DEPARTMENT OF COMPUTER ENGINEERING & APPLICATIONS

Institute of Engineering & Technology

Practical File

Name: Pragati Varshney UnivRoll: 2315300016

Course: B. Tech (CS-CSF) Class Roll: 15

Faculty: Mr. Arvind Prasad

Code: BCSE 0638

Subject Name: IT System Security & Physical Security Lab

Year: I Semester: II Session: 2023-24

Experiment 1:
Step1: To start the scanning, click on the Scan multiple computers
option.

Step2: Fill the systems IP address range.

Step3: Click on the Start Scan button.

Step4: Now the scanning will start, and it will take some time to
complete the scan.

Step5: Once the scan is completed a scan report will be generated,

click on the Pick a security report view option.
Step6: On the next window the report will be expended, click on Ok
after analyzing the report.

Experiment 2:
import socket
Firstip=input("Enter first ip:") lastip=input("Enter
second ip:")

f=[Link](".")+1
flength=len(Firstip)
first=int(Firstip[f:flength])

l=[Link](".")+1
flength=len(lastip)
last=int(lastip[l:flength])
for ip in range
(first,last):
target=Firstip[0:f] + str(ip)

print("scanning: " ,target) WL =

[8005,8008] try: for port in range
(7999,8100): soc =
[Link]()
[Link](1)
res=soc.connect_ex((target,port))
if res==0:
print("Port",port," is
open") try:
if [Link](port)>=0:
print("port is in white list")
except: pass [Link]()
except: pass

Experiment 3:
The following report summarizes that:
• The virus protection is up-to-date.
• The security benchmark score is 4.31 out of 10.
• There are 3 missing security updates, therefore in the section
missing security updates there are link to install them.
• We can also see computer profile summary which gives all the
information about software, hardware, virus protection,
communications and other devices.
Experiment 4:
A. Open HoneyBOT and select the network adapter through which you want
to use the HoneyBOT then list the ports with their services and then start the
engine click on the blue play button to start the HoneyBOT listening engine. The
status bar at the bottom of the window will increment as each port is successfully
opened.

B. On the top left corner go to the view tab then select services then add the
service you want to add with their respective details such as (port number,
protocol, enable, description).
Click on the blue play button to start the HoneyBOT listening engine. The status
bar at the bottom of the window will increment as each port is successfully
opened. Now wait for a while after that click on the red stop button to shut
down all listening services and terminate existing open sockets. The status bar
at the bottom of the window will decrement as each port is closed.

Double clicking a record in the list view of the main window will open the
Packet Log viewer window. On the upper left hand side of the window is the
Connection Details which displays basic information about the selected hit
including the total number of bytes sent and bytes received for that hit. In the
upper right hand side the application displays the Packet History list view of all
transmitted and received IP packets associated with the hit.
C. [Link] This IP Address seems malicious.

D. Go to the view tab on the top left corner then select the whitelist option to
create a whitelist. After going to the whitelist option add the details (remote IP,
local port, protocol, description) of the IP that has to be whitelisted.
Experiment 5:
The possible ways to block the malicious device using MAC address
are:
• By choosing MAC filtering from advanced settings of Firewall
• By implementing IEEE 802.1X authentication, which requires
devices to authenticate before they are granted network access.
Unauthorized devices, identified by MAC address, can be denied
access.
Experiment 6:
A. The steps one would take to set up a Wireshark capture to
monitor network traffic for suspicious activities are:
• Choose the network you want to capture network
traffic for suspicious activities.

• The traffic will start getting captured.

B. After analyzing the captured packets:

We found a Login on an HTTP connection which can
compromise the login credentials of the user as an HTTP
connection is not secure.
 C. Security measures or actions that should be taken based on the
findings to mitigate the potential security threat are:
• One should use secure sites with an HTTPS connection.
• Enable Multi-Factor Authentication which adds extra layer of
security.
• Review recent activity of the account on an HTTP connection to
make sure of no unauthorized access.

Experiment 7:
• The top three bandwidth consuming deviecs source ip and
destination ip are:

• The protocol used by each of these devices TLSv1.2

• Based on the analysis, the recommendations to resolve the
slow internet speeds and intermittent connectivity issues will
be upgrading the TLS version, implement load balancing for
web servers to distribute traffic efficiently and ensure that all
network devices have the latest firmware and software updates
installed.

Experiment 8:
A. Setting up ZAP for Testing the Quiz Portal:
1. Installation:
- Download ZAP from the official website and install it on your
system.
- Ensure you have Java installed as ZAP runs on Java.

2. Configure Proxy Settings:

- Configure your browser to use ZAP as a proxy.
- Set the proxy settings in your browser to point to ZAP's
listening port (default is 8080).

3. Start ZAP:
- Launch ZAP after installation.
- ZAP will start a local proxy server to intercept and inspect
HTTP and HTTPS traffic.

4. Configure Browser:
- Open your browser and navigate to the ZAP welcome page
(`[Link]
- Follow the instructions to set up your browser to work with
ZAP.

5. Spider the Website:

- Use ZAP's spider tool to crawl the university's quiz portal. -
This will help in identifying all accessible pages and endpoints
for testing.
B. Performing a Simple Scan using ZAP:
1. Set Target URL:
- In ZAP, go to the "Quick Start" tab.
- Enter the URL of the university's quiz portal as the target.

2. Perform Active Scan:

- Click on the "Attack" tab.
- Select "Active Scan" and configure scan settings if needed.
- Start the scan to identify potential vulnerabilities.

3. Review Scan Results:

- Once the scan is complete, review the results in the "Alerts"
tab. - ZAP will categorize vulnerabilities based on severity
and provide detailed information about each issue found.
C. Common Security Issues Detected by ZAP:

1. Cross-Site Scripting (XSS):

- ZAP might detect XSS vulnerabilities where untrusted data is
improperly handled, allowing attackers to inject malicious
scripts into web pages.
- This can lead to session hijacking, defacement, or stealing
sensitive information from users.

2. SQL Injection (SQLi):

- ZAP can identify SQL injection vulnerabilities where attackers
can manipulate SQL queries executed by the application's
backend database.
- Exploiting SQLi vulnerabilities can result in unauthorized
access to databases, data theft, or even complete database
compromise.

Recommendations to Address Detected Vulnerabilities:

1. Implement Input Validation:

- Validate and sanitize user input to prevent XSS and SQLi
attacks. - Use proper encoding and escaping techniques to
handle usersupplied data securely.

2. Security Headers:
- Implement security headers such as Content Security
Policy (CSP), X-Content-Type-Options, and X-Frame-Options to
mitigate various web application security risks.

3. Parameterized Queries:
- Use parameterized queries or prepared statements to
prevent SQL injection attacks by separating SQL code from user
input.

4. Regular Security Assessments:

- Conduct regular security assessments using tools like ZAP
to proactively identify and address security vulnerabilities in the
quiz portal.
By addressing the identified vulnerabilities and adopting security best
practices, the university can enhance the security posture of its quiz
portal and mitigate potential risks to student and teacher data.

Experiment 9:

Mitigating Identified Risks:

1. Patch Management:
- Ensure that all devices on the network have the latest
security patches and updates installed to address known
vulnerabilities.

2. Network Segmentation:
- Implement network segmentation to isolate critical
systems and reduce the attack surface. This prevents attackers
from moving laterally within the network in case of a breach.

3. Access Control Policies:

- Enforce strict access control policies to limit access to
sensitive resources only to authorized users. Use strong
authentication mechanisms such as multi-factor authentication
(MFA).

4. Firewall Configuration:
- Configure firewalls to filter incoming and outgoing traffic,
blocking unnecessary ports and services. Regularly review and
update firewall rules to adapt to changing security
requirements.

5. Intrusion Detection and Prevention Systems (IDPS):

 - Deploy IDPS to monitor network traffic for suspicious
activities and potential threats. Set up alerts for unusual
behavior and respond promptly to any detected incidents.

6. Regular Security Audits:

- Conduct regular security audits and vulnerability
assessments to identify and remediate security weaknesses
proactively.

Basic Network Discovery Scan using Nmap:

1. Performing the Network Discovery Scan:

- Open a terminal or command prompt.
- Use the following Nmap command to perform a basic network
discovery scan:

nmap -sn <network_address>

Replace `<network_address>` with the IP range of the simulated

network.
Discovered Devices:

- Device 1:
- IP Address: [Link]
- Description: (Provide any known information about the device, such
as hostname or device type)

- Device 2:
- IP Address: [Link]
- Description: (Provide any known information about the device, such
as hostname or device type)

- (Repeat the above format for all discovered devices)

Detailed Port Scan on Target Machine:

1. Performing the Port Scan:

- Choose one of the discovered devices as the target machine. - Use
the following Nmap command to perform a detailed port scan:

nmap -p- -sV <target_ip>

Replace `<target_ip>` with the IP address of the target machine.

Open Ports and Corresponding Services:

- Port 22 (SSH):
- Service: Secure Shell (SSH)
- Description: Used for secure remote access to the system.

- Port 80 (HTTP):
- Service: Hypertext Transfer Protocol (HTTP)
- Description: Used for web traffic, indicating the presence of a web
server.

- (Repeat the above format for all open ports and their corresponding
services)

Ensure to analyze the results of the network scan thoroughly and

take appropriate actions to address any vulnerabilities or security
risks identified. Regularly monitor the network for changes and
updates to maintain a secure environment.

Experiment 10:

A. Navigate to the "Projects" directory, which is located inside the

"Documents" directory. cd ~/documents/projects

B. Create a new directory named "Reports" within the "Projects"

directory. mkdir Reports
C. Inside the "Reports" directory, create two text files named
"Quarterly_Report.txt" and "Annual_Report.txt." cd Reports touch
Quarterly_Report.txt Annual_Report.txt

D. Display the contents of the "Reports" directory to verify the creation

of the new files. Ls

E. Move the "Annual_Report.txt" file to the "Backup" directory, which is

located in the parent directory of "Documents." mv
Annual_Report.txt ../../Backup/

F. Change the name of the "Quarterly_Report.txt" file to

"Q1_Report.txt." mv Quarterly_Report.txt Q1_Report.txt

G. Display the updated contents of the "Reports" directory. ls