CYBR-260-40A: Security Scripting with Python Study Guide Solution

Final Design Document

Champlain College

CYBR-260-40A: Security Scripting with Python

Professor Hartsel, Chad

1) Problem description

Python is one of the programming languages that is widely used because of its versatility. Python can solve different problems that may occur by implementing security analysis or digital forensics operations. As one of the powerful programming languages globally, Python is used in key domains on the internet technologies such as web development, big data analytics, mobile application development, network forensics, and cloud computing (Lee et al., 2017). The versatility characteristic of Python comes from its ability to provide support and follow many programming paradigms like object-oriented, imperative, procedural, and functional.

Network security is often accomplished through the regular monitoring and control of network traffic. Penetration testers and network administrators often monitor network traffic to identify abnormalities that may comprise the system’s security features (Sinha, 2017). Network security professionals use port scanners to map traffic flow in the network to locate devices therein and learn the actions the users take on the devices to categorize them as threats or non-threats (Lubanovic, 2017). For an organization experiencing abnormal network traffic from the users, the network administrator or penetration tester can use a port scanner made from Python code that allows them to monitor the actions taken by users on the network.

The port scanner created using Python will be used to find open ports in a network, which they can communicate with at the moment. The python port scanner will enable the network administrator and the penetration tester to find the status of the ports in a network. The provided report will help analyze the traffic in the network with emphasis placed on what ports are available, those which are occupied, and what the users are using the port form. The python port scanner will enable the network administrator and penetration tester to monitor network traffic effectively and prevent any threatening actions to the system’s security.

2) Propose Solution

A port scanner is a program designed to search a network host for open ports. This is used to check the security of their networks by using crackers to compromise it. To ports scan, a host is to scan for listening ports on a single target host. To port sweep, is to scan multiple hosts for a specific listening port.

The protocol stack that is most common on the Internet today is TCP/IP. In this system, hosts and host services are referenced using two components: an address and a port number. There are 65536 distinct and usable port numbers.

The result of a scan on a port is usually generalized into one of three categories:

Open or Accepted: The host sent a reply indicating that a service is listening on the port.

Closed or denied or not listening: The host sent a reply indicating that connections will be denied to the port.

Filtered, Dropped or Blocked: There was no reply from the host.

3) Input, Output

My program reads input from a csv file. The file consists of multi lines, each line includes host and range of ports. Here is a sample:

Output: For each pair (host, port) from input the program will procedure status of host, port. It can be open or closed. Sqlite is used to store output data.

The table schema:

CREATE TABLE IF NOT EXISTS output (

                                   id integer AUTO_INCREMENT,

                                   host text NOT NULL,

                                   port integer NOT NULL,

                                   status text NOT NULL,

                                   create_time datetime

                                   )

4) Persistent Storage

I decide to use sqlite to store data instead of flat file or xml because:

On the other hand if the data size is just a single or few lines then flat file is best option. What makes difference between them is, SQLite stores data in structured format, so it will be easier to find a record from multiple set of records which is very tedious process in case of flat file.

If the data is going to change, the user is going to add stuff, or you need to retrieve different things at different times then I would say go with SQLite. It’s designed to do that and it’s very fast and lightweight. An XML document isn’t all that hard to do but XML isn’t as straightforward to use,

So i think using sqlite is a good choice in this case