Subhadip Das

CSE 2018/008 11700118026

Cryptography and Network Security
PEC-CS801B
CA1 Assignment

Group A: Short Answer Type Questions

Q1. What are the Chief principles of security? Explain with examples.

Ans: The Principles of Security can be classified as follows:

1. Confidentiality
Confidentiality determines the secrecy of the information asset.
Determining confidentiality is not a matter of determining whether
information is secret or not. When considering confidentiality,
managers determine the level of access in terms of how and where the
data can be accessed. For information to be useful to the organisation, it
can be classified by a degree of confidentiality.
2. Integrity
With data being the primary information asset, integrity provides the
assurance that the data is accurate and reliable. Without integrity, the
cost of collecting and maintaining the data cannot be justified.
Therefore, policies and procedures should support ensuring that data
can be trusted.

Mechanisms put in place to ensure the integrity of information should

prevent attacks on the storage of that data (contamination) and on its
transmission (interference). Data that is altered on the network between
the storage and the user's workstation can be as untrustworthy as the
 attacker altering or deleting the data on the storage media. Protecting
data involves both storage and network mechanisms.
3. Availability
Availability is the ability of the users to access an information asset.
Information is of no use if it cannot be accessed. Systems should have
sufficient capacity to satisfy user requests for access, and network
architects should consider capacity as part of availability. Policies can
be written to enforce this by specifying that procedures be created to
prevent denial-of-service (DoS) attacks.
4. Privacy
Privacy relates to all elements of the CIA triad. It considers which
information can be shared with others (confidentiality), how that
information can be accessed safely (integrity), and how it can be
accessed (availability).

As an entity, privacy is probably the most watched and regulated area of

information security. Laws, such as the U.S. Federal Privacy Act of 1974,
provide statutes that limit the government's use of citizens' personal
data.
5. Identification and Authentication
Information security is the process of managing access to resources. To
allow a user, a program, or any other entity to gain access to the
organisation's information resources, you must identify them and verify
that the entity is who they claim to be. The most common way to do this
is through the process of identification and authentication.
6. Access control
The principle of access control is determined by role management and
rule management. Role management determines who should access
the data while rule management determines up to what extent one can
access the data. The information displayed is dependent on the
 person who is accessing it.

Q2. What are the types of attacks from a technologist’s view? Explain with
examples.

Ans: A cyber-attack is an exploitation of computer systems and networks. It

uses malicious code to alter computer code, logic or data and lead to
cybercrimes, such as information and identity theft.
Cyber-attacks can be classified into the following categories:
Web-based attacks:
These are the attacks which occur on a website or web applications. Some of
the important web-based attacks are as follows:
1. Injection attacks
It is the attack in which some data will be injected into a web application to
manipulate the application and fetch the required information.
Example- SQL Injection, code Injection, log Injection, XML Injection etc.

2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby data is
introduced into a DNS resolver's cache causing the name server to return an
incorrect IP address, diverting traffic to the attacker?s computer or any other
computer. The DNS spoofing attacks can go on for a long period of time
without being detected and can cause serious security issues.

3. Session Hijacking
It is a security attack on a user session over a protected network. Web
applications create cookies to store the state and user sessions. By stealing the
cookies, an attacker can have access to all of the user data.

4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like
user
login credentials and credit card number. It occurs when an attacker is
masquerading as a trustworthy entity in electronic communication.

5. Brute force
It is a type of attack which uses a trial and error method. This attack generates
a large number of guesses and validates them to obtain actual data like user
password and personal identification number. This attack may be used by
criminals to crack encrypted data, or by security analysts to test an
organisation's network security.

6. Denial of Service
It is an attack which means to make a server or network resource unavailable
to the users. It accomplishes this by flooding the target with traffic or sending
it information that triggers a crash.

System-based attacks:
These are the attacks which are intended to compromise a computer or a
computer network. Some of the important system-based attacks are as follows:
1. Virus
It is a type of malicious software program that spread throughout the
computer files without the knowledge of a user. It is a self-replicating
malicious computer program that replicates by inserting copies of itself into
other computer programs when executed. It can also execute instructions that
cause harm to the system.
2. Worm
It is a type of malware whose primary function is to replicate itself to spread
to uninfected computers. It works the same as the computer virus. Worms
often originate from email attachments that appear to be from trusted senders.
3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting
and unusual activity, even when the computer should be idle. It misleads the
user of its true intent. It appears to be a normal application but when
opened/executed some malicious code will run in the background.
4. Backdoors
It is a method that bypasses the normal authentication process. A developer
may create a backdoor so that an application or operating system can be
accessed for troubleshooting or other purposes.
5. Bots
A bot (short for "robot") is an automated process that interacts with other
network services. Some bots program run automatically, while others only
execute commands when they receive specific input. Common examples of
bots programs are the crawler, chatroom bots, and malicious bots.

Q3. Define viruses and worms. What is Phishing?

Ans:
Worms : Worms are similar to a virus but it does not modify the program. It
replicates itself more and more to slow down the computer system. Worms
can be controlled by remote. The main objective of worms is to eat the system
resources.

Virus : A virus is a malicious executable code attached to another executable

file that can be harmless or can modify or delete data. When the computer
program runs attached with a virus it performs some action such as deleting a
file from the computer system. Viruses can’t be controlled remotely.

Phishing: When cybercriminals try to get sensitive information from you, like
credit card numbers and passwords. Some specific techniques include spear
phishing (targets specific people or departments), whale phishing (targets
important people like CEOs), and SMiShing (phishing via text messages) and
vishing (voice phishing that takes place over the phone, usually through
impersonation).
We
tpmaae pouotembynduehm
,
bn de tim kn, e hame nat if N o wtoiw n

men, t h it cawae
pnimen nl

Stpo, at b , an poirise dknet ne nd

Sowe IiSn, ttm

FlE. . Thunfn E lm-,
heh asud. F1
50tnone a pxime nwnber dikne all
e Pi's so tal e kame atlea nal
tnso. in N.

Nte tu -

Euelds emma aal Hha

oit
mwn intúg en
n>i coa be
a
duel of frik many puim not netmariy

e one t ged 256 omd l66 omd empsas he

nar comsinatn 56
lICG.
66 4»156 4 2
956 1 142 114

147 2 1o
, gu (2st, l16) :
2.
Now
m alim 0)-

I45 - 142 x4
 (s6 142) -S Iy24 -frem
2565 - 12 2s 5--9>142
29T 9(n66-4rast)
23 s -1116s6
)25
36367 2s

25 (S + 3 -1 ne4 25 4 1166.

2 25t (4) (-49.uCe

So. 215 1C uhan ro 41

w s ,144) 2
rota
e e 4
-b (ar5) (a)5
( ( -)
lo25 lo23

Sineu cannet- be dinidrsd

1013 a puime n
4o1023
Su to5: (lero7 25 st4 25(4o*) 254
e o f 1025

4of 2" -1. Sonaad 4|2 -1 i fre

7 e tne nmaindo ham 2
wecam
iidu y 34.
wne
om N Sueuhat
(a)1
ed )
Thnone s4 u pame h md ( ) (2,34)» .
23.
341
CmedCmod a 341).
Thwufsu,
thwut4 em
22340 nide
) 341, hu vmoinln
vnainln