Professional Documents
Culture Documents
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, UNIT - 4
Two marks questions
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, 6) What is HTTP and SMTP?
HTTP
HTTP (Hypertext Transfer Protocol) is the set of rules for transferring files on the World Wide
Web. The files can be text files, graphic images, sound, video, or other multimedia files. As soon
as a Web user opens their Web browser, the user is indirectly making use of HTTP. HTTP is an
application protocol that runs on top of the TCP/IP suite of protocols (the foundation protocols for
the Internet).
SMTP
SMTP stands for Simple Mail Transfer Protocol and is a TCP/IP protocol used in sending and
receiving e-mail. It’s a set of communication rules that allow software to send email over the
Internet. Most email software is designed to use SMTP for communication for sending email, and
it only works for outgoing messages.
DNS
Domain name server (DNS) is a protocol with a set of standards for how computers exchange data
on the Internet and it is an application protocol that runs on top of the TCP/IP suite of protocols. A
domain name locates an organization or other entity on the Internet. For example, the domain name
www.CareerMonk.com locates an Internet address for CareerMonk.com at IP addressl99.5.10.2 and
a particular host server named www. The com part of the domain name reflects the purpose of the
organization or entity (in this example, commercial) and is called the top-level domain name. The
CareerMonk part of the domain name defines the organization and together with the top-level is
called the second-level domain name. The second-level domain name maps to and can be thought
of as the readable version of the Internet address (IP address). A third level can be defined to identify
a particular host server at the Internet address. In our example, www is the name of the server which
SDM
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, handles Internet requests (a second server might be called www2.) A third level of domain name is
not required. For example, the fully-qualified domain name (FQDN) could have been
CareerMonk.com and the server assumed. Subdomain levels can also be used for modularity and
ease of maintenance. For example, we could have www.TechnicalServer.CareerMonk.com.
Together, www. CareerMonk.com constitutes a fully-qualified domain name. Second-level domain
names must be unique on the Internet and registered for the com, net, and org top-level domains.
Where appropriate, a top-level domain name can be geographic. Currently, most non-U.S. domain
names use a top-level domain name based on the country the server is in (for example, India uses .
in).
DHCP
Dynamic Host Configuration Protocol (DHCP) is a protocol for automatically assigning IP
addresses to devices throughout a network, and of re-assigning those addresses as they are no longer
needed by the device that used them. It provides an effective alternative to manually assigning IP
addresses to every client, server, and printer. Apart from eliminating the manual effort of creating
and maintaining a list of IP address assignments for network devices, DHCP also provides a
measure of protection against the mistakes that can arise when the process of IP addressing is
manual.
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, virus companies update their detection tools constantly to deal with the more than 60,000 new pieces
of malware created daily.
Basic functions:
• Scan specific files or directories for any malware or known malicious patterns.
• Allow you to schedule a scan.
• Allow you to initiate a scan of a specific file or of your computer, or of a CD or flash drive at
any time.
• Remove any malicious code detected –sometimes you will be notified of an infection and asks
if you want to clean the file, other programs will automatically do this behind the scenes. • Show
you the health of your computer.
Trojan horse
A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The
Trojan horse, at first glance will appear to be useful software but will actually do damage once
installed or run on your computer. Those on the receiving end of a Trojan horse are usually tricked
into opening them because they appear to be receiving legitimate software or files from a legitimate
source. When a Trojan is activated on your computer, the results can vary. Some Trojans are
designed to be more annoying than malicious (like changing your desktop, adding silly active
desktop icons) or they can cause serious damage by deleting files and destroying information on
your system. Trojans are also known to create a backdoor on your computer that gives malicious
SDM
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, users access to your system, possibly allowing confidential or personal information to be
compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do
they self-replicate.
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, The client calls a local procedure, called the client stub. To the client process, this appears to be the
actual procedure, because it is a regular local procedure. It just does something different since the
real procedure is on the server. The client stub packages the parameters to the remote procedure
(this may involve converting them to a standard format) and builds one or more network messages.
The packaging of arguments into a network message is called marshaling and requires serializing
all the data elements into a flat array-of-bytes format.
1) Network messages are sent by the client stub to the remote system (via a system call to the
local kernel using transport layer sockets interfaces).
2) Network messages are transferred by the kernel to the remote system via some protocol (either
connectionless or connection-oriented: TCP or UDP).
3) A server stub, sometimes called the skeleton, receives the messages on the server. It
unmarshals the arguments from the messages and, if necessary, converts them from a standard
network format into a machine-specific form.
4) The server stub calls the server function (which, to the client, is the remote procedure),
passing it the arguments that it received from the client.
5) When the server function is finished, it returns to the server stub with its return values.
6) The server stub converts the return values, if necessary, and marshals them into one or more
network messages to send to the client stub.
7) Messages get sent back across the network to the client stub.
8) The client stub reads the messages from the local kernel.
9) The client stub then returns the results to the client function, converting them from the
network representation to a local one if necessary.
10) The client code then continues its execution.
The major benefits of RPC are twofold. First, the programmer can now use procedure call semantics
to invoke remote functions and get responses. Secondly, writing distributed applications is
simplified because RPC hides all of the network code into stub functions. Application programs
don’t have to worry about details such as sockets, port numbers, and data conversion and parsing.
On the OSI reference model, RPC spans both the session and presentation layers (layers five and
six).
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, 3 Internet Storage Name Service
The Internet Storage Name Service (iSNS) protocol is used for interaction between iSNS servers
and iSNS clients. iSNS clients are computers, also called initiators that are attempting to discover
storage devices, also known as targets, on an Ethernet network. iSNS facilitates automated
discovery, management, and configuration of iSCSI and Fibre Channel devices on a TCP/IP
network.
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, This layer also transforms user data from its specified abstract syntax form into the selected transfer
syntax form and vice versa. In this way two machines with a different architecture can communicate
with each other. So, the presentation layer must contain an encoder/decoder.
Another important function in this layer is the context management. This function stores for all the
synchronization points. Also, the presentation layer provides data compression and data encryption.
The presentation layer provides:
1) Data conversion: Conversion schemes are used to exchange information with systems using
different text and data representations (such as EBCDIC and ASCII)
2) Data representation: The use of standard image, sound, and video formats (like JPEG, MPEG,
and RealAudio) allow the interchange of application data between different types of computer
systems.
3) Data compression: Reduces the number of bits that need to be transmitted on the network.
4) Data encryption: Encrypt data for security purposes. For example, password encryption.
After receiving data from the application layer, the presentation layer performs one, or all, of its
functions on the data before it sends it to the session layer. At the receiving station, the presentation
layer takes the data from the session layer and performs the required functions before passing it to
the application layer.
Data Representation
Common data representation formats, or the use of standard image, sound, and video formats,
enable the interchange of application data between different types of computer systems. Using
different text and data representations, such as EBCDIC and ASCII, uses conversion schemes to
exchange information with systems. Presentation layer implementations are not typically associated
with a particular protocol stack. Some well-known standards for video include QuickTime and
Motion Picture Experts Group (MPEG). Presentation Layer standards also determine how graphic
images are presented.
Three of these standards are as follows:
• PICT: A picture format used to transfer QuickDraw graphics between programs on the MAC
operating system.
• TIFF (Tagged Image File Format): A format for high-resolution, bitmapped images.
SDM
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, • JPEG (Joint Photographic Experts Group): Graphic format used most often to compress still
images of complex pictures and photographs.
• GIF (Graphics Interchange Format): GIF is a standard for compressing and coding graphic
images.
Other Layer 6 standards guide the presentation of sound and movies. Included in these standards
are the following:
• MIDI (Musical Instrument Digital Interface): For digitized music
• MPEG (Motion Picture Experts Group): Standard for the compression and coding of motion
video for CDs and digital storage
• QuickTime: A standard that handles audio and video for programs on both MAC and PC
operating system. QuickTime is an Apple Computer specification for video and audio, and
MPEG is a standard for video compression and coding.
Authentication
Authentication is the process of determining whether someone is who it is declared to be.
In private and public computer networks, it is done through the use of logon passwords.
Knowledge of the password is assumed to guarantee that the user is authentic.
Each user registers initially, using an assigned or self-declared password. On each subsequent use,
the user must know and use the previously declared password.
The weakness in this system for transactions that are significant (such as the exchange of money)
is that passwords can often be stolen, accidentally revealed, or forgotten.
For this reason, Internet business and many other transactions require a more robust authentication
process.
Authorization
After authentication, a user must gains authorization for doing certain tasks.
For example, after logging into a system; the user may try to issue commands.
The authorization process determines whether the user has the authority to issue such commands.
In other words, authorization is the process of enforcing policies: determining what types or
qualities of activities, resources, or services a user is permitted.
Once you have authenticated a user, they may be authorized for different types of access or
activity.
Data Integrity
Data Integrity is the assurance that data have not been changed inappropriately.
SDM
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, There are many ways in which data might be altered: accidentally (through hardware and
transmission errors), or because of an intentional attack.
For example, a weakness that allows an administrator to change the permissions on any file on a
system would not be security vulnerability because an administrator already has this capability.
In contrast, if a weakness allowed an unprivileged user to do the same thing, it would constitute
security vulnerability.
Confidentiality
Confidentiality refers to limiting access to information on a resource to authorized people.
An attacker that exploits a weakness in a product to access non-public information is compromising
the confidentiality of that product.
For example, a weakness in a web site that enables a visitor to read a file that should not be read
would constitute security vulnerability.
However, a weakness that revealed the physical location of a file would not constitute vulnerability.
Availability
Availability refers to the possibility to access a resource.
An attacker that exploits a weakness in a product, denying appropriate user access to it, is
compromising the availability of that product.
For example, a weakness that enables an attacker to cause a server to fail would constitute security
vulnerability, since the attacker would be able to regulate whether the server provided service or
not.
However, the fact that an attacker could send a huge number of legitimate requests to a server and
monopolize its resources would not constitute security vulnerability, as long as the server operator
still could control the computer.
Non-repudiation
To repudiate means to deny. Non-repudiation is the process of ensuring that a transferred message
has been sent and received by the parties claiming to have sent and received the message.
Nonrepudiation is a way to guarantee that the sender of a message cannot later deny having sent the
message and that the recipient cannot deny having received the message.
Any email message has a sender, a recipient (sometimes multiple recipients), a message body, and
usually a title heading (subject). From users perspective, when they write an email message, they
see the graphical user interface of their email software (for example, Outlook), but once that
message goes out on the Internet, everything is converted into strings of text. This text is separated
by code words or numbers that identify the purpose of each section. SMTP provides those codes,
SDM
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, and email server software is designed to understand what they mean. The most common commands
are:
HELO Introduce yourself
EHLO Introduce yourself and request extended mode
MAILROM Specify the sender
RCPT TO Specify the recipient
DATA Specify the body of the message (To, From and
Subject should be the first three lines)
RSET Reset
QUIT Quit the session
HELP Get help on commands
VRFY Verify an address
EXPN Expand an address
VERB Verbose
The other purpose of SMTP is to set up communication rules between servers. For example, servers
have a way of identifying themselves and announcing what kind of communication they are trying
to perform. There are also ways to handle errors, including common things like incorrect email
addresses. In a typical SMTP transaction, a server will identify itself, and announce the kind of
operation it is trying to perform. The other server will authorize the operation, and the message will
be sent. If the recipient address is wrong, or if there is some other problem, the receiving server may
reply with an error message of some kind.
The sequence of events for an active FTP connection goes like this:
• FTP client: Opens random response ports in the high number range (for example, we will
assume ports TCP 6000 and TCP 6001).
• FTP client: Sends a request to open a command channel from its TCP port 6000 to the FTP
server’s TCP port 21.
• FTP server: Sends an OK from its TCP port 21 to the FTP client’s TCP port 6000 (the command
channel link). The command channel is established at this point.
SDM
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, • FTP client: Sends a data request (PORT command) to the FTP server. The FTP client includes
in the PORT command the data port number it opened to receive data. In this example, the FTP
client has opened TCP port 6001 to receive the data.
• FTP server: The FTP server opens a new inbound connection to the FTP client on the port
indicated by the FTP client in the PORT command. The FTP server source port is TCP port 20.
In this example, the FTP server sends data from its own TCP port 20 to the FTP client’s TCP
port 6001.
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, “DHCPNACK” packet). The process of negotiating an IP address must then begin again, with
the client issuing a new DHCPDISCOVER packet.
5) When a DHCP client is finished with its IP address, it can release that address to let it be made
available again to the pool of IP addresses in the DHCP servers’ scope. This is done with a
“DHCPRELEASE” packet. Alternatively, the address may be retained and re-established the
next time that device re-joins the network.
By default, each time it boots, a DHCP client will attempt to renew its IP address lease. If the client
cannot communicate with a DHCP server, it will continue to use the IP address it has on lease until
that lease expires. Clients also will attempt to renew their leases halfway through the lease period
(by default in Windows, after four days).
Authentication
Authentication is the process of determining whether someone is who it is declared to be. In private
and public computer networks, authentication is commonly done through the use of logon
passwords. Knowledge of the password is assumed to guarantee that the user is authentic. Each user
registers initially, using an assigned or self-declared password. On each subsequent use, the user
must know and use the previously declared password. The weakness in this system for transactions
that are significant (such as the exchange of money) is that passwords can often be stolen,
accidentally revealed, or forgotten. For this reason, Internet business and many other transactions
require a more robust authentication process. The use of digital certificates issued and verified by a
SDM
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, Certificate Authority (CA) as part of a public key infrastructure is the standard way to perform
authentication on the Internet.
Authorization
After authentication, a user must gain authorization for doing certain tasks. For example, after
logging into a system; the user may try to issue commands. The authorization process determines
whether the user has the authority to issue such commands. In other words, authorization is the
process of enforcing policies: determining what types or qualities of activities, resources, or services
a user is permitted. Usually, authorization occurs within the context of authentication. Once you
have authenticated a user, they may be authorized for different types of access or activity.
Data Integrity
Data Integrity is the assurance that data have not been changed inappropriately. There are many
ways in which data might be altered: accidentally (through hardware and transmission errors), or
because of an intentional attack. For example, a weakness that allows an administrator to change
the permissions on any file on a system would not be security vulnerability because an administrator
already has this capability. In contrast, if a weakness allowed an unprivileged user to do the same
thing, it would constitute security vulnerability.
Confidentiality
Confidentiality refers to limiting access to information on a resource to authorized people. An
attacker that exploits a weakness in a product to access non-public information is compromising the
confidentiality of that product. For example, a weakness in a web site that enables a visitor to read
a file that should not be read would constitute security vulnerability. However, a weakness that
revealed the physical location of a file would not constitute vulnerability.
Availability
Availability refers to the possibility to access a resource. An attacker that exploits a weakness in a
product, denying appropriate user access to it, is compromising the availability of that product. For
example, a weakness that enables an attacker to cause a server to fail would constitute security
vulnerability, since the attacker would be able to regulate whether the server provided service or
not. However, the fact that an attacker could send a huge number of legitimate requests to a server
and monopolize its resources would not constitute security vulnerability, as long as the server
operator still could control the computer.
Non-repudiation
To repudiate means to deny. Non-repudiation is the process of ensuring that a transferred message
has been sent and received by the parties claiming to have sent and received the message.
Nonrepudiation is a way to guarantee that the sender of a message cannot later deny having sent the
message and that the recipient cannot deny having received the message.
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER,
Phishing attack:
In phishing attack (also called brand spoofing), attacker creates an almost 100 percent perfect replica
of a chosen website, then tries to trick the user in to disclosing their personal details – username,
password, PIN etc. – via a form on the fake website, allowing the criminal to use the details to
obtain money. Phishers use various techniques to trick users in to accessing the fake website, such
as sending emails that pretend to be from a bank. These emails often use legitimate logos, a good
business style and often spoof the header of the email to make it look like it came from a legitimate
bank. In general, these letters inform recipients that the bank has changed its IT infrastructure and
asks all customers to re-confirm their user information. When the recipient clicks on the link in the
email, they are directed to the fake website, where they are prompted to divulge their personal
information.
With stream ciphers, patterns in the plaintext can be reflected in the ciphertext.
As an example, consider the plaintext
“We will discuss one to one” into ciphertext to compare the two patterns:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Block Ciphers
Block ciphers differ from stream ciphers in that they encrypt and decrypt information in fixed size
blocks instead of each bit or byte individually. A block cipher processes a block of plaintext through
its algorithm to generate a block of ciphertext. Ideally, a block cipher should generate ciphertext
roughly equivalent in size (in terms of number of blocks) to the plaintext. Block ciphers encrypt an
entire block of plaintext bits at a time with the same key. This means that the encryption of any
plaintext bit in a given block depends on every other plaintext bit in the same block. Typically,
blocks consist of 64 bits (8 bytes) or 128 bits (16 bytes) of data (depends on cipher algorithm). Also,
note that the same plaintext block always encrypts to the same ciphertext block.
SDM
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, A cipher that generates a block of ciphertext that is significantly larger than the information it is
trying to protect is of little practical value. Think about it in terms of network bandwidth: If the
ciphertext block was twice the size of the plaintext, the net effect is that your bandwidth would be
cut in half. This would also have an impact on files stored in an encrypted format. An unencrypted
file 5 MB in size would be 10 MB in size when encrypted.
Examples of block ciphers are:
• Data Encryption Standard (DES)
• International Data Encryption Algorithm (IDEA)
• SKIPJACK
The public key is what its name suggests - public. It is made available to everyone. Whereas, the
private key must remain confidential to its respective owner. Because the key pair is
mathematically related, whatever is encrypted with a public key may only be decrypted by its
corresponding private key and vice versa.
SDM
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER,
14) How do you create and verify digital signature? Explain. (6)
Creating a Digital Signature
A hash function is applied to the message that gives a fixed-size message digest. The signature
function uses the message digest and the sender’s private key to generate the digital signature. The
message and the signature can now be sent to the recipient. The message is unencrypted and can be
read by anyone. However, the signature ensures authenticity of the sender (something similar to a
circular sent by a proper authority to be read by many people, with the signature attesting to the
authenticity of the message).
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER,
15) What is firewall? What are its advantages and disadvantages? (5/6/7)
What is a Firewall?
The term firewall was derived from civil engineering and intended to prevent the spread of fire from
one room to another. From the computer security perspective, the Internet is an unsafe environment;
therefore firewall is an excellent metaphor for network security.
A firewall is a system designed to prevent unauthorized access to or from a private network.
Firewalls can be implemented in either hardware or software form, or a combination of both.
Firewalls prevent unauthorized users from accessing private networks. A firewall sits between the
two networks, usually a private network and a public network such as the Internet.
Connecting a computer or a network of computers may become targets for malicious software and
hackers. A firewall can offer the security that makes a computer or a network less vulnerable.
The basic requirements of an effective firewall are:
1) All traffic must pass through it (both incoming and outgoing). This can be achieved by blocking
all access to the LAN except via the firewall.
2) It must allow only authorized packets to pass.
3) It must be immune to penetration or compromise. That means, for the firewall we should use a
secured operating system.
Advantages of Firewalls
• Firewalls discard the unauthorized traffic from entering/leaving the local network. A firewall
examines all the packets routed between the two networks to see if it meets certain criteria. If it
does, it is routed between the networks, otherwise it is discarded. A firewall filters both
incoming and outgoing traffic.
• It can be used to log all attempts to enter the private network and trigger alarms when attacker
or unauthorized entry is attempted. Firewalls can filter packets based on their source and
destination addresses and port numbers. This is known as address filtering. Firewalls can also
filter specific types of network traffic. This is also known as protocol filtering because the
SDM
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, decision to forward or reject traffic is dependent upon the protocol used, for example http, ftp
or telnet. Firewalls can also filter traffic by packet attribute or state.
• A firewall can provide NAT for systems or networks that don’t have an IP address. Firewalls
are effective at maintaining logs of all activity that pass through, connections to, or attempts to
connect to the system. These logs can be used to identify abnormal events.
Disadvantages of Firewalls
• We all know what happens if we put all eggs in a single box! Firewalls also have a similar issue
as it represents a single point of failure.
• Success of firewalls depends on configuration. If we make a mistake configuring; it may allow
unauthorized access.
• If the firewall goes down; connection to the outside network is down. That means, DoS attack
may take the network down by making firewall down.
• Since firewall examines all the traffic going in and out; a firewall tends to degrade network
performance (network throughput) between the outside network and the inside network. A
firewall by itself does not assure a secure network.
• A firewall is only a tool. Firewalls need to be configured properly, and they need to be
monitored. Firewalls cannot monitor internal traffic and hence cannot stop attacks. Employee
misconduct or carelessness cannot be controlled by firewalls. Policies involving the use and
misuse of passwords and user accounts must be strictly enforced.
• When developing firewall access policies, there are two general approaches that can be
employed. The first is to deny anything that is not explicitly allowed. The second is to allow
that which is not explicitly denied. And, the first approach is the more secure.
Dialog management
Deciding whose turn, it is to talk. Some applications operate in half-duplex mode, whereby the two
sides alternate between sending and receiving messages, and never send data simultaneously.
Session layer can manage half-duplex communications. In half-duplex communication, data can go
in either direction, but transmission must alternate. A session service closely related to this is dialog
management. In the ISO protocols, dialog management is implemented through the use of a data
token. The token is sent back and forth, and a user may transmit only when it possesses the token.
Only the user with the token can send data. After establishing the session, only one user initially
gets the token. The user who holds the token is the sender and the other is receiver. If the receiver
wants to send the data, he can request for the token. The sender decides when to give up on acquiring
the token, receiver becomes sender.
Synchronization
The transport layer handles only communication errors, synchronization deals with upper layer
errors.
For example, in a file transfer, the transport layer might deliver data correctly, but the application
layer might be unable to write the file because the file system is full. Users can split the data stream
into pages, inserting synchronization points between each page. When an error occurs, the receiver
can resynchronize the state of the session to a previous synchronization point. This requires that the
sender hold data as long as may be needed.
Synchronization refers to one of two distinct but related concepts: synchronization of processes,
and synchronization of data.
SDM
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, Process synchronization refers to the idea that multiple processes are to join up or handshake at a
certain point, so as to reach an agreement or commit to a certain sequence of action.
Data synchronization refers to the idea of keeping multiple copies of a dataset in coherence with
one another, or to maintain data.
In computer networking, synchronization is achieved through the use of sequence numbers.
Activity Management
With the preceding services, the application can start and stop conversations and alternate speakers.
It is also necessary to identify where data starts and ends as it flows between the nodes participating
in a conversation.
For example, for a file transfer application, if several files are being transferred, the receiving node
must be told somehow where one file ends and the next starts.
Delimiters could be inserted into the data stream by the sender, but then the recipient has to scan
the stream for them, which requires computing cycles. Data that look like delimiters can also cause
problems.
Activity management solves these problems. It divides the data stream into activities. For the file
transfer example, each file becomes an activity. The Session Layer inserts control information to
mark activities in the header and signals the start and end of activities to the application.
Session layer allows the user to delimit data into logical units called activities. Each activity is
independent of activities that come before and after it, and an activity can be processed on its own.
For example, a bank transaction may consist of locking a record, updating a value, and then
unlocking the record. If an application processed the first operation, but never received the
remaining operations (due to client or network failures), the record would remain locked forever.
Activity management addresses this problem.
Exception
Handling It is a general purpose mechanism for reporting errors.
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, Adware
Spyware
(Fox explanations, refer 2 marks questions)
Types of Ciphers
Ciphers can be classified in to two categories: stream ciphers or block ciphers.
SDM
ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER, SDM COLLEGE, MANGALORE – 03 ARUN F. SEQUEIRA, LECTURER,
Stream Ciphers
Stream cipher algorithms process plaintext and produces a stream of ciphertext. The cipher inputs
the plaintext in a stream and outputs a stream of ciphertext. Figure illustrates the concept of the
stream cipher’s function. Depending on the cipher, the data may consist of a stream of bits or a
stream of bytes.
With stream ciphers, patterns in the plaintext can be reflected in the ciphertext.
As an example, consider the plaintext
“We will discuss one to one” into ciphertext to compare the two patterns:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Plaintext: We will discuss one to one
Ciphertext: Q5 QCFF 4CM3OMM IH5 NI IH5
Another problem with stream ciphers is that they can be easily affected to a substitution attack even
without breaking the code. This is a type of replay attack where someone can simply copy a section
of an old message and insert it into a new message. We don’t need to break the code to insert the
old section into a new message.
Examples of stream ciphers are:
• Vernam cipher
• Rivest cipher #4 (RC4)
• One-time pads
Block Ciphers
Block ciphers differ from stream ciphers in that they encrypt and decrypt information in fixed size
blocks instead of each bit or byte individually. A block cipher processes a block of plaintext through
its algorithm to generate a block of ciphertext. Ideally, a block cipher should generate ciphertext
roughly equivalent in size (in terms of number of blocks) to the plaintext. Block ciphers encrypt an
entire block of plaintext bits at a time with the same key. This means that the encryption of any
plaintext bit in a given block depends on every other plaintext bit in the same block. Typically,
blocks consist of 64 bits (8 bytes) or 128 bits (16 bytes) of data (depends on cipher algorithm). Also,
note that the same plaintext block always encrypts to the same ciphertext block.
A cipher that generates a block of ciphertext that is significantly larger than the information it is
trying to protect is of little practical value. Think about it in terms of network bandwidth: If the
ciphertext block was twice the size of the plaintext, the net effect is that your bandwidth would be
cut in half. This would also have an impact on files stored in an encrypted format. An unencrypted
file 5 MB in size would be 10 MB in size when encrypted.
Examples of block ciphers are:
• Data Encryption Standard (DES)
• International Data Encryption Algorithm (IDEA)
*-*-*-*-*-*-*-*-*
SDM