P18MECA021 NETWORK SECURITY

UNIT I : INTRODUCTION
Attacks - Services - Mechanisms - Conventional Encryption - Classical and Modern Techniques
– Encryption Algorithms - Confidentiality.

UNIT II : PUBLIC KEY ENCRYPTION

RSA - Elliptic Curve Cryptography - Number Theory Concepts

UNIT III : MESSAGE AUTHENTICATION

Hash Functions - Digest Functions - Digital Signatures - Authentication Protocols

UNIT IV : NETWORK SECURITY PRACTICE

Authentication, Applications - Electronic Mail Security - IP Security - Web Security.

UNIT V : SYSTEM SECURITY

Intruders – Viruses – Worms – Firewalls Design Principles – Trusted Systems.

TEXT BOOK:
1. Stallings, Cryptography & Network Security - Principles & Practice, Prentice Hall, 3rd
Edition 2002.

REFERENCE BOOKS:
1. Bruce, Schneier, Applied Cryptography, 2nd Edition, Toha Wiley & Sons, 1996.

2. Man Young Rhee, “Internet Security”, Wiley, 2003.

3. Pfleeger & Pfleeger, “Security in Computing”, Pearson Education, 3rd Edition, 2003

1
 NETWORK SECURITY

PART-A

ANSWER ALL THE QUESTIONS

1.What is Network Security?

Network security is the protection of the underlying networking infrastructure from

unauthorized access, misuse, or theft.

It involves using both software and hardware technologies to create a secure environment for
devices, applications, users, and data.

Network security may also include network segmentation, which divides the network into
regions using firewalls as borders

2. Define Attack.

Network attacks are unauthorized actions on the digital assets within an organizational network.
Malicious parties usually execute network attacks to alter, destroy, or steal private data.
Perpetrators in network attacks tend to target network perimeters to gain access to internal
systems.

3.What is Encryption?

Encryption is a form of data security in which information is converted to ciphertext. Only

authorized people who have the key can decipher the code and access the original plaintext
information. In even simpler terms, encryption is a way to render data unreadable to an
unauthorized party.

4.Define Cryptography

Cryptography is the process of hiding or coding information so that only the person a message
was intended for can read it. The art of cryptography has been used to code messages for
thousands of years and continues to be used in bank cards, computer passwords, and ecommerce.

2
5.Define Hash Function.

Hash functions are used in conjunction with hash tables to store and retrieve data items or data
records. The hash function translates the key associated with each datum or record into a hash
code, which is used to index the hash table.

6.Define Digital Signature

A digital signature is a cryptographic output used to verify the authenticity of data. A digital
signature algorithm allows for two distinct operations: a signing operation, which uses a signing
key to produce a signature over raw data.

7.What is Authentication?

Authentication is used by a client when the client needs to know that the server is system it
claims to be. In authentication, the user or computer has to prove its identity to the server or
client. Usually, authentication by a server entails the use of a user name and password.

8.Define Web Security.

Web security refers to protecting networks, servers, and computer systems from damage to or the
theft of software, hardware, or data. It includes protecting computer systems from misdirecting
or disrupting the services they are designed to provide.

9.Define Worm

A worm is a type of malware or malicious software that can replicate rapidly and spread across
devices within a network. As it spreads, a worm consumes bandwidth, overloading infected
systems and making them unreliable or unavailable. Worms can also change and delete files or
introduce other malware.

10.What is Firewall

A firewall is a network security device that monitors incoming and outgoing network traffic and
decides whether to allow or block specific traffic based on a defined set of security rules.
Firewalls have been a first line of defense in network security for over 25 years.

3
 PART-B

ANSWER ALL THE QUESTIONS

11.What is Network Security Services?

Network security can provide the following services related to a message and entity.

1. Message confidentiality

• It means that the content of a message when transmitted across a network must remain
confidential, i.e. only the intended receiver and no one else should be able to read the message.

The users; therefore, want to encrypt the message they send so that an eavesdropper on the
network will not be able to read the contents of the message.

2. Message Integrity

• It means the data must reach the destination without any adulteration i.e. exactly as it was sent.

• There must be no changes during transmission, neither accidentally nor maliciously.

• Integrity of a message is ensured by attaching a checksum to the message.

The algorithm for generating the checksum ensures that an intruder cannot alter the checksum
or the message.

4
3. Message Authentication

• In message authentication the receiver needs to be .sure of the sender’s identity i.e. the
receiver has to make sure that the actual sender is the same as claimed to be.

• There are different methods to check the genuineness of the sender :

1. The two parties share a common secret code word. A party is required to show the secret
code word to the other for authentication.

2. Authentication can be done by sending digital signature.

3. A trusted third party verifies the authenticity. One such way is to use digital certificates
issued by a recognized certification authority.

4. Message non-reproduction

• Non-repudiation means that a sender must not be able to deny sending a message that it
actually sent.

• The burden of proof falls on the receiver.

• Non-reproduction is not only in respect of the ownership of the message; the receiver must
prove that the contents of the message are also the same as the sender sent.

• Non-repudiation is achieved by authentication and integrity mechanisms.

5. Entity Authentication

• In entity authentication (or user identification) the entity or user is verified prior to access to
the system resources.

5
12. Write about Conventional Encryption

Conventional encryption is a cryptographic system that uses the same key used by the sender
to encrypt the message and by the receiver to decrypt the message. It was the only type of
encryption in use prior to the development of public-key encryption.
It is still much preferred of the two types of encryption systems due to its simplicity. It is a
relatively fast process since it uses a single key for both encryption and decryption In this
encryption model, the sender encrypts plaintext using the receiver’s secret key, which can be
later used by the receiver to decrypt the ciphertext. Below is a figure that illustrates this
concept.

Suppose A wants to send a message to B, that message is called plaintext. Now, to avoid
hackers reading plaintext, the plaintext is encrypted using an algorithm and a secret key (at 1).
This encrypted plaintext is called ciphertext. Using the same secret key and encryption
algorithm run in reverse(at 2), B can get plaintext of A, and thus the message is read and
security is maintained.

The idea that uses in this technique is very old and that’s why this model is called conventional
encryption.

Conventional encryption has mainly 5 ingredients :

Plain text

6
 It is the original data that is given to the algorithm as an input.

Encryption algorithm
This encryption algorithm performs various transformations on plain text to convert
it into ciphertext.

Secret key –
The secret key is also an input to the algorithm. The encryption algorithm will
produce different outputs based on the keys used at that time.

Ciphertext –
It contains encrypted information because it contains a form of original plaintext
that is unreadable by a human or computer without proper cipher to decrypt it. It is
output from the algorithm.

Decryption algorithm
This is used to run encryption algorithms in reverse. Ciphertext and Secret key is
input here and it produces plain text as output.

Requirements for secure use of conventional encryption :

1. We need a strong encryption algorithm.
2. The sender and Receiver must have obtained copies of the secret key in a secure
fashion and must keep the key secure.
Advantages of Conventional Encryption :
1. Simple –
This type of encryption is easy to carry out.

2. Uses fewer computer resources –

Conventional encryption does not require a lot of computer resources when
compared to public-key encryption.

7
 3. Fast –
Conventional encryption is much faster than asymmetric key encryption.
Disadvantages of Conventional Encryption Model:
1. Origin and authenticity of the message cannot be guaranteed, since both sender and
receiver use the same key, messages cannot be verified to have come from a
particular user.
2. It isn’t much secured when compared to public-key encryption.
3. If the receiver lost the key, he/she cant decrypt the message and thus making the
whole process useless.
4. This scheme does not scale well to a large number of users because both the sender
and the receiver have to agree on a secret key before transmission.

13.Explain about Elliptic Curve Cryptography

Elliptic Curve Cryptography (ECC) is a key-based technique for encrypting data. ECC
focuses on pairs of public and private keys for decryption and encryption of web traffic.

ECC is frequently discussed in the context of the Rivest–Shamir–Adleman (RSA) cryptographic

algorithm. RSA achieves one-way encryption of things like emails, data, and software using
prime factorization.

8
ECC, an alternative technique to RSA, is a powerful cryptography approach. It generates security
between key pairs for public key encryption by using the mathematics of elliptic curves.

RSA does something similar with prime numbers instead of elliptic curves, but ECC has
gradually been growing in popularity recently due to its smaller key size and ability to maintain
security. This trend will probably continue as the demand on devices to remain secure increases
due to the size of keys growing, drawing on scarce mobile resources. This is why it is so
important to understand elliptic curve cryptography in context.

In contrast to RSA, ECC bases its approach to public key cryptographic systems on how elliptic
curves are structured algebraically over finite fields. Therefore, ECC creates keys that are more
difficult, mathematically, to crack. For this reason, ECC is considered to be the next generation
implementation of public key cryptography and more secure than RSA.

It also makes sense to adopt ECC to maintain high levels of both performance and security.
That’s because ECC is increasingly in wider use as websites strive for greater online security in
customer data and greater mobile optimization, simultaneously. More sites using ECC to secure
data means a greater need for this kind of quick guide to elliptic curve cryptography.

An elliptic curve for current ECC purposes is a plane curve over a finite field which is made up
of the points satisfying the equation:
y²=x³ + ax + b.

In this elliptic curve cryptography example, any point on the curve can be mirrored over the x-
axis and the curve will stay the same. Any non-vertical line will intersect the curve in three
places or fewer.

Elliptic Curve Cryptography vs RSA

The difference in size to security yield between RSA and ECC encryption keys is notable. The
table below shows the sizes of keys needed to provide the same level of security. In other words,
an elliptic curve cryptography key of 384 bit achieves the same level of security as an RSA of
7680 bit.

9
RSA Key Length (bit)
1024
2048
3072
7680
15360

ECC Key Length (bit)

160
224
256
384
521

There is no linear relationship between the sizes of ECC keys and RSA keys. That is, an RSA
key size that is twice as big does not translate into an ECC key size that’s doubled. This
compelling difference shows that ECC key generation and signing are substantially quicker than
for RSA, and also that ECC uses less memory than does RSA.

Also, unlike in RSA, where both are integers, in ECC the private and public keys are not equally
exchangeable. Instead, in ECC the public key is a point on the curve, while the private key is still
an integer.

A quick comparison of the advantages and disadvantages of ECC and RSA algorithms looks like
this:

ECC features smaller ciphertexts, keys, and signatures, and faster generation of keys and
signatures. Its decryption and encryption speeds are moderately fast. ECC enables lower latency
than inverse throughout by computing signatures in two stages. ECC features strong protocols
for authenticated key exchange and support for the tech is strong.

10
The main disadvantage of ECC is that it isn’t easy to securely implement. Compared to RSA,
which is much simpler on both the verification and encryption sides, ECC is a steeper learning
curve and a bit slower for accumulating actionable results.

However, the disadvantages of RSA catch up with you soon. Key generation is slow with RSA,
and so is decryption and signing, which aren’t always that easy to implement securely.

Advantages of Elliptic Curve Cryptography

Public-key cryptography works using algorithms that are easy to process in one direction and
difficult to process in the reverse direction. For example, RSA relies on the fact that multiplying
prime numbers to get a larger number is easy, while factoring huge numbers back to the original
primes is much more difficult.

However, to remain secure, RSA needs keys that are 2048 bits or longer. This makes the process
slow, and it also means that key size is important.

Size is a serious advantage of elliptic curve cryptography, because it translates into more power
for smaller, mobile devices. It’s far simpler and requires less energy to factor than it is to solve
for an elliptic curve discrete logarithm, so for two keys of the same size, RSA’s factoring
encryption is more vulnerable.

Using ECC, you can achieve the same security level using smaller keys. In a world where mobile
devices must do more and more cryptography with less computational power, ECC offers high
security with faster, shorter keys compared to RSA.

How Secure is Elliptic Curve Cryptography?

There are several potential vulnerabilities to elliptic curve cryptography, including side-channel
attacks and twist-security attacks. Both types aim to invalidate the ECC’s security for private
keys.

11
Side-channel attacks including differential power attacks, fault analysis, simple power attacks,
and simple timing attacks, typically result in information leaks. Simple countermeasures exist for
all types of side-channel attacks.

An additional type of elliptic curve attack is the twist-security attack or fault attack. Such attacks
may include invalid-curve attacks and small-subgroup attacks, and they may result in the private
key of the victim leaking out. Twist-security attacks are typically simply mitigated with careful
parameter validation and curve choices.

Although there are certain ways to attack ECC, the advantages of elliptic curve cryptography for
wireless security mean it remains a more secure option.

What Is an Elliptic Curve Digital Signature?

An Elliptic Curve Digital Signature Algorithm (ECDSA) uses ECC keys to ensure each user is
unique and every transaction is secure. Although this kind of digital signing algorithm (DSA)
offers a functionally indistinguishable outcome as other DSAs, it uses the smaller keys you’d
expect from ECC and therefore is more efficient.

What is Elliptic Curve Cryptography Used For?

ECC is among the most commonly used implementation techniques for digital signatures in
cryptocurrencies. Both Bitcoin and Ethereum apply the Elliptic Curve Digital Signature
Algorithm (ECDSA) specifically in signing transactions. However, ECC is not used only in
cryptocurrencies. It is a standard for encryption that will be used by most web applications going
forward due to its shorter key length and efficiency.

What is Elliptic Curve Cryptography Used For?

The VMware NSX Advanced Load Balancer’s software load balancer offers an elegant ECC
solution. The VMware NSX Advanced Load Balancer fully supports termination of SSL– and
TLS-encrypted HTTPS traffic. The VMware NSX Advanced Load Balancer’s support for
SSL/TLS has included support for both RSA and ECC keys without the need for any proprietary

12
hardware. See documentation for Elliptic Curve versus RSA Certificate Priority within the
VMware NSX Advanced Load Balancer.

14. Write about Public Key Encryption

When the two parties communicate to each other to transfer the intelligible or sensible message,
referred to as plaintext, is converted into apparently random nonsense for security purpose
referred to as ciphertext.
Encryption:
The process of changing the plaintext into the ciphertext is referred to as encryption.
The encryption process consists of an algorithm and a key. The key is a value independent of the
plaintext.

The security of conventional encryption depends on the major two factors:

1. The Encryption algorithm
2. Secrecy of the key
Once the ciphertext is produced, it may be transmitted. The Encryption algorithm will produce a
different output depending on the specific key being used at the time. Changing the key changes
the output of the algorithm.
Once the ciphertext is produced, it may be transmitted. Upon reception, the ciphertext can be
transformed back to the original plaintext by using a decryption algorithm and the same key that
was used for encryption.

Decryption:
The process of changing the ciphertext to the plaintext that process is known as decryption.
Public Key Encryption : Asymmetric is a form of Cryptosystem in which encryption and
decryption are performed using different keys-Public key (known to everyone) and Private key
(Secret key). This is known as Public Key Encryption.
Difference between Encryption and Public-key Encryption:

13
 basis Encryption Public-Key Encryption

 One algorithm is used for

encryption and a related
 Same algorithm with the
algorithm decryption with
same key is used for
pair of keys, one for
Required encryption and decryption.
encryption and other for
for Work:  The sender and receiver
decryption.
must share the algorithm
 Receiver and Sender must
and key.
each have one of the matched
pair of keys (not identical) .

 One of the two keys must be

 Key must be kept secret.
kept secret.
 If the key is secret, it is
 If one of the key is kept
very impossible to decipher
secret, it is very impossible
Required message.
to decipher message.
for  Knowledge of the
 Knowledge of the algorithm
Security: algorithm plus samples of
plus one of the keys plus
ciphertext must be
samples of ciphertext must
impractical to
be impractical to determine
determine the key.
the other key.

Characteristics of Public Encryption key:

 Public key Encryption is important because it is infeasible to determine the
decryption key given only the knowledge of the cryptographic algorithm and
encryption key.
 Either of the two keys (Public and Private key) can be used for encryption with other
key used for decryption.

14
  Due to Public key cryptosystem, public keys can be freely shared, allowing users an
easy and convenient method for encrypting content and verifying digital signatures,
and private keys can be kept secret, ensuring only the owners of the private keys can
decrypt content and create digital signatures.
 The most widely used public-key cryptosystem is RSA (Rivest–Shamir–Adleman).
The difficulty of finding the prime factors of a composite number is the backbone of
RSA.
Example:
Public keys of every user are present in the Public key Register. If B wants to send a confidential
message to C, then B encrypt the message using C Public key. When C receives the message
from B then C can decrypt it using its own Private key. No other recipient other than C can
decrypt the message because only C know C’s private key.

Components of Public Key Encryption:

 Plain Text:
This is the message which is readable or understandable. This message is given to the
Encryption algorithm as an input.
 Cipher Text:
The cipher text is produced as an output of Encryption algorithm. We cannot simply
understand this message.
 Encryption Algorithm:
The encryption algorithm is used to convert plain text into cipher text.

15
  Decryption Algorithm:
It accepts the cipher text as input and the matching key (Private Key or Public key)
and produces the original plain text
 Public and Private Key:
One key either Private key (Secret key) or Public Key (known to everyone) is used
for encryption and other is used for decryption

Weakness of the Public Key Encryption:

 Public key Encryption is vulnerable to Brute-force attack.
 This algorithm also fails when the user lost his private key, then the Public key
Encryption becomes the most vulnerable algorithm.
 Public Key Encryption also is weak towards man in the middle attack. In this attack a
third party can disrupt the public key communication and then modify the public
keys.
 If user private key used for certificate creation higher in the PKI(Public Key
Infrastructure) server hierarchy is compromised, or accidentally disclosed, then a
“man-in-the-middle attack” is also possible, making any subordinate certificate
wholly insecure. This is also the weakness of public key Encryption.

Applications of the Public Key Encryption:

 Encryption/Decryption:
Confidentiality can be achieved using Public Key Encryption. In this the Plain text is
encrypted using receiver public key. This will ensure that no one other than receiver
private key can decrypt the cipher text.
 Digital signature:
Digital signature is for senders authentication purpose. In this sender encrypt the plain
text using his own private key. This step will make sure the authentication of the
sender because receiver can decrypt the cipher text using senders public key only.
 Key exchange:
This algorithm can use in both Key-management and securely transmission of data.

16
15. What is Digital Signatures?

Signature is the proof to the receiver that the document comes from the correct entity. The
person who signs it takes the responsibility of the content present in the document.

• A signature on a document, when verified, is a sign of authentication; the document is

authentic.

• In the networked world, there is a similar need for digital signatures.

Authenticating messages using digital signatures requires the following conditions to be met:

1. The receiver should be able to verify the claimed identity of the sender. For example, an
imposter may advise a bank to transfer money from the account of another person. The bank
should be able to verify the identity of the user before acting on the advice.

2. The sender should not be able to repudiate the contents of the message it sent at a later date.
For example, a person having sent advice to transfer money from his account should not be able
at later date to repudiate the content of the message sent by him. The bank should be able to
prove that he and only he sent the advice and that the contents of message are unaltered.

3. The receiver should not be able to alter the message or concoct the message himself on behalf
of the sender. This requirement is important to protect the interests of the sender.

Some important features of digital signatures are:

1. When a document is signed digitally, signature is sent as a separate document. The receiver
receives both documents i.e. the message and the signature and verifies that the signature
belongs to the supposed sender.

2. In order to verify the digital signature, the receiver applies the verification technique to the
combination of the message and the signature.

17
3. In digital signature, there is one to one relationship between a signature and a message. Each
message has its own signature. The signature of one message cannot be used for another
message.

Keys in digital signature

• The sender signs the document using his private key by applying it to a signing algorithm.

• The verifier uses the public key of the signer, applied to the verifying algorithm to verify the
document.

Digital signature using Private Key

• Public and private keys possess the property that allows mutual reversal of their roles, i.e. d,
the decryption key can be used for encryption and e, the encryption key can be used for
decryption. This property can be used for generating messages with digital signature.

• Suppose A encrypts a message using its private key QA and sends it to B.

Since the message has been encrypted using A’s private key it bears A’s signature on it. B
already knows A’s public key PA and decrypts the message received from A.

• The received encrypted message is decrypted using A’s public key. So the message is from A.

• B keeps a copy of the encrypted message so that A cannot refuse sending it.

• B cannot alter the encrypted message or on its own concoct the encrypted message without
A’s private key.

• The weakness of this mechanism is that any intruder knowing A’s public key can intercept the
message.

• Confidentiality is maintained by second encryption using B’s public key.

18
A encrypts the message to B using its private key first and then using B’s public key.

• B encrypts the received message using its private key and then using A’s public key.

Digital Signature using Private Key and Message Digest

• This method applies private key digital signature to the digest of the message rather than
message itself.

• The basic mechanism used is:

1. This message digest, which is much shorter in length than the message, is encrypted using
private key of the sender (A).

2. Message digest and the message are sent to other end (B). B computes message digest of the
received message part. The encrypted message digest part is decrypted using A’s public key.
The received message digest and the computed message digest are compared to ensure they are
same.

3. All the requirements of digital signature are met:

(i) The message digest bears A’s signature. Therefore, A cannot repudiate his signature and the
contents of the message digest.

(ii) B cannot alter the content of the message because it cannot generate the message digest
bearing A’s signature.

16.Write the Types of Authentication Protocols

User authentication is the first most priority while responding to the request made by the user
to the software application. There are several mechanisms made which are required to
authenticate the access while providing access to the data. In this blog, we will explore the
most common authentication protocols and will try to explore their merits and demerits.

19
1. Kerberos :
Kerberos is a protocol that aids in network authentication. This is used for validating
clients/servers during a network employing a cryptographic key. It is designed for executing
strong authentication while reporting to applications. The overall implementation of the
Kerberos protocol is openly available by MIT and is used in many mass-produced products.

Some advantages of Kerberos :

 It supports various operating systems.
 The authentication key is shared much efficiently than public sharing.
Some disadvantages of Kerberos :
 It is used only to authenticate clients and services used by them.
 It shows vulnerability to soft or weak passwords.
2. Lightweight Directory Access Protocol (LDAP) :
LDAP refers to Lightweight Directory Access Protocol. It is a protocol that is used for
determining any individuals, organizations, and other devices during a network regardless of
being on public or corporate internet. It is practiced as Directories-as-a-Service and is the
grounds for Microsoft building Activity Directory.

20
Some advantages of LDAP :
 It is an automated protocol which makes it modernizing easier.
 It supports existing technologies and allows multiple directories.
Some disadvantages of LDAP :
 It requires the experience of deployment.
 The directory servers are required to be LDAP obedient for deployment.
3. OAuth2 :
OAuth as the name suggests it is an authorization framework that promotes granting limited
access to the user on its account through an HTTP service. When a user requests access to
resources an API call is made and after the authentication token is passed.

21
Some advantages of OAuth2 :
 It is a simple protocol and is easy to implement.
 It provides server-side authorization of code.
Some disadvantages of OAuth2 :
 It is vulnerable to manage different sets of code.
 It shows serious effects on sites connected to another affected system.
4. SAML :
SAML stands for Security Assertion Markup Language which is based on XML-based
authentication data format which provides the authorization between an identity provider and
service provider. It serves as a product of the OASIS Security Services Technical Committee.

22
Some advantages of SAML :
 It reduced the administrative costs for the end-users.
 It provides a single sign-in for authenticating across service providers.
Some disadvantages of SAML :
 It is dependent on the identity provider.
 All the data is managed in a single XML format.
5. RADIUS :
RADIUS stands for Remote Authentication Dial-In User Service. It is a network protocol that
provides sufficient centralized Authentication, Accounting, and Authorization for the users t hat
use and network services. The functioning of the protocol occurs when the user requests
access to network resources, where the RADIUS server encrypts the credentials which are
entered by the user. After this, the user credentials are mapped through the local database and
provide access.

23
Some advantages of RADIUS :
 It is a great mechanism for providing multiple access for Admins.
 It provides a unique identity to each user in a session.
Some disadvantages of RADIUS :
 Initial implementation for this mechanism is hard on hardware.
 It has a variety of models that may require a special team which is cost consuming.

17.Write about Authentication method used for network security

Network authentication is the process of vetting users that request secure access to networks,
systems, or devices. This process determines user identity and can be found from username and
password credentials and other technologies like authentication apps or biometrics.

User authentication is extremely important, as it maintains the security of sensitive

information and protects it from unauthorized users. Cybercriminals are becoming more apt to
gain access and steal information when user authentication measures are not in place. The
Equifax data breach in 2017 resulted in 147 million consumers with exposed credit card

24
credentials because their network did not have a secure authentication process. Meaning, without
a secure authentication process, any business, no matter how large, is at risk.

6 Common network authentication methods

Here are the most common network authentication methods that your company can integrate to
prevent future breaches:

1. Password-based authentication

Passwords are the most common network authentication method. And for obvious reasons, they
are the easiest to implement. Passwords can be any combination of letters, numbers, and special
characters, and work best when they are complex and tricky to guess. However, passwords are
also very easy targets for cybercriminals and are often compromised as a result of phishing
attacks and bad password hygiene.

2. Two-factor authentication

Two-factor authentication (2FA) provides an additional layer of security on top of password

protection. It requires an additional login credential, on top of a username and password. For
example, when logging into a banking portal, users may have to provide a password and follow
by entering a 6-digit code that’s been sent to their phone. This makes it more difficult for hackers
to successfully access the account.

3. Multi-factor authentication

Multi-Factor Authentication (MFA) is a network authentication method that is similar to a 2FA

but requires two or more ways to identify a user. This can be anything from text messages that
send security codes to your mobile device, facial recognition, fingerprints, or even voice
biometrics. MFA authentication significantly improves security and user confidence by adding
additional layers of security.

25
4. CAPTCHAs

The term is an acronym for “completely automated public Turing test to tell computers and
humans apart”, and is used to identify if a user is a human or a malicious bot. CAPTCHAs are
designed to prevent sophisticated automated programs from breaking into secure systems by
displaying a distorted image of numbers and letters and asking users to type out the message they
see. Computers have a hard time understanding these distortions, and without the ability to
successfully decipher images will be unable to access the network.

5. Biometrics authentication

Biometrics is a computer authentication method that relies on the individual biological

characteristics of a single person. It is often used by consumers, governments, and private
corporations (airports, national borders, etc.) for security and identification purposes. Since no
two users have the same physical features (unless you are identical twins, perhaps), biometric
authentication is extremely secure and is becoming increasingly popular as it archives a high
level of security without infringing on the user. Here are the most common biometric
authentication methods:

FACIAL RECOGNITION

If you have one of the latest iPhones, then you are familiar with this biometric feature. Facial
recognition matches different facial features of a user attempting to gain access to an approved
facial record stored within the database. For example, if your friend is not within the facial
recognition database of your iPhone, they will not be able to unlock your phone. While facial
recognition is a progressive authentication method, it can be inconsistent when comparing faces
at different angles or comparing the faces of close relatives, which may confuse the
authentication algorithm.

FINGERPRINT SCANNERS

Fingerprint scanners match the specific patterns of an individual’s fingerprint to approve and
grant user access. Fingerprint scanners are the oldest and most popular type of biometric
authentication.

26
SPEAKER RECOGNITION

Speaker recognition, or voice biometrics, examines the speech patterns of a speaker to determine
the formation of shapes and sound qualities. A device protected by voice recognition relies on
standardized words to identify a user.

18.Write about web security consideration

Web Security is very important nowadays. Websites are always prone to security threats/risks.
Web Security deals with the security of data over the internet/network or web or while it is
being transferred to the internet. For e.g. when you are transferring data between client and
server and you have to protect that data that security of data is your web security.

Hacking a Website may result in the theft of Important Customer Data, it may be the credit
card information or the login details of a customer or it can be the destruction of one’s business
and propagation of illegal content to the users while somebody hacks your website they can
either steal the important information of the customers or they can even propagate the illegal
content to your users through your website so, therefore, security considerations are needed in
the context of web security.

Security Threats:

A Threat is nothing but a possible event that can damage and harm an information system.
Security Threat is defined as a risk that which, can potentially harm Computer systems &
organizations. Whenever an Individual or an Organization creates a website, they are
vulnerable to security attacks.

Security attacks are mainly aimed at stealing altering or destroying a piece of personal and
confidential information, stealing the hard drive space, and illegally accessing passwords. So
whenever the website you created is vulnerable to security attacks then the attacks are going to
steal your data alter your data destroy your personal information see your confidential
information and also it accessing your password.

27
Top Web Security Threats :

Web security threats are constantly emerging and evolving, but many threats consistently
appear at the top of the list of web security threats. These include:

 Cross-site scripting (XSS)

 SQL Injection
 Phishing
 Ransomware
 Code Injection
 Viruses and worms
 Spyware
 Denial of Service

Security Consideration:

 Updated Software: You need to always update your software. Hackers may be
aware of vulnerabilities in certain software, which are sometimes caused by bugs
and can be used to damage your computer system and steal personal data. Older
versions of software can become a gateway for hackers to enter your network.
Software makers soon become aware of these vulnerabilities and will fix vulnerable
or exposed areas. That’s why It is mandatory to keep your software updated, It plays
an important role in keeping your personal data secure.
 Beware of SQL Injection: SQL Injection is an attempt to manipulate your data or
your database by inserting a rough code into your query. For e.g. somebody can
send a query to your website and this query can be a rough code while it gets
executed it can be used to manipulate your database such as change tables, modify
or delete data or it can retrieve important information also so, one should be aware
of the SQL injection attack.
 Cross-Site Scripting (XSS): XSS allows the attackers to insert client-side script
into web pages. E.g. Submission of forms. It is a term used to describe a class of
attacks that allow an attacker to inject client-side scripts into other users’ browsers

28
 through a website. As the injected code enters the browser from the site, the code is
reliable and can do things like sending the user’s site authorization cookie to the
attacker.
 Error Messages: You need to be very careful about error messages which are
generated to give the information to the users while users access the website and
some error messages are generated due to one or another reason and you should be
very careful while providing the information to the users. For e.g. login attempt – If
the user fails to login the error message should not let the user know which field is
incorrect: Username or Password.
 Data Validation: Data validation is the proper testing of any input supplied by the
user or application. It prevents improperly created data from entering the
information system. Validation of data should be performed on both server-side and
client-side. If we perform data validation on both sides that will give us the
authentication. Data validation should occur when data is received from an outside
party, especially if the data is from untrusted sources.
 Password: Password provides the first line of defense against unauthorized access
to your device and personal information. It is necessary to use a strong password.
Hackers in many cases use sophisticated software that uses brute force to crack
passwords. Passwords must be complex to protect against brute force. It is good to
enforce password requirements such as a minimum of eight characters long must
including uppercase letters, lowercase letters, special characters, and numerals.

19.Write about Viruses in detail

A virus is a fragment of code embedded in a legitimate program. Viruses are self-replicating
and are designed to infect other programs. They can wreak havoc in a system by modifying or
destroying files causing system crashes and program malfunctions. On reaching the target
machine a virus dropper(usually a trojan horse) inserts the virus into the system.
For more details, refer to this.
Various types of viruses:
File Virus:

29
This type of virus infects the system by appending itself to the end of a file. It changes the start
of a program so that the control jumps to its code. After the execution of its code, the control
returns back to the main program. Its execution is not even noticed. It is also called a Parasitic
virus because it leaves no file intact but also leaves the host functional.

Boot sector Virus:

It infects the boot sector of the system, executing every time system is booted and before the
operating system is loaded. It infects other bootable media like floppy disks. These are also
known as memory viruses as they do not infect the file systems.

Macro Virus:
Unlike most viruses which are written in a low-level language(like C or assembly language),
these are written in a high-level language like Visual Basic. These viruses are triggered
when a program capable of executing a macro is run. For example, the macro viruses can be
contained in spreadsheet files.

Source code Virus:

It looks for source code and modifies it to include virus and to help spread it.

30
Polymorphic Virus:
A virus signature is a pattern that can identify a virus(a series of bytes that make up virus
code). So in order to avoid detection by antivirus a polymorphic virus changes each time it is
installed. The functionality of the virus remains the same but its signature is changed.

Encrypted Virus:
In order to avoid detection by antivirus, this type of virus exists in encrypted form. It carries a
decryption algorithm along with it. So the virus first decrypts and then executes.

Stealth Virus:
It is a very tricky virus as it changes the code that can be used to detect it. Hence, the detection
of viruses becomes very difficult. For example, it can change the read system call such that
whenever the user asks to read a code modified by a virus, the original form of code is shown
rather than infected code.

Tunneling Virus:
This virus attempts to bypass detection by antivirus scanner by installing itself in the interrupt
handler chain. Interception programs, which remain in the background of an operating system
and catch viruses, become disabled during the course of a tunneling virus. Similar viruses
install themselves in device drivers.

Multipartite Virus:
This type of virus is able to infect multiple parts of a system including the boot sector,
memory, and files. This makes it difficult to detect and contain.

Armored Virus:
An armored virus is coded to make it difficult for antivirus to unravel and understand. It uses a
variety of techniques to do so like fooling antivirus to believe that it lies somewhere else than

31
its real location or using compression to complicate its code.

Browser Hijacker:
As the name suggests this virus is coded to target the user ’s browser and can alter the browser
settings. It is also called the browser redirect virus because it redirects your browser to other
malicious sites that can harm your computer system.
Memory Resident Virus:
Resident viruses installation store for your RAM and meddle together along with your device
operations. They behave in a very secret and dishonest way that they can even connect
themselves for the anti-virus software program files.

Direct Action Virus:

The main perspective of this virus is to replicate and take action when it is executed. When a
particular condition is met the virus will get into action and infect files in the directory that
are specified in the AUTOEXEC.BAT file path.

Overwrite virus:
This type of virus deletes the information contained in the file that it infects, rendering them
partially or totally is useless once they have been infected.

Directory Virus:
This virus is also called called File System Virus or Cluster Virus. It infects the directory of the
computer by modifying the path that is indicating the location of a file.

Companion Virus:
This kind of virus usually use the similar file name and create a different extension of it. For
example, if there’s a file “Hello.exe”, the virus will create another file named “Hello.com” and
will hide in the new file

FAT Virus:
The File Allocation Table is the part of the disk used to store all information about the
location of files, available space , unusable space etc.

32
20. What Is a Computer Worm?
Computer Worm
A worm is a harmful software (virus) that repeats itself as it moves from computer to computer,
leaving copies of itself in each computer's memory. A worm finds a computer's vulnerability
and spreads like an illness throughout its associated network, constantly looking for new holes.
Worms, like viruses, are spread by email attachments from seemingly trustworthy senders.
Worms then propagate through a user's email account and address book to contacts.

Some worms reproduce and then go dormant, while others inflict harm. The worm's code is
referred to as payload in such circumstances.

How do they work?

Computer worms make use of network flaws to spread. The worm is hunting for an unobserved
back door into the network. To spread computer worms for the first time, hackers usually send
phishing emails or instant chats with malicious attachments. The worm is disguised by cyber
thieves so that the recipient is willing to run it. For this aim, duplicate file extensions and a data
name that appears harmless or urgent, such as "invoice," are utilized. When the user opens the
attachment or clicks on the link, the malware (computer worm) will be downloaded into their
system or lead to a harmful website.

As a result, the worm enters the user's system without their knowledge. After being terminated,
the worm looks for a way to duplicate itself and infiltrate new computers. For example, the
worm can send an email to all contacts on the infected machine, which contains worm
replication. A payload is a feature that many worms currently have. The term "payload" refers to
the "payload" and, in this example, an attachment that the worm carries. The worm can, for
example, has ransomware, viruses, or other malware, all of which can harm afflicted computers.
In the event of a blackmail assault, these can, for example, remove or encrypt files on the PC.

A computer worm can also create a back door that other malicious programs can use later. This
flaw allows the worm's creator to take control of the infected computer. Meanwhile, malware
33
operations frequently use a combination of several malware types. Take the WannaCry
ransomware or the Petya / Not-Petya ransomware, for example. These include a worm
component, which allows the virus to replicate and spread through back doors in other network
systems.

Because the worm or its programmer can use the infected system's computing capacity, they are
frequently integrated into a botnet. Cyber thieves then employ these, for example, in DDoS
assaults or crypto mining.

What are the types of computer worms?

Malicious computer worms come in a variety of forms −

Email worms
To spread, email worms create and send outbound messages to all addresses in a user's contact
list. When the recipient opens the mail, it contains a malicious executable file that infects the
new system.

Successful email worms typically use social engineering and phishing approaches to persuade
users to open the linked file.

File-sharing worms
File-sharing worms are malicious programs that hide as media files.

Stuxnet, one of the most well-known computer worms of all time, comprises two parts: a worm
that spreads malware via USB devices infected with the host file and malware that targets
supervisory control and data acquisition systems. Industrial contexts, such as power utilities,
water supply services, and sewage plants are frequently targeted by file-sharing worms.

Cryptoworms
Cryptoworms encrypt data on the victim's computer system. This worm can be used in
ransomware attacks, in which the attackers contact the victim and seek payment in exchange for
a key to decrypt their files.

Internet worms
Some computer worms are designed to attack prominent websites that have weak security. They
can infect a computer viewing the website if they can infect the site. Internet worms then

34
propagate to other devices connected to the infected PC via internet and private network
connections.

Worms that spread via instant messaging

Instant messaging worms, like email worms, are disguised as attachments or links, which the
worm uses to spread throughout the infected user's contact list. The only difference is that it
comes as an instant message on a chat site rather than an email.

If the worm hasn't had time to replicate itself on the machine, it may usually be stopped by
resetting the user's chat service account password.

Virus vs. computer worm

Because they behave similarly, some people mistakenly believe that a computer worm and a
computer virus are the same things. They might even call it a "worm computer virus" or "worm
virus malware." The truth is that the two threats are similar yet distinct.

The major distinction between a virus and a worm is that viruses require human action to
activate, whereas worms replicate only in the presence of a host system. In other words, unless
you run a virus, your computer will not be harmed. A virus on a flash drive connected to your
computer, for example, will not harm your system unless you activate it. A worm, as previously
stated, does not require a host system or user input to spread.

What kind of harm may a computer worm do?

A worm may not do any harm at all: in the early days of computing, worms were often
developed as pranks or demonstrations of concept to exploit security flaws. They did little more
than reproducing themselves in the background on afflicted machines. When the worm made too
many copies of itself on a single system and slowed down its activities, it was often the only
way to notice something was wrong. Worms became a means to an end when OS security
increased and building a worm that could breach it became more difficult and time-consuming.

Nowadays, worms almost always incorporate payload code that performs more than the worm's
reproduction and propagation. There are numerous distinct forms of computer worms that cause
various kinds of damage to their victims. Some transform computers into "zombies" or "bots"
that launch DDoS attacks; others search their hosts for banking logins or other sensitive

35
financial information, and still, others encrypt the victim's hard drive and demand a bitcoin
ransom before restoring their data.

The infection vector is another approach to classify different types of worms. Email worms,
instant messaging and IRC worms, file-sharing worms, and internet worms fall under this
category, looking for any opportunity to propagate.

How to prevent worms?

Malicious software can take many forms, including computer worms. Take these measures to
help protect your computer against worms and other internet threats.

 Because software vulnerabilities are a common source of infection for computer

worms, make sure your computer's operating system and programs are up to date.
Because updates frequently include patches for security problems, install them as
soon as they become available.
 Another popular method for hackers to transmit worms is through phishing (and
other types of malware). When opening unwanted emails, be particularly cautious,
especially those from unknown senders that include attachments or questionable
URLs.
 Make sure you have a good internet security software solution to help you block
these dangers. Anti-phishing technologies, as well as defenses against viruses,
spyware, ransomware, and other online threats, should be included in a solid
solution.

PART-C
ANSWER 5 QUESTIONS:-
21. Write about Encryption Algorithm
Data Encryption is a method of preserving data confidentiality by transforming it into
ciphertext, which can only be decoded using a unique decryption key produced at the time of
the encryption or prior to it.
Data encryption converts data into a different form (code) that can only be accessed by people
who have a secret key (formally known as a decryption key) or password. Data that has not
been encrypted is referred to as plaintext, and data that has been encrypted is referred to as
ciphertext. Encryption is one of the most widely used and successful data protection
technologies in today’s corporate world.

36
Encryption is a critical tool for maintaining data integrity, and its importance cannot be
overstated. Almost everything on the internet has been encrypted at some point.

Importance of Data Encryption:

The significance of encryption cannot be overstated in any way. Even though your data is
stored in a standard infrastructure, it is still possible for it to be hacked. There’s always the
chance that data will be compromised, but with data encryption, your information will be much
more secure.
Consider it this way for a moment. If your data is stored in a secure system, encrypting it
before sending it out will keep it safe. Sanctioned systems do not provide the same level of
protection.
So, how do you think this would play out in real life? Consider the case of a user of a
company’s data who has access to sensitive information while at work. The user may put the
information on a portable disc and move it anywhere they choose without any encryption. If
the encryptions are set in place ahead of time, the user can still copy the information, but the
data will be unintelligible when they try to see it someplace else. These are the benefits of data
encryption that demonstrate its genuine value.

Types of Data Encryption:

1. Symmetric Encryption
2. Asymmetric Encryption
Encryption is frequently used in one of two ways i.e. with a symmetric key or with an
asymmetric key.
Symmetric Key Encryption:

Symmetric Encryption

There are a few strategies used in cryptography algorithms. For encryption and decryption
processes, some algorithms employ a unique key. In such operations, the unique key must be
secured since the system or person who knows the key has complete authentication to decode

37
the message for reading. This approach is known as “symmetric encryption” in the field of
network encryption.
Asymmetric Key Encryption:

Asymmetric Encryption

Some cryptography methods employ one key for data encryption and another key for data
decryption. As a result, anyone who has access to such a public communication will be unable
to decode or read it. This type of cryptography, known as “public-key” encryption, is used in
the majority of internet security protocols. The term “asymmetric encryption” is used to
describe this type of encryption.

States of Data Encryption:

Data, whether it’s being transferred between users or stored on a server, is valuable and must
be protected at all times.
Data encryption in transit: Information that is actively traveling from one point to another,
such as via the internet or over a private network, is referred to as data in transit. Data is
deemed less safe when in transit due to the weaknesses of transfer techniques. End-to-end
encryption encrypts data throughout transmission, guaranteeing that it remains private even if
intercepted.
Encryption of data at rest: Data at rest refers to information that is not actively moving from
one device to another or from one network to another, such as information stored on a hard
drive, laptop, flash drive, or archived/stored in another way. Due to device security features
restricting access, data at rest is often less vulnerable than data in transit, but it is still
vulnerable. It also contains more valuable information, making it a more appealing target for
criminals.
Data encryption at rest reduces the risk of data theft caused by lost or stolen devices,
inadvertent password sharing, or accidental permission granting by increasing the time it takes
to access information and providing the time required to discover data loss, ransomware
attacks, remotely erased data, or changed credentials.

38
How the Data Encryption takes place?

Assume a person possesses a box containing a few documents. The individual looks after the
box and secures it with a lock. The individual sends this box of paperwork to his or her pal
after a few days. The key is also kept by a buddy. This signifies that both the sender and the
recipient have the same key. The buddy has now been given permission to open the box and
see the document. The encryption method is the same as we mentioned in the sample.
Encryption is performed on digital communications, though. This technological procedure is
designed to prevent a third party from deciphering the signal’s secret content.
Consumers conduct transactions for goods purchases over the internet. There are millions of
web services that can help various trained employees do their responsibilities. Furthermore, to
utilize these services that demand personal information, most websites require substantial
identification. One of the most common ways, known as “encryption,” is to keep such
information safe and secure.

Encryption Process

The security of networks is intimately related to encryption. Encryption is useful for

concealing data, information, and things that are incomprehensible to a normal human.
Because both encryption and decryption are effective ways of cryptography, which is a
scientific procedure for performing secure communication, the encrypted information may be
transformed back to its original condition following the decryption process. There are a variety
of algorithms for data encryption and decryption. However, “keys” can also be utilized to
obtain high-level data security.

Uses of Data Encryption:

Using digital signatures, Encryption is used to prove the integrity and authenticity of the
information. Digital-rights management and copy protection both require encryption.
Encryption can be used to erase data. But since data recovery tools can sometimes recover
deleted data, if you encrypt the data first and then throw away the key, the only thing anyone
can recover is the ciphertext, not the original data.
Data Migration is used when transferring data over a network to ensure that no one else on the
network can read it.

39
VPNs (Virtual Private Networks) uses encryption, and you should encrypt everything you store
in the cloud. This can encrypt the entire hard drive as well as voice calls.
Given the importance of data security, many organizations, governments, and businesses
require data to be encrypted in order to protect the company or user data. Employees will not
have unauthorized access to user data as a result of this.

Advantages of Data Encryption:

1. Encryption is a low-cost solution.

2. Data encryption keeps information distinct from the security of the device on which
it is stored. Encryption provides security by allowing administrators to store and
send data via insecure channels.
3. Regulatory Fines Can Be Avoided With Encryption
4. Remote Workers Can Benefit from Encryption
5. If the password or key is lost, the user will be unable to open the encrypted file.
Using simpler keys in data encryption, on the other hand, makes the data insecure,
and anybody may access it at any time.
6. Encryption improves the security of our information.
7. Consumer Trust Can Be Boosted by Encryption

Disadvantages of Data Encryption:

1. If the password or key is lost, the user will be unable to open the encrypted file.
Using simpler keys in data encryption, on the other hand, makes the data insecure,
and anybody may access it at any time.
2. Data encryption is a valuable data security approach that necessitates a lot of
resources, such as data processing, time consumption, and the use of numerous
encryption and decryption algorithms. As a result, it is a somewhat costly approach.
3. Data protection solutions might be difficult to utilize when the user layers them for
contemporary systems and applications. This might have a negative influence on the
device’s normal operations.
4. If a company fails to realize any of the restrictions imposed by encryption
techniques, it is possible to set arbitrary expectations and requirements that might
undermine data encryption protection.

Examples of Data Encryption algorithms:

Depending on the use case, there are a variety of data encryption algorithms to choose from,
but the following are the most commonly used:
 DES (Data Encryption Standard) is an old symmetric encryption algorithm that is
no longer considered suitable for modern applications. As a result, DES has been
superseded by other encryption algorithms.
 Triple DES (3DES or TDES): Encrypts, decrypts, and encrypts again to create a
longer key length by running the DES algorithm three times. It may be run with a

40
 single key, two keys, or three separate keys to increase security. 3DES is vulnerable
to attacks such as block collisions since it uses a block cipher.
 RSA is a one-way asymmetric encryption algorithm that was one of the first public-
key algorithms. Because of its long key length, RSA is popular and widely used on
the Internet. It is used by browsers to create secure connections over insecure
networks and is part of many security protocols such as SSH, OpenPGP, S/MIME,
and SSL/TLS.
 Twofish is one of the fastest algorithms, with sizes of 128, 196, and 256 bits and a
complex key structure for added security. It is available for free and is included in
some of the best free software, including VeraCrypt, PeaZip, and KeePass, as well
as the OpenPGP standard.
 Elliptic Curve Cryptography (ECC) was created as an upgrade to RSA and offers
better security with significantly shorter key lengths. In the SSL/TLS protocol, ECC
is an asymmetric method.
 The Advanced Encryption Standard (AES) is the encryption standard used by the
US government. The AES algorithm is a symmetric-key algorithm that employs
block cipher methods. It comes in sizes of 128, 192, and 256 bits, with the number
of rounds of encryption increasing as the size increases. It was designed to be
simple to implement in both hardware and software.

22. Explain RSA Algorithm in detail

RSA Encryption Algorithm

RSA encryption algorithm is a type of public-key encryption algorithm. To better understand

RSA, lets first understand what is public-key encryption algorithm.

Public key encryption algorithm:

Public Key encryption algorithm is also called the Asymmetric algorithm. Asymmetric
algorithms are those algorithms in which sender and receiver use different keys for encryption
and decryption. Each sender is assigned a pair of keys:

o Public key
o Private key

The Public key is used for encryption, and the Private Key is used for decryption. Decryption
cannot be done using a public key. The two keys are linked, but the private key cannot be
derived from the public key. The public key is well known, but the private key is secret and it is

41
known only to the user who owns the key. It means that everybody can send a message to the
user using user's public key. But only the user can decrypt the message using his private key.

The Public key algorithm operates in the following manner:

o The data to be sent is encrypted by sender A using the public key of the intended receiver
o B decrypts the received ciphertext using its private key, which is known only to B. B
replies to A encrypting its message using A's public key.
o A decrypts the received ciphertext using its private key, which is known only to him.

RSA encryption algorithm:

RSA is the most common public-key algorithm, named after its inventors Rivest, Shamir, and
Adelman (RSA).

42
RSA algorithm uses the following procedure to generate public and private keys:

o Select two large prime numbers, p and q.

o Multiply these numbers to find n = p x q, where n is called the modulus for encryption
and decryption.
o Choose a number e less than n, such that n is relatively prime to (p - 1) x (q -1). It means
that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ
(n), e is prime to φ (n),
gcd (e,d(n)) =1
o If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using
public key <e, n>. To find ciphertext from the plain text following formula is used to get
ciphertext C.
C = me mod n
Here, m must be less than n. A larger message (>n) is treated as a concatenation of
messages, each of which is encrypted separately.
o To determine the private key, we use the following formula to calculate the d such that:
De mod {(p - 1) x (q - 1)} = 1
Or
De mod φ (n) = 1
o The private key is <d, n>. A ciphertext message c is decrypted using private key <d, n>.
To calculate plain text m from the ciphertext c following formula is used to get plain text

43
 m.
m = cd mod n

23. Briefly explain about Hash Function

Hash Function is a function that has a huge role in making a System Secure as it converts
normal data given to it as an irregular value of fixed length. We can imagine it to be a Shaker
in our homes.
When we put data into this function it outputs an irregular value. The Irregular value it outputs
is known as “Hash Value”.Hash Values are simply numbers but are often written in
Hexadecimal. Computers manage values as Binary. The hash value is also data and is often
managed in Binary.

A hash function is basically performing some calculations in the computer. Data values that are
its output are of fixed length. Length always varies according to the hash function. Value
doesn’t vary even if there is a large or small value.

44
If given the same input, two hash functions will invariably produce the same output. Even if
input data entered differs by a single bit, huge change in their output values. Even if input data
entered differs huge, there is a very minimal chance that the hash values produced will be
identical. If they are equal it is known as “Hash Collision”.

Converting Hash Codes to their original value is an impossible task to perform. This is the
main difference between Encryption as Hash Function.

45
Features of hash functions in system security:

One-way function: Hash functions are designed to be one-way functions, meaning that it is
easy to compute the hash value for a given input, but difficult to compute the input for a given
hash value. This property makes hash functions useful for verifying the integrity of data, as any
changes to the data will result in a different hash value.
Deterministic: Hash functions are deterministic, meaning that given the same input, the output
will always be the same. This makes hash functions useful for verifying the authenticity of
data, as any changes to the data will result in a different hash value.
Fixed-size output: Hash functions produce a fixed-size output, regardless of the size of the
input. This property makes hash functions useful for storing and transmitting data, as the hash
value can be stored or transmitted more efficiently than the original data.
Collision resistance: Hash functions should be designed to be collision resistant, meaning that
it is difficult to find two different inputs that produce the same hash value. This property
ensures that attackers cannot create a false message that has the same hash value as a
legitimate message.
Non-reversible: Hash functions are non-reversible, meaning that it is difficult or impossible to
reverse the process of generating a hash value to recover the original input. This property
makes hash functions useful for storing passwords or other sensitive information, as the
original input cannot be recovered from the hash value.

Advantages:

Data integrity: Hash functions are useful for ensuring the integrity of data, as any changes to
the data will result in a different hash value. This property makes hash functions a valuable
tool for detecting data tampering or corruption.
Message authentication: Hash functions are useful for verifying the authenticity of messages,
as any changes to the message will result in a different hash value. This property makes hash
functions a valuable tool for verifying the source of a message and detecting message
tampering.

46
Password storage: Hash functions are useful for storing passwords in a secure manner.
Hashing the password ensures that the original password cannot be recovered from the hash
value, making it more difficult for attackers to access user accounts.
Fast computation: Hash functions are designed to be fast to compute, making them useful for
a variety of applications where efficiency is important.

Disadvantages:

Collision attacks: Hash functions are vulnerable to collision attacks, where an attacker tries to
find two different inputs that produce the same hash value. This can compromise the security
of hash-based protocols, such as digital signatures or message authentication codes.
Rainbow table attacks: Hash functions are vulnerable to rainbow table attacks, where an
attacker precomputes a table of hash values and their corresponding inputs, making it easier to
crack password hashes.
Hash function weaknesses: Some hash functions have known weaknesses, such as the MD5
hash function, which is vulnerable to collision attacks. It is important to choose a hash function
that is secure for the intended application.
Limited input size: Hash functions produce a fixed-size output, regardless of the size of the
input. This can lead to collisions if the input size is larger than the hash function output size.

24.Write about Email Security

Email (short for electronic mail ) is a digital method by using it we exchange messages
between people over the internet or other computer networks. With the help of this, we can
send and receive text-based messages, often an attachment such as documents, images, or
videos, from one person or organization to another.

It was one of the first applications developed for the internet and has since become one of the
most widely used forms of digital communication. It has an essential part of personal and
professional communication, as well as in marketing, advertising, and customer support.
In this article, we will understand the concept of email security, how we can protect our email,
email security policies, and email security best practices, and one of the features of email is an
email that we can use to protect the email from unauthorized access.

47
Email Security:
Basically, Email security refers to the steps where we protect the email messages and the
information that they contain from unauthorized access, and damage. It involves ensuring the
confidentiality, integrity, and availability of email messages, as well as safeguarding against
phishing attacks, spam, viruses, and another form of malware. It can be achieved through a
combination of technical and non-technical measures.
Some standard technical measures include the encryption of email messages to protect their
contents, the use of digital signatures to verify the authenticity of the sender, and email
filtering systems to block unwanted emails and malware, and the non-technical measures may
include training employees on how to recognize and respond to phishing attacks and other
email security threats, establishing policies and procedures for email use and management, and
conducting regular security audits to identify and address vulnerabilities.

We can say that email security is important to protect sensitive information from unauthorized
access and ensure the reliability and confidentiality of electronic communication.

Steps to Secure Email:

We can take the following actions to protect our email.

 Choose a secure password that is at least 12 characters long, and contains uppercase
and lowercase letters, digits, and special characters.
 Activate the two-factor authentication, which adds an additional layer of security to
your email account by requiring a code in addition to your password.
 Use encryption, it encrypts your email messages so that only the intended receiver
can decipher them. Email encryption can be done by using the programs like PGP or
S/MIME.
 Keep your software up to date. Ensure that the most recent security updates are
installed on your operating system and email client.
 Beware of phishing scams: Hackers try to steal your personal information by
pretending as someone else in phishing scams. Be careful of emails that request
private information or have suspicious links because these are the resources of the
phishing attack.

48
  Choose a trustworthy email service provider: Search for a service provider that
protects your data using encryption and other security measures.
 Use a VPN: Using a VPN can help protect our email by encrypting our internet
connection and disguising our IP address, making it more difficult for hackers to
intercept our emails.
 Upgrade Your Application Regularly: People now frequently access their email
accounts through apps, although these tools are not perfect and can be taken
advantage of by hackers. A cybercriminal might use a vulnerability, for example, to
hack accounts and steal data or send spam mail. Because of this, it’s important to
update your programs frequently.

Email Security Policies

The email policies are a set of regulations and standards for protecting the privacy, accuracy,
and accessibility of email communication within the organization. An email security policy
should include the following essential components:

 Appropriate Use: The policy should outline what comprises acceptable email
usage inside the organization, including who is permitted to use email, how to use
it, and for what purpose email we have to use.
 Password and Authentication: The policy should require strong passwords and
two-factor authentication to ensure that only authorized users can access email
accounts.
 Encryption: To avoid unwanted access, the policy should mandate that sensitive
material be encrypted before being sent through email.
 Virus Protection: The policy shall outline the period and timing of email messages
and attachment collection.
 Retention and Detection: The policy should outline how long email messages and
their attachments ought to be kept available, as well as when they should continue
to be removed.
 Training: The policy should demand that all staff members take a course on email
best practices, which includes how to identify phishing scams and other email-based
threats.

49
  Incident Reporting: The policy should outline the reporting and investigation
procedures for occurrences involving email security breaches or other problems.
 Monitoring: The policy should outline the procedures for monitoring email
communications to ensure that it is being followed, including any logging or
auditing that will be carried out.
 Compliance: The policy should ensure compliance with all essential laws and
regulations, including the health
 Insurance rules, including the health portability and accountability act and the
General Data Protection Regulation (GDPR)(HIPPA).
 Enforcement: The policy should specify the consequences for violating the email
security policy, including disciplinary action and legal consequences if necessary.
Hence, organizations may help safeguard sensitive information and lower the risk of data
breaches and other security incidents by creating an email security strategy.

Now, Let’s look at how to enable the confidential mode in our Gmail account. With
Gmail.com, there is a feature called confidential mode that we may use to safeguard our
email.These are the steps to use this feature:

Step 1: On your computer, go to Gmail and click compose as shown in the below screenshot.

Step 2: If you have already enabled confidential mode for an email, click Edit in the bottom
right corner of the window to add an expiration date and a passcode. These setting impact both
the message text and any attachments.

50
If you select “No SMS passcode,” recipients using the Gmail app will be able to open it
directly and those who don’t use Gmail will receive an email with a passcode.

On the other hand, if you select the “SMS passcode” recipients will get a passcode by a text
message for that you have to provide the recipient’s phone number.

51
Step 3: After providing the phone number click the save button.
Step 4: In the next step write the email and sent it to the recipient.

Remove Access before Expiration:

We can prevent the receiver from viewing the email before it does. Prior to the message’s
expiration date or until the sender removes access, the recipient may examine the message and
any attached files. This mode disables attachments and prevents us from copying, pasting,
downloading, printing, or forwarding message text.

Even so, while this mode aids in preventing receivers from unintentionally sharing your email,
it does not stop them from capturing screenshots or images of your messages or attachments

It does not stop receivers from capturing screenshots or images of your emails or attachments,
though this mode does make it more difficult for them to unintentionally share your emails
with others. The message or attachment can still be downloaded by the recipient even if they
have malicious software installed on their computer.

52
25.Explain about Intruders in Network Security
Cyber Security is the branch of technology that deals with the security of using the internet.
Technology is an essential part of today’s generation, it is hard to imagine our lives without
technology. Thus, it is very essential that the technology we use in our daily lives is extremely
secure and safe. Cyber technology is the branch of technology, that takes care of this need.

Importance of Cyber Security:

 Protecting Identity: Cyber security ensures that individuals’ identity is protected

and authenticity is maintained while using technology.
 Maintaining Privacy: Cyber security caters to the requirement of information or
content that is confidential is extremely secure. Users can trust the technology for
use.
 Securing Confidential Content: Sensitive information is the most vulnerable to
security threats. Attack on sensitive information such as bank information is most
common and done for monetary frauds.
The most common threat to security is the attack by the intruder. Intruders are often referred to
as hackers and are the most harmful factors contributing to the vulnerability of security. They
have immense knowledge and an in-depth understanding of technology and security. Intruders
breach the privacy of users and aim at stealing the confidential information of the users. The
stolen information is then sold to third-party, which aim at misusing the information for their
own personal or professional gains.

Intruders are divided into three categories:

 Masquerader: The category of individuals that are not authorized to use the system
but still exploit user’s privacy and confidential information by possessing
techniques that give them control over the system, such category of intruders is
referred to as Masquerader. Masqueraders are outsiders and hence they don’t have
direct access to the system, their aim is to attack unethically to steal data/
information.
 Misfeasor: The category of individuals that are authorized to use the system, but
misuse the granted access and privilege. These are individuals that take undue

53
 advantage of the permissions and access given to them, such category of intruders is
referred to as Misfeasor. Misfeasors are insiders and they have direct access to the
system, which they aim to attack unethically for stealing data/ information.
 Clandestine User: The category of individuals those have
supervision/administrative control over the system and misuse the authoritative
power given to them. The misconduct of power is often done by superlative
authorities for financial gains, such a category of intruders is referred to as
Clandestine User. A Clandestine User can be any of the two, insiders or outsiders,
and accordingly, they can have direct/ indirect access to the system, which they aim
to attack unethically by stealing data/ information.
 Regressively try all short passwords that may open the system for them.
 Try unlocking the system with default passwords, which will open the system if the
user has not made any change to the default password.
 Try unlocking the system by personal information of the user such as their name,
family member names, address, phone number in different combinations.
 Making use of Trojan horse for getting access to the system of the user.
 Attacking the connection of the host and remote user and getting entry through their
connection gateway.
 Trying all the applicable information, relevant to the user such as plate numbers, room
numbers, locality info.
To prevent intruders from attacking the computer system, it is extremely important to be aware
of the preventive measures which leads to strengthening of the security posture. Also,
whenever there is potential detection of the system being attacked make sure to reach cyber
security experts as soon as possible.

26.Write in detail about IP security (IPSec)

IP Sec (Internet Protocol Security) is an Internet Engineering Task Force (IETF) standard suite
of protocols between two communication points across the IP network that provide data
authentication, integrity, and confidentiality. It also defines the encrypted, decrypted, and
authenticated packets. The protocols needed for secure key exchange and key management are
defined in it.

54
Uses of IP Security
IPsec can be used to do the following things:

 To encrypt application layer data.

 To provide security for routers sending routing data across the public internet.
 To provide authentication without encryption, like to authenticate that the data
originates from a known sender.
 To protect network data by setting up circuits using IPsec tunneling in which all data
being sent between the two endpoints is encrypted, as with a Virtual Private
Network(VPN) connection.
Components of IP Security
It has the following components:

1. Encapsulating Security Payload (ESP)

2. Authentication Header (AH)
3. Internet Key Exchange (IKE)
1. Encapsulating Security Payload (ESP): It provides data integrity, encryption, authentication,
and anti-replay. It also provides authentication for payload.
2. Authentication Header (AH): It also provides data integrity, authentication, and anti-replay
and it does not provide encryption. The anti-replay protection protects against the unauthorized
transmission of packets. It does not protect data confidentiality.

IP Header

3. Internet Key Exchange (IKE): It is a network security protocol designed to dynamically

exchange encryption keys and find a way over Security Association (SA) between 2 devices. The
Security Association (SA) establishes shared security attributes between 2 network entities to
support secure communication. The Key Management Protocol (ISAKMP) and Internet Security
Association provides a framework for authentication and key exchange. ISAKMP tells how the
setup of the Security Associations (SAs) and how direct connections between two hosts are using

55
IPsec. Internet Key Exchange (IKE) provides message content protection and also an open frame
for implementing standard algorithms such as SHA and MD5. The algorithm’s IP sec users
produce a unique identifier for each packet. This identifier then allows a device to determine
whether a packet has been correct or not. Packets that are not authorized are discarded and not
given to the receiver.

Packets in Internet Protocol

IP Security Architecture
IPSec (IP Security) architecture uses two protocols to secure the traffic or data flow. These
protocols are ESP (Encapsulation Security Payload) and AH (Authentication Header). IPSec
Architecture includes protocols, algorithms, DOI, and Key Management. All these components
are very important in order to provide the three main services:
 Confidentiality
 Authenticity
 Integrity

56
IP Security Architecture

Working on IP Security
 The host checks if the packet should be transmitted using IPsec or not. This packet
traffic triggers the security policy for itself. This is done when the system sending the
packet applies appropriate encryption. The incoming packets are also checked by the
host that they are encrypted properly or not.
 Then IKE Phase 1 starts in which the 2 hosts( using IPsec ) authenticate themselves to
each other to start a secure channel. It has 2 modes. The Main mode provides greater
security and the Aggressive mode which enables the host to establish an IPsec circuit
more quickly.
 The channel created in the last step is then used to securely negotiate the way the IP
circuit will encrypt data across the IP circuit.
57
  Now, the IKE Phase 2 is conducted over the secure channel in which the two hosts
negotiate the type of cryptographic algorithms to use on the session and agree on
secret keying material to be used with those algorithms.
 Then the data is exchanged across the newly created IPsec encrypted tunnel. These
packets are encrypted and decrypted by the hosts using IPsec SAs.
 When the communication between the hosts is completed or the session times out
then the IPsec tunnel is terminated by discarding the keys by both hosts.
Features of IPSec
1. Authentication: IPSec provides authentication of IP packets using digital signatures
or shared secrets. This helps ensure that the packets are not tampered with or forged.
2. Confidentiality: IPSec provides confidentiality by encrypting IP packets, preventing
eavesdropping on the network traffic.
3. Integrity: IPSec provides integrity by ensuring that IP packets have not been
modified or corrupted during transmission.
4. Key management: IPSec provides key management services, including key
exchange and key revocation, to ensure that cryptographic keys are securely
managed.
5. Tunneling: IPSec supports tunneling, allowing IP packets to be encapsulated within
another protocol, such as GRE (Generic Routing Encapsulation) or L2TP (Layer 2
Tunneling Protocol).
6. Flexibility: IPSec can be configured to provide security for a wide range of network
topologies, including point-to-point, site-to-site, and remote access connections.
7. Interoperability: IPSec is an open standard protocol, which means that it is
supported by a wide range of vendors and can be used in heterogeneous
environments.
Advantages of IPSec
1. Strong security: IPSec provides strong cryptographic security services that help
protect sensitive data and ensure network privacy and integrity.
2. Wide compatibility: IPSec is an open standard protocol that is widely supported by
vendors and can be used in heterogeneous environments.

58
 3. Flexibility: IPSec can be configured to provide security for a wide range of network
topologies, including point-to-point, site-to-site, and remote access connections.
4. Scalability: IPSec can be used to secure large-scale networks and can be scaled up or
down as needed.
5. Improved network performance: IPSec can help improve network performance by
reducing network congestion and improving network efficiency.
Disadvantages of IPSec
1. Configuration complexity: IPSec can be complex to configure and requires
specialized knowledge and skills.
2. Compatibility issues: IPSec can have compatibility issues with some network
devices and applications, which can lead to interoperability problems.
3. Performance impact: IPSec can impact network performance due to the overhead of
encryption and decryption of IP packets.
4. Key management: IPSec requires effective key management to ensure the security of
the cryptographic keys used for encryption and authentication.
5. Limited protection: IPSec only provides protection for IP traffic, and other protocols
such as ICMP, DNS, and routing protocols may still be vulnerable to attacks.

27.Write about firewall design principals in network security

A Firewall is a hardware or software to prevent a private computer or a network of computers

from unauthorized access, it acts as a filter to avoid unauthorized users from accessing private
computers and networks. It is a vital component of network security. It is the first line of
defense for network security. It filters network packets and stops malware from entering the
user’s computer or network by blocking access and preventing the user from being infected.

Characteristics of Firewall

1. Physical Barrier: A firewall does not allow any external traffic to enter a system or
a network without its allowance. A firewall creates a choke point for all the external

59
 data trying to enter the system or network and hence can easily block access if
needed.
2. Multi-Purpose: A firewall has many functions other than security purposes. It
configures domain names and Internet Protocol (IP) addresses. It also acts as a
network address translator. It can act as a meter for internet usage.
3. Flexible Security Policies: Different local systems or networks need different
security policies. A firewall can be modified according to the requirement of the
user by changing its security policies.
4. Security Platform: It provides a platform from which any alert to the issue related
to security or fixing issues can be accessed. All the queries related to security can be
kept under check from one place in a system or network.
5. Access Handler: Determines which traffic needs to flow first according to priority
or can change for a particular network or system. specific action requests may be
initiated and allowed to flow through the firewall.

Need and Importance of Firewall Design Principles

1. Different Requirements: Every local network or system has its threats and
requirements which needs different structure and devices. All this can only be
identified while designing a firewall. Accessing the current security outline of a
company can help to create a better firewall design.
2. Outlining Policies: Once a firewall is being designed, a system or network doesn’t
need to be secure. Some new threats can arise and if we have proper paperwork of
policies then the security system can be modified again and the network will
become more secure.
3. Identifying Requirements: While designing a firewall data related to threats,
devices needed to be integrated, Missing resources, and updating security devices.
All the information collected is combined to get the best results. Even if one of
these things is misidentified leads to security issues.

60
 4. Setting Restrictions: Every user has limitations to access different level of data or
modify it and it needed to be identified and taken action accordingly. After
retrieving and processing data, priority is set to people, devices, and applications.
5. Identify Deployment Location: Every firewall has its strengths and to get the most
use out of it, we need to deploy each of them at the right place in a system or
network. In the case of a packet filter firewall, it needs to be deployed at the edge of
your network in between the internal network and web server to get the most out of
it.

Firewall Design Principles

1. Developing Security Policy

Security policy is a very essential part of firewall design. Security policy is designed according
to the requirement of the company or client to know which kind of traffic is allowed to pass.
Without a proper security policy, it is impossible to restrict or allow a specific user or worker
in a company network or anywhere else. A properly developed security policy also knows what
to do in case of a security breach. Without it, there is an increase in risk as there will not be a
proper implementation of security solutions.
2. Simple Solution Design
If the design of the solution is complex. then it will be difficult to implement it. If the solution
is easy. then it will be easier to implement it. A simple design is easier to maintain. we can
make upgrades in the simple design according to the new possible threats leaving it with an
efficient but more simple structure. The problem that comes with complex designs is a
configuration error that opens a path for external attacks.

3. Choosing the Right Device

Every network security device has its purpose and its way of implementation. if we use the
wrong device for the wrong problem, the network becomes vulnerable. if the outdated device is
used for a designing firewall, it exposes the network to risk and is almost useless. Firstly the
designing part must be done then the product requirements must be found out, if the product is
already available then it is tried to fit in a design that makes security weak.

61
4. Layered Defense
A network defense must be multiple-layered in the modern world because if the security is
broken, the network will be exposed to external attacks. Multilayer security design can be set
to deal with different levels of threat. It gives an edge to the security design and finally
neutralizes the attack on the system.

5. Consider Internal Threats

While giving a lot of attention to safeguarding the network or device from external attacks.
The security becomes weak in case of internal attacks and most of the attacks are do ne
internally as it is easy to access and designed weakly. Different levels can be set in network
security while designing internal security. Filtering can be added to keep track of the traffic
moving from lower-level security to higher level.

Advantages of Firewall:

1. Blocks infected files: While surfing the internet we encounter many unknown
threats. Any friendly-looking file might have malware in it. The firewall neutralizes
this kind of threat by blocking file access to the system.
2. Stop unwanted visitors: A firewall does not allow a cracker to break into the
system through a network. A strong firewall detects the threat and then stops the
possible loophole that can be used to penetrate through security into the system.
3. Safeguard the IP address: A network-based firewall like an internet connection
firewall(ICF). Keeps track of the internet activities done on a network or a system
and keeps the IP address hidden so that it can not be used to access sensitive
information against the user.
4. Prevents Email spamming: In this too many emails are sent to the same address
leading to the server crashing. A good firewall blocks the spammer source and
prevents the server from crashing.
5. Stops Spyware: If a bug is implanted in a network or system it tracks all the data
flowing and later uses it for the wrong purpose. A firewall keeps track of all the
users accessing the system or network and if spyware is detected it disables it.

62
Limitations:

1. Internal loose ends: A firewall can not be deployed everywhere when it comes to
internal attacks. Sometimes an attacker bypasses the firewall through a telephone
lane that crosses paths with a data lane that carries the data packets or an employee
who unwittingly cooperates with an external attacker.
2. Infected Files: In the modern world, we come across various kinds of files through
emails or the internet. Most of the files are executable under the parameter of an
operating system. It becomes impossible for the firewall to keep a track of all the
files flowing through the system.
3. Effective Cost: As the requirements of a network or a system increase according to
the level of threat increases. The cost of devices used to build the firewall increases.
Even the maintenance cost of the firewall also increases. Making the overall cost of
the firewall quite expensive.
4. User Restriction: Restrictions and rules implemented through a firewall make a
network secure but they can make work less effective when it comes to a large
organization or a company. Even making a slight change in data can require a
permit from a person of higher authority making work slow. The overall
productivity drops because of all of this.
5. System Performance: A software-based firewall consumes a lot of resources of a
system. Using the RAM and consuming the power supply leaves very less resources
for the rest of the functions or programs. The performance of a system can
experience a drop. On the other hand hardware firewall does not affect the
performance of a system much, because its very less dependent on the system
resources.

63