Professional Documents
Culture Documents
OF
COMPUTER SECURITY AND CYBER LAW
By
Submitted to:
Harendra Subedi
Nov 2019
Table of contents
1
Lab1 : Authentication and Authorization
1.1 Introduction
This lab work involves documenting steps on authenticating and authorizing users
to use database under the syllabus of BIM 6th Cyber Security and Cyber Law
course. In computer security, Authentication is about validating your credentials
such as Username/User ID and password to verify your identity. The system then
checks whether you are what you say you are using your credentials. And
Authorization occurs after your identity is successfully authenticated by the
system, which therefore gives you full access to resources such as information,
files, databases, funds, etc. However authorization verifies your rights to grant you
access to resources only after determining your ability to access the system and up
to what extent.
2
1.3 Installation
To install MySQL Server :
Go through following link
https://dev.mysql.com/downloads/installer/
1.4
3
Purpose Statement
● To create a valid user
● To authenticate a user
● To give user privileges
● To authorize user
Output:
4
Create User:
Before creating user lets see on what username we are currently using MySQL:
select user();
5
This will create a user Anish. Anish cannot do anything right now.. So to give
privilege of doing so we need to:
GRANT ALL PRIVILEGES ON *.* TO 'dipak’@'localhost';
FLUSH PRIVILEGES;
Let's create another user ram who can only read table student.
create user 'ram'@'localhost' identified by '!23Raaaam';
grant select on * . * to 'ram'@'localhost';
flush privileges
6
1.6 Conclusion
The purpose of the lab work is duly fulfilled . We were able to create user and
authenticate successfully. We were also able to grant privileges to user.
7
2.2 Digital Signature Certificates
Digital signatures are like ‘fingerprints’ i.e, they verify that the document is
generated from a trusted source , YOU.
There are 2 keys involved in Digital certificate, Private and Public and as the name
suggests private is what you have and public is what you give to everybody. First
you sign the document with private key and receiver verify with the public key.
8
2.3 Objectives
The main purpose of Digital certificates is to identify people and resources
to provide secure, confidential communication between the two parties.
It protects the integrity of the message.
It protects the integrity of the message.
2.4 Requirements
Certificate Authority(preferably trusted)
Digital Signature Certificate
Adobe Acrobat
Document to Sign
2.5 Procedure
9
Now I will be using my report file to sign with the generated certificate.
Firstly open file in adobe acrobat and click on the “fill and sign”.
10
Now we need to click and drag in the area where we want our certificate to
visibly appear.After that following window will appear.
11
3 LAB 3: Firewall concepts and Implementation in
Windows
3.1 Firewall Definition
In computing, a firewall is a network security system that monitors and controls
incoming and outgoing network traffic based on predetermined security rules. A
12
firewall typically establishes a barrier between a trusted internal network and
untrusted external network, such as the Internet. Firewalls are tools that can be
used to enhance the security of computers connected to a network, such as LAN or
the Internet
13
Configuring Network Profiles
The Windows firewall uses three different profiles:
Domain Profile: Used when our computer is connected to a domain.
Private: Used when connected to a private network, such as a work or home
network.
Public: Used when connected to a public network, such as a public Wi-Fi access
point or a direct connection to the Internet.
Windows asks whether a network is public or private when we first connect to it.
A computer may use multiple profiles, depending on the situation. For example, a
business laptop may use the domain profile when connected to a domain at work,
the private profile when connected to a home network, and the public profile when
connected to a public Wi-Fi network – all in the same day.
14
We should click the Windows Firewall Properties link to configure the firewall
profiles.
The firewall properties window contains a separate tab for each profile. Windows
blocks inbound connections and allows outbound connections for all profiles by
default, but we can block all outbound connections and create rules that allow
specific types of connections. This setting is profile-specific, so we can use a
whitelist only on specific networks.
15
Creating a Rule
To create a rule, we should select the Inbound Rules or Outbound Rules category
at the left side of the window and click the Create Rule link at the right side.
16
The Windows firewall offers four types of rules:
17
Blocking a Program
18
Let’s say we want to block a specific program from communicating with the
Internet — we don’t have to install a third-party firewall to do that.
First, we should select the Program rule type. On the next screen, we should use
the Browse button and select the program’s .exe file.
19
On the Action screen, we should select “Block the connection.” If we were setting
up a whitelist after blocking all applications by default, we’d select “Allow the
connection” to whitelist the application instead.
20
On the Name screen, we can name the rule and enter an optional description. This
will help us identify the rule later.
21
Restricting Access
If we really want to lock down a program, we can restrict the ports and IP
addresses it connects to. For example, let’s say we have a server application that
we only want accessed from a specific IP address.
From the Inbound Rule list, we should click New Rule and select the Custom rule
type.
22
On the Program pane, we should select the program we want to restrict. If the
program is running as a Windows service, we should use the Customize button to
select the service from a list. To restrict all network traffic on the computer to
communicating with a specific IP address or port range, we should select “All
programs” instead of specifying a specific program.
23
On the Protocol and Ports pane, we should select a protocol type and specify ports.
For example, if we’re running a web server application, we can restrict the web
server application to TCP connections on ports 80 and 443 by entering these ports
in the Local port box.
24
The Scope tab allows us to restrict IP addresses. For example, if we only want the
server communicating with a specific IP address, we should enter that IP address in
the remote IP addresses box.
25
Select the “Allow the connection” option to allow the connection from the IP
address and ports we specified. We should make sure to check that no other
firewall rules apply to the program – for example, if we have a firewall rule that
allows all inbound traffic to the server application, this rule won’t do anything.
26
The rule takes effect after we specify the profiles it will apply to and name it.
27
28