STEP TOWARDS SUCCESS
Guru couind mee Indra Prastha = University Series
SOLVED PAPERS
(PREVIOUS YI S SOLVED QUESTION PAPERS]
[B.Tech]
SEVENTH SEMESTER
| Information Security
(ETCS-401)SYLLABUS
[Academic Session: 2016-17]
INFORMATION SECURITY [ETCS-401]
Instructions to Paper Setters:
1. Question No. 1 should be compulsory and cover the entire syllabus. This question should
have objective or short answer type questions. It should be of 25 marks.
2. Apart from Question No. 1, rest of the paper shall consist of four units as per the syllabus.
Every unit should have two questions. However, student may be asked to attempt only 1
‘question from each unit, Each question should be of 12.5 marks.
UNIT-I
INFORMATION AND SECURITY
Information Systems: Recent History, Distributed Information System and its Importance,
Role of Internet and Web Services, Threats and attacks, Classification of Threats and
Assessing Damages Security in Mobile and Wireless Computing- Security Challenges in
Mobile Devices, authentication Service Security, Security Implication for organizations,
Laptops Security. Basic Principles of Information Security, Confidentiality, Integrity
Availability and other terms in Information Security, Information Classification and their
Roles, Privacy of Data. IT1, T2][No. of hrs. 12}
UNIT:
NETWORKS AND E-SECURITY
Concepts in Internet and World Wide Web: Brief review of Internet Protocols-TCP/IP,
IPV4, IPV6. Functions of various networking components: Routers, bridges, switches,
hub, gateway and Modulation Techniques. Need for security,Legal, Ethical and Professional
Issues in Information Security, Risk Management, 11 Security Threats to 8-Commerce,
Virtual Organization, Business Transactions on Web, E Governance and EDI, Concepts in
Electronics payment systems, E Cash, Credit/Debit Cards.
Digital forensics including digital evidence handling: Media forensics, Cyber forensics,
Software forensics, Mobile forensics. (11, T2}(No. of hrs. 11]
UNIT
PHYSICAL SECURITY AND BIO-METRICSAS SECURITY
Physical Security: Needs, Disaster and Controls, Basic Tenets of Physical Security and
Physical Entry Controls, Access Control- Biometrics, Factors in Biometrics Systems,
Benefits, Criteria for selection of biometrics, Design Issues in Biometric Systems,
Interoperability Issues, Economic,gnd Social Aspects, Legal Challenges Framework for
Information Security, Security Metrics, Information Security Vs Privacy.
(11, T2]No. of hrs. 11]
UNITIV
NETWORK CRYPTOGRAPHY
Model of Cryptographic Systems, Issues in Documents Security, System of Keys, Public Key
Cryptography, Digital Signature, Requirement of Digital Signature System, Finger Prints,
Firewalls, Design and Implementation Issues, =
Policies Network Security: Basic Concepts, Dimensions, Perimeter for Network
Protection, Network Attacks, Need of Intrusion Monitoring and Detection, Intrusion Detection
Virtual Private Networks- Need, Use of Tunnelling with VPN, Authentication Mechanisms,
‘Types of VPNs and their Usage, Security Concerns in VPN. _[T1, T2](No. of hrs. 10]MODEL PAPER-I
FIRST TERM EXAMINATION
SEVENTH SEMESTER (B.TECH)
INFORMATION SECURITY [ETCS-401]
Time : 1% hrs. MLM. : 30
Note: Ques no.1 is compulsory and attempt any two from the rest. In all attempt 3 questions.
a
(a) Describe Goal of Information Security.
Ans. Information security follows three overarching principles:
Confidentiality is the term used to prevent the disclosure of information to
unauthorized individuals or systems. Breaches of confidentiality take many forms.
Permitting someone to look over your shoulder at your computer screen while you have
confidential data displayed on it could be a breach of confidentiality. Ifa laptop computer
containing sensitive information about a company’s employees is stolen or sold, it could
result in a breach of confidentiality. Giving out’confidential information over the
telephone is a breach of confidentiality if the caller is not authorized to have the
information.
Integrity: In information security, integrity means that data cannot be modified
without authorization. This is not the same thing as referential integrity in databases.
Integrity is violated when an employee accidentally or with malicious intent deletes
important data files, when a computer virus infects a computer, when an employee is
able to modify his own salary in a payroll database, when an unauthorized user
vandalizes a web site, when someone is able to cast a very large number of votes in an
online poll, and soon.
Availability: For any information system to serve its purpose, the information must
be available when it is needed. This means that the computing systems used to store
and process the information, the security controls used to protect it, and the
‘communication channels used to access it must be functioning correctly. High availability
systems aim to remain available at all times, preventing service disruptions due to
power outages, hardware failures, and system upgrades. Ensuring availability also
involves preventing denial -of- service attacks.
Q.1. (6) What are various mobile device attacks?
Ans. Mobile Security has become a crucial aspect of protecting sensitive data and
information. Malicious attacks once focused on PC’s have now shifted to mobile phones
and applications. Mobile makers are aware of this fact and are investing heavily in
security.
Mobile device attacks can be split into 4 main categories:
OS Attacks: Loopholes in operating systems create vulnerabilities that are open to
attack. Vendors try to solve these with patches.
Mobile App Attacks: Poor coding and improper development creates loopholes and
compromises security. i
Communication Network Attacks: Communications such as Bluetooth and Wi-
Fi connections make devices vulnerable.
Malware Attacks: There has been a constant rise in malware for mobile devices.
The focus is on deleting files and creating chaos.erent Someta, Inrmaton Susy
Sader oft
Leaman erecta nly ean decree Ga
code
+ Digital Signature: Digital signa
‘A igital signature is a e-signature atbent
pessword
ate: Scary crete unique gal id uted to verify
Conti
idual website oF UE.
‘What are the advantages and di
faadvantages of Electronic Payment
1 become widespread, the
urvey, Bankrate
pee
Redaced Transaction Corte: Whletherare 0 i
cere ar ational charges or makings
cash payment, tps tothe store pial cost mone, and Os
seer SN a areca
ToeTs he lng fom epigment ld tre
peeing cut ath nis nd sn
Eopeyment Disadvantages:
‘Security Concerns Alovgh
{he person who performed the
nd ecevoa refund. transaction, tough ican be di
jty-(B-Tech)-Akash Books
toms come with an ineroased need to
1 payment methods with the help of
bank-to-bank transaction)
bought or services availed cash hi
Sretcash is ensured by digital signature
providers involved, The ered
"The creditcard transact
crodit card number and expiration date while
ies thatthe consums
placing an order. This information hassean!
atv precincts
toring ae he ena ernest
Confidential orton to wt siete uauthorized person
Ans. In order for one to produce a secure system, itis important toclassify threats. | proper encryption,
‘The classification of threats could be: bank, credit eard andi
ee ——
: Se ecammengeserneaet
= eons
——
ik ahh es vers whether
Malicious misuse.
Pysical Threat: Physical threat oa computer system could be as a result of loss
the whole computer system, damage of hardware, damage tothe computer soteere,
ES SI eR ae hs ee
Aecientalerror Thies snmp cay ne vgneseys eco
spe hd aor tars ei comptr et
‘em Aare on ey ain cean enya k‘seventh Semester, Information Security
gers at mobi
MODEL PAPER-1
SECOND TERM EXAMINATION
SEVENTH SEMESTER (B.TECH)
INFORMATION SECURITY [ETCS-401]
ew Feature: Newly ade features and updates a
ime example
ss we are becoming increasingly dependent on our mabile devices,
as the appropriate use of data. When companies
m that is provided or entrusted to them, the data
| Sechtuaenontins tei aie et acs ottecsaane
Sirantaatesrntuaeltomentanerpae anergy pea
(atswe seth See brain Sr
shat amen yeaah? oo
a ty cerdetng ages a2 Kip hte mene
si pags hea noo
‘Sno eclent ofthe esse :
a ious characteristics of biometric?
acteristics may be captured in the first ph
LP, University-(B-Teeh)-Akash Books MP9
1s, and some
vacy by logging their usage and mal
thout their consent, or make money by selling the user's bandwidth to athe
The attribute
mt ees the charactristilati
on accident or
rate ove ong period of time
faorenehacedon age ether episodic
1, Universal: Every pert
must be one thet ie universal and seldom
invariance of properties: They sh
‘The attribute should not be eubjet to signif
shuld te capable bing reduced tof
earensanc: The abuts sold
eee ul ens bigheeibilty and
Ment late te privacy ofthe person.
debut toa state that ake eaigially
the purpose of protecting personal
But some Interet ite beck asa ia known VPN to prevent
‘The VPN security model provides:
+ Confidentiality such that even ifthe network’
(see network sniffer and Deep packet inspection),
data
| + Sender authentication to prevent unauthorized users from accessing the VEN
| __-+ Message integrity to detect any instances of tampering with transmitted
gather the attribute data passively.
4. Singularity: Each expression of the attribute must be unique tothe individual,
‘The characteristics should have sufficient unique propertos to distinguish one person
from any other. Height, weight, hair and eye exlor are all attribute
assuming a particularly precise measure, but do not offer enough points
to be useful for more than eategorizing.
ttacker would only see encrypted
11 Reliability and tamper-resistance: The attribute should be impractical to mack
ormanipulate. The process should ensure high reliability and reproducibility
'& Privacy: The process should not vilate the privacy ofthe person.
‘should be able to reduce the attribute to a state that makes it
3, The less probabilisti the matching involved, the more
device o application wed to inspect
sowork trafic and alert the user or administrator when there has been unauthorized
tempts or access, The two primary methods of monitoring are signature-based and
‘onthe device or application sed, the IDS ean ether simplyaoaify the acces control list onthe gateway
initrator for appropriate action.
MODEL PAPER-I
END TERM EXAMINATION
| SEVENTH SEMESTER (B.TECH)
INFORMATION SECURITY [ETCS-401]
MM.:75,
,pulsry and attempt any two from the rest. In altattempt 3 questions
| company heedquartered i
Data Security Standard
‘Approved Scanning Ve
| ‘make EDI happen, four elements of infrastructure must exist:
| format standards are required to facilitate automated processing by all users:
| (@)transtation software is required to translate from a user’s proprietary format
| forinternal at storage into the generic external format and beck gan:
| value-added networks are very helpfalin volving the technical problems of sending
| information between computers; and
inexpensive microcomputers are required to bring al potential wsere—even small
cones-into the market. It has only been in the past several years that all of these
ure Electronie Transaction (SET) a system for ensuring the security of
‘supported initially by Mastercard, Visa,
financial transactions on the Internet. It— Se Laer
Seventh Semester, Information Soounty
1MP
ny th
‘Secure Sockets Layer (SSL), Micromats Secure Tre
Hipertest Tranfer Protocol
‘Ans, Security Protocols in Internet "
‘atoning ar he poplar proteas used over the ilernt which ensures security of
tranaactions made over the ints
‘Secure Socket Layer (SSL): Itis the mest com
used across the indusiy Iemeets following security requirements
* Authentication
+ Boeryption
Integrity
+ Non-eputability
tips ist be used for HTTP urls with SSL, where as
HPP urle without SSL
Secure Hypertext Transfer Protocol (SHTTP): SHTTP extends the HTTP
internet proto! with publickey encryption, authentication and digital signature over
theimernet Secure ITFTP supports multiple security mechanism providing security to
‘nd users, SHTTP works by negotiating encryption scheme types used between cient
secure protocol developed by MasterCard
the beet secunty protocol. Ithas following
monly wsed protocol and is widely
https isto be used for
components”
Card Holder's Digital Wallet Software: Digital Wallet allows cardholder to
‘make secure purchases online via point and dick interface
Journey, so youl have to test and analyse and change your plans
7, Build a trusted brand. Today’ online thoppers are pretty savy’ Just as you
wall tsar signed and en en sen
ets. The payments are signed and encrypted, th rough the merchant bane | wouldn't buy fish and chips from a run-down, dirty old van because you dont trust that(6) Site to Site VPN: Intranet bared: Ths type of VPN can be used
Remote locations are present and can be made to join toa single net
| 7. Hybrid VPN: A few companies have managed to combine features of SSL and
[Sec & also other types of VPN types. Hybrid VPN servers ae able to accept connections
fom multiple typesof VPN clients The offer higher eability at bth clienbt and server
levels and bound to be expensive
for suspicious traffic by analyzing wireless networking protocols
3. Network behavior analysis (NBA): examines network trafic to identify threats
that generate unusual traffe flows, such as distributed denial of eervice (DDoS) attacks,
certain forms of malware and palicyvslations
iSecurity
toforatin
semester,
1e-MP seventh (HIPS): an installed sotyan,
package which monitors ing os
owed ta
net iat is known tothe sender. The sender inputs the
thm along withthe plaintext in oder ta compute
penetration. Tis implies that use ofa trusteg io that is known tothe receiver The decryption keys
‘The firewall tsefis immune tj
3. always identical tot The receiver inputs the
cpecenin cue omnes cacompone
ant Joyoumeanty expen! Wha sr oon a
componente ofa rypeonien
nha heparin cn nlemesiaton frptegraphi techniques and the
tt apee naranog ear sevice. ACEPLyaen
{SS tered oar sober on. paae
Teas cunt singe ol af crpagtem that provides
the frat eng rate Ts el i pied inthe
rlated tothe encryption
decryption ey into the dcrytin alert lng wth the ihe text inorder oops
the plaintext
‘Types of Cryptosystems: Fundamentally, ther are tw type of eyptorystene
‘aged the manner in which enrypton decryption seared out inthe sate
(=) Gon) | + Symmetrie Key Eneryption
&) ae
| QA. Describe public key cryptography.
ey cryptography, we donot find historical ure of public key
tively new concept
;
|
tion system analyzing event
“onus ttesionprvention 2 iy hy anal :
i
'of@ Cryptonystem: The various components ofa basic eryptosyst@™
+ Plaintent: Its the data tobe protected during transmissioiy sed in the protcted net
ra1Paddress whenthe user attempt to
going network traffic based on
ween a trusted, eecure internal network and another netwity
er, Information Se
‘Seventh Semester,
20-MP
nin ec FIRST TERM EXAMINATION [SEPT, 2016]
epee a SEVENTH SEMESTER [B.TECH]
INFORMATION SECURITY [ETCS-401]
hoa
sen iy mse
chm tha selects pia)
orth te algorithm oUt?
omplusory. Attempt ny two more questions from the
empt all parts ofthe following:
=
chara venga ‘ What do you mean by Computer cris
sither ase eae e ?
‘Two main properties are rei
arty without knowing
ication mechanioa th
iy threat occurs when someone outside your network creates a
etwark. A inteSeventh Semester, Information Soeur
packets securely through
the vice and converts th
42018
‘sing Pecan Salty routes te encrypted
[At the remote ite, another VoIP router decodes
twaan analog signal fr delivery to the phate
[ANGIP VPN can also run within an IPin TP cunvel oF 0
Sees
eae
ed ee ce
Ans. Attacks and Threats: threat isan event that can take advantage of
‘uloeablity andes a negneinpect onthe nor: Potent reat tthe eon
2-Ter Architecture
Database Ter f y
Tigi 2-Tier Architecture of ISseventh Semester I
son diferent
Client & Database ir END TERM EXAMINATION (DEC. 2016]
SEVENTH SEMESTER [B.TECH]
INFORMATION SECURITY (ETCS-401]
‘Ans. principle whichis core eg
‘Mow, and
wwe main objectives of
tot ie everig. or si
dct of acesing may mea si rane
me
Sona of entities through login
sion numbers (PING), biometric
ans that informations only being sen or used by people
the erplologcal meaning and appl
that provide proof ofthe intagnty and origin of data, An authentication that ean
fsserted tobe gensne with high assurance
in general, isa fraudulent
communication i sent from an unknown source di
receiver. Spoofing is most prevalent in communi
ih level of ccurty.204 to add security
mein and the ndamet VR
taser to conneet toa py
sanccton between te
+ Consequences.
+ Attack based en SMS and MOS.
+ Attacks based on communication networks.
+ dice Jacking
() Explain how the digi - F
Eaplain ow the gia Siptataresheps to improve the10-2016
another
aries over time. More
+ Acceptability relates to how wel individuals in the relevant population accept
the technology such that they are willing to have their biometric trait captured and
‘Proper biometric use is very aplication dependent. Certain biometrics willbe better
than others based on the required level of eonvenience and secuits No single biometric
Design isues: Biometric data contains information acquired from individuals, which
‘entity them. This raises issues of privacy and data protection. Ifthe
tabase, privacy concerns may be higher than.
only ona card retained by the individual
‘Tequite a central database for their basic
necessary to understand privacy issues in regard to biometric data
ns and to apply to protective safeguards inthe deployment ofthese
viduals. Biometric identifiers are often categorized as pb
‘characteristics. Physiological characteritice are related tote!seventh Soret, nrmation Ssury
iversity-(B-Tech)-Akash Books 201613formation Security
14-2016 er,
ner text C
«+ Returning agai
Q5. What is 1DSdntrusion Detect
Hloring and detection. Explain
nt
Tina typical network scenario, a firewalls ust
cout While ante-viras(AV) software detects and stops
oot i take eae of acces-contol, ete. Ths, most people IT managemes
‘Tonder,“Why do need an IDS?”
‘are in how an IDS works. fire
network services, which causes abormal
‘vith traffic uti a shutdown occurs because
sad'read network packets. Ifthe packets are not
I view af the data inside the packet, Ben encapsulated
communications occu
gained access
traffic. When an att2-140 Differentiate between activeand passive attacks. Name some active
Seren ag: tino pineratintonthrhiththehne gy and ove tacks @
0 Dumpster! Ha ‘or priviledged information.
it iallow the attacker et ses oF PONE data to getinformationsy [ Basic for Comparino
Browsing Signing re gid en anion fatty would ag
restr on Ty line a wns times
principle of security
(@..00) Why confidentiality is ani
the ways of achieving it?
‘Ans. All nformation security measure
try to address at east one of three
Avery key component of protctng information confidentiality would be
Encryption ensures that only the right people (people who knows the key) can read! messa
information. A very prominent example will be SSL/TLS, a security proto] messa
‘communications over the internet that hasbeen used in conjunction with a large 8 Wao
of internet proves to ensure security. }
j
j 1=
LP. University-(B.Tech}-Akash Books 3087-5
Q.2.(iv) Steganography an
fae Sogagreay th en metering dn mane
‘that no one, apart from the sender and intended pie, ump inet
NS merng nome ymca mone ne
{ewes et rat gn end manent li tn
ear oF make Use informa Peek mods Hegunee meting -rvred or prosct andpapbn mening WN
“toga mees agent ere ana wheat
Basic Steganography Model
B cantyeeateee
_ (vw) WWW and Internet
| fan noe. erm september 2018 (pg. 20631
| Qa What ar the thre pillarofscurt? Dene he following terms: (10)
‘Dorth 1 “Ans. Refer Q.4. First term september-2016 (page no. - 6-2016]
T observe Pater of anaye Salling: :
‘Sniffing involves capturing, decoding, inspecting and interpreting the information
— [ from Bob to All
- f eee chet on a TCP/IP network The purpote i to steal informatio,
si net Pactoworde, network deals, crit card number, ot. Sniffing is
Intra o Terre oan a-pevsive ype of aac wherein the atacker can bese!
erally rl a
je f ical to detect, and hence itis a dangerous
tb
visible on the network. This makes it
Qs 7 of attack.
wn By ite very nature, the TCPAP protacalis only meant for ensuring that packet is
‘nstructed, mounted on an Ethernet packs frame, abd relibly delivered from the
Fig. Traffic analysis ‘ender tothe receiver across networks.LP. University-{BTech- Akash Books aor
eer DIPassword Sniting QA.tD Snooping
_ gguTLS Session Sniffing
roi and ETP Sting
“16 Session Sniffing, UDP:
SRE ARE]. - p-port Snitting
“=. MAG ARP Sniffing
ner tha sniig ean range from Layer 1 through ag
oun # person who may be an employee ofthat
einer LAN an ran abo dreiy cates 4. gy
‘Ans, Refer Q4. First term september-2016 [page no, -6-2016)
4
of socal engineering attack often used to steal wes
tom myuniversiszed is mase-distibuidieO™
ser’ password is about to expire. Insts
renewal renew their pasword within 24
ee[ATION (DEC. 2017)
EXAMINER (B-TECH.]
END TERM
NTH ‘SEME!
Se MATION SECURITY [ETCS-401]
INF 4 7
: ining Quench #cOMPUIOT |
: ing questions betel
cen threat, vulnerability and righ,
jot ually
antes threat :
jnclude financially motivated criminals (
Se (ack titre eareleasemglen)
bank realized that he had accidentally overdrawn his checking
{tment in the bank's counting system so that his account
service charge assessed. As soon as he deposited funds
+ Cross-site Scripting (SSS)
+ SQLInjection
‘+ Cleartext transmission of sensitive data
+ Failure to check authorization ta sensitive resources
Risks are usually confused with threats, however, there is anuanced|
—a risk refers to combination ofa threat’s probability and
oss/impact (usually inmonetary terms, however, it should be noted that a
is translates to the following.
jor security concerns in VPN? Cy
rate Network is a method used to add security and
Fiore, like WiFY Hotapots and the Internet. VPNs are
protect sensitive data
‘Theroforea skis sent seunanesov bo
+ to result from that scenario, The following is a 2 of how ask
be constructed. mings hypothetical example of how
+ SQLiinjectionis vulnerability,
+ Sensitive dat thet sont the ber treats SQL injection em
Financially motivated attackers are one of the threat actors; J
+ The impact of sensitive data
ting stolen will bar a t
‘cost (financial and reputational eat ace bear a significant |Security
+, fort | int
seat Semen sation can| niversity {8.7
s Jo how authentic Be Rching Aa Books re
sty with areal ime =A *
sector
J toknow exact
yar env ed 2 ye
sa anecient needs okI0™ Ut UN ay
Nevertheless we dont
: wan tov p the abrtraction hat we aes access
system that is running under a single authority. ne
Patt ede Pinan] Institution Examination
a Sorvies (MFS) including: a
setheriation. Financial institutions
oumelyon twofactor or mult
Produce o they know exady who their purchasers ae,
(Q.2 (a) Eaplain Distributed information System fits importance, (9
Ans, Distributed Information Systems:
Central Imformation system computer network
opin sapien
‘Communication Network
nett This doseoat ee eternation yates had always been ued 7
‘sums yay fundamental problems inadition to thote¥ nls
node: ning system is centralized, i.e. runnin€ Peerage: Ca ae te aa i
‘Physical Distribution: Distribution i ‘Sharing Data: Tere is in the environment where user atone
esorcee of ata — support ute of distri nay beable to acess the data residing at other sites.
rove rc ae eo itstnd
——a eesemester. nt
we-2017 Seventh a of ata stb
sur tonamy Bean ig a pare rd SA
. + nt ited aystem there is # global strat
Te ditibted ote eet Ha
Mo each ste. Depending
iversity-{B:Toch}-Akash Books 2017-15
t the benefits which EDI offers to a business
‘organization? Explain the various components of EDI. How electronic payment
System is neficial in comparison to traditional payment system? (12.8)
pen, four elements of infrastructure must exis:
iat standards are required to facilitate automated processing by all users;
) translation software is required to translate from a users propriotary
ate from a user's proprietary format
nal data storage into the generic external format and back agein;
ued nator avery bf in ecvng thence fending
‘between computers; and eee “
the entire system. Apart of
talocal data base administrator
"pensive microcomputers are required to bring all potential users—even small
me-into the market. It has only been inthe past several years that all af these
ta place,
ata interchange (EDD isthe electronic transmission of structured data
ge standards from one computer system to another without human
system for exchanging business document with external entities,
EDI refors toa family of standards and does ot specify tranaston methods,
which are rely agreed upon by the trading partners
‘EDI inthe busines world fciitates efficiency and eott
‘is used in such diverse business busines relatonshie as
+ Interchanges between health are providers and insurers
+Travel and hotel bookings
+ Education
+ Supply chain management
+ Administration
+ Texreporting
[BENEFITS OF EDE
+ ‘There have many benefits of dectronic data interchange much a
+ SPEED - Data an move dizety out ofone computer yer and into another
vith ite ono delay. 2 saa
+ ACCURACY--Errors are seduce beaut datas not being rye Errore
trom entering dtu arebetneen 52° On lange voles of raneactons the posbity
forthe introduction of error is enero
«SIMPLICITY - EDI standards specify how data wile formatted and whereit
canbe ound
SECURITY. J kel to lote information transmitted through EDI
ci Mae eptente ured ony by atbredweryanhen
cannot be easily changed by
Refer Q'5, End Term Paper (page no 14.2016)
3. How biometric system help in securing the information? What are!
‘various eriteria's biometric selection and also explain, how the desiga i
biometric systems can be handled taking acase study of any biometric:
youhave used?
Electronic payment systems have a range of pros in comparison to traditional
‘Ans. Refer Q.3. End Term Paper dec-2016 page no 10-2016,
banking services:‘LP. University(B.Taeh}-Akash Books
‘There are (wo types of tunneling:
+ Voluntary tunneling
+ Compulsory tunneling
‘Voluntary Tunneling
2017-19
‘Auror or client computer an eve,
eth coe ee tue VPN rues configure and rete onlay
Ute is «tunnel endpoint and sets a the tunnel
Fora LAN attached cnt computer thes tren
: thr irony a onnsion tothe
‘hat vie otingot reaped anata La nl serv Ta
‘ould bethecve oa ent at is using alway brentband Internat connection,
‘network technology that enables the encapsulation of one typ4
hun the datagram of diferent protoea. For example, Windows
Pree basta use Point-to-Point Tunneling rotacal (PPTP) packets to enca
cp eead private network traffic, such as TCP/IP traffic over a public network s 7 ‘
ta Laieoet ‘To carry outits function, the FEP must have the appropriate tunneling protocol installed
‘For PPTP and Layer Two Tunneling Protocol (L2TP), tunnel is similar to and must be capable of establishing the tunnel when the client computer connects
Bothof the tunnel endpoints mrt agreeto the tunnel and must negotiat
saribles, suchas adress assignment, encryption, or compression
red acrost the tunnel is sent using a datagram:
ystem that deals with internal and external attacks
and monitors network activity in real-time
‘There are two types of IDS:
Host-Based Intrusion Detection System (HIDS)
1 Thinis a Hostbased Sensor that needs software application as agents installed
on workstations, HIDS are the ones who monitored these agents. The agents monitor
{clivities and logs files ofa certain operating system where the agents are installed10. Unioers
* Univerniy 8 Tch)-Abash Books oxr-21
Intrusion Detection System eee ae
They can deoct attacks that travela the network by the
packets’ content at
+ Drop malicious packets
+ Can block packets from the source address
istinguish between Symmetric and Asymmetric key cryptography.
Which type of erytography is more secure and why? Explain the Diftre-
Hellman key Exchange algorithm for symmetric key cryptography. (12.6)LP. University 4B,
Tech Aka
eventh Sets, Inoraton SHY step by step Explanation obats 2orT23
w-2017
b
Kay generate =x mod P
achanee of geeraed keys ake piace
‘Step 9: Alice and Bab compute publi values
Alice: 9% mod 23) = (6661 mod 28)=6
Bob: y = (9°2 mod
Step 6: Alice and Bob compute symmetric keys
Alice:
‘Certainly with symmetric eneryption ou have to worry about secure key
bt as far as can tell there's na inherent reason why one must be more secure thi
other
Expecially piven thatthe anymmetric part is often just used forthe key ex
and then the actual data is encrypted with «symmetric algorithm.
Diffie Hellman algorithm
‘The Diffie-Hellman algorithm is being used to establish a shared secret
1, PCI Compliance: Payment Card Industry (PCI compliant. The Payment Card
Industry Socurity Standards Council was formed in 2006 to regulate major payment
‘brands and help merchants keep their customers financial data safe. ts their prerogative
‘+ For the sake of simplicity and practical implementation
will consider only 4 variables one prime P and G(a primitive root of
values a and,
Private values «and b and they generate a key and exchange it publily, the orf ‘T#tking passwords'Q.8:(b) Legal challenges framework for Information Security,
‘Ans. There are various legal challenges framework for info
‘are neede to improved. The exsting legal framework needs to be im
1 Legislation - adopting relevant laws, setting out standards and ar
Security, as well a8 functions of some institutions
{ions - responsible for tasks relating to verification
spplication, devices and systems, R&D and oversight of the
CERT - Computer Emergency Response Team.
FIRST TERM EXamin,
INFORMATION se,
to Q. 1. (e) First Term Sept:
Q.2. Write short notes on any two
1A)
SEVENTH Sempre ree oer 2018)
TER [B.TECH]
URITY (ETCS-401}
(@ LDAP Server (ii) Authentication Service Security (ii) Pull and
push as
attack on mobile devices
‘Ans. Refer to Q. 2. First Term Sept 2016
Q.3. Define and differentiate between. (Any 4)
pillars of sect
‘Ans. Refer to Q. 4. First Term Sept 2016.
‘Denial-of Service (i) No-repudation (iv) Spoofing.|
NATION ov. DEC 2018}
MESTER IB-
URITY [ETCS-401] wl]
Gg. twhic computor Sele ng
END TERM EXAM!
SEVENTH SEI
INFORMATION SEC
twtr program
conan ei ital Por example it say replace other executable ies
Reet lie el sean ee
Serer alte iron cant
Some viruses are programmed to damage the computer by dam
deleting files, or reformatting the harddisk Others are not designed to do 90),
dae co renicatethemaclves and make ther or
ideo, end audio messagen =
=
ashe hema
‘Medithe ability to present 8
afi er
va 8 behind the various
tr peLP. Universit
SA Aba Boke
Peasy mss
wrote tN
SPN Serve
ic cndenter utero
eeceece hen tn nathenticain i wad
TONE. Neotel ten communication stare _
‘+ Intranet based VPN: When several offices of the same company | conneeted
sf ita
pari onde
"Tae om analog to digital
Shedd ued
carrer wa
* rach thatthe signal,
Apter Plt empice
mala meson ay
Oe
Pras ates oe
itor rt te nt hr 05K)
‘Oat me say (OPS
EZ — rene en
eee peeeeneee
BE worn