Professional Documents
Culture Documents
Project Report
Submitted In Partial Requirement For The Diploma
In
INFORMATION TECHNOLOGY
By
Varsha G. Bhor (0507005)
Vaibhav G. Kadam (0507018)
Amit D. Parab (0507028)
Pratik G. Thorve (0507040)
Shailesh S. Walavalkar (0507043)
Project Guide
1
Department Of Information Technology
GOVERNMENT POLYTECHNIC MUMBAI
2007-2008
ACKNOWLEDGEMENTS
We present with pride & pleasure ,our project on “ ISO-27001
IMPLEMENTATION WITH ACTIVE NETWORK MONITOR &
SOFTWARE SECURITY ” to the department of INFORMATION
TECHNOLOGY, GOVT. POLYTECHNIC MUMBAI.
The word of thanks for all those persons, who have helped us directly
or indirectly in our project.
Last but not the least, we are thankful to our parents and friends for
their constant inspiration and encouragement.
2
INDEX
1)INTRODUCTION
2) ANALYSIS 12
2.1 LITERATURE SURVEY
3)SOFTWARE USED 15
3.1 VISUAL C#.NET 16
3.2 VB.NET 16
3.3 SQL SERVER 2005 16
3
4.3 SETUP FEATURES 22
4.4 CODE 24
4.5 FORM 28
4.6 ADVANTAGE 39
4.7 LIMITATION 41
5)SOFTWARE SECURITY 43
5.1 INTRODUCTION 44
5.2 DESIGN
5.2.1 DATA FLOW DIAGRAM 45
5.2.2 FLOW CHART 47
5.3 CODE 48
5.4 FORMS 51
5.5 ADVANTAGE 54
6)FUTURE SCOPE 55
7) BIBLIOGRAPHY 57
4
5
• INTRODUCTION
• Established in 1947
• Published over 16,077 international standards
• ISO meetings attract some 30,000 experts a year
• Federation comprised of 156 national standards bodies
• National member bodies manage development work
• ISO standards are consensus based
ISO 9000
Quality Management Systems
ISO 27001
Information Security Management
ISO 20000
Information Technology Service Management
ISO 14000
Environmental Management Systems
6
ISO TS 16949
Quality Management Automotive
• CONCEPT OF R&D
The phrase research and development (also R and D or, more often, R&D),
according to the Organization of Economic Cooperation and Development, refers to
"creative work undertaken on a systematic basis in order to increase the stock of
knowledge, including knowledge of man, culture and society, and the use of this
stock of knowledge to devise new applications" .
R&D has a special economic significance apart from its conventional
association with scientific and technological development. R&D investment
generally reflects a government's or organization's willingness to forego current
operations or profit to improve future performance or returns, and its abilities to
conduct research and development.
7
• IMPORTANCE
• NECESSITY OF ISO27001
Why do we test?
• Provide confidence in the system
• Identify areas of weakness
• Establish the degree of quality
• Establish the extent that the requirements have been met, i.e. what the users
asked for is what they got not what someone else though they wanted
• To provide an understanding of the overall system
• To prove it is both usable and operable
• To provide sufficient information to allow an objective decision on
applicability to deploy
8
• Planned testing in a controlled environment provides objective metrics
• To gain a Return on Investment you must first Invest
9
• Avoiding Cyber Crime : To Restrict The Cyber Crime.
• Data Security : To Provide Security To The Data.
• Combating Piracy : To Avoid Piracy Of Cd’s.
And Following Rules Are Implemented :
• INTRODUCTION
Active Network Monitor has a flexible plug-in based architecture that allows you to
plug in necessary modules on demand. Each module (plug-in) performs a task and
displays retrieved information in its own window.
With Active Network Monitor You can easily control the LAN in a
School , College or Office. It provides you with a host of facilities which include
monitoring the status of each node, saving status of each node on database ,
shutdown – logoff - restart a system if it’s a unauthorized user.
10
More to this you can also Poll a single node that you want to be
polled. The more functionality can be provided using FUTURE development.
• SOFTWARE SECURITY
Most of the system Software , Application Software incur a lot of time , cost and
resources in there development. In order to recover this lost recourse the companies
try to frame the prices of the software extremely high. And one problem they face is
PIRACY i.e. many copies of one CD.
So, the aim is to make use of original CD for authorized user only.
Since every system has unique ID (CPU ID, MAC ID etc) and every CD has unique
registration number. By making use of peer-to-peer model in LAN, the software has
been developed which allows only authorized user to use or work on the software.
Valid or invalid user will be checked at server where all the information of including
two keys (hardware key & registration key) is stored.
If the user is a valid user he would be aloud to run the
software. If it gets confirmed that the user is INVALID then the application Exits by
showing an unauthorized user message.
11
12
• ANALYSIS
• LITERATURE SURVEY
Various books & other relevant documents were read. The aspect of
the system that could be implemented in the computerized version were identified.
13
RECOGNIZTION OF NEED :
SOFTWARE SECURITY :
14
15
• SOFTWARE PLATFORM:-
• VISUAL C#.NET :-
Visual C# is the modern, innovative programming language and tool
for building .NET-connected software for Microsoft Windows, the Web, and a wide
range of devices. With syntax that resembles C++, a flexible integrated development
environment (IDE), and the capability to build solutions across a variety of
platforms and devices, Visual C# .NET significantly eases the development of .NET-
connected software.
16
Key Capabilities
17
18
• ACTIVE NETWORK MONITORING
19
20
• DESIGN
FLOW CHART OF ACTIVE NETWORK MONITOR:-
START
Run client on
network node
Run server to
Scan network
Display current
online, offline & newly
Found node
Node
YES
Exit
application
Perform action
NO
YES
Need
Select node To perform
action?
NO
Exit
21
• MINIMUM SOFTWARE & HARDWARE
REQUIREMENT FOR ACTIVE NETWORK
MONITOR:-
Software Requirement:
Hardware Components:
• SETUP FEATURES:-
22
• To setup the Server Client:
23
24
PROJECT CODE FOR ANM:-
Client :
Imports System.Text
Imports System.Net.Sockets
Imports System.Net
Imports System.ServiceProcess
25
End Sub
26
serverIP = Strval(i)
Case "ideltime"
timerIdle = Val(Strval(i))
End Select
Next
End If
Catch
timerSend = 20000
serverIP = "127.1.1.1"
timerIdle = 120000
End Try
Try
Dim myController As ServiceController
myController = New
ServiceController("NetworkMonitorService")
myController.Refresh()
If myController.Status = ServiceControllerStatus.Stopped
Then
Try
myController.Start()
Catch
End Try
End If
Catch ex As Exception
'MsgBox("Can not start Service NetMon, Reinstallation of
Client may fix this Problem. Administrator Cannot allow to handle
computer", MsgBoxStyle.OkOnly, "Service Error")
'BlockInput(True)
End Try
Dim comp_start As String, pcip As String
'CheckInetConnection()
If Not status Then
Dim state As String = ""
Dim p1 As Process
Dim p As Process() = Process.GetProcesses
pcip =
Dns.Resolve(Dns.GetHostName()).AddressList(0).ToString
For Each p1 In p
state = state & p1.ProcessName.ToString & ","
Next
p = Process.GetProcessesByName("EXPLORER")
For Each p1 In p
comp_start = p1.StartTime.ToString & ">"
Next
state = (CStatus & comp_start & pcip & "/" &
My.Computer.Name & ":" & state)
SendXMLRequest(state, serverIP)
End If
Me.Hide()
End Sub
End Class
27
• FORMS:-
1) Login Module:
Login module authenticates the person to use the Monitoring service tool
that is Active Network Monitor Program. Login module get open as
default Startup in ANM Parent.
Action >> Login
28
• Click on Button Show Preference, Login Window will expand to show
Preference details.
• Provide name of SQL Server in Database Information panel of Login
Module. The server name is that of the Computer name on which SQL
Server resides.
• Provide Authentication mode for SQL Server by Clicking on Check box of
Use Windows Authentication or Provide Username & Password
• Test connection of SQL Server by clicking on Test connection Button
• Then Provide ANM account Username & Password & click on Login button
29
2) Admin control Panel module:-
30
LIST AREAS :-
• Current Online Node: Displays all Nodes that are currently online
on Network but not in the ANM Database list
• Stored Inactive Node: Displays all Nodes that are listed in ANM
database but Inactive on network.
• Stored Active Node: Displays all Nodes that are listed in ANM
database & Active on network.
• Network Log: Displays all result of Network requests & Errors
etc.
On the Network Login form in the menu bar it has a five item.
• Action
• View
• Tools
31
• Windows
• Help
32
• Backup Database
1) Click on Button Select Log Properties, a dialog box will be displayed “Select
Log Properties”.
2) Select Active Node from drop down list
3) Select Parameter to gather information from Parameter List area or Select
All
4) Click on Update button to gather & update requested information to
database
5) Message will display after updating
33
• Polling Configuration :-
34
• Generate Report:
35
• NODE STATUS:-
Node status is use for the user P.C. While using the Node status select the server name
& you can delete the file which is running on the P.C & you can see the I.P address,
Status & you can do Logoff, Shut Down & restart the server.
1) While click on the Delete Process you can delete the file which is running on the
particular server.
2) The Log off button is use for Log Off the Particular server.
3) Shut Down is use to shut down the particular server.
4) When you click on the Restart button then the particular P.C will restart.
36
• Refresh Lan:
The Admin can save the data of the ANM to the data base
• Setting:
From the setting the admin can set the server setting & the Clint setting.
37
1) Interval of Sending Status
2) Server I.P address
3) Interval Of Idle State
• Exit
38
39
•
•
• Comprehensive Reports :-
To generate reports of gathered information which make it more productive ,
& easy to understand
40
The admin force to scene the server.
• Easy to Use :-
The ACTIVE NETWORK MONITOR provide user friendly interface
so it does not require any exclusive technical skill to operate network .
41
• LIMITATION
42
If the server goes down there is no support for application as
the complete application is dependent on server. Extra
attention should be provided for the server so that its active 24
x 7.
43
• SOFTWARE SECURITY : -
44
• DATA FLOW DIAGRAM FOR SOFTWARE SECURITY:-
The project dictionary contains an entry form for each data flow
diagram developed during analysis. Thus there is context diagram. Each DFD has
unique number and can be referenced by that number.
DFD is graphical representation of system that shows data flow to frame and
with in the system, processing functions that change data in some manner and stores
this data.
45
DFD are nothing but more than network of related system function
(processing of data) that indicate from where information (data) is received (inputs)
and to where it is send (outputs). It is also called as bubble charges.
DFD is more detailed than content diagram. DFD is used to despite specifies
data flows (moment of inform) from both the physical view & logical view
Whenever user run module 1 on client the hard drive serial key is fetch &
mail it to admin (server). This serial key get stored in central database .when
second module run on same client again hard drive volume serial key get fetched &
compare with database entries. If it get match then allow to run application
otherwise discards access to user .
46
• FLOW CHART FOR SOFTWARE SECURITY:-
START
NO
Match
Found ? Unauthorized User
YES
Authorized User
47
48
• PROJECT CODE FOR SOFTWARE SECURITY :-
using System;
using System.Windows.Forms;
using System.Collections;
using System.Management;
namespace WindowsApplication1
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
class HardDrive
{
private string serialNo = null; // new varaible for
storing value
public string SerialNo // system Sereial no.
{
get { return serialNo; }
set { serialNo = value; }
}
}
private void button1_Click(object sender, EventArgs e)
{
{
ArrayList hdCollection = new ArrayList(); // array list
created to store all harddisk in pc
ManagementObjectSearcher searcher = new
ManagementObjectSearcher("SELECT * FROM
Win32_DiskDrive"); // DiskDrive contain fdd,hdd etc.
int cnt = 0;
foreach (ManagementObject wmi_HD in searcher.Get())
{
cnt = cnt + 1;
if (cnt == 1)
{ //
1st loop to get all the hdd`s
HardDrive hd = new HardDrive();
hdCollection.Add(hd);
}
}
searcher = new
ManagementObjectSearcher("SELECT * FROM
Win32_PhysicalMedia"); //
int i = 0;
cnt = 0;
foreach (ManagementObject wmi_HD in searcher.Get())
49
{
cnt = cnt + 1;
if (cnt == 1) // kept only 1 so we get
the only 1 serail no.
{ // 2nd
loop to get serail number
HardDrive hd = (HardDrive)hdCollection[i];
hd.SerialNo = wmi_HD["SerialNumber"].ToString();
}
}
cnt = 0;
foreach (HardDrive hd in hdCollection)
{
cnt = cnt + 1;
if (cnt == 1)
{
textBox1.Text = (hd.SerialNo).Trim(); // trims
the value of the serial no.
}
}
}
}
50
• FORMS OF SOFTWARE SECURITY :-
51
• EMAIL IT:-
To Email this volume serial key to administrator we provide a mail to:
link
• EXIT:-
All Exit button on child module close them selves. Exit button on
fetch module closes application.
52
• Serial number:-Enter volume serial number of hard drive of authenticated
client.
• ADD- to add volume serial key (hard-drive)of authenticated user is
stored here
• DELETE :
To remove any record from a database because of permanent failure
select that system id from drop down list & click on delete.
The message will display that “record is deleted”
• UPDATE:-
To update any record in case of replacement of hard disk of any
client select system id from drop down list. Make a require
changes . Click on update.
The message will display “record is Updated”
53
• ADVANTAGES OF SOFTWARE SECURITY:-
• Intruder Detection.
• Liscence System.
54
55
• FUTURE SCOPE:-
• Although all the requirement have been handled by our project. There are
still some scope for expansion of the designed application like to make ANM
platform Independent.
• Our project is very general concept but we are able to developed software
security module for only .net based application . in this there is no
redundancy of data. This make the computerized system very general & can
be used for many other field based on networking
• More over we can add more ‘help’ topic to simplify working with package
• We can also add features for Automatic Updating of hard drive serial Id to
reduce manual interaction with system for higher level of security
• You can also modify this project for “Cyber Security Management” by
adding some option for tracking internet access duration .
56
• REFERENCES:-
57
1. msdn.microsoft.com
2. www.27000.org/iso-27001.htm
3. www.27001-online.com
4. www.ITBusinessEdge.com
• BIBLIOGRAPHY
1. Nine Steps to Success: An ISO 27001 Implementation Overview
---- Alan Calder
2. Information Security Based on ISO 27001/ISO 17799: A
Management Guide ---- Alan Calder
3. International IT Governance: An Executive Guide to ISO
17799/ISO 27001 ---- Kevin Henry
4. Programming in c# ----E .Balaguruswamy
58