Lab Manual Information Security

LAB MANUAL
Course Code: CCC-403
Course Title: Information Security

Course Instructor: Irfan Ali

Lab Instructor: Irfan Ali
Department of Computer Sciences
Superior College Mian Channu
Lab Manual Information Security
Lab Manual Information Security

CONTENTS

1. Introduction

2. Hardware and Software requirements

3. Detail of Experiments

4. Expected viva voce questions

i
 Lab Manual Information Security

1. INTRODUCTION
With the introduction of the computer, the need for automated tools for protecting files and other
information stored on the computer became evident. This is especially the case for a shared system,
such as time-sharing system, and the need is even more acute for systems that can be accessed over a
public telephone network, data network or the Internet. The generic name for the collection of tools
designed to protect data and to thwart hackers is computer security.
The second major change that affected security is the introduction of distributed systems and the use
of networks and communications facilities for carrying data between terminal user and computer and
between computer and computer. Information security measures are needed to protect data during
their transmission. In fact the term network security is somewhat misleading, because virtually all
business, government, and academic organizations interconnect their data processing equipment with
a collection of interconnected networks. Such a collection is often referred to as an internet and the
term internet security is used.
Security aspects come into play when it is necessary or desirable to protect the information
transmission from an opponent who may present a threat to confidentiality, authenticity
and so on. All the techniques for providing security have two components:
(a) A security-related transformation on the information to be sent. Examples include
the encryption of the message, which scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents of the message, which can be
used to verify the identify of the sender.
(b) Some secret information shared by the two principals and it is hoped, unknown to
the opponent. An example is an encryption key used in conjunction with the transformation
to scramble the message before transmission and unscramble it on reception.

A trusted third party may be needed to achieve secure transmission. For example, a third
party may be needed to arbitrate disputes between the two principals concerning the
authenticity of a message transmission.

ii
Lab Manual Information Security

2. Lab Requirements

Software requirements: C, C++

Operating System: Windows

Hardware requirements:

P-IV 2.8 GHz

Intel 845 MB/40 GB HDD/ 512 MB RAM

LAN Card (10/100 Mbps)

iii
 Lab Manual Information Security

3. Detail of Experiments
The following experiments shall be conducted using C/C++

1. Symmetric Encryption using a Basic Cipher (AES)

2. Write a Program to implement AES.
3. Write a program to perform Encryption / Decryption using Caesar cipher.

4. Write a program to perform Encryption / Decryption using Mono

alphabetic techniques
5. Write a program to perform Encryption / Decryption using playfair system.
6. Write a program to perform Encryption / Decryption using Hill cipher
Technique.
7. Write a program to perform Encryption / Decryption using transposition
technique.
8. Write a program to perform Encryption/Decryption using Diffie-Helmen
Key exchange.
9. Write a program for simple RSA algorithm to encrypt and decrypt the
data.
10. Write a program for DES algorithm to encrypt and decrypt the data.
11. Write a program to study a simulation tool related to Information Security.
12. Write a program to study the steps of implementation of VPN using Packet
tracer.

iv
 Lab Manual Information Security

Practical 1: Symmetric Encryption using a Basic Cipher (AES)

Objective: To implement symmetric encryption and decryption using the AES algorithm.
Tools Required:
• Python
• Cryptography library (can be installed using pip install cryptography)
Steps:
1. Import Required Libraries
2. Generate a Random Key
3. Encrypt a Plaintext Message
4. Decrypt the Ciphertext
Python Code
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.backends import default_backend
import os

# Step 1: Generate a random key (256 bits) and IV (Initialization Vector)

key = os.urandom(32) # 32 bytes = 256 bits key
iv = os.urandom(16) # 16 bytes for AES IV

# Step 2: Create Cipher object for AES encryption

cipher = Cipher(algorithms.AES(key), modes.CFB(iv), backend=default_backend())
encryptor = cipher.encryptor()
decryptor = cipher.decryptor()

# Step 3: Encrypt a message

plaintext = b"Information Security is important!"
ciphertext = encryptor.update(plaintext) + encryptor.finalize()
print(f"Ciphertext: {ciphertext}")

# Step 4: Decrypt the message

decrypted_text = decryptor.update(ciphertext) + decryptor.finalize()
1
 Lab Manual Information Security
print(f"Decrypted Text: {decrypted_text.decode()}")

Explanation:
1. Key and IV Generation:
A 256-bit key is randomly generated using os.urandom(). An Initialization Vector (IV) of 128
bits (16 bytes) is also generated to ensure that the encryption of identical plaintexts results in
different ciphertexts.
2. Cipher Creation:
The Cipher object is created using the AES algorithm in CFB (Cipher Feedback) mode. Other
modes like CBC or GCM can also be used based on the requirements.
3. Encryption:
The encryptor object is used to encrypt the plaintext message.
4. Decryption:
The decryptor object decrypts the ciphertext back into the original plaintext.

Sample Output:
Ciphertext: b'\x8f\xad\x92\x85\xcd\x87\xf5...\x10'
Decrypted Text: Information Security is important!

2
Lab Manual Information Security

Practical 2: Hashing a Message with SHA-256

Objective: To implement hashing of a given message using the SHA-256 algorithm.

Tools Required:
• Python
• hashlib library (built-in with Python)

Steps:
1. Import the Required Library
2. Define the Message to be Hashed
3. Generate the Hash using SHA-256
4. Display the Hash

Python Code
import hashlib

# Step 1: Define the message

message = "Information Security is important!"

# Step 2: Create a SHA-256 hash object

sha256_hash = hashlib.sha256()

# Step 3: Update the hash object with the message (encoded to bytes)
sha256_hash.update(message.encode())

# Step 4: Get the hexadecimal representation of the hash

hash_result = sha256_hash.hexdigest()

# Step 5: Display the hash

print(f"Message: {message}")
print(f"SHA-256 Hash: {hash_result}")

Explanation:
1. Hash Object Creation:
The hashlib.sha256() function creates a hash object for generating a SHA-256 hash.
2. Updating the Hash Object:
The message is first encoded into bytes using encode() before updating the hash object with it.
This is required because the hashlib library works with byte-like objects.
3. Hexadecimal Representation:
The hexdigest() method converts the hash into a human-readable hexadecimal string.
4. Output:
The original message and its SHA-256 hash are displayed.

Sample Output:
Message: Information Security is important!
3
Lab Manual Information Security
SHA-256 Hash: ddd8c17c3dc5e74e67f3a4f2d65d0fa6d3b1e6c13f58c28cb4d0c7c0410d2cc2

Conclusion:
This practical demonstrates how to generate a secure, fixed-length hash of a message using the SHA-
256 algorithm. Hashing is useful for data integrity verification, password storage, and digital
signatures.
Would you like a solution for the next practical?

4
 Lab Manual Information Security

Practical 3: Implementing Digital Signature Verification

Objective:
To implement a digital signature using a private key and verify it using the corresponding public key.

Tools Required:
• Python
• cryptography library (can be installed using pip install cryptography)

Steps:
1. Generate a Pair of Keys (Private and Public)
2. Sign a Message using the Private Key
3. Verify the Signature using the Public Key

Python Code
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.backends import default_backend

# Step 1: Generate a pair of RSA keys

private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)
public_key = private_key.public_key()

# Step 2: Define the message to be signed

message = b"Information Security is critical!"

# Step 3: Sign the message using the private key

signature = private_key.sign(
message,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)

print(f"Digital Signature: {signature.hex()}")

# Step 4: Verify the signature using the public key

try:
public_key.verify(
signature,
message,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH

5
 Lab Manual Information Security
),
hashes.SHA256()
)
print("Signature is valid.")
except Exception as e:
print(f"Signature verification failed: {e}")

Explanation:
1. Key Generation:
The rsa.generate_private_key() function generates a 2048-bit RSA key pair. The private key is used
for signing, and the public key is used for verification.
2. Message Signing:
The private_key.sign() method is used to create a digital signature of the message using the PSS
padding scheme and SHA-256 hashing algorithm.
3. Signature Verification:
The public_key.verify() method checks the signature against the original message. If the signature is
valid, it prints a success message; otherwise, it raises an exception.

Sample Output:

Digital Signature: 2f9b4c...8a9f21

Signature is valid.

Conclusion:
This practical demonstrates the use of RSA for digital signatures. Signing a message ensures its
authenticity, integrity, and non-repudiation. The public key can be used by any party to verify the
signature.

6
 Lab Manual Information Security

Practical 4: Simple Access Control Mechanism on Windows

Objective:
To implement a basic Access Control List (ACL) to manage file access using the Windows operating system.

Steps:
1. Create a Sample File
2. Create Users
3. Set Permissions for the File
4. Test Access Permissions

Solution
Step 1: Create a Sample File
1. Open Notepad, type any content (e.g., "This is sensitive information"), and save it as secure_data.txt on
the desktop or in any desired folder.

Step 2: Create Users

1. Press Win + R, type lusrmgr.msc, and hit Enter to open the Local Users and Groups Manager.
2. Click on Users in the left pane.
3. Right-click anywhere in the right pane and select New User.
4. Create two users named User1 and User2.
5. Close the Local Users and Groups Manager.

Step 3: Set Permissions for the File

1. Right-click on the file secure_data.txt and select Properties.
2. Go to the Security tab and click Edit.
3. Click Add, type User1, and click OK.
4. Select User1 and give it Full Control permissions.
5. Repeat the process for User2, but only give Read permission.
6. Click Apply and OK to save the changes.

Step 4: Test Access Permissions

1. Log in as User1 and try opening and editing the file:
o User1 should be able to open and modify the file.
2. Log in as User2 and try opening and editing the file:
o User2 should be able to open the file but should get an error when trying to modify it.

Explanation:
1. User Creation:
In Windows, new users can be created using the Local Users and Groups Manager. These users can then
be assigned specific permissions for files and folders.
2. Setting Permissions:
The Security tab in the file’s properties allows setting fine-grained permissions for different users. Full
control allows both read and write access, while read-only permissions restrict editing.
3. Testing Access:
Switching between users ensures that permissions are correctly enforced.

Conclusion:
This practical demonstrates how to configure and enforce access control on files in Windows using ACLs. By
assigning different permissions to users, it is possible to control who can read or modify a file.
Would you like a solution for the next practical?

7
 Lab Manual Information Security

Practical 5: Intrusion Detection using Windows Event Viewer

Objective:
To detect unauthorized access or intrusion attempts by monitoring logs using the Windows Event Viewer.

Steps:
1. Enable Audit Policy
2. Generate Events by Simulating Unauthorized Access
3. View Security Logs in Event Viewer
4. Analyze the Logs for Intrusion Detection

Solution
Step 1: Enable Audit Policy
1. Press Win + R, type secpol.msc, and hit Enter to open the Local Security Policy.
2. In the left pane, expand Local Policies and click Audit Policy.
3. In the right pane, double-click Audit logon events.
4. Check both Success and Failure boxes to audit successful and failed login attempts. Click OK.
5. Double-click Audit object access, check both Success and Failure, and click OK.

Step 2: Generate Events by Simulating Unauthorized Access

1. Simulate a failed login attempt:
o Lock your system (Win + L) and attempt to log in with an incorrect password several times.
2. Simulate unauthorized file access:
o Create a file in a restricted folder (e.g., C:\SecureFolder).
o Set file permissions to deny access for your current user (right-click the file > Properties >
Security tab > Edit).
o Try opening the file. This will generate an Access Denied event.

Step 3: View Security Logs in Event Viewer

1. Press Win + R, type eventvwr.msc, and hit Enter to open the Event Viewer.
2. In the left pane, expand Windows Logs and click Security.
3. Look for events with the following Event IDs:
o 4625: Failed login attempt
o 4663: Attempted access to a file or object
o 4656: Handle to an object was requested
4. Double-click an event to view its details, including the user and time of the attempt.

Step 4: Analyze the Logs for Intrusion Detection

• Look for patterns of multiple failed login attempts (Event ID 4625), which may indicate a brute-
force attack.
• Check for unauthorized access attempts on critical files or folders (Event ID 4663).
• Use the Filter Current Log option in Event Viewer to quickly find specific event IDs.

Explanation:
1. Audit Policy:
Enabling the audit policy ensures that all login events and object access attempts are logged for
security monitoring.
2. Event IDs:
Specific Event IDs in the Security log provide detailed information about different security-related
activities:
o 4625: Failed login attempts, indicating possible unauthorized access.
o 4663: Attempted access to a protected file or folder.
o 4656: Requests to open handles to objects (files, registry keys, etc.).
3. Log Analysis:
Regularly monitoring the logs helps detect unusual behavior, such as repeated login failures or
unauthorized access attempts, which may indicate an ongoing attack.

8
 Lab Manual Information Security
Conclusion:
This practical demonstrates how to use the Windows Event Viewer for intrusion detection by monitoring
and analyzing security logs. By enabling audit policies and regularly reviewing logs, potential security
breaches can be detected early.

9
 Lab Manual Information Security
Practical 6: Port Security

Here’s a simple and easy-to-follow Port Scanning practical on Windows. This lab will help you scan open
ports on a Windows machine (which could be your own or a test machine) and understand how attackers
might scan for open services. We will use Nmap (which is free and easy to install on Windows) for
scanning.
Objectives:
1. Learn how to scan for open ports on a Windows system.
2. Discover services running on the target machine.
3. Understand basic security concerns related to open ports and services.
4. Implement simple defensive measures to block unauthorized access.
Tools Needed:
• Nmap (for port scanning)
• A Windows Machine (can be the target of the scan or the one performing the scan)
Steps for the Lab:
1. Installing Nmap on Windows:
1. Download Nmap:
Go to the Nmap download page and download the Windows installer.
2. Run the Installer:
After downloading, run the installer and follow the steps to install Nmap. By default, Nmap will be
installed in C:\Program Files (x86)\Nmap.
3. Verify Installation:
Open Command Prompt (search for cmd in the Start menu) and type:
4. nmap --version
If the installation was successful, you should see the version of Nmap.

2. Preparing the Windows Target System:

You can perform the port scan on any Windows machine that has services running. If you're using a
Windows machine as the target:
1. Enable Remote Desktop (Optional):
o Open the Control Panel and go to System and Security > System > Remote Settings.
o Enable Remote Desktop on the Windows machine (it will use port 3389 by default).
2. Verify Open Ports:
o You can check which ports are open using the Windows firewall or by enabling specific
services like FTP, HTTP, or Remote Desktop.
o Example: To check if Remote Desktop is listening on port 3389, open Command Prompt
and run:
o netstat -an | find "3389"
o This will show if port 3389 is listening.

3. Performing a Basic Port Scan with Nmap:

Now let’s scan the target Windows machine for open ports using Nmap.
1. Open Command Prompt (on your Attacker Machine).
2. Basic Port Scan:
To scan the most common ports (ports 1-1024), use the following command (replace <target_ip>
with the IP address of the target Windows machine):
3. nmap <target_ip>
Example: If the target machine IP address is 192.168.1.10, the command will be:
nmap 192.168.1.10
4. Interpret Results:
After the scan, Nmap will list the open ports and services running on the target machine. For
example, the output might look something like this:
5. Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-25 14:00 UTC
6. Nmap scan report for 192.168.1.10
7. Host is up (0.0031s latency).
8. Not shown: 999 filtered ports
9. PORT STATE SERVICE
10. 21/tcp open ftp

10
 Lab Manual Information Security
11. 22/tcp open ssh
12. 3389/tcp open ms-wbt-server
13.
14. Nmap done: 1 IP address (1 host up) scanned in 2.58 seconds
o Port 21: FTP (File Transfer Protocol) service is open.
o Port 22: SSH (Secure Shell) service is open.
o Port 3389: Remote Desktop Protocol (RDP) service is open.

4. Scanning Specific Ports (Optional):

If you know the specific ports you want to scan (e.g., HTTP on port 80, FTP on port 21), you can specify
those with the -p option.
nmap -p 21,22,80,3389 <target_ip>
This will scan only ports 21 (FTP), 22 (SSH), 80 (HTTP), and 3389 (RDP).

5. Scanning for Service Versions (Optional):

If you want to detect the version of the service running on an open port, you can use the -sV option.
nmap -sV <target_ip>
This will return the service version running on the open ports.
Example output might look like this:
21/tcp open ftp vsftpd 3.0.3
22/tcp open ssh OpenSSH 7.6
3389/tcp open ms-wbt-server Microsoft Terminal Services
This gives you more information about the software running on those ports.

6. Simple Defense: Blocking Ports with Windows Firewall

Now that you’ve scanned the target machine and identified open ports, you might want to block some of
those ports to enhance security. Let’s block port 3389 (RDP) using Windows Firewall.
1. Open Windows Firewall:
o Search for Windows Defender Firewall in the Start menu and open it.
2. Create a New Inbound Rule:
o Click on Advanced settings.
o Under Inbound Rules, click New Rule.
o Select Port and click Next.
o Select TCP, then enter 3389 (or whichever port you want to block).
o Select Block the connection and click Next.
o Apply the rule to Domain, Private, and Public networks.
o Give the rule a name (e.g., Block RDP), and click Finish.
This will block incoming RDP connections (port 3389) from external systems.

7. Additional Nmap Scans (Optional):

• Aggressive Scan:
This will provide detailed information about the target, including OS detection and service versions.
• nmap -A <target_ip>
• SYN Scan:
This is a stealthier scan that doesn’t complete the TCP handshake.
• nmap -sS <target_ip>
• UDP Scan:
To scan for open UDP ports (useful for services like DNS, DHCP, etc.):
• nmap -sU <target_ip>

8. Conclusion:
This simple practical allowed you to scan a Windows machine for open ports and services using Nmap.
You also learned how to block ports using Windows Firewall to improve security.
Key takeaways:
• Port scanning can reveal exposed services that could be vulnerable to attacks.
• Tools like Nmap are invaluable for discovering these services.
• Windows Firewall provides a basic defense mechanism to block unwanted connections.
By conducting port scans regularly and securing exposed ports, you can significantly reduce the risk of

11
 Lab Manual Information Security
unauthorized access to your system.

12
 Lab Manual Information Security
Host-based Security: Configuring a Firewall

13
Lab Manual Information Security

14
5. Viva Questions

1. If you are a victim of Denial of Service (Dos) then what you do?

2. What are Brute force Attacks?

3. How do you use RSA for both authentication and secrecy?

4. If you have to generate a hash function then what characteristics are needed in a secure
hash function?

5. What is digital signature? Differentiate between Physical and Digital Signature?

6. What is Authentication Header and how it provides the protection to IP header?

7. Explain SSL Protocol. How does it protect internet users from various threats?

8. What is PIX firewall security? How does it differ from a firewall?

9. What is plain text? What is cipher text? Give an example of transformation of plain text
into cipher text.

10. What are replay attacks? Give an example of replay attack

11. What are the two basic ways of transforming plain text into cipher text?

12. ‘What is Symmetric-Key cryptography and Asymmetric-Key cryptography?

13. Explain the use of SSL to secure the network.

14. What is the difference between Substitution Cipher and Transposition Cipher?

15. Discuss the concepts of Caesar Cipher.

16. Explain RSVP. How does it work?

17. What is the goal of Information Security in an organization?

18. What is the output of plain text Hello there, my name is Atul if we use Ceasar Cipher to
encode it?

19. How can Ceasar Cipher be cracked?

15
20. What is non-repudiation? How can it be achieved in designing e-cash based system? Give
a suitable algorithm.

21. Discuss the algorithm for Rail Fence Technique.

22. How does an authentication system differ from a firewall in functioning?

23. Distinguish between stream and block ciphers.

16
24. Write a note on the security and possible vulnerabilities of the various algorithm modes.

25. What is an Initialization Vector (IV)? What is its significance?

26. Explain the main concepts in DES?

27. Discuss the history of asymmetric key cryptology in brief.

28. If A wants to send a message securely to B, what would be the typical steps involved?

29. What is the real crux of RSA?

30. Describe the advantages and disadvantages of symmetric and asymmetric key cryptology.

31. What is key wrapping? How is it useful?

32. What are the key requirements of message digests?

33. How does an authentication system differ from a firewall in functioning?

34. What is the important aspect that establishes trust in digital signatures?

35. What is an application gateway?

36. Why is the SSL layer positioned between the application lyer and the transport layer?

37. What is the purpose of the SSL alert protocol?

38. Which are the key participants in SET?

39. Explain the concept of key rings in PGP.

40. Explain briefly how firewalls protect network.

17
4. References

TEXT BOOKS:
1. Godbole," Information Systems Security", Wiley
2. Merkov, Breithaupt," Information Security", Pearson Education

18