G.B.

Pant DSEU Okhla-I Campus

(Govt. of NCT of Delhi)
Okhla Industrial Estate Phase-III,
New Delhi-110020

ISCL PRACTICAL FILE

SUBMITTED TO: SUBMITTED BY:

Dr. Manisha Manjul Raghav Sahi (41521050)

1|Page
Exp-1: Write a Program to Study Different Security Protocols

AIM
To study the functionality and implementation of security protocols like WEP, WPA2, PSK, and
802.1x EAP using a program.

Theory
1. WEP (Wired Equivalent Privacy): An older protocol providing basic encryption using RC4.
Vulnerable due to weak initialization vectors.
2. WPA2 (Wi-Fi Protected Access 2): A robust protocol using AES for encryption and integrity
checks.
3. PSK (Pre-Shared Key): A static key shared between devices to authenticate connections.
4. 802.1x EAP (Extensible Authentication Protocol): Provides network access control using
RADIUS servers.

Steps
1. Use Python's cryptography module to simulate WEP and WPA2.
2. Implement authentication methods for PSK and 802.1x.
3. Write a program that encrypts and decrypts data based on the protocol selected.

Codebase

2|Page
Observations
1. WEP: Encryption is basic and key is static, making it insecure.
2. WPA2: Provides stronger encryption and dynamic key management.
3. PSK: Relies heavily on the secrecy of the shared key.
4. 802.1x EAP: Offers enhanced access control using user credentials.

Results
The program successfully demonstrated the functioning of different security protocols. WEP is
insecure, while WPA2 and 802.1x provide robust solutions.

3|Page
Exp-2: Implement Firewall for Bank Login and E-commerce

AIM
To implement a simple firewall to restrict traffic based on IP addresses and simulate secure bank login
and e-commerce transactions.

Theory
Firewalls control incoming and outgoing traffic by applying rules. For this task:
1. Allow or block traffic based on IP.
2. Simulate a login endpoint for a bank and transactions for an e-commerce site.

Steps
1. Use Flask to create endpoints for login and transactions.
2. Implement a middleware function to restrict traffic based on IP addresses.

Codebase

4|Page
Observations
1. Unauthorized IPs are blocked before processing requests.
2. Login endpoint validates user credentials securely.
3. Transaction endpoint handles data and validates input.

Results
The firewall successfully restricted traffic and secured the application endpoints for bank login and e-
commerce transactions.

5|Page
Exp-3: Implement Biometric System

AIM
To implement a facial recognition-based biometric system for secure access control.

Theory
Biometric systems use physical traits for authentication. Facial recognition:
1. Identifies unique features of a face.
2. Uses image processing and machine learning for accuracy.

Steps
1. Use OpenCV for real-time face detection.
2. Load Haar cascades for facial feature recognition.
3. Use a pre-stored database for user authentication.

Codebase

6|Page
Observations
1. The system successfully detects faces.
2. Detection fails for partially visible or poorly lit faces.
3. Processing is real-time and efficient.

Results
The biometric system authenticated users based on facial features, enhancing physical security.

7|Page
Exp-4: Implement Brute Force and Dictionary Attacks

AIM
To implement brute force and dictionary attacks on a login system and understand their effectiveness
in breaking weak passwords.

Theory
1. Brute Force Attack: This attack involves systematically trying all possible combinations of
characters until the correct password is found. It is time-consuming and resource-intensive.
2. Dictionary Attack: This attack uses a predefined list of commonly used passwords to attempt
login. It is faster but less exhaustive than brute force.
3. Importance in Security: Demonstrates why weak passwords are vulnerable to automated
attacks and highlights the need for secure password practices.

Steps
1. Create a simple password-protected system.
2. Implement a brute force method to guess passwords by generating all possible combinations.
3. Implement a dictionary attack using a predefined list of passwords.
4. Test both methods on the system.

Codebase

8|Page
Observations
1. Brute Force: Successfully cracks the password but is slow for longer passwords due to
exponential growth in combinations.
2. Dictionary Attack: Efficient if the password is part of the predefined list; otherwise, it fails.

Results
Brute force attacks are exhaustive but slow, while dictionary attacks are faster but limited. Strong,
unique passwords mitigate both threats.

9|Page
Exp-5: Use the Nessus Tool to Scan the Network for
Vulnerabilities

AIM
To use the Nessus vulnerability scanner to identify and analyse vulnerabilities in a network.

Theory
1. Nessus: A widely used vulnerability assessment tool that scans networks for security issues
such as outdated software, weak passwords, and misconfigurations.
2. Working Principle: Nessus identifies vulnerabilities by comparing the network’s
configuration to a database of known exploits and weaknesses.

Steps
1. Install Nessus:
o Download Nessus from the Tenable website.
o Install and activate it using a free or licensed key.
2. Configure Scan:
o Add target IP addresses or network ranges to the scan.
o Choose the type of scan (e.g., basic network scan, credentialed scan).
3. Run Scan:
o Start the scan and monitor its progress.
4. Analyse Results:
o Review the report generated, which lists vulnerabilities, their severity, and
remediation steps.

Observations
1. Nessus efficiently identifies vulnerabilities and categorizes them by severity.
2. Some vulnerabilities may require manual confirmation to ensure accuracy.
3. The tool provides actionable remediation suggestions.

Results
The Nessus scan provided a comprehensive list of vulnerabilities, enabling informed decision-making
for improving network security.

10 | P a g e
Exp-6: Study of Firewall Features and Configure Firewall
Security in Windows

AIM
To study the features of a firewall in providing network security and configure Windows Firewall to
control traffic.

Theory
1. Firewall: A security device or software that monitors and controls incoming and outgoing
traffic based on predetermined rules.
2. Features:
o Packet filtering.
o Application-layer filtering.
o Stateful inspection.
o Logging and monitoring.
3. Windows Firewall: Provides built-in network protection and allows custom rule creation.

Steps
1. Access Firewall Settings:
o Open "Control Panel" > "Windows Defender Firewall."
2. Set Rules:
o Create inbound and outbound rules:
 Allow or block traffic for specific ports and applications.
3. Test Configurations:
o Use tools like ping or web browsers to validate the rules.
4. Log Traffic:
o Enable logging to monitor traffic and identify unauthorized access.

Observations
1. Custom rules effectively control network access.
2. Log files provide insights into attempted connections, aiding in threat detection.
3. Blocking unused ports reduces attack surface.

11 | P a g e
Results
The Windows Firewall was successfully configured to secure the system, demonstrating its
effectiveness in controlling traffic.

12 | P a g e
Exp-7: Implement RSA Algorithm Using HTML

AIM
To implement the RSA encryption and decryption algorithm using HTML and JavaScript for secure
communication.

Theory
The RSA algorithm is a widely used public-key cryptographic technique that relies on the
mathematical properties of large prime numbers:
1. Key Generation: Generates a public key for encryption and a private key for decryption.
2. Encryption: Encodes plaintext using the recipient's public key.
3. Decryption: Decodes the ciphertext using the private key.
RSA is used in various applications like digital signatures, secure communications, and SSL/TLS
protocols.

Steps
1. Design a simple HTML interface with fields for input and output.
2. Implement RSA key generation, encryption, and decryption in JavaScript.
3. Provide buttons to encrypt and decrypt messages.

Codebase

13 | P a g e
Observations
1. The program successfully generates RSA keys, encrypts plaintext, and decrypts ciphertext.
2. Larger prime numbers improve security but increase computational complexity.
3. The encryption and decryption processes are reversible only with the correct keys.

Results
The implementation of the RSA algorithm using HTML and JavaScript demonstrated secure
encryption and decryption processes.

14 | P a g e
Exp-8: Implement VPN Using Packet Tracer

AIM
To implement a Virtual Private Network (VPN) using Cisco Packet Tracer to secure communication
between two networks.

Theory
A VPN (Virtual Private Network) creates a secure connection between networks by:
1. Tunneling: Encapsulating data packets to ensure secure transit.
2. Encryption: Securing data using cryptographic algorithms like IPsec.
3. Authentication: Validating users/devices with shared secrets or certificates.
Cisco Packet Tracer supports IPsec-based VPNs to simulate real-world scenarios.

Steps
1. Open Cisco Packet Tracer and create a topology:
o Add two routers, each connected to a PC.
o Connect the routers using a serial connection.
2. Configure IP addresses for all devices.
3. Configure IPsec VPN on both routers:
o Define ISAKMP policies for encryption, authentication, and hashing.
o Set a pre-shared key for authentication.
o Create transform sets for data encryption.
o Define crypto maps and apply them to the appropriate interfaces.
4. Test the VPN connection using the ping command.

Configuration Commands (Router CLI)

15 | P a g e
Observations
1. The VPN successfully encrypted traffic between the two routers.
2. Data exchanged between PCs in the two networks was secure and tunnelled through the VPN.
3. Misconfigurations in IP addresses or crypto maps caused the VPN to fail.

Results
The VPN implemented in Packet Tracer successfully secured communication between the two
networks, demonstrating the practical use of tunnelling and encryption.

16 | P a g e