. The basic command can be modifie d by adding specific parameters to obtain other types of information, such as Name servers or Mail exchanges. Although nslookup is a great tool for troubleshooting DNS hostname resolution problems, it is also one of the most commonly used tools in the info rmation - gathering process of the enumeration phase of a cyber attack. Output NSLOOKUP Output 4. PING: PING is software utility used to evaluate the ability to reach any other IP host. The PING 7 command will measure the round - trip time for packets sent from the originating host to the target host. The PING utility will send Internet Control Message Protocol (ICMP) request packets to the target host and wait for a response measuring the trip time a nd any packet loss. PING and ping6 for IPv6 hosts are available as command - line tools in many operating systems, and a variety of software products will also offer this capability often packaged with traceroute features A. Ping Domain or IP Address You can run a simple ping test to see whether the target host www.google.com is reachable or not. You can also use an IP address instead of the domain name as shown. PING Output B. Ping Echo Request You can specify the number of ECHO_REQUESTs to be sent after which ping exits, using the - n flag as shown (in this case the ping test will stop after sending 5 packets). PING ECHO REQUEST Output 8 Other usages of PING Other PING Commands 5. Traceroute A TRACEROUTE utility will display the route (path) that packets will travel from one IP to another. As with PING, the round - trip time of the ICMP packets (also known as latency) is measured; however, with traceroute this time is measured between each succe ssive host in the route. Each segment of the route is known as a hop. Traceroute will send three packets and measure the time required to complete each hop. The cumulative latency at each hop is recorded, usually in milliseconds, along with the IP and host name (acquired through a reverse lookup) of each node. This can be a great way to look at latency issues between hosts and evaluate the connection to determine where excessive latency exists or a route fails. Traceroute is available in most operating syst em command - line interfaces. Windows uses the TRACERT utility. Some utilities, such as tcptraceroute, may use TCP packets. Output TRACERT Output 9 Lab Questions 1. What is the purpose of the ipconfig command in Windows? The ipconfig command is used to display the IP configuration settings of a Windows computer, including the IP address, subnet mask, and default gateway. 2. What is the equivalent command of ipconfig in Linux? The equivalent command of ipconfig in Linux is ifconfig, which is used to display and configure network interfaces. 3. How do you use whois command to look up domain information? You can use the whois command followed by a domain name to retrieve registration information, including the registrar, registration date, and contact details associated with the domain. 4. What is the purpose of the nslookup command? The nslookup command is used to query DNS (Domain Name System) servers to obtain information about domain names, including IP addresses and DNS records. 5. How do you perform a DNS lookup for a domain using nslookup? You can type nslookup followed by the domain name to perform a DNS lookup. For example, nslookup example.com will display the IP address associated with the domain example.com. 6. How do you use the ping command to check network connectivity? You can use ping followed by an IP address or domain name to send ICMP echo requests. For example, ping 8.8.8.8 will send ICMP echo requests to the Google DNS server. 7. How do you use traceroute to trace the route to a destination? The traceroute command is used to trace the route that packets take to reach a destination by sending packets with increasing TTL (Time To Live) values and recording the IP addresses of the routers along the path. You can use traceroute followed by an IP address or domain name to trace the route to the destination. For example, traceroute google.com will display the path packets take to reach Google's servers. Result The lab experiment on using basic commands for gathering network information in linux was executed successfully 10 Exp No: 2 SETTING PASSWORD POLICIES Date: Aim: i) To develop a webpage with user credentials as input and set security policies for password field using HTML and Javascript ii) To set password policy for Windows User Account using Local Security Policy Algorithm/ Procedure: i) To develop a webpage with user credentials as input and set security policies for password field Step 1: Open Notepad and Save the code with .html extension Step 2: Open the .html code in your web browser Step 3: User opens the webpage in a web browser. Step 4 : The HTML form with input fields for username and password, along with a "Login" button, is displayed Step 5: The HTML form with input fields for username and password, along with a "Login" button, is displayed. Step 6: Form Submission: User enters a username and password in the respective input fields. User clicks the "Login" button. Step 7: The validateForm() function is triggered by the form submission. The entered username and password values are obtained from the HTML input fields. Step 8: A regular expression (passwordRegex) is used to check if the password meets the specified criteria. Password must have a minimum length of 8 characters. Password must contain at least one uppercase letter. Password must contain at least one lowercase letter. Password must contain at least one special character: @$!%*?& Step 9: If the password passes the validation, an alert is shown with a success message. If the password does not meet the criteria, an alert is shown with an error message detailing the requirements. Code <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF - 8"> <meta name="viewport" content="width=device - width, initial - scale=1.0"> <title>Login Page</title> <style> body { font - family: Arial, sans - serif; text - align: center; margin - top: 50px; } </style> </head> <body> <h2>Login</h2> <form id="loginForm" onsubmit="validateForm(); return false;"> <label for="username">Username:</label> 11 <input type="text" id="username" required> <br> <label for="password">Password:</label> <input type="password" id="password" required> <br> <button type="submit">Login</button> </form> <script> function validateForm() { var username = document.getElementById('username').value; var password = document.getElementById('password').value; // Password validation var passwordRegex = /^(?=.*[a - z])(?=.*[A - Z])(?=.* \ d)(?=.*[@$!%*?&])[A - Za - z \ d@$!%*?&]{8,}$/; if (passwordRegex.test(password)) { alert("Login successful! \ nUsername: " + username + " \ nPassword: " + password); } else { alert("Invalid password! Password must have: \ n - Minimum 8 characters \ n - At least one uppercase letter \ n - At least one lowercase letter \ n - At least one special character: @$!%*?&"); } } </script> </body> </html> Output Web Page 12 Login Attempt Failed Login Successful Algorithm/Procedure ii) To set password policy for Windows User Account using Local Security Policy Step 1: In Windows 7, you can start this tool by clicking Start, typing secpol.msc in the Run dialog , and then clicking OK . In Windows 8x and 10, you can type Local Security Policy in the start menu search, and then press the Enter key on your keyboard. A window as shown below will appear 13 Local Security Policy Step 2: Click in the left pane to expand Account Policies, and then click Password Policy. The following window appears Password Policy Page Step 3: To change any of the policies regarding passwords, double - click on the policy in the right pane, and then modify the setting. The available options are as follows: ● Enforce password history , which enforces the number of unique passwords that must be used before an old one can be reused. You can set this to a value between 0 and 24. At the very least, change it to 1 so the user can’t “change” their password to an existing one. ● Maximum password age , which is the number of days before users must change their passwords. You can set a password to expire after 1 – 999 days. If set to 0, passwords never expire. Microsoft recommends that you set this to 70 days, but the important thing to remember is not to set it so high that it provides hackers with an extended period of access to your computer an network, or so low that anyone using the computer has to change it frequently. ● Minimum password age , which is the number of days that the password is used before a user can change it. If set to 0, a user can change it immediately. Otherwise, you can set it to a value less than the maximu password age (unless that value has been set to 0). You should set this to a value of at least 1 day, so that users can only change the password once a day. ● Minimum password length , which sets how short a password can be. It can be set to 1 – 14 characters, or set to 0 if no password is required. You should set this to a value of 8 or higher. ● Password must meet complexity requirements , which can be enabled or disabled to enforce that passwords must not contain the username, any part longer than two characters of the user’s full name, be six or more characters in length, and contain at least three of the following: uppercase letters, lo wercase letters, numbers, and special characters. This should be enabled. ● Store passwords using reversible encryption , which saves a user’s password without encryption (i.e., as plaintext). You should leave this disabled unless otherwise required. These settings only affect the passwords used by user accounts on the computer, and have no effect of passwords on websites or applications 14 Output Windows User Password Change Screen Lab Questions 1. What is a Windows password policy? A Windows password policy is a set of rules and requirements enforced by the Windows operating system to define the complexity, expiration, length, and other attributes of user passwords. 2. How do you set a minimum password length in Windows? You can set the minimum password length by configuring the "Minimum password length" policy under "Password Policy" in either the Local Security Policy or Group Policy Management Console. 3. How can you enforce a password policy in a web application? You can enforce a password policy by implementing validation checks during user registration and password change processes to ensure that passwords meet the specified criteria. 4. What are some best practices for designing an effective password policy in web applications? Best practices include educating users about password security, providing guidance on creating strong passwords, using multi - factor authentication where possible, and regularly reviewing and updating the password policy based on evolving security threats. 5. How to navigate to windows local security policy Press Windows Key + R to open the Run dialog box. Type secpol.msc and press Enter. This will open the Local Security Policy management console. Alternatively, you can access it via the Control Panel: Open the Control Panel. Navigate to "Administrative Tools" or "System and Security" depending on your Windows version. Click on "Local Security Policy" to open the management console. Result The lab experiment on setting password policies for web page and windows user account was executed successfully 15 Exp No: 3 CAPTURING THE NETWORK TRAFFIC USING WIRESHARK Date: Aim: To capture and analyze the network traffic using wireshark About Wireshark Wireshark is a mature, open - source, and cross - platform network protocol analyzer. It is probably the most well - known protocol analyzer, and it supports just about every protocol and runs on nearly any platform. Wireshark, shown in Figure below, is a valuab le tool for capturing and subsequently analyzing traffic to discover, as well as for troubleshooting network issues. It can be used to learn more about the protocols used on a given network. This tool is easy to employ, but it requires experience and pract ice to accurately analyze the results it produces. However, every network admin should have this product in their arsenal. Wireshark Window Procedure Exercise 1 : Capturing Statistical Network Information from Wireshark window You will begin by launching Wireshark and becoming familiar with the interface. 1. Power on your machine. 2. Log on using an account with administrative privileges. 3. Locate the Wireshark shortcut icon on your desktop. Right - click the icon and select Run As Administrator. Wireshark will launch, as shown in Figure below 16 Wireshark Interface 4. Explore your options by reading each heading and subheading. Many configuration options are available. 5. To begin capturing live packets, click on the network device appropriate for your particular network configuration. The device you choose will most likely be either Ethernet or Wi - Fi, depending on how you connect your computer to the Internet as shown below Starting to Capture Packet Traffic The Capture window is divided into three main sections. The top - most section lists the captured packets in sequence, with the capture number and time associated with the packet in the left columns. This section is known as the Packet List pane. 17 The middle section, also known as the Packet Details pane, shows the analysis of the highlighted packet. The bottom section, known as the Packet Bytes pane, provides the packet in its transmitted hexadecimal form Wireshark Capture Window 6 . Examine the interface and see if you can decipher the information on the screen. Select various packets in the top Packet List pane; and in the Packet Details and Packet Bytes panes, examine the information associated with those packets. 7 . Click on Capture button and start browsing in your machine and do a google search on “Wireshark” and Record the defining columns in the top Packet List pane by applying filter between your machine’s IP and Google IP. Record the first 5 HTTP packets S .N Time Source Destination Protocol Length Info 8. By locating the Protocol column, you can get a general idea of what the packet contains.By looking at Figure above , you can determine that the protocols include: ▶ ARP: Address Resolution Protocol ▶ CLDAP: Connection less Lightweight Directory Protocol 18 ▶ DNS: Domain Name System ▶ NBNS: NetBIOS Name Service ▶ SMB: Server Message Block9 9. In the Packet List pane, locate one IP address that is not your own and record it on the following line: Hint: You can locate your own IP Address by entering ipconfig into the command prompt. 10 Ethernet Traffic Distribution by Protocols Fill in the table. For initial data use the Statistics/Protocol Hierarchy Protocol Traffic, МiB Traffic, % 1 IPv6 2 IPv4 3 – UDP 4 – TCP 5 – ICMP 6 ARP 7 802.1X SUM 11. Ethernet Traffic Distribution by Nodes Fill in the table (for the 5 most active network nodes by Bytes). For initial data use the Statistics/Endpoints/Ethernet. S.N MAC Address IP Address Traffic RX Input TX Input Overall 1 2 Display Filters Fill in the table. Write and test in Wireshark 5 simple search filters (Display Filters) using AND, OR, NO to display packets from (to) a specific node generated by ICMP, DNS, ARP requests (responses) when accessing any server of your choice. Node ID: S.N Display Filter Description 19 1 3 Analyze the 5 note/warning/error problems existing on the network. Find and read information about network problems on the Internet. For initial data use the Analyze/Expert Information. S.NO Expert Information Severity Your Short Description Exercise 2: UDP Client Server Communication Establishment using Python and observing the UDP traffic in Wireshark Procedure/Algorithm Algorithm: UDP Client 1. Import the socket module. 2. Define constant variables: 2.1 Set UDP_IP_ADDRESS to "127.0.0.1". 2.2 Set UDP_PORT_NO to 1234. 2.3 Set Message to the encoded version of "Hello, Server". 3. Create a UDP socket: 3.1 Use socket.socket() with AF_INET (IPv4) and SOCK_DGRAM (UDP) to create a UDP socket. 3.2 Assign the socket object to clientSock. 4. Enter an infinite loop (while True): 20 4.1 Prompt the user to enter a message. 4.2 Read the user input and store it in the variable msg. 4.3 Encode the message to bytes using the encode() method. 4.4 Send the encoded message to the server's address (UDP_IP_ADDRESS, UDP_PORT_NO) using sendto(). 4.5 Repeat the loop. Algorithm: UDP Server 1. Import the socket module. 2. Define constant variables: 2.1 Set UDP_IP_ADDRESS to "127.0.0.1". 2.2 Set UDP_PORT_NO to 1234. 3. Create a UDP socket: 3.1 Use socket.socket() with AF_INET (IPv4) and SOCK_DGRAM (UDP) to create a UDP socket. 3.2 Assign the socket object to serverSock. 4. Bind the UDP socket to the specified IP address and port: 4.1 Use the bind() method on serverSock with the tuple (UDP_IP_ADDRESS, UDP_PORT_NO) as the argument. 5. Enter an infinite loop (while True): 5.1 Receive data and the sender's address using the recvfrom() method on serverSock. 5.2 Print the received message by decoding the data. 5.3 Repeat the loop to continue listening for UDP messages. UDP Client import socket UDP_IP_ADDRESS = "127.0.0.1" UDP_PORT_NO = 1234 Message = "Hello, Server".encode() clientSock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) while True: msg = str(input("Enter your message: ")) msg = msg.encode() clientSock.sendto(msg, (UDP_IP_ADDRESS, UDP_PORT_NO)) UDP Server # Again we import the necessary socket python module import socket # Here we define the UDP IP address as well as the port number that we have # already defined in the client python script. UDP_IP_ADDRESS = "127.0.0.1" UDP_PORT_NO = 1234 # declare our serverSocket upon which # we will be listening for UDP messages serverSock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) # One difference is that we will have to bind our declared IP address # and port number to our newly declared serverSock serverSock.bind((UDP_IP_ADDRESS, UDP_PORT_NO))