ISO27001 STANDARD IMPLEMENTATION

(Active Network Monitor & Software Security)

Project Report
Submitted In Partial Requirement For The Diploma
In
INFORMATION TECHNOLOGY
By
Varsha G. Bhor (0507005)
Vaibhav G. Kadam (0507018)
Amit D. Parab (0507028)
Pratik G. Thorve (0507040)
Shailesh S. Walavalkar (0507043)

Project Guide

Ms. Surekha N.More

Mr. Vinayak A. Bharadi
(Lecturers of Information Technology Department)

1
 Department Of Information Technology
GOVERNMENT POLYTECHNIC MUMBAI
2007-2008

ACKNOWLEDGEMENTS
We present with pride & pleasure ,our project on “ ISO-27001
IMPLEMENTATION WITH ACTIVE NETWORK MONITOR &
SOFTWARE SECURITY ” to the department of INFORMATION
TECHNOLOGY, GOVT. POLYTECHNIC MUMBAI.

We are grateful to Our Principal Mr. D.P.Nathe & Mr.S.R.Aher Head

Of Department of Information Technology for making requisite facilities
available for us and also for their special & inspiring guidance.

Our sincere appreciation must be given to our project guides

Mr.Vinayak A.Bharadi and Ms. Surekha N.More who supported us
throughout the project work in the form of comments , correction And
suggestions, which have guide us , several times wondering of true path.

We are also thankful to all faculty of our department, especially to Mr.

Dilip Vanzari and Mr. Milind Kadam for their help & support for our project
completion

The word of thanks for all those persons, who have helped us directly
or indirectly in our project.

Last but not the least, we are thankful to our parents and friends for
their constant inspiration and encouragement.

Varsha G. Bhor (0507005)

Vaibhav G. Kadam (0507018)
Amit D. Parab (0507028)
Pratik G. Thorve (0507040)
Shailesh S. Walavalkar (0507043)

2
 INDEX
1)INTRODUCTION

1.1 ABOUT ISO 27001 07

1.2 CONCEPT OF R&D 07
1.3 IMPORTANCE 08
1.4 NECESSITY OF ISO27001 08
1.5 CONCEPT ACTIVE NETWORK MONITORING 10
1.6 CONCEPT SOFTWARE SECURITY 11

2) ANALYSIS 12
2.1 LITERATURE SURVEY

2.2 RECOGNITION OF NEED 14

3)SOFTWARE USED 15
3.1 VISUAL C#.NET 16
3.2 VB.NET 16
3.3 SQL SERVER 2005 16

4)ACTIVE NETWORK MONITOR 18

4.1 DESIGN 20
4.1.1 FLOW CHART 21

4.2 H\W & S\W REQUIREMENT 22

3
 4.3 SETUP FEATURES 22
4.4 CODE 24
4.5 FORM 28
4.6 ADVANTAGE 39
4.7 LIMITATION 41

5)SOFTWARE SECURITY 43
5.1 INTRODUCTION 44
5.2 DESIGN
5.2.1 DATA FLOW DIAGRAM 45
5.2.2 FLOW CHART 47
5.3 CODE 48
5.4 FORMS 51
5.5 ADVANTAGE 54

6)FUTURE SCOPE 55
7) BIBLIOGRAPHY 57

4
5
 • INTRODUCTION

International Organization for Standardization (ISO)

• Established in 1947
• Published over 16,077 international standards
• ISO meetings attract some 30,000 experts a year
• Federation comprised of 156 national standards bodies
• National member bodies manage development work
• ISO standards are consensus based

THE MAJOR STANDARDS

ISO 9000
Quality Management Systems

ISO 27001
Information Security Management

ISO 20000
Information Technology Service Management

ISO 14000
Environmental Management Systems

6
 ISO TS 16949
Quality Management Automotive

• ABOUT ISO 27001

ISO 27001 is a An internationally recognized structured methodology

dedicated to information security.A management process to evaluate, implement and
maintain an Information Security Management System
(ISMS). A comprehensive set of controls comprised of best practices in
information security
The ISO 27001 standard was published in October 2005, essentially replacing
the old BS7799-2 standard. It is the specification for an ISMS, an Information
Security Management System. BS7799 itself was a long standing standard, first
published in the nineties as a code of practice. As this matured, a second part
emerged to cover management systems. It is this against which certification is
granted. Today in excess of a thousand certificates are in place, across the world

• CONCEPT OF R&D
The phrase research and development (also R and D or, more often, R&D),
according to the Organization of Economic Cooperation and Development, refers to
"creative work undertaken on a systematic basis in order to increase the stock of
knowledge, including knowledge of man, culture and society, and the use of this
stock of knowledge to devise new applications" .
R&D has a special economic significance apart from its conventional
association with scientific and technological development. R&D investment
generally reflects a government's or organization's willingness to forego current
operations or profit to improve future performance or returns, and its abilities to
conduct research and development.

7
 • IMPORTANCE

The certification itself is International, in that National Accreditation Bodies

have a mutual recognition model in place enabling certifications granted in one
territory to be recognized in another.
• Common reasons to seek certification include:-
• Organizational assurance
• Trading partner assurance
• Competitive advantage
• Reduction or elimination of trade barriers
• Reduced regulation costs

• NECESSITY OF ISO27001

Why do we test?
• Provide confidence in the system
• Identify areas of weakness
• Establish the degree of quality
• Establish the extent that the requirements have been met, i.e. what the users
asked for is what they got not what someone else though they wanted
• To provide an understanding of the overall system
• To prove it is both usable and operable
• To provide sufficient information to allow an objective decision on
applicability to deploy

8
 • Planned testing in a controlled environment provides objective metrics
• To gain a Return on Investment you must first Invest

RULES OF ISO 27001:-

DATA STORE DATA SOFTWARE

SECURITY SECURITY
PROTECTION

NETWORK ISO27001 COMBATING

IMPLEMENTATIO
SECURITY N
PIRACY

BACKUP & AVOIDING

VALIDATION
RECOVERY CYBER-CRIME

The Given Diagram Shows The Rules Specified By ISO 27001:

• Data Store Protection: Protection Of Data Store

Which Hold Important Data Of Company.
• Backup And Recovery: For Smooth Functioning Of An Organization.
• Validation : For Proper Authentication And Validation.

9
 • Avoiding Cyber Crime : To Restrict The Cyber Crime.
• Data Security : To Provide Security To The Data.
• Combating Piracy : To Avoid Piracy Of Cd’s.
And Following Rules Are Implemented :

• INTRODUCTION

• ACTIVE NETWORK MONITOR

Active Network Monitor is a tool for the day-to-day monitoring of computers

in the network. Active Network Monitor runs under Windows NT/2000/XP and
allows Systems Administrators to gather information from all the computers (even
from the Windows 9x/Me computers) in the network without installing server-side
applications on these computers. Active Network Monitor provides the powerful
technology of storing and comparing received data. Administrators can make
"snapshots" of the systems for future comparison and notation of changes.

Active Network Monitor has a flexible plug-in based architecture that allows you to
plug in necessary modules on demand. Each module (plug-in) performs a task and
displays retrieved information in its own window.

With Active Network Monitor You can easily control the LAN in a
School , College or Office. It provides you with a host of facilities which include
monitoring the status of each node, saving status of each node on database ,
shutdown – logoff - restart a system if it’s a unauthorized user.

10
 More to this you can also Poll a single node that you want to be
polled. The more functionality can be provided using FUTURE development.

• SOFTWARE SECURITY

Most of the system Software , Application Software incur a lot of time , cost and
resources in there development. In order to recover this lost recourse the companies
try to frame the prices of the software extremely high. And one problem they face is
PIRACY i.e. many copies of one CD.

Since in software industry, there is a threat to the software industry.

Currently PIRACY is the greatest threat . A windows Vista Home Basic addition is
available for 10000/- Rs. But the same CD in pirated market is available for 60/- Rs.
And this price difference leads to piracy

So, the aim is to make use of original CD for authorized user only.
Since every system has unique ID (CPU ID, MAC ID etc) and every CD has unique
registration number. By making use of peer-to-peer model in LAN, the software has
been developed which allows only authorized user to use or work on the software.
Valid or invalid user will be checked at server where all the information of including
two keys (hardware key & registration key) is stored.
If the user is a valid user he would be aloud to run the
software. If it gets confirmed that the user is INVALID then the application Exits by
showing an unauthorized user message.

11
12
 • ANALYSIS

• LITERATURE SURVEY

Various books & other relevant documents were read. The aspect of
the system that could be implemented in the computerized version were identified.

Various material explaining the origin of , relevance and need of such

system were obtained from world wide web. Different methods of implementation of
such system in the corporate as well as academic sectors conducted in different
parts of the worlds were studied. We referred to the current format of Network
Management system for monitoring network client activity. We also studied various
security aspects used by corporate & Academic sectors.

A study of project was made from various books on “computer

networking”, “International IT Governance”, “hacking into computer network
”.and also books related with cracking techniques , antipiracy & network
administrating.

Data was collected from different sources on internet & discussion

were done with our colleagues & our guide . thus literature survey was stepping –
stone of our project .

13
RECOGNIZTION OF NEED :

ACTIVE NETWORK MONITOR :

When a computer network comes in mind, it is immediately followed by the thought

“COMPLEX “ and it is true. Managing a network is a extremely complex task and
till date there is no efficient software that can help a person to manage all the
computers in a network successfully.
So there is a need of software that can help a person to sit at one place
and monitor the complete list of activities that are happening throughout the
network.
To satisfy this the implementation of project Active Network Monitor (ANM)
was initialized. this attempt is a way to satisfy all the need of a person who monitors
a LAN

SOFTWARE SECURITY :

As today is the day of software industry a threat to the software

industry would lead to tremendous effects in various fields and industries. Currently
the biggest threat to the software industry is “PIRACY” i.e. many copy’s of original
copy and distributing them at very low cost. There is currently no effective solution
against “PIRACY” which is not a good thing and this need activated the
development of “SOFTWARE SECURITY MODULE”. Software security is
designed to combat piracy and this would lead to the growth of software industry.

14
15
 • SOFTWARE PLATFORM:-

• VISUAL C#.NET :-
Visual C# is the modern, innovative programming language and tool
for building .NET-connected software for Microsoft Windows, the Web, and a wide
range of devices. With syntax that resembles C++, a flexible integrated development
environment (IDE), and the capability to build solutions across a variety of
platforms and devices, Visual C# .NET significantly eases the development of .NET-
connected software.

A language with object oriented approach is becoming a fast Choice of

developers, who are migrating from other platforms. It provide a interactive and
easy to use GUI, which the programmers love the most….and for this all thanks for
MICROSOFT for developing such a interactive approach to it.

• VISUAL BASIC .NET :-

Visual Basic .NET (VB.NET) is an object-oriented computer language that can be
viewed as an evolution of Microsoft's Visual Basic (VB) implemented on the
Microsoft .NET framework. Its introduction has been controversial, as significant
changes were made that broke backward compatibility with older versions and
caused a rift within the developer community.

• SQL SERVER 2005:-

Microsoft SQL Server 2005 is a comprehensive, integrated data management and
analysis software that enables organizations to reliably manage mission-critical
information and confidently run today’s increasingly complex business applications.
SQL Server 2005 allows companies to gain greater insight from their business
information and achieve faster results for a competitive advantage.

16
Key Capabilities

• High Availability: Ensure business continuity with the highest levels of

system availability through technologies that protect your data against costly
human errors and minimize disaster recovery downtime.

• Performance and Scalability: Deliver an infrastructure that can grow with

your business and has a proven record in handling today's large amounts of
data and most critical enterprise workloads.

• Security: Provide a secure environment to address privacy and compliance

requirements with built-in features that protect your data against
unauthorized access.

• Manageability: Manage your infrastructure with automated diagnostics,

tuning, and configuration to reduce operational costs while reducing
maintenance and easily managing very large amounts of data.

17
18
• ACTIVE NETWORK MONITORING

• Active Experts Network Monitor is a network and server monitoring tool

that allows administrators to monitor the network for failures and
irregularities automatically.
• It can monitor all aspects of your LAN- and WAN servers, workstations and
IP devices. For years, System Administrators, Network Operators and
Helpdesk Employees have relied upon the power, flexibility and reliability of
the Active Experts Network Monitor tool.
• Active Experts' powerful Network Monitor Engine technology has been
adopted by several software companies all over the world.
• Active Experts Network monitoring technologies is used by thousands of
companies all over the world, making Active Experts the leading provider of
Network Monitoring solutions.

• The mission of the product is to maximize the reliability of your

production servers and applications through the automatic detection
and correction of problems & disuse.
• The product runs as a service on the Windows 2003/2000/XP/NT platform.
Active Experts Network Monitor supports Windows, UNIX, Linux and
Novell platforms. When problems are detected, you're immediately notified
by network message, e-mail or SMS message. When a failure is detected, the
network monitor tool will try to correct the problem

19
20
 • DESIGN
FLOW CHART OF ACTIVE NETWORK MONITOR:-

START

Run client on

network node

Run server to
Scan network

Display current
online, offline & newly
Found node

Save status of each

Node
YES

Exit
application
Perform action

NO

YES
Need
Select node To perform
action?

NO

Exit

21
 • MINIMUM SOFTWARE & HARDWARE
REQUIREMENT FOR ACTIVE NETWORK
MONITOR:-

Software Requirement:

• Operating System—Windows XP and above

Hardware Components:

• Processor –P III 700 MHz

• Hard Disks—40 GB
• Memory –128MB DDR RAM

• SETUP FEATURES:-

• To setup the Server:

1) Give this path:

c:\ANM_serve\ANM_server_setup\server\Dubug\setup.exe.
2) Go to setup & run the setup.exe file
3) Then the installation wizard will open & it wills guide you to install the
project.
4) After installing the project then restart your P.C. Then your software will
run.

22
 • To setup the Server Client:

1) Give this path:

c:\ANM_serve\ANM_server_setup\clint\Dubug\setup.exe.
2) Go to setup & run the setup.exe file
3) Then the installation wizard will open & it wills guide you to install the
project.
4) After installing the project then restart your P.C. Then your software will
run.

23
24
PROJECT CODE FOR ANM:-
Client :

Imports System.Text
Imports System.Net.Sockets
Imports System.Net
Imports System.ServiceProcess

Public Class Client

Public prevX As Integer
Public prevY As Integer
Declare Function BlockInput Lib "User32" (ByVal fBlockIt As Boolean)
As Boolean
Public serverName As String, serverPass As String

Private Sub Timer1_Tick(ByVal sender As System.Object, ByVal e As

System.EventArgs) Handles Timer1.Tick
Dim x = Windows.Forms.Cursor.Position.X
Dim y = Windows.Forms.Cursor.Position.Y
Dim status As Char
If x = prevX And y = prevY Then
Me.Tag += 1
If Me.Tag * Timer1.Interval = timerIdle Then
status = "I"
Me.Tag = 0
End If
Else
Me.Tag = 0
status = "O"
End If
prevX = x
prevY = y
send(status)
End Sub

Private Sub Form1_FormClosed(ByVal sender As Object, ByVal e As

System.Windows.Forms.FormClosedEventArgs) Handles Me.FormClosed
Try
th.Abort()
sendermsg.Shutdown(SocketShutdown.Both)
sendermsg.Close()
Catch
End Try
Dim p1 As Process
Dim p As Process() =
Process.GetProcessesByName("ANM_client.vshost")
For Each p1 In p
p1.Kill()
Next
p = Process.GetProcessesByName("ANM_client")
For Each p1 In p
p1.Kill()
Next

25
 End Sub

Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As

System.EventArgs) Handles MyBase.Load
If System.IO.File.Exists(Application.StartupPath &
"\config.anm") = True Then
serverName =
System.IO.File.ReadAllText(Application.StartupPath & "\config.anm")
serverPass =
System.IO.File.ReadAllText(Application.StartupPath & "\config2.anm")
Else
serverName = InputBox("Please Enter Server name to
connect:", "Server name")
System.IO.File.WriteAllText(Application.StartupPath &
"\config.anm", serverName)
serverPass = InputBox("Please Enter Server Password to
connect:", "Server name")
System.IO.File.WriteAllText(Application.StartupPath &
"\config2.anm", serverPass)
End If
Timer1.Enabled = True
send("O")
Timer1.Interval = timerSend
Timer1.Enabled = True
prevX = Windows.Forms.Cursor.Position.X
prevY = Windows.Forms.Cursor.Position.Y
Me.Tag = 0
End Sub

Sub send(ByVal CStatus As Char)

Try
Dim con As New
OleDb.OleDbConnection("Provider=SQLOLEDB.1;Password=" & serverPass &
";Persist Security Info=True;User ID=sa;Initial
Catalog=ActiveNetworkMonitorDB;Data Source=" & serverName & "")
Dim da As New OleDb.OleDbDataAdapter("Select * from
ANM_setting", con)
Dim ds As New DataSet
con.Open()
da.Fill(ds, "ANM_setting")
con.Close()
If ds.Tables("ANM_setting").Rows.Count = 0 Then
MsgBox("Settings are not configured. Please save your
default settings.", MsgBoxStyle.OkOnly, "Configuration Error")
End
Else
Dim Strsetting(4) As String, Strval(4) As String, i As
Integer, j As Integer, count As Integer = 0
For i = 0 To 3
Strsetting(i) = ds.Tables(0).Rows(i).Item(1)
Strval(i) = ds.Tables(0).Rows(i).Item(2)
Next
For i = 0 To 3
Select Case Strsetting(i)
Case "lanscan"
timerSend = Val(Strval(i))
Case "serverip"

26
 serverIP = Strval(i)
Case "ideltime"
timerIdle = Val(Strval(i))
End Select
Next
End If
Catch
timerSend = 20000
serverIP = "127.1.1.1"
timerIdle = 120000
End Try
Try
Dim myController As ServiceController
myController = New
ServiceController("NetworkMonitorService")
myController.Refresh()
If myController.Status = ServiceControllerStatus.Stopped
Then
Try
myController.Start()
Catch
End Try
End If
Catch ex As Exception
'MsgBox("Can not start Service NetMon, Reinstallation of
Client may fix this Problem. Administrator Cannot allow to handle
computer", MsgBoxStyle.OkOnly, "Service Error")
'BlockInput(True)
End Try
Dim comp_start As String, pcip As String
'CheckInetConnection()
If Not status Then
Dim state As String = ""
Dim p1 As Process
Dim p As Process() = Process.GetProcesses

pcip =
Dns.Resolve(Dns.GetHostName()).AddressList(0).ToString
For Each p1 In p
state = state & p1.ProcessName.ToString & ","
Next
p = Process.GetProcessesByName("EXPLORER")
For Each p1 In p
comp_start = p1.StartTime.ToString & ">"
Next
state = (CStatus & comp_start & pcip & "/" &
My.Computer.Name & ":" & state)
SendXMLRequest(state, serverIP)
End If
Me.Hide()
End Sub
End Class

27
 • FORMS:-

This is the operating system of the main server.

1) Login Module:

Login module authenticates the person to use the Monitoring service tool
that is Active Network Monitor Program. Login module get open as
default Startup in ANM Parent.
Action >> Login

28
• Click on Button Show Preference, Login Window will expand to show
Preference details.
• Provide name of SQL Server in Database Information panel of Login
Module. The server name is that of the Computer name on which SQL
Server resides.
• Provide Authentication mode for SQL Server by Clicking on Check box of
Use Windows Authentication or Provide Username & Password
• Test connection of SQL Server by clicking on Test connection Button
• Then Provide ANM account Username & Password & click on Login button

29
2) Admin control Panel module:-

Admin control Panel module lets the administrator to monitor the

network resources & Network Computer resources. After Logging in to
ANM first object gets open is Admin Control Panel [Current Status]. The
Status of Network gets refreshed after every Minute & updates database
& Log list.

30
 LIST AREAS :-

• Current Online Node: Displays all Nodes that are currently online
on Network but not in the ANM Database list
• Stored Inactive Node: Displays all Nodes that are listed in ANM
database but Inactive on network.
• Stored Active Node: Displays all Nodes that are listed in ANM
database & Active on network.
• Network Log: Displays all result of Network requests & Errors
etc.

Adding Node to Database :

Administrator can add new Active Node on Network to database as follows:

• Select a Particular node to be added from Current Online Node

list area.
• Click button Add node to database.
• Message will display after adding the node.

On the Network Login form in the menu bar it has a five item.

• Action
• View
• Tools

31
 • Windows
• Help

• Action: In the action menu bar there is a five submenu.

• Logout: Logout close all the account of the admin &

come out from the admin.
• Save: Save will save the current file which is running
on the Admin form.
• Delete: Delete will delete the all file which is running
on the Admin Form.
• Print: Print will give you print out of the open page.
• Exit: Exit will take you out from the particular page.

• View: In the view menu bar there is a two sub menu.

• Toolbar: When you click on the toolbar then the

toolbar menu will open.
• Status bar: When you click on the Status bar then the
Status bar will open.
• Tools: In the Tools menu bar there is a seven sub menu.

• Select Log Properties:

• Configure Polling:
• Generate Report:
• Node Status:
• Refresh LAN:

32
 • Backup Database

• Select Log Properties of particular active node

Database of network resources & node status gets refreshed after

every Minute. But if administrator wants to update it, with particular
Parameter(s) & time then Select Log Properties can be used.

1) Click on Button Select Log Properties, a dialog box will be displayed “Select
Log Properties”.
2) Select Active Node from drop down list
3) Select Parameter to gather information from Parameter List area or Select
All
4) Click on Update button to gather & update requested information to
database
5) Message will display after updating

33
• Polling Configuration :-

Using Configuration tool Administrator can configure individual

Interval, Stop timing for individual IP addresses. Also he can start or Stop
monitoring of particular node.

1) Click on Configure Polling button to configure Polling time interval

2) Configure Polling window will be displayed
3) Select Node IP address from Node IP address list
4) Set Polling interval in Minutes. Minimum polling time is 1 min.
5) Set Stop timing till which Polling process must be running.
6) Click Start to start process, after updating message box will be displayed.

34
• Generate Report:

1) To generate reports of gathered information click on Generate Report

button, this will display Generate Report window
2) Select IP Address from drop down list for particular node
3) Select Parameter to Generate report
4) Select report type to be generated as Date, Month or Year wise.
5) Select Start & End time from & till which database report must be generated
respectively
6) Then click on Generate Report button to display graph

35
• NODE STATUS:-
Node status is use for the user P.C. While using the Node status select the server name
& you can delete the file which is running on the P.C & you can see the I.P address,
Status & you can do Logoff, Shut Down & restart the server.

1) While click on the Delete Process you can delete the file which is running on the
particular server.
2) The Log off button is use for Log Off the Particular server.
3) Shut Down is use to shut down the particular server.
4) When you click on the Restart button then the particular P.C will restart.

36
• Refresh Lan:

Using refresh Lane the admin force to scene the server.

• Backup Data Base:

The Admin can save the data of the ANM to the data base

• Setting:

From the setting the admin can set the server setting & the Clint setting.

In The Server Setting The Admin Can Set The :

1) Lane Scan Interval
2) Server I.P address
3) Default Polling Interval
In The Client Setting The Admin Can Set The :

37
1) Interval of Sending Status
2) Server I.P address
3) Interval Of Idle State

• Exit

All Exit button on child module close themselves & returns to

parent “Admin Control Panel” module. Exit button on Admin Control
Panel module closes application.

38
39
 •
•

• ADVANTAGE OF ACTIVE NETWORK MONITOR

:-

• System / Network Monitoring :-

Lets the administrator to monitor the network resources & Network
Computer resources.
• Windows Event Monitoring :-
you can see the I.P address, Status & you can do Logoff, Shut Down & restart the
server.

• Comprehensive Reports :-
To generate reports of gathered information which make it more productive ,
& easy to understand

• Automated LAN Discovery

40
 The admin force to scene the server.

• Easy to Use :-
The ACTIVE NETWORK MONITOR provide user friendly interface
so it does not require any exclusive technical skill to operate network .

41
 • LIMITATION

• No Support if Server goes Down

42
 If the server goes down there is no support for application as
the complete application is dependent on server. Extra
attention should be provided for the server so that its active 24
x 7.

• Less Priority to Client

The client is given no priority so no rights are assigned to him.

All the actions are performed by the server and from the
server. The client cant do any thing.

43
• SOFTWARE SECURITY : -

• Software like scientific or 4GL language requires many resources such as

number of developer, costly hardware. So cost of such software becomes very
high. So it is necessary to recover cost by selling the software by appropriate
cost.
• One major problem could arise is CD piracy i.e. many copy of original CD.
• So, the aim is to make use of original CD for authorized user only. Every
system has unique ID (CPU ID, MAC ID etc) and every CD has unique
registration number.
• By making use of peer-to-peer model in LAN, software has been developed
which allows only authorized user to use or work on the software. Valid or
invalid user will be checked at server where all the information of including
two keys (hardware key & registration key) is stored.

44
 • DATA FLOW DIAGRAM FOR SOFTWARE SECURITY:-
The project dictionary contains an entry form for each data flow
diagram developed during analysis. Thus there is context diagram. Each DFD has
unique number and can be referenced by that number.

DFD is graphical representation of system that shows data flow to frame and
with in the system, processing functions that change data in some manner and stores
this data.

45
 DFD are nothing but more than network of related system function
(processing of data) that indicate from where information (data) is received (inputs)
and to where it is send (outputs). It is also called as bubble charges.

DFD is more detailed than content diagram. DFD is used to despite specifies
data flows (moment of inform) from both the physical view & logical view

Whenever user run module 1 on client the hard drive serial key is fetch &
mail it to admin (server). This serial key get stored in central database .when
second module run on same client again hard drive volume serial key get fetched &
compare with database entries. If it get match then allow to run application
otherwise discards access to user .

46
• FLOW CHART FOR SOFTWARE SECURITY:-

START

Run client at user side

Extract volume serial id

& mail it to Admin (server)

store volume serial id in

Central database

Install application & run it

On Load event of embedded

form Extract volume serial id
& compare it with database

NO
Match
Found ? Unauthorized User

YES

Authorized User

Run application Exit

47
48
 • PROJECT CODE FOR SOFTWARE SECURITY :-

using System;
using System.Windows.Forms;
using System.Collections;
using System.Management;

namespace WindowsApplication1
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}

class HardDrive
{
private string serialNo = null; // new varaible for
storing value
public string SerialNo // system Sereial no.
{
get { return serialNo; }
set { serialNo = value; }
}
}
private void button1_Click(object sender, EventArgs e)
{

{
ArrayList hdCollection = new ArrayList(); // array list
created to store all harddisk in pc
ManagementObjectSearcher searcher = new
ManagementObjectSearcher("SELECT * FROM
Win32_DiskDrive"); // DiskDrive contain fdd,hdd etc.
int cnt = 0;
foreach (ManagementObject wmi_HD in searcher.Get())
{
cnt = cnt + 1;
if (cnt == 1)
{ //
1st loop to get all the hdd`s
HardDrive hd = new HardDrive();
hdCollection.Add(hd);

}
}

searcher = new
ManagementObjectSearcher("SELECT * FROM
Win32_PhysicalMedia"); //

int i = 0;
cnt = 0;
foreach (ManagementObject wmi_HD in searcher.Get())

49
 {
cnt = cnt + 1;
if (cnt == 1) // kept only 1 so we get
the only 1 serail no.
{ // 2nd
loop to get serail number
HardDrive hd = (HardDrive)hdCollection[i];
hd.SerialNo = wmi_HD["SerialNumber"].ToString();
}
}
cnt = 0;
foreach (HardDrive hd in hdCollection)
{
cnt = cnt + 1;
if (cnt == 1)
{
textBox1.Text = (hd.SerialNo).Trim(); // trims
the value of the serial no.
}
}

//MachineInfo.GetInfo gv = new MachineInfo.GetInfo();

//textBox1.Text = gv.GetVolumeSerial(textBox2.Text);
}

private void button2_Click(object sender, EventArgs e)

{
Application.Exit();
}

private void button3_Click(object sender, EventArgs e)

{
System.Diagnostics.Process.Start("mailto:pratik.thorve@gmail
.com"); // used 2 send mail.

private void Form1_Load(object sender, EventArgs e)

{

}
}

50
 • FORMS OF SOFTWARE SECURITY :-

1) HARD DRIVE SERIAL KEY FETCH MODULE:-

Hard Drive Serial Key Module Consist Of Following Events:-

• GET SERIAL ID:-

when administrator want to maintain a database of an authenticated

client by clicking on this button one can fetch hard drive serial key which is
unique.

51
 • EMAIL IT:-
To Email this volume serial key to administrator we provide a mail to:
link

• EXIT:-
All Exit button on child module close them selves. Exit button on
fetch module closes application.

2) COMPARISION & SYSTEM INFO MODULE

Add New System:-

• System id:-system id is a name or lable to a system whose volume serial

number is to be add.

52
• Serial number:-Enter volume serial number of hard drive of authenticated
client.
• ADD- to add volume serial key (hard-drive)of authenticated user is
stored here

• Update & delete the system:-

• DELETE :
To remove any record from a database because of permanent failure
select that system id from drop down list & click on delete.
The message will display that “record is deleted”

• UPDATE:-
To update any record in case of replacement of hard disk of any
client select system id from drop down list. Make a require
changes . Click on update.
The message will display “record is Updated”

53
• ADVANTAGES OF SOFTWARE SECURITY:-

• Make Profit In Developer Point Of You.

• Implement High Level Security Function In Industry Area

• Intruder Detection.

• Liscence System.

54
55
 • FUTURE SCOPE:-
• Although all the requirement have been handled by our project. There are
still some scope for expansion of the designed application like to make ANM
platform Independent.
• Our project is very general concept but we are able to developed software
security module for only .net based application . in this there is no
redundancy of data. This make the computerized system very general & can
be used for many other field based on networking

Some more points as follows

• More over we can add more ‘help’ topic to simplify working with package

• We can also add features for Automatic Updating of hard drive serial Id to
reduce manual interaction with system for higher level of security

• You can also modify this project for “Cyber Security Management” by
adding some option for tracking internet access duration .

56
• REFERENCES:-

57
1. msdn.microsoft.com
2. www.27000.org/iso-27001.htm
3. www.27001-online.com
4. www.ITBusinessEdge.com

• BIBLIOGRAPHY
1. Nine Steps to Success: An ISO 27001 Implementation Overview
---- Alan Calder
2. Information Security Based on ISO 27001/ISO 17799: A
Management Guide ---- Alan Calder
3. International IT Governance: An Executive Guide to ISO
17799/ISO 27001 ---- Kevin Henry
4. Programming in c# ----E .Balaguruswamy

58