Network Security LAB - Siddaganga Polytechnic [PDF]

Network Security LAB SIXTH SEMESTER CSE –LAB MANUAL - B.N. Nagaraja HOD-CSE

SIDDAGANGA POLYTECHNIC Department of Computer Science & Engineering 2013-2014

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

2

1. Learn to install Wine/Virtual Box/Cygwin or any other equivalent Software on the host Operating System. Cygwin is a LINUX-like environment and command-line interface for Microsoft Windows for Windows. It provides many of the standard GNU -General Public License tools and applications that one would find on a LINUX computer, as well as an environment that allows them to run within the Windows operating system. Many LINUX programs can be recompiled using Cygwin, so that they can be run under Windows. Cygwin permits installing inetd, syslogd, sshd, Apache, and other standard Windows services, allowing Microsoft Windows systems to emulate Unix and Linux servers. Cygwin creates a virtual Linux environment on windows Host Operating environment, without installing Linux O.S.

INSTALLING CYGWIN PREREQUISITES: 1. Make sure that you are using a version of Windows supported by Cygwin, and that you have sufficient disk space and time available for the installation, as indicated above. 2. If your Windows login name contains a space character, consider changing it or creating a separate login for use with Cygwin. The Cygwin installer names your home directory according to your Windows login name. It is usually possible to work around problems caused by directory or file names that contain spaces 3. Some virus scanners may interfere with Cygwin installation. If you encounter problems, consider disabling your virus scanner during Cygwin installation and re-enabling it afterwards.

CYGWIN INSTALLATION STEPS: 1. Go to www.cygwin.com 2. Click on setup.exe, a dialog box appears showing the options to Run (to directly install cygwin without saving the file), Save(to save the setup file), Cancel(to cancel the installation). 3. Click on save button, it will ask for path where to save the setup.exe file 4. Select the desired path and Click on the save button. 5. The downloading starts and wait until the setup file download completes. 6. Click on the "Install Cygwin now" icon ( ). Save the link (setup.exe) to your desktop, then double-click on the saved icon to begin installation. 7.

A window titled Cygwin Net Release Setup Program appears. Click Next to get started.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

3

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

4

8. Choose A Download Source: Accept the default ("Install from Internet") and click Next. 9. Select Root Install Directory: Accept the defaults ("C:/cygwin", All Users, Unix) and click Next. 10. Select Local Package Directory: Accept the default or change it to any temporary directory of your choice, but make a note of it. 11. Select Your Internet Connection: The default should be correct for most users. Change it only if you encounter problems. 12. Choose A Download Site: Select a nearby Cygwin mirror site from which to download the Cygwin packages. Speeds may vary considerably from site to site. 13. Select Packages: If you wish to do a full installation, click on the rotating selector next to "All" (at the top of the Category list) so that the indicator to its right changes from "Default" to "Install". Click Next and skip ahead to step 14. 14. If you wish to do a custom installation, click the View button so that the indicator to its right changes from "Category" to "Full". 15. Once all selected package files have been downloaded and checked, they are unpacked into the Cygwin root install directory. Create Icons: Unless these icons already exist from a previous Cygwin installation, make sure the boxes are checked and click Finish.

USING CYGWIN As noted, Cygwin provides a Unix-like environment under Windows. The installation directory (by default, c:\cygwin) is the root of the Unix-like file system, which contains bin, etc, home, tmp, and usr directories as would be found on a GNU/Linux or other Unix system. Within home will be one or more subdirectories, each allocated to a Windows user. To begin, click on the Cygwin desktop icon, or choose the Cygwin entry from your start menu, to open a Cygwin terminal window. Within this window, the GNU bash shell is running, with POSIX syntax (directory separators are '/', not '\'). Initially, the current (working) directory is /home/user, where user is your Windows login name. Don't use this directory if your Windows login name contains a space; make another and use that one instead, e.g., by typing these commands at the bash prompt: mkdir /home/bob echo "export HOME=/home/bob" >>.bashrc echo "export HOME=/home/bob" >>.bash_profile cp .bashrc .bash_profile /home/bob echo "cd" >>.bashrc

Close your Cygwin terminal window and open another one; your current directory should now be /home/bob (or whatever you chose to call it).

------*-----SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

5

C:> telnet 192.168.1.88 80

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

6

2. Perform an experiment to grab a banner with telnet and perform the task using Netcat.

BANNER GRABBING In the context of Computer Networking, Banner Grabbing is a technique to determine which application or service is running on the specified port by attempting to make a connection to this host. Banner Grabbing is an enumeration technique used to get information about computer systems on a network and the services running its open ports. Administrators can use this to take inventory of the systems and services on their network. An intruder however can use banner grabbing in order to find network hosts that are running versions of applications and operating systems with known exploits. Banner Grabbing can be performed in two ways. 1. ONLINE (Thru Internet connection by connecting to remote websites) 2. OFFLINE (Thru Local LAN or with Virtual Box Guest OS) Some examples of service ports used for banner grabbing are those used by Hyper Text Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP); ports 80, 21, and 25 respectively. Tools commonly used to perform banner grabbing are Telnet- which is included with most operating systems and Netcat. Introduction to telnet For banner grabbing, we will be using the Telnet client. The telnet client is more of a legacy piece of command line software that is still installed on most Operating Systems by default. The basic telnet syntax is: telnet [target ip] [port] Working with telnet: 1. First Enable the TELNET service on your computer by typing the command given; Type the command SERVICES.MSC in run command menu, Click on Telnet service and enable the service, select it automatic and Click Start. 2. Open Command prompt and type the following ; telnet www.rediff.com 80 (http port) and press enter key twice. 3. After suceesful connection type following request and press enter twice: Get head /1.0 4. Now you can see the rediff website web server’s information. 5. You can also try it on your local machine connecting to your Guest OS like telnet Guest IP address(example: 192.168.56.101 80) and press enter twice.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

7

C:/ns> nc www.targethost.com 80 HEAD / HTTP/1.0 HTTP/1.1 200 OK Date: Mon, 11 May 2009 22:10:40 EST Server: Apache/2.0.46 (Unix) (Red Hat/Linux) Last-Modified: Thu, 16 Apr 2009 11:20:14 PST ETag: "1986-69b-123a4bc6" Accept-Ranges: bytes Content-Length: 1110 Connection: close Content-Type: text/html

C:/ns> nc –vv –n 192.168.56.101 80 and press enter twice to see the result. -vv=verbose mode , -n=numerical IP address only.  Opening a raw connection to port 25 (like telnet) nc mail.server.net 25  Checking if UDP ports (-u) 80-90 are open on 192.168.0.1 using zero mode I/O (-z) nc -vzu 192.168.0.1 80-90 Note that UDP tests will always show as “open”. The -uz argument is useless.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

8

Introduction to Netcat Netcat is a computer networking service for reading from and writing network connections using TCP or UDP. Netcat is designed to be a dependable “back-end” device that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of correlation you would need and has a number of built-in capabilities. Netcat is often referred to as a "Swiss-army knife for TCP/IP." Its list of features includes port scanning, transferring files, and port listening, and it can be used as a backdoor. Netcat is one of the most commonly used anti-hacking tool. It provides a basic TCP/UDP networking subsystem that allows users to interact manually or via script with network applications and services on the application layer. It lets us see raw TCP and UDP data before it gets wrapped in the next highest layer such as File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), or Hypertext Transfer Protocol (HTTP).

Features of Netcat: Some of netcat's major features are:       

Outbound or inbound connections, TCP or UDP, to or from any ports Full DNS forward/reverse checking, with appropriate warnings Ability to use any local source port Ability to use any locally-configured network source address Built-in port-scanning capabilities, with randomization Built-in loose source-routing capability Can read command line arguments from standard input

Working with Netcat: 1. 2. 3. 4. 5. 6.

Go to web site http://www.downloadnetcat.com/ Click on Download Netcat Windows Version Click on Save to store nc11nt zipped File on your system. Extract the files from nc11nt file on your system. Goto Command prompt and get onto nc11nt directory. Type the nc commands and execute them to run find the banner information.

[Note: Before using netcat command, please install the IIS-Internet Information Server from Add/Remove components on your Guest OS]

~~~~***~~~~

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

9

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

10

3. Perform an experiment for Port Scanning with nmap, superscan or any other equivalent software

Port scanning: Port scanning or scanning is when intruders collect information on the network services on a target network. Here, the intruder attempts to find open ports on the target system. The different scanning methods that network attackers use are: 1. Vanilla scan/SYNC scan: TCP SYN packets are sent to each address port in an attempt to connect to all ports. Port numbers 0 – 65,535 are utilized. 2. Strobe scan: Here, the attacker attempts to connect to a specific range of ports that are typically open on Windows based hosts or UNIX/Linux based hosts. 3. Sweep: A large set of IP addresses are scanned in an attempt to detect a system that has one open port. 4. Passive scan: Here, all network traffic entering or leaving the network is captured and traffic is then analyzed to determine what the open ports are on the hosts within the network. 5. User Datagram Protocol (UDP) scan: Empty UDP packets are sent to the different ports of a set of addresses to determine how the operating responds. Closed UDP ports respond with the Port Unreachable message when any empty UDP packets are received. Other operating systems respond with the Internet Control Message Protocol (ICMP) error packet. 6. FTP bounce: To hide the attacker’s location, the scan is initiated from an intermediary File Transfer Protocol (FTP) server. 7. FIN scan: TCP FIN packets that specify that the sender wants to close a TCP session are sent to each port for a range of IP addresses.

Zenmap/Nmap: Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. Nmap is executable in classic command-line and an advanced GUI results viewer Nmap can recognise five port states such as: Closed, Filtered, Unfiltered, Open-filtered and Closed-Filtered.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

11

1. Open the terminal and Enter the following command Nmap -sS 192.168.1.88

2. Scanning range of ip address Nmap -sS 192.168.1.50-90

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

12

Working with Nmap/Zenmap: 1. Download the Nmap software from the website www.Nmapdownload.org by accepting the license agreement. 2. After downloading Nmap setup must be done. 3. By agreeing the license agreement, by selecting components and choose the location where the Nmap software to be installed. 4. Select Create Desktop icon & Start Menu Folder option. 5. Installation of Nmap Completes. 6. After the installation,click on Nmap icon on desktop. 7. On the Zenmap Window in target option enter the targeted website URL. 8. On the profile bar select Intense Scan option. 9. After scanning, it will list the number of ports, types of ports, Protocol used, Service offered by the ports, Status of port, version of Software using by port etc., 10. Go to file menu select save option to save these information in some files.

>>

Department of Computer Science & Engg.

13

Open the terminal and enter the following commands on Command Prompt: 1. Find Open ports on a system nmap -v 192.168.1.82 2. Find machines which are active in network. nmap -sP 192.168.1.1-90 3. Service and version detection by Nmap nmap -sV 192.168.1.88 4. Find the version of software’s installed on other system nmap –A –T4 192.168.1.88

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

14

4. Using nmap

1) Find Open ports on a system 2) Find machines which are active 3) Find the version of remote OS on other systems 4) Find the version of s/w installed on other system (using nmap or any othe software)

Nmap Features: 

 













Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), OS detection, version detection, ping sweeps, and more. See the documentation page. Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines. Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more. Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source. Free: The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license. Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book! Find them in multiple languages here. Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the lowtraffic nmap-hackers announcement list. You can also find Nmap on Facebook and Twitter. Acclaimed: Nmap has won numerous awards, including "Information Security Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles. Popular: Thousands of people download Nmap every day, and it is included with many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (out of 30,000) programs at the Net repository.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

15

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

16

Working with Nmap/Zenmap: 1. Download the Nmap software from the website www.Nmapdownload.org by accepting the license agreement. 2. After downloading Nmap setup must be done. 3. By agreeing the license agreement by selecting components and choose the location where the Nmap software to be installed. 4. Select Create Desktop icon & Start Menu Folder option. 5. Click on Finish to complete installation of Nmap. 6. After the installation click on Nmap icon on desktop. 7. On the Zenmap Window in target option enter the targeted website URL. 8. On the profile bar select Intense scan. 9. After scanning it lists  The number of ports which are opened or closed on target Machine  The target system is up or down.  The Operating System using and its version  Different Software running on systems 10. Go to file menu select save option to save these information in some files. ****

SIDDAGANGA POLYTECHNIC, Tumkur-3

*********

Department of Computer Science & Engg.

17

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

18

5. Perform an experiment on Active and Passive finger printing using XProbe2 or nmap Fingerprinting: This is basically the initial step in hacking a corporate network. Here the intruder attempts to gain as much information on the targeted network by using sources that the public can access. The aim of fingerprinting is to create a map of the network to determine what operating systems, applications and address ranges are being utilized and to identify any accessible open ports. Fingerprinting is a process in scanning phase in which an attacker tries to identify Operating System(OS) of target system. Fingerprinting can be classified into two types: • Active Stack Fingerprinting • Passive Stack Fingerprinting Active Stack Fingerprinting: It involves sending data to the target system and then see how it responds. Based on the fact that each system will respond differently, the response is compared with database the Os is identified. It is commonly used method though there are high chances of getting detected. Passive Stack Fingerprinting: It involves examining traffic on network to determine the operating system. There is no guarantee that the fingerprint will be accurate but usually they are accurate. It generally means sniffing traffic rather than making actual contact and thus this method is stealthier and usually goes undetected. The methods used to fingerprint a network are:  Access information publicly available on the company website to gain any useful info.  Try to find any anonymous File Transfer Protocol (FTP) sites and intranet sites that are not secured.  Gather information on the company’s domain name and the IP address block used.  Test for hosts in the network’s IP address block. Tools such as Ping is typically used.  Using tools such as Nslookup, the intruder attempts to perform Domain Name System (DNS) zone transfers.  A tool such as Nmap is used to find out the operating systems are that are being used.  Tools such as Tracert are used to find routers and to collect subnet information.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

19

Using Nmap on Command Prompt: Nmap is a port scanning tool that can be used for active stack OS fingerprinting. Syntax: nmap -O IP_address Example: nmap –O 192.168.1.88

Using Linux Command Prompt: Port scanning for passive stack OS fingerprinting using Linux. In Linux you will need to install it first. #p0f -i eth0 -vt where “i” means interface “eth0” is our communicating card “v” means show results in verbose mode and “t” means add timestamps to output.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

20

Working with Nmap/Zenmap: 1. Download the Nmap software from the website www.Nmapdownload.org by 2. 3. 4.

5. 6. 7.

8.

accepting the license agreement and Install the Tool. On the Zenmap Window in target option enter the targeted website URL. On the profile bar select Intense scan(Passive Scan). After Intense Scan, it lists  The number of ports which are opened or closed on target Machine  The target system is up or down.  The Operating System using and its version  Different Software running on systems Go to file menu select save option to save these information in some files. For Active scan, on Profile bar select Ping scan. After Ping Scan, it lists  The IP Address of target, Domain name of Server, the number of ports which are opened or closed on target Machine  The target system is up or down. Go to file menu select save option to save these information in some files.

.

~~~((((((

SIDDAGANGA POLYTECHNIC, Tumkur-3

))))))~~~

Department of Computer Science & Engg.

21

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

22

6. Performa an experiment to demonstrate how to sniff for router traffic by using the tool Cain and Abel / Wireshark / tcpdump

Sniffer attack: Sniffing refers to the process of capturing and analyzing network traffic. The packets’ contents on a network are analyzed. The tools that attackers use for sniffing are called sniffers or more correctly, protocol analyzers. While protocol analyzers are really network troubleshooting tools, hackers also use them for malicious purposes. A sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet. Even encapsulated (tunneled) packets can be broken open and read unless they are encrypted and the attacker does not have access to the key. Sniffers monitor, capture, and obtain network information such as passwords and valuable customer information. When an individual has physical access to a network, he/she can easily attach a protocol analyzer to the network and then capture traffic. Remote sniffing can also be performed and network attackers typically use them. Using a sniffer, an attacker can do any of the following: 

Analyze your network and gain information to eventually cause your network to crash or to become corrupted.



Read your communications.

There are a number of common sniffers that network security administrators and malicious hackers use: Dsniff, Ethereal, Etherpeek, Network Associates’s Sniffer, Ngrep, Sniffit, Snort, Tcpdump, Windump. To protect against sniffers, implement Internet Protocol Security (IPSec) to encrypt network traffic so that any captured information cannot be interpreted.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

23

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

24

Working with Wireshark: 1. 2. 3. 4. 5. 6.

Go to web site http://www.wireshark.org/download.html Click on Windows Installer (32 bit) for download. Click on Save to store winshark-win32-1.6.5.exe File on your system. Double click on WireShark executable file icon. Choose the folder in which to install and click next to install. In capture tab down to “Interface List” Option Double Click on the NIC Type detected by wireshork: Such as Intel®82578DC Gigabit Network Connection. 7. Wireshark windows show the complete traffic capturing on wire. It includes the source & Destination IP addresses & Ports, Protocol used, Length of data and raw data in Hexadecimal, Octal & Binary format. 8. On Filter Option, type the type of packets to be filtered such as FTP, HTTP, ARP, UDP. 9. Click on capture menu then stop to stop capturing traffic. 10. Data can decoded and analyzed by selecting essential options in Analyze menu. 11. Sniffed traffic details, Packet Data can be saved into a file.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

25

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

26

7. Perform an experiment to demonstrate the use of DumpSec. DumpSec is a graphical tool which allows you to dump the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable listbox format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information. DumpSec, presently available as freeware from SomarSoft and downloadable at http://www.systemtools.com/somarsoft/, is a security auditing program for Windows systems. You click on the Report tab, Select Computer (enter IP number) and select what items you want in the report. You will receive the output. It allows users to remotely connect to any computer and dump permissions, audit settings, and ownership for the Windows NT/2000 file system into a format that is easily converted to Microsoft Excel for editing. Hackers can choose to dump either NTFS or share permissions. It can also dump permissions for printers and the registry. The user can also get password information such as 'Password Last Set Time' and 'Password Expires Time'. To summarize, Dumpsec can pull a list of users, groups, and the NT system's policies and user rights.

Working with DumpSec: 1) 2) 3) 4) 5) 6) 7) 8) 9)

Go to the web site http://www.systemtools.com/nload/dumpacl.zip Click on download option and double click on dumpsec file to download. Extract files from Downloaded Compressed (zipped) folder. Double click on SystemTools.exe file for installation. Accept License agreement and Click on “Next” button. Specify the destination folder to install DumpSec and click on “Next”. The “Installation Wizard” will appear, click on “Next” to install DumpSec. Click on “Finish” button to complete installation process. Click on DumpSec icon and on Menu bar click on “Report” menu and select different “Dump” permissions supported. 10) The dumped report can be saved by using Save menu. --------@@@--------

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

27

8. Perform an wireless audit of an access point / router and decrypt WEP and WPA. (Using NetStumbler or airsniff) Wireless LAN Auditing A corporate network administrator needs assure that the wired LAN is not being exposed to unauthorized users. This can often happen when users set up their own wireless LANs for convenience. Such wireless LANs often have little or no security, which poses a risk to the entire LAN. The network administrator can use NetStumbler to detect the presence of these "rogue" wireless LANs. If your LAN uses DHCP, make sure that DHCP is enabled on your wireless LAN card. You will then be able to tell if networks that you find are connected to your network. Wireless LAN Coverage Verification The owner of a wireless LAN can use NetStumbler to verify that an area is well covered by a good quality signal. NetStumbler can also be used to see how far the coverage area extends beyond its intended boundary.Configure the wireless LAN card with the SSID and other settings of the LAN being verified. Site Survey When installing or troubleshooting a wireless LAN, it is important to pick locations and channels in such a way that interference is minimized. A site survey typically includes finding out what existing items (microwave ovens, cordless phones, radio hams) are using the radio frequencies as the wireless LAN. A survey should done before installation of a new wireless LAN, and then subsequent surveys should be performed after installation. A full site survey requires special hardware such as an RF spectrum analyzer, but NetStumbler can also be used as part of a site survey. Use a wireless card that reports noise levels. High noise levels are one of the indicators of interference. Wardriving Wardriving is the sport of detecting and/or locating wireless LANs. NetStumbler is a very popular tool for wardriving, because of its ease of use and GPS integration. Encryption: The word "WEP" will appear on an encrypted network, regardless of whether it is really using WEP.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

28

NetStumbler is "beggarware". This means that you do not have to pay for a license to use it. NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g (IEEE standards). Netstumbler: NetStumbler (Network Stumbler) is one of the Wi-Fi hacking tool which only compatible with windows, this tool also a freeware. With this program, we can search for wireless network which open and infiltrate the network. Its having some compatibility and network adapter issues. NetStumbler will start in a record mode and will automatically configure our wireless card, soit's as simple as launching the tool while our wireless card is enabled.Some APs have lock symbols in the green bubble indicate that the AP has encryption enabled.

NetStumbler uses:      

Verify that your network is set up the way you intended. Find locations with poor coverage in your WLAN. Detect other networks that might be causing interference with your network. Detect unauthorized "rogue" access points in your workplace. Help aim directional antennas for long-haul WLAN links. Use it recreationally for WarDriving.

Working with Net stumbler: 1. Plug in the Wireless Adapter (USB) to the PC system. 2. Install the driver software supplied with the Adapter.

Or use Laptop which as Wireless NIC with it. 3. Go to the web site http://network-stumbler.software.informer.com 4. Click on download option and support path to save the file. 5. Double click on Network Stumbler icon to run setup. 6. Accept License agreement and Click on “I Agree” button. 7. Specify the destination folder to install NetStumbler and click on “Next”. 8. Click on “Close” button to complete installation process. 9. Double Click on Network Stumbler icon on desktop to run the tool. 10. On the Menu bar click on Auto reconfigure button and then scanning button to display the details of wireless point/Wi-Fi router available around your system. 11. Click on Channel and then click on the wireless point number to get the graphical view of the signal strength, noise, vendor etc,. 12. Switch on Auto Reconfigure, to ensure that as many wireless LANs as possible are found. 13. These details can be saved into a file by clicking on save option on menu bar.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

29

The Net Stumbler provides following details of WLAN (wireless LAN): MAC : The Media Access Control or MAC address is a unique code assigned to networking hardware, in this case the MAC address is referring to the address assigned to the Wireless AP (WAP). So beside the green bubble we see the 12 character MAC address for that AP. BSSID: The text contains the BSSID (Basic Service Set Identifier) for wireless devices. The icon shows the signal strength as reported in the last scan: Gray means the item was not detected, or a colored icon ranging from red to green reports the signal strength. A lock appears in the icon if encryption is enabled on the network. For devices on a wired network segment, the icon shows a T-shaped network cable and the MAC address is displayed. SSID (Service Set Identifier) : The reported SSID. This may be blank for access points that report their existence but not their SSID. For wired network items, the SSID is assumed to be the SSID that was associated when the item was discovered. Name : The device's name. This is reported rarely and only if "Query APs for names" is configured. Chan : All the channels that the device has been seen on. The most recent one is listed first. Before the channel number may be a star (*), which means you are associated with the device, or a plus (+) which means that you were associated with it at some point. Speed: The maximum reported bandwidth for the device (this is not the actual bandwidth). If you are using an 802.11b device, it may misreport the bandwidth of 802.11g networks as 11Mbps. Some devices are capable of 108Mbps but only report 54Mbps. Vendor: The vendor assigned to the MAC, which may not be the actual equipment manufacturer. Type :"AP" for a BSS, "Peer" for an IBSS. Encryption: The word "WEP" will appear on an encrypted network, regardless of whether it is really using WEP. SNR: The current Signal to Noise ratio, either in dB or arbitrary RSSI units. Signal+ : The highest seen Signal value. Noise-: The lowest seen Noise value. SNR+ The highest seen SNR value. IP, Subnet : The IP configuration of the object, if available. SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

30

Latitude, Longitude, Distance: If you are using a GPS receiver, this indicates the estimated position of the object. This position is currently the location where the strongest signal was seen, which is never the actual location. Distance is measured from your current position to the object's estimated position.

Graph View The data that appears in the graph view is somewhat dependent on your hardware and device driver.  The green bars indicate signal strength. The higher the bar, the better the signal.  The red bars, if available, indicate noise level. The higher the bar, the higher the noise.  The gap between the green and red bars is equivalent to signal to noise ratio.  A purple bar indicates loss of signal, possibly temporary. To avoid using the networks that you observe, go to the Network Control Panel and unbind TCP/IP from your wireless LAN card. The graph view will automatically scroll to keep up with new data if you are viewing the rightmost part of it.

decibel : dBm is a decibel unit that measures power. 0 dBm is equivalent to 1 milliwatt. 30 dBm is equivalent to 1 watt. A decibel is a logarithmic measure of something compared with a defined reference point. An increase of 10 dB corresponds to the value being multiplied by 10. A decrease of 10 dB corresponds to the value is divided by 10. Access Points (APs) that do have encryption enabled. One of the flaws with the latest version of NetStumbler is that all enabled encryption is displayed as WEP.

Decrypt 802.11 Wireshark can decrypt WEP and WPA/WPA2 in pre-shared (or personal) mode. WPA/WPA2 enterprise mode decryption is not yet supported. You can add decryption keys using Wireshark's 802.11 preferences or by using the wireless toolbar. Up to 64 keys are supported.

Adding Keys: 802.11 Preferences Go to Edit->Preferences->IEEE 802.11. You should see a window that looks like this: Note that the key examples mention WPA, and that each key item is labeled "Key". If your preferences window doesn't mention WPA, like this SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

31

then your version of Wireshark only supports WEP decryption. This might be the case with older versions of Wireshark, particularly the 64-bit Windows version. In all versions WEP keys can be specified as a string of hexadecimal numbers, with or without colons: a1:b2:c3:d4:e5 0102030405060708090a0b0c0d

In versions that support WPA decryption you should use a prefix to tell Wireshark what kind of key you're using: wep The key is parsed as a WEP key. wep:a1:b2:c3:d4:e5

wpa-pwd The password and SSID are used to create a raw pre-shared key. wpa-pwd:MyPassword:MySSID

wpa-psk The key is parsed as a raw pre-shared key. wpa-psk:0102030405060708091011...6061626364

Adding Keys: Wireless Toolbar If you are using the Windows version of Wireshark and you have an AirPcap adapter you can add decryption keys using the wireless toolbar. If the toolbar isn't visible, you can show it by selecting View->Wireless Toolbar. Click on the Decryption Keys... button on the toolbar: This will open the decryption key managment window. As shown in the window you can select between three decryption modes: None, Wireshark, and Driver: _-_-_-_-_-_-_-_

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

32

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

33

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

34

1.

Perform an experiment to sniff traffic using ARP poisoning

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

35

ARP (address resolution protocol) operates by broadcasting a message across a network, to determine the Layer 2 address (MAC address) of a host with a predefined Layer 3 address (IP address). The host at the destination IP address sends a reply packet containing its MAC address. Once the initial ARP transaction is complete, the originating device then caches the ARP response, which is used within the Layer 2 header of packets that are sent to a specified IP address.

ARP Spoofing attack is the egression of unsolicited ARP messages. These ARP messages contain the IP address of a network resource, such as the default gateway, or a DNS server, and replaces the MAC address for the corresponding network resource with its own MAC address. Network devices, by design, overwrite any existing ARP information in conjunction with the IP address, with the new, counterfeit ARP information. The attacker then takes the role of man in the middle; any traffic destined for the legitimate resource is sent through the attacking system. As this attack occurs on the lower levels of the OSI model, the end-user is oblivious to the attack occurrence.

ARP Poisoning is also capable of executing Denial of Service (DoS) attacks. The attacking system, instead of posing as a gateway and performing a man in the middle attack, can instead simply drop the packets, causing the clients to be denied service to the attacked network resource. The spoofing of ARP messages is the tributary principal of ARP Poisoning.

Address Resolution Protocol (ARP) poisoning is a type of attack where the Media Access Control (MAC) address is changed by the attacker. Also, called an ARP spoofing attacks, it is effective against both wired and wireless local networks. Some of the things an attacker could perform from ARP poisoning attacks include stealing data from the compromised computers and prevent legitimate access to services, such as Internet service. Thus MAN in MIDDLE watch the traffic between Source and Target machines. MAC address is a unique identifier for network nodes, such as computers, printers, and other devices on a LAN. MAC addresses are associated to network adapter that connects devices to networks. The MAC address is critical to locating networked hardware devices because it ensures that data packets go to the correct place. ARP tables, or cache, are used to correlate network devices’ IP addresses to their MAC addresses.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

36

When a device to be able to communicate with another device with a known IP Address but an unknown MAC address the sender sends out an ARP packet to all computers on the network. The ARP packet requests the MAC address from the intended recipient with the known IP address. When the sender receives the correct MAC address then is able to send data to the correct location and the IP address and corresponding MAC address are store in the ARP table for later use. ARP poisoning is when an attacker is able to compromise the ARP table and changes the MAC address so that the IP address points to another machine. If the attacker makes the compromised device’s IP address point to his own MAC address then he would be able to steal the information, or simply eavesdrop and forward on communications meant for the victim. Additionally, if the attacker changed the MAC address of the device that is used to connect the network to Internet then he could effectively disable access to the web and other external networks.

Cain & Abel : It is a nifty program that deals with recovering lost passwords using the most powerful and tough decryption algorithms. It is capable to quickly and efficiently retrieve Outlook and network passwords and to display passwords underneath asterisks. Most encrypted passwords are breakable using this program via Dictionary, Brute-Force and Cryptanalysis attacks. Decrypting scrambled passwords or wireless network keys is not a challenge either. Besides the ability to record VoIP conversations, the application also features the possibility to analyze route protocols. Working with Cain& abel: 1. Go to the web site http://www.oxid.it/cain.html 2. Click on download option and support path to save the setup file. 3. Double click on ca_setup.exe icon to run setup. 4. Accept License agreement and Click on Next button. 5. Specify the destination folder to install Cain & Abel click on “Next”. 6. It asks WinPcap to install if not installed earlier. 7. Accept the License agreement and Click on Next button to install WinPcap. 8. Double Click on Cain icon on desktop to run the tool. 9. Click on Sniffer menu. SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

37

10. Click on hosts on the button portion window. 11. Click Start sniffer and APR service from Standard toolbar menu. 12. Right Click on the hosts window and click on Scan MAC address. 13. Select all hosts in my subnet or range FROM and TO IP address and Click OK. 14. Now you view the MAC and IP address of Remote / Local machines. 15. Click on APR button on toolbar menu. 16. Left Click on right pane of APR window and then Click on ‘+’ symbol on standard

toolbar. 17. APR enables you to poison IP traffic between the selected host . 18. Click on any IP address on the left side list and the other IP selected on the right side. 19. Left Click on Right side on the IP address and Click OK. 20. Watch the poisoning effect FROM and TO IP address. --------QQQQQQQ-------

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

38

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

39

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

40

2.

Demonstrate Intrusion Detection System (IDS) using any tool such as Snort or any other Software.

With the development of network technologies and applications, network attacks are greatly increasing both in number and severity. As a key technique in network security domain, Intrusion Detection System (IDS) plays vital role of detecting various kinds of attacks and secures the networks. Main purpose of IDS is to find out intrusions among normal audit data and this can be considered as classification problem. Intrusion detection systems (IDS) are an effective security technology, which can detect, prevent and possibly react to the attack. It performs monitoring of target sources of activities, such as audit and network traffic data in computer or network systems, requiring security measures, and employs various techniques for providing security services. With the tremendous growth of network-based services and sensitive information on networks, network security is becoming more and more important than ever before. Intrusion : Attempting to break into or misuse your system. Intruders may be from outside the network or legitimate users of the network. Intrusion can be a physical, system or remote intrusion. Intrusion Detection Systems look for attack signatures, which are specific patterns that usually indicate malicious or suspicious intent.

About Snort:

Snort is an open source network intrusion prevention system, capable of performing realtime traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has three primary uses: It can be used as a straight packet sniffer like tcpdump, a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion prevention system. The privacy of the Snort community is very important to Sourcefire. If you choose to optout, the information collected at the time of registration will not be used for any Sourcefire marketing efforts. In addition, Sourcefire will not sell or distribute any personal information to 3rd party companies. SNORT can be configured to run in three modes: 1. Sniffer mode

2. Packet Logger mode

Sniffer mode: snort –v SIDDAGANGA POLYTECHNIC, Tumkur-3

3. Network Intrusion Detection System mode

Print out the TCP/IP packets header on the screen Department of Computer Science & Engg.

41

Packet Logger mode : snort –dev –l c:\log [create this directory in the C drive] and snort will automatically know to go into packet logger mode, it collects every packet it sees and places it in log directory. Network Intrusion Detection System mode : snort –d c:\log –h ipaddress/24 –c nort.conf This is a configuration file applies rule to each packet to decide it an action based upon the rule type in the file.

Working with Snort: 1. Go to the web site www.snort.org/start/download 2. Click on download option and support path to save the setup file. 3. Double click on Snort Installation icon to run setup. 4. Accept License agreement and Specify path for installation, then Click on Next. 5. Install snort with or without database support. 6. Skip the WinPcap driver installation 7. Select all the components and Click Next.

Install and Close. 9. Add the path variable in windows environment variable by selecting new classpath. 10. Create a path variable and point it at snort.exe variable name : path and variable value as c:\snort\bin. 11. Click OK button and then close all dialog boxes. 12. and type the following commands: 13. Go to command prompt and get into Snort/bin directory and run Snort.exe file. 14. An editor window displays the complete details of packets flowing across the system, the IP Address of packet generator, date &Time, length of Packet, Time to live(TTL) Etc at Realtime. 15. By analyzing these details Intrusers can be traced at real time. 16. These details can be documents by using a print screen option. 8.

++++++++++++++ ++++++++++++++

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

42

3.

Install RootKit and study variety of options.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

43

The term Rootkit originally referred to a collection of tools used to gain administrative access on UNIX operating systems. The collection of tools often included well-known system monitoring tools that were modified to hide the actions of an unauthorized user. An unauthorized user would replace the existing tools on the system with the modified versions preventing authorized users from discovering the security breach. Rootkits in Windows refers to programs that use system hooking or modification to hide files, processes, registry keys, and other objects in order to hide programs and behaviors. In particular, Windows rootkits do not necessarily include any functionality to gain administrative privileges. In fact, many Windows rootkits require administrative privileges to even function. Two basic classes of Windows rootkits : kernel mode rootkits & user mode rootkits. Rootkit - “A tool used to protect backdoors and other tools from detection by administrators” ROOTKITS : Rootkit is a malicious software program, used to gain elevated access to a computer while it remains hidden from the owner of the computer and installed security software. Rootkits typically run at a low level and load before the computer's operating system to remain hidden. The rootkit can then divert any OS functions that would reveal its presence and display manipulated results to the user. Malicious users or software often install a rootkit once they have gained access to a computer, through vulnerabilities in the computer's software or through gaining the password by social engineering, for example. The rootkit allows them continued access to the computer, but it leaves no trace of their activity, as it would if they were logged in through a normal user account. Once installed, the rootkit owner can access the computer at any time to run software, or to control the computer remotely. WHY ROOT KITS ARE USED Root kits are used by criminals for a variety of purposes, usually to turn a computer into part of a botnet, which can then, in turn, go on to infect other computers or send spam email messages. The rootkit owner can install keyloggers to capture user-entered passwords for online banking and similar activities, or steal the user’s personal details to use for identity fraud. If the rootkit owner uses the computer for criminal acts, such as breaking into other computers, it will appear as if the computer owner is responsible if authorities trace the connection. o

HOW ROOT KITS STAY UNDETECTED Many root kits infect the boot sectors of the computer’s hard disk, allowing them to load before the computers operating system. The rootkit then patches the operating system and o

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

44

changes common functions to hide its existence. For example, the root kit could intercept calls for a list of files in a directory, removing its own file names before showing the results to the user, so it would appear as if the directory is clean. Both anti-virus and security software programs are vulnerable to the effects of a root kit, which runs at a lower level, ensuring the anti-virus software cannot detect or remove it. This leads the anti-virus software into believing the system is clean, when it is actually infected and running malicious software. Current Rootkit Capabilities: Root kits Hide processes, Hide files, Hide registry entries, Hide services, Completely bypass personal firewalls, Undetectable by antivirus, Remotely undetectable, Covert channels - undetectable on the network, Defeat cryptographic hash checking, Install silently, All capabilities ever used by viruses or worms o

SIDDAGANGA POLYTECHNIC, Tumkur-3

“*”“*”“*”

Department of Computer Science & Engg.

45

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

46

12. Generate minimum 10 passwords of length 12 characters using OpenSSL command. OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them. The openssl program is a command line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. It can be used for:        

Creation and management of private keys, public keys and parameters Public key cryptographic operations Creation of X.509 certificates, CSRs and CRLs Calculation of Message Digests Encryption and Decryption with Ciphers SSL/TLS Client and Server Tests Handling of S/MIME signed or encrypted mail Time Stamp requests, generation and verification

The openssl program provides a rich variety of commands, each of which often has a wealth of options and arguments (command_opts and command_args in the SYNOPSIS). The pseudo-commands list-standard-commands, list-message-digest-commands, and list-ciphercommands output a list (one entry per line) of the names of all standard commands, message digest commands, or cipher commands, respectively, that are available in the present openssl utility. STANDARD COMMANDS openssl passwd pkcs12 pkey rand ts version

- OpenSSL command line tool -Generation of hashed passwords. -PKCS#12 Data Management. -Public and private key management. -Generate pseudo-random bytes. -Time Stamping Authority tool (client/server) -OpenSSL Version Information.

ENCODING AND CIPHER COMMANDS base64 rsa genrsa genpkey

-Base64 Encoding -RSA key management. -Generation of RSA Private Key. Superceded by genpkey. -Generation of Private Key or Parameters.

Syntax:

openssl command [ command_opts ] [ command_args ]

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

47

openssl [ list-standard-commands | list-message-digest-commands | list-cipher-commands | list-cipher-algorithms | list-message-digest-algorithms | list-public-key-algorithms] openssl no-XXX [ arbitrary options ] Working with openssl on windows 1. Install Open SSL setup file on to the default location. 2. Perform Full installation and Click Next to Complete the installation. 3. Execute the Open SSL from command prompt available at C:\ProgramFiles\GnuWin32\OpenSSL\openssl.exe 4. Go to openssl> (This is the Open SSL prompt) and execute the command as follows for password generation. 5. Passwd –crypt [type your password] This is limited to 8 characters password generator. 6. Passwd -1 [your password] This allows you to insert password length beyond 8 characters. 7. Type this command to generate 10-12 characters passwords of TEN numbers. ~~~~~***~~~~~ C:\OpenSSL-Win32\bin>openssl OpenSSL> passwd Password: Verifying - Password: q8jVlTuFX9wSU OpenSSL> rand -base64 12 Loading 'screen' into random state - done 72RhZZGSB4rph+eg OpenSSL> genrsa -out mykey.key 96 Loading 'screen' into random state - done Generating RSA private key, 96 bit long modulus ...+++++++++++++++++++++++++++ e is 65537 (0x10001)

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

48

13. Setup a honey pot and monitor the honey pot on network. SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

49

A honeypot is a device placed on a computer network specifically designed to capture malicious network traffic. The logging capability of a honeypot is far greater than any other network security tool and captures raw packet level data even including the keystrokes and mistakes made by hackers. The captured information is highly valuable as it contains only malicious traffic with little to no false positives.Honeypots are becoming one of the leading security tools used to monitor the latest tricks and exploits of hackers by recording their every move so that the security community can more quickly respond to new exploits. HoneyBOT works by opening over 1000 UDP and TCP listening sockets on your computer and these sockets are designed to mimic vulnerable services. When an attacker connects to these services they are fooled into thinking they are attacking a real server. The honeypot safely captures all communications with the attacker and logs these results for future analysis. Should an attacker attempt an exploit or upload a rootkit or trojan to the server the honeypot environment will safely store these files on your computer for analysis and submission to antivirus vendors. Our test servers have captured several thousand trojans and rootkits from some simulated services. Working with HoneyBOT 1. HoneyBOT can be downloaded from our web site at: http://www.atomicsoftwaresolutions.com/honeybot.php 2. After clicking the download link save HoneyBOT_010.exe to a location on your hard drive. 3. Double click the HoneyBOT_010.exe installation file to begin the setup process. 4. Follow the prompts in the setup process. The default installation folder for setup is c:\honeybot\ 5. Setup will create a shortcut in the Start Menu folder and an option is available to create a desktop icon. 6. Now you can launch HoneyBOT using the programs shortcut icon. 7. Click on the blue play button to start the HoneyBOT listening engine. 8. Using a Web Browser try to access various network systems by providing their IP Addresses. SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

50

9. Double clicking a record in the list view of the main window will open the Packet Log viewer window. On the upper left hand side of the window is the Connection Details which displays basic information about the selected hit including the total number of bytes sent and bytes received for that hit. In the upper right hand side the application displays the Packet History list view of all transmitted and received IP packets associated with the hit. 10. By clicking on a record in the Packet History box you can view the complete Packet data in the lower window. 11. All log files are saved by default to c:\honeybot\logs folder. Log files store information relating to the hits on the system and also store all data received and sent to the attacking computer. 12. Click on the red stop button to shut down all listening services and terminate all existing open sockets. Uninstalling HoneyBOT Click the Uninstall HoneyBOT icon in the programs start menu to uninstall HoneyBOT and follow the prompts.

*)))))

(((((

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

51

14. Install JCrypt tool (or any other equivalent) and demonstrate Asymmetric, Symmetric crypto algorithm, Hash and Digital/PKI signatures studied in theory Network Security and Management.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

52

STEPS: 1. Download and install jcryptool. 2. Open jcryptool.

3. Open the text editor in jcryptool & write the msg which you want to encrypt.

4. Select asymetric algoritham RSA .

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

53

5. Provide password for encryption.

6. Following encrypted O/P will appear on screen

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

54

7. Decrpt the same text by selecting decrypt

Provide the same password which provided during encryption .

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

55

8. O/P will look like this . Encryption using symetric algorithms

1. Select AES algorithm .

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

56

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

57

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

58

STEPS FOR MD5

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

59

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

60

STEPS for MAC

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

61

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

62

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

63

15. Install IPCop on a linux system and learn all the functions available on the software. IPCOP Linux is a complete Linux distribution. Its sole purpose is to protect the network. Its main features are: IP table network filter, All types of Drive Support and Quad Network support such as GREEN(Internal Trusted Network), BLUE(Wireless Semi-Trusted Network, ORANGE(Demilitarized Zone for internet Access Servers, RED(The Internet)

System Requirements for IPCop Installation: P  pentium Processor with 32MB RAM, 300MB hard disk and 3 Network Cards 2 x 5 port 10/100/1000 switch or a Layer 3 switch N  etwork Cables B  urned ISO CD

Installation Procedure as follows: 1. Download IPCOP 2.0.2.iso from www.ipcop.org. 2. Run Virtual Box on Host PC and add IPCOP.ISO file and Start the Installation. 3. The Bootup Screen appears hit enter key. SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

64

4. Select Default English Language and Press Enter-Key 5. Select default US layout Keyboard and Press Enter-Key. 6. Select Asia/Calcutta and Press OK to proceed. 7. Change the Date and Time if required and Press OK. 8. Select the disk installation default HDD and Press OK. 9. Skip the restore windows by pressing skip option button. 10. Now Disk installation is complete press on congratulation button. 11. Enter HOST name ipcop and Press OK. 12. Domain Name local domain and Press OK. 13. Select DHCP by pressing space bar key and Press OK. 14. Select card assignment first as GREEN and second as RED and Press DONE. 15. Press OK on DHCP server by Default. 16. Type the Password for root minimum 6 characters and Press OK 17. Type the Password for admin minimum 6 characters and Press OK. 18. Type the Password for backup minimum 6 characters and Press OK. 19. Your IPCOP Virtual Box Reboots. 20. Type the username as root and enter the password , Press Enter-Key. 21. Now open your Internet Explorer Web Browser and type the following in the address

bar: https://192.168.1.1:8443/ and Press Enter-Key. 22. Certificate error is obtained Click on continue which displays as not recommended anyway. 23. IPCOP begins and enter the username as admin and type the password, click OK. 24. The Full Fledge IPCOP firewall is now ready. 25. Practice the basic options of IPCOP firewall

Installing the System S  elect our language. S  elect our Installation Medium, a CD in this case. The first step, after powering on the system, is changing the boot sequence in the BIOS-the optical drive has to be the first in the list for setup purposes. This option can be found in a variety of places in the BIOS menus, depending on the specific BIOS used by the motherboard. It is usually in the "Advanced Setup Options" or "Advanced BIOS Setup" areas. CDROM set as first boot device After changing this setting, you can leave the BIOS, either by pressing the F10 key, or via the menu option "Exit Saving Changes" in the main BIOS screen. The system will now boot from the CD, and you will be greeted by the Isolinux boot loader. The warning that all data on your drive will be wiped should be taken very seriously! This is the last dialog the installer will display before erasing and partitioning the drive. If you still have any important files left on the system, cancel the installation now and back them up to a safe location! SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

65

Run through the simple prompt-based installation. Configure our network cards The fastest way to configure our network interface cards is by selecting Probe option. If we know the network card information we can choose to our exact interface from Select. 41

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

66

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

67

Initial Setup Having installed IPCop we now have to enter some further configuration information in setup for our setup to be complete. Enter in Keyboard, Time Zone and Hostname/Domain. ISDN Setup As we are not using ISDN we should select to disable it Network Configuration Type - Select the Interface configuration we will be running by tabbing to Network Configuration Type and hit the Enter key.

Password Setup - IPCop has 2 users which we will be asked to setup passwords for the root SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

68

and admin. Set these both to a strong password > 8 character password that is not a word in any language and contains Caps. A good example would be 1luv19c0p. Root password will be used to log on and add any add-ons or upgrades via SSH. Admin user is used to manage our IPCop day to day.

Since we have 3 interfaces and only have set up Green, repeat the interface setup options for the Red and Orange interfaces as described above. Configure the RED interface to use DHCP as this is interface connected to the Internet (i.e. Our ISP). Then configure our ORANGE interface to use the 192.168.10.x address space. For Red tab over to the DHCP box and select it by hitting Enter. So if our Green network will contain 15 hosts we can use 192.168.1.2-16. To set this up simply add in this range 192.168.1.2-16 and tab down to OK.

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

69

SIDDAGANGA POLYTECHNIC, Tumkur-3

Department of Computer Science & Engg.

70