Professional Documents
Culture Documents
All Merged
All Merged
All merged
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
Important Instructions to examiners:
1) The answers should be examined by key words and not as word-to-word as given in the model answer
scheme.
2) The model answer and the answer written by candidate may vary but the examiner may try to assess
the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more Importance (Not
applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in the figure. The
figures drawn by candidate and model answer may vary. The examiner may give credit for any
equivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed constant values
may vary and there may be some difference in the candidate’s answers and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of relevant answer
based on candidate’s understanding.
7) For programming language papers, credit may be given to any other program based on equivalent
concept.
Ans: Computer Security refers to techniques for ensuring that data stored in (Definition
a computer cannot be read or compromised by any individuals without :1 mark,
authorization. Need: Any
three
Need of computer Security: points:1
mark each
1. For prevention of data theft such as bank account numbers, credit card or CIA
information, passwords, work related documents or sheets, etc. Model
2. To make data remain safe and confidential. Explanatio
3. To provide confidentiality which ensures that only those individuals should ever n: 3 marks)
be able to view data they are not entitled to.
4. To provide integrity which ensures that only authorized individuals should ever
be able change or modify information.
5. To provide availability which ensure that the data or system itself is available
for use when authorized user wants it.
6. To provide authentication which deals with the desire to ensure that an
authorized individual.
7. To provide non-repudiation which deals with the ability to verify that message
has been sent and received by an authorized user.
Page 1 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
OR
1. Confidentiality: The principle of confidentiality specifies that only sender and
intended recipients should be able to access the contents of a message.
Confidentiality gets compromised if an unauthorized person is able to access the
contents of a message.
Example of compromising the Confidentiality of a message is shown in fig:
Here, the user of a computer A send a message to user of computer B. another user
C gets access to this message, which is not desired and therefore, defeats the
purpose of Confidentiality.
This type of attack is also called as interception.
2. Integrity: when the contents of the message are changed after the sender sends
it, but before it reaches the intended recipient, we say that the integrity of the
message is lost. For example, here user C tampers with a message originally sent
by user A, which is actually destined for user B. user C somehow manages to access
it, change its contents and send the changed message to user B. user B has no way
of knowing that the contents of the message were changed after user A had sent it.
User A also does not know about this change.
This type of attack is called as modification.
Page 2 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
4. Availability: The goal of availability s to ensure that the data, or the system
itself, is available for use when the authorized user wants it.
Ans: There are four basic techniques passwords selection strategies: (Any 4
a) User education: Tell the importance of hard-to-guess passwords to the users and Criteria:
provide guidelines for selecting strong password. 1mark
each)
b) Computer generated password: Computer generated passwords are random in
nature so difficult for user to remember it and may note down somewhere.
c) Reactive password checking: the system periodically runs its own password
cracker program to find out guessable passwords. If the system finds any such
password, the system cancels it and notifies the user.
d) Proactive password checking: It is a most promising approach to improve
password security. In this scheme, a user is allowed to select his own password, if
password is allowable then allow or reject it.
(c) Explain one time pad. technique. 4M
Ans: One time pad Security Mechanism: One time pad (Vernam Cipher) is the (Explanatio
encryption mechanism in which the encryption-key has at least the same length as n: 2 marks,
the plaintext and consists of truly random numbers. Each letter of the plaintext is Example: 2
marks)
mixed with one element from the OTP. This results in a cipher-text that has no
relation with the plaintext when the key is unknown. At the receiving end, the same
OTP is used to retrieve the original plaintext
Page 3 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
Steps for One time pad :
1. The key should be as long as the message
2. Key and plain text calculated modulo 26
3. There should only be 2 copies of the key (1 for sender and 1 for receiver)
Example: Suppose Alice wishes to send the message "HELLO" to Bob In OTP
assign each letter a numerical value: e.g. "A" is 0, "B" is 1, and so on. Here, we
combine the key and the message using modular addition. The numerical values of
corresponding message and key letters are added together, modulo 26. If key is
"XMCKL" and the message is "HELLO", then the encrypted text will be “EQNVZ”
OR
Assume :
PLAIN TEXT M A H A R A S H T R A
And
ONE-TIME-PAD V I R A T K O H A L I
PLAIN TEXT N O P Q R S T U V W X Y Z
1
VALUES 13 14 15 17 18 19 20 21 22 23 24 25
6
PLAIN TEXT M A H A R A S H T R A
VALUES 12 0 7 1 16 0 18 7 19 17 0
ONE-TIME-PAD V I R A T K O H A L I
VALUES 21 8 17 0 19 10 14 7 0 11 7
INITIAL TOTAL 33 8 24 1 35 10 32 14 19 28 7
SUBTRACT 26 IF
26 0 0 0 26 0 26 0 0 26 0
11TH ROW IS >25
7 8 24 1 9 10 6 14 19 2 7
CIPHER-TEXT H I Y B J K G O T C H
Page 4 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
(d) Define Counter Measure in computer system & threats types at least four 4M
for computers.
Ans: Counter measure: (Definition
Countermeasure is a defensive technology method used to prevent an exploit from of counter
successfully occurring once a threat has been detected. Service patches and access measure: 1
mark, Any
control lists are also considered to be types of countermeasures
Four
threats
Threats Types: Following are threats to security. types: 3
1. Virus & worms marks)
2. Intruders
3. Insiders
4. Criminal organization
5. Terrorists
6. Information warfare
7. Avenues of attack
8. Steps in attack
Virus: Computer Virus attach itself to a program or file enabling it to spread from
one computer to another , leaving infection as it travels from PC to PC or over
network. It copies itself into previously uninfected programs or files, and executes
over other source of attack. It can cause the loss or alteration of program or data
and can compromise confidentiality. It is almost attached with executable files.
Characteristics are: hard to detect, not easily destroyable, spreads infection widely,
easy to create, machine and operating system independent.
Worms:
• Worms are malicious programs that spread them automatically.
• Spread from computer to computer, without any human action intervention.
• It propagate autonomously, they are spread by exploiting vulnerabilities in
computer system.
• Worm is designed to copy itself from PC to PC via networks or internet.
• They spread much faster than viruses.
• Its effects are localized its damage to the computer network by causing
increased bandwidth.
• Worms consists of attack mechanism, payload and target selection
Intruders:
1. Extremely patient as time consuming More dangerous than outsiders
2. Outsiders Insiders
3. Keep trying attacks till success As they have the access and knowledge to cause
immediate damage to organization
4. Individual or a small group of attackers They can be more in numbers who are
Page 5 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
5. Next level of this group is script writers, i.e. Elite hackers are of three types:
Masquerader, Misfeasor, Clandestine user is misuse of access given by insiders
directly or indirectly access the organization.
6. They may give remote access to the Organization
7. Intruders are authorized or unauthorized users who are trying access the system
or network.
8. They are hackers or crackers
9. Intruders are illegal users.
10. Less dangerous than insiders They have to study or to gain knowledge about
the security system
11. They do not have access to system.
12. Many security mechanisms are used to protect system from Intruders.
Insiders:
• More dangerous than outsiders As they have the access and knowledge to cause
immediate damage to organization
• They can be more in numbers who are directly or indirectly access the
organization.
• They may give remote access to the organization.
• Insiders are authorized users who try to access system or network for which he
is unauthorized.
• Insiders are not hackers.
• Insiders are legal users.
Page 6 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
(B) Attempt any ONE: 6 Marks
Ans: 1. Confidentiality: The principle of confidentiality specifies that only sender and (Any three
intended recipients should be able to access the contents of a message. Security
Confidentiality gets compromised if an unauthorized person is able to access the Basics
points
contents of a message.
Explanatio
Example of compromising the Confidentiality of a message is shown in fig: n: 2 marks
Each)
Here, the user of a computer A send a message to user of computer B. another user
C gets access to this message, which is not desired and therefore, defeats the
purpose of Confidentiality.
This type of attack is also called as interception.
2. Integrity: when the contents of the message are changed after the sender sends
it, but before it reaches the intended recipient, we say that the integrity of the
message is lost. For example, here user C tampers with a message originally sent
by user A, which is actually destined for user B. user C somehow manages to access
it, change its contents and send the changed message to user B. user B has no way
of knowing that the contents of the message were changed after user A had sent it.
User A also does not know about this change.
This type of attack is called as modification.
Page 7 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
user B. how would user B know that the message has come from user C, who posing
as user A? This concept is shown in fig. below.
4. Availability: The goal of availability s to ensure that the data, or the system
itself, is available for use when the authorized user wants it.
Page 8 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
2. Attempt any TWO: 16 Marks
(ii) Threats
The term "threat" refers to the source and means of a particular type of attack.
It is a set of things which has potential to loss or harm to computer system
&network. A threat assessment is performed to determine the best approaches
to securing a system against a particular threat, or class of threat. Penetration
testing exercises are substantially focused on assessing threat profiles, to help
one develop effective countermeasures against the types of attacks represented
by a given threat. Where risk assessments focus more on analysing the potential
and tendency of one's resources to fall prey to various attacks, threat
assessments focus more on analysing the attacker's resources. Analysing threats
can help one develop specific security policies to implement in line with policy
priorities and understand the specific implementation needs for securing one's
resources.
(iii) Vulnerabilities
It is a weakness in computer system & network. The term "vulnerability" refers
to the security flaws in a system that allows an attack to be successful.
Vulnerability testing should be performed on an on-going basis by the parties
responsible for resolving such vulnerabilities, and helps to provide data used
to identify unexpected dangers to security that need to be addressed. Such
vulnerabilities are not particular to technology — they can also apply to social
factors such as individual authentication and authorization policies.
Testing for vulnerabilities is useful for maintaining on-going security,
allowing the people responsible for the security of one's resources to respond
effectively to new dangers as they arise. It is also invaluable for policy and
technology development, and as part of a technology selection process;
Page 9 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
selecting the right technology early on can ensure significant savings in time,
money, and other business costs further down the line.
Ans: Access is the ability of a subject to interest with an object. Authentication deals (Explanati
with verifying the identity of a subject. It is ability to specify, control and limit the on of
access to the host system or application, which prevents unauthorized use to access access
control: 2
or modify data or resources.
marks;
Any three
Access
Control
Policies: 2
marks
Each)
• Role Based Access Control (RBAC): Each user can be assigned specific
access permission for objects associated with computer or network. Set of roles
Page 10 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
are defined. Role in-turn assigns access permissions which are necessary to
perform role.
Page 11 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
Generation and Verification of digital signature:
Procedure:
1. Message digest is used to generate the signature. The message digest (MD) is
calculated from the plaintext or message.
2. The message digest is encrypted using user‘s private key.
3. Then, the sender sends this encrypted message digest with the plaintext or
message to the receiver.
4. The receiver calculates the message digest from the plain text or message he
received.
5. Receiver decrypts the encrypted message digest using the sender‘s public key.
If both the MDs are not same then the plaintext or message is modified after
signing.
Ans: Proxy server is an intermediary server between client and the internet. Proxy servers (Diagram:
offers the 2marks,
• following basic functionalities: Explanatio
n: 2 marks)
• Firewall and network data filtering.
Page 12 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
• Network connection sharing
• Data caching
Purpose of Proxy Servers
Following are the reasons to use proxy servers:
• Monitoring and Filtering
• Improving performance
• Translation
• Accessing services anonymously
• Security
3. Translation
• It helps to customize the source site for local users by excluding source
content or substituting
• Source content with original local content. In this the traffic from the
global users is routed to the
• Source website through Translation proxy.
5. Security
• Since the proxy server hides the identity of the user hence it protects
from spam and the hacker attacks.
Page 13 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
• It is the simple tactic of following closely behind a person who has just used
their own access card or PIN to gain physical access to a room or building.
• An attacker can thus gain access to the facility without having to know the
access code or having to acquire an access card.
Page 14 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
• Piggybacking, in a wireless communications context, is the unauthorized access
of a wireless LAN. Piggybacking is sometimes referred to as "Wi-Fi squatting."
• The usual purpose of piggybacking is simply to gain free network access rather
than any malicious intent, but it can slow down data transfer for legitimate users
of the network.
Page 15 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
T S A C T S G C E B
H I S R M S E L N V
I S E E E A V I T P
Page 16 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
DMZ: It is a computer host or a small network inserted as a neutral zone between
company’s private network and outside public network. It prevents direct Access
to a server that has company data.
It avoids outside users from getting direct access to a company’s data server. A
DMZ is an optional but more secure approach to a firewall.
(e) Write the steps to create active directory in windows server OS. 4M
4. In the Select Server Roles window we are going to place a check next to Active
Directory Domain Services and click Next.
5. The information page on Active Directory Domain Services will give the
following warnings, which after reading, you should click Next:
6. The Confirm Installation Selections screen will show you some information
messages and warn that the server may need to be restarted after installation.
Review the information and then click Next.
Page 17 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
8. After the Installation Wizard closes you will see that server manager is showing
that Active Directory Domain Services is still not running. This is because we
have not run dcpromo yet.
9. Click on the Start button, type dcpromo.exe in the search box and either
hit Enter or click on the search result.
10. The Active Directory Domain Services Installation Wizard will now start.
(i) What are the techniques for transforming plain text to cipher text? 4M
Explain any one in detail.
Ans: Transforming plain text to cipher text is the science of encrypting information (Enlisting of
scheme is based on algorithms. Techniques:
2 marks,
1. Substitution technique Explanation
a) Caesar cipher of any one
b) Modified version of Caesar cipher technique: 2
c) Mono-alphabetic cipher marks)
d) Vigener’s cipher
2. Transposition technique
a) Rail fence
b) Route cipher
c) Columnar cipher
3.Steganography
4. Hashing
5. Symmetric and asymmetric cryptography
6. DES (data encryption standard)
Page 18 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
Using this scheme, the plain text “SECRET” encrypts as Cipher text
“VHFUHW” .To allow someone to read the cipher text, you tell them that the
key is 3 Algorithm to break Caesar cipher:
1. Read each alphabet in the cipher text message, and search for it in the second
row of the table above.
2. When a match in found, replace that alphabet in the cipher text message
with the corresponding alphabet in the same column but the first row of the
table. (For example, if the alphabet cipher text is J, replace it with G).
3. Repeat the process for all alphabets in the cipher text message.
Algorithm: 1. The message is written out in rows of a fixed length. 2. Read out
again column by column according to given order or in random order. 3.
According to order write cipher text.
Example
The key for the columnar transposition cipher is a keyword e.g. ORANGE. The
row length that is used is the same as the length of the keyword.
To encrypt a below plaintext COMPUTER PROGRAMMING
In the above example, the plaintext has been padded so that it neatly fits in a
rectangle. This is known as a regular columnar transposition. An irregular
columnar transposition leaves these characters blank, though this makes
Page 19 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
decryption slightly more difficult. The columns are now reordered such that the
letters in the key word are ordered alphabetically.
The Encrypted text or Cipher text is: MPMET GNMUO IXPRM XCERG
ORAL (Written in blocks of Five)
Page 20 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
(ii) Describe packet filter router firewall with neat diagram. 4M
Ans: (Diagram: 2
marks,
Explanation
: 2 marks)
Packet A packet filtering router firewall applies a set of rules to each packet and
based on outcome, decides to either forward or discard the packet. Such a firewall
implementation involves a router, which is configured to filter packets going in
either direction i.e. from the local network to the outside world and vice versa. A
packet filter performs the following functions.
Advantage:
Page 21 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
The Biggest Advantage of Packet Filtering Firewalls is Cost and Lower Resource
Usage and best suited for Smaller Networks.
Disadvantage:
Packet Filtering Firewalls can work only on the Network Layer and these Firewalls
do not support Complex rule based models. And it‘s also Vulnerable to Spoofing
in some Cases.
Ans: IT acts 2008: It is the Information Technology Amendment Act, 2008.the act was (Correct
developed for IT industries, control e-commerce, to provide e-governance facility Explanatio
and to stop cybercrime attacks. Following are the characteristics of IT ACT 2008: n: 4 marks)
This act provides legal recognition or the transaction i.e. Electronic Data
Interchange (EDI) and other electronic communications. This Act also gives
facilities for electronic filling of information with the Government agencies. It is
considered necessary to give effect to the said resolution and to promote efficient
delivery of Government services by means of reliable electronic records.
Page 22 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
• Capturing transmitting or publishing the image of a private area of any person
without consent.
• Punishment for Cyber terrorism.
• Publishing transmitting information which is obscene in electronic form.
• Publishing and transmission of containing sexually explicit act or conduct.
• Penalty for mis-representation.: imprisonment for a term which may extend to
two yearsor with fine up to Rs. 1 lakh or with both.
• Penalty for breach of confidentiality and privacy
• Punishment for disclosure of information in breach of contract.
• Punishment for publishing digital signature certificate false in certain
particulars.
• Publication for fraudulent purpose.
Page 23 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
4. Upgrades: Upgrades are another popular method of patching application &
they are likely to be received with a more positive role than patches.
5. Web servers: Web servers are the most common Internet server-side
application in use. These are mainly designed to provide content &
functionality to remote users through a standard web browser.
6. Active directory: Active Directory allows single login access to multiple
Applications, data sources and systems and it includes advanced encryption
capabilities like Kerberos and PKI.
(B) Attempt any ONE : 6 Marks
1.Rootkits:
Originally, a rootkit was a set of tools installed by a human attacker on a Unix
system, allowing the attacker to gain administrator (root) access. Today, the term
rootkit is used more generallyfor concealment routines in a malicious program.
Once a malicious program is installed on a system, it is essential that it stays
concealed, to avoid detection and disinfection. The same is true when a human
attacker breaks into a computer directly. Techniques known as rootkits allow this
concealment, by modifying the host's operating system so that the malware is
hidden from the user. Rootkits can prevent a malicious process from being visible
in the system's list of processes, or keep its files from being read.
2.Trojan:
A Trojan or a Trojan horse as malware is a malicious program functioning as a
backdoor. Just like the ancient Greek story of the wooden horse with Greek
Page 24 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
troops inside which was used to invade the city of Troy, a Trojan in computing
tends to appear like a regular application, media or any other file but containing
a malicious payload. Trojans are often spread through social engineering where
the victim is fooled into executing the file or application with the Trojan. Most
Trojans contain backdoors which can be used by the attacker to steal information,
spread other malware or use the infected machine’s resources in a botnet.
Literally anything is possible when infected with a Trojan which was installed or
run with elevated privileges. Trojans in computing have been around for a long
time, a few old and popular Trojans are: Netbus, SubSeven or Sub7 and Back
Orifice.
3.Worm:
A worm is a piece of malware that replicates itself in order to spread and infect
other systems. Computer worms use the network, links, P2P networks, e-mail
and exploit vulnerabilities to spread themselves. Often more than one way is
used to spread the worm. The difference with a virus is that a virus inserts code
into other programs where a worm does not and replicates only itself. Worms do
not necessarily contain a payload but most worms do. Worms can also be
designed to only spread without a payload.
4.Adware:
Adware as malware is malicious software which presents unwanted advertising
to the user. This kind of malware often uses pop-up windows which cannot be
closed by the user. Adware is often included with free software and browser
toolbars. Malware which is also collecting user data, activity and other
information for targeted advertising is called spyware.
5.Backdoor:
A backdoor is a piece of malicious code which allows an attacker to connect to
the infected target and take control of the target machine. In most cases there is
no authentication required to log in the remote machine other than authentication
methods required by the malware. A backdoor is often generated by a Trojan
which goes unnoticed if the host has no effective detection mechanisms.
Backdoors can use a lot of methods to communicate home. Also port 80 is
commonly used by malware over the HTTP protocol because this port is open
on most machines connected to the internet.
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
about the malicious RAT’s and not the ones which are used by system
administrators or software vendors for remote support and troubleshooting.
Remote Access Trojans are often included with free software and send as
attachment by e-mail.
7.Botnet:
A botnet is a network of remote controlled private computers with backdoors
which are being controlled by a command and control server. All infected hosts
in the botnet are controlled as a group and receive the same instructions from the
server which is controlled by the attacker. Botnets are often used to send spam,
to perform distributed denial-of-service (DDoS) attacks or malware distribution.
8.Downloader Malware:
Downloader Malware is malicious software which downloads other malicious
software. Attackers often infect a machine with downloader malware when they
have gained first access to the system. The downloader malware than infects the
target machine silently with other malware.
10.Keyloggers:
Keylogger malware is a malicious piece of software (or hardware) which records
your keystrokes in order to retrieve passwords, conversations and other personal
details. The recorded keystrokes are than send to the attacker. A keylogger is a
very effective way for attackers to steal passwords because there is no need to
crack hashes, decrypt information or to sniff secured connections for passwords.
11.Launcher malware:
A launcher is a piece of malicious software which is used to launch other
malware. This piece of malicious software is often combined with downloader
malware. The launcher malware often uses stealthy and unconventional methods
to launch other malicious code to avoid detection.
Page 26 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
(ii) Describe Insiders & Intruders. Who is more dangerous? 6M
Insiders:
• More dangerous than outsiders As they have the access and knowledge to
cause immediate damage to organization
• They can be more in numbers who are directly or indirectly access the
organization.
• They may give remote access to the organization.
• Insiders are authorized users who try to access system or network for which
he is unauthorized.
• Insiders are not hackers.
• Insiders are legal users.
• They have knowledge about the security system.
• They have easy access to the system because they are authorized users.
• There is no such mechanism to protect system from Insiders.
Page 27 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
ii) There is no security mechanism to protect system from Insiders. So they can
have all the access to carry out criminal activity like fraud. They have knowledge
of the security systems and will be better able to avoid detection.
5. Attempt any TWO : 16 Marks
Ans: 1. Biometric refers study of methods for uniquely recognizing humans based upon (Diagram : 3
one or more intrinsic physical or behavioral characteristics. marks;
Explanation
2. Biometric identification is used on the basis of some unique physical attribute of : 3 marks;
the user that positively identifies the user. Example: finger print recognition, limitation :
retina and face scan technique, voice synthesis and recognition and so on. 2 marks)
Page 28 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
9. The matching program will analyze the template with the input. This will then
be output for any specified use or purpose.
Limitations:-
1) Using the fingerprint scanner does not take into consideration when a person
physically changes
2) The cost of computer hardware and software programs can be expensive
3) Using the fingerprint scanner can lead to false rejections and false acceptance.
4) It can make mistakes with the dryness or dirty of the finger’s skin, as well as
with the age (is not appropriate with children, because the size of their
fingerprint changes quickly).
(b) Describe the working of PEM e-mail security & PGP with reference to e-mail 8M
security.
Step 1: canonical conversion: there is a distinct possibility that the sender and the
receiver of an email message use computers that have different architecture and
operating systems. PEM transforms each email message into an abstract, canonical
representation
This means that regardless of the architecture and the operating system of the
sending and receiving computers, the email travels in a uniform, independent
format.
Page 29 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
Step 3-encryption:
The original email and the digital signature are encrypted together with a symmetric
key.
Page 30 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
PGP e-mail security:
3. Encryption: The compressed output of step 2 (i.e. the compressed form of the
original email and the digital signature together) are encrypted with a symmetric
key.
4. Digital enveloping: the symmetric key used for encryption in step 3 is now
encrypted with the receiver‘s public key. The output of step 3 and 4 together
form a digital envelope.
5. Base -64 encoding: this process transforms arbitrary binary input into printable
character output. The binary input is processed in blocks of 3 octets (24-
bits).these 24 bits are considered to be made up of 4 sets, each of 6 bits. Each
such set of 6 bits is mapped into an 8-bit output character in this process.
Page 31 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
(c) Give IPSEC configuration. Describe AH & ESP Modes of IPSEC. 8M
Ans: (Diagram: 1
IP sec overview: mark,
Explanation
:1 mark ,
1. It encrypts and seals the transport and application layer data during Explanation
transmission. It also offers integrity protection for internet layer. of AH and
ESP: 3
marks each)
2. It sits between transport and internet layer of conventional TCP/IP protocol.
1. Secure remote internet access: Using IPsec make a local call to our internet
services provider (ISP) so as to connect to our organization network in a secure
fashion from our house or hotel from there. To access the corporate network
facilities or access remote desktop/servers.
Page 32 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
3. Setup communication with other organization: Just as IPsec allow
connectivity between various branches of an organization, it can also be used to
connect the network of different organization together in a secure & inexpensive
fashion.
IP packet consist two position IP header & actual data IPsec feature are
implemented in the form of additional headers called as extension header to the
standard, default IP header. IPsec offers two main services authentication &
confidentially. Each of these requires its own extension header. Therefore, to
support these two main services, IPsec defines two IP extension header one for
authentication & another for confidentiality. It consists of two main protocols.
Authentication
header (AH):
Page 33 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
2. Password should meet some essential guidelines for eg.pw should contain
some special characters etc.
3. It should not consist of dictionary words. Etc.
b) Piggybacking:
It is a simple approach of following closely behind a person who has just used
their own access card or PIN to gain physical access. In this way an attacker
can gain access to the facility without knowing the access code.
c) Shoulder surfing:
An attacker positions themselves in such a way that he is able to observe the
authorized user entering the correct access code.
d) Dumpster diving:
It is the process of going through a target’s trash in order to find little bits of
information.
f) Access by non-employees:
If attacker can get physical access to a facility then there are many chances of
obtaining enough information to enter into computer systems and networks.
Many organizations restrict their employees to wear identification symbols at
work.
g) Security awareness:
security awareness program is most effective method to oppose potential
social engineering attacks when organization’s security goals and policies are
established. An important element that should concentrate in training is which
information is sensitive for organization and which may be the target of a
social engineering attack.
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
3. The hash code is a function of all bits of the message and provides as error
detection capability. A change in any bit or bits results in a change of hash
value.
h = H(M)
where,
M is variable length message and
H(M) is the fixed length hash value.
5. The hash value is appended to the message at the source at a time when the
message is assumed or known to be correct.
6. The receiver authenticates that message by re-computing the hash value. Hash
value is not considered to be secret so something is required to protect the hash
value.
2. A digest can be made public without revealing the contents of the document
from which it derives.
Page 36 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
3. It is used for digital authentication must have certain properties that make it
secure enough for cryptographic use.
4. Combining the data message with the secret, and running it through a hash
function, a signature is generated in the form of the hash value. The data
message is transmitted along with the signature. The recipient combines the
received message with the secret, generates a hash value, and checks to make
sure it's identical to the signature. The message's authenticity is thus verified.
(c) Explain Honey Pots. 4M
Ans: • Honeypots are designed to purposely engage and deceive hackers and (Explanation:
4 marks)
identify malicious activities performed over the Internet.
Page 37 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
Methods of data recovery from deleted file or File /data recovery process:
• There are various data/file recovery tools available these tools find & recover
recoverable deleted files from NTFS & FAT.
• These tools usually operate as per following process steps:
Step 1: scan the hard drive & build the index of existing & deleted files &
directories (folder) on any logical drive of your computer with supported file
formats.
Step 2: Provide control over to the user to select which files to recover and what
destination to recover them to. If you find a deleted file if you remember at least
one of the following:
- Full or partial name
- File size
- File creation mode
- File last accessed date.
• It is a major part of the society and should be followed in letter and spirit
• There are policies in many organizations that provide guidelines for ethics.
• It is a behavior of the person in relation with the subject.
• There are four primary issues:
Privacy, Accuracy, Property and Access
• Some standards are :
Standard of right and wrong behavior
A gauge of personal integrity
The basis of trust and cooperation in relationships with others.
(e) Explain how SQL injection can be done on website with example & 4M
prevention of it for web security.
Ans: • SQL injection is a code injection technique that might destroy your database. (How SQL
injection
can be
Page 38 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
• SQL injection is the placement of malicious code in SQL statements, via web done on
page input. website:2
marks,
How SQL injection can be done on website: How to
prevent
1. Attacker submits form with SQL exploit data.
SQL
2. Application builds string with exploit data. injection:2
3. Application sends SQL query to DB. marks )
4. DB executes query, including exploit, sends data back to application.
5. Application returns data to user.
Page 39 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
5. Eliminate unnecessary database capabilities
applications.
Page 40 of 40
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: The need of computer security has been threefold: confidentiality, integrity, and (1 mark for
availability the “CIA” of security. Confidentiality, Integrity, Availability, Availability, each point
; Diagram
Authentication, Other elements are Authorization, Non-repudiation, Access control and
optional)
accountability.
Fig. Loss of
confidentiality
Page 1 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
3. Integrity: Integrity is a related concept but deals with the generation and
modification of data. Only authorized individuals should ever be able to create or
change (or delete) information. When the contents of the message are changed after the
sender sends it, but before it reaches the intended recipient, we say that the integrity of
the message is lost.
For example, here user C tampers with a message originally sent by user A, which is
actually destined for user B. user C somehow manages to access it, change its
contents and send the changed message to user B. user B has no way of knowing that
the contents of the message were changed after user A had sent it. User A also does
not know about this change.
Page 2 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
4. Availability: The goal of availability s to ensure that the data, or the system
itself, is available for use when the authorized user wants it.
(ii) List types of attacks. Explain back doors and trap doors attacks 4M
Trapdoor Attacks: A trap door is an entrance in a system which circumvents the normal
safety measures. It is secret entry point into a program that allows someone who is aware
of gaining access using procedure other that security procedure. It might be hidden
program which makes the protection system ineffective. This entry can be deliberately in
traduced by the developer to maintain system in case of disaster management. Trapdoor
programs can be installed through malware using internet.
Page 3 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: 1. Cryptography: Cryptography is art & science of achieving security by encoding (1mark for
messages to make them non-readable. explanatio
n each
term and 1
mark for
diagram
drawn)
3. Cryptology: it is the art and science of transforming the intelligent data into
unintelligent data and unintelligent data back to intelligent data.
Cryptology = Cryptography + Cryptanalysis
Page 4 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
b) Spoofing:
1. Spoofing is nothing more than making data look like it has come from a different
source.
2. This is possible in TCP/ IP because of the friendly assumption behind the protocol.
When the protocols were developed, it was assumed that individuals who had access to
the network layer would be privileged users who could be trusted.
3. When a packet is sent from one system to another, it includes not only the destination IP
address ant port but the source IP address as well which is one of the forms of Spoofing.
4. Example of spoofing: e-mail spoofing, URL spoofing, IP address spoofing.
Ans: Data recovery: All computer users need to be aware of backup and recovery procedures (Explanatio
to protect their data. Data Protection can be taken seriously as its important for financial, n of Data
legal or personal reasons. recovery : 4
marks,
These are various formatted partition recovery tool available .Although every tool will
Procedure :
have different GUI & method of recovery. 2 marks)
Steps of data recovery:
Step1: If you cannot boot the computer, please use data recovery bootable disk.
Step 2: Select the file types you want to recover & volume where the formatted hard
drive is. The tool will automatically scan the selected volume.
Step 3: Then the founded data will be displayed on the screen & you can get a preview
of it. Then select the file or directory that you want to recover & save them to a healthy
drive.
Data recovery procedures:
A computer data recovery procedure is an important part for any computer literate
personality that cannot be neglected. Computer professional or computer forensic
expert who uses data recovery should maintain the secrecy and privacy of the client. Any
action or activity that leads to disclosure of privacy of the client should be avoided. The
values such as integrity, accuracy & authenticity should be exercised in an ethical
environment. The evidence that is produced before the court should be fairly examined &
analyzed. There should not be any carelessness and ignorance regarding the handling of
Page 5 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
1. Denial of Service Attack. Denial of service (DOS) attack scan exploits a known
vulnerability in a specific application or operating system, or they may attack features (or
weaknesses) in specific protocols or services. In this form of attack, the attacker is
attempting to deny authorized users access either to specific information or to the
computer system or network itself. The purpose of such an attack can be simply to
prevent access to the target system, or the attack can be used in conjunction with other
actions in order to gain unauthorized access to a computer or network. SYN flooding is
an example of a DOS attack that takes advantage of the way TCP/IP networks were
designed to function, and it can be used to illustrate the basic principles of any DOS
attack. SYN flooding utilizes the TCP three-way handshake that is used to establish a
connection between two systems. In a SYN flooding attack, the attacker sends fake
communication requests to the targeted system. Each of these requests will be answered
by the target system, which then waits for the third part of the handshake. Since the
requests are fake the target will wait for responses that will never come.
2. Backdoors and Trapdoors: They are the methods used by software developers to
ensure that they could gain access to an application even if something were to happen
in the future to prevent normal access methods. For e.g. A hard coded password that
could be used to gain access to the program in the event that administrator forgot their
own system password. The problem with this sort of password (sometimes referred to
as trapdoor) is that since the password is hard coded it cannot be removed. If the
attacker learns about the backdoor, all systems running the software would be
vulnerable.
3. Sniffing: A network sniffer is a software or hardware device that is used to observe the
traffic as it passes through the network on shared broadcast media. The device can
be used to view all traffic, all it can target a specific protocol, service or even string of
characters. Normally the network device that connects a computer to a network
Page 6 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
4. Spoofing: It makes the data look like it has come from other source. This is possible in
TCP/IP because of the friendly assumptions behind the protocols. When a packet is
sent from one system to another, it includes not only the destination IP address but the
source IP address. The user is supposed to fill in the source with your own address, but
there is nothing that stops you from filling in another system‘s address.
5. Man in the middle attack. A man in the middle attack occurs when attackers are able
to place themselves in the middle of two other hosts that are communicating in order to
view or modify the traffic. This is done by making sure that all communication going to
or from the target host is routed through the attacker‘s host. Then the attacker is able to
observe all traffic before transmitting it and can actually modify or block traffic. To the
target host, communication is occurring normally, since all expected replies are received.
6. Replay Attack: In replay attack an attacker captures a sequence of events or some data
units and resends them. For example suppose user A wants to transfer some amount to
user C’s bank account. Both users A and C have account with bank B. User A might
send an electronic message to bank B requesting for fund transfer. User C could capture
this message and send a copy of the same to bank B. Bank B would have no idea that this
is an unauthorized message and would treat this as a second and different fund transfer
request from user A. So C would get the benefit of the fund transfer twice once
authorized and once through a replay attack.
(b) What is the importance of biometrics in Computer security? Describe finger prints 8M
registration and verification process.
Ans: Importance of Biometrics: Biometric refers study of methods for uniquely recognizing (Diagram: 2
humans based upon one or more intrinsic physical or behavioral characteristics. mark,
Importance
1. Biometric identification is used on the basis of some unique physical attribute of the : 4 marks,
user that positively identifies the user. Example: finger print recognition, retina and face Fingerprint
scan technic, voice synthesis and recognition and so on. registration
&
2. Physiological are related to shape of the body.
verification
3. For example finger print, face recognition, DNA, palm print, iris recognition and so on. process: 2
4. Behavioural are related to the behaviour of a person. mark)
5. For example typing rhythm, gait, signature and voice.
6. The first time an individual uses a biometric system is called an enrolment.
7. During the enrolment, biometric information from an individual is stored.
8. In the subsequent uses, biometric information is detected and compared with the
information stored at the time of enrolment.
Page 7 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
(c) Explain transposition technique. Convert plain text to Cipher text using Rail Fence 8M
technique “COMPUTER ENGINEERING”.
Ans: Transposition Technique: Transposition systems are fundamentally different from (4 mark
substitution systems. In substitution systems, plaintext values are replaced with other for
Explanatio
values. In transposition systems, plaintext values are rearranged without otherwise
n, 2 marks
changing them. All the plaintext characters that were present before encipherment are still for Step 1,
present after encipherment. Only the order of the text changes. Most transposition 2 marks
systems rearrange text by single letters. It is possible to rearrange complete words or for cipher
groups of letters rather than single letters, but these approaches are not very secure and text.)
have little practical value. Larger groups than single letters preserve too much
recognizable plaintext.
a) Some transposition systems go through a single transposition process. These are
called single transposition. Others go through two distinctly separate transposition
processes. These are called double transposition.
b) Most transposition systems use a geometric process. Plaintext is written into a
geometric figure, most commonly a rectangle or square, and extracted from the
geometric figure by a different path than the way it was entered. When the geometric
figure is a rectangle or square, and the plaintext is entered by rows and extracted by
columns, it is called columnar transposition. When some route other than rows and
Page 8 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
C M U E E G N E I G
O P T R N I E R N
OR
C U E N I
O P T R N I E R N
M E G E G
Page 9 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
2. Upon verification, a timestamp is crated. This puts the current time in a user session,
along with an expiration date. The default expiration date of a timestamp is 8 hours. The
encryption key is then created. The timestamp ensures that when 8 hours is up, the
encryption key is useless. (This is used to make sure a hacker doesn’t intercept the data,
and try to crack the key. Almost all keys are able to be cracked, but it will take a lot longer
than 8 hours to do so)
3. The key is sent back to the client in the form of a ticket-granting ticket, or TGT. This is
a simple ticket that is issued by the authentication service. It is used for authentication the
client for future reference.
4. The client submits the ticket-granting ticket to the ticket-granting server, or TGS, to get
authenticated.
5. The TGS creates an encrypted key with a timestamp, and grants the client a service
ticket.
Page 10 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
6. The client decrypts the ticket, tells the TGS it has done so, and then sends its own
encrypted key to the service.
7. The service decrypts the key, and makes sure the timestamp is still valid. If it is, the
service contacts the key distribution center to receive a session that is returned to the client.
8. The client decrypts the ticket. If the keys are still valid, communication is initiated
between client and server.
Page 11 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Packet Filtering
(d) Describe host based IDS with its advantages and disadvantages. 4M
Page 13 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Disadvantages:
1. Should have a process on every system to watch.
2. High cost of ownership and maintenance.
3. Uses local system resources.
4. If logged locally, could be compromised or disable.
b) EXE file protection: another method to break into system is to trick the vulnerable
application into modifying or creating executable file protection defense is based on in
most of the cases, the application does not need to create or modify executable files.
Hackers will not be able to perform attacks tampering with executable files on the system.
c) System tampering protection: Another possibility to break into the system is to trick
the vulnerable application into modifying special sensitive area of the operating system
and taking advantage of those modifications. Those sensitive areas include Windows
registry keys used to control launching of application on system startup the system.ini and
win.ini files… The system tampering protection defense is based on the fact that in almost
all cases normal applications do not need to perform such operations for their proper
function, by preventing applications to modify special areas of Operating system. Hackers
will not be able to attack by tampering with sensitive special areas of the system.
Application Patches will be helpful in this case like Hotfixes, Patches, and upgrades.
Page 14 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
(i) Explain simple columnar transposition technique with algorithm and example. 4M
Ans: The columnar transposition cipher is a transposition cipher that follows a simple rule for (Explanati
mixing up the characters in the plaintext to form the cipher-text. It can be combined with on: 1
other ciphers, such as a substitution cipher, the combination of which can be more difficult mark,
to break than either cipher on its own. The cipher uses a columnar transposition to greatly
Algorithm:
improve its security.
1 mark,
Algorithm: Example: 2
1. The message is written out in rows of a fixed length. marks )
2. Read out again column by column according to given order or in random order.
3. According to order write cipher text.
Example:
The key for the columnar transposition cipher is a keyword e.g. ORANGE. The row length
that is used is the same as the length of the keyword.
To encrypt a below plaintext COMPUTER PROGRAMMING
In the above example, the plaintext has been padded so that it neatly fits in a rectangle.
This is known as a regular columnar transposition. An irregular columnar transposition
leaves these characters blank, though this makes decryption slightly more difficult. The
columns are now reordered such that the letters in the key word are ordered alphabetically.
The Encrypted text or Cipher text is: MPMET GNMUO IXPRM XCERG ORAL (Written
in blocks of Five)
Page 15 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: (Diagram
of VPN :2
marks ,
Explanatio
n: 2 marks)
Fig: VPN
Explanation: private network created virtually between two branch networks of same
company across the world. Instead of using dedicated leased line to the internetwork of
company public lines can be used called as VPN. In the diagram two firewalls are acting as
an intermediate between user X & user Y. If the user x is sending the message to user .If
the user X is sending the message to user Y message first comes to firewall 1 which uses
its own address to send this message to user Y thus over the network the packet send from
user X is protected & it‟s IP address is protected like private network .In VPN the Tunnel
technology is used to have communication between two branches of same company by
wrapping the packet on another packet thus protecting network like private network.
Ans: Crimes against people are a category of crime that consists of offenses that usually involve (Relevant
causing or attempting to cause bodily harm or a threat of bodily harm. These actions are Explanatio
taken without the consent of the individual the crime is committed against, or the victim. n of Cyber
These types of crimes do not have to result in actual harm - the fact that bodily harm could Crime: 4
have resulted and that the victim is put in fear for their safety is sufficient. i.e. Assault, marks)
Domestic Violence, Stalking
Cybercrime is a bigger risk now than ever before due to the sheer number of connected
people and devices. Cybercrime, as it's a bigger risk now than ever before due to the sheer
number of connected people and devices. It is simply a crime that has some kind of
computer or cyber aspect to it. To go into more detail is not as straightforward, as it takes
shape in a variety of different formats.
Cybercrime:
Cybercrime has now surpassed illegal drug trafficking as a criminal money maker
Somebody‘s identity is stolen every 3 seconds as a result of cybercrime
Without a sophisticated security package, your unprotected PC can become infected
within four minutes of connecting to the Internet.
Page 16 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: Software piracy is the illegal copying, distribution, or use of software. It is such a (Any
profitable "business" that it has caught the attention of organized crime groups in a number Relevant
of countries. Software piracy causes significant lost revenue for publishers, which in turn Descriptio
results in higher prices for the consumer. Software piracy applies mainly to full-function n: 4
commercial software. The time-limited or function-restricted versions of commercial marks)
software called shareware are less likely to be pirated since they are freely available.
Similarly, freeware, a type of software that is copyrighted but freely distributed at no
charge.
Ans: Denial Of Service Attack: Denial of service (DOS) attack scan exploits a known
vulnerability in a specific application or operating system, or they may attack features (or (Explanatio
weaknesses) in specific protocols or services. In this form of attack, the attacker is n of DOS &
DDOS : 2
attempting to deny authorized users access either to specific information or to the computer
marks
system or network itself. The purpose of such an attack can be simply to prevent access to Each,
the target system, or the attack can be used in conjunction with other actions in order to Diagram: 1
Page 17 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Stacheldraht is a piece of software written by Random for Linux and Solaris systems
Page 18 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Page 19 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Page 20 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
(c) Explain need for firewall and explain one of the type of firewall with diagram. 8M
3. The firewall filters these packets to see if they meet certain criteria set by a series of
rules, and thereafter blocks or allows the data.
4. This way, hackers cannot get inside and steal information such as bank account
numbers and passwords from you.
Capabilities:
All traffic from inside to outside and vice versa must pass through the firewall.
To achieve this all access to local network must first be physically blocked and access
only via the firewall should be permitted.
Page 21 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Types of Firewalls
1. Packet Filter Firewall: A packet filtering router firewall applies a set of rules to
each packet and based on outcome, decides to either forward or discard the packet.
Such a firewall implementation involves a router, which is configured to filter packets
going in either direction i.e. from the local network to the outside world and vice versa.
Packet filter performs the following functions.
b. Pass the packet through a set of rules, based on the contents of the IP and
transport header fields of the packet. If there is a match with one of the set rule,
decides whether to accept or discard the packet based on that rule.
c. If there is no match with any rule, take the default action. It can be discard all
packets or accept all packets.
Page 22 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
the application information (available in the packet). They do this by setting up various
proxies on a single firewall for different applications. Both the client and the server
connect to these proxies instead of connecting directly to each other. So, any suspicious
data or connections are dropped by these proxies. Application level firewalls ensure
protocol conformance. For example, attacks over http that violates the protocol policies
like sending Non-ASCII data in the header fields or overly long string along with Non-
ASCII characters in the host field would be dropped because they have been tampered
with, by the intruders.
Page 25 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Confidentiality
Non - repudiation
Message integrity
The confidentiality feature allows a message to be kept secret from people to whom the
message was not addressed.
The Non - repudiation allows a user to verify that the PEM message that they have
received is truly from the person who claims to have sent it.
The message integrity aspects allow the user to ensure that a message hasn't been
modified during transport from the sender.
Pretty Good Privacy is a popular program used to encrypt and decrypt email over the
internet.
It is used to send encrypted code (digital signature) that lets the receiver verify the
sender‘s identity and takes care that the route of message should not change.
Page 26 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
It is most widely used privacy ensuring program used by individuals as well as many
corporations.
The traditional email system using SMTP protocol are text based which means that a
person can compose text message using an editor and them sends it over Internet to the
recipient, but multimedia files or documents in various arbitrary format cannot be sent
using this protocol.
To cater these needs the Multipurpose Internet Mail Extensions (MIME) system
extends the basic email system by permitting users to send the binary files using basic
email system.
And when basic MIME system is enhanced to provide security features, it is called as
Secure Multipurpose Internet Mail Extensions.
S/MIME provides security for digital signature and encryption of email message.
An intrusion detection system (IDS) monitors network traffic and monitors for suspicious (IDS:1mark,
activity and alerts the system or network administrator. In some cases the IDS may also Explanati
respond to anomalous or malicious traffic by taking action such as blocking the user or on of
source IP address from accessing the network. HIDS: 2
marks,
HIDS Host Intrusion Detection Systems Diagram:
i. They are run on individual hosts or devices on the network. 1 mark)
ii. A HIDS monitors the inbound and outbound packets from the device only and will
alert the user or administrator when suspicious activity is detected.
iii. HIDS is looking for certain activities in the log file are:
Page 27 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Privilege escalation
Traffic collector:
This component examines the collected network traffic & compares it to known patterns of
suspicious or malicious activity stored in the signature database.
The analysis engine acts like a brain of the IDS.
Signature database:
This is the component that interfaces with the human element, providing alerts & giving
the user a means to interact with & operate the IDS.
Page 28 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
2. TLS Handshake Protocol allows the server and client to authenticate each other and to
negotiate an encryption algorithm and cryptographic keys before data is exchanged.
Page 29 of 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Here, the user of a computer A send a message to user of computer B. another user C
gets access to this message, which is not desired and therefore, defeats the purpose
Page | 1
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
2. Authentication:
Authentication helps to establish proof of identities.
The Authentication process ensures that the origin of a message is correctly
identified.
For example, suppose that user C sends a message over the internet to user B.
however, the trouble is that user C had posed as user A when he sent a message to
user B. how would user B know that the message has come from user C, who posing
as user A?
This concept is shown in fig. below. This type of attack is called as Fabrication.
3. Integrity:
When the contents of the message are changed after the sender sends it, but before it
reaches the intended recipient, we say that the integrity of the message is lost.
For example, here user C tampers with a message originally sent by user A, which is
actually destined for user B. user C somehow manages to access it, change its
contents and send the changed message to user B. user B has no way of knowing that
the contents of the message were changed after user A had sent it. User A also does
not know about this change.
This type of attack is called as Modification.
Page | 2
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: Shoulder surfing is a similar procedure in which attackers position themselves in (Explanatio
such a way as-to be-able to observe the authorized user entering the correct access n: 3 marks,
code or data. Prevention:
Both of these attack techniques can be easily countered by using simple procedures 1 mark)
to ensure nobody follows you too closely or is in a position to observe your actions.
Shoulder surfing is using direct observation techniques, such as looking over
someone's shoulder, to get information.
Shoulder surfing is an effective way to get information in crowded places because
it's relatively easy to stand next to someone and watch as they fill out a form, enter a
PIN number at an ATM machine.
Shoulder surfing can also be done long-distance with the idea of binoculars or other
vision-enhancing devices.
To prevent shoulder surfing:
Experts recommend that you shield paper work or your keypad from view by using
your body or cupping your hand.
Asymmetric-Key cryptography:
It is also called public key cryptography.
In public key cryptography two keys: a private key and a public key is used.
Encryption is done through the public key and decryption through private key.
Receiver creates both the keys and is responsible for distributing its public key to the
communication community.
Example: The sender (say John) uses the public key to encrypt the plain text into
cipher text and the receiver (say Bob) uses his private key to decrypt the cipher text.
Page | 3
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: Virus is a program which attaches itself to another program and causes damage to the (Definition
computer system or the network. It is loaded onto your computer without your of Virus: 1
knowledge and runs against your wishes. mark
,Listing
During the lifecycle of virus it goes through the following four phases:
phases of
Virus: 1
Dormant phase: The virus is idle and activated by some event. mark,
Propagation phase: It places an identical copy of itself into other programs or into Explanation
certain system areas on the disk. of Phases: 2
Triggering phase: The virus is activated to perform the function for which it was marks)
intended.
Execution phase: The function of virus is performed
Ans: ( Diagram:
2 marks,
Explanation
: 4 marks)
OR
Page | 4
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
A message is to be transferred from one use to another user in secret form using this
security system it can be two or more parties accessing information via Internet.
Sender & receiver are principals of transaction and must cooperate for exchange to
take place.
Model shows four basic tasks:
1. Design algorithm in such a way that an opponent cannot defeat its purpose. This
algorithm is used for security related information.
2. Generate secret information that can be used with algorithm.
3. Develop method for distributing and sharing of secret information.
4. Specify a protocol which can be used by two principals that make use of security
algorithm and secret information to achieve a security service. An information
channel is established by defining a route through Internet from source to destination
with the help of communication protocol like TCP/IP or using normal PC to PC
communication through any media.
Techniques for providing security have following components:-
A security related transformation on information to be sent.
This information shared by two principals should be secret.
A trusted party is required to achieve secure transmission.
This is responsible for distributing secret information between two principals.
OR
(2 mark for each point)
Model for security:
1. Confidentiality:
The principle of confidentiality specifies that only sender and intended recipients
should be able to access the contents of a message.
Confidentiality gets compromised if an unauthorized person is able to access the
contents of a message.
Page | 5
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Here, the user of a computer A send a message to user of computer B. another user C
gets access to this message, which is not desired and therefore, defeats the purpose
of Confidentiality.
This type of attack is also called as interception.
2. Authentication:
Authentication helps to establish proof of identities.
The Authentication process ensures that the origin of a message is correctly
identified.
For example, suppose that user C sends a message over the internet to user B.
however, the trouble is that user C had posed as user A when he sent a message to
user B. how would user B know that the message has come from user C, who posing
as user A?
This concept is shown in fig. below.
This type of attack is called as fabrication.
3. Integrity:
When the contents of the message are changed after the sender sends it, but before it
reaches the intended recipient, we say that the integrity of the message is lost.
For example, here user C tampers with a message originally sent by user A, which is
Page | 6
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
ii) Spoofing
Page | 7
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
A man in the middle attack occurs when attackers are able to place themselves in the
middle of two other hosts that are communicating in order to view or modify the
traffic.
This is done by making sure that all communication going to or from the target host
is routed through the attacker‘s host.
Then the attacker is able to observe all traffic before transmitting it and can actually
modify or block traffic.
To the target host, communication is occurring normally, since all expected replies
are received.
To prevent this attack both sender and receiver must authenticate each other.
Page | 8
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Page | 9
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: (Diagram: 2
mark,
Explanation:
4 marks,
Example: 2
mark)
Biometric refers study of methods for uniquely recognizing humans based upon one
or more intrinsic physical or behavioral characteristics.
Biometric identification is used on the basis of some unique physical attribute of the
user that positively identifies the user.
Example: finger print recognition, retina and face scan technic, voice synthesis and
recognition and so on.
Physiological are related to shape of the body.
For example finger print, face recognition, DNA, palm print, iris recognition and so
on.
Behavioral are related to the behavior of a person.
For example typing rhythm, gait, signature and voice.
The first time an individual uses a biometric system is called an enrollment.
During the enrollment, biometric information from an individual is stored.
In the subsequent uses, biometric information is detected and compared with the
information stored at the time of enrollment.
1. Preprocessing
2. Sensor
3. Feature extractor
4. Template generator
5. Matcher
6. Stored templates
7. Application device
8. Enrollment
Page | 10
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Example:
Fingerprint registration & verification process
During registration, first time an individual uses a biometric system is called an
enrolment. During the enrolment, biometric information from an individual is stored. In
the verification process, biometric information is detected and compared with the
information stored at the time of enrolment.
Ans: The Data Encryption Standard is generally used in the ECB, CBC, or the CFB mode. (Definition:
DES is a block cipher. It encrypts data in blocks of size 64 bits each. That is, 64 bits of 1 mark ;
plain text goes as the input to DES, which produces 64 bits of cipher text .DES is
Diagram:
based on the two fundamental attributes of cryptography: substitution and
1m; process
transposition. The process diagram as follows.
Diagram: 1
mark, for
each step: 1
Page | 11
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Initial Permutation (IP): It happens only once. It replaces the first bit of the original
plain text block with the 58th bit of the original plain text block, the second bit with the
50th bit of original plain text block and so on. The resulting 64-bits permuted text block
is divided into two half blocks. Each half block consists of 32 bits. The left block called
as LPT and right block called as RPT.16 rounds are performed on these two blocks.
Details of one round in DES
Step 1 : key transformation: the initial key is transformed into a 56-bit key by
discarding every 8th bit of initial key. Thus ,for each round , a 56 bit key is available,
from this 56-bit key, a different 48-bit sub key is generated during each round using a
process called as key transformation
Expansion Permutation
Key Transformation
Page | 12
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Step 4: P- box permutation: the output of S-box consists of 32-bits. These 32-bits are
permuted using P-box.
Step 5: XOR and Swap: The LPT of the initial 64-bits plain text block is XORed with
the output produced by P box-permutation. It produces new RPT. The old RPT
becomes new LPT, in a process of swapping.
Page | 13
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Final Permutation: At the end of 16 rounds, the final permutation is performed. This is
simple transposition. For e.g., the 40th input bit takes the position of 1st output bit and
so on.
3. Attempt any FOUR of the following: 16Marks
Ans: It is a computer host or a small network inserted as a neutral zone between company’s (Relevant
private network and outside public network. It prevents direct Access to a server that has Diagram: 2
company data. marks, 1
mark per
point)
It avoids outside users from getting direct access to a company’s data server. A DMZ
is an optional but more secure approach to a firewall. It can effectively acts as a
Page | 14
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: Security awareness program is most effective method to oppose potential social (Importance:
engineering attacks when organization’s security goals and policies are established. An 2 marks,
important element that should concentrate in training is which information is sensitive Relevant
for organization and which may be the target of a social engineering attack
point for
An unaware user is as dangerous to the system as the attacker.
acquiring
An active security awareness program is most effective method to oppose potential
social engineering attacks. security:
User should be able to create their own easy to remember passwords, but should not 1mark)
be easy for someone else to guess or obtain using password cracking utilities.
Password should meet some essential guidelines for e.g. password should contain
some special characters etc.
It should not consist of dictionary words.
An approach of following closely behind a person who has just used their own
access card or PIN to gain physical access. In this way an attacker can gain access to
the facility without knowing the access code.
An attacker positions themselves in such a way that he is able to observe the
authorized user entering the correct access code.
Because of possible risks, many organizations do not allow their users to load
software or install new hardware without the information and help of administrators.
Organizations also restrict what an individual do by received e-mails.
An attacker can get physical access to a facility then there are many chances of
obtaining enough information to enter into computer systems and networks. Many
organizations restrict their employees to wear identification symbols at work.
Page | 15
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: Steganography is a technique that facilitates hiding of message that is to keep secret (Explanation
inside other message. : 2 marks
,Applications
Steganography is the art and science of writing hidden message in such a way that no : 2 mark,
one, apart from the sender and intended recipient, suspects the existence of the
Any 2
message.
Steganography works by replacing bits of useless or unused data in regular computer applications
files (such as graphics, sound, text, html or even floppy disks) with bits of different, expected )
invisible information. This hidden information can be plain text, cipher text or even
images.
In modern steganography, data is first encrypted by the usual means and then
inserted, using a special algorithm, into redundant data that is part of a particular file
format such as a JPEG image.
Steganography process :
Cover-media + Hidden data + Stego-key = Stego-medium
Cover media is the file in which we will hide the hidden data, which may also be
encrypted using stego-key. The resultant file is stego-medium. Cover-media can be
image or audio file.
Stenography takes cryptography a step further by hiding an encrypted message so
that no one suspects it exists. Ideally, anyone scanning your data will fail to know it
contains encrypted data.
Applications :
1. Confidential communication and secret data storing
2. Protection of data alteration
3. Access control system for digital content distribution
4. Media Database systems
Ans: A Virtual Local Area Network (VLAN) is a logical network allowing systems on (Explanation
different physical networks to interact as if they were connected to the same physical : 3 marks,
network. Diagram: 1
IP Subnet VLANs
mark)
In this type of VLAN, all the incoming traffic will be divided according to the IP subnet
address of each source/destination. This will provide great flexibility in network because
Page | 16
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: For secure electronic transaction SET participant are there. (Each
1) Cardholders- cardholder is an authorized holder of payment card like Master card, participants:
visa that has been issued by an issuer. 1 mark ,
2) Merchant- A merchant is a person or organization that has goods or services to sell
Any 4
to cardholder.
3) Issuer- This is financial institution like bank. participants
4) Acquirer- This is a financial institution that establishes account with merchant & expected )
process payment card authorization & payment.
5) Payment Gateway- This is a function operated by acquire.
6) The payment gateway process between SET & existing bankcard payment networks
.For authorization & payment function.
7) The merchant exchanges SET messages with payment gateway over internet.
8) Certificate Authority- This is an entity that is trusted to issue public key for
cardholder, merchant & payment gateways.
(a) Convert plain text into cipher text by using simple columnas technique of the 4M
following sentence:
‘ALL IS WELL FOR YOUR EXAM’
Page | 17
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
4 5 3 2 1
M A N G O
A L L I S
W E L L F
O R Y O U
R E X A M
Page | 18
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: (Diagram: 2
marks ,
Explanation:
2 marks )
IP sec overview:
It encrypts and seal the transport and application layer data during transmission. It also
offers integrity protection for internet layer. It sits between transport and internet layer
of conventional TCP/IP protocol
Page | 20
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: Cybercrime investigation is done to determine the nature of crime and collect (Each step: 1
evidence e.g. hardware, software related with the crime. mark, Any
This is used to stop a crime in progress, report crime which was done in the past. four steps
Relevant IT training is necessary for Cybercrime investigation. expected)
First step of investigation team is to secure computers, networks & components that
are connected with crime.
Investigators may clone the system to explore it. They can take a detailed audit of a
computer
Interviews: Investigators arrange interviews with victims, witness.
Surveillance: Investigators checks the digital activities, monitors all elements of
suspect.
Forensics: Mining a computer for all related information to detect potential
evidence.
Undercover: Steps to uncover to trap criminals using fake online identities.
Obtain a search warrant and seize the victims equipment
Identify the victim's configuration.
Acquire the evidence carefully.
2. Web servers: Web servers are the most common Internet server-side application in
use. These are mainly designed to provide content & functionality to remote users
through a standard web browser.
Page | 21
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: A computer security risk is any event or action that could cause a loss or damage to (Definition: 2
computer hardware, software, data, or information. marks,
Analyzing: 2
Some breaches to computer security are accidental, but some are planned. Any marks,
illegal act involving a computer is generally referred to as a computer crime. Assets: 2
marks)
Cybercrime refers to online or Internet-based illegal acts.
Some of the more common computer security risks include Computer viruses,
Unauthorized access and use of computer systems ,Hardware theft and software
theft, Information theft and information privacy, System failure
It is also important to take into account the chance of each loss occurring.
If a hacker makes a copy of all a company's credit card numbers it does not cost
them anything directly but the loss in fine and reputation can be enormous.
An asset is any data, device, or other component of the environment that supports
information-related activities.
Assets should be protected from unauthorized access, use, alteration, destruction, and/or
theft, resulting in loss to the organization.
Page | 22
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions.
The goal of the opponent is to obtain information that is being transmitted.
The release of message contents is easily understood. A telephone conversation, an
electronic mail message, and a transferred file may contain sensitive or confidential
information. We would like to prevent an opponent from learning the contents of
these transmissions.
A second type of passive attack, traffic analysis.
Suppose that we had a way of masking the contents of messages or other
information traffic so that opponents, even if they captured the message, could not
extract the information from the message. The common technique for masking
contents is encryption. If we had encryption protection in place, an opponent might
still be able to observe the pattern of these messages. The opponent could determine
the location and identity of communicating hosts and could observe the frequency
and length of messages being exchanged. This information might be useful in
guessing the nature of the communication that was taking place.
Passive attacks are very difficult to detect because they do not involve any alteration
of the data.
Typically, the message traffic is not sent and received in an apparently normal
fashion and the sender nor receiver is aware that a third party has read the messages
or observed the traffic pattern.
However, it is feasible to prevent the success of these attacks, usually by means of
encryption. Thus, the emphasis in dealing with passive attacks is on prevention
rather than detection.
Active Attack:
In an active attack, the attacker tries to bypass or break into secured systems.
This can be done through stealth, viruses, worms, or Trojan horses.
Active attacks include attempts to circumvent or break protection features, to
introduce malicious code, and to steal or modify information.
These attacks are mounted against a network backbone, exploit information in
transit, electronically penetrate an enclave, or attack an authorized remote user
Page | 23
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
In replay attack, authentication sequences can be captured and replayed after a valid
authentication sequence has taken place, thus enabling an authorized entity with few
privileges to obtain extra privileges by impersonating an entity that has those
privileges.
Replay involves the passive capture of a data unit and its subsequent retransmission
to produce an unauthorized effect.
Ans: Password: Password is a secret word or expression used by authorized persons to prove (Password:
their right to access, information, etc. 4 marks,
Four
Components of good password: selection
1. It should be at least eight characters long. Policies: 1
2. It should include uppercase and lowercase letters, numbers, special characters or marks each)
punctuation marks.
3. It should not contain dictionary words.
4. It should not contain the user's personal information such as their name, family
member's name, birth date, pet name, phone number or any other detail that can
easily be identified.
5. It should not be the same as the user's login name.
Page | 24
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: An IDS (Intrusion detection system) is intrusion detection system is process of (IDS: 2
monitoring the events occurring in computer system or network & analyzing tem for marks,
signs of possible incident which are threats of computer security. Intrusion detection Diagram: 2
system (IDS) is a device or software application that monitors network or system marks, IDS
activities for malicious activities or policy violations and produces reports to a components
management station. IDS come in a variety of “flavors” and approach the goal of : 2 marks,
detecting suspicious traffic in different ways. Types: 2
marks)
IDS are mainly divided into two categories, depending on monitoring activity:
1) Host-based IDS: Host based IDS looks for certain activities in the log files are:
1. Logins at odd hours
2. Login authentication failure.
Page | 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
2) Network based IDS: Network based IDS looks for certain activities like:
Working of Kerberos:
1. The authentication service, or AS, receivers the request by the client and verifies that
the client is indeed the computer it claims to be. This is usually just a simple
database lookup of the user’s ID.
Page | 27
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
3. The key is sent back to the client in the form of a ticket-granting ticket, or TGT. This
is a simple ticket that is issued by the authentication service. It is used for
authentication the client for future reference.
4. The client submits the ticket-granting ticket to the ticket-granting server, or TGS, to
get authenticated.
5. The TGS creates an encrypted key with a timestamp, and grants the client a service
ticket.
Page | 28
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
7. The service decrypts the key, and makes sure the timestamp is still valid. If it is, the
service contacts the key distribution center to receive a session that is returned to the
client.
8. The client decrypts the ticket. If the keys are still valid, communication is initiated
between client and server.
Ans: Piggybacking: It is the simple process of following closely behind a person who has (Piggybacki
just used their own access card or PIN to gain physical access to a room or building. An ng: 2
attacker can thus gain access to the facility without having to know the access code or marks,
having to acquire an access card. i.e. Access of wireless internet connection by Prevention:
bringing one's own computer within range of another wireless connection & using that 2 marks)
without explicit permission, it means when an authorized person allows (intentionally
or unintentionally) others to pass through a secure door. Piggybacking on Internet
access is the practice of establishing a wireless Internet connection by using another
subscriber's wireless Internet access service without the subscriber’s explicit permission
Page | 29
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: One time pad Security Mechanism: One time pad (Vernam Cipher) is the encryption (Explanation
mechanism in which the encryption-key has at least the same length as the plaintext and : 2 marks,
consists of truly random numbers. Each letter of the plaintext is mixed with one element Example: 2
marks)
from the OTP. This results in a cipher-text that has no relation with the plaintext when
the key is unknown. At the receiving end, the same OTP is used to retrieve the original
plaintext
Steps for One time pad :
1. The key should be as long as the message
2. Key and plain text calculated modulo 26
3. There should only be 2 copies of the key (1 for sender and 1 for receiver)
Example: Suppose Alice wishes to send the message "HELLO" to Bob In OTP assign
each letter a numerical value: e.g. "A" is 0, "B" is 1, and so on. Here, we combine the
key and the message using modular addition. The numerical values of corresponding
message and key letters are added together, modulo 26. If key is "XMCKL" and the
message is "HELLO", then the encrypted text will be “EQNVZ”
Page | 30
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: PGP is Pretty Good Privacy. It is a popular program used to encrypt and decrypt email (Diagram: 2
over the internet. It becomes a standard for e-mail security. It is used to send encrypted marks,
code (digital signature) that lets the receiver verify the sender’s identity and takes care Description:
that the route of message should not change. PGP can be used to encrypt files being 2 marks)
stored so that they are in unreadable form and not readable by users or intruders It is
available in Low cost and Freeware version. It is most widely used privacy ensuring
program used by individuals as well as many corporations.
Fig. PGP
There are five steps as shown in fig.
1. Digital signature: it consists of the creation a message digest of the email message
using SHA-1 algorithm. The resulting MD is then encrypted with the sender’s private
key. The result is the sender’s digital signature.
2. Compression: the input message as well as p digital signature are compressed
Page | 31
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: PORNOGRAPHY: The depiction of nudity or erotic behavior, in writing, pictures, (Explanation
video, or otherwise, with the intent to cause sexual excitement. Is the depiction of erotic : 4 marks)
behavior (as in pictures or writing) intended to cause sexual excitement material (as
books or a photograph) that depicts erotic behavior and is intended to cause sexual
excitement the depiction of acts in a sensational manner so as to arouse a quick intense
emotional reaction? Pornography is defined as imagery, in addition to various forms of
media, that depicts actions presumed to be overtly sexual and erotic in nature. In a legal
spectrum, Pornography can be defined as sexually-explicit material that is displayed or
viewed with the intention of the provision of sexual gratification.
(e) What is SSL/TLS? 4M
Ans: Transport Layer Security (TLS) and Secure Sockets Layer (SSL), both referred to as (Explanation
"SSL" are cryptographic protocols that provide communications security over a network. : 4 marks)
The Transport Layer security (TLS) protocol provides communications privacy over
internet. The protocol allows client-server applications to communicate in a way that is
designed to prevent eavesdropping, tampering or message forgery. The primary goal of
the TLS protocol is to provide privacy in data integrity between two communicating
applications.
The protocol is composed of two layers:
1. TLS Record Protocol provides connection security with some encryption method
such as the Data Encryption Standard (DES). The TLS Record Protocol can also be
used without encryption.
2. The TLS Handshake Protocol allows the server and client to authenticate each other
and to negotiate an encryption algorithm and cryptographic keys before data is
exchanged.
Page | 32
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: The need of computer security has been threefold: confidentiality, integrity, and (1 mark for
availability the “CIA” of security. Confidentiality, Integrity, Availability, Availability, each
Authentication, Other elements are Authorization, Non-repudiation, Access control and element)
accountability.
1. Confidentiality: The goal of confidentiality is to ensure that only those individuals who
have the authority can view a piece of information, the principle of confidentiality specifies
that only sender and intended recipients should be able to access the contents of a
message. Confidentiality gets compromised if an unauthorized person is able to access the
contents of a message.
Example of compromising the Confidentiality of a message is shown in fig.
Ans: Attack is any attempt to expose, destroy alter, modify sizable, steal or gain unauthorized (List: 2 mark
access or use of an asset. It is kind of malicious activity that attempts to collect disrupt, and 1 mark
deny degrade, or destroy information system resources or information. each for
explanation
Types of attacks are: of backdoor
Passive attacks and trap
Page 2 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
It is secret entry point into program that allows user to gain access without going
through the usual security access procedures.
It is used legitimately in debugging and testing
It also refers to the entry and placement of a program or utility into a network that
creates a backdoor entry for attackers.
This may allow a certain user ID to log on without password a program or gain of
administrative services.
It becomes threat when programmers use them to gain unauthorized access.
There are several backdoor programs and tools used by hackers in terms of
automated tools
Trapdoor Attacks:
A trap door is an entrance in an system which circumvents the normal safety
measures.
It is secret entry point into a program that allows someone who is aware of gaining
access using procedure other that security procedure.
It might be hidden program which makes the protection system ineffective.
This entry can be deliberately in traduced by the developer to maintain system in
case of disaster management.
Trapdoor programs can be installed through malware using internet.
Ans: (2 marks
Piggybacking: It is the simple process of following closely behind a person who has just each for
used their own access card or PIN to gain physical access to a room or building. An attacker piggybacks
can thus gain access to the facility without having to know the access code or having to & shoulder
acquire an access card. i.e.: Access of wireless internet connection by bringing one's own surfing)
computer within range of another wireless connection & using that without explicit
permission , it means when an authorized person allows (intentionally or unintentionally)
others to pass through a secure door. Piggybacking on Internet access is the practice of
establishing a wireless Internet connection by using another subscriber's
wireless Internet access service without the subscriber‟s explicit permission or knowledge.
It is a legally and ethically controversial practice, with laws that vary by jurisdiction
around the world. While completely outlawed or regulated in some places, it is permitted in
others. The process of sending data along with the acknowledgment is called
piggybacking. Piggybacking is distinct from war driving, which involves only the
logging or mapping of the existence of access points. It is the simple tactic of following
closely behind a person who has just used their own access card or PIN to gain physical
access to a room or building. An attacker can thus gain access to the facility without having
Page 3 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: 1. Cryptography: Cryptography is art & science of achieving security by encoding (1 mark for
messages to make them non-readable. explanation
each term
Readable Cryptography Unreadable and 1 mark
message system message for diagram
drawn)
3. Cryptology: It is originated from the Greek logos, means hidden words. This technique
is used in cryptography for generating secured information.
Ans: ( Diagram 2
marks and
explanation
4 marks)
Page 4 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
OR
A message is to be transferred from one use to another user in secret form using this
security system it can be two or more parties accessing information via Internet.
OR
Sender & receiver are principals of transaction and must cooperate for exchange to take
place.
Model shows four basic tasks:
1. Design algorithm in such a way that an opponent cannot defeat its purpose. This
algorithm is used for security related information.
2. Generate secret information that can be used with algorithm.
3. Develop method for distributing and sharing of secret information.
4. Specify a protocol which can be used by two principals that make use of security
algorithm and secret information to achieve a security service. An information channel is
established by defining a route through Internet from source to destination with the help of
communication protocol like TCP/IP or using normal PC to PC communication through
any media. Techniques for providing security have following components:-
A security related transformation on information to be sent.
This information shared by two principals should be secret.
A trusted party is required to achieve secure transmission.
This is responsible for distributing secret information between two principals.
Page 5 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
IT acts 2008: It is the Information Technology Amendment Act, 2008.the act was
developed for IT industries, control e-commerce, to provide e-governance facility and to
stop cybercrime attacks.
Following are the characteristics of IT ACT 2008: This act provides legal recognition
for the transaction i.e. Electronic Data Interchange (EDI) and other electronic
communications. This Act also gives facilities for electronic filling of information with the
Government agencies. It is considered necessary to give effect to the said resolution and to
promote efficient delivery of Government services by means of reliable electronic records.
Worms:
Worms are malicious programs that spread them automatically.
Spread from computer to computer, without any human action intervention.
It propagate autonomously, they are spread by exploiting vulnerabilities in
computer system.
Worm is designed to copy itself from PC to PC via networks or internet.
They spread much faster than viruses.
Its effects are localized its damage to the computer network by causing increased
bandwidth.
Worms consists of attack mechanism, payload and target selection
Intruders :
Extremely patient as time consuming More dangerous than outsiders
Outsiders Insiders
Keep trying attacks till success As they have the access and knowledge to cause
immediate damage to organization
Individual or a small group of attackers They can be more in numbers who are
Next level of this group is script writers, i.e. Elite hackers are of three types:
Masquerader, Misfeasor, Clandestine user is misuse of access given by insiders
directly or indirectly access the organization.
They may give remote access to the Organization
Intruders are authorized or unauthorized users who are trying access the system or
network.
They are hackers or crackers
Intruders are illegal users.
Less dangerous than insiders They have to study or to gain knowledge about the
security system
They do not have access to system.
Many security mechanisms are used to protect system from Intruders.
Insiders:
More dangerous than outsiders As they have the access and knowledge to cause
immediate damage to organization
They can be more in numbers who are directly or indirectly access the organization.
They may give remote access to the organization.
Insiders are authorized users who try to access system or network for which he is
unauthorized.
Insiders are not hackers.
Insiders are legal users.
Page 8 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
b) What is access control? Explain DAC, MAC and RBAC access control model. 8M
Ans: Access is the ability of a subject to interest with an object. Authentication deals with (2 marks for
verifying the identity of a subject. It is ability to specify, control and limit the access to the description
host system or application, which prevents unauthorized use to access or modify data or and 2 mark
resources. each for three
types of
control
including
table)
Page 9 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
c) Explain transposition technique. Convert plain text to cipher text using rail Fence 8M
technique “COMPUTER SECURITY”.
Rail Fence Technique: It is one of the easiest transposition techniques to create cipher
text. When plain text message is codified using any suitable scheme, the resulting message
is called Cipher text or Cipher.
Steps are:
a) Explain use of Biometrics in computer Security. List various Biometrics used for 4M
computer security.
Ans: Use of biometric system in computer Security: Biometric is a science & technology of (Use of
measuring & statically analyzing biological data. The purpose of biometrics is to uniquely biometric
identify or verify an individual through the characteristics of the human body. Biometric system in
technology must first gather information into a computer database, for example, a database
computer
of fingerprints. The computer will compare the fingerprints in the database to any new
sample and recognize when there is a match. The matches can be used for both Security: 2
identification and verification purposes. marks, listing
of any four
Enrollment: A biometrics system searches the database for a match to the newly captured biometric
sample, and grants access if it is found. Using a fingerprint as part of the login process to a
security
computer is an example of this mode.
Verification: A biometrics system searches the database for a match to the newly captured system:2
sample, and authenticates an individual's claimed identity from his or her previously marks)
enrolled pattern. Biometrics uses characteristics that can be physical such hand shape, a
fingerprint, facial characteristics, voice, or DNA. Biometrics can also use characteristics
Page 11 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Page 12 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Packet Filtering
Ans: The IPSec Authentication Header (AH) protocol allows the recipient of a datagram to verify (IP security:
its authenticity. It is implemented as a header added to an IP datagram that contains 1 mark ,
an integrity check value computed based on the values of the fields in the datagram. This Diagram:
value can be used by the recipient to ensure that the data has not been changed in transit. 1mark ,
The Authentication Header does not encrypt data and thus does not ensure the privacy of Explanation:
transmissions. Authentication Header (AH) is a member of the IPSec protocol suite. AH 2 marks)
guarantees connectionless integrity and data origin authentication of IP packets. Further, it
can optionally protect against replay attacks by using the sliding window technique and
discarding old packets.
Page 13 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
a) Define Caesar cipher. Write its algorithm and convert “COMPUTER SECURITY” 4M
using Caesar cipher.
Page 14 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Explanation: private network created virtually between two branch networks of same
company across the world. Instead of using dedicated leased line to the internetwork of
company public lines can be used called as VPN. In the diagram two firewalls are acting as
an intermediate between user X & user Y. If the user x is sending the message to user .If
the user X is sending the message to user Y message first comes to firewall 1 which uses its
own address to send this message to user Y thus over the network the packet send from user
X is protected & it‟s IP address is protected like private network .In VPN the Tunnel
technology is used to have communication between two branches of same company by
wrapping the packet on another packet thus protecting network like private network.
Page 15 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: Application Hardening : In computing, hardening is usually the process of securing a (Application
system by reducing its surface of vulnerability, which is larger when a system performs Hardening
more functions; in principle a single-function system is more secure than a multipurpose (Each point
one. Reducing available ways of attack typically includes changing default passwords, the carries 1
removal of unnecessary software, unnecessary usernames or logins, and the disabling or mark)
removal of unnecessary services. Application hardening specifically involves updating the
application up to date.
Page 16 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
1. The client requests a connection by sending a SYN (synchronize) message to the server.
2. The server acknowledges this request by sending SYN-ACK back to the client.
3. The client responds with an ACK, and the connection is established.
This is called the TCP three-way handshake, and is the foundation for every connection
established using the TCP protocol.
A SYN flood attack works by not responding to the server with the expected ACK code.
The malicious client can either simply not send the expected ACK, or by spoofing the
source IP address in the SYN, causing the server to send the SYN-ACK to a falsified IP
address - which will not send an ACK because it "knows" that it never sent a SYN.
The server will wait for the acknowledgement for some time, as simple network congestion
could also be the cause of the missing ACK. However, in an attack, the half-open
connections created by the malicious client bind resources on the server and may eventually
exceed the resources available on the server. At that point, the server cannot connect to any
clients, whether legitimate or otherwise. This effectively denies service to legitimate
clients. Some systems may also malfunction or crash when other operating system
functions are starved of resources in this way.
Page 17 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: packet sniffing: A packet analyzer also known as a network analyzer, protocol (Packet
analyzer or packet sniffer, for particular types of networks, an Ethernet sniffer or wireless sniffing: 3
sniffer) is a computer program or piece of computer hardware that can intercept and log marks packet
traffic that passes over a digital network or part of a network. As data streams flow across spoofing: 3
the network, the sniffer captures each packet. marks)
Packet sniffer specifically viewing the contents of the packet & can intimated to third
required party. Like tender of a company can obtain just by viewing the info of other
companies tender info & can adjusted the value as per requirement.
Packet Spoofing: In the context of network security, a spoofing attack is a situation in
which one person or program successfully masquerades as another by falsifying data,
thereby gaining an illegitimate advantage spoofing involves packet can be captured , data
can be modified as per the requirement of third party and may sent to recipients. Following
are the types of spoofing
IP Address spoofing
GPS spoofing
Caller id spoofing
Mail spoofing
Third party may use any spoofing technique as per requirement & may get
Page 18 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: Security topology: A security topology is the arrangement of hardware devices on a (2 marks
network with respect to internal security requirements and needs for public access. Definition:
OR 1 mark
Security topology is a local map that depicts the interconnectivity between security
Listing
devices and security domains that host these networks.
zones: 1.5
Security Zone: Security zones are the building blocks for policies; they are logical marks
entities to which one or more interfaces are bound. Security zones provide a means of explanation
distinguishing groups of hosts (user systems and other hosts, such as servers) and their of each
resources from one another in order to apply different security measures to them. zone)
2. Upon verification, a timestamp is created. This puts the current time in a user
session, along with an expiration date. The default expiration date of a timestamp is 8
hours. The encryption key is then created. The timestamp ensures that when 8 hours is up,
the encryption key is useless.
3. The key is sent back to the client in the form of a ticket-granting ticket, or TGT.
This is a simple ticket that is issued by the authentication service. It is used for
authentication the client for future reference.
4. The client submits the ticket-granting ticket to the ticket-granting server, or TGS, to
get authenticated.
5. The TGS creates an encrypted key with a timestamp, and grants the client a service
ticket.
Page 21 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
6. The client decrypts the ticket, tells the TGS it has done so, and then sends its own
encrypted key to the service.
7. The service decrypts the key, and makes sure the timestamp is still valid. If it is, the
service contacts the key distribution center to receive a session that is returned to the
client.
8. The client decrypts the ticket. If the keys are still valid, communication is initiated
between client and server.
Ans: 1. Security awareness program is most effective method to oppose potential social (1 mark for
engineering attacks when organization‟s security goals and policies are established. each
2. An important element that should concentrate in training is which information is relevant
sensitive for organization and which may be the target of a social engineering attack.
point)
3. Companies implement tools and procedures to protect against these threats and to
comply with law and regulations.
4. Establishing and maintaining information-security awareness through a security
awareness program is vital to an organization‟s progress and success. A robust and
properly implemented security awareness program assists the organization with the
education, monitoring, and ongoing maintenance of security awareness within the
organization.
Page 22 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Page 23 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
(iii). PGP- Pretty Good Privacy: Pretty Good Privacy is a popular program used to
encrypt and decrypt email over the internet.
(i). It becomes a standard for e-mail security.
(ii). It is used to send encrypted code (digital signature) that lets the receiver verify the
sender„s identity and takes care that the route of message should not change.
(iii). PGP can be used to encrypt files being stored so that they are in unreadable form and
not readable by users or intruders.
(iv). It is available in Low cost and Freeware version.
(v). It is most widely used privacy ensuring program used by individuals as well as many
corporations.
(iv). S/MIME – Secure Multipurpose Internet Mail Extension:
(i). The traditional email system using SMTP protocol are text based which means that a
person can compose text message using an editor and them sends it over Internet to
the recipient, but multimedia files or documents in various arbitrary format cannot be
sent using this protocol.
(ii). To cater these needs the Multipurpose Internet Mail Extensions (MIME) system
extends the basic email system by permitting users to send the binary files using basic
email system.
(iii). And when basic MIME system is enhanced to provide security features, it is called as
Secure Multipurpose Internet Mail Extensions.
(iv). S/MIME provides security for digital signature and encryption of email message.
Ans: Intrusion detection system (IDS): An intrusion detection system (IDS) monitors network (1 mark
traffic and monitors for suspicious activity and alerts the system or network administrator. IDS: 2
In some cases the IDS may also respond to anomalous or malicious traffic by taking action marks,
Page 24 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Ans: Secure electronic Transaction is an open encryption and security specification that is (1 mark:
designed for protecting credit card transactions on the Internet. It is a set of security list, 3 marks
protocols and formats that enable the users to employ the existing credit card payment for any
infrastructure on the internet in a secure manner. Three
Page 25 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Components of SET:
1. Cardholder
2. Merchant
3. Issuer
4. Acquirer
5. Payment gateway
6. Certification Authority(CA)
1. Cardholder: A cardholder is an authorized holder of a payment card such as
MasterCard or Visa that has been issued by an Issuer.
2. Merchant: Merchant is a person or an organization that wants to sell goods or
services to cardholders.
3. Issuer: The issuer is a financial institution that provides a payment card to a
cardholder.
4. Acquirer: this is a financial institution that has a relationship with merchants for
processing payment card authorizations and payments. Also provides an assurance that a
particular cardholder account is active and that the purchase amount does not exceed the
credit limits. It provides electronic fund transfer to the merchant account.
5. Payment Gateway: It processes the payment messages on behalf of the merchant.
It connects to the acquirer‟s system using a dedicated network line.
6. Certification Authority (CA): This is an authority that is trusted to provide public
key certificates to cardholders, merchant, and Payment Gateway.
Page 26 of 26
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
D. Cipher Text: When plain text message is codified using any suitable scheme, the
resulting message is called as cipher text.
B) Spoofing: Spoofing is nothing more than making data look like it has come from a
different source. This is possible in TCP/ IP because of the friendly assumption behind the
protocol. When the protocols were developed, it was assumed that individuals who had
access to the network layer would be privileged users who could be trusted. When a packet
is sent from one system to another, it includes not only the destination IP address ant port
but the source IP address as well which is one of the forms of Spoofing.
These are various formatted partition recovery tools available.Every tool will have different
GUI & method of recovery.
There are standard ethical procedures that need be followed as described in following steps:
1. Incident identification: - Identifying the incident and the analysis of the case.
2. Preparation of tools, monitoring, techniques, management support and authorization
etc.
3. Decide a clear and well defined approach, strategy to proceed with the case.
4. Collection of the evidence & even duplicating the digital evidence is also an important
part of ethical conduct.
5. The evidence that is collected should be incorporated with the date, time & the place
where it was found. The importance of preservation of the evidence need be prevented.
6. The analysis of the evidence should be carried out in such a way so as to eliminate the
evidence that cannot be produced in the court law.
1. Confidentiality: The principle of confidentiality specifies that only sender and intended
recipients should be able to access the contents of a message. Confidentiality gets
compromised if an unauthorized person is able to access the contents of a message.
Example of compromising the Confidentiality of a message is shown in fig
3. Integrity: when the contents of the message are changed after the sender sends it, but
before it reaches the intended recipient, we say that the integrity of the message is lost.
For example, here user C tampers with a message originally sent by user A, which is
actually destined for user B. user C somehow manages to access it, change its contents and
send the changed message to user B. user B has no way of knowing that the contents of the
message were changed after user A had sent it. User A also does not know about this
change.
This type of attack is called as Modification.
1. Biometric refers study of methods for uniquely recognizing humans based upon one or
more intrinsic physical or behavioral characteristics.
2. Biometric identification is used on the basis of some unique physical attribute of the user
that positively identifies the user. Example: finger print recognition, retina and face scan
technique, voice synthesis and recognition and so on.
3. Biometrics cannot be lost, stolen or forgotten. Barring disease or serious physical injury,
the biometric is consistent and permanent.
4. It is also secure in that the biometric itself cannot be socially engineered, shared or used
by others.
1) The first block (sensor) is the interface between the real world and the system; it has to
acquire all the necessary data.
2) The 2nd block performs all the necessary pre-processing.
3) The third block extracts necessary features. This step is an important step as the correct
features need to be extracted in the optimal way.
4) If enrolment is being performed the template is simply stored somewhere (on a card or
within a database or both).if a matching phase is being performed the obtained template is
passed to a matcher that compares it with other existing templates, estimating the distance
between them using any algorithm. The matching program will analyze the template with
the input. This will then be output for any specified use or purpose.
C M U E S C R T T C N L G
O P T R E U I Y E H O O Y
Ciphertext: CMUESCRTTCNLGOPTREUIYEHOOY
Figure: VPN
c) Reactive password checking: the system periodically runs its own password cracker
program to find out guessable passwords. If the system finds any such password, the
system cancels it and notifies the user.
HIDS: Host Intrusion Detection Systems are run on individual hosts or devices on the
network. HIDS monitors the inbound and outbound packets from the device only and will
alert the user or administrator when suspicious activity is detected. HIDS is looking for
certain activities in the log file are:
Logins at odd hours
Login authentication failure
Adding new user account
Modification or access of critical system files
Modification or removal of binary files
Starting or stopping processes
Privilege escalation
Use of certain programs
Figure: HIDS
Basic Components HIDS:
1. Traffic collector: This component collects activity or events from the IDS to examine.
In Host-based IDS, this can be log files, audit logs, or traffic coming to or leaving a
specific system.
2. Analysis Engine:This component examines the collected network traffic & compares it
to known patterns of suspicious or malicious activity stored in the signature database. The
analysis engine acts like a brain of IDS.
3. Signature database: It is a collection of patterns & definitions of known suspicious or
malicious activity.
4. User Interface & Reporting: This is the component that interfaces with the human
element, providing alerts when suitable & giving the user a means to interact with &
operate the IDS.
Advantages:
1. Operating System specific and detailed signatures.
2. Examine data after it has been decrypted.
3. Application specific.
4. Determine whether or not an alarm may impact that specific.
Disadvantages:
1. Should have a process on every system to watch.
2. High cost of ownership and maintenance.
3. Uses local system resources.
4. If logged locally, could be compromised or disable.
Participants/Components of SET
1. Cardholder: A cardholder is an authorized holder of a payment card such as
MasterCard or Visa that has been issued by an Issuer.
2. Merchant: Merchant is a person or an organization that wants to sell goods or services
to cardholders.
3. Issuer: The issuer is a financial institution that provides a payment card to a cardholder.
4. Acquirer: this is a financial institution that has a relationship with merchants for
processing payment card authorizations and payments. Also provides an assurance that a
particular cardholder account is active and that the purchase amount does not exceed the
credit limits. It provides electronic fund transfer to the merchant account.
5. Payment Gateway: It processes the payment messages on behalf of the merchant. It
connects to the acquirer‟s system using a dedicated network line.
6. Certification Authority (CA): This is an authority that is trusted to provide public key
certificates to cardholders, merchant, and Payment Gateway.
Algorithm:
1. The message is written out in rows of a fixed length.
2. Read out again column by column according to given order or in random order.
3. According to order write cipher text.
Example
The key for the columnar transposition cipher is a keyword e.g. ORANGE.
The row length that is used is the same as the length of the keyword.
O R A N G E
C O M P U T
E R P R O G
R A M M I N
G L E X X M
In the above example, the plaintext has been padded so that it neatly fits in a rectangle. This
is known as a regular columnar transposition. An irregular columnar transposition leaves
these characters blank, though this makes decryption slightly more difficult. The columns
are now reordered such that the letters in the key word are ordered alphabetically.
5 6 1 4 3 2
O R A N G E
C O M P U T
E R P R O G
R A M M I N
G L E X X M
The Encrypted text or Cipher text is:
a) Authentication Header (AH): The AH provides support for data integrity and
authentication of IP packets. The data integrity service ensures that data inside IP
packet is not altered during the transit. The authentication service enables an end user
or computer system to authenticate the user or the application at the other end and
decides to accept or reject packets accordingly. This also prevents IP spoofing attacks.
AH is based on MAC protocol, which means that the two communicating parties must
share a secret key in order to use AH.
b) Encapsulating Security Payload (ESP): ESP is a member of the IPsec protocol suite.
In IPsec it provides origin authenticity, integrity and confidentiality protection
of packets. ESP also supports encryption-only and authentication-only configurations,
but using encryption without authentication is strongly discouraged because it is
insecure.
SYN flooding attack, the attacker sends fake communication requests to the targeted
system. Each of these requests will be answered by the target system, which then waits for
the third part of the handshake. Since the requests are fake the target will wait for responses
that will never come, as shown in Figure.
Distributed denial-of-service (DDoS): DDoS is the attack where source is more than one,
often thousands of, unique IP addresses. It is analogous to a group of people crowding the
entry door or gate to a shop or business, and not letting legitimate parties enter into the
shop or business, disrupting normal operations.DDoS is a type of DOS attack where
multiple compromised systems, which are often infected with a Trojan, are used to target a
single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist
of both the end targeted system and all systems maliciously used and controlled by the
hacker in the distributed attack.
A Denial of Service (DoS) attack is different from a DDoS attack. The DoS attack typically
uses one computer and one Internet connection to flood a targeted system or resource. The
The biggest danger with a worm is its capability to replicate itself on your system, so rather
than your computer sending out a single worm, it could send out hundreds or thousands of
copies of itself, creating a huge devastating effect. One example would be for a worm to
send a copy of itself to everyone listed in your e-mail address book. Then, the worm
Due to the copying nature of a worm and its capability to travel across networks the end
result in most cases is that the worm consumes too much system
memory (or network bandwidth), causing Web servers, network servers and individual
computers to stop responding. In recent worm attacks such as the much-talked-about
Blaster Worm, the worm has been designed to tunnel into your system and allow malicious
users to control your computer remotely.
Virus:A computer virus attaches itself to a program or file enabling it to spread from one
computer to another, leaving infections as it travels. Like a human virus, a computer virus
can range in severity: some may cause only mildly annoying effects while others can
damage your hardware, software or files. Almost all viruses are attached to anexecutable
file, which means the virus may exist on your computer but it actually cannot infect your
computer unless you run or open the malicious program.
It is important to note that a virus cannot be spread without a human action, (such as
running an infected program) to keep it going. Because a virus is spread by human action
people will unknowingly continue the spread of a computer virus by sharing infecting files
or sending emails with viruses as attachments in the email.
Virus Worm
The virus is the program code that attaches The worm is code that replicate itself in order
itself to application program and when to consume resources to bring it down.
application program run it runs along with it.
It inserts itself into a file or executable It exploits a weakness in an application or
program. operating system by replicating itself.
It has to rely on users transferring infected It can use a network to replicate itself to other
files/programs to other computer systems. computer systems without user intervention.
Yes, it deletes or modifies files. Sometimes a Usually not. Worms usually only monopolize
virus also changes the location of files. the CPU and memory.
Virus is slower than worm. Worm is faster than virus
E.g. Macro virus, Directory virus, Stealth E.g. Code red
Virus
2. Compression
3. Encryption
4. Enveloping
5. Base-64 Encoding
1. Digital Signature
2. Compression
3. Encryption
4. Enveloping
5. Base-64 Encoding
Design Principal:
A firewall is a networking device – hardware, software or a combination of both–
whose purpose is to enforce a security policy across its connection. It is much like a
wall that has a window: the wall serves to keep things out, except those permitted
through the window.
One of the most basic security function provided by a firewall is Network Address
Translation (NAT). This service allows you to mask significant amounts of information
from outside of the network. This allows an outside entity to communicate with an entity
inside the firewall without truly knowing its address.
Basic Packet Filtering, the most common firewall technique, looking at packets, their
protocols and destinations and checking that information against the security policy.
Telnet and FTP connections may be prohibited from being established to a mail or
database server, but they may be allowed for the respective service servers.
This is a fairly simple method of filtering based on information in each packet header,
like IP addresses and TCP/UDP ports. This will not detect and catch all undesired packet
but it is fast and efficient.
A firewall can either be software-based or hardware-based and is used to help keep a
network secure. Its primary objective is to control the incoming and outgoing traffic of
network by analyzing the data packets and determining whether it should be allowed
through or not, based on a predetermined rule set. A network's firewall builds a brigade
between an internal network that is assumed to be secure and trusted, and another
network, usually an external (inter)network, such as the Internet, that is not assumed to be
secure and trusted.
Many personal computer operating systems include software-based firewalls to protect
against threats from the public Internet. Many routers that pass data between networks
contain firewall components and, conversely, many firewalls can perform basic routing
functions.
Limitations:
1. Firewall do not protect against inside threats.
2. Packet filter firewall does not provide any content based filtering.
3. Protocol tunneling, i.e. sending data from one protocol to another protocol which
negates the purpose of firewall.
4. Encrypted traffic cannot be examine and filter.
The search is carried out in waste paper, electronic waste such as old HDD, floppy and
CD media recycle and trash bins on the systems etc.
If the attacker is lucky, the target has poor security process they may succeed in finding
user ID‟s and passwords. If the password is changed and old password is discarded, lucky
dumpster driver may get valuable clue.
To prevent dumpster divers from learning anything valuable from your trash, experts
recommend that your company should establish disposal policy.
User Id
client
Authentication server (AS)
2. Upon verification, a timestamp is crated. This puts the current time in a user session,
along with an expiration date. The default expiration date of a timestamp is 8 hours. The
encryption key is then created. The timestamp ensures that when 8 hours is up, the
encryption key is useless. (This is used to make sure a hacker doesn‟t intercept the data,
and try to crack the key. Almost all keys are able to be cracked, but it will take a lot
longer than 8 hours to do so)
Client
Authentication server (AS)
3. The key is sent back to the client in the form of a ticket-granting ticket, or TGT. This is
a simple ticket that is issued by the authentication service. It is used for authentication
the client for future reference.
4. The client submits the ticket-granting ticket to the ticket-granting server, or TGS, to get
authenticated.
5. The TGS creates an encrypted key with a timestamp, and grants the client a service
ticket.
6. The client decrypts the ticket, tells the TGS it has done so, and then sends its own
encrypted key to the service.
7. The service decrypts the key, and makes sure the timestamp is still valid. If it is, the
service contacts the key distribution center to receive a session that is returned to the
client.
8. The client decrypts the ticket. If the keys are still valid, communication is initiated
between client and server.
TLS Record Protocol provides connection security with some encryption method such as
the Data Encryption Standard (DES). The TLS Record Protocol can also be used without
encryption. The
TLS Handshake Protocol allows the server and client to authenticate each other and to
negotiate an encryption algorithm and cryptographic keys before data is exchanged.
A Secret B
Here, the user of a computer A send a message to user of computer B. another user C
gets access to this message, which is not desired and therefore, defeats the purpose of
Confidentiality.
This type of attack is also called as interception.
A I am B
user A
3. Integrity: when the contents of the message are changed after the sender sends it,
but before it reaches the intended recipient, we say that the integrity of the message is
lost.
For example, here user C tampers with a message originally sent by user A, which is
actually destined for user B. user C somehow manages to access it, change its
contents and send the changed message to user B. user B has no way of knowing that
the contents of the message were changed after user A had sent it. User A also does
not know about this change.
Example: Access of wireless internet connection by bringing one's own computer within
the range of another wireless network & using that without explicit permission.
iii. Threats: It is a set of things which has potential to loss or harm to computer system & network.
iv. Risk: Risk is probability of threats that may occur because of presence of vulnerability in a
system.
A Secret B
Here, the user of a computer A send a message to user of computer B. another user C
gets access to this message, which is not desired and therefore, defeats the purpose of
Confidentiality.
This type of attack is also called as interception.
A I am B
user A
3. Integrity: when the contents of the message are changed after the sender sends it,
but before it reaches the intended recipient, we say that the integrity of the message is
lost.
For example, here user C tampers with a message originally sent by user A, which is
actually destined for user B. user C somehow manages to access it, change its
contents and send the changed message to user B. user B has no way of knowing that
the contents of the message were changed after user A had sent it. User A also does
not know about this change.
This type of attack is called as modification.
These are various formatted partition recovery tool available .Although every tool will have
different GUI & method of recovery.
Any action or activity that leads to disclosure of privacy of the client should be avoided.
The values such as integrity, accuracy & authenticity should be exercised in an ethical
environment. The evidence that is produced before the court should be fairly examined &
analyzed. There should not be any carelessness and ignorance regarding the handling of
evidence. The case evidence should be examined in detail based upon validated principles.
2. Backdoors and Trapdoors: They are the methods used by software developers to
ensure that they could gain access to an application even if something were to happen in
the future to prevent normal access methods. For e.g. A hard coded password that could
be used to gain access to the program in the event that administrator forgot their own
system password. The problem with this sort password (sometimes referred to as
trapdoor) is that since the password is hard coded it cannot be removed. If the attacker
learns about the backdoor, all systems running the software would be vulnerable.
3. Sniffing: A network sniffer is a software or hardware device that is used to observe the
traffic as it passes through the network on shared broadcast media. The device can be
used to view all traffic, all it can target a specific protocol, service or even string of
characters. Normally the network device that connects a computer to a network is
designed to ignore all traffic that is not destined for that computer. Network sniffers
ignore this friendly agreement and observe all traffic on the network whether destined for
that computer or others.
4. Spoofing: It makes the data look like it has come from other source. This is possible in
TCP/IP because of the friendly assumptions behind the protocols. When a packet is sent
from one system to another, it includes not only the destination IP address but the source
IP address. The user is supposed to fill in the source with your own address, but there is
nothing that stops you from filling in another system‘s address.
1. Password selection:
1) User should be able to create their own easy to remember passwords, but should not be
easy for someone else to guess or obtain using password cracking utilities.
2. Piggybacking is the simple process of following closely behind a person who has
just used their own access card or PIN to gain physical access to a room or building.
An attacker can thus gain access to the facility without having to know the access
code or having to acquire an access card.
Piggybacking, in a wireless communications context, is the unauthorized access of a
wireless LAN. Piggybacking is sometimes referred to as ―Wi-Fi squatting‖.
The usual purpose of piggybacking is simply to gain free network access rather than
any malicious intent, but it can slow down data transfer for legitimate users of the
network. Furthermore, a network that is vulnerable to piggybacking for network
access is equally vulnerable when the purpose is data theft, dissemination of viruses,
or some other illicit activity.
Example: Access of wireless internet connection by bringing one's own computer
within the range of another wireless network & using that without explicit
permission.
6. Access by non-employees: If attacker can get physical access to a facility then there are
many chances of obtaining enough information to enter into computer systems and
networks. Many organizations restrict their employees to wear identification symbols at
work.
A hash is a special function that performs one way encryption meaning that once the
algorithm is processed, there is no feasible way to take the cipher text and retrieve the plain
text that was used to generate it.
Algorithm steps:
Hashing starts with 160-bit seed as hash value.
A sequence of non-linear operation is carried out on the first message block 512-
bits.
The sequence is cyclically repeated 80 times and a 160 bit hash value is generated.
The cyclic sequence is repeated for the second message block of 512 bits.
The process is continued until all the N message block have been hashed and the
final 160bit hash value is generated.
It Consists of:
User
Authentication service and
Ticket granting server
Service server
Working of Kerberos:
User want to access server, it needs a Kerberos ticket before request.
Request Authentication from request Authentication server (AS), It creates ―session key-
encryption key ―based on your password, its effectively a Ticket-granting ticket.
User sends his/her ticket granting ticket to ticket granting server(TGS), it may be
physically same server as Authentication server, Now TGT returns the ticket that can be
sent to the server for the requested service.
The service rejects the ticket or accepts it to perform service.
Ticket received from TGT is a Time-stamped, It allows user to make additional request
using same ticket within a certain time period without re-authentication. This improves
security as ticket is granted for limited time period.
a) User ID
Client Authentic
ation
server
(AS)
Authentication service receives the request by client and verifies that the client is indeed
the authentic computer. It‘s valid for time-stamp allotted (i.e. 8 hours).
b)
Ticket-Granting Ticket
(Timestamp 8 hours) Authentic
Client
ation
server
(AS)
c)
Client Authentica
tion server
(AS)
d)
Authentic
Client
ation
server
(AS)
e)
Authenticat
ion server
Client
Ticket
granting
Encrypted Key Ticket-Granting Ticket
Service
Server
f)
Success Service
Client
Server
1) Access controls: Use of physical access controls is same as that of computer &
network access controls to restrict access to unauthorized users. Most common access
control mechanisms are security guard & lock and key combination
Key Transformation
Expansion Permutation
S-Box Substitution
P Box Permutation
b) EXE file protection: another method to break into system is to trick the
vulnerable application into modifying or creating executable file protection defense
is based on in most of the cases, the application does not need to create or modify
Application Patches will be helpful in this case like Hotfixes, Patches, and upgrades.
Computer - 1
Computer - 2
Computer - 3 INTERNET
FIREWALL
DMZ
ii) Internet:
Internet is a network that can be used to transfer email , financial records, files, remote
access etc. from one network to another network.
It is not a single network it is series of interconnected network, that allows protocol to
operate to make possible a data flow across network. WWW (World Wide Web) term
is used with internet. It is based on HTTP (Hypertext Transfer Protocol service) This
can have different actual services and contents, including files, images, audio, video
and even viruses and worms.
iii) Intranet:
Intranet is a private network that is contained within an organization/enterprise. It may
consists of interlinked local area networks also use leased lines in the wide area
network. It includes connections through one or more gateway computers to the
outside Internet. The main purpose is to share company information and computing
resources among employees. It facilitates working in groups and for teleconferences.
Intranet uses TCP/IP, HTTP, and other Internet protocol.
When part of an intranet is made accessible to customer, partners suppliers or outside
the company, then it becomes part of an extranet.
IDS come in a variety of Flavors and approach the goal of detecting suspicious
traffic in different ways. there are IDS that detect based on comparing traffic patterns
against a ]baseline and looking for anomalies. There are IDS that simply monitor
and alert and there are IDS that perform an action or actions in response to a
detected threat. We‘ll cover each of these briefly.
Cybercrime is a bigger risk now than ever before due to the sheer number of connected
people and devices. ‗Cybercrime, as it's a bigger risk now than ever before due to the
sheer number of connected people and devices. it is simply a crime that has some kind
of computer or cyber aspect to it. To go into more detail is not as straightforward, as it
takes shape in a variety of different formats.
Cybercrime:
Cybercrime has now surpassed illegal drug trafficking as a criminal moneymaker
Somebody‘s identity is stolen every 3 seconds as a result of cybercrime
Without a sophisticated security package, your unprotected PC can become infected
within four minutes of connecting to the Internet.
Criminals committing cybercrime use a number of methods, depending on their skill-
set and their goal. Here are some of the different ways cybercrime can take shape:
Theft of personal data
Copyright infringement
Fraud
Child pornography
Cyber stalking
Bullying
Types of viruses:
Parasitic Viruses: It attaches itself to executable code and replicates itself. Once it
is infected it will find another program to infect.
Memory resident viruses: lives in memory after its execution it becomes a part of
operating system or application and can manipulate any file that is executed, copied
or moved.
Non- resident viruses: it executes itself and terminates or destroys after specific
time.
Boot sector Viruses: It infects boot sector and spread through a system when it is
booted from disk containing virus.
Overwriting viruses: It overwrites the code with its own code.
Stealth Virus: This virus hides the modification it has made in the file or boot
record.
Macro Viruses: These are not executable. It affects Microsoft word like documents,
they can spreads through email.
Polymorphic viruses: it produces fully operational copies of itself, in an attempt to
avoid signature detection.
Companion Viruses: creates a program instead of modifying an existing file.
Email Viruses: Virus gets executed when email attachment is open by recipient.
Virus sends itself to everyone on the mailing list of sender.
Metamorphic viruses: keeps rewriting itself every time, it may change their
behavior as well as appearance code.
1. User education: Users can be told the importance of using hard-to-guess passwords
and can be provided with guidelines for selecting strong passwords. This user
education strategy is unlikely to succeed at most installations, particularly where there
is a large user population or a lot of turn over. Many users will simply ignore the
guidelines. Others may not be good judges of what is a strong password. For
example, many users believe that reversing a word or capitalizing the last letter makes
a password un-guessable.
2. Computer-generated passwords: Passwords are quite random in nature. Computer-
generated passwords also have problems. If the passwords are quite random in nature,
users will not be able to remember them. Even if the password is pronounceable, the
user may have difficulty remembering it and so be tempted to write it down. In
general, computer-generated password schemes have a history of poor acceptance by
users. FIPS PUB 181 defines one of the best-designed automated password
generators. The standard includes not only a description of the approach but also a
complete listing of the C source code of the algorithm. The algorithm generates words
by forming pronounceable syllables and concatenating them to form a word. A
random number generator produces a random stream of characters used to construct
the syllables and words.
3. Reactive password checking: A reactive password checking strategy is one in which
the system periodically runs its own password cracker to find guessable passwords.
The system cancels any passwords that are guessed and notifies the user. This tactic
has a number of drawbacks. First it is resource intensive, if the job is done right.
Because a determined opponent who is able to steal a password file can devote full
CPU time to the task for hours or even days an effective reactive password checker is
at a distinct disadvantage. Furthermore, any existing passwords remain vulnerable
until the reactive password checker finds them.
4. Proactive password checking: The most promising approach to improved password
security is a proactive password checker. In this scheme, a user is allowed to select
his or her own password. However, at the time of selection, the system checks to see
if the password is allowable and if not, rejects it. Such checkers are based on the
philosophy that with sufficient guidance from the system, users can select memorable
passwords from a fairly large password space that are not likely to be guessed in a
dictionary attack. The trick with a proactive password checker is to strike a balance
1) Host-based IDS:
2) Network based IDS:
1) Host based IDS looks for certain activities in the log files are:
1. Logins at odd hours
2. Login authentication failure.
3. Adding new user account
4. Modification or access of critical systems files.
5. Modification or removal of binary files
6. Starting or stopping processes.
7. Privilege escalation
8. Use of certain program
2) Network based IDS looks for certain activities like:
1. Denial of service attacks.
2. Port scans or sweeps
3. Malicious contents in the data payload of packet(s)
4. Vulnerability of scanning
5. Trojans, Viruses or worms
6. Tunneling
7. Brute force attacks.
3) Explain need for firewall and explain one of the type of firewall with diagram.
(Explanation of need: 4M, Any one firewall explanation: 4M)
Ans.
A firewall works as a barrier, or a shield, between your PC and cyber space. When you are
connected to the Internet, you are constantly sending and receiving information in small
units called packets. The firewall filters these packets to see if they meet certain criteria set
by a series of rules, and thereafter blocks or allows the data. This way, hackers cannot get
inside and steal information such as bank account numbers and passwords from you.
Capabilities:
1. All traffic from inside to outside and vice versa must pass through the firewall. To
achieve this all access to local network must first be physically blocked and access only via
the firewall should be permitted.
2. As per local security policy traffic should be permitted.
3. The firewall itself must be strong enough so as to render attacks on it useless.
Types of Firewalls
1. Packet Filter
2. Circuit level Gateway
1.Packet Filtering Firewall: Packet Filtering Firewalls are normally deployed on the
Routers which connect the Internal Network to Internet. Packet Filtering Firewalls can only
be implemented on the Network Layer of OSI Model. Packet Filtering Firewalls work on
the Basis of Rules defines by Access Control Lists. They check all the Packets and screen
them against the rules defined by the Network Administrator as per the ACLs. If in case,
any packet does not meet the criteria then that packet is dropped and Logs are updated
about this information. Administrators can create their ACLs on the basis Address,
Protocols and Packet attributes.
Advantage:
The Biggest Advantage of Packet Filtering Firewalls is Cost and Lower Resource Usage
and best suited for Smaller Networks.
Disadvantage:
Packet Filtering Firewalls can work only on the Network Layer and these Firewalls do not
support Complex rule based models. And it‘s also Vulnerable to Spoofing in some Cases.
Ciphertext: CMUESCRTOPTREUIY
Integrity and authentication are provided by the placement of the AH header between the
IP header and the transport (layer 4) protocol header, which is shown as TCP/UDP in the
Figure AH uses an IP protocol ID of 51 to identify itself in the IP header.
AH can be used alone or in combination with the Encapsulating Security Payload (ESP)
protocol.
1. Next Header: Identifies the next header that uses the IP protocol ID. For example, the
value might be "6" to indicate TCP.
2. Length: Indicates the length of the AH header.
3. Security Parameters Index (SPI): Used in combination with the destination address and
the security protocol (AH or ESP) to identify the correct security association for the
communication. The receiver uses this value to determine with which security
association this packet is identified.
To deliver lawful recognition for transactions through electronic data interchange (EDI)
and other means of electronic communication, commonly referred to as electronic
commerce or E-Commerce. The aim was to use replacements of paper-based methods of
communication and storage of information.
To facilitate electronic filing of documents with the Government agencies and further to
amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books
Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected
therewith or incidental thereto.
The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000. The I.
T. Act got the President‘s assent on June 9, 2000 and it was made effective from October
17, 2000. By adopting this Cyber Legislation, India became the 12th nation in the world to
adopt a Cyber Law regime.
1. To grant legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication commonly referred to as
―electronic commerce‖ in place of paper based methods of communication.
2. To give legal recognition to Digital signatures for authentication of any information
or matter this requires authentication under any law.
3. To facilitate electronic filing of documents with Government departments
4. To facilitate electronic storage of data
IT ACT 2008:
It is the information Technology Amendment Act, 2008 also known as ITA-2008
It is a considerable addition to the ITA-2000 and is administered by the Indian Computer
Emergency Response Team (CERT-In) in year 2008.
Basically, the act was developed for IT industries, to control e-commerce, to provide e-
governance facility and to stop cybercrime attacks.
The alterations are made to address some issues like the original bill failed to cover, to
accommodate the development of IT and security of e-commerce transactions.
The modification includes.
1.Redefinition of terms like communication device which reflect the current use.
2.Validation of electronic signatures and contracts.
3.The owner of an IP address is responsible for content that are accessed or
distributed through it.
Organizations are responsible for implementation of effective data security practices.
1. Cardholder
2. Merchant
3. Payment Gateway
4. Certificate Authority
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 1/ 26
A Secret B
C
Fig. Loss of confidentiality
Here, the user of a computer A send a message to user of computer B. another user C gets access
to this message, which is not desired and therefore, defeats the purpose of Confidentiality.
This type of attack is also called as interception.
2. Authentication: Authentication helps to establish proof of identities. The Authentication
process ensures that the origin of a message is correctly identified.
For example, suppose that user C sends a message over the internet to user B. however, the trouble
is that user C had posed as user A when he sent a message to user B. how would user B know that
the message has come from user C, who posing as user A? This concept is shown in fig. below.
This type of attack is called as fabrication.
A I am B
user A
C
Fig. absence of authentication
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 2/ 26
3. Integrity: when the contents of the message are changed after the sender sends it, but before it
reaches the intended recipient, we say that the integrity of the message is lost.
For example, here user C tampers with a message originally sent by user A, which is actually
destined for user B. user C somehow manages to access it, change its contents and send the
changed message to user B. user B has no way of knowing that the contents of the message were
changed after user A had sent it. User A also does not know about this change.
This type of attack is called as modification.
Ideal route of message
A B
b) List any four biometrics methods used for identification. List any four advantages of
biometrics.
Biometric refers study of methods for uniquely recognizing humans based upon one or more
intrinsic physical or behavioral characteristics.
Different methods of Biometrics (any four 2Marks)
1. Finger print recognition
2. Hand print recognition
3. Retina/iris scan technique
4. Face recognition
5. Voice patterns recognition
6. Signature and writing patterns recognition
7. Keystroke dynamics
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 3/ 26
Encryption:
The process of encoding plain text into cipher text message is known as Encryption.
dddee
Plain text Encrypt Cipher text (1 mark)
Decryption:
The reverse process of transforming cipher text message back to plain text message is called
decryption.
(1 mark)
Cipher text Decrypt Plain text
sender receiver
Decrypt
Encrypt
Cipher text
Cipher text Internet
a) Masquerader: A user who does not have the authority to use a computer, but penetrates
into a system to access a legitimate user‘s account is called a masquerader. It is generally
an external user.
b) Misfeasor: There are two possible cases for an internal user to be called as a misfeasor:
i) A legitimate user, who does not have access to some applications, data or resources,
accesses them.
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 4/ 26
ii) A legitimate user, who has access to some applications, data or resources, misuses these
privileges.
c) Clandestine user: An internal or external user who tries to work using the privileges of a
supervisor user to avoid auditing information being captured and recorded is called as a
clandestine user.
ii. Insiders (2marks)
Insiders are authorized users who try to access system or network for which he is
unauthorized. Insiders are legal users. More dangerous than Intruders. They have
knowledge about the security system. They have easy access to the system because they
are authorized users. There is no such mechanism to protect system from Insiders.
Insiders are more dangerous than intruders because:
The insiders have the access and necessary knowledge to cause immediate damage to an
organization. There is no security mechanism to protect system from Insiders. So they can have all
the access to carry out criminal activity like fraud. They have knowledge of the security systems
and will be better able to avoid detection.
i) Sniffing:
The group of protocols which make up the TCP/ IP suite was designed to work in a friendly
environment where everybody who was connected to the network used the protocols as they were
designed. The abuse of this friendly assumption is illustrated by network traffic sniffing programs,
is referred to as ‗sniffers‘.
A network ―sniffers‖ is a software or hardware device that is used to observe traffic as it passes
through a network on shared broadcast media. The device can be used to views all traffic or it can
target a specific protocol, service, or even string of characters.
ii)spoofing:
Spoofing is nothing more than making data look like it has come from a different source. This is
possible in TCP/ IP because of the friendly assumption behind the protocol. When the protocols
were developed, it was assumed that individuals who had access to the network layer would be
privileged users who could be trusted. When a packet is sent from one system to another, it
includes not only the destination IP address ant port but the source IP address as well which is one
of the forms of Spoofing.
1) Hacking
2) Cracking
3) Theft
4) Malicious software
5) Child soliciting and abuse
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 5/ 26
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 6/ 26
To prevent this attack both sender and receiver must authenticate each other.
Denial of service (DOS) attack scan exploits a known vulnerability in a specific application or
operating system, or they may attack features (or weaknesses) in specific protocols or services. In
this form of attack, the attacker is attempting to deny authorized users access either to specific
information or to the computer system or network itself.
The purpose of such an attack can be simply to prevent access to the target system, or the attack
can be used in conjunction with other actions in order to gain unauthorized access to a computer or
network.
SYN flooding is an example of a DOS attack that takes advantage of the way TCP/IP networks
were designed to function, and it can be used to illustrate the basic principles of any DOS
attack.SYN flooding utilizes the TCP three-way handshake that is used to establish a connection
between two systems.
In a SYN flooding attack, the attacker sends fake communication requests to the targeted system.
Each of these requests will be answered by the target system, which then waits for the third part of
the handshake. Since the requests are fake the target will wait for responses that will never come,
as shown in Figure .
The target system will drop these connections after a specific time-out period, but if the attacker
sends requests faster than the time-out period eliminates them, the system will quickly be filled
with requests. The number of connections a system can support is finite, so when more requests
come in than can be processed, the system will soon be reserving all its connections for fake
requests. At this point, any further requests are simply dropped (ignored), and legitimate users who
want to connect to the target system will not be able to. Use of the system has thus been denied to
them.
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 7/ 26
5. Password should not consist of user's first or last name, family members name, birth dates,
pet names, pin and mobile numbers.
The search is carried out in waste paper, electronic waste such as old HDD, floppy and CD media
recycle and trash bins on the systems etc.
If the attacker is lucky, the target has poor security process they may succeed in finding user ID‘s
and passwords. If the password is changed and old password is discarded, lucky dumpster driver
may get valuable clue.(1mark)
To prevent dumpster divers from learning anything valuable from your trash, experts
recommend that your company should establish disposal policy (1 mark)
d) Concept of hashing with the help of diagram. (4 marks) .list advantages (4 marks)
Message
Message
II I
Hash Compare
I H
S
I
S=single security key
A hash is a special function that performs one way encryption meaning that once the
algorithm is processed, there is no feasible way to take the cipher text and retrieve the plain text
that was used to generate it.
The hash code is a function of all bits of the message and provides an error detection
capability. A change in any bit or bits result in a change hash value.
A hash value h is generated by a function H of the form h=H(M)
Where M is variable length message and H(M) is the fix length hash value.
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 8/ 26
The hash value is appended to the message at the source at a time when the message is
assumed or known to be correct.
The receiver authenticates that message by recomputing the hash value.
The message plus concatenated Hash code is encrypted using symmetric encryption.
Sender and receiver share the same secret key. The message must have come from
authorized sender and has not been altered is checked by recomputing and comparing hash
code by receiver.
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 9/ 26
b) Describe in brief:
i. Piggybacking
ii. Shoulder surfing
Cover media is the file in which we will hide the hidden data, which may also be encrypted using
stego-key. The resultant file is stego-medium. Cover-media can be image or audio file.
Stenography takes cryptography a step further by hiding an encrypted message so that no one
suspects it exists. Ideally, anyone scanning your data will fail to know it contains encrypted
data.
Stenography has a number of drawbacks when compared to encryption. It requires a lot of
overhead to hide a relatively few bits of information.
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 10/ 26
d) With the help of neat diagram describe host based intrusion detection system (HIDS).
(Diagram -2 Marks, Expnation-2 Marks)
Host Intrusion Detection Systems are run on individual hosts or devices on the network. A HIDS
monitors the inbound and outbound packets from the device only and will alert the user or
administrator when suspicious activity is detected. HIDS is looking for certain activities in the
log file are:
Logins at odd hours
Login authentication failure
Adding new user account
Modification or access of critical system files
Modification or removal of binary files
Starting or stopping processes
Privilege escalation
Use of certain programs
On Network-based IDS, this is typically a mechanism for copying traffic of the network
link.
2. Analysis Engine:
This component examines the collected network traffic & compares it to known patterns of
suspicious or malicious activity stored in the signature database.
The analysis engine acts like a brain of the IDS.
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 11/ 26
Disadvantages:
Should a process on every system to watch.
High cost of ownership and maintenance.
Uses local system resources.
If logged locally, could be compromised or disable.
(Explanation – 4 Marks)
Application Hardening: Application hardening- securing an application against local &
Internet-based attacks. In this you can remove the functions or components you do not need,
restrict the access where you can and make sure the application is kept up to date with
patches.
It includes:
1. Application Patches- Application patches are supplied from the vendor who sells
the application. They are probably come in three varieties: hot fixes, patches & up-grades.
Hotfixes: Normally this term is given to small software update designed to address a
particular problem like buffer overflow in an application that exposes the system to attacks.
Patch: This term is generally applied to more formal, larger s/w updates that may address
several or many s/w problems. Patches often contain improvement or additional capabilities
& fixes for known bugs.
Upgrades: Upgrades are another popular method of patching application & they are likely
to be received with a more positive role than patches.
2. Web servers: Web servers are the most common Internet server-side application in
use. These are mainly designed to provide content & functionality to remote users through a
standard web browser.
3. Active directory: Active Directory allows single login access to multiple
applications, data sources and systems and it includes advanced encryption capabilities like
Kerberos and PKI.
Q. 4
A. Attempt any three: 12
a) Describe rail fence technique. Convert “I am student” into cipher text using
rail fence method.
I m s u e t
a
Downloaded a
by Mangesh Kanse t
(1927mangesh@gmail.com) a n
lOMoARcPSD|29063204
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 12/ 26
2. Compression
3. Encryption
4. Enveloping
5. Base-64 Encoding
1. Digital Signature
2. Compression
3. Encryption
4. Enveloping
5. Base-64 Encoding
1. Digital signature: it consists of the creation a message digest of the email message using
SHA-1 algorithm. The resulting MD is then encrypted with the sender‘s private key. The
result is the sender‘s digital signature.
2. Compression: the input message as well as p digital signature are compressed together to
reduce the size of final message that will be transmitted. For this the Lempel-Ziv
algorithm is used.
3. Encryption: The compressed output of step 2 (i.e. the compressed form of the original
email and the digital signature together) are encrypted with a symmetric key.
4. Digital enveloping: the symmetric key used for encryption in step 3 is now encrypted
with the receiver‘s public key. The output of step 3 and 4 together form a digital
envelope.
5. Base -64 encoding: this process transforms arbitrary binary input into printable character
output. The binary input is processed in blocks of 3 octets (24-bits).these 24 bits are
considered to be made up of 4 sets, each of 6 bits. Each such set of 6 bits is mapped into
an 8-bit output character in this process.
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 13/ 26
(4 Marks)
Deleted file recovery: When we delete a file on the disk having FAT32 or NTFS (new
technology file system) file system, its content is not erased from the disk but only reference
to file data in file allocation Table or master table is marked as deleted. It means that we
might be able to recover deleted files or make it visible for file system again. Methods of
data recovery from deleted file or File /data recovery process: There are various data/file
recovery tools available these tools find & recover recoverable deleted files from NTFS &
FAT.
These tools usually operate as per following process steps:
Step 1: scan the hard drive & build the index of existing & deleted files & directories
(folder) on any logical drive of your computer with supported file formats.
Step 2: Provide control over to the user to select which files to recover and what destination
to recover them to. If you find a deleted file if you remember at least one of the following:
- Full or partial name
- File size
- File creation mode
- File last accessed date.
Step 3: Allows previewing deleted files of certain types without performing recovery.
d) Explain with neat sketch then working of secure socket layer (SSL).
1. Handshake protocol: This protocol allows the server and client to authenticate each
other. Also, it will allow negotiating an encryption and MAC algorithm. This protocol is
used before transmitting any application data. Basically, this protocol contains a series of
messages exchanged by client and server.
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 14/ 26
2. Record protocol: Record protocol comes into the picture after a successful completion of
handshake between client and server. It provides two services for SSL connection, as follow:
a) Confidentiality: this is achieved by using the secret key that is defined by the handshake
protocol.
b) Integrity: the handshake protocol also defines a shared secret key (MAC) that is used for
assuring the message integrity.
3. Alert protocol: when either the client or the server detects an error, the detecting party
sends an error message to other party. If the error is fatal, both the parties immediately close
the SSL connection. Both the parties also destroy the session identifiers, secret and keys
associated with this connection before it is terminated.
Other errors, which are not so severe, do not result in the termination of the communication.
Instead, the parties handle the error and continue.
Threats to security:
1. Viruses & worms
2. Intruders & Insiders
3. Criminal organizations
4. Terrorist & Information security
Different types of attacks:
1. Denial of service attack
2. Man – In – Middle attack
3. Backdoors & Trapdoors
4. Sniffing & Spoofing
5. Encryption attack
6. Replay attack
7. TCP/IP hacking attack
8. Hacking & Cracking
9. Pornography
10. Software piracy
11. Intellectual property
12. Legal system of information technology
13. Mail Bombs
14. Bug Exploits
15. Cyber-crime investigation
[Any Related answer shall be considered]
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 15/ 26
a) Describe the role of individual user while maintaining security. What are then limitations
of following biometric identification method?
i. Hand print
ii. Retina
iii. Voice
iv. Signature
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 16/ 26
d) Dumpster diving:
e) Installing Unauthorized Software /Hardware:
f) Access by non-employees:
g) Security awareness:
i. Hand print: Because of cuts in hands and rough work handled by user it may create error while
reading occasionally
ii. Retina: As per change in age and physical conditions and accidents there may be problem in
accessing (Even changing numbers of spectacles, Lenses etc.)
iii. Voice: because health problem illness there is variation in voice even because of weather change
it may cause errors.
iv. Signature: As per mood and temper there is change in signature of user which also creates
problem to access the data.
b)
i. Describe working principle of SMTP.
(2marks diagram, 2 marks explanation of working principle.)
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 17/ 26
ii. With neat sketch explain then working of Network Based IDS.
1. Network-based IDS focuses on network traffic —the bits & bytes traveling along the cables &
wires that interconnect the system.
2. A network IDS should check the network traffic when it passes & it is able to analyze traffic
accordingto protocol type, amount, source, destination, content, traffic already seen etc.
3. Such an analysis must occur quickly, &the IDS must be able to handle traffic at any speed the
network operates on to be effective.
4. Network-based IDSs are generally deployed so that they can monitor traffic in &out of an
organization’s major links like connection to the Internet, remote offices, partner etc.
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 18/ 26
Sender Receive
Original Message
Original Message
Application layer
Application layer
data
Transport layer
Transport layer
IPsec layer
IPsec layer
Internet layer
Internet layer
Transmission medium
IP sec overview:
It encrypts and seal the transport and application layer data during transmission. It also offers
integrity protection for internet layer.
It sits between transport and internet layer of conventional TCP/IP protocol.
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 19/ 26
Rather than subscribing to an expensive leased line for connecting its branches across cities, an
Organization can setup an IPsec enabled network to securely can‘t al lits branches over
internet.
IP packet consist two position IP header & actual data IPsec feature are implemented in the
form of additional headers called as extension header to the standard, default IP header.
IPsec offers two main services authentication & confidentially. Each of these requires its
own extension header. Therefore, to support these two main services, IPsec defines two IP
extension header one for authentication & another for confidentiality.
It consists of two main protocols.
IPSEC
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 20/ 26
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 21/ 26
1) User should be able to create their own easy to remember passwords, but should
not be easy for someone else to guess or obtain using password cracking utilities.
2) Password should meet some essential guidelines for eg.pw should contain some special
characters etc
f) Access by non-employees: If attacker can get physical access to a facility then there are
many chances of obtaining enough information to enter into computer systems and
networks. Many organizations restrict their employees to wear identification symbols at
work.
g) Security awareness: security awareness program is most effective method to
oppose potential social engineering attacks when organization‘s security goals and
policies are established. An important element that should concentrate in training is
which information is sensitive for organization and which may be the target of a social
engineering attack.
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 22/ 26
ii. MAC
iii. RBAC
Ans:
(1 Mark for Access control , 1 Mark each for Type of Access Control)
Access is the ability of a subject to interest with an object. Authentication deals with
verifying the identity of a subject. It is ability to specify, control and limit the access to the
host system or application, which prevents unauthorized use to access or modify data or
resources.
Read,
Process 2 Execute Write, Read Read, Write Write
Execute
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 23/ 26
Working
Let us assume that host X on Network 1 wants to send a data packet to host Y on Network 2.
1) Host X creates the packet, inserts its own IP address as the source address and the IP
address of host Y as the destination address.
2) The packet reaches Firewall 1.Firewall 1 now adds new headers to the packet. It changes
the source
IP address of the packet from that of host X to its own address(i.e. IP address of Firewall 1,
F1).
3) It also changes the destination IP address of the packet from that of host Y to the
IP address of Firewall 2,F2.It also performs the packet encryption and authentication,
depending on the settings and sends the modified packet over the Internet
4) The packet reaches to firewall 2 over the Internet, via routers. Firewall 2 discards the
outer header and performs the appropriate decryption. It then takes a look at the plain
text contents of the packet and realizes that the packet is meant for host Y.It delivers the
packet to host Y
Diagram (1 marks)
Data Recovery Ethics: It is concerned with security of your data. These are used to think
through different situations.
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 24/ 26
It is a major part of the society and should be followed in letter and spirit
There are policies in many organizations that provide guidelines for ethics.
It is a behavior of the person in relation with the subject.
There are four primary issues:
Privacy, Accuracy, Property and Access
Some standards are :
Standard of right and wrong behavior
A gauge of personal integrity
The basis of trust and cooperation in relationships with others.
e) Describe any four components of secure electronic transaction. Give sketch also.
a) Purchase request:
Before the purchase request exchange begins, the cardholder has completed
browsing, selecting, and ordering. The end of this preliminary phase occurs when
the merchant sends a completed order from to the customer. All of the preceding
occurs without the use of SET. The purchase request exchange consists of four
messages: initiate Request, Initiate Response, and Purchase Response.
In order sent SET messages to the merchant, the cardholder must have a copy of the
certificates of the merchant and the payment gateway. The customer requests the
Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 25/ 26
certificates in the Initiate Request message, sent to the merchant. This message
includes the brand of the credit card that the customer is using. The message also
i nc l ud e s an ID assigned to this request/ response pair by the customer and a nonce
used to ensure timeliness.
The cardholder verifies the merchant and gateway certificates by means of their
respective CA signatures and then creates the OI and PI. The transaction ID
assigned by the merchant is placed in both the OI and PI. The OI does not
contain explicit order data such as the n u m b e r a n d p r i c e of items Rather, it
contains an o rd er r e f e r e n c e g e n e r a t e d i n the exchange between merchant
and customer during the shopping phase before the first SET message.
Next, the cardholder prepares the Purchase Request message. For this purpose,
the cardholder generates a one-time symmetric encryption key; K. the message
includes the following:
2. Order-Related information.
3. Cardholder certificate
b) Payment Authorization
During the processing of an order from a cardholder, the merchant authorizes the
transaction with the payment gateway. The payment authorization e n s u r e s that
the transaction was approved by the issuer. This authorization guarantees that the
merchant will receive payment; the merchant can therefore provide the services or goods to
the customer. The payment authorization exchange consists of two messages:
Authorization Request and Authorization response.
The merchant sends an Authorization Request message to the payment
gateway consisting of
1. Purchase-Related i n f ormati on
2. Authorization-related information .
3. Certificates.
Having obtained authorization from the issuer, the payment gateway returns
an Authorization Response message to the merchant. It includes the following elements:
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 26/ 26
c) Payment Capture
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 1/ 26
Q.1.
The need of computer security has been threefold: confidentiality, integrity, and availability—the
“CIA” of security.
1. Confidentiality: the principle of confidentiality specifies that only sender and intended
recipients should be able to access the contents of a message. Confidentiality gets compromised
if an unauthorized person is able to access the contents of a message.
A Secret B
Here, the user of a computer A send a message to user of computer B. another user C gets access
to this message, which is not desired and therefore, defeats the purpose of Confidentiality.
This type of attack is also called as interception.
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 2/ 26
For example, suppose that user C sends a message over the internet to user B. however, the
trouble is that user C had posed as user A when he sent a message to user B. how would user B
know that the message has come from user C, who posing as user A? This concept is shown in
fig. below.
This type of attack is called as fabrication.
A I am B
user A
C
Fig. absence of authentication
3. Integrity: when the contents of the message are changed after the sender sends it, but before it
reaches the intended recipient, we say that the integrity of the message is lost.
For example, here user C tampers with a message originally sent by user A, which is actually
destined for user B. user C somehow manages to access it, change its contents and send the
changed message to user B. user B has no way of knowing that the contents of the message were
changed after user A had sent it. User A also does not know about this change.
A B
ii. Explain any four the password selection strategies.( 4 marks for 4 points)
The major security problems are because of user is not following established security policies.
- User always chooses a password that is easy to remember but easier passwords are easy to
crack by attacker but when user choose difficult passwords that again it is difficult to remember.
- To make the job of attacker difficult organization encourage their users to use mixture of
upper case & lower character & also include numbers & special symbols in their passwords. This
may make the guessing of password difficult.
Organization also includes additional policies & rules related to password selection.
- In the organization, user may frequently change their passwords.
- Password should not written down on paper & do not kept in purse or wallet because if
attacker get physical access then they will find a password of user somewhere in drover or desk
,inside of desk calendar.
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 3/ 26
- Many users have many accounts & password to remember. Selecting different password
for each account, following the guidelines mentioned above for character selection & frequency
of changes, aggravates the problem of remembering the passwords. This results that the users
frequently use the same password for all accounts. If user does this, then one of account is broken,
all other accounts are subsequently under threat. Good password selection & protection is applied
to electronic world also.
OR
There are four basic techniques to reduce guessable passwords:
a) User education: Tell the importance of hard-to-guess passwords to the users and provide
guidelines for selecting strong password.
b) Computer generated password: Computer generated passwords are random in nature so
difficult for user to remember it and may note down somewhere..
c) Reactive password checking: the system periodically runs its own password cracker
program to find out guessable passwords. If the system finds any such password, the system
cancels it and notifies the user.
d) Proactive password checking: It is a most promising approach to improve password
security. In this scheme, a user is allowed to select his own password, if password is allowable
then allow or reject it.
3. Plain text: Plain text or clear text significance that can be understood by sender, the recipient
& also by anyone else who gets an access to that message.
4. Cipher Text: When plain text message is codified using any suitable scheme, the resulting
message is called as cipher text.
iv. Describe SYN flooding attack with diagram. (1 marks for diagram, 3 marks for
explanation)
Denial of service (DOS) attacks can exploit a known vulnerability in a specific application or
operating system, or they may attack features (or weaknesses) in specific protocols or services. In
this form of attack, the attacker is attempting to deny authorized users access either to specific
information or to the computer system or network itself.
The purpose of such an attack can be simply to prevent access to the target system, or the attack
can be used in conjunction with other actions in order to gain unauthorized access to a computer
or network.
SYN flooding is an example of a DOS attack that takes advantage of the way TCP/IP networks
were designed to function, and it can be used to illustrate the basic principles of any DOS
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 4/ 26
attack.SYN flooding utilizes the TCP three-way handshake that is used to establish a connection
between two systems.
In a SYN flooding attack, the attacker sends fake communication requests to the targeted system.
Each of these requests will be answered by the target system, which then waits for the third part of
the handshake. Since the requests are fake the target will wait for responses that will never come,
as shown in Figure .
The target system will drop these connections after a specific time-out period, but if the attacker
sends requests faster than the time-out period eliminates them, the system will quickly be filled
with requests. The number of connections a system can support is finite, so when more requests
come in than can be processed, the system will soon be reserving all its connections for fake
requests. At this point, any further requests are simply dropped (ignored), and legitimate users
who want to connect to the target system will not be able to. Use of the system has thus been
denied to them.
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 5/ 26
The Data Encryption Standard is generally used in the ECB, CBC, or the CFB mode.DES is a
block cipher . It encrypts data in blocks of size 64 bits each. That is, 64 bits of plain text goes as
the input to DES, which produces 64 bits of cipher text.DES is based on the two fundamental
attributes of cryptography: substitution and transposition ( 1 mark)
The process diagram as follows (1 mark)
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 6/ 26
Key Transformation
Expansion Permutation
S-box substitution
P-box Permutation
Step 1 : key transformation: the initial key is transformed into a 56-bit key by discarding
every 8th bit of initial key. Thus ,for each round , a 56 bit key is available, from this 56-bit
key, a different 48-bit sub key is generated during each round using a process called as
key transformation
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 7/ 26
corresponding 6-bit block, per 4-bit block, 2 more bits are added. They are the repeated
1st and 4th bits of the 4-bit block. The 2nd and 3rd bits are written as they were in the
input. The 48 bit key is XORed with the 48-bit RPT and the resulting output is given to
the next step.
Step 3: S-box substitution: It accepts the 48-bits input from the XOR operation involving
the compressed key and expanded RPT and produces 32-bit output using the substitution
techniques. Each of the 8 S-boxes has a 6-bit input and a 4-bit output. The output of each
S-box then combined to form a 32-bit block, which is given to the last stage of a round.
Step 4: P- box permutation: the output of S-box consists of 32-bits. These 32-bits are
permuted using P-box.
Step 5: XOR and Swap: The LPT of the initial 64-bits plain text block is XORed with
the output produced by P box-permutation. It produces new RPT. The old RPT becomes
new LPT, in a process of swapping.
Final Permutation: At the end of 16 rounds, the final permutation is performed. This is
simple transposition. For e.g., the 40th input bit takes the position of 1st output bit and so
on.
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 8/ 26
b) Define access control and describe DAC, MAC and RBAC access control model.
Different User will be granted different permissions to do specific duties as per their
classification.
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 9/ 26
Authentication
2) After verification, a time stamp is created. It will put the current time in user session with
an expiry date. Then the encryption key is created. The timestamp tells that after 8 hours the
encryption key is useless.
3) The key is sent back to the client in the form of a ticket-granting ticket (TGT).It is a
simple ticket which is issued by the authentication server(AS) and used for authenticating the
client for future reference.
Ticket granting
Client ticket
Time stamp:8
Authentication Server
Then the client submits this TGT to the ticket granting server (TGS), for authentication.
Client
Authentication
TGT
Timestamp:8
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 10/ 26
4) TGS creates an encrypted key with a time stamp and grants a service ticket to the
client.
Client
Authentication Server
Encrypted
key
5) Then the client decrypts the ticket, intimate the TGS that is done and sends its
own encrypted key to the service server or application.
Client
Encrypted key
Time stamp:
8hours
Service server
The service server decrypts the key send by the client and checks the validity of the time
stamp. If timestamp is valid, the service server contacts the key distribution center to
receive a session which is returned to the client.
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 11/ 26
6) The client then decrypts the ticket. If the key is still valid then the communication is
initiated between client and server.
succes
client s Service
server
Enrollment
Feature Template Matcher
Preprocessing
extractor generator
Sensor
Application
device
Biometric refers study of methods for uniquely recognizing humans based upon one or
more intrinsic physical or behavioral characteristics. Biometric identification is used on
the basis of some unique physical attribute of the user that positively identifies the user.
Example: finger print recognition, retina and face scan technic, voice synthesis and
recognition and so on. Physiological are related to shape of the body. For example finger
print, face recognition, DNA, palm print, iris recognition and so on. Behavioral are related
to the behavior of a person.
For example typing rhythm, gait, signature and voice.
The first time an individual uses a biometric system is called an enrollment. During the
enrollment, biometric information from an individual is stored. In the subsequent uses,
biometric information is detected and compared with the information stored at the time of
enrollment.
1) The first block (sensor) is the interface between the real world and the system; it has
to acquire all the necessary data.
2) The 2nd block performs all the necessary preprocessing.
3) The third block extracts necessary features. This step is an important step as the
correct features need to be extracted in the optimal way.
4) If enrollment is being performed the template is simply stored somewhere (on a card
or within a database or both).if a matching phase is being performed the obtained
template is passed to a matcher that compares it with other existing templates,
estimating the distance between them using any algorithm. The matching program
will analyze the template with the input. This will then be output for any specified use
or purpose.
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 12/ 26
c) What are the techniques for transforming plain text to cipher text? Explain
any one in detail.
(Explanation of any one is allowed) (Marks 2) for example.
Caesar cipher:
It is proposed by Julius Caesar. In cryptography Caesar cipher also known as caesar’s
cipher/code, shift cipher/code.
It is one of the simplest and most widely known encryption techniques.
It is a type of substitution technique in which each letter in the plain text is replaced by a
letter some fixed number of position down the alphabet.
For example, with a shift of 3, A would be replaced by D, B would became E, and so on
as shown in the table below.
Plain
A B C D E F G H I J K L M
text
Cipher
D E F G H I J K L M N O P
text
Plain N O P Q R S T U V W X Y Z
text
Cipher Q R S T U V W X Y Z A B C
text
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 13/ 26
The cipher text for the plain text COME HOME as follows:
C M H M
O E O E
3. Encryption
Message Digest
-It starts by creating a MD of email message using an algorithm such as MD2 or MD5.
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 14/ 26
- The MD thus created is then encrypted with sender’s private key to form the sender’s
digital signature.
10101
01010 encrypt Digital
10… signature
Step 3-encryption:
The original email and the digital signature are encrypted together with a
symmetric key
Email message
To: Symmetric key
From:
Subject: Encrypted
encrypt
+ result
Digital
DES or DES-3 in CBC mode
signature
Step 4: Base- 64 encoding-This process transforms arbitrary binary input into printable
character output. The binary input is processed in blocks of 3 octets or 24 bits. These 24
bits are considered to be made up of 4 sets, each of 6 bits. Each such set of 6 bits is
mapped into an 8-bit output character in this process.
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 15/ 26
e) Describe:
i. Application patches
ii. Upgrades.
i) Application patches (2marks)
As o.s continues to grow and introduce new functions, the potential for problems with
the code grows as well. It is almost impossible for an operating system vendor to test
its product on every possible platform under every possible platform under every
possible circumstance, so functionality and security issues do arise after an o.s. has
been released. Application patches are likely to come in three varieties: hot fixes,
patches and upgrades.
Application patches are supplied from the vendor who sells the application.
Application patches can be provided in many different forms like can be downloaded
directly from the vendor’s web site or FTP site or by CD. Application patches are
probably come in three varieties: hot fixes, patches and upgrades.
ii) Upgrades (2 marks)
These are another popular method of patching applications, and they are likely to be
received with a more positive role than patches. The term upgrade has a positive
implication-you are moving up to a better, more functional and more secure
application. The most vendors will release upgrades for fixes rather than any new or
enhanced functionality.
Q.4.
a) Attempt any Three of the following:
i. Consider a plain text “Computer Security” encrypt it with the help of rail fence
Technique also write the algorithm.
(2 marks for encryption and 2 marks for algorithm)
Rail Fence Technique algorithm:
3. Write down the plain text message as a sequence of diagonals.
4. Read the plain text written in step1 as a sequence of rows.
The cipher text for the plain text Computer security as follows:
C m u e s c r
o p t r e u i y
ii. Describe packet filtering router firewall with neat diagram.(2 marks for explanation and
2 marks for diagram)
Internal(private internet
) network
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 16/ 26
Packet filter
Outgoing packets
Outgoing packets Incoming packetspackets
incoming
A packet filtering router firewall applies a set of rules to each packet and based on
outcome, decides to either forward or discard the packet. Such a firewall
implementation involves a router, which is configured to filter packets going in either
direction i.e. from the local network to the outside world and vice versa.
A packet filter performs the following functions.
1. Receive each packet as it arrives.
2. Pass the packet through a set of rules, based on the contents of the IP and transport
header fields of the packet. If there is a match with one of the set rule, decides whether
to accept or discard the packet based on that rule.
3. If there is no match with any rule, take the default action. It can be discard all packets
or accept all packets.
Advantages: simplicity, transparency to the users, high speed
Disadvantages: difficult to set up packet filtering rules, lack of authentication.
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 17/ 26
iv. What is secure electronic transaction? Enlist and describe any four components
of SET.
Secure electronic Transaction is an open encryption and security specification that is
designed for protecting credit card transactions on the Internet. It is a set of security
protocols and formats that enable the users to employ the existing credit card payment
infrastructure on the internet in a secure manner.(1 mark)
Components of SET (1 mark)
1) Cardholder
2) Merchant
3) Issuer
4) Acquirer
5) Payment gateway
6) Certification Authority(CA)
Describe any four (1/2 mark for each)
1) Cardholder: A cardholder is an authorized holder of a payment card such as
MasterCard or Visa that has been issued by an Issuer.
2) Merchant: Merchant is a person or an organization that wants to sell goods or services
to cardholders.
3) Issuer: The issuer is a financial institution that provides a payment card to a
cardholder.
4) Acquirer: this is a financial institution that has a relationship with merchants for
processing payment card authorizations and payments. Also provides an assurance that
a particular cardholder account is active and that the purchase amount does not exceed
the credit limits. It provides electronic fund transfer to the merchant account.
5) Payment Gateway: It processes the payment messages on behalf of the merchant. It
connects to the acquirer’s system using a dedicated network line.
6) Certification Authority(CA): This is an authority that is trusted to provide public key
certificates to cardholders, merchant, and Payment Gateway.
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 18/ 26
They have to study or to gain knowledge They have a knowledge about the
about the security system security system.
They do not have access to system. They have easy access to the system
because they are authorized users.
Many security mechanisms are used to There is no such mechanism to protect
protect system from Intruders. system from Insiders.
ii. Describe:
1. Man in the middle attack
2. Replay attach with diagrams.
i) Man in the middle attack:(3 marks)
A man in the middle attack occurs when attackers are able to place themselves in the
middle of two other hosts that are communicating in order to view or modify the
traffic. This is done by making sure that all communication going to or from the target
host is routed through the attacker’s host.
Then the attacker is able to observe all traffic before transmitting it and can actually
modify or block traffic. To the target host, communication is occurring normally, since
all expected replies are received.
Communication appears to direct
Host B Host A
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 19/ 26
In replay attack an attacker captures a sequence of events or some data units and
resends them. For example suppose user A wants to transfer some amount to user C’s
bank account. Both users A and C have account with bank B. User A might send an
electronic message to bank B requesting for fund transfer. User C could capture this
message and send a copy of the same to bank B. Bank B would have no idea that this
is an unauthorized message and would treat this as a second and different fund transfer
request from user A. So C would get the benefit of the fund transfer twice.-once
authorized and once through a replay attack.
message
Host A(User A) Host B(Bank)
message
message
Host C(attacker)
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 20/ 26
b) Describe the components of HIDS with neat diagram. State its advantages and
disadvantages.(2 marks explanation , diagram 2 marks, 2 Advantages, Disadvantages 2
Marks)
Intrusion detection system (IDS):
An intrusion detection system (IDS) monitors network traffic and monitors for
suspicious activity and alerts the system or network administrator. In some cases the IDS
may also respond to anomalous or malicious traffic by taking action such as blocking
the user or source IP address from accessing the network.
1. HIDS
Host Intrusion Detection Systems are run on individual hosts or devices on the
network. A HIDS monitors the inbound and outbound packets from the device
only and will alert the user or administrator when suspicious activity is detected.
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 21/ 26
Advantages:
O.S specific and detailed signatures.
Examine data after it has been decrypted.
Very application specific.
Determine whether or not an alarm may impact that specific.
Disadvantages:
Should a process on every system to watch.
High cost of ownership and maintenance.
Uses local system resources.
If logged locally, could be compromised or disable.
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 22/ 26
end user or computer system to authenticate the user or the application at the other end
and decides to accept or reject packets accordingly. This also prevents IP spoofing
attacks. AH is based on MAC protocol, which means that the two communicating parties
must share a secret key in order to use AH.
Diagram
Diagram
2) Transport mode:
Transport mode does not hide the actual source and destination addresses. They are
visible in plain text, while in transit. In the transport mode, IPSec takes the transport
layer payload, adds IPSec header and trailer, encrypts the whole thing and then adds the
IP header. Thus IP header is not encrypted.
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 23/ 26
Diagram
1. Installing unauthorized software from internet may create backdoors in your system or
network which can be used to access a system by avoiding normal security mechanism.
2. When we are installing various games from the internet, the problems with such a
download is that users don’t know from where the software originally came and what may
be hidden inside it?
3. Accessing and downloading data from unofficial sites can create virus problem into
your system as well in entire network.
4. Unauthorized hardware device and software product is not capable to protect your
system/network due to lack in security functionality.
Caesar cipher:
It is proposed by Julius Caesar. In cryptography, Caesar cipher also known as Caesar’s
cipher/code, shift cipher/code.
It is one of the simplest and most widely known encryption techniques.
It is a type of substitution technique in which each letter in the plain text is replaced
by a letter some fixed number of position down the alphabet.
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 24/ 26
Plain
A B C D E F G H I J K L M
text
Cipher
D E F G H I J K L M N O P
text
Plain
N O P Q R S T U V W X Y Z
text
Cipher
Q R S T U V W X Y Z A B C
text
It avoids outside users from getting direct access to a company’s data server. A DMZ is an
optional but more secure approach to a firewall. It can effectively acts as a proxy server.
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 25/ 26
The typical DMZ configuration has a separate computer or host in network which receives
requests from users within the private network to access a web sites or public network.
Then DMZ host initiates sessions for such requests on the public network but it is not able
to initiate a session back into the private network. It can only forward packets which have
been requested by a host.
The public network’s users who are outside the company can access only the DMZ host.
It can store the company’s web pages which can be served to the outside users. Hence, the
DMZ can’t give access to the other company’s data.
By any way, if an outsider penetrates the DMZ’s security the web pages may get
corrupted but other company’s information can be safe.
d) Describe:
i. Hacking
ii. Cracking
(2 marks for each)
(i) Hacking:
Hacking is one of the most well-known types of computer crime. A hacker is someone who
find out and exploits the weaknesses of s computer systems or networks.
Hacking refers to unauthorized access of another’s computer systems. These intrusions are
often conducted in order to launch malicious programs known as viruses, worms, and Trojan
horses that can shut down hacking an entire computer network.
Hacking is also carried out as a way to talk credit card numbers, intent passwords, and other
personal information.
By accessing commercial database, hackers are able to steal these types of items from
millions of internet users all at once.
There are different types of hackers:
1. White hat
2. Black hat
3. Grey hat
4. Elite hacker
5. Script hacker
(ii) Cracking:
In the cyber world, a cracker is someone who breaks into a computer system or network
without authorization and with the intention of doing damage.
Crackers are used to describe a malicious hacker.
Crackers get into all kinds of mischief like he may destroy files, steal personal information
like credit card numbers or client data, infect the system with a virus, or undertake many
others things that cause harm.
Cracking can be done for profit, maliciously, for some harm to organization or to individuals.
Cracking activity is harmful, costly and unethical.
Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 26/ 26
e) Explain secure socket layer and describe the SSL protocol stack with neat diagram.
(Diagram 1 mark, Explanation of blocks 3 marks)
SSL:
SSL is a commonly used internet protocol for managing the security of a message
transmission between web browser and web server.
SSL is succeeded by transport layer security (TLS) and it is based on SSL.
SSL uses a program layer which is located between internet’s hypertext transfer protocol
(http) and transport control protocol (TCP) layers.
SSL is included as part of both the Microsoft and Netscape browsers and most web server
products.
SSL provides two levels of security services, authentication and confidentiality. SSL is
logically a pipe between web browser and web server.
1. Handshake protocol:
This protocol allows the server and client to authenticate each other.
Also, it will allow negotiating an encryption and MAC algorithm.
This protocol is used before transmitting any application data. Basically, this protocol contains
a series of messages exchanged by client and server.
The handshake protocol is actually made up of four phases, those are:
I. Establish security capabilities
II. Server authentication and key exchange
III. Client authentication and key exchange
IV. Finish
2. Record protocol:
Record protocol comes into the picture after a successful completion of handshake between
client and server. It provides two services for SSL connection, as follow:
a) Confidentiality: this is achieved by using the secret key that is defined by the handshake
protocol.
b) Integrity: the handshake protocol also defines a shared secret key (MAC) that is used for
assuring the message integrity.
3. Alert protocol: when either the client or the server detects an error, the detecting party
sends an error message to other party.
If the error is fatal, both the parties immediately close the SSL connection. Both the parties
also destroy the session identifiers, secret and keys associated with this connection before it is
terminated.
Other errors, which are not so severe, do not result in the termination of the communication.
Instead, the parties handle the error and continue.