CYBER SECURITY RECORD

SNO PROGRAME NAME Pag no

1 What are the Roles and Responsibilities of System Administrator? Write thesteps for
creating the User account, setting permissions and protecting your fileswith password
2 Write the steps for disk partitioning and perform operations like shrinking,Extending,
deleting and formatting
3 Prepare a Case study on Ransomware attacks(Ex: MediaMarkt)
4 Write the steps for installation of software from Open source Mode and Paidsubscription
mode
5 Write the steps to make Microsoft Chrome as a default browser, Add Active XControls
and Add–on to the Browser
6 Write the steps to establish peer to peer network connection using two systemsin a LAN
7 What is WiFi? How do you configure the Wifi on Windows operating system
8 Write the steps to Install and configure Network Components like switwches,Hub and
Modem and how do you connect to Dial-Up networking
9 What are the features of firewall? Write the steps in providing network securityand to
set Firewall Security in windows
10 Write the steps for installation of System Software, Application software andAntivirus
11 What do you mean by Spooling printers? Write the steps for spooling printer
12 Write a Program to identify the category of IP address for a given IP address
13 Write a Program to check the strength of the password
14 Write the steps to transfer files between Wireless communication using BlueTooth&
FTP
15 Prepare a case study on Cosmos Bank Cyber attack in Pune
16 Write a Program to search the given pattern using optimized algorithm
17 Prepare a case study on Social Media Crime that occurred in Pune 2021
18 Prepare a case study on Japanese Bank for Key logger Scam
19 Write the steps to prevent the denial of Service attacks
20 Write the steps to demonstrate intrusion detection system (ids) using the toolSNORT
21 What is Malware? Write the steps to remove the malware from your PC
22 What are the various types of Vulnerabilities for hacking the web applications
23 Write steps for sharing files and printer remotely between two system
24 List out the various Mobile security apps, Write the steps to install and use ,oneof the
mobile security app
25 Write the algorithm for encoding and decoding the Hash Based MessageAuthentication
Code(HMAC)
26 Prepare a case study on Mahesh Bank cyber attack
27 Prepare a case study of cyber attack through Facebook Account
28 Create a Presentation on “ Ethical Hacking” at least 10 slides
29 Write a Program to download a file from HTTP server
30 Create a Presentation on “Security Protocols” ( atleast 5 protocols)
31 Write the steps to detect the number of devices connected to wifi and block
unauthorized devices
32 Prepare a case study on Crypto currency Cyber attack (Ex: Grim Finance)
33 Write an algorithm and Program for encrypting a plain text and decrypting acipher text
using Caesar Cipher
34 Write an algorithm and Program to implement Data Encryption Standard (DES)for
encryption and decryption
35 Write RSA algorithm and Program to implement RSA Standard for encryptionand
decryption
36 Write the steps to analyze the E-Mail Application’ssecurity vulnerabilities
 37 What is SQL Injection? Write steps for SQL Injection attack on Insert, Updateand
Delete
38 Write an algorithm and a Program to implement Diffie Hellman Key
39 Write an RSA algorithm and Program to implement digital Signature Scheme
40 Write an algorithm and Program to generate Pseudo Random numbers in arange
41 Create a Presentation on “Cyber Security Regulations” with at least 10 slides
42 Create a Presentation on “Role of International Law” with at least 10 slides
43 Create a Presentation on “Cyber Forensics” with at least 10 slides
44 Create a Presentation on “Cyber Security Standards” with at least 10 slides
45 Create a Presentation on “Cyber Security Attacks” with at least 10 slides
46 Write a Program to validate your Email address
47 Write the steps to check the devices connected to your internet and about datausage
48 Create a Presentation on “Cyber Security Policies 2013” with at least 10 slides
49 Create a Presentation on “State and Private sectors in Cyber Space” with at least10
slides
50 Write the steps to read Email Headers and identify them as SPAM

1). What are the Roles and Responsibilities of System Administrator? Write
the steps for creating the User account, setting permissions and protecting
your files with password.
Ans:

Write the steps for creating the User account, setting permissions and
protecting your files with password.

Introduction:
In case there is no Active Directory or LDAP in your environment, you will need to add local
users to one or two of servers such as an FTP Servers.

Step 1: Open Server Manager

Click on your Windows Start button and search for “Server Manager” in-case it is not fired
up already.

Step 2: Open computer management

Click on “Tools” and select “Computer Management” as illustrated below. That should
open computer management window where we shall proceed to add one or more users.

Step 3: Add User

In this window, expand “Local Users and Groups” then right-click on “Users” and select
“New User“.
Choose the one that makes sense to you then proceed to click on “Create” to create the
user and then close after you are through.

Step 4: Optional Addition of user to Administrator group

This is in case you would wish your user to be an Administrator. Click on the “Users”
folder still in “Computer Management” to expose all of the users. Right-click the name of
the specific user and select “properties".
Step 5: Configure
Once you click on “properties” in the previous step, a new “username properties” window
will come up. While in the window, click on “member of” tab then “Add“. You should see a
smaller “Select Groups” window. Type in “Administrators” and on “Check Name“. If the group
is found within the Server, click on “OK“.
Conclusion
It has been a smooth session and we now have our local users added to the Server.

Setting permissions and protecting your files with password.

Password-protect a folder

Using a password to protect a folder means that you need to enter a password to see the
list of documents in the folder.

Windows 7

1. In Windows Explorer, navigate to the folder you want to password-protect. Right-click on

the folder.
2. Select Properties from the menu. On the dialog that appears, click the General tab.
3. Click the Advanced button, then select Encrypt content to secure data. Click OK. Your
Windows username and password will be used.
4. Double-click the the folder to ensure you can access it.

Hide a folder

When you hide a folder or file in Windows, the folder or file does not appear in the directory
list, unless the Don't show hidden files, folders, or drives setting is unchecked.

Windows 7, 8, and 10

1. Right-click on the file or folder that you want to hide. Select Properties.
2. Click the General tab, under the Attributes section, check Hidden.
3. Click Apply.

If the file or folder remains visible in the directory, you will need to enable another setting.

1. In Windows Explorer, click the File tab.

2. Select Options, then select the View tab.
3. Under Hidden files and folders, select Don't show hidden files, folders, or drives.

To see your hidden files or folder, repeat the instructions above, but click Show hidden files,
folders, and drives.

Conclusion
Although Microsoft has taken away the ability to password-protect a folder, you can still keep your
confidential information private by using either a password-protected zipped folder or hiding files
and folders so they don't appear in the directory list.

2Q: Write the steps for disk partitioning and perform operations like shrinking,
Extending, deleting and formatting?

Ans:
After installing Windows 10, we need to partition hard drive in Disk Management to distribute more
free space for Windows 10 future use. If you have unallocated space on your hard drive, it's ok to
create partition with it without data loss, but if you have no such space available, you have to split
exist partition into partitions, in Windows 10 Disk Management, Delete Volume is the function you
shall use, which will not keep data when operating.
1. Create a new Partition
Steps of creating a new partition in Windows 10 Disk Management:

1. Press Windows bottom and type disk management in search box to open Disk
Management.
2. Right-click on unallocated space and select New Simple Volume; follow New Simple
Volume Wizard.
3. Confirm Simple Volume size, assign drive letter, format volume with file system, allocate
unit size (cluster size), Volume label, and perform a quick format, Finish.

When a new window pops up, it means you succeed, this window is file explorer of the volume you
created.
2. Merge partitions
Windows 10 Disk Management has no function called Merge Partitions, but we simulate it in Disk
Management, without the help of any third-party partition software, the thoery is to maunally copy
everything from one partition to another, delete one partition, merge the free space to another

Functions we’ll be using to merge partitions:

• Delete Volume
• Extend Volume

Steps of merging volume using Disk Management:

1. Press Windows + E to open File Explorer, or in Disk Management right-click on the target
partition and click Explore
2. Press Ctrl+A to select all files and navigate into another Drive you’d like to merge, right-click
on an empty (blank) area and choose New and choose Folder, name it as “Merged Drive” or any
other name you prefer
3. Double-click to go into that folder and Ctrl+V to paste everything there, time spend on this
progress may vary according to the file size

4. Then in Disk Management, right-click on the we copied data from and choose Delete
Volume and confirm when prompted with the warning message to make this area unallocated

5. Then right-click on the other partition and choose Extend Volume to evoke to Extend Volume
Wizard

By doing so, we can merge two partitions in Disk Management

3Q. Prepare a Case study on Ransomware attacks. (Ex: MediaMarkt)
Ans:

What is Ransomware
Ransomware is a subset of malware that can lock and encrypt data on a victim's computer.
Attackers then notify the victim that an exploit has occurred and the data will not be unlocked or
decrypted until a payment is received.
Types of Ransomware
• Locker blocks access to computers, and attackers require payment to unlock access.
• Crypto encrypts all or some files on a computer, and attackers require payment before
handing over a decryption key.
• Ransomware as a service (RaaS) occurs when cybercriminals can access malicious code
for a fee.
Ransomware vectors
Phishing
Phishing, which targets an organization by embedding malware in email, remains one of the most
popular ways for cybercriminals to deliver their payload.

RDP and credential abuse

Cybercriminals can inject malware through RDP, which is Microsoft's proprietary protocol for
secure remote access to servers and desktops.

Vulnerabilities from poor patching practices

Websites, including plugins, and complex software environments that link to third parties enable
malware to be inserted undetected.

Top Ransomware targets

1. education
2. retail
3. business, professional and legal services
4. central government (including federal and international)
5. IT
6. manufacturing
7. energy and utilities infrastructure
8. healthcare
9. local government
10. financial services

Some of the most notable ransomware attacks include the following recent victims:
1. An attack on Colonial Pipeline led to a multiday disruption of the fuel supply for a large swath of
the East Coast. Colonial paid a $4.4 million demand to speed its recovery efforts. Some of that
payment, made in cryptocurrency, was later recovered by the U.S. government.
2. Global beef manufacturer JBS USA had to shutter operations for several days after it was hit
by a ransomware attack. The company paid attackers $11 million to ensure no data was
exfiltrated.
3. The Buffalo Public Schools system in New York ceased instruction -- in-person and online -- in
the wake of a crippling ransomware attack. The system required a week to get back on its feet
and resume classes.
How to recognize attacks
Here are three types of ransomware detection techniques:
• signature-based ransomware compares a sample hash gathered from suspicious activity to
known signatures;
• behavior-based ransomware examines new behaviors in relation to historical data; and
• deception uses a lure such as a honeypot that normal users wouldn't touch to catch
attackers.

How to prevent Ransomware attacks

• Maintain a defense-in-depth security program.
• Consider advanced protection technologies -- such as zero trust and endpoint detection
and response.

• Educate employees about the risks of social engineering.

• Patch regularly.

• Perform frequent backups of critical data.

• Don't depend solely on backups.

4Q. Write the steps for installation of software from Open source Mode and
Paidsubscription mode
Ans :

Installing open source software depends on your operating system. This is a how-to
compilation for multiple operating systems;

linux and unixos:

1. Download and uncompress the source code.

2. In the terminal, move into the extracted directory.
3. Run "./configure" to configure the software.
4. Run "make" to compile the software.
5. Run "make install" to install the software.

Microsoft Windows

Acknowledge that Windows is not a friend of open source software. This is also because it
does not come with the make build system, so compiling from source code is harder. You will
need to install a precompiled version.

1. Go to the project website.

2. Check for ports of the program.
3. Find a port for either Windows or your version of Windows.
4. Download and run the installer.
5. Once installed, shortcuts will likely be created.
5Q). Write the steps to make Microsoft Chrome as a default browser, Add
Active XControls and Add–on to the Browser

ANS:
Set Chrome as your default web browser
Follwe Below Steps:

1. On your computer, click the Start menu .

2. Click Settings Apps. Default Apps.
3. Under "Set defaults for applications," enter Chrome into the search box. ...
4. At the top, next to "Make Google Chrome your default browser," click Set default. ...
5. To exit, close the settings window.

Enabling ActiveX on Chrome:

Follwe Below Steps:

1. Open your Google Chrome browser.

2. Click on the Google Chrome menu option (three horizontal or vertical lines/dots, depending
on the version that you have installed).
3. Click on Settings.
4. Scroll to the bottom of the page and select Advanced.
5. Navigate to the System section.
6. Select Open Proxy Settings and a new popup window will appear.
7. Click on the Security tab and select Custom Level (located under the Security Level for This
Zone section).

Add–on to the Browser

Follwe Below Steps:

1. Open Google Chrome.

2. Access the Chrome Web Store.
3. Search the store for a phrase or extension name, or scroll down to view recommended
extensions.
4. When you find an extension you want to install, click the Add to Chrome button. button.
5. In the confirmation box, click Add extension.

6Q. Write the steps to establish peer to peer network connection using two
systemsin a LAN
Ans:
Hardware You Will Need
1. At least two computers.
2. Network adapters for each computer.
3. If you have 10Base-T adapters, and only two computers, you can directly connect
one computer to the other with a crossover cable.
4. If you have 10Base-T adapters and more than two computers you will need a 10Base-T hub to
connect them.
Adding Your Network Adapter
1. With the computer off, install the NIC card in an open bay (Slot 1 is
recommended)
2. Start the Computer
3. Open up the Control Panel
4. Click on Add New Hardware
5. Click the Next button
6. You can either have Windows95 search for the adapter by selecting YES or select
NO to manually enter the adapter
7. Click the Next button
8. If you selected NO, you will need to manually select an adapter.
9. If you have a driver diskette for your network adapter, use it to install the
appropriate driver for your NIC card
7. Reboot if requested

Adding the Protocol Stack

1. You will need to decide which protocol stack you want to use for your local network.
2. If you are going to be totally isolated and never dial-up to the Internet, you could use NetBEUI
or IPX.
3. If you are going to dial to the Internet, you can select TCP/IP and just assign dummy IP
addresses for your local LAN. This way you only need to install one protocol stack. You can also
have NetBEUI or IPX as well as TCP/IP installed. NetBEUI or IPX would be used for your local
LAN and TCP/IP for the Internet Dial-Up.
4. Open the Control Panel
5. Double-click on the Network icon
6. From your network adapter detection in previous table, you should have Client for Microsoft
Networks, Client for Netware, your Adapter, IPX and NetBEUI already installed.
7. If you just want NetBEUI, highlight and remove IPX or vice versa.
8. If you want to add TCP/IP, click on the Add button
9. Click on Protocol
10. Click on Microsoft
11. Click on TCP/IP

Configuring the Network

1. Under Control Panel / Network / Identification make sure each Computer has a unique
name.
2. Make sure that the Workgroup name is the SAME for all computers.
Do not have any spaces in either the Computer or Workgroup names. Keep them simple.
3. If you have TCP/IP installed, select different IP address with the same subnet mask. You do
not need to fill in WINS, Gateway, or DNS IP addresses.
4. Click on the File and Print Sharing button and check off whether you want share Files or
Printers.

7Q: What is wifi? How do you configure the wifi on windows operating
system?
Ans:

Wifi:Wi-Fi is the wireless technology used to connect computers, tablets, smartphones and other
devices to the internet.Wi-Fi is the radio signal sent from a wireless router to a nearby device,
which translates the signal into data you can see and use. The device transmits a radio signal
back to the router, which connects to the internet by wire or cable.

Setting up a wireless network in Windows

Before you can set up your wireless network, here’s what you’ll need:

Broadband Internet connection and modem. A broadband Internet connection is a high-speed

Internet connection. Digital Subscriber Line (DSL) and cable are two of the most common
broadband connections. You can get a broadband connection by contacting an Internet service
provider (ISP).

Wireless router. A router sends info between your network and the Internet. With a wireless
router, you can connect PCs to your network using radio signals instead of wires. There are
several different kinds of wireless network technologies, which include 802.11a, 802.11b, 802.11g,
802.11n, 802.11ac, and 802.11ax.

Wireless network adapter. A wireless network adapter is a device that connects your PC to a
wireless network. To connect your portable or desktop PC to your wireless network, the PC must
have a wireless network adapter.

Select Start , type device manager in the search box, and then select Device Manager.

1. Expand Network adapters.

2. Look for a network adapter that might have wireless in the name.

Setting up the modem and Internet connection

After you have all the equipment, you'll need to set up your modem and Internet connection. your
Internet service provider (ISP), follow the instructions that came with your modem to connect it to
your PC and the Internet. If you're using Digital Subscriber Line (DSL), connect your modem to a
phone jack. If you're using cable, connect your modem to a cable jack.

Securing your wireless network

Security is always important; with a wireless network, it's even more important because your
network's signal could be broadcast outside your home. If you don't help secure your network,
people with PCs nearby could access info stored on your network PCs and use your Internet
connection.To help make your network more secure.

Change the default user name and password. This helps protect your router. Most router
manufacturers have a default user name and password on the router and a default network name
(also known as the SSID). Someone could use this info to access your router without you knowing
it. To help avoid that, change the default user name and password for your router.

Set up a security key (password) for your network. Wireless networks have a network security
key to help protect them from unauthorized access. We recommend using Wi-Fi Protected Access
3 (WPA3) security if your router and PC support it. See the documentation for your router for more
detailed info, including what type of security is supported and how to set it up.

Some routers support Wi-Fi Protected Setup (WPS). If your router supports WPS and it’s
connected to the network, follow these steps to set up a network security key:

In Windows 10, select Start , then select Settings > Network & Internet > Status > Network
and Sharing Center.
Connect a PC to your wireless network In Windows 10

1. Select the Network or Wifi icon in the notification area.

2. In the list of networks, choose the network that you want to connect to, and then
select Connect.

3. Type the security key (often called the password).

4. Follow additional instructions if there are any.

If you have problems with your Wi-Fi network when using Windows 10, see Fix Wi-Fi problems in
Windows for advanced troubleshooting info.

8Q. Write the steps to Install and configure Network Components like
switches,Hub and Modem and how do you connect to Dial-Up networking

Aim
(a)Installing a network using switches and Hub
(b)Modem Installation and Configuration
(c)Connecting to the Network using Dial-Up networking

Requirements:

Pentium IV Computer
8 port Hub
Modem
Windows XP Professional Edition
Procedure:

Installing a Network using Switches / Hubs

Physical Connection
1) Install Network Interface Card in the prescribed slot in the CPU.
2) Attach RJ45 connector in both end of UTP cable.
3) Connect one RJ45 connector in the NIC Card and another RJ45 connector in the Hub.
4) Give power supply for the Hub.
Software Installation
1) Windows will automatically detect the installed Network Interface Card and
installrequired device driver files.
Modem Installation and Configuration
1) Login as Administrator in the Windows XP system.
2) Start ->Settings ->Control Panel ->Phone and Modem options
 3) Choose Modem Tab and Click Add Button.
4) Now Add Hardware Wizard will begin and search for the modem connected in the
CPU.If the modem is found it will install the required driver files from CD/Floppy Disks.
Connecting to the Network using Dial-Up networking
1) Start - >Programs ->Accessories ->Communication ->New Connection Wizard
2) Choose Network connection Type as ‘Connect to Internet’ and click Next Button
3) Choose the option ‘Setup my connection manually’ and click Next Button
4) Choose the option ‘Connect using a dialup modem’ and click Next Button
5) Type ISP name, phone no, user account and its password and Click Finish Button.

Result:
By following the above procedures, we can install hub,modem and configure
dialup networking successfully.

9Q. What are the features of firewall? Write the steps in providing network
securityand to set Firewall Security in windows.
Aim:
Establish security in a system using firewall configuration.
Requirements:
Pentium four Computer
Windows XP Professional Edition
Procedure:
Actions
Windows XP and Vista provide a built-in firewall component, which controls
the
programs that can access the Internet and the types of connections that they
can make. IfWindows Firewall doesn't permit Firefox to make connections,
Firefox generates a"Server not found" error when you try to browse to
websites.
Checking for Windows Firewall

To see if you're running Windows Firewall:

1. Open the Windows Control Panel.
a. (Windows Vista) Click the Windows icon, and select Control Panel.
b. (Windows XP) Open the Windows Start Menu, and select Control Panel.
2. In the Control Panel, open the Windows Security Center.
a. (Windows Vista) Under the Security header, click Check this computer's
security status.
3. Open the Windows Firewall header. Try to locate the following text:
Windows Firewall is actively protecting your computer
4. If it is set to On (Recommended), you are using Windows Firewall.

Configuring Windows Firewall

1. If you're using Windows Firewall, you must verify that it is properly configured.
In the Windows Security Center, open the Windows Firewall settings dialog.
a. (Windows Vista) Click Windows Firewall. Then click Change settings.
 You may receive a User Account Control pop-up. Click Continue.
2. Click the General tab.
3. Allow connections:
a. (Windows Vista) Deselect the checkbox for Block all
incomingconnections.
b. (Windows XP) Deselect the checkbox for Don't allow exceptions.
4. Click the Exceptions tab.
5. If Mozilla Firefox is listed, select it and click the Delete button.
6. In the Delete a Program dialog, click Yes.
7. Set Windows to alert you when it blocks a program:
a. (Windows Vista) Select the checkbox for Notify me when
WindowsFirewall blocks a new program.
b. (Windows XP) Select the checbox for Display a notification
whenWindows Firewall blocks a program
8. Click OK.
9. Now, try browsing to a website with Firefox. You may receive a Windows
Security Alert dialog asking if you want to block Firefox. Click Unblock.

Result:
By following the above procedure, we can establish security in a system using
firewall configuration.

11Q. What do you mean by Spooling Printers? Write the Steps for Spooling
Printers.

In computing, spooling is a specialized form of multi-programming for the purpose

of copying data between different devices. In contemporary systems,[a] it is usually
used for mediating between a computer application and a slow peripheral, such as a
printer.

Spooling allows programs to "hand off" work to be done by the peripheral and then
proceed to other tasks, or to not begin until input has been transcribed. A dedicated
program, the spooler, maintains an orderly sequence of jobs for the peripheral and
feeds it data at its own rate.

Spooling is a combination of buffering and queuing.

To access the Print Spooler you must open the Local Services console.

STEP 1: Click the Windows "Start" button, right-click "Computer" and choose
"Manage" from the context menu.

STEP 2: Double-click "Services and Applications" and double-click "Services" to

view all the services.

STEP 3: Scroll down and double-click the "Print Spooler" service to open its
Properties window.
STEP 4: Select "Automatic" in the Startup Type drop-down menu and click the
"Start" button to enable printer

spooling on your computer.

STEP 5: Click "OK" to close the Properties window, and close the Computer
Management window.

Step 1 – Go To The Start Menu

Start by opening the Start menu of Windows OS. You can do so by pressing the
Windows key on your keyboard.

Otherwise, you can move your pointer to the bottom left corner of the desktop and
click on the Start icon.

Step 2 – Search For Command Prompt

Once the start menu opens, type “cmd”. Cmd is the short form of Command Prompt.
Once you finish typing, you must see the Command Prompt application listed on the
screen.

Step 3 – Open Command Prompt Application Right-click on the Command Prompt

icon, and you will see a dropdown menu appear on the screen. Click on “Run as
administrator” option from the menu. You may see a pop-up dialog box showing you
a warning. Click on Yes to continue.

Step 4 – Stopping Printer Spooler Service in the command prompt, type the
command “net stop spooler” and press the Enter key. You will see a message on
the command prompt “The print spooler service is stopping”. After some time, you
will see another message confirming “The print spooler service stopped
successfully”.

Step 5 – Delete The Pending Orders Now that the spooler has stopped working, you
have to ensure that when the spooler service restarts, it does not print the previously
stopped order and pending orders.

Open File Explorer and in the address bar, type

“C:\windows\system32\spool\PRINTERS” and press Enter key.

Youmay be seeing a pop-up box asking for permission. Click on the Continue
button.

Now, you need to delete all the entries that you find inside the PRINTERS folder.
Remember not to delete the

PRINTERS folder.
Step 6 – Restart The Spooler Service.

12Q: Write a program identify the category of IP address for a given IP

address.

Ans:

#include <stdio.h>
#include <string.h>

voidextractIpAddress(unsigned char *sourceString,short *ipAddress)

{
unsigned short len=0;
unsigned char oct[4]={0},cnt=0,cnt1=0,i,buf[5];

len=strlen(sourceString);
for(i=0;i<len;i++)
{
if(sourceString[i]!='.')
{
buf[cnt++] =sourceString[i];
}
if(sourceString[i]=='.' || i==len-1){
buf[cnt]='\0';
cnt=0;
oct[cnt1++]=atoi(buf);
}
}
ipAddress[0]=oct[0];
ipAddress[1]=oct[1];
ipAddress[2]=oct[2];
ipAddress[3]=oct[3];
}

int main()
{
unsigned char ip[20]={0};
shortipAddress[4];

printf("Enter IP Address (xxx.xxx.xxx.xxx format): ");

scanf("%s",ip);

extractIpAddress(ip,&ipAddress[0]);
printf("\nIp Address: %03d. %03d.
%03d.%03d\n",ipAddress[0],ipAddress[1],IpAddress[2],ipAddress[3]);
if(ipAddress[0]>=0 &&ipAddress[0]<=127)
printf("Class A Ip Address.\n");
if(ipAddress[0]>127 &&ipAddress[0]<191)
printf("Class B Ip Address.\n");
if(ipAddress[0]>191 &&ipAddress[0]<224)
printf("Class C Ip Address.\n");
if(ipAddress[0]>224 &&ipAddress[0]<=239)
printf("Class D Ip Address.\n");
if(ipAddress[0]>239)
printf("Class E Ip Address.\n");

return 0;
}

Output
Enter IP Address (xxx.xxx.xxx.xxx format): 145.160.017.001

Ip Address: 145. 160. 017. 001

Class.

13Q: Write a progam to check the strength of the password.

Ans:

#include <bits/stdc++.h>
using namespace std;
voidprintStrongNess(string& input)
{
int n = input.length();
// Checking lower alphabet in string
boolhasLower = false, hasUpper = false;
boolhasDigit = false, specialChar = false;
stringnormalChars = "abcdefghijklmnopqrstu"
"vwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 ";
for (inti = 0; i< n; i++) {
if (islower(input[i]))
hasLower = true;
if (isupper(input[i]))
hasUpper = true;
if (isdigit(input[i]))
hasDigit = true
size_t special = input.find_first_not_of(normalChars);
if (special != string::npos)
specialChar = true;
}
 // Strength of password
cout<< "Strength of password:-";
if (hasLower&&hasUpper&&hasDigit&&
specialChar&& (n >= 8))
cout<< "Strong" <<endl;
else if ((hasLower || hasUpper) &&
specialChar&& (n >= 6))
cout<< "Moderate" <<endl;
else
cout<< "Weak" <<endl;
}

// Driver code
int main()
{
string input = "cyberpassWord!@12";
printStrongNess(input);
return 0;
}

Output:

Strength of password:-Strong
Q14. Write Steps to transfer files between Wireless Communication using Blue
Tooth and FTP.
Ans
This process is actually a bit easier but will drastically vary, depending on the operating
system you’re using. However,
most platforms have developed a very user-friendly process for sending files via Bluetooth. I’ll
demonstrate using Blueman , which should illustrate how easy sharing files can be.
Here’s the process:
Step 1. Open up the Bluetooth app (in this case, Blueman)
Step 2. Set the device to share files as trusted (right-click the device and select Trust, as shown in
Figure E)
Step 3. Right-click the trusted device, and select Send a File
Step 4. Locate and select the file to be sent, and click OK
Step 5. If prompted on your smartphone, tap to allow the transfer.
Bluetooth adapter is available on your desktop, you can make this process even easier by
taking advantage of the Android built-in sharing system.
Share a photo, video, or other kind of file with a friend who has a phone, laptop, or tablet.

Step 1. Make sure the other device you want to share with is paired with your PC, turned on, and
ready to receive
files. Learn how to pair.
Step 2. On your PC, select Start > Settings > Devices > Bluetooth & other devices.
Step 3. In Bluetooth & other devices settings, select Send or receive files via Bluetooth.
Step 4. In Bluetooth File Transfer, select Send files > choose the device you want to share to >
Next.
Step 5. Select Browse > the file or files to share > Open > Next (which sends it) > Finish.
Step 6. On the receiving device, have your friend accept the file. See Receive a file over
Bluetooth.

The procedure below will work with current versions of Internet Explorer and Firefox for
Windows. To transfer files via FTP using your web browser in Windows:

Step 1. From the File menu, choose Open Location....

Step 2. In the "Location" field, type a URL like the following:
ftp://username@name-of-server
For example, if your username is dvader, and you want to reach your account on
deathstar.empire.gov, enter:
ftp://[email protected]
Note: Do not close the URL with a /, or you will connect to the root directory rather than your home
directory.
Step 3. You will be prompted for your password. After you supply the password, you will see the
contents of your
home directory on the remote machine. To change directories, click the appropriate yellow folder
icon.
Step 4. To download a file, drag the file from the browser window to the desktop. You can also
double-click the
filename, and you will be prompted to either save or open the file.
Step 5. To upload a file, drag the file from your hard drive to the browser window

15Q: Preapre a case study on Cosmos bank cyber attack in pune?

Ans:
Brief of the incidence:
A fraud was carried out at Punes’ cosmos bank, caused my malware attack on banks’ systems.
INR 95 Cr (approx. $13.4 billion) was withdrawn from several ATMs placed all around the globe.
Transactions regarding the fraud took place between August 11 to August 13 and the attack by the
hackers originated in Canada. The embezzlement was done by a malware attack on the bank
servers and by cloning thousands of debit cards, said Mr. Milind Kale, Cosmos Bank Chairman.
Some payment experts theorize that the fraud involved breaching the firewall in the servers that
authorize ATM transactions. This meant that the ATMs were releasing money without checking
whether the cards were genuine or whether there was a bank account.

Consequence of attack:
The malware attack was done on the critical communication systems between the various
payment gateways after which an amount estimated to be INR 78 crore was withdrawn
“physically” through 12,000 ATM transactions outside India, while another 2,800 transactions were
made in different corners of the country, worth an estimated INR 2.5 crore. It was observed that
unusual repeated transactions were taking place through Visa and Rupay cards used at various
ATMs for nearly two hours. On August 13, INR 13.5 crore was transferred by the hackers to the
Hong Kong-based Hanseng bank, using the Society for Worldwide Interbank Financial
Telecommunication (SWIFT) facility. As per the payment settlement system, Visa and Rupay had
raised demands for payment for all of the fraudulent transactions and as per the agreement the
bank had to pay a total amount of INR 80.5 Cr to them.Regarding the transaction of transfer of
money (INR 13.92 Cr) to a Hong Kong based bank.
Reasons of the attack:Investigations showed that the cyber-criminals had made enough and
extremely through background surveillance of the cosmos banking infrastructure first.. The
researchers concluded that the heist would be very visible from the bank audit report generated by
the system itself.Also a few days prior to the attack, the American FBI had warned banks of a
major hacking threat to ATMs worldwide and despite increased awareness and spend,
organizations have proven themselves largely unprepared for a more organized, strategic and
persistent threat.

Technical Loopholes: It has been stated that the bank may have failed to adequately invest in its
SOC (Security Operation Center), which should have analyzed the traffic coming in. An analysis
was made that the bank’s fraud detection mechanism was non- existent as there should’ve been
red alerts when so many overseas transactions were taking place at such a short span of time.
However, in its statement the bank contended it had adequate IT security in place.

Results/Pending investigation:The Special Investigating Team (SIT) had recovered INR 10.25
Cr that was lost in the heist as was revealed on August 2018.The Hong Kong based bank ‘Hang
Seng bank’ also returned INR 5.72 Cr in the first installment to Cosmos bank. The police also
recovered INR 4 Lakh from genuine Cosmos cardholders, who had visited ATMs when the
malware was active and withdrew more money than their account balance.
Impact on the business of the bank:The bank was neither penalized for its weak cyber-security
nor has anyone been held accountable. This highlights the need for RBI to enforce its cyber
guidelines for cooperative banks as strictly as it has for commercial banks. Extensive audit reports
had been called for.The bank's annual report reported total amount involved in the attack to be
INR 100. 22 crore, including exchange loss on payment settlement. That was not the only impact.
The bank says that “the cyber-attack and restoration of payment systems back to normalcy
caused an impact on the customers and their transactions.
Timeline of refund by Pune police:
January 2020 Rs 8.37 lakh
February 2020 Rs 5.98 crore
March 2020 Rs 27.25 lakh
April 2020 Rs 50.52

Q21. What is Malware? Write Steps to remove the malware from your PC
Ans :
Malware, or malicious software, is any program or file that is intentionally harmful to a
computer, network or server.
Types of malware include computer viruses, worms, Trojan horses, ransomware and spyware.

These malicious programs steal, encrypt and delete sensitive data; alter or hijack core
computing functions and monitor end users'
computer activity.
Types of malware :

Virus, Worm, Trojan horse, Spyware , Ransomware , Rotkit , Back door, Adware ,
keyloggers
Steps to remove Malware from PC

Step 1: Disconnect from the internet

Disconnecting from the internet will prevent more of your data from being sent to a malware server
or the malware
from spreading further.

Step 2: Enter safe mode

If malware is set to load automatically, this will prevent the malware from loading, making it easier
to remove. To enter
safe mode:
1. Restart your PC.
2. When you see the sign-in screen, hold down the Shift key and select Power → Restart.
3. After your PC restarts, to the “Choose an option” screen, select: Troubleshoot → Advanced
Options → Startup
Settings.
4. On the next window, click the Restart button and wait for the next screen to appear.
5. A menu will appear with numbered startup options. Select number 4 or F4 to start your PC in
Safe Mode.
Disclaimer: Avoid logging into accounts during malware removal
To avoid sharing your personally identifiable information, do not log into sensitive accounts while
your device is
infected.
Step 3: Check your activity monitor for malicious applications
If you know that you’ve installed a suspicious update or application, close the application if it’s
running. Your activity
monitor shows the processes that are running on your computer, so you can see how they affect
your computer’s
activity and performance.
In Type to search type → Resource Monitor → Find End Task → Right Click → End Process

Step 4: Run a malware scanner

Luckily, malware scanners can remove many standard infections. But remember that if you
already have an antivirus
program active on your computer, you should use a different scanner for this malware check since
your current
antivirus software may not detect the malware initially.

Step 5: Fix your web browser

Malware is likely to modify your web browser’s homepage to re-infect your PC. Check your
homepage and connection
settings using the steps below for common browsers.
To verify your homepage on Chrome:
• In the top right corner of your Chrome browser, click More → Settings.
Select the dropdown menu in the “Search engine” section.
• Verify your default homepage.
To verify your homepage on Internet Explorer:
1. Select the Tools icon.
2. Click Internet options.
3. In the General tab, find the “Search” section and click Settings.
4. Verify your default homepage.

Step 6: Clear your cache

After you’ve verified your homepage setting, it’s imperative to clear your browser’s cache. Follow
these steps below
to learn how to clear your cache for Chrome and Internet Explorer.
To clear your cache on Chrome:
History → Clear Browsing Data → Time Range → All Time → Clear Data.
To clear your cache on Internet Explore.

22Q. What are the various types of Vulnerabilities for hacking the Web
Applications.
ANS:
Most Common Website Security Vulnerabilities
1. SQL INJECTIONS
SQL injection is a type of web application security vulnerability in which an attacker attempts to
use application code to access or corrupt database content. If successful, this allows the attacker
to create, read, update, alter, or delete data stored in the back-end database. SQL injection is one
of the most prevalent types of web application security
vulnerabilities.
2. CROSS SITE SCRIPTING (XSS)
Cross-site scripting (XSS) targets an application's users by injecting code, usually a client-side
script such as JavaScript, into a web application's output. The concept of XSS is to manipulate
client-side scripts of a web application to execute in the manner desired by the attacker. XSS
allows attackers to execute scripts in the victim's browser which can hijack user sessions, deface
websites or redirect the user to malicious sites.
3. BROKEN AUTHENTICATION & SESSION MANAGEMENT
Broken authentication and session management encompass several security issues, all of them
having to do with maintaining the identity of a user. If authentication credentials and session
identifiers are not protected at all times, an attacker can hijack an active session and assume the
identity of a user.
4. INSECURE DIRECT OBJECT REFERENCES
Insecure direct object reference is when a web application exposes a reference to an internal
implementation object.
Internal implementation objects include files, database records, directories and database keys.
When an application exposes a reference to one of these objects in a URL, hackers can
manipulate it to gain access t o a user's personal data.
5. SECURITY MISCONFIGURATION
Security mis configuration encompasses several types of vulnerabilities all centered on a lack of
maintenance or a lack of attention to the web application configuration.
A secure configuration must be defined and deployed for the application, frameworks,
application server, web server, database server and platform. Security mis configuration gives
hackers access to private data or features and can result in a complete system compromise.
6. CROSS-SITE REQUEST FORGERY (CSRF)
Cross-Site Request Forgery (CSRF) is a malicious attack where a user is tricked into
performing an action he or she didn't intend to do. A third-party website will send a request to a
web application that a user is already authenticated
against (e.g. their bank). The attacker can then access functionality via the victim's already
authenticated browser. Targets include web applications like social media, in browser email
clients, online banking, and web interfaces for
network devices. Don't get caught with your guard down. Practice safe website security measures
and always be ready to protect yourself, and your company's future, from an attack that you might
never recover from. The best way to tell if your
website or server is vulnerable is to conduct regular security audits.
Simple Ways to improve Web Security
1. KEEP YOUR SOFTWARE UP-TO-DATE
It is crucial to keep all platforms or scripts you've installed up-to-date. Hackers aggressively target
security flaws in
popular web software, and the programs need to be updated to patch security holes. It is important
to maintain and
update every software product you use.
2. ENFORCE A STRONG PASSWORD POLICY
It is important to use strong passwords. Hackers frequently utilize sophisticated software that use
brute force to crack passwords. To protect against brute force, passwords should be complex,
containing uppercase letters, lowercase letters, numerals, and special characters. Your passwords
should be at least 10 characters long. This password policy
should be maintained throughout your organization.
3.ENCRYPT YOUR LOGIN PAGES
Use SSL encryption on your login pages. SSL allows sensitive information such as credit card
numbers, social security numbers, and login credentials to be transmitted securely. Information
entered on a page is encrypted so that it's meaningless to any third party who might intercept it.
This helps to prevent hackers from accessing your login
credentials or other private data.
4. USE A SECURE HOST
Choosing a secure and reputable web hosting company is very important to your website security.
Make sure the host you choose is aware of threats and devoted to keeping your website secure.
Your host should also back up your data to a remote server and make it easy to restore in case
your site is hacked. Choose a host who offers ongoing technical
support whenever necessary. CommonPlaces offers secure, reliable hosting for our customers.

5. KEEP YOUR WEBSITE CLEAN

Every database, application, or plugin on your website is another possible point of entry for
hackers. You should delete any files, databases, or applications from your website that are no
longer in use. It is also important to keep your file structure organized to keep track of changes
and make it easier to delete old files.

6. BACKUP YOUR DATA

Back up your site regularly. You should maintain backups of all of your website files in case your
site becomes inaccessible or your data is lost. Your web host provider should provide backups of
their own servers, but you should still backup your files regularly. Some content management
programs have plugins or extensions that can automatically back up your site, and you should also
be able to back up databases and content manually.

7. SCAN YOUR WEBSITE FOR VULNERABILITIES

It is important to regularly perform web security scans to check for website and server
vulnerabilities. Web security scans should be performed on a schedule and after any change or
addition to your web components. There are a number of free tools on the Internet that you can
use to measure how secure your website is. Those tools can be
helpful for a brief review, but they won't detect all the possible security flaws of your site. Having a
professional perform security scans on your website will provide an in-depth review and
explanation of the vulnerabilities on your
websites

8. HIRE A SECURITY EXPERT

Developing a relationship with a firm that provides security services can be a lifesaver when it
comes to protecting your website. While the small things can be taken care of on your own, there
are many security measures that should be handled by an expert. Companies providing security
services can regularly scan your website for vulnerabilities,
perform full website security audits, monitor for malicious activity, and be on hand whenever repair
is needed. You and your team must always be vigilant in protecting your website, and these
practical tips represent only the most basic methods. Never stop seeking security protections for
your website. Don't let the bad guys win.

24Q. List various Mobile Security Apps. Write the Steps to install and use one
of the Mobile Security App.

Mobile application security focuses on the software security posture of mobile apps on various
platforms like Android,
iOS, and Windows Phone.

Some of the best Android Mobile Security App are

• Bitdefender Mobile Security.
• Norton Mobile Security.
• Avast Mobile Security.
• Kaspersky Mobile Antivirus.
• Lookout Security & Antivirus.
• McAfee Mobile Security.
• Google Play Protect.
Google Play Protect checks your apps and devices for harmful behavior.
• It runs a safety check on apps from the Google Play Store before you download them.
• It checks your device for potentially harmful apps from other sources. These harmful apps are
sometimes
called malware.
• It warns you about potentially harmful apps.
• It may deactivate or remove harmful apps from your device.
• It warns you about detected apps that violate our Unwanted Software Policy by hiding or
misrepresenting
important information.
• It sends you privacy alerts about apps that can get user permissions to access your personal
information,
violating our Developer Policy.
• It may reset app permissions to protect your privacy on certain Android versions.
Verify your device certification status

1. Open the Google Play Store app .

2. At the top right, tap the profile icon.
3. Tap Settings.
4. Under “About,” check if your device is Play Protect certified.
How to turn Google Play Protect on or off
Important: Google Play Protect is on by default, but you can turn it off. For security, we
recommend that you always keep Google Play Protect on.

1. Open the Google Play Store app .

2. At the top right, tap the profile icon.
3. Tap Play Protect Settings.
4. Turn Scan apps with Play Protect on or off.

25Q.Write the algorithm for encoding and decoding the Hash-Based Message
Ans:

Authentication Code(HMAC)
HMAC algorithm stands for Hashed or Hash-based Message Authentication Code. It is a result of
work done on developing a MAC derived from cryptographic hash functions. HMAC is a great
resistance towards cryptanalysis attacks as it uses the Hashing concept twice. HMAC consists of
twin benefits of Hashing and MAC and thus is more secure than any other authentication code.
RFC 2104 has issued HMAC, and HMAC has been made compulsory to implement in IP security.
The FIPS 198 NIST standard has also issued HMAC.
What is the MD5 Algorithm?
MD5 (Message Digest Method 5) is a cryptographic hash algorithm used to generate a
128-bit digest from a string of any length. It represents the digests as 32 digit hexadecimal
numbers. Ronald Rivest designed this algorithm in 1991 to provide the means for digital signature
verification.
There are four major sections of the algorithm:
Padding Bits

When you receive the input string, you have to make sure the size is 64 bits short of a
multiple of 512. When it comes to padding the bits, you must add one(1) first, followed by zeroes
to round out the extra characters.

Padding Length

You need to add a few more characters to make your final string a multiple of 512. To do
so, take the length of the initial input and express it in the form of 64 bits. On combining the two,
the final string is ready to be hashed.

Initialize MD Buffer

The entire string is converted into multiple blocks of 512 bits each. You also need to
initialize four different buffers, namely A, B, C, and D. These buffers are 32 bits each and are
initialized as follows:

A = 01 23 45 67
B = 89 ab cd ef
C = fe dc ba 98
D = 76 54 32 10
Process Each Block

Each 512-bit block gets broken down further into 16 sub-blocks of 32 bits each. There are
four rounds of operations, with each round utilizing all the sub-blocks, the buffers, and a constant
array value.

This constant array can be denoted as T[1] -> T[64].

Each of the sub-blocks are denoted as M[0] -> M[15].

29Q). Write a Client program to download a file from HTTP server.

AIM:
Write a Client program to download a file from HTTP server.
Algorithm:
Algorithm for Server:
1. Create a socket for transferring data
2. Get the hostname of the client
3. Bind the socket
4. Accept the connection request
5. Receive the message send by the client and process the message and send
the message to client.
Algorithm for Client:
1. Create a socket for transferring data
2. Get the hostname of the server
3. Connect the socket to the remote system.
4. Send a message to the server.
Program:

// Implementation of TCP/IP
// Server Program
#include <unistd.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <string.h>
#include <sys/socket.h>
#include <stdio.h>
int main()
{
intsd,nsd,i,port=6200;
char c[30]=”/0”,fname[30];
structsockaddr_inser;
structsodkaddr_in cli;
FILE*fp;
if ((sd=socket(AF_INET,SOCK_STREAM,0))<0)
{ printf (“\nError:Socket Creation”);
return 0;
}
bzero((char*)&ser,sizeof(ser);
printf(“\nPort Address is %d”,port);
ser.sin_family=AF_INET;
ser.sin_port=htons(port);
ser.sin_addr.s_addr=htonl(INADDR_ANY);
Prepared By : C.ChellaPandian /SL 38 V Semester
Department of Computer Engineering Computer networks & Security Lab
if (bind(sd,(structsockaddr*)&ser,sizeof(ser))<0)
{ printf(“\nError:Binding”);
return 0;
}
i=sizeof(cli);
listen(sd,1);
printf(“\nServer Module\n”);
nsd=accept(sd,(sd,(structsockaddr*)&cli).&i);
if (nsd==-1)
{ printf(“\nError:Client accepts the problem”);
return 0;
}
printf(“\nClient accepted\n”);
i=recv(nsd,fname,30,0);
fname[i]=’\0’;
fp=fopen(fname,”rb”);
printf(“File Reading….\n”);
while(1)
{
i=fread(&c,1,30,fp);
c[i]=’\0’;
send(nsd,c30,0);
printf(“%s”,c);
strcpy(c,”\0”);
if(i<30)
break;
}
send(nsd,”EOF”,4,0);
printf(“\nFile has been Transferred”);
fclose(fp);
close(sd);
close(nsd);
return 0;
}
// Client Program
#include <unistd.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <string.h>
#include <sys/socket.h>
#include <stdio.h>
#include <arpa/inet.h>
int main()
{
intsd,nsd,i,port=6200;
char c[30]=”/0”,fname[30];
structsockaddr_inser;
Prepared By : C.ChellaPandian /SL 39 V Semester
Department of Computer Engineering Computer networks & Security Lab
FILE*fp;
if ((sd=socket(AF_INET,SOCK_STREAM,0))<0)
{
printf(“\nError:Socket Creation”);
return 0;
}
bzero((char*)&ser,sizeof(ser));
printf(“\nPort Address is %d”,port);
ser.sin_family=AF_INET;
ser.sin_port=htons(port);
ser.sin_addr.s_addr=htonl(INADDR_ANY);
if (connect(sd,(structsockaddr*)&ser,sizeof(ser))==-1)
{
printf(“\nError:Binding”);
return 0;
}
Printf(“client module\n”);
Printf(“Enter the source filename”);
Scanf(“%s”,fname);
Printf(“Enter the destination filename”);
Scanf(“%s”,file);
send(sd,fname,30,0);
fp=fopen(file,’w’);
printf(“receiving…\n”);
while(1)
{
i=recv(sd,c,30,0);
c[i]=’\0’;
printf(“%s”,c);
if(!strcmp(c,”EOF”))
break;
fwrite(&c,strlen(c) ,1,fp);
strcpy(c,”\0”);
}
printf(“\nFile has been Transferred”);
fclose(fp);
close(sd);
return 0;
}
Output
:
By following the above program, we can download a file from HTTP server.

33Q: Write an algorithm and program for encrypting a plain text and decrypting a cipher
text using Caesar Cipher?

Ans:

//Simple C program to encrypt and decrypt a string

#include <stdio.h>
int main()
{
inti, x;
charstr[100];
printf("\nPlease enter a string:\t");
gets(str);
printf("\nPlease choose following options:\n");
printf("1 = Encrypt the string.\n");
printf("2 = Decrypt the string.\n");
scanf("%d", &x);
//using switch case statements
switch(x)
{
case 1:
for(i = 0; (i< 100 &&str[i] != '\0'); i++)
str[i] = str[i] + 3; //the key for encryption is 3 that is added to ASCII value
printf("\nEncrypted string: %s\n", str);
break;
case 2:
for(i = 0; (i< 100 &&str[i] != '\0'); i++)
str[i] = str[i] - 3; //the key for encryption is 3 that is subtracted to ASCII value
printf("\nDecrypted string: %s\n", str);
break;
default:
printf("\nError\n");
}
return 0;
}
Output
#Encryption
#Decryption

35Q). Write RSA algorithm and Program to implement RSA Standard for
encryptionand decryption?

Ans:

#include<stdio.h>
#include<math.h>
//to findgcd
intgcd(int a, int h)
{
int temp;
while(1)
{
temp = a%h;
if(temp==0)
return h;
a = h;
h = temp;
}
}

int main()
{
//2 random prime numbers
double p = 3;
double q = 7;
double n=p*q;
double count;
double totient = (p-1)*(q-1);

//public key
//e stands for encrypt
double e=2;

//for checking co-prime which satisfies e>1

while(e<totient){
count = gcd(e,totient);
if(count==1)
break;
else
e++;
}

//private key
//d stands for decrypt
double d;

//k can be any arbitrary value

double k = 2;

//choosing d such that it satisfies d*e = 1 + k * totient

d = (1 + (k*totient))/e;
double msg = 12;
double c = pow(msg,e);
double m = pow(c,d);
c=fmod(c,n);
m=fmod(m,n);
printf("Message data = %lf",msg);
printf("\np = %lf",p);
printf("\nq = %lf",q);
printf("\nn = pq = %lf",n);
printf("\ntotient = %lf",totient);
printf("\ne = %lf",e);
printf("\nd = %lf",d);
printf("\nEncrypted data = %lf",c);
printf("\nOriginal Message Sent = %lf",m);

return 0;
}#include<stdio.h>
#include<math.h>

//to findgcd
intgcd(int a, int h)
{
int temp;
while(1)
{
temp = a%h;
if(temp==0)
return h;
a = h;
h = temp;
}
}

int main()
{
//2 random prime numbers
double p = 3;
double q = 7;
double n=p*q;
double count;
double totient = (p-1)*(q-1);
 //public key
//e stands for encrypt
double e=2;

//for checking co-prime which satisfies e>1

while(e<totient){
count = gcd(e,totient);
if(count==1)
break;
else
e++;
}
//private key
//d stands for decrypt
double d;

//k can be any arbitrary value

double k = 2;
//choosing d such that it satisfies d*e = 1 + k * totient
d = (1 + (k*totient))/e;
double msg = 12;
double c = pow(msg,e);
double m = pow(c,d);
c=fmod(c,n);
m=fmod(m,n);

printf("Message data = %lf",msg);

printf("\np = %lf",p);
printf("\nq = %lf",q);
printf("\nn = pq = %lf",n);
printf("\ntotient = %lf",totient);
printf("\ne = %lf",e);
printf("\nd = %lf",d);
printf("\nEncrypted data = %lf",c);
printf("\nOriginal Message Sent = %lf",m);

return 0;

Output

Message data = 12.000000

P = 3.000000
Q = 7.000000
N = pq = 21.000000
Totient = 12.000000
E = 5.000000
D = 5.000000
Encrypted data = 3.000000
Original Message Sent = 12.000000
36Q.Write the steps to analyze the E-Mail Application’s security vulnerabilities

ANS:
Email is the dream delivery platform for any and all types of cyberattacks; it provides a
mechanism capable of placing almost any kind of threat in front of almost any target.

Attackers use email to send malicious software attacks to an end user. Even when filters
are able to find potentially unwanted programs, attackers can still fall back to time-tested social
engineering tactics to convince victims to take actions against their own interests.

For decades, email has been the predominant end-user network application, so it should be
no surprise that attackers have focused their attention on exploiting email security threats. While
the attack techniques have become much more sophisticated over the years, security teams have
long understood the fundamentals of email security threats.

While the forms and intentions of email security threats have morphed many times, from
sowing chaos and denial of service via spam campaigns to today's dominant threats of
ransomware and email fraud, the email security threats themselves still generally fall into three
categories:

• Malware delivery
• Phishing
• Domain spoofing

Malware delivery:
Ever since email applications began to include attachments, file attachments have been
used to deliver malware. Once email applications began to support executable content using the
same types of content that are offered on the web, attackers quickly learned to subvert that
content with malicious code.

Phishing:
Phishing, in all its forms, is the practice of using email or other types of messaging
applications to carry out social engineering campaigns in an effort to convince the victim to
perform some action. Ordinary phishing campaigns spread generic phishing emails to a broad
spectrum of potential targets in order to harvest user credentials or infect users' systems with
ransomware by prompting them to click on malicious links.
Domain spoofing:
Spoofing domains is a common tactic attackers use against email users. The domain being
spoofed may be in the headers of a message to try to fool the recipient into believing that the
email originated from a known domain. For example, an attacker may send a phishing message
that appears to have originated from the recipient's employer, bank or other trusted source.

37.What is SQL Injection? Write steps for SQL Injection attack on Insert, Update

and Delete?

ANS:

SQL injection is a web security vulnerability that allows an attacker to interfere with the
queries that an application makes to its database. It generally allows an attacker to view
data that they are not normally able to retrieve. This might include data belonging to other
users, or any other data that the application itself is able to access. In many cases, an
attacker can modify or delete this data, causing persistent changes to the application's
content or behavior.

SQL injection examples

There are a wide variety of SQL injection vulnerabilities, attacks, and techniques, which
arise in different situations. Some common SQL injection examples include:

Retrieving hidden data, where you can modify an SQL query to return additional results.

Subverting application logic, where you can change a query to interfere with the
application's logic.

UNION attacks, where you can retrieve data from different database tables.

Examining the database, where you can extract information about the version and structure
of the database.

Blind SQL injection, where the results of a query you control are not returned in the
application's responses.

SQL injection in different parts of the query

Most SQL injection vulnerabilities arise within the WHERE clause of a SELECT query. This
type of SQL injection is generally well-understood by experienced testers.

But SQL injection vulnerabilities can in principle occur at any location within the query, and
within different query types. The most common other locations where SQL injection arises
are:

In UPDATE statements, within the updated values or the WHERE clause.

In INSERT statements, within the inserted values.

In SELECT statements, within the table or column name.

In SELECT statements, within the ORDER BY clause.

38Q.Write an algorithm and a Program to implement Diffie Hellman Key?

ANS:

#include <stdio.h>
// Function to compute `a^m mod n`
int compute(int a, int m, int n)
{
int r;
int y = 1;

while (m > 0)
{
r = m % 2;
 // fast exponention
if (r == 1) {
y = (y*a) % n;
}
a = a*a % n;
m = m / 2;
}

return y;
}

// C program to demonstrate the Diffie-Hellman algorithm

int main()
{
int p = 23; // modulus
int g = 5; // base

int a, b; // `a` – Alice's secret key, `b` – Bob's secret key.

int A, B; // `A` – Alice's public key, `B` – Bob's public key

// choose a secret integer for Alice's private key (only known to Alice)
a = 6; // or, use `rand()`

// Calculate Alice's public key (Alice will send `A` to Bob)

A = compute(g, a, p);

// choose a secret integer for Bob's private key (only known to Bob)
b = 15; // or, use `rand()`

// Calculate Bob's public key (Bob will send `B` to Alice)

B = compute(g, b, p);

// Alice and Bob Exchange their public key `A` and `B` with each other

// Find secret key

intkeyA = compute(B, a, p);
intkeyB = compute(A, b, p);

printf("Alice's secret key is %d\nBob's secret key is %d", keyA, keyB);

return 0;
}
39Q.Write an RSA algorithm and Program to implement digital Signature
Scheme?
ANS:

#include<stdio.h>
#include<math.h>

// Returns gcd of a and b

intgcd(int a, int h)
{
int temp;
while (1)
{
temp = a%h;
if (temp == 0)
return h;
a = h;
h = temp;
}
}

// Code to demonstrate RSA algorithm

int main()
{
// Two random prime numbers
double p = 3;
double q = 7;

// First part of public key:

double n = p*q;

// Finding other part of public key.

// e stands for encrypt
double e = 2;
double phi = (p-1)*(q-1);
while (e < phi)
{
// e must be co-prime to phi and
// smaller than phi.
if (gcd(e, phi)==1)
break;
else
e++;
}

int k = 2; // A constant value

 double d = (1 + (k*phi))/e;

// Message to be encrypted
Double msg = 20;

printf("Message data = %lf", msg);

// Encryption c = (msg ^ e) % n
double c = pow(msg, e);
c = fmod(c, n);
printf("\nEncrypted data = %lf", c);

// Decryption m = (c ^ d) % n
double m = pow(c, d);
m = fmod(m, n);
printf("\nOriginal Message Sent = %lf", m);

return 0;
}

40Q.Write an algorithm and Program to generate Pseudo Random numbers in

a range?
ANS:
#include <stdio.h>
#include <conio.h>
#include <stdlib.h>
int main()
{
int n, max, num, c;
printf("Enter the number of random numbers you want\n");
scanf("%d", &n);
printf("Enter the maximum value of random number\n");
scanf("%d", &max);
printf("%d random numbers from 0 to %d are:\n", n, max);
for (c = 1; c <= n; c++)
{
num = rand();
printf("%d\n",num);
}
getch();
return 0;
}
OUTPUT
Enter the number of random numbers you want
5
Enter the maximum value of random number
10
5 random numbers from 0 to 10 are:
1804289383
846930886
1681692777
1714636915
1957747793