[Link].

1 IMPLEMENT SYMMETRIC KEY ALGORITHMS

DATA ENCRYPTION STANDARD (DES)

AIM:

To apply Data Encryption Standard (DES) Algorithm for a practical application like
User Message Encryption.

ALGORITHM:
1. Create a DES Key.
2. Create a Cipher instance from Cipher class, specify the following information
and separated by a slash (/).
 Algorithm name
 Mode (optional)
 Padding scheme (optional)
3. Convert String into Byte[] array format.
4. Make Cipher in encrypt mode, and encrypt it with [Link]() method.
5. Make Cipher in decrypt mode, and decrypt it with [Link]() method.

PROGRAM:
import [Link].*;
import [Link];
import [Link];
import [Link];
import [Link];
import [Link];
import [Link];
class DES
{
byte[] skey=new byte[1000];
String skeystring;
static byte[] raw;
String inputmessage,encryptedata,decryptedmessage;
public DES()
{
try
{
generatesymmetrickey();
inputmessage=[Link](null,"Enter message to
encrypt:");
byte[] ibyte =[Link]();
byte[] ebyte=encrypt(raw, ibyte);
String encrypteddata=new String(ebyte);
[Link]("Encrypted message:"+encrypteddata);
[Link](null,"Encrypted Data"+"\
n"+encrypteddata);
byte[] dbyte=decrypt(raw,ebyte);
String decryptedmessage=new String(dbyte);
[Link]("Decrypted message:"+decryptedmessage);
 [Link](null,"Decrypted Data "+"\
n"+decryptedmessage);
}
catch(Exception e)
{
[Link](e);
}
}
void generatesymmetrickey()
{
try
{
Random r = new Random();
int num=[Link](10000);
String knum=[Link](num);
byte[] knumb=[Link]();
skey=getRawKey(knumb);
skeystring=new String(skey);
[Link]("DES
SymmerticKey="+skeystring);
}
catch(Exception e)
{
[Link](e);
}
}

private static byte[] getRawKey(byte[] seed) throws Exception

{
KeyGenerator kgen=[Link]("DES ");
SecureRandom sr =[Link]("SHA1PRNG");
[Link](seed);
[Link](56,sr);
SecretKey skey=[Link]();
raw=[Link]();
return raw;
}

private static byte[] encrypt(byte[] raw,byte[] clear) throws Exception

{
SecretKey seckey = new SecretKeySpec(raw, "DES");
Cipher cipher = [Link]("DES");
[Link](Cipher.ENCRYPT_MODE,seckey);
byte[] encrypted=[Link](clear);
return encrypted;
}

private static byte[] decrypt(byte[] raw,byte[] encrypted) throws Exception

{
SecretKey seckey = new SecretKeySpec(raw, "DES");
 Cipher cipher = [Link]("DES");
[Link](Cipher.DECRYPT_MODE,seckey);
byte[] decrypted = [Link](encrypted);
return decrypted;
}
public static void main(String args[])
{
DES des=new DES();
}

OUTPUT:

RESULT:
Thus the java program for applying Data Encryption Standard (DES) Algorithm for a
practical application of User Message Encryption is written and executed successfully.
[Link]. : 2 AES ALGORITHM
Date :

AIM:
To apply Advanced Encryption Standard (AES) Algorithm for a practical application
like URL Encryption.

ALGORITHM:
1. AES is based on a design principle known as a substitution–permutation.
2. AES does not use a Feistel network like DES, it uses variant of Rijndael.
3. It has a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits.
4. AES operates on a 4 × 4 column- major order array of bytes, termed the state

PROGRAM:
import [Link];
import [Link];
import [Link];
import [Link];
import [Link].Base64;
import [Link];
import [Link];

public class AES

{
private static SecretKeySpec secretKey;
private static byte[] key;
public static void setKey(String myKey)
{ MessageDigest sha = null;
try {
key = [Link]("UTF-8");
sha = [Link]("SHA-1");
key = [Link](key);
key = [Link](key, 16);
secretKey = new SecretKeySpec(key, "AES");
} catch (NoSuchAlgorithmException e) {
[Link]();
} catch (UnsupportedEncodingException e) {
[Link]();
}
}
public static String encrypt(String strToEncrypt, String secret)
{ try {
setKey(secret);
Cipher cipher = [Link]("AES/ECB/PKCS5Padding");
[Link](Cipher.ENCRYPT_MODE, secretKey);
return
[Link]().encodeToString([Link]([Link] ("UTF-8")));
} catch (Exception e) {
[Link]("Error while encrypting: " + [Link]());
}
 return null;
}

public static String decrypt(String strToDecrypt, String secret)

{ try {
setKey(secret);
Cipher cipher = [Link]("AES/ECB/PKCS5PADDING");
[Link](Cipher.DECRYPT_MODE, secretKey);
return new String([Link]([Link]().decode(strToDecrypt)));
} catch (Exception e) {
[Link]("Error while decrypting: " + [Link]());
}
return null;
}

public static void main(String[] args) {

[Link]("Enter the secret key: ");

String secretKey = [Link]().readLine();

[Link]("Enter the original URL: ");

String originalString = [Link]().readLine();

String encryptedString = [Link](originalString, secretKey);

String decryptedString = [Link](encryptedString, secretKey);

[Link]("URL Encryption Using AES Algorithm\n-----------");

[Link]("Original URL : " + originalString);
[Link]("Encrypted URL : " + encryptedString);
[Link]("Decrypted URL : " + decryptedString);
}
}

OUTPUT:
C:\Security Lab New\programs>java AES
Enter the secret key:
annaUniversity
Enter the original URL:
[Link]
URL Encryption Using AES Algorithm
Original URL : [Link]
Encrypted URL : vibpFJW6Cvs5Y+L7t4N6YWWe07+JzS1d3CU2h3mEvEg=
Decrypted URL : [Link]

RESULT:
Thus the java program for applying Advanced Encryption Standard (AES) Algorithm
for a practical application of URL encryption is written and executed successfully.
 [Link]. : 3 ASYMMETRIC KEY ALGORITHM
Date : RSA ALGORITHM

AIM:
To implement a RSA algorithm using HTML and Javascript.

ALGORITHM:
1. Choose two prime number p and q.
2. Compute the value of n and t.
3. Find the value of public key e.
4. Compute the value of private key d.
5. Do the encryption and decryption
a. Encryption is given as,
c = te mod n
b. Decryption is given
as, t = c d mod n

PROGRAM:
[Link]
<html>
<head>
<title>RSA Encryption</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<center>
<h1>RSA Algorithm</h1>
<h2>Implemented Using HTML & Javascript</h2>
<hr>
<table>
<tr>
<td>Enter First Prime Number:</td>
<td><input type="number" value="53" id="p"></td>
</tr>
<tr>
<td>Enter Second Prime Number:</td>
<td><input type="number" value="59" id="q"></p> </td>
</tr>
<tr>
<td>Enter the Message(cipher text):<br>[A=1, B=2,...]</td>
<td><input type="number" value="89" id="msg"></p> </td>
</tr>
<tr>
<td>Public Key:</td>
<td><p id="publickey"></p> </td>
</tr>
<tr>
<td>Exponent:</td>
<td><p id="exponent"></p> </td>
</tr>
 <tr>
<td>Private Key:</td>
<td><p id="privatekey"></p></td>
</tr>
<tr>
<td>Cipher Text:</td>
<td><p id="ciphertext"></p> </td>
</tr>
<tr>
<td><button onclick="RSA();">Apply RSA</button></td>
</tr>
</table> </center>
</body>
<script type="text/javascript">

function RSA()
{
var gcd, p, q, no, n, t, e, i, x;
gcd = function (a, b) { return (!b) ? a : gcd(b, a % b); };
p = [Link]('p' ).value;
q = [Link]('q').value;
no = [Link]('msg').value;
n = p * q;
t = (p - 1) * (q - 1);
for (e = 2; e < t; e++)
{
if (gcd(e, t) == 1)
{
break;
}
}
for (i = 0; i < 10; i++)
{
x=1+i*t
if (x % e == 0)
{
d = x / e;
break;
}
}
ctt = [Link](no,
e).toFixed(0); ct = ctt % n;
dtt = [Link](ct, d).toFixed(0);
dt = dtt % n;
[Link]('publickey').innerHTML = n;
[Link]('exponent').innerHTML = e;
[Link]('privatekey').innerHTML = d;
[Link]('ciphertext').innerHTML = ct;
}
</script>
</html>
OUTPUT:

RESULT:
Thus the RSA algorithm was implemented using HTML and Javascript and executed
successfully.
[Link]. : 4 DIFFIE-HELLMAN KEY EXCHANGE ALGORITHM
Date :

AIM:
To implement a Diffie-Hellman Key Exchange algorithm.

ALGORITHM:
1. Sender and receiver publicly agree to use a modulus p and base g which is a primitive
root modulo p.
2. Sender chooses a secret integer x then sends Bob R1 = gx mod p
3. Receiver chooses a secret integer y, then sends Alice R2 = gy mod p
4. Sender computes k1 = Bx mod p
5. Receiver computes k2 = Ay mod p
6. Sender and Receiver now share a secret key.

PROGRAM:
import [Link].*;
import [Link];
class dh
{
public static void main(String[]args)throws IOException
{
BufferedReader br=new BufferedReader(new InputStreamReader([Link]));
[Link]("Enter prime number:");
BigInteger p=new BigInteger([Link]());

[Link]("Enter primitive root of

"+p+":"); BigInteger g=new
BigInteger([Link]());

[Link]("Enter value for x less than "+p+":");

BigInteger x=new BigInteger([Link]());
BigInteger R1=[Link](x,p);
[Link]("R1="+R1);

[Link]("Enter value for y less than "+p+":");

BigInteger y=new BigInteger([Link]());
BigInteger R2=[Link](y,p);
[Link]("R2="+R2);

BigInteger k1=[Link](x,p);
[Link]("Key calculated at Sender's
side:"+k1); BigInteger k2=[Link](y,p);
[Link]("Key calculated at Receiver's side:"+k2);
[Link]("Diffie-Hellman secret key was calculated.");
}
}
 OUTPUT
C:\Security Lab New\programs>javac [Link]

C:\Security Lab New\programs>java dh

Enter prime number:
11
Enter primitive root of 11:7
Enter value for x less than 11:
3
R1=2
Enter value for y less than 11:6
R2=4
Key calculated at Sender's side:9
Key calculated at Receiver's side:9
Diffie-Hellman secret key was calculated.

RESULT:
Thus the Diffie-Hellman key exchange algorithm was implemented and executed
successfully.
[Link]. : 5 DIGITAL SIGNATURE SCHEME
Date :

AIM:
To implement the signature scheme - Digital Signature Standard.

ALGORITHM:
1. Declare the class and required variables.
2. Create the object for the class in the main program.
3. Access the member functions using the objects.
4. Implement the SIGNATURE SCHEME - Digital Signature Standard.
5. It uses a hash function.
6. The hash code is provided as input to a signature function along with a random
number K generated for the particular signature.
7. The signature function also depends on the sender„s private key.
8. The signature consists of two components.
9. The hash code of the incoming message is generated.
10. The hash code and signature are given as input to a verification function.
PROGRAM:
import [Link].*;
import
[Link]; class
dsaAlg {
final static BigInteger one = new BigInteger("1");
final static BigInteger zero = new
BigInteger("0"); public static BigInteger
getNextPrime(String ans)
{
BigInteger test = new BigInteger(ans);
while ()
e:
{
test = [Link](one);
}
return test;
}
public static BigInteger findQ(BigInteger n)
{
BigInteger start = new BigInteger("2");
while ()
{
while (!(([Link](start)).equals(zero)))
{
start = [Link](one);
}
n = [Link](start);
}
return n;
}
public static BigInteger getGen(BigInteger p, BigInteger q,
Random r)
{
BigInteger h = new BigInteger([Link](), r);
h = [Link](p);
return [Link](([Link](one)).divide(q), p);
}
public static void main (String[] args) throws
[Link]
{
Random randObj = new Random();
BigInteger p = getNextPrime("10600"); /* approximate
prime */
BigInteger q = findQ([Link](one));
BigInteger g = getGen(p,q,randObj);
[Link](" \n simulation of Digital Signature Algorithm \n");
[Link](" \n global public key components are:\n");
[Link]("\np is: " + p);
[Link]("\nq is: " + q);
[Link]("\ng is: " + g);
BigInteger x = new BigInteger([Link](), randObj);
x = [Link](q);
BigInteger y = [Link](x,p);
BigInteger k = new BigInteger([Link](), randObj);
k = [Link](q);
BigInteger r = ([Link](k,p)).mod(q);
BigInteger hashVal = new BigInteger([Link](),
randObj);
BigInteger kInv = [Link](q);
BigInteger s = [Link]([Link]([Link](r)));
s = [Link](q);
[Link]("\nsecret information are:\n");
[Link]("x (private) is:" + x);
[Link]("k (secret) is: " + k);
[Link]("y (public) is: " + y);
[Link]("h (rndhash) is: " + hashVal);
[Link]("\n generating digital signature:\n");
[Link]("r is : " + r);
[Link]("s is : " + s);
BigInteger w = [Link](q);
BigInteger u1 = ([Link](w)).mod(q);
BigInteger u2 = ([Link](w)).mod(q);
BigInteger v = ([Link](u1,p)).multiply([Link](u2,p));
v = ([Link](p)).mod(q);
[Link]("\nverifying digital signature (checkpoints)\n:");
[Link]("w is : " + w);
[Link]("u1 is : " +
u1); [Link]("u2 is : "
+ u2); [Link]("v is : "
+ v);
if ([Link](r))
{
[Link]("\nsuccess: digital signature is verified!\n " + r);
}
else
{
[Link]("\n error: incorrect digital signature\n ");
}
}
}

OUTPUT:

C:\Security Lab New\programs>javac [Link]

C:\Security Lab New\programs>java dsaAlg
simulation of Digital Signature Algorithm
global public key components are:
p is: 10601
q is: 53
g is: 6089
secret information are:
x (private) is:6 k (secret) is: 3
y (public) is: 1356
h (rndhash) is: 12619
generating digital signature:
r is : 2
s is : 41
verifying digital signature (checkpoints):
w is : 22
u1 is : 4
u2 is : 44
v is : 2
success: digital signature is verified! 2

RESULT:
Thus the Digital Signature Standard Signature Scheme has been implemented and
executed successfully.
Ex. No. : 6 INTRUSION DETECTION SYSTEM (IDS)
Date:

AIM:
To demonstrate Intrusion Detection System (IDS) using Snort software tool.

STEPS ON CONFIGURING AND INTRUSION DETECTION:

1. Download Snort from the [Link] website. ([Link]

2. Download Rules([Link] You must register to get the rules.
3. Double click on the .exe to install snort. This will install snort in the “C:\Snort” [Link] is
important to have WinPcap ([Link] installed
4. Extract the Rules file. You will need WinRAR for the .gz file.
5. Copy all files from the “rules” folder of the extracted folder. Now paste the rules into
“C:\Snort\rules” folder.

6. Copy “[Link]” file from the “etc” folder of the extracted folder. You must paste it into
“C:\Snort\etc” folder. Overwrite any existing file. Remember if you modify your
[Link] file and download a new file, you must modify it for Snort to work.
7. Open a command prompt ([Link]) and navigate to folder “C:\Snort\bin” folder. ( at the
Prompt, type cd\snort\bin)
8. To start (execute) snort in sniffer mode use following command:
snort -dev -i 3
-i indicates the interface number. You must pick the correct interface number. In my case, it
is 3.
-dev is used to run snort to capture packets on your network.

To check the interface list, use following command:

snort -W
Finding an interface

You can tell which interface to use by looking at the Index number and finding Microsoft.
As you can see in the above example, the other interfaces are for VMWare. My interface is
3.

9. To run snort in IDS mode, you will need to configure the file “[Link]” according to
your network environment.
10. To specify the network address that you want to protect in [Link] file, look for the
following line.
var HOME_NET [Link]/24 (You will normally see any here)
11. You may also want to set the addresses of DNS_SERVERS, if you have some on your
network.

Example:

example snort
12. Change the RULE_PATH variable to the path of rules folder.
var RULE_PATH c:\snort\rules

path to rules
13. Change the path of all library files with the name and path on your system. and you
must change the path of snort_dynamicpreprocessorvariable. C:\Snort\lib\
snort_dynamiccpreprocessor
You need to do this to all library files in the “C:\Snort\lib” folder. The old path might be:
“/usr/local/lib/…”. you will need to replace that path with your system path. Using C:\
Snort\lib
14. Change the path ofthe “dynamicengine” variable value in the “[Link]” file..
Example:
dynamicengine C:\Snort\lib\snort_dynamicengine\sf_engine.dll

15 Add the paths for “include [Link]” and “include [Link]” files.
include c:\snort\etc\[Link]
include c:\snort\etc\[Link]
16. Remove the comment (#) on the line to allow ICMP rules, if it is commented with a #.
include $RULE_PATH/[Link]
17. You can also remove the comment of ICMP-info rules comment, if it is
commented. include $RULE_PATH/icmp- [Link]
18. To add log files to store alerts generated by snort, search for the “output log” test in
[Link] and add the following line:
output alert_fast: [Link]
19. Comment (add a #) the whitelist $WHITE_LIST_PATH/white_list.rules and
the blacklist

Change the nested_ip inner , \ to nested_ip inner #, \

20. Comment out (#) following lines:
#preprocessor normalize_ip4
#preprocessor normalize_tcp: ips ecn stream
#preprocessor normalize_icmp4
#preprocessor normalize_ip6
#preprocessor normalize_icmp6

21. Save the “[Link]” file.

22. To start snort in IDS mode, run the following command:

snort -c c:\snort\etc\[Link] - l c:\snort\log - i 3

(Note: 3 is used for my interface card)

Ifa log is created, select the appropriate program to open it. You can use WordPard or
NotePad++ to read the file.

To generate Log files in ASCII mode, you can use following command while running snort in
IDS mode:
snort -A console - i3 -c c:\Snort\etc\[Link] -l c:\Snort\log -K ascii

23. Scan the computer that is running snort from another computer by using PING or NMap
(ZenMap).

After scanning or during the scan you can check the [Link] file in the log folder to
insure it is logging properly. You will see IP address folders appear.

Snort monitoring traffic –

RESULT:

Thus the Intrusion Detection System(IDS) has been

demonstrated using the Open Source Intrusion Detection Tool Snort.
Ex. No. : 7 STUDY TO CONFIGURE FIREWALL
Date:

AIM:

Study of the features of firewall in providing network security and to

set Firewall Security in windows.

Objectives

At the end of the session you should be able to

 Know how to setup a firewall on Operating System.

 Know about the Windows Firewall with Advanced Security.
 Know the Connection Security Rules

Working with Windows Firewall in Windows 7

Firewall in Windows 7

Windows 7 comes with two firewalls that work together. One is the
Windows Firewall, and the other is Windows Firewall with
Advanced Security (WFAS). The main difference between them is
the complexity of the rules configuration. Windows Firewall uses
simple rules that directly relate to a program or a service. The rules in
WFAS can be configured based on protocols, ports, addresses and
authentication. By default, both firewalls come with predefined set of
rules that allow us to utilize network resources. This includes things
like browsing the web, receiving e-mails, etc. Other standard firewall
exceptions are File and Printer Sharing, Network Discovery,
Performance Logs and Alerts, Remote Administration, Windows
Remote Management, Remote Assistance, Remote
Desktop, Windows Media Player, Windows Media Player Network
Sharing Service
With firewall in Windows 7 we can configure inbound and outbound
rules. By default, all outbound traffic is allowed, and inbound responses
to that traffic are also allowed. Inbound traffic initiated from external
sources is automatically blocked.

Sometimes we will see a notification about a blocked program which

is trying to access network resources. In that case we will be able to add
an exception to our firewall in order to allow traffic from the program
in the future.

Windows 7 comes with some new features when it comes to firewall.

For example, "full-stealth" feature blocks other computers from
performing operating system fingerprinting. OS fingerprinting is a
malicious technique
used to determine the operating system running on the host machine.
Another feature is "boot-time filtering". This feature ensures that the
firewall is working at the same time when the network interface
becomes active, which was not the case in previous versions of
Windows.

When we first connect to some network, we are prompted to select a

network location. This feature is known as Network Location
Awareness (NLA). This feature enables us to assign a network profile
to the connection based on the location. Different network profiles
contain different collections of firewall rules. In Windows 7, different
network profiles can be configured on different interfaces. For example,
our wired interface can have different profile than our wireless
interface. There are three different network profiles available:
 Public
 Home/Work - private network
 Domain - used within a domain

We choose those locations when we connect to a network. We can

always change the location in the Network and Sharing Center, in
Control Panel. The Domain profile can be automatically assigned by
the NLA service when we log on to an Active Directory domain. Note
that we must have administrative rights in order to configure firewall in
Windows 7.

Configuring Windows Firewall

To open Windows Firewall we can go to Start > Control Panel > Windows
Firewall.

By default, Windows Firewall is enabled for both private (home or

work) and public networks. It is also configured to block all
connections to programs that are not on the list of allowed programs.
To configure exceptions we can go to the menu on the left and select
"Allow a program or feature trough Windows Firewall" option.

Exceptions
To change settings in this window we have to click the "Change
settings" button. As you can see, here we have a list of predefined
programs and features that can be allowed to communicate on private
or public networks. For example, notice that the Core Networking
feature is allowed on both private and public networks, while the File
and Printer Sharing is only allowed on private networks. We can also
see the details of the items in the list by selecting it and then clicking
the Details button.
 Details
If we have a program on our computer that is not in this list, we can
manually add it by clicking on the "Allow another program" button.

Add a Program
Here we have to browse to the executable of our program and then click
the Add button. Notice that we can also choose location types on which
this program will be allowed to communicate by clicking on the
"Network location types" button.
 Network Locations
Many applications will automatically configure proper exceptions in
Windows Firewall when we run them. For example, if we enable
streaming from Media Player, it will automatically configure firewall
settings to allow streaming. The same thing is if we enable Remote
Desktop feature from the system properties window. By enabling
Remote Desktop feature we actually create an exception in Windows
Firewall.

Windows Firewall can be turned off completely. To do that we can

select the "Turn Windows Firewall on or off" option from the menu on
the left.

Firewall Customization

Note that we can modify settings for each type of network location
(private or public). Interesting thing here is that we can block all
incoming connections, including those in the list of allowed programs.

Windows Firewall is actually a Windows service. As you know,

services can be stopped and started. If the Windows Firewall service is
stopped, the Windows Firewall will not work.
 Firewall Service

In our case the service is running. If we stop it, we will get a

warning that we should turn on our Windows Firewall.

Warning

Remember that with Windows Firewall we can only configure basic

firewall settings, and this is enough for most day-to-day users.
However, we can't configure exceptions based on ports in Windows
Firewall any more. For that we have to use Windows Firewall with
Advanced Security.
How to Start & Use the Windows Firewall with Advanced Security

The Windows Firewall with Advanced Security is a tool which gives you
detailed control over the rules that are applied by the Windows
Firewall. You can view all the rules that are used by the Windows Firewall,
change their properties, create new rules or disable existing ones. In this
tutorial we will share how to open the Windows Firewall with Advanced
Security, how to find your way around it and talk about the types of rules
that are available and what kind of traffic they filter.

How to Access the Windows Firewall with Advanced Security

You have several alternatives to opening the Windows Firewall with

Advanced Security:

One is to open the standard Windows Firewall window, by going to

"Control Panel -> System and Security -> Windows Firewall". Then, click or
tap Advanced settings.
In Windows 7, another method is to search for the word firewall in the Start
Menu search box and click the "Windows Firewall with Advanced Security"
result.
In Windows 8.1, Windows Firewall with Advanced Security is not returned
in search results and you need to use the first method shared above for
opening it.

The Windows Firewall with Advanced Security looks and works the same
both in Windows 7 and Windows 8.1. To continue our tutorial, we will use
screenshots that were made in Windows 8.1.

What Are The Inbound & Outbound Rules?

In order to provide the security you need, the Windows Firewall has a
standard set of inbound and outbound rules, which are enabled
depending on the location of the network you are connected to.

Inbound rules are applied to the traffic that is coming from the network
and the Internet to your computer or device. Outbound rules apply to
the traffic from your computer to the network or the Internet.

These rules can be configured so that they are specific to: computers,
users, programs, services, ports or protocols. You can also specify to
which type of network adapter (e.g. wireless, cable, virtual private
network) or user profile it is applied to.

In the Windows Firewall with Advanced Security, you can access all rules
and edit their properties. All you have to do is click or tap the appropriate
unit in the left-side panel.
The rules used by the Windows Firewall can be enabled or disabled.
The ones which are enabled or active are marked with a green check-
box in the Name column. The ones that are disabled are marked with a
gray check-box.

If you want to know more about a specific rule and learn its properties,
right click on it and select Properties or select it and press Properties
in the column on right, which lists the actions that are available for
your selection.

In the Properties window, you will find complete information about the
selected rule, what it does and in when it is applied. You will also be
able to edit its properties and change any of the available parameters.
 What Are The Connection Security Rules?

Connection security rules are used to secure traffic between two

computers while it crosses the network. One example would be a rule
which defines that connections between two specific computers must
be encrypted.

Unlike the inbound or outbound rules, which are applied only to one
computer, connection security rules require that both computers have
the same rules defined and enabled.

If you want to see if there are any such rules on your computer, click or
tap "Connection Security Rules" on the panel on the left. By default,
there are no such rules defined on Windows computers and devices.
They are generally used in business environments and such rules are
set by the network administrator.
 What Does the Windows Firewall with Advanced Security
Monitor?

The Windows Firewall with Advanced Security includes some

monitoring features as well. In the Monitoring section you can find the
following information: the firewall rules that are active (both
inbound and outbound), the connection security rules that are active
and whether there are any active security associations.

You should note that the Monitoring section shows only the active
rules for the current network location.
[Link].8 Client Server communication by using UDP

DATE :

AIM : To implement client server communication by using UDP Datagrams.

Algorithm :

1) A DatagramSocket object is created to carry the packet to the destination and to

receive it .
2) Creates a datagramSocket and binds it to any available port on local machine.
3) Creation of DatagramPacket: In this step, the packet for sending/receiving data
via a datagramSocket is created.
4) Constructor to send data: DatagramPacket(byte buf[], int length, InetAddress
inetaddress, int port)

PROGRAM:

Java program to illustrate Client side

// Implementation using DatagramSocket

import [Link];
import [Link];
import [Link];
import [Link];
import [Link];

public class udpBaseClient_2

{
public static void main(String args[]) throws IOException
{
Scanner sc = new Scanner([Link]);

// Step 1:Create the socket object for

// carrying the data.
DatagramSocket ds = new DatagramSocket();

InetAddress ip = [Link]();
byte buf[] = null;

// loop while user not enters "bye"

while (true)
{
String inp = [Link]();

// convert the String input into the byte array.

buf = [Link]();
 // Step 2 : Create the datagramPacket for sending
// the data.
DatagramPacket DpSend =
new DatagramPacket(buf, [Link], ip, 1234);

// Step 3 : invoke the send call to actually send

// the data.
[Link](DpSend);

// break the loop if user enters "bye"

if ([Link]("bye"))
break;
}
}
}

SERVER SIDE IMPLEMENTATION

Java program to illustrate Server side

// Implementation using DatagramSocket
import [Link];
import [Link];
import [Link];
import [Link];
import [Link];

public class udpBaseServer_2

{
public static void main(String[] args) throws IOException
{
// Step 1 : Create a socket to listen at port 1234
DatagramSocket ds = new DatagramSocket(1234);
byte[] receive = new byte[65535];

DatagramPacket DpReceive = null;

while (true)
{

// Step 2 : create a DatgramPacket to receive the data.

DpReceive = new DatagramPacket(receive, [Link]);

// Step 3 : revieve the data in byte buffer.

[Link](DpReceive);

[Link]("Client:-" + data(receive));

// Exit the server if the client sends "bye"

 if (data(receive).toString().equals("bye"))
{
[Link]("Client sent bye.....EXITING");
break;
}

// Clear the buffer after every message.

receive = new byte[65535];
}
}

// A utility method to convert the byte array

// data into a string representation.
public static StringBuilder data(byte[] a)
{
if (a == null)
return null;
StringBuilder ret = new StringBuilder();
int i = 0;
while (a[i] != 0)
{
[Link]((char) a[i]);
i++;
}
return ret;
}
}

OUTPUT :

Client:- Hello
Client:- I am client.
...Client:- bye
Client sent bye.....EXITING

Server: Hello Client

RESULT:

Thus the client server communication by using UDPDatagram has been implemented
successfully.
[Link].9 NETWORK MONITORING TOOLS

DATE :

Aim :

To study the Network Monitoring tools.

NETWORK MONITORING TOOLS:

Network monitoring tools are software that you can use to evaluate network connections.
These software programs can help you monitor a network connection and identify network
issues, which may include failing network components, slow connection speed, network
outage or unidentifiable connections.

Network management and monitoring tools can also help you resolve these issues or
establish solutions that prevent specific issues from occurring in the future.

There are 8 Networking Monitoring Tools

1. SolarWinds Network Performance Monitor

SolarWinds Network Performance Monitor is a multi-vendor monitoring tool. It allows

users to monitor multiple vendors' networks at the same time. It also provides network
insights for thorough visibility into the health of the networks. Some prominent features
include network availability monitoring, intelligent network mapping, critical path
visualisation, performance analysis and advanced alerting. SolarWinds also allows users to
track VPN tunnel status. It prompts when a VPN tunnel is available to help users ensure a
stable connection between sites. SolarWinds provides a seven-day free trial, after which
users can choose a preferred subscription plan.

[Link]

Auvik is a network monitoring and management tool. It offers a quick implementation

process that helps users to set up the tool easily. It also has a clean user interface that makes
it easy to navigate and use. The tool provides in-depth network visibility that enables faster
troubleshooting for network issues. Users can automate network visibility using Auvik. It
provides real-time updates on network issues and configuration changes.

[Link] Network Monitoring

Datadog Network Monitoring offers services for on-premises devices and cloud networks. A
highlighting feature of this tool is the visualisations. It offers various graphical
representations of all the network connections on a system. It also allows users to track key
metrics like network latency, connection churn and transmission control protocol (TCP)
retransmits. Users can monitor the health of a network connection at different endpoints at
the application, IP address, port or process ID layers. Other prominent features include
automated log collection and user interface monitoring.
4. Paessler PRTG Network Monitor

Paessler's network connection monitoring tool provides a clean user interface and network
visibility on multiple devices. Users can track the health of different connection types like
local area networks (LAN), wide area network (WAN), servers, websites, applications and
services. The tools also integrate with various technologies, which makes it easier to use it
for different types of applications. It provides distribute monitoring, allowing users to track
network connections on devices in different locations. The tool also provides apps for
mobile platforms that can help users to track network health on mobile phones.

5. ManageEngine OpManager

ManageEngine OpManager is a good network monitoring and managing tool for users that
prefer in-depth view of network health and issues. This tool provides over 2000 network
performance monitors that allow users to track and monitor their connections and perform
detailed analyses on issues. It also provides over 200 dashboard widgets that can help users
customise their dashboard to their own suitability. Other features include CPU, memory and
disk utilisation monitoring on local and virtual machines. It also allows setting network
performance threshold and notifies the user in case of a violation.

6. Domotz

Domotz is an expansive tool that provides a list of features for monitoring network
connections. It allows users to customise their network monitoring preferences. Users can
write scripts the retrieve the data they wish to evaluate. It also allows connection to open
ports on remote devices while ensuring network security. Users can also scan and monitor
network connections globally. Domotz also allows to backup and restore network
configuration for switches, firewalls and access points and alerts when there is a change in
the configuration.

7. Checkmk

Checkmk is a tool that allows users to automate it completely. You can customise its
operations and enable it to perform tasks automatically. It also identifies network and
security components without the user requiring manual set up. For example, the tool can
identify a firewall even if the user has not set it up. Its Agent Bakery feature enables users to
manage agents and automate agent updating. This reduces manual effort to monitor network
connections. The tool also includes over 2000 plug-ins for enhancing network monitoring.

8. Progress Whatsup Gold

Progress Whatsup Gold is a basic network monitoring software. It provides a minimal user
interface with essential features like device monitoring, application monitoring, analysing
network traffic and managing configurations. The tool allows users to monitor cloud
devices, inspect suspicious connections, automate configuration backups and identify, and
resolve bandwidth issues.

RESULT : Thus the Network monitoring tools has been explored successfully.
[Link].10 MITM ATTACK BY USING ARP POISONING

Date :

INTRODUCTION:

Man In The Middle Attack implies an active attack where the

attacker/Hacker creates a connection between the victims and sends
messages between them or may capture all the data packets from the
victims. In this case, the victims think that they are communicating with each
other, but in reality, the malicious attacker/hacker controls the
communication i.e. a third person exists to control and monitor the traffic of
communication between the two parties i.e. Client and Server.

Types of Man in the Middle Attack:

1. ARPSpoofing:

ARP Stands for Address Resolution Protocol. This protocol is used for
resolving IP addresses to machine MAC addresses. All the devices
which want to communicate in the network, broadcast ARP-queries in
the system to find out the MAC addresses of other machines. ARP
Spoofing is also known as ARP Poisoning. In this, ARP poisoning, ARP
packets are forced to send data to the attacker’s machine. ARP Spoofing
constructs a huge number of forced ARP requests and replies packets to
overload the switch. The intention of the attacker all the network packets
and switch set in forwarding mode.

2. DNSSpoofing :
Similar to ARP, DNS resolves domain names to IP addresses. DNS
spoofing is very dangerous because in this case a hacker will be able to
hijack and spoof any DNS request made by the user and can serve the
user fake web pages, fake websites, fake login pages, fake updates, and
so on.

Man in the Middle Attack Tehniques:

Here, we will discuss the Man In The middle attack techniques as follows.
 Packet Sniffing
 Session Hijacking
 SSL stripping
 Packet Injection
Step-3
By doing this a hacker spoof’s the router by pretending to be the victim, and similarly, he
spoofs the victim by pretending to be the router.

How to do an ARP Spoof Attack

We can do an ARP Spoof attack using the built-in tool called ARPSPOOF in Kali Linux,
or we can also create an ARP Spoof attack using a python program.
Executionsteps: :
Here, we will discuss the execution steps as follows.
Step-1:
We can run the built-in “ARPSPOOF’” tool in Kali Linux. In case the ARPSPOOF tool is
not present, install the tool by running the following command as follows.

apt install dsniff

Step-2:
To run this attack we need two things Victim machine’s IP address & the IP of Gateway.
In this example, we are using a Windows Machine as our victim and Kali Machine to run
the attack. To know the victim machines IP address and gateway IP by running the
following command in both the Windows machine and Linux Machine as follows.

arp –a

OUTPUT:

RESULT :

Thus the MITM ATTACK by using ARP Poisoning has been implemented.