IT348 Cryptography and Network Security Practical List
Subject Cordinator: - Prof. Madhav Ajwalia
Subject Name: - Cryptography and Network Security
Semester: - 6
| PRACTICAL LIST |
|---|
| Installation of Kali Linux or Parrot Security Operating System in Virtual
Box.
1. Kali OS: Click here 2. Parrot Security OS: Click here 3. Download Kali Linux OS: Click here 4. Download Parrot Security OS Click here |
|
The transmission of information need to be secure over the communication
channel and the data has to be confidential. To do so, steganography is the
technique to concealing/hiding the secrete file, message, audio or video in
some another format of file. OpenPuff is one of the free steganography tool
for windows environment.
Study and implement the practical approach for Steganography.
- Using DOS commands - Using OpenPuff Tool For Help: https://embeddedsw.net/OpenPuff_Steganography_Home.html |
|
Footprinting is the process of accumulating data regarding a specific network environment, usually for the purpose of finding ways to intrude into the environment. Footprinting can reveal system vulnerabilities and improve the ease with which they can be exploited. It is also known as reconnaissance. Study practical approach to implement Footprinting: Gathering Target Information making use of following tools: Dmitry – Deepmagic Reference :https://www.youtube.com/watch?v=_zd3goGLM7Q UA Tester Reference :https://www.youtube.com/watch?v=WsTupi32ZYE Whatweb Reference :https://www.youtube.com/watch?v=Fx9sIgxcNwU |
| Port scanning is a method for determining open ports and services available
on a network or a host. It involves connecting with TCP and UDP ports on
system, once you found the IP addresses of a target network or host by
Footprinting technique. You have to map the network of this targeted
organization.
Nmap (Network Mapper) is a powerful, flexible, open source and easy to use
tool for port scanning available for both Linux and Windows based operating
system.
Study practical approach to implement scanning and enumeration techniques
using Nmap.
For Help: https://www.youtube.com/watch?v=fp1042XK4A8 |
| RSA algorithm is a public key encryption technique and is considered as the
most secure way of encryption to secure sensitive data, particularly when it
is being sent over an insecure network such as the internet. The public and
private key generation algorithm is the most complex part of RSA algorithm.
The strength of RSA is the difficulty of factoring large integers that are
the product of two large prime numbers, which is considered infeasible due
to the time it would take using even today's high configured computers.
Implement RSA algorithm.
For Help: https://www.youtube.com/watch?v=VF3AHG0T9ec |
| Simplified DES (S-DES) is a symmetric-key block cipher. The S-DES encryption
algorithm takes an 8-bit block of plaintext and a 10-bit key as input and
produces an 8-bit block of ciphertext as output. It follows two rounds.
Implement S-DES symmetric encryption Algorithm.
For Help: https://www.youtube.com/watch?v=QcKHfMgcnbw |
| System hacking is the way hackers get access into individual’s computer on a
network. Ethical hackers learn system hacking to detect, prevent, and
counter these types of attacks. Study practical approach to implement system
hacking and learn different ways to crack password.
For Help: https://www.youtube.com/watch?v=Jaq7w4iqInY |
| SQL injection is one of the most common web hacking techniques in which
injected malicious code (SQL statement) might destroy your database or
manipulate database to access information that was not intended to be
displayed. It takes advantage of the design flaws in poorly designed web
applications to exploit SQL statements to execute malicious SQL code. It
generally allows an attacker to view data that they are not normally able to
retrieve. Attacking Web Application using SQL Injection
For Help: https://www.youtube.com/watch?v=6GJi86Q_pK8 |
| Wireshark is an open source tool for profiling network traffic and analyzing
packets. It is often referred as a network analyzer, network protocol
analyzer or sniffer. Wireshark intercepts traffic and converts that binary
traffic into human-readable format. It can be used by Network
administrators, Network security engineers, QA engineers, Developers, and
other People to troubleshoot network problems, to examine security problems,
to verify network applications, to debug protocol implementations, and to
learn network protocol internals respectively.
Practical approach to study Wireshark.
For Help: https://www.youtube.com/watch?v=yC0e0bSSleo |
| Web application vulnerabilities means a system flaw or weakness in a
web-based application due to not validating or sanitizing form inputs,
misconfigured web servers, and application design flaws, and they can be
exploited to compromise the application’s security. These vulnerabilities
are not the same as other common types of vulnerabilities, such as network
or asset. The OWASP Zed Attack Proxy (ZAP) is an open-source web application
security scanner to automatically find security vulnerabilities in web
applications during developing and testing applications. Practical approach
to study Web Application Vulnerability. OWASP-ZAP
For Help: https://www.youtube.com/watch?v=KFZzgOnkLE8 |
| Create your own website in cloud and perform security testing on it in order
to find out web application vulnerabilities such as buffer overflow,
credentials management, CRLF injection, cross-site request forgery,
cross-site scripting, directory traversal, failure to restrict URL access,
insecure cryptographic storage, LDAP injection, malicious code, OS command
injection, race condition, SQL injection etc., and resolve and troubleshoot
these problems
For Help: http://www.dvwa.co.uk/ |
| Demonstration of any security tool. |