Unit 1: Detecting and Preventing System Intrusions :

1. Detecting System Intrusions

Intrusions are unauthorized attempts to access, modify, or destroy information on a system.

Detection involves identifying these attempts before significant harm occurs.

Key Concepts:

• Monitoring Key Files:

• Regularly check system logs, configurations, and sensitive files for

unauthorized changes.

• Zero-Day Attacks:

• Exploit vulnerabilities unknown to developers or security teams. Detecting

them often requires behavior-based anomaly detection systems.

• Full-Packet Capture Devices:

• Capture and analyze all data packets in real time to identify suspicious
patterns.

• Data Correlation and SIEM:

• SIEM (Security Information and Event Management) tools aggregate and

analyze data from across the system to detect anomalies.

2. Preventing System Intrusions

Prevention focuses on reducing vulnerabilities and implementing proactive measures to

block attacks.

Key Measures:

• Security Policies:

• Enforce strong security guidelines, including password policies and role-based

access controls.
 • Risk Analysis:

• Identify and mitigate potential vulnerabilities using regular risk assessments.

• Controlling User Access:

• Implement least privilege access controls, ensuring users can only access the
resources required for their role.

• Intrusion Prevention Systems (IPS):

• Use IPS to actively block threats like malware or network exploits before they
compromise the system.

Key Symptoms of System Intrusions

• Unusual system performance or resource usage (e.g., CPU spikes).

• Unexpected changes in permissions or files.

• Multiple failed login attempts or unauthorized access logs.

• Detection of malware or unknown processes running.

Study Tips for Unit 1:

• Understand tools like SIEM and how they aggregate logs for real-time
monitoring.

• Familiarize yourself with Zero-Day Attacks and examples of recent incidents.

• Focus on learning how firewalls, IPS, and access controls work together to
prevent intrusions.

Unit 2: Guarding Against Network Intrusions:

1. Guarding Against Network Intrusions

Network intrusions occur when unauthorized entities attempt to compromise a network’s

confidentiality, integrity, or availability. This unit focuses on identifying, preventing, and
mitigating such threats.

Key Areas:
• Traditional Reconnaissance and Attacks:
• Reconnaissance: Attackers gather information about the network (e.g., IP
addresses, open ports, and services).
• Tools like Nmap and Wireshark can detect unauthorized scans.
 • Attacks: Examples include Denial of Service (DoS), Man-in-the-Middle (MITM), and
SQL injection.
• Malicious Software:
• Includes viruses, worms, trojans, ransomware, and spyware.
• Preventive Measures:
• Use antivirus software.
• Regularly update patches and software to avoid exploits.

2. Defense in Depth

A multi-layered approach to protect against network intrusions:

• Firewalls: Block unauthorized traffic based on predefined rules.
• Intrusion Detection Systems (IDS): Detect suspicious activity (e.g., Snort).
• Intrusion Prevention Systems (IPS): Actively block detected threats.
• Encryption: Secure data in transit (e.g., TLS for websites, VPNs for private
communication).

3. Preventive Measures
• Regular Audits: Identify and fix vulnerabilities in network configurations.
• Patch Management: Apply security updates to fix known vulnerabilities.
• Network Segmentation: Divide networks into smaller segments to limit the spread
of intrusions.
• Authentication Mechanisms:
• Multi-factor authentication (MFA) for stronger identity verification.
• Access Control Lists (ACLs): Limit access to resources based on roles.

4. Intrusion Monitoring and Detection

• Network Traffic Analysis:
• Use tools like Wireshark to identify unusual patterns or spikes in traffic.
• Behavioral Analysis:
• Detect anomalies in user or device behavior.
• Threat Intelligence:
• Leverage external databases of known attack patterns or malicious IPs.

5. Reactive Measures
• Isolate compromised systems to prevent lateral movement.
 • Collect forensic evidence for post-incident analysis.
• Notify relevant stakeholders about detected threats and corrective actions.

6. Internet Security
• Internet Protocol Architecture:
• Understand layers (TCP/IP model) and their vulnerabilities.
• Threats: DDoS attacks, phishing, DNS poisoning, and session hijacking.
• Internet Security Checklist:
• Enforce HTTPS for secure communication.
• Use strong passwords and regularly rotate them.
• Implement email filtering to block phishing attempts.

Study Tips for Unit 2:

• Focus on tools like IDS/IPS, firewalls, and antivirus software.
• Understand common attack vectors (e.g., phishing, DDoS) and how to counteract
them.
• Practice using network analysis tools like Wireshark and Nmap for monitoring and
detection.

Unit 3: Intranet and Local Area Network (LAN) Security:

1. Intranet Security

The intranet is the internal network of an organization, and securing it ensures the safety of
sensitive data and resources.

Key Topics:
• Smartphones and Tablets in the Intranet:
• These devices can introduce vulnerabilities like malware or unauthorized access.
• Use Mobile Device Management (MDM) tools to enforce policies, encryption, and
remote wiping.
• Security Considerations:
• Protect sensitive intranet data with firewalls, access controls, and encrypted
communication.
• Ensure devices connected to the intranet are free of malware and have updated
software.
• Plugging the Gaps:
 • Network Access Control (NAC):
• Controls which devices can connect to the intranet based on their security
posture.
• Only devices meeting predefined policies (e.g., antivirus installed, patches
applied) are allowed access.
• Authentication and Encryption:
• Use strong authentication methods (e.g., MFA) and encryption protocols like
WPA2 or WPA3 for wireless communication.
• Wireless Network Security:
• Secure Wi-Fi networks with strong passwords and encryption.
• Disable WPS (Wi-Fi Protected Setup) to prevent brute-force attacks.
• User Training:
• Educate users on recognizing phishing attempts, avoiding malware, and following
security policies.

2. Local Area Network (LAN) Security

LANs are internal networks within an organization, connecting devices like computers,
printers, and servers. Ensuring LAN security prevents unauthorized access and attacks.

Key Topics:
• Identify Network Threats:
• Examples include ARP spoofing, unauthorized access, and malware propagation.
• Regular vulnerability assessments help identify and address these threats.
• Establish Network Access Controls:
• Implement role-based access control (RBAC) to restrict access based on user
roles.
• Use Access Control Lists (ACLs) to limit resource access.
• Incident-Handling Process:
• Steps:
• Detect and analyze the threat.
• Contain the incident to prevent further damage.
• Eradicate the root cause.
• Recover the affected systems.
• Conduct a post-incident review to prevent recurrence.
• Secure Design Through Network Access Controls:
 • Use VLANs (Virtual LANs) to segment networks and isolate sensitive resources.
• Deploy firewalls and intrusion detection/prevention systems (IDS/IPS).
• Firewalls:
• Dynamic NAT Configuration:
• Use Network Address Translation (NAT) to mask internal IP addresses.
• Packet Filtering:
• Configure IP filtering routers to block unauthorized traffic.
• Application-Layer Firewalls (Proxy Servers):
• Inspect traffic at the application layer for enhanced security.

3. Tools and Techniques

• IDS (Intrusion Detection Systems):
• Monitors network traffic for suspicious activities and generates alerts.
• Example: Snort.
• Firewalls:
• Act as a barrier between trusted internal networks and untrusted external
networks.
• Encryption:
• Protect sensitive communication using protocols like HTTPS, VPNs, and WPA2.
• Dynamic NAT:
• Masks internal IP addresses, preventing direct access to internal devices.

Study Tips for Unit 3:

• Focus on understanding NAC, firewalls, and IDS/IPS.
• Learn how VLANs and segmentation enhance LAN security.
• Review real-world applications of incident-handling processes.
• Practice identifying and mitigating common LAN threats like ARP spoofing.

Unit 4: Local Area Network Security and Cellular Network Security from your syllabus:

1. Local Area Network (LAN) Security

LAN security focuses on protecting the resources and data within a local network from
unauthorized access, attacks, and disruptions.
Key Topics:
• Identify Network Threats:
• Examples:
• ARP spoofing: Attackers impersonate devices to intercept traffic.
• Packet sniffing: Monitoring network data for sensitive information.
• Malware propagation: Spread of malicious software across the LAN.
• Establish Network Access Controls:
• Use Access Control Lists (ACLs) to restrict access to critical resources.
• Implement Role-Based Access Control (RBAC) to assign permissions based on job
roles.
• Risk Assessment:
• List network resources, identify threats, and assess vulnerabilities.
• Perform regular vulnerability assessments to identify and mitigate security gaps.
• Security Policies:
• Establish and enforce comprehensive policies, such as:
• Password policies.
• Data sharing and transfer policies.
• Incident response plans.
• Incident-Handling Process:
• Steps to address network security incidents:
1. Detect the intrusion or threat.
2. Contain the incident to minimize damage.
3. Eradicate the source of the threat.
4. Recover affected systems.
5. Review and document the incident to improve future responses.
• Firewalls:
• Use IP filtering routers to block unwanted traffic.
• Employ proxy servers as application-layer firewalls for monitoring and controlling
traffic.
• Packet Filtering:
• Inspect incoming and outgoing packets based on IP, port, and protocol to allow or
block traffic.
 • Dynamic NAT Configuration:
• Translate private IP addresses to a public IP to mask internal devices and prevent
direct access from outside.

2. Cellular Network Security

Cellular networks introduce unique challenges due to their wide area coverage and diverse
devices.

Key Topics:
• The State of Cellular Network Security:
• Cellular networks are vulnerable to:
• Eavesdropping: Interception of calls or data.
• SMS spoofing: Sending fake messages to trick users.
• SIM cloning: Duplicating SIM cards to gain unauthorized access.
• Cellular Network Attack Taxonomy:
• Passive Attacks: Monitoring communication without altering it (e.g.,
eavesdropping).
• Active Attacks: Disrupting or manipulating communication (e.g., jamming, man-in-
the-middle attacks).
• Cellular Network Vulnerability Analysis:
• Common vulnerabilities include:
• Weak encryption algorithms in legacy networks (e.g., GSM).
• Lack of secure authentication mechanisms.
• RFID Security:
• Challenges:
• Data interception due to weak encryption.
• Unauthorized scanning of RFID tags.
• Protections:
• Use cryptographic techniques to secure data on RFID tags.
• Implement access control to limit scanning.

Key Tools and Concepts:

• Firewalls and IDS/IPS:
• Protect LANs and cellular networks from intrusions.
• Encryption Protocols:
 • Secure communications using strong encryption (e.g., LTE’s AES-based encryption).
• User Training:
• Educate users to recognize phishing, fake SMS, and insecure networks.

Study Tips for Unit 4:

• Understand LAN risk assessment and how to apply firewalls and access controls
effectively.
• Learn about cellular vulnerabilities and mitigation strategies like encryption and
access control.
• Study real-world examples of RFID security issues and their solutions.

Unit 5: Cellular Network Security and RFID Security from your syllabus:

1. Cellular Network Security

Cellular networks are essential for communication but are exposed to various
vulnerabilities and attack vectors. This section focuses on understanding these threats and
implementing protections.

Key Topics:
• State of the Art in Cellular Network Security:
• Modern cellular networks (e.g., 4G, 5G) have improved security compared to earlier
technologies (e.g., GSM).
• Enhanced features include:
• Stronger encryption (e.g., AES in LTE).
• Mutual authentication between devices and networks.
• Cellular Network Attack Taxonomy:
• Passive Attacks:
• Eavesdropping on calls or data due to weak encryption.
• Active Attacks:
• Jamming: Disrupting cellular signals to make the network unavailable.
• Spoofing: Pretending to be a legitimate base station to intercept
communication.
• Man-in-the-Middle (MITM): Intercepting and manipulating communication
between two parties.
• Cellular Network Vulnerability Analysis:
• Vulnerabilities:
 • Legacy protocols (e.g., GSM) with weak or no encryption.
• Lack of robust authentication mechanisms.
• Solutions:
• Use secure protocols like LTE and 5G.
• Implement strong authentication mechanisms.

2. RFID (Radio-Frequency Identification) Security

RFID systems are used in various applications like inventory management, access control,
and tracking. However, they have their own security challenges.

Key Topics:
• RFID Challenges:
• Eavesdropping: Interception of data transmitted between RFID tags and readers.
• Replay Attacks: An attacker reuses intercepted communication to gain
unauthorized access.
• Cloning: Copying an RFID tag to create a duplicate.
• RFID Protections:
• Encryption:
• Encrypt data stored on RFID tags to prevent unauthorized access.
• Authentication:
• Implement mutual authentication between RFID tags and readers.
• Access Control:
• Restrict access to RFID tags and ensure only authorized readers can interact
with them.
• Faraday Cages:
• Block RFID signals to prevent unauthorized scanning.

3. Security Best Practices

• For Cellular Networks:
• Upgrade to networks with strong encryption (e.g., 5G).
• Educate users to avoid connecting to suspicious base stations.
• Use mobile device management (MDM) tools to enforce security policies.
• For RFID Systems:
• Use RFID tags with built-in cryptographic capabilities.
 • Regularly update firmware for RFID systems.
• Monitor RFID traffic for anomalies.

Study Tips for Unit 5:

• Understand real-world attacks on cellular networks, such as jamming or spoofing.
• Review case studies on RFID vulnerabilities and how encryption or access controls
mitigate these risks.
• Explore tools used for RFID scanning and protection.

System and Network Security Lab experiments:

1. Logging into Linux (Text and Graphical Mode)

Text Mode:
1. Boot the system and access the terminal.
2. Enter the username and password.
3. Use commands like ls, pwd, and cd to explore the system.

Graphical Mode:
1. Boot the system and access the desktop environment (e.g., GNOME, KDE).
2. Login through the graphical login screen with your credentials.

2. Configure a DNS Server

1. Install BIND:

sudo apt-get update

sudo apt-get install bind9

2. Configure Zone File:

Add your domain configuration in /etc/bind/named.conf.local:

zone "example.com" {
type master;
file "/etc/bind/db.example.com";
};

3. Create Zone File:

Copy /etc/bind/db.local and edit:

sudo nano /etc/bind/db.example.com

Example zone file:

$TTL 604800
@ IN SOA ns1.example.com. admin.example.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS ns1.example.com.
ns1 IN A 192.168.1.10
www IN A 192.168.1.10

4. Restart DNS Server:

sudo systemctl restart bind9

5. Test:
Use nslookup example.com.

3. Configure FTP on Linux

1. Install FTP Server:

sudo apt-get install vsftpd

2. Edit Configuration File:

sudo nano /etc/vsftpd.conf

• Enable local users: local_enable=YES

• Enable file uploads: write_enable=YES

3. Restart FTP Service:

sudo systemctl restart vsftpd

4. Test FTP:
• Connect using an FTP client (e.g., FileZilla) or command line:

ftp localhost

4. Detect Malicious Code in Registry and Task Manager

 1. Task Manager:
• Open Task Manager (Ctrl + Shift + Esc) and look for unknown or high-resource
processes.
2. Registry Check:
• Open Registry Editor (regedit) and search for unusual entries under:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

5. Rootkit Detection in Windows

1. Install GMER:
• Download GMER or use Malwarebytes Anti-Rootkit.
2. Scan for Rootkits:
• Launch the tool and start a scan for hidden files, drivers, or registry keys.

6. Extract Website Map Using Sam Spade

1. Download and Install Sam Spade.
2. Use the “Spider” tool to crawl the website and generate a map of its structure.

7. Stop Web Crawlers

1. Create a robots.txt file in the website’s root directory:

User-agent: *
Disallow: /

2. Use Captchas or tools like Cloudflare to block unwanted crawlers.

8. Network Traffic Sniffing with Nmap

1. Run Nmap Scan:

nmap -sT -p- 192.168.1.1

2. Monitor with Wireshark:

• Start capturing packets on the target interface and observe traffic during the scan.

9. Perform Port Scanning on Metasploitable 2

1. Launch Metasploitable 2:
• Start the VM in VirtualBox or VMware.
 2. Scan with Nmap:

nmap -sS -A 192.168.1.100

• Replace the IP with your Metasploitable 2’s IP address.

10. Demonstrate Cryptographic Algorithms

1. Install JCrypt Tool:
• Download and run the tool.
2. Test Algorithms:
• Encrypt and decrypt files using AES, RSA, or SHA.

11. Client-Server Program for Case Conversion

Server Code (Python):

import socket

server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

server.bind(('localhost', 12345))
server.listen(1)
print("Server listening on port 12345")

conn, addr = server.accept()

print(f"Connection from {addr}")

while True:
data = conn.recv(1024).decode()
if not data:
break
conn.send(data.swapcase().encode())

conn.close()

Client Code (Python):

import socket

client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

client.connect(('localhost', 12345))

while True:
msg = input("Enter message: ")
client.send(msg.encode())
print("Response:", client.recv(1024).decode())

12. Classical Encryption Techniques

Example: Caesar Cipher (Python):

def caesar_cipher(text, shift):
result = ""
for char in text:
if char.isalpha():
shift_base = 65 if char.isupper() else 97
result += chr((ord(char) - shift_base + shift) % 26 +
shift_base)
else:
result += char
return result

text = "HELLO"
shift = 3
print("Encrypted:", caesar_cipher(text, shift))

Study Tip:
• Set up a Virtual Lab using tools like VirtualBox with Linux, Windows, and
Metasploitable VMs.
• Practice coding tasks for algorithms and client-server communication.