All Merged

lOMoARcPSD|29063204
All merged
Network and information security (Marathwada Mitra Mandal's Polytechnic)
Studocu is not sponsored or endorsed by any college or university

Downloaded by Mangesh Kanse (1927mangesh@gmail.com)
lOMoARcPSD|29063204
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
SUMMER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
Important Instructions to examiners:
1) The answers should be examined by key words and not as word-to-word as given in the model answer
scheme.
2) The model answer and the answer written by candidate may vary but the examiner may try to assess
the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more Importance (Not
applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in the figure. The
figures drawn by candidate and model answer may vary. The examiner may give credit for any
equivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed constant values
may vary and there may be some difference in the candidate’s answers and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of relevant answer
based on candidate’s understanding.
7) For programming language papers, credit may be given to any other program based on equivalent
concept.
Q. Sub Answers Marking

No. Q. N. Scheme
1. (A) Attempt any THREE: 12 Marks
(a) What is Computer Security & its need? 4M
Ans: Computer Security refers to techniques for ensuring that data stored in (Definition
a computer cannot be read or compromised by any individuals without :1 mark,
authorization. Need: Any
three
Need of computer Security: points:1
mark each
1. For prevention of data theft such as bank account numbers, credit card or CIA
information, passwords, work related documents or sheets, etc. Model
2. To make data remain safe and confidential. Explanatio
3. To provide confidentiality which ensures that only those individuals should ever n: 3 marks)
be able to view data they are not entitled to.
4. To provide integrity which ensures that only authorized individuals should ever
be able change or modify information.
5. To provide availability which ensure that the data or system itself is available
for use when authorized user wants it.
6. To provide authentication which deals with the desire to ensure that an
authorized individual.
7. To provide non-repudiation which deals with the ability to verify that message
has been sent and received by an authorized user.
Page 1 of 40
lOMoARcPSD|29063204

(Autonomous)
OR
1. Confidentiality: The principle of confidentiality specifies that only sender and
intended recipients should be able to access the contents of a message.
Confidentiality gets compromised if an unauthorized person is able to access the
contents of a message.
Example of compromising the Confidentiality of a message is shown in fig:
Here, the user of a computer A send a message to user of computer B. another user
C gets access to this message, which is not desired and therefore, defeats the
purpose of Confidentiality.
This type of attack is also called as interception.
2. Integrity: when the contents of the message are changed after the sender sends
it, but before it reaches the intended recipient, we say that the integrity of the
message is lost. For example, here user C tampers with a message originally sent
by user A, which is actually destined for user B. user C somehow manages to access
it, change its contents and send the changed message to user B. user B has no way
of knowing that the contents of the message were changed after user A had sent it.
User A also does not know about this change.
This type of attack is called as modification.
Page 2 of 40
lOMoARcPSD|29063204

(Autonomous)
3. Authentication: Authentication helps to establish proof of identities. The

Authentication process ensures that the origin of a message is correctly identified.
For example, suppose that user C sends a message over the internet to user B.
however, the trouble is that user C had posed as user A when he sent a message to
user B. how would user B know that the message has come from user C, who posing
as user A? This concept is shown in fig. below.
This type of attack is called as fabrication.
4. Availability: The goal of availability s to ensure that the data, or the system
itself, is available for use when the authorized user wants it.
(b) Explain criteria for password selection. 4M
Ans: There are four basic techniques passwords selection strategies: (Any 4
a) User education: Tell the importance of hard-to-guess passwords to the users and Criteria:
provide guidelines for selecting strong password. 1mark
each)
b) Computer generated password: Computer generated passwords are random in
nature so difficult for user to remember it and may note down somewhere.
c) Reactive password checking: the system periodically runs its own password
cracker program to find out guessable passwords. If the system finds any such
password, the system cancels it and notifies the user.
d) Proactive password checking: It is a most promising approach to improve
password security. In this scheme, a user is allowed to select his own password, if
password is allowable then allow or reject it.
(c) Explain one time pad. technique. 4M
Ans: One time pad Security Mechanism: One time pad (Vernam Cipher) is the (Explanatio
encryption mechanism in which the encryption-key has at least the same length as n: 2 marks,
the plaintext and consists of truly random numbers. Each letter of the plaintext is Example: 2
marks)
mixed with one element from the OTP. This results in a cipher-text that has no
relation with the plaintext when the key is unknown. At the receiving end, the same
OTP is used to retrieve the original plaintext
Page 3 of 40
lOMoARcPSD|29063204

(Autonomous)
Steps for One time pad :
1. The key should be as long as the message
2. Key and plain text calculated modulo 26
3. There should only be 2 copies of the key (1 for sender and 1 for receiver)
Example: Suppose Alice wishes to send the message "HELLO" to Bob In OTP
assign each letter a numerical value: e.g. "A" is 0, "B" is 1, and so on. Here, we
combine the key and the message using modular addition. The numerical values of
corresponding message and key letters are added together, modulo 26. If key is
"XMCKL" and the message is "HELLO", then the encrypted text will be “EQNVZ”
Fig: One Time Pad
OR
Assume :
PLAIN TEXT M A H A R A S H T R A
And
ONE-TIME-PAD V I R A T K O H A L I
Then using following values:

PLAIN TEXT A B C D E F G H I J K L M
VALUES 0 1 2 3 4 5 6 7 8 9 10 11 12
PLAIN TEXT N O P Q R S T U V W X Y Z
1
VALUES 13 14 15 17 18 19 20 21 22 23 24 25
6
PLAIN TEXT M A H A R A S H T R A
VALUES 12 0 7 1 16 0 18 7 19 17 0
ONE-TIME-PAD V I R A T K O H A L I
VALUES 21 8 17 0 19 10 14 7 0 11 7
INITIAL TOTAL 33 8 24 1 35 10 32 14 19 28 7
SUBTRACT 26 IF
26 0 0 0 26 0 26 0 0 26 0
11TH ROW IS >25
7 8 24 1 9 10 6 14 19 2 7
CIPHER-TEXT H I Y B J K G O T C H
Page 4 of 40
lOMoARcPSD|29063204

(Autonomous)
(d) Define Counter Measure in computer system & threats types at least four 4M
for computers.
Ans: Counter measure: (Definition
Countermeasure is a defensive technology method used to prevent an exploit from of counter
successfully occurring once a threat has been detected. Service patches and access measure: 1
mark, Any
control lists are also considered to be types of countermeasures
Four
threats
Threats Types: Following are threats to security. types: 3
1. Virus & worms marks)
2. Intruders
3. Insiders
4. Criminal organization
5. Terrorists
6. Information warfare
7. Avenues of attack
8. Steps in attack
Virus: Computer Virus attach itself to a program or file enabling it to spread from
one computer to another , leaving infection as it travels from PC to PC or over
network. It copies itself into previously uninfected programs or files, and executes
over other source of attack. It can cause the loss or alteration of program or data
and can compromise confidentiality. It is almost attached with executable files.
Characteristics are: hard to detect, not easily destroyable, spreads infection widely,
easy to create, machine and operating system independent.
Worms:
• Worms are malicious programs that spread them automatically.
• Spread from computer to computer, without any human action intervention.
• It propagate autonomously, they are spread by exploiting vulnerabilities in
computer system.
• Worm is designed to copy itself from PC to PC via networks or internet.
• They spread much faster than viruses.
• Its effects are localized its damage to the computer network by causing
increased bandwidth.
• Worms consists of attack mechanism, payload and target selection
Intruders:
1. Extremely patient as time consuming More dangerous than outsiders
2. Outsiders Insiders
3. Keep trying attacks till success As they have the access and knowledge to cause
immediate damage to organization
4. Individual or a small group of attackers They can be more in numbers who are
Page 5 of 40
lOMoARcPSD|29063204

(Autonomous)
5. Next level of this group is script writers, i.e. Elite hackers are of three types:
Masquerader, Misfeasor, Clandestine user is misuse of access given by insiders
directly or indirectly access the organization.
6. They may give remote access to the Organization
7. Intruders are authorized or unauthorized users who are trying access the system
or network.
8. They are hackers or crackers
9. Intruders are illegal users.
10. Less dangerous than insiders They have to study or to gain knowledge about
the security system
11. They do not have access to system.
12. Many security mechanisms are used to protect system from Intruders.
Insiders:
• More dangerous than outsiders As they have the access and knowledge to cause
• They can be more in numbers who are directly or indirectly access the
organization.
• They may give remote access to the organization.
• Insiders are authorized users who try to access system or network for which he
is unauthorized.
• Insiders are not hackers.
• Insiders are legal users.
Page 6 of 40
lOMoARcPSD|29063204

(Autonomous)
(B) Attempt any ONE: 6 Marks
(a) Explain Security Basics in detail. 6M
Ans: 1. Confidentiality: The principle of confidentiality specifies that only sender and (Any three
intended recipients should be able to access the contents of a message. Security
Confidentiality gets compromised if an unauthorized person is able to access the Basics
points
Explanatio
Example of compromising the Confidentiality of a message is shown in fig: n: 2 marks
Each)
Here, the user of a computer A send a message to user of computer B. another user
C gets access to this message, which is not desired and therefore, defeats the
2. Integrity: when the contents of the message are changed after the sender sends
it, but before it reaches the intended recipient, we say that the integrity of the
message is lost. For example, here user C tampers with a message originally sent
by user A, which is actually destined for user B. user C somehow manages to access
it, change its contents and send the changed message to user B. user B has no way
of knowing that the contents of the message were changed after user A had sent it.
User A also does not know about this change.

Page 7 of 40
lOMoARcPSD|29063204

(Autonomous)
(b) Explain following terms of Intellectual property: 6M

(i) Copyright, (ii) Patent, (iii) Trademark.
Ans: (i) Copyright (Copyright
Copyright is a form of IPR concerned with protecting works of human intellect. : 2 marks,
The domain of copyright is literary and artistic works, might that be writings, Patent: 2
marks,
musicals and works of fine arts, such as paintings and sculptures, as well as
Trademark
technology-based works such as computer programs and electronic databases. : 2 marks)
(ii) Patent
Patent is an exclusive right granted by law to an inventor or assignee to prevent
others from commercially benefiting from his/her patented invention without
permission, for a limited period of time in exchange for detailed public disclosure
of patented invention.
(iii) Trademark
A trademark is a sign that individualizes the goods or services of a given enterprise
and distinguishes them from those of competitors. To fall under law protection, a
trademark must be distinctive, and not deceptive, illegal or immoral.
Page 8 of 40
lOMoARcPSD|29063204

(Autonomous)
2. Attempt any TWO: 16 Marks
(a) Explain risk & threat analysis w.r.t. 8M

(i) Assets, (ii) Threats, (iii) Vulnerabilities
Ans: Risk: A measure of the extent to which an entity is threatened by a potential (Risk: 2
circumstance or event, and typically a function of: marks,
1. The adverse impacts that would arise if the circumstance or event occurs; and Assets: 2
marks,
2. The likelihood of occurrence.
Threats: 2
marks,
Vulnerabili
(i) Assets ties:2
Asset is any data, device, or other component of the environment that supports marks)
information-related activities. Assets generally include hardware, software and
confidential information.
(ii) Threats
The term "threat" refers to the source and means of a particular type of attack.
It is a set of things which has potential to loss or harm to computer system
&network. A threat assessment is performed to determine the best approaches
to securing a system against a particular threat, or class of threat. Penetration
testing exercises are substantially focused on assessing threat profiles, to help
one develop effective countermeasures against the types of attacks represented
by a given threat. Where risk assessments focus more on analysing the potential
and tendency of one's resources to fall prey to various attacks, threat
assessments focus more on analysing the attacker's resources. Analysing threats
can help one develop specific security policies to implement in line with policy
priorities and understand the specific implementation needs for securing one's
resources.
(iii) Vulnerabilities
It is a weakness in computer system & network. The term "vulnerability" refers
to the security flaws in a system that allows an attack to be successful.
Vulnerability testing should be performed on an on-going basis by the parties
responsible for resolving such vulnerabilities, and helps to provide data used
to identify unexpected dangers to security that need to be addressed. Such
vulnerabilities are not particular to technology — they can also apply to social
factors such as individual authentication and authorization policies.
Testing for vulnerabilities is useful for maintaining on-going security,
allowing the people responsible for the security of one's resources to respond
effectively to new dangers as they arise. It is also invaluable for policy and
technology development, and as part of a technology selection process;
Page 9 of 40
lOMoARcPSD|29063204

(Autonomous)
selecting the right technology early on can ensure significant savings in time,
money, and other business costs further down the line.
(b) Describe Access control policies in detail. 8M
Ans: Access is the ability of a subject to interest with an object. Authentication deals (Explanati
with verifying the identity of a subject. It is ability to specify, control and limit the on of
access to the host system or application, which prevents unauthorized use to access access
control: 2
or modify data or resources.
marks;
Any three
Access
Control
Policies: 2
marks
Each)
Various access controls are:
• Discretionary Access control (DAC): Restricting access to objects based on

the identity of subjects and or groups to which they belongs to, it is conditional,
basically used by military to control access on system. UNIX based System is
common method to permit user for read/write and execute
• Mandatory Access control (MAC): It is used in environments where different

levels of security are classified. It is much more restrictive. It is sensitivity based
restriction, formal authorization subject to sensitivity. In MAC the owner or
User cannot determine whether access is granted to or not. i.e. Operating system
rights. Security mechanism controls access to all objects and individual cannot
change that access.
• Role Based Access Control (RBAC): Each user can be assigned specific
access permission for objects associated with computer or network. Set of roles
Page 10 of 40
lOMoARcPSD|29063204

(Autonomous)
are defined. Role in-turn assigns access permissions which are necessary to
perform role.
• Different User will be granted different permissions to do specific duties as per

their classification.
(c) Describe digital signature mechanism with neat diagram. 8M
Ans: Digital Signature: (Any

suitable
1. Digital signature is a strong method of authentication in an electronic form. Diagram: 4
2. It includes message authentication code (MAC), hash value of a message and marks,
Explanatio
digital pen pad devices. It also includes cryptographically based signature n: 4 mark)
protocols.
3. Digital Signature is used for authentication of the message and the sender to
verify the integrity of the message.
4. Digital Signature may be in the form of text, symbol, image or audio.
5. In today‘s world of electronic transaction, digital signature plays a major role
in authentication. For example, one can fill his income tax return online using
his digital signature, which avoids the use of paper and makes the process
faster.
6. Asymmetric key encryption techniques and public key infrastructure are used
in digital signature.
7. Digital signature algorithms are divided into two parts. a. Signing part It allows
the sender to create his digital signature. b. Verification part It is used by the
receiver for verifying the signature after receiving the message.
Page 11 of 40
lOMoARcPSD|29063204

(Autonomous)
Generation and Verification of digital signature:
Procedure:
1. Message digest is used to generate the signature. The message digest (MD) is
calculated from the plaintext or message.
2. The message digest is encrypted using user‘s private key.
3. Then, the sender sends this encrypted message digest with the plaintext or
message to the receiver.
4. The receiver calculates the message digest from the plain text or message he
received.
5. Receiver decrypts the encrypted message digest using the sender‘s public key.
If both the MDs are not same then the plaintext or message is modified after
signing.
3. Attempt any FOUR: 16 Marks
(a) Describe proxy server. 4M
Ans: Proxy server is an intermediary server between client and the internet. Proxy servers (Diagram:
offers the 2marks,
• following basic functionalities: Explanatio
n: 2 marks)
• Firewall and network data filtering.
Page 12 of 40
lOMoARcPSD|29063204

(Autonomous)
• Network connection sharing
• Data caching
Purpose of Proxy Servers
Following are the reasons to use proxy servers:
• Monitoring and Filtering
• Improving performance
• Translation
• Accessing services anonymously
• Security
1. Monitoring and Filtering

• Proxy servers allow us to do several kind of filtering such as:
• Content Filtering
2. Filtering encrypted data

• Bypass filters
• Logging and eavesdropping
• Improving performance
• It fastens the service by process of retrieving content from the cache
which was saved when previous request was made by the client.
3. Translation
• It helps to customize the source site for local users by excluding source
content or substituting
• Source content with original local content. In this the traffic from the
global users is routed to the
• Source website through Translation proxy.
4. Accessing services anonymously

• In this the destination server receives the request from the anonymzing
proxy server and thus does not receive information about the end user.
5. Security
• Since the proxy server hides the identity of the user hence it protects
from spam and the hacker attacks.
Page 13 of 40
lOMoARcPSD|29063204

(Autonomous)
Fig. Proxy Server
(b) Describe in brief : 4M

(i) Piggy backing
(ii) Shoulder Surfing
Ans: (i) Piggy backing: (Piggyback
• It is the simple process of following closely behind a person who has just used ing: 2
their own access card or PIN to gain physical access to a room or building. marks,
Shoulder
surfing: 2
• An attacker can thus gain access to the facility without having to know the marks)
access code or having to acquire an access card. i.e.: Access of wireless internet
connection by bringing one's own computer within range of another wireless
connection & using that without explicit permission , it means when an
authorized person allows (intentionally or unintentionally) others to pass
through a secure door.
• Piggybacking on Internet access is the practice of establishing a wireless

Internet connection by using another subscriber's wireless Internet access
service without the subscriber’s explicit permission or knowledge.
• It is a legally and ethically controversial practice, with laws that vary by

jurisdiction around the world. While completely outlawed or regulated in some
places, it is permitted in others. The process of sending data along with the
acknowledgment is called piggybacking. Piggybacking is distinct from war
driving, which involves only the logging or mapping of the existence of access
points.
• It is the simple tactic of following closely behind a person who has just used
their own access card or PIN to gain physical access to a room or building.
• An attacker can thus gain access to the facility without having to know the
access code or having to acquire an access card.
Page 14 of 40
lOMoARcPSD|29063204

(Autonomous)
• Piggybacking, in a wireless communications context, is the unauthorized access
of a wireless LAN. Piggybacking is sometimes referred to as "Wi-Fi squatting."
• The usual purpose of piggybacking is simply to gain free network access rather
than any malicious intent, but it can slow down data transfer for legitimate users
of the network.
(ii) Shoulder Surfing:

• Shoulder surfingis a similar procedure in which attackers position themselves
in such a way as to- be-able to observe the authorized user entering the correct
access code.
• Shoulder surfing is an effective way to get information in crowded places

because it's relatively easy to stand next to someone and watch as they fill out
a form, enter a PIN number at an ATM machine, or use a calling card at a public
pay phone. Shoulder surfing can also be done long distance with the aid of
binoculars or other vision-enhancing devices.
• To prevent shoulder surfing, experts recommend that you shield paperwork or
your keypad from view by using your body or cupping your hand.
• Both of these attack techniques can be easily countered by using simple

procedures to ensure nobody follows you too closely or is in a position to
observe your actions.
• Shoulder surfing is using direct observation techniques, such as looking over

someone's shoulder, to get information.
(c) Decipher a message : 4M

“TSACT SGCEB HISRM SELNV ISEEE AVITP” using a Rail fence using
10 Columns & 3 rails & retrieve original massage.
Ans: 1. The number of columns in rail fence cipher remains equal to the length of plain- (Decryption
text message. Algorithm:
2 marks,
2. Hence, rail matrix can be constructed accordingly. Once we’ve got the matrix Original
we can figure-out the spots where texts should be placed (using the same way Message: 2
of moving diagonally up and down alternatively). marks)
3. Then, we fill the cipher-text row wise. After filling it, we traverse the matrix in
zig-zag manner to obtain the original text.
Page 15 of 40
lOMoARcPSD|29063204

(Autonomous)
T S A C T S G C E B
H I S R M S E L N V
I S E E E A V I T P
Original Message:- THIS IS A SECRET MESSAGE VCLIENT BVP

(d) Describe VPN (Virtual private network) in brief & define DMZ. 4M
Ans: VPN(Virtual Private Network) : (Explanation

A VPN or Virtual Private Network is a network connection that enables you to of VPN: 3
marks,
create a secure connection over the public Internet to private networks at a remote Definition of
location. With a VPN, all network traffic (data, voice, and video) goes through a DMZ: 1
secure virtual tunnel between the host device (client) and the VPN provider’s mark)
servers, and is encrypted. VPN technology uses a combination of features such as
encryption, tunnelling protocols, data encapsulation, and certified connections to
provide you with a secure connection to private networks and to protect your
identity. VPN connections technically give you all the benefits of a Local Area
Network (LAN), which is similar to that found in many offices but without
requiring a hard-wired connection. These systems use encryption and other security
mechanisms to ensure that only authorized users can access the network and that
the data cannot be intercepted.
Fig: Virtual Private Network (VPN)
Page 16 of 40
lOMoARcPSD|29063204

(Autonomous)
DMZ: It is a computer host or a small network inserted as a neutral zone between
company’s private network and outside public network. It prevents direct Access
to a server that has company data.
It avoids outside users from getting direct access to a company’s data server. A
DMZ is an optional but more secure approach to a firewall.
(e) Write the steps to create active directory in windows server OS. 4M
Ans: Steps to create active directory in windows server OS: (Correct

1. Start Server Manager. steps: 4
2. Select Roles in the left pane, and then click on Add Roles in the center console. marks)
3. Depending on whether you checked off to skip the Before You Begin page
while installing another service, you will now see warning pages telling you to
make sure you have strong security, static IP, and latest patches before adding
roles to your server.
If you get this page, then just click Next.
4. In the Select Server Roles window we are going to place a check next to Active
Directory Domain Services and click Next.
5. The information page on Active Directory Domain Services will give the
following warnings, which after reading, you should click Next:
• Install a minimum of two Domain Controllers to provide redundancy against

server outage (which would prevent users from logging in with only one)
• AD DS requires DNS which if not installed you will be prompted for
• After installing AD DS you must run dcpromo.exe to upgrade to a fully
functional domain controller
• Installing AD DS will also install DFS Namespaces, DFS Replication, and Filer
Replication services which are required by Directory Service
6. The Confirm Installation Selections screen will show you some information
messages and warn that the server may need to be restarted after installation.
Review the information and then click Next.
7. The Installation Results screen will hopefully show Installation Succeeded,

and an additional warning about running dcpromo.exe (I think they really want
us to run dcpromo).
After you review the, click Close.
Page 17 of 40
lOMoARcPSD|29063204

(Autonomous)
8. After the Installation Wizard closes you will see that server manager is showing
that Active Directory Domain Services is still not running. This is because we
have not run dcpromo yet.
9. Click on the Start button, type dcpromo.exe in the search box and either
hit Enter or click on the search result.
10. The Active Directory Domain Services Installation Wizard will now start.
4. a) Attempt any THREE: 12 Marks
(i) What are the techniques for transforming plain text to cipher text? 4M
Explain any one in detail.
Ans: Transforming plain text to cipher text is the science of encrypting information (Enlisting of
scheme is based on algorithms. Techniques:
2 marks,
1. Substitution technique Explanation
a) Caesar cipher of any one
b) Modified version of Caesar cipher technique: 2
c) Mono-alphabetic cipher marks)
d) Vigener’s cipher
2. Transposition technique
a) Rail fence
b) Route cipher
c) Columnar cipher
3.Steganography
4. Hashing
5. Symmetric and asymmetric cryptography
6. DES (data encryption standard)
1. Caesar cipher: It is proposed by Julius Caesar. In cryptography Caesar cipher

also known as Caesar’s cipher/code, shift cipher/code. It is one of the simplest
and most widely known encryption techniques. It is a type of substitution
technique in which each letter in the plain text is replaced by a letter some fixed
number of position down the alphabet. For example, with a shift of 3, A would
be replaced by D, B would became E, and so on as shown in the table below.
Page 18 of 40
lOMoARcPSD|29063204

(Autonomous)
Using this scheme, the plain text “SECRET” encrypts as Cipher text
“VHFUHW” .To allow someone to read the cipher text, you tell them that the
key is 3 Algorithm to break Caesar cipher:
1. Read each alphabet in the cipher text message, and search for it in the second
row of the table above.
2. When a match in found, replace that alphabet in the cipher text message
with the corresponding alphabet in the same column but the first row of the
table. (For example, if the alphabet cipher text is J, replace it with G).
3. Repeat the process for all alphabets in the cipher text message.
2. The columnar transposition cipher is a transposition cipher that follows a simple

rule for mixing up the characters in the plaintext to form the cipher-text. It can
be combined with other ciphers, such as a substitution cipher, the combination
of which can be more difficult to break than either cipher on its own. The cipher
uses a columnar transposition to greatly improve its security.
Algorithm: 1. The message is written out in rows of a fixed length. 2. Read out
again column by column according to given order or in random order. 3.
According to order write cipher text.
Example
The key for the columnar transposition cipher is a keyword e.g. ORANGE. The
row length that is used is the same as the length of the keyword.
To encrypt a below plaintext COMPUTER PROGRAMMING
In the above example, the plaintext has been padded so that it neatly fits in a
rectangle. This is known as a regular columnar transposition. An irregular
columnar transposition leaves these characters blank, though this makes
Page 19 of 40
lOMoARcPSD|29063204

(Autonomous)
decryption slightly more difficult. The columns are now reordered such that the
letters in the key word are ordered alphabetically.
The Encrypted text or Cipher text is: MPMET GNMUO IXPRM XCERG
ORAL (Written in blocks of Five)
3. Rail Fence Technique: It is one of the easiest transposition techniques to create

cipher text. When plain text message is codified using any suitable scheme, the
resulting message is called Cipher text or Cipher.
Steps are:
Plain text = COMPUTER SECURITY
1. Write down Plain text as sequence of diagonal.
Read Plain text written in Step 1 as sequence of rows.
As ,
CMUESCRT,
Followed with
OPTREUIY
Then concatenate these two sequences of text as one to create following
Cipher text: CMUESCRTOPTREUIY
Following details will be OPTIONAL.
Some other examples of rail fence techniques
1. The rail-fence cipher is inscribed by zigzag pattern and extracted by rows.
Page 20 of 40
lOMoARcPSD|29063204

(Autonomous)
(ii) Describe packet filter router firewall with neat diagram. 4M
Ans: (Diagram: 2
marks,
Explanation
: 2 marks)
Packet A packet filtering router firewall applies a set of rules to each packet and
based on outcome, decides to either forward or discard the packet. Such a firewall
implementation involves a router, which is configured to filter packets going in
either direction i.e. from the local network to the outside world and vice versa. A
packet filter performs the following functions.
1. Receive each packet as it arrives.

2. Pass the packet through a set of rules, based on the contents of the IP and
transport header fields of the packet. If there is a match with one of the set
rule, decides whether to accept or discard the packet based on that rule.
3. If there is no match with any rule, take the default action. It can be discard
all packets or accept all packets.
Advantage:
Page 21 of 40
lOMoARcPSD|29063204

(Autonomous)
The Biggest Advantage of Packet Filtering Firewalls is Cost and Lower Resource
Usage and best suited for Smaller Networks.
Disadvantage:
Packet Filtering Firewalls can work only on the Network Layer and these Firewalls
do not support Complex rule based models. And it‘s also Vulnerable to Spoofing
in some Cases.
Fig: Packet Filtering Firewall
(iii) Explain IT Act, 2008 laws. 4M
Ans: IT acts 2008: It is the Information Technology Amendment Act, 2008.the act was (Correct
developed for IT industries, control e-commerce, to provide e-governance facility Explanatio
and to stop cybercrime attacks. Following are the characteristics of IT ACT 2008: n: 4 marks)
This act provides legal recognition or the transaction i.e. Electronic Data
Interchange (EDI) and other electronic communications. This Act also gives
facilities for electronic filling of information with the Government agencies. It is
considered necessary to give effect to the said resolution and to promote efficient
delivery of Government services by means of reliable electronic records.
Characteristics of IT Act 2008:

Different Fraudulent situations:
• Tampering with any computer source code use for a computer, computer
programmer computer system or computer network.
• Hacking with computer system
• Sending offensive or false information through computer or a communicative
device.
• Receiving or retaining stolen computer resource or communication device.
Page 22 of 40
lOMoARcPSD|29063204

(Autonomous)
• Capturing transmitting or publishing the image of a private area of any person
without consent.
• Punishment for Cyber terrorism.
• Publishing transmitting information which is obscene in electronic form.
• Publishing and transmission of containing sexually explicit act or conduct.
• Penalty for mis-representation.: imprisonment for a term which may extend to
two yearsor with fine up to Rs. 1 lakh or with both.
• Penalty for breach of confidentiality and privacy
• Punishment for disclosure of information in breach of contract.
• Punishment for publishing digital signature certificate false in certain
particulars.
• Publication for fraudulent purpose.
Features of I.T. Amendment Act 2008:

• Focusing on data privacy
• Focusing on information security.
• Defining cyber café.
• Making digital signature technology neutral.
• Defining reasonable security practices to be followed by corporate.
• Redefining the role of intermediaries.
• Recognizing the role of Indian computer Emergency Response Team.
• Inclusion of some additional cybercrimes like child pornography and
cyberterrorism.
• Authorizing an Inspector to investigate cyber offences.
(iv) Describe process of application Hardening. 4M
Ans: Application Hardening: It is to secure an application against local &Internet-based (Process

attacks. In this the functions or components are removed which are not needed, Explanatio
Restrict the access where you can and make sure the application is kept up to date n: 4 marks)
with patches.
It includes:
1. Application Patches- Application patches are supplied from the vendor who
sells the application. They are probably come in three varieties: hot fixes,
patches & up-grades.
2. Hotfixes: Normally this term is given to small software update designed to
address a particular problem like buffer overflow in an application that exposes
the system to attacks.
3. Patch: This term is generally applied to more formal, larger s/w updates that
may address several or many s/w problems. Patches often contain improvement
or additional capabilities & fixes for known bugs.
Page 23 of 40
lOMoARcPSD|29063204

(Autonomous)
4. Upgrades: Upgrades are another popular method of patching application &
they are likely to be received with a more positive role than patches.
5. Web servers: Web servers are the most common Internet server-side
application in use. These are mainly designed to provide content &
functionality to remote users through a standard web browser.
6. Active directory: Active Directory allows single login access to multiple
Applications, data sources and systems and it includes advanced encryption
capabilities like Kerberos and PKI.
(B) Attempt any ONE : 6 Marks
(i) Explain Malware. 6M
Ans: Malware is a software program which is developed to destroy a computer (Definition:

system.These programs runs in victim’s computer without any information to the 1 mark,
victim, i.e.victim do not know that someone hacked his system. Listing of
types: 1
Types of Malware:
mark,
1. Rootkits Explanatio
2. Trojan n of any
3. Worm four types:
4. Adware 1 mark
5. Backdoor each)
6. RAT – Remote Access Trojan
7. Botnet
8. Downloader Malware
9. Information Stealing Malware
10. Keyloggers
11. Launcher malware
1.Rootkits:
Originally, a rootkit was a set of tools installed by a human attacker on a Unix
system, allowing the attacker to gain administrator (root) access. Today, the term
rootkit is used more generallyfor concealment routines in a malicious program.
Once a malicious program is installed on a system, it is essential that it stays
concealed, to avoid detection and disinfection. The same is true when a human
attacker breaks into a computer directly. Techniques known as rootkits allow this
concealment, by modifying the host's operating system so that the malware is
hidden from the user. Rootkits can prevent a malicious process from being visible
in the system's list of processes, or keep its files from being read.
2.Trojan:
A Trojan or a Trojan horse as malware is a malicious program functioning as a
backdoor. Just like the ancient Greek story of the wooden horse with Greek
Page 24 of 40
lOMoARcPSD|29063204

(Autonomous)
troops inside which was used to invade the city of Troy, a Trojan in computing
tends to appear like a regular application, media or any other file but containing
a malicious payload. Trojans are often spread through social engineering where
the victim is fooled into executing the file or application with the Trojan. Most
Trojans contain backdoors which can be used by the attacker to steal information,
spread other malware or use the infected machine’s resources in a botnet.
Literally anything is possible when infected with a Trojan which was installed or
run with elevated privileges. Trojans in computing have been around for a long
time, a few old and popular Trojans are: Netbus, SubSeven or Sub7 and Back
Orifice.
3.Worm:
A worm is a piece of malware that replicates itself in order to spread and infect
other systems. Computer worms use the network, links, P2P networks, e-mail
and exploit vulnerabilities to spread themselves. Often more than one way is
used to spread the worm. The difference with a virus is that a virus inserts code
into other programs where a worm does not and replicates only itself. Worms do
not necessarily contain a payload but most worms do. Worms can also be
designed to only spread without a payload.
4.Adware:
Adware as malware is malicious software which presents unwanted advertising
to the user. This kind of malware often uses pop-up windows which cannot be
closed by the user. Adware is often included with free software and browser
toolbars. Malware which is also collecting user data, activity and other
information for targeted advertising is called spyware.
5.Backdoor:
A backdoor is a piece of malicious code which allows an attacker to connect to
the infected target and take control of the target machine. In most cases there is
no authentication required to log in the remote machine other than authentication
methods required by the malware. A backdoor is often generated by a Trojan
which goes unnoticed if the host has no effective detection mechanisms.
Backdoors can use a lot of methods to communicate home. Also port 80 is
commonly used by malware over the HTTP protocol because this port is open
on most machines connected to the internet.
6.RAT – Remote Access Trojan:

A Remote Access Trojan (RAT), or sometimes called a Remote Administration
Tool or Remote Access Tool, is software which allows an attacker to take control
of the infected host by the use of a backdoor. We’ll call it a Remote Access Trojan
in this article to emphasize the maliciousness of this kind of RAT. We are talking
Page 25 of 40
lOMoARcPSD|29063204

(Autonomous)
about the malicious RAT’s and not the ones which are used by system
administrators or software vendors for remote support and troubleshooting.
Remote Access Trojans are often included with free software and send as
attachment by e-mail.
7.Botnet:
A botnet is a network of remote controlled private computers with backdoors
which are being controlled by a command and control server. All infected hosts
in the botnet are controlled as a group and receive the same instructions from the
server which is controlled by the attacker. Botnets are often used to send spam,
to perform distributed denial-of-service (DDoS) attacks or malware distribution.
8.Downloader Malware:
Downloader Malware is malicious software which downloads other malicious
software. Attackers often infect a machine with downloader malware when they
have gained first access to the system. The downloader malware than infects the
target machine silently with other malware.
9.Information Stealing Malware:

Information stealing malware is a collection of malware types which are
developed to steal information like credit card numbers, bank account details,
account details and other personal information. The collected information is
usually send to the attacker who often uses it to gain access to your personal
account or to put it up for sale on the deep web. Information stealing malware
often comes in the form as keyloggers, password (hash) grabbers and sniffers.
The stolen information is often send to a command and control server for further
processing.
10.Keyloggers:
Keylogger malware is a malicious piece of software (or hardware) which records
your keystrokes in order to retrieve passwords, conversations and other personal
details. The recorded keystrokes are than send to the attacker. A keylogger is a
very effective way for attackers to steal passwords because there is no need to
crack hashes, decrypt information or to sniff secured connections for passwords.
11.Launcher malware:
A launcher is a piece of malicious software which is used to launch other
malware. This piece of malicious software is often combined with downloader
malware. The launcher malware often uses stealthy and unconventional methods
to launch other malicious code to avoid detection.
Page 26 of 40
lOMoARcPSD|29063204

(Autonomous)
(ii) Describe Insiders & Intruders. Who is more dangerous? 6M
Ans: Intruders : (Intruders: 2

marks,
• Extremely patient as time consuming More dangerous than outsiders Insiders:
• Outsiders Insiders 2marks,Who
is dangers
• Keep trying attacks till success As they have the access and knowledge to Explanation :
cause immediate damage to organization 2 marks)
• Individual or a small group of attackers They can be more in numbers who
are
• Next level of this group is script writers, i.e. Elite hackers are of three types:
Masquerader, Misfeasor, Clandestine user is misuse of access given by
insiders directly or indirectly access the organization.
• They may give remote access to the Organization
• Intruders are authorized or unauthorized users who are trying access the
system or network.
• They are hackers or crackers
• Intruders are illegal users.
• Less dangerous than insiders They have to study or to gain knowledge about
the security system
• They do not have access to system.
• Many security mechanisms are used to protect system from Intruders.
Insiders:
• More dangerous than outsiders As they have the access and knowledge to
cause immediate damage to organization
• They can be more in numbers who are directly or indirectly access the
organization.
• They may give remote access to the organization.
• Insiders are authorized users who try to access system or network for which
he is unauthorized.
• Insiders are not hackers.
• Insiders are legal users.
• They have knowledge about the security system.
• They have easy access to the system because they are authorized users.
• There is no such mechanism to protect system from Insiders.
Insiders are more dangerous than intruders because:

i) The insiders have the access and necessary knowledge to cause immediate
damage to an organization.
Page 27 of 40
lOMoARcPSD|29063204

(Autonomous)
ii) There is no security mechanism to protect system from Insiders. So they can
have all the access to carry out criminal activity like fraud. They have knowledge
of the security systems and will be better able to avoid detection.
5. Attempt any TWO : 16 Marks
(a) Explain working of fingerprint mechanism & its limitations. 8M
Ans: 1. Biometric refers study of methods for uniquely recognizing humans based upon (Diagram : 3
one or more intrinsic physical or behavioral characteristics. marks;
Explanation
2. Biometric identification is used on the basis of some unique physical attribute of : 3 marks;
the user that positively identifies the user. Example: finger print recognition, limitation :
retina and face scan technique, voice synthesis and recognition and so on. 2 marks)
Fingerprint registration & verification process
1. During registration, first time an individual uses a biometric system is called an

enrollment.
2. During the enrollment, biometric information from an individual is stored.
3. In the verification process, biometric information is detected and compared with
the information stored at the time of enrolment.
4. The first block (sensor) is the interface between the real world and the system;
it has to acquire all the necessary data.
5. The 2nd block performs all the necessary pre-processing.
6. The third block extracts necessary features. This step is an important step as the
correct features need to be extracted in the optimal way.
7. If enrollment is being performed the template is simply stored somewhere (on
a card or within a database or both).
8. If a matching phase is being performed the obtained template is passed to a
matcher that compares it with other existing templates, estimating the distance
between them using any algorithm.
Page 28 of 40
lOMoARcPSD|29063204

(Autonomous)
9. The matching program will analyze the template with the input. This will then
be output for any specified use or purpose.
Limitations:-
1) Using the fingerprint scanner does not take into consideration when a person
physically changes
2) The cost of computer hardware and software programs can be expensive
3) Using the fingerprint scanner can lead to false rejections and false acceptance.
4) It can make mistakes with the dryness or dirty of the finger’s skin, as well as
with the age (is not appropriate with children, because the size of their
fingerprint changes quickly).
(b) Describe the working of PEM e-mail security & PGP with reference to e-mail 8M
security.
Ans: PEM e-mail security: (PEM

Diagram:2
marks, PEM
PEM supports the 3 main cryptographic functions of encryption, nonrepudiation Explanation:
and message integrity. The steps involved in PEM operation as follows. 2 marks;
PGP
Diagram: 2
marks;, PGP
Explanation
: 2 marks)
Step 1: canonical conversion: there is a distinct possibility that the sender and the
receiver of an email message use computers that have different architecture and
operating systems. PEM transforms each email message into an abstract, canonical
representation
This means that regardless of the architecture and the operating system of the
sending and receiving computers, the email travels in a uniform, independent
format.
Page 29 of 40
lOMoARcPSD|29063204

(Autonomous)
Step 2: Digital Signature:

-It starts by creating a MD of email message using an algorithm such as MD2 or
MD5.
- The MD thus created is then encrypted with sender’s private key to form the
sender’s digital signature.
Step 3-encryption:
The original email and the digital signature are encrypted together with a symmetric
key.
Step 4: Base- 64 encoding-This process transforms arbitrary binary input into

printable character output. The binary input is processed in blocks of 3 octets or 24
bits. These 24 bits are considered to be made up of 4 sets, each of 6 bits. Each such
set of 6 bits is mapped into an 8-bit output character in this process.
Page 30 of 40
lOMoARcPSD|29063204

(Autonomous)
PGP e-mail security:
1. Digital signature: it consists of the creation a message digest of the email

message using SHA-1 algorithm. The resulting MD is then encrypted with the
sender‘s private key. The result is the sender‘s digital signature.
2. Compression: the input message as well as p digital signature are compressed

together to reduce the size of final message that will be transmitted. For this the
Lempel-Ziv algorithm is used.
3. Encryption: The compressed output of step 2 (i.e. the compressed form of the
original email and the digital signature together) are encrypted with a symmetric
key.
4. Digital enveloping: the symmetric key used for encryption in step 3 is now
encrypted with the receiver‘s public key. The output of step 3 and 4 together
form a digital envelope.
5. Base -64 encoding: this process transforms arbitrary binary input into printable
character output. The binary input is processed in blocks of 3 octets (24-
bits).these 24 bits are considered to be made up of 4 sets, each of 6 bits. Each
such set of 6 bits is mapped into an 8-bit output character in this process.
Page 31 of 40
lOMoARcPSD|29063204

(Autonomous)
(c) Give IPSEC configuration. Describe AH & ESP Modes of IPSEC. 8M
Ans: (Diagram: 1
IP sec overview: mark,
Explanation
:1 mark ,
1. It encrypts and seals the transport and application layer data during Explanation
transmission. It also offers integrity protection for internet layer. of AH and
ESP: 3
marks each)
2. It sits between transport and internet layer of conventional TCP/IP protocol.
1. Secure remote internet access: Using IPsec make a local call to our internet
services provider (ISP) so as to connect to our organization network in a secure
fashion from our house or hotel from there. To access the corporate network
facilities or access remote desktop/servers.
2. Secure branch office connectivity: Rather than subscribing to an expensive

leased line for connecting its branches across cities, an Organization can setup
an IPsec enabled network to securely can‘t all its branches over internet.
Page 32 of 40
lOMoARcPSD|29063204

(Autonomous)
3. Setup communication with other organization: Just as IPsec allow
connectivity between various branches of an organization, it can also be used to
connect the network of different organization together in a secure & inexpensive
fashion.
Main advantages of IPsec:

1. IPsec is transparent to end users.
2. There is no need for an user training key, key issuance or revocation.
3. When IPsec is configured to work with firewall it becomes the only entry-
exit point for all traffic, making it extra secure.
4. IPsec works at network layer. Hence no changes are needed to upper layers
or router, all outgoing & incoming traffic gets protected.
5. IPsec allow travelling staff to have secure access to the corporate network
6. IPsec allows interconnectivity between branches/offices in a very in
expensive manner.
Basic Concept of IPsec Protocol:
IP packet consist two position IP header & actual data IPsec feature are
implemented in the form of additional headers called as extension header to the
standard, default IP header. IPsec offers two main services authentication &
confidentially. Each of these requires its own extension header. Therefore, to
support these two main services, IPsec defines two IP extension header one for
authentication & another for confidentiality. It consists of two main protocols.
Authentication
header (AH):
1. Authentication header is an IP Packet (AH) protocol provides authentication,

integrity &an optional anti-reply service.
2. The IPsec AH is a header in an IP packet. The AH is simply inserted between
IP header & any subsequent packet contents no changes are required to data
contents of packet. Security resides completing in content of AH.
Page 33 of 40
lOMoARcPSD|29063204

(Autonomous)
Authentication Header (AH) format
Encapsulation Header (ESP):
1. Used to provide confidentiality, data origin authentication, data

integrity.
2. It is based on symmetric key cryptography technique.
3. ESP can be used in isolation or it can be combined with AH.
6. Attempt any FOUR : 16 Marks
(a) Describe role of people in security. 4M
a) Password selection: (Any 4

1. User should be able to create their own easy to remember passwords, but should point :1
not be easy for someone else to guess or obtain using password cracking mark each)
utilities.
Page 34 of 40
lOMoARcPSD|29063204

(Autonomous)
2. Password should meet some essential guidelines for eg.pw should contain
some special characters etc.
3. It should not consist of dictionary words. Etc.
b) Piggybacking:
It is a simple approach of following closely behind a person who has just used
their own access card or PIN to gain physical access. In this way an attacker
can gain access to the facility without knowing the access code.
c) Shoulder surfing:
An attacker positions themselves in such a way that he is able to observe the
authorized user entering the correct access code.
d) Dumpster diving:
It is the process of going through a target’s trash in order to find little bits of
information.
e) Installing Unauthorized Software/Hardware:

because of possible risks, many organizations do not allow their users to load
software or install new hardware without the information and help of
administrators. Organizations also restrict what an individual do by received
e-mails.
f) Access by non-employees:
If attacker can get physical access to a facility then there are many chances of
obtaining enough information to enter into computer systems and networks.
Many organizations restrict their employees to wear identification symbols at
work.
g) Security awareness:
security awareness program is most effective method to oppose potential
social engineering attacks when organization’s security goals and policies are
established. An important element that should concentrate in training is which
information is sensitive for organization and which may be the target of a
social engineering attack.
h) Individual user responsibilities:

i) Lock the door of office or workspace.
ii) Do not leave sensitive information inside your car unprotected.
iii) Secure storage media which contains sensitive information. iv) Shredding
paper containing organizational information before discarding it.(more
points can be added).
Page 35 of 40
lOMoARcPSD|29063204

(Autonomous)
(b) Explain the concept of Hashing. Give its advantage. 4M
Ans: Hashing (Explanation

: 3marks,
1. Hashing functions are one of the most commonly used encryption methods. Any two
advantages:
½ marks
2. A hash is a special function that performs one-way encryption, meaning that Each)
once the algorithm is processed, there is no feasible way to take the cipher
text and retrieve the plain text that was used to generate it.
3. The hash code is a function of all bits of the message and provides as error
detection capability. A change in any bit or bits results in a change of hash
value.
4. A hash value h is generated by a function H of the form
h = H(M)
where,
M is variable length message and
H(M) is the fixed length hash value.
5. The hash value is appended to the message at the source at a time when the
message is assumed or known to be correct.
6. The receiver authenticates that message by re-computing the hash value. Hash
value is not considered to be secret so something is required to protect the hash
value.
7. The message plus concatenated Hash code is encrypted using symmetric

encryption. Sender and receiver share the same secret key. The message must
have come from authorized sender and has not been altered is checked by
recomputing and comparing hash code by receiver.
Advantages: (any two)

1. It is more efficient to compute a digital signature using a document‘s message
digest.
2. A digest can be made public without revealing the contents of the document
from which it derives.
Page 36 of 40
lOMoARcPSD|29063204

(Autonomous)
3. It is used for digital authentication must have certain properties that make it
secure enough for cryptographic use.
4. Combining the data message with the secret, and running it through a hash
function, a signature is generated in the form of the hash value. The data
message is transmitted along with the signature. The recipient combines the
received message with the secret, generates a hash value, and checks to make
sure it's identical to the signature. The message's authenticity is thus verified.
(c) Explain Honey Pots. 4M
Ans: • Honeypots are designed to purposely engage and deceive hackers and (Explanation:
4 marks)
identify malicious activities performed over the Internet.
• The honeypot is designed to do the following:

1. Divert the attention of potential attacker.
2. Collect information about the intruder’s action.
3. Provide encouragement to the attacker so as to stay for some time,
allowing the administrations to detect this and swiftly act on this.
• Honeypots are designed for 2 important goals

1. Make them look-like full real-life systems.
2. Do not allow legitimate users to know about or access them.
• Different types of honeypots:

1. Research Honeypot – A Research Honeypot is used to study about the
tactics and techniques of the intruders. It is used as a watch post to see
how an attacker is working when compromising a system.
2. Production Honeypot – These are primarily used for detection and to
protect organizations. The main purpose of a production honeypot is to
help mitigate risk in an organization.
(d) Describe data recovery procedures & ethics. 4M
Ans: Deleted file recovery: (Data

• When we delete a file on the disk having FAT32 or NTFS (new technology file Recover
Procedures:
system) file system, its content is not erased from the disk but only reference to 2 marks,
file data in file allocation Table or master table is marked as deleted. Ethics: 2
• It means that we might be able to recover deleted files or make it visible for file marks)
system again.
Page 37 of 40
lOMoARcPSD|29063204

(Autonomous)
Methods of data recovery from deleted file or File /data recovery process:
• There are various data/file recovery tools available these tools find & recover
recoverable deleted files from NTFS & FAT.
• These tools usually operate as per following process steps:
Step 1: scan the hard drive & build the index of existing & deleted files &
directories (folder) on any logical drive of your computer with supported file
formats.
Step 2: Provide control over to the user to select which files to recover and what
destination to recover them to. If you find a deleted file if you remember at least
one of the following:
- Full or partial name
- File size
- File creation mode
- File last accessed date.
Step 3: Allows previewing deleted files of certain types without performing

recovery.
Data Recovery Ethics:

It is concerned with security of your data. These are used to think through
different situations.
• It is a major part of the society and should be followed in letter and spirit
• There are policies in many organizations that provide guidelines for ethics.
• It is a behavior of the person in relation with the subject.
• There are four primary issues:
Privacy, Accuracy, Property and Access
• Some standards are :
Standard of right and wrong behavior
A gauge of personal integrity
The basis of trust and cooperation in relationships with others.
(e) Explain how SQL injection can be done on website with example & 4M
prevention of it for web security.
Ans: • SQL injection is a code injection technique that might destroy your database. (How SQL
injection
can be
Page 38 of 40
lOMoARcPSD|29063204

(Autonomous)
• SQL injection is the placement of malicious code in SQL statements, via web done on
page input. website:2
marks,
How SQL injection can be done on website: How to
prevent
1. Attacker submits form with SQL exploit data.
SQL
2. Application builds string with exploit data. injection:2
3. Application sends SQL query to DB. marks )
4. DB executes query, including exploit, sends data back to application.
5. Application returns data to user.
Unauthorized Access Attempt:

password = ’ or 1=1 --
SQL statement becomes:
select count(*) from users where username = ‘user’ and password = ‘’ or
1=1 --
Checks if password is empty OR 1=1, which is always true, permitting access.
• How to prevent SQL injection:

1. Employ comprehensive data sanitization.
2. Use a web application firewall.
3. Limit database privileges by context.
4. Avoid constructing SQL queries with user input.
Page 39 of 40
lOMoARcPSD|29063204

(Autonomous)
5. Eliminate unnecessary database capabilities
6. Regularly apply software patches
7. Suppress error messages.
8. Continuously monitor SQL statements from database-connected
applications.
Page 40 of 40
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
WINTER– 17 EXAMINATION
scheme.
2) The model answer and the answer written by candidate may vary but the examiner may try to assess the
understanding level of the candidate.
figures drawn by candidate and model answer may vary. The examiner may give credit for any equivalent
figure drawn.
concept.
Q. Sub Answer Marking

No Q. N. Scheme
.
1. (a) Attempt any THREE : 12 Marks
(i) State the need of Computer Security. 4M
Ans: The need of computer security has been threefold: confidentiality, integrity, and (1 mark for
availability the “CIA” of security. Confidentiality, Integrity, Availability, Availability, each point
; Diagram
Authentication, Other elements are Authorization, Non-repudiation, Access control and
optional)
accountability.
1. Confidentiality: The goal of confidentiality is to ensure that only those individuals

who have the authority can view a piece of information, the principle of confidentiality
specifies that only sender and intended recipients should be able to access the
contents of a message. Confidentiality gets compromised if an unauthorized person is
able to access the contents of a message.
Example of compromising the Confidentiality of a message is shown in fig.
Fig. Loss of
confidentiality
Page 1 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
Here, the user of a computer A sends a message to user of computer B. another
user C gets access to this message, which is not desired and therefore, defeats the
2. Authentication: Authentication h e l p s t o e s t a b l i s h proof of identities.

Authentication deals with the desire to ensure that an individual is who they claim to
be.
however, the trouble is that user C had posed as user A when he sent a message to user
B. how would user B know that the message has come from user C, who posing as
user A? This concept is shown in fig. below.
Fig. absence of authentication
3. Integrity: Integrity is a related concept but deals with the generation and
modification of data. Only authorized individuals should ever be able to create or
change (or delete) information. When the contents of the message are changed after the
sender sends it, but before it reaches the intended recipient, we say that the integrity of
the message is lost.
For example, here user C tampers with a message originally sent by user A, which is
actually destined for user B. user C somehow manages to access it, change its
contents and send the changed message to user B. user B has no way of knowing that
the contents of the message were changed after user A had sent it. User A also does
not know about this change.
Page 2 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
Fig. Loss of Integrity
(ii) List types of attacks. Explain back doors and trap doors attacks 4M
Ans: Types of attacks are: (List: 2

Marks,
1. Passive attacks
Explanatio
2. Active attacks
n of
3. Denial of service attacks
Backdoor
4. Backdoor attacks
and
5. Trapdoor attacks
Trapdoor
6. Sniffing/spoofing attacks
attacks: 1
7. Man-in-the middle attacks
Mark
\
each)
Backdoor Attacks: It is secret entry point into program that allows user to gain access
without going through the usual security access procedures. It is used legitimately in
debugging and testing. It also refers to the entry and placement of a program or utility into
a network that creates a backdoor entry for attackers. This may allow a certain user ID to
log on without password a program or gain of administrative services. It becomes threat
when programmers use them to gain unauthorized access. There are several backdoor
programs and tools used by hackers in terms of automated tools
Trapdoor Attacks: A trap door is an entrance in a system which circumvents the normal
safety measures. It is secret entry point into a program that allows someone who is aware
of gaining access using procedure other that security procedure. It might be hidden
program which makes the protection system ineffective. This entry can be deliberately in
traduced by the developer to maintain system in case of disaster management. Trapdoor
programs can be installed through malware using internet.
(iii) Compare symmetric and asymmetric key cryptography. 4M
Page 3 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
Ans: (Each
comparison
Categories Symmetric key Asymmetric key point:
1mark , any
Key used for encryption Cryptography
Same key is used for Cryptography
One key is used for four points)
/decryption encryption & decryption. encryption & another
different key is used for
decryption.
Key process Ke=Kd (Same) Ke# Kd (not same)
Speed of encryption/ Very fast Slower
decryption
Size of resulting encrypted Usually same as or less than More than the original clear
text
Key agreement/exchange the original
A big clear text size.
problem text size. at all.
No problem
Usage Mainly used for encryption Can be used for encryption

and decryption, cannot be and decryption as well as
used for digital signatures. for digital signatures.
Efficiency in usage Symmetric key Asymmetric key
cryptography is often used cryptography is more
for long messages. efficient for short messages.
(iv) Explain the terms: Cryptography, Cryptanalysis and Cryptology. 4M
Ans: 1. Cryptography: Cryptography is art & science of achieving security by encoding (1mark for
messages to make them non-readable. explanatio
n each
term and 1
mark for
diagram
drawn)
2. Cryptanalysis: Cryptanalysis is the technique of decoding messages from a non-

readable format without knowing how they were initially converted from readable
format to non-readable format.
3. Cryptology: it is the art and science of transforming the intelligent data into
unintelligent data and unintelligent data back to intelligent data.
Cryptology = Cryptography + Cryptanalysis
(b) Attempt any ONE : 6 Marks

(i) Describe the following attacks: 6M
Page 4 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
(A) Sniffing
(B) Spoofing
Ans: a) Sniffing : (Sniffing : 3

1. This is software or hardware that is used to observe traffic as it passes through a marks,
network on shared broadcast media. Spoofing: 3
2. It can be used to view all traffic or target specific protocol, service, or string of marks)
characters like logins.
3. Some network sniffers are not just designed to observe the all traffic but also modify
the traffic.
4. Network administrators use sniffers for monitoring traffic.
5. They can also use for network bandwidth analysis and to troubleshoot certain problems
such as duplicate MAC addresses.
b) Spoofing:
1. Spoofing is nothing more than making data look like it has come from a different
source.
2. This is possible in TCP/ IP because of the friendly assumption behind the protocol.
When the protocols were developed, it was assumed that individuals who had access to
the network layer would be privileged users who could be trusted.
3. When a packet is sent from one system to another, it includes not only the destination IP
address ant port but the source IP address as well which is one of the forms of Spoofing.
4. Example of spoofing: e-mail spoofing, URL spoofing, IP address spoofing.
(ii) Explain data recovery tools and data recovery procedures. 6M
Ans: Data recovery: All computer users need to be aware of backup and recovery procedures (Explanatio
to protect their data. Data Protection can be taken seriously as its important for financial, n of Data
legal or personal reasons. recovery : 4
marks,
These are various formatted partition recovery tool available .Although every tool will
Procedure :
have different GUI & method of recovery. 2 marks)
Steps of data recovery:
Step1: If you cannot boot the computer, please use data recovery bootable disk.
Step 2: Select the file types you want to recover & volume where the formatted hard
drive is. The tool will automatically scan the selected volume.
Step 3: Then the founded data will be displayed on the screen & you can get a preview
of it. Then select the file or directory that you want to recover & save them to a healthy
drive.
Data recovery procedures:
A computer data recovery procedure is an important part for any computer literate
personality that cannot be neglected. Computer professional or computer forensic
expert who uses data recovery should maintain the secrecy and privacy of the client. Any
action or activity that leads to disclosure of privacy of the client should be avoided. The
values such as integrity, accuracy & authenticity should be exercised in an ethical
environment. The evidence that is produced before the court should be fairly examined &
analyzed. There should not be any carelessness and ignorance regarding the handling of
Page 5 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
evidence. The case evidence should be examined in detail based upon validated principles.
2. Attempt any TWO of the following: 16 Marks
(a) Explain any four attacks on Computer System Security. 8M
Ans: Different types of attacks are as follows: (Explanati

on of Any
1) Denial-of-service attacks four
2) Backdoors and Trapdoors Attacks: 2
3) Sniffing marks
4) Spoofing each)
5) Man In middle attack
6) Replay attack
7) TCP/ IP Hijacking.
8) Malware or malicious code such as viruses
1. Denial of Service Attack. Denial of service (DOS) attack scan exploits a known
vulnerability in a specific application or operating system, or they may attack features (or
weaknesses) in specific protocols or services. In this form of attack, the attacker is
attempting to deny authorized users access either to specific information or to the
computer system or network itself. The purpose of such an attack can be simply to
prevent access to the target system, or the attack can be used in conjunction with other
actions in order to gain unauthorized access to a computer or network. SYN flooding is
an example of a DOS attack that takes advantage of the way TCP/IP networks were
designed to function, and it can be used to illustrate the basic principles of any DOS
attack. SYN flooding utilizes the TCP three-way handshake that is used to establish a
connection between two systems. In a SYN flooding attack, the attacker sends fake
communication requests to the targeted system. Each of these requests will be answered
by the target system, which then waits for the third part of the handshake. Since the
requests are fake the target will wait for responses that will never come.
2. Backdoors and Trapdoors: They are the methods used by software developers to
ensure that they could gain access to an application even if something were to happen
in the future to prevent normal access methods. For e.g. A hard coded password that
could be used to gain access to the program in the event that administrator forgot their
own system password. The problem with this sort of password (sometimes referred to
as trapdoor) is that since the password is hard coded it cannot be removed. If the
attacker learns about the backdoor, all systems running the software would be
vulnerable.
3. Sniffing: A network sniffer is a software or hardware device that is used to observe the
traffic as it passes through the network on shared broadcast media. The device can
be used to view all traffic, all it can target a specific protocol, service or even string of
characters. Normally the network device that connects a computer to a network
Page 6 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
is designed to ignore all traffic that is not destined for that computer. Network
sniffers ignore this friendly agreement and observe all traffic on the network whether
destined for that computer or others.
4. Spoofing: It makes the data look like it has come from other source. This is possible in
TCP/IP because of the friendly assumptions behind the protocols. When a packet is
sent from one system to another, it includes not only the destination IP address but the
source IP address. The user is supposed to fill in the source with your own address, but
there is nothing that stops you from filling in another system‘s address.
5. Man in the middle attack. A man in the middle attack occurs when attackers are able
to place themselves in the middle of two other hosts that are communicating in order to
view or modify the traffic. This is done by making sure that all communication going to
or from the target host is routed through the attacker‘s host. Then the attacker is able to
observe all traffic before transmitting it and can actually modify or block traffic. To the
target host, communication is occurring normally, since all expected replies are received.
6. Replay Attack: In replay attack an attacker captures a sequence of events or some data
units and resends them. For example suppose user A wants to transfer some amount to
user C’s bank account. Both users A and C have account with bank B. User A might
send an electronic message to bank B requesting for fund transfer. User C could capture
this message and send a copy of the same to bank B. Bank B would have no idea that this
is an unauthorized message and would treat this as a second and different fund transfer
request from user A. So C would get the benefit of the fund transfer twice once
authorized and once through a replay attack.
(b) What is the importance of biometrics in Computer security? Describe finger prints 8M
registration and verification process.
Ans: Importance of Biometrics: Biometric refers study of methods for uniquely recognizing (Diagram: 2
humans based upon one or more intrinsic physical or behavioral characteristics. mark,
Importance
1. Biometric identification is used on the basis of some unique physical attribute of the : 4 marks,
user that positively identifies the user. Example: finger print recognition, retina and face Fingerprint
scan technic, voice synthesis and recognition and so on. registration
&
2. Physiological are related to shape of the body.
verification
3. For example finger print, face recognition, DNA, palm print, iris recognition and so on. process: 2
4. Behavioural are related to the behaviour of a person. mark)
5. For example typing rhythm, gait, signature and voice.
6. The first time an individual uses a biometric system is called an enrolment.
7. During the enrolment, biometric information from an individual is stored.
8. In the subsequent uses, biometric information is detected and compared with the
information stored at the time of enrolment.
Page 7 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
Different methods of Biometrics

1. Finger print recognition
2. Hand print recognition
3. Retina/Iris scan technique
4. Face recognition
5. Voice patterns recognition
6. Signature and writing patterns recognition
7. Keystroke dynamics
Fingerprint registration & verification process: During registration, first time an

individual uses a biometric system is called an enrolment. During the enrolment, biometric
information from an individual is stored. In the verification process, biometric information
is detected and compared with the information stored at the time of enrolment.
(c) Explain transposition technique. Convert plain text to Cipher text using Rail Fence 8M
technique “COMPUTER ENGINEERING”.
Ans: Transposition Technique: Transposition systems are fundamentally different from (4 mark
substitution systems. In substitution systems, plaintext values are replaced with other for
Explanatio
values. In transposition systems, plaintext values are rearranged without otherwise
n, 2 marks
changing them. All the plaintext characters that were present before encipherment are still for Step 1,
present after encipherment. Only the order of the text changes. Most transposition 2 marks
systems rearrange text by single letters. It is possible to rearrange complete words or for cipher
groups of letters rather than single letters, but these approaches are not very secure and text.)
have little practical value. Larger groups than single letters preserve too much
recognizable plaintext.
a) Some transposition systems go through a single transposition process. These are
called single transposition. Others go through two distinctly separate transposition
processes. These are called double transposition.
b) Most transposition systems use a geometric process. Plaintext is written into a
geometric figure, most commonly a rectangle or square, and extracted from the
geometric figure by a different path than the way it was entered. When the geometric
figure is a rectangle or square, and the plaintext is entered by rows and extracted by
columns, it is called columnar transposition. When some route other than rows and
Page 8 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
columns is used, it is called route transposition.
Rail Fence Technique: It is one of the easiest transposition techniques to create
cipher text. When plain text message is codified using any suitable scheme, the resulting
message is called Cipher text or Cipher.
Steps are: Plain text = COMPUTER ENGINEERING
Step 1: Write down Plain text as sequence of diagonal.
Read Plain text written in Step 1 as sequence of rows. As,
C M U E E G N E I G
O P T R N I E R N

Cipher Text: CMUEEGNEIGOPTRNIERN
OR
The rail-fence cipher is inscribed by zigzag pattern and extracted by rows.
C U E N I
O P T R N I E R N
M E G E G
Cipher Text: CUENIOPTRNIERNMEGEG
(a) Explain the concept of Kerberos. 4M
Ans: Kerberos is a network authentication protocol. It is designed to provide strong (Explanatio

authentication for client/server applications by using secret-key cryptography. n with
Kerberos was created by MIT as a solution for network security problems and it is freely Diagrams
available from MIT, under copyright permission. of different
How Kerberos does works? Kerberos operates by encrypting data with a symmetric key. steps: 4
A symmetric key is a type of authentication where both the client and server agree to use a
marks)
single encryption/decryption key for sending and receiving data. When working with the
encryption key, the details are actually sent to a key distribution center (KDC), instead of
sending the details directly between each computer.
The entire process takes a total of eight steps, as shown below.
1. The authentication service, or AS, receivers the request by the client and verifies that the
Client is indeed the computer it claims to be. This is usually just a simple database lookup
of the user’s ID.
Page 9 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
2. Upon verification, a timestamp is crated. This puts the current time in a user session,
along with an expiration date. The default expiration date of a timestamp is 8 hours. The
encryption key is then created. The timestamp ensures that when 8 hours is up, the
encryption key is useless. (This is used to make sure a hacker doesn’t intercept the data,
and try to crack the key. Almost all keys are able to be cracked, but it will take a lot longer
than 8 hours to do so)
3. The key is sent back to the client in the form of a ticket-granting ticket, or TGT. This is
a simple ticket that is issued by the authentication service. It is used for authentication the
client for future reference.
4. The client submits the ticket-granting ticket to the ticket-granting server, or TGS, to get
authenticated.
5. The TGS creates an encrypted key with a timestamp, and grants the client a service
ticket.
Page 10 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
6. The client decrypts the ticket, tells the TGS it has done so, and then sends its own
encrypted key to the service.
7. The service decrypts the key, and makes sure the timestamp is still valid. If it is, the
service contacts the key distribution center to receive a session that is returned to the client.
8. The client decrypts the ticket. If the keys are still valid, communication is initiated
between client and server.
(b) Describe different password selection criteria. 4M
Ans: Password selection criteria : ( Four

1. User education: Users can be told the importance of using hard-to-guess passwords and criteria: 1
can be provided with guidelines for selecting strong passwords. This user education mark Each)
strategy is unlikely to succeed at most installations, particularly where there is a large user
Page 11 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
population or a lot of turn over. Many users will simply ignore the guidelines. Others may
not be good judges of what is a strong password. For example, many users believe that
reversing a word or capitalizing the last letter makes a password un-guessable.
2. Computer-generated passwords: Passwords are quite random in nature. Computer-
generated passwords also have problems. If the passwords are quite random in nature,
users will not be able to remember them. Even if the password is pronounceable, the user
may have difficulty remembering it and so be tempted to write it down. In general,
computer-generated password schemes have a history of poor acceptance by users. FIPS
PUB 181 defines one of the best-designed automated password generators. The standard
includes not only a description of the approach but also a complete listing of the C source
code of the algorithm. The algorithm generates words by forming pronounceable syllables
and concatenating them to form a word. A random number generator produces a random
stream of characters used to construct the syllables and words.
3. Reactive password checking: A reactive password checking strategy is one in which
the system periodically runs its own password cracker to find guessable passwords. The
system cancels any passwords that are guessed and notifies the user. This tactic has a
number of drawbacks. First it is resource intensive, if the job is done right. Because a
determined opponent who is able to steal a password file can devote full CPU time to the
task for hours or even days an effective reactive password checker is at a distinct
disadvantage. Furthermore, any existing passwords remain vulnerable until the reactive
password checker finds them.
4. Proactive password checking: The most promising approach to improved password
security is a proactive password checker. In this scheme, a user is allowed to select his or
her password. However, at the time of selection, the system checks to see if the password
is allowable and if not, rejects it. Such checkers are based on the philosophy that with
sufficient guidance from the system, users can select memorable passwords from a fairly
large password space that are not likely to be guessed in a dictionary attack. The trick with
a proactive password checker is to strike a balance between user acceptability and strength.
If the system rejects too many passwords, users will complain that it is too hard to select a
password. If the system uses some simple algorithm to define what is acceptable, this
provides guidance to password crackers to refine their guessing technique. In the
remainder of this subsection, we look at possible approaches to proactive password
checking.
(c) List types of firewall. Explain packet filter with diagrams. 4M
Ans: List of types of firewall: (Listing of

 Packet filter as a firewall types of
 Circuit level gateway firewall firewall: 1
 Application level gateway firewall mark,
 Proxy server as a firewall Explanatio
n of packet
Explanation : As per the diagram given below Firewall will act according to the table filter as a
given for example source IP 150.150.0.0 is the IP address of a network , all the packets firewall: 2
which are coming from this network will be blocked by the firewall in this way it is acting marks
as a firewall. Table also having port 80, IP Address 200.75.10.8 & port 23 firewall will act ,diagram of
in the similar fashion. Port 23 is for Telnet remote login in this case firewall won’t allow to packet
login onto this server. IP Address 200.75.10.8 is the IP address of individual Host, all the filter as a
packet having this IP address as a destination Address will be denied. firewall: 1
Port 80 no HTTP request allowed by firewall. mark)
Page 12 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
Diagram of packet filter as a firewall.
Packet Filtering
(d) Describe host based IDS with its advantages and disadvantages. 4M
Ans: Host Intrusion Detection Systems: (Diagram:

(i). They are run on individual hosts or devices on the network. 1 mark,
(ii). A HIDS monitors the inbound and outbound packets from the device only and will Explanatio
alert the user or administrator when suspicious activity is detected.
n: 1 mark ,
(iii). HIDS is looking for certain activities in the log file are:
any two
 Logins at odd hours
 Login authentication failure advantages:
 Adding new user account 1 mark ,
 Modification or access of critical system files any two
 Modification or removal of binary files disadvantag
 Starting or stopping processes es: 1 mark)
 Privilege escalation
 Use of certain programs
(i). Basic Components HIDS:

 Traffic collector:
This component collects activity or events from the IDS to examine. On Host-based IDS,
this can be log files, audit logs, or traffic coming to or leaving a specific system
 Analysis Engine:
This component examines the collected network traffic & compares it to known patterns of
suspicious or malicious activity stored in the signature database. The analysis engine acts
like a brain of the IDS.
Page 13 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
 Signature database:
It is a collection of patterns & definitions of known suspicious or malicious activity.
 User Interface & Reporting:
This is the component that interfaces with the human element, providing alerts & giving
the user a means to interact with & operate the IDS.
Advantages:
1. Operating System specific and detailed signatures.
2. Examine data after it has been decrypted.
3. Application specific.
4. Determine whether or not an alarm may impact that specific.
Disadvantages:
1. Should have a process on every system to watch.
2. High cost of ownership and maintenance.
3. Uses local system resources.
4. If logged locally, could be compromised or disable.
(e) Explain the steps for hardening applications. 4M
Ans: Application Hardening is a security feature designed to avoid/prevent exploitation of (Any

various types of vulnerabilities in software application. It also secures against local and relevant
internet attacks. Vulnerabilities are introduced by programmers who fail to check the explanation
properly the input data entering into the application. If there are vulnerabilities in : 4 marks)
application then it can be exploited by an attacker.
Hardening application is fairly similar to hardening operating system- you remove the
functions or components you do not need, restrict access where you can and make sure that
the application is kept up to date with patches & maintain application patches.
Application hardening has following mechanisms:

a) Process spawning Control: uses fact that in most cases the application does not need
the ability to launch other executable for proper functioning. By taking away the process
spawning ability from the application, hackers will not be able to perform the process
spawning attack.
b) EXE file protection: another method to break into system is to trick the vulnerable
application into modifying or creating executable file protection defense is based on in
most of the cases, the application does not need to create or modify executable files.
Hackers will not be able to perform attacks tampering with executable files on the system.
c) System tampering protection: Another possibility to break into the system is to trick
the vulnerable application into modifying special sensitive area of the operating system
and taking advantage of those modifications. Those sensitive areas include Windows
registry keys used to control launching of application on system startup the system.ini and
win.ini files… The system tampering protection defense is based on the fact that in almost
all cases normal applications do not need to perform such operations for their proper
function, by preventing applications to modify special areas of Operating system. Hackers
will not be able to attack by tampering with sensitive special areas of the system.
Application Patches will be helpful in this case like Hotfixes, Patches, and upgrades.
Page 14 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
4. (a) Attempt any THREE of the following: 12 Marks
(i) Explain simple columnar transposition technique with algorithm and example. 4M
Ans: The columnar transposition cipher is a transposition cipher that follows a simple rule for (Explanati
mixing up the characters in the plaintext to form the cipher-text. It can be combined with on: 1
other ciphers, such as a substitution cipher, the combination of which can be more difficult mark,
to break than either cipher on its own. The cipher uses a columnar transposition to greatly
Algorithm:
improve its security.
1 mark,
Algorithm: Example: 2
1. The message is written out in rows of a fixed length. marks )
2. Read out again column by column according to given order or in random order.
3. According to order write cipher text.
Example:
The key for the columnar transposition cipher is a keyword e.g. ORANGE. The row length
that is used is the same as the length of the keyword.
To encrypt a below plaintext COMPUTER PROGRAMMING
In the above example, the plaintext has been padded so that it neatly fits in a rectangle.
This is known as a regular columnar transposition. An irregular columnar transposition
leaves these characters blank, though this makes decryption slightly more difficult. The
columns are now reordered such that the letters in the key word are ordered alphabetically.
The Encrypted text or Cipher text is: MPMET GNMUO IXPRM XCERG ORAL (Written
in blocks of Five)
Page 15 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
(ii) Draw and explain virtual private network. 4M
Ans: (Diagram
of VPN :2
marks ,
Explanatio
n: 2 marks)
Fig: VPN
Explanation: private network created virtually between two branch networks of same
company across the world. Instead of using dedicated leased line to the internetwork of
company public lines can be used called as VPN. In the diagram two firewalls are acting as
an intermediate between user X & user Y. If the user x is sending the message to user .If
the user X is sending the message to user Y message first comes to firewall 1 which uses
its own address to send this message to user Y thus over the network the packet send from
user X is protected & it‟s IP address is protected like private network .In VPN the Tunnel
technology is used to have communication between two branches of same company by
wrapping the packet on another packet thus protecting network like private network.
(iii) Explain Cyber Crime. 4M
Ans: Crimes against people are a category of crime that consists of offenses that usually involve (Relevant
causing or attempting to cause bodily harm or a threat of bodily harm. These actions are Explanatio
taken without the consent of the individual the crime is committed against, or the victim. n of Cyber
These types of crimes do not have to result in actual harm - the fact that bodily harm could Crime: 4
have resulted and that the victim is put in fear for their safety is sufficient. i.e. Assault, marks)
Domestic Violence, Stalking
Cybercrime is a bigger risk now than ever before due to the sheer number of connected
people and devices. Cybercrime, as it's a bigger risk now than ever before due to the sheer
number of connected people and devices. It is simply a crime that has some kind of
computer or cyber aspect to it. To go into more detail is not as straightforward, as it takes
shape in a variety of different formats.
Cybercrime:
 Cybercrime has now surpassed illegal drug trafficking as a criminal money maker
 Somebody‘s identity is stolen every 3 seconds as a result of cybercrime
 Without a sophisticated security package, your unprotected PC can become infected
within four minutes of connecting to the Internet.
Page 16 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
Criminals committing cybercrime use a number of methods, depending on their skill-set
and their goal. Here are some of the different ways cybercrime can take shape:
Theft of personal data
 Copyright infringement
 Fraud
 Child pornography
 Cyber stalking
 Bullying
Cybercrime covers a wide range of different attacks, that all deserve their own unique
approach when it comes to improving our computer's safety and protecting ourselves. The
computer or device may be the agent of the crime, the facilitator of the crime, or the target
of the crime. The crime may take place on the computer alone or in addition to other
locations. The broad range of cybercrime can be better understood by dividing it into two
overall categories.
(iv) What is software piracy? 4M
Ans: Software piracy is the illegal copying, distribution, or use of software. It is such a (Any
profitable "business" that it has caught the attention of organized crime groups in a number Relevant
of countries. Software piracy causes significant lost revenue for publishers, which in turn Descriptio
results in higher prices for the consumer. Software piracy applies mainly to full-function n: 4
commercial software. The time-limited or function-restricted versions of commercial marks)
software called shareware are less likely to be pirated since they are freely available.
Similarly, freeware, a type of software that is copyrighted but freely distributed at no
charge.
Types of software piracy include:

 Soft-lifting: Borrowing and installing a copy of a software application from a
colleague.
 Client-server overuse: Installing more copies of the software than you have licenses
for.
 Hard-disk loading: Installing and selling unauthorized copies of software on
refurbished or new computers.
 Counterfeiting: Duplicating and selling copyrighted programs.
 Online piracy: Typically involves downloading illegal software from peer-to-peer
network, Internet auction or blog. (In the past, the only place to download software was
from a bulletin board system and these were limited to local areas because of long
distance charges while online.)
(b) Attempt any ONE: 6 Marks
(i) Explain DOS and DDOS with neat diagram. 6M
Ans: Denial Of Service Attack: Denial of service (DOS) attack scan exploits a known
vulnerability in a specific application or operating system, or they may attack features (or (Explanatio
weaknesses) in specific protocols or services. In this form of attack, the attacker is n of DOS &
DDOS : 2
attempting to deny authorized users access either to specific information or to the computer
marks
system or network itself. The purpose of such an attack can be simply to prevent access to Each,
the target system, or the attack can be used in conjunction with other actions in order to Diagram: 1
Page 17 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
gain unauthorized access to a computer or network. SYN flooding is an example of a DOS mark Each)
attack that takes advantage of the way TCP/IP networks were designed to function, and it
can be used to illustrate the basic principles of any DOS attack. SYN flooding utilizes the
TCP three-way handshake that is used to establish a connection between two systems. In a
SYN flooding attack, the attacker sends fake communication requests to the targeted
system. Each of these requests will be answered by the target system, which then waits for
the third part of the handshake. Since the requests are fake the target will wait for
responses that will never come, as shown in Figure.
Fig: DOS Attack

The target system will drop these connections after a specific time-out period, but if the
attacker sends requests faster than the time-out period eliminates them, the system will
quickly be filled with requests. The number of connections a system can support is finite,
so when more requests come in than can be processed, the system will soon be reserving
all its connections for fake requests. At this point, any further requests are simply dropped
(ignored), and legitimate users who want to connect to the target system will not be able to.
Use of the system has thus been denied to them.
Distributed Denial-Of-Service (DDoS): DDoS is the attack where source is more than
one, often thousands of, unique IP addresses. It is analogous to a group of people crowding
the entry door or gate to a shop or business, and not letting legitimate parties enter into the
shop or business, disrupting normal operations. DDoS is a type of DOS attack where
multiple compromised systems, which are often infected with a Trojan, are used to target a
single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist
of both the end targeted system and all systems maliciously used and controlled by the
hacker in the distributed attack.
A Denial of Service (DoS) attack is different from a DDoS attack. The DoS attack
typically uses one computer and one Internet connection to flood a targeted system or
resource. The DDoS attack uses multiple computers and Internet connections to flood the
targeted resource. DDoS attacks are often global attacks, distributed via botnets.
Types of DDoS Attacks:
 Traffic attacks: Traffic flooding attacks send a huge volume of TCP, UDP and ICPM
packets to the target. Legitimate requests get lost and these attacks may be
accompanied by malware exploitation.
 Bandwidth attacks: This DDoS attack overloads the target with massive amounts of
junk data. This results in a loss of network bandwidth and equipment resources and can
lead to a complete denial of service.
 Application attacks: Application-layer data messages can deplete resources in the
application layer, leaving the target's system services unavailable.
Stacheldraht is a piece of software written by Random for Linux and Solaris systems
Page 18 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
which acts as a distributed denial of service (DDoS) agent. This tool detects and
automatically enables source address forgery. Stacheldraht uses a number of different DoS
attacks, including UDP flood, ICMP flood, TCP SYN flood and Smurf attack.
Fig: DDOS Attack
(ii) Define virus. Explain at least 5 types of viruses. 6M

Ans: Viruses: A program designated to spread from file to file on a single PC, it does not (Definition:
intentionally try to move to another PC and it must replicate and execute itself. Used as 1 mark,
delivery tool for hacking. Five types
of virus
Types of viruses:
with
 Parasitic Viruses: It attaches itself to executable code and replicates itself. Once it is
explanation
infected it will find another program to infect.
: 1 mark
 Memory resident viruses: lives in memory after its execution it becomes a part of
each)
operating system or application and can manipulate any file that is executed, copied or
moved.
 Non- resident viruses: it executes itself and terminates or destroys after specific time.
 Boot sector Viruses: It infects boot sector and spread through a system when it is
booted from disk containing virus.
 Overwriting viruses: It overwrites the code with its own code.
 Stealth Virus: This virus hides the modification it has made in the file or boot record.
 Macro Viruses: These are not executable. It affects Microsoft word like documents,
they can spreads through email.
 Polymorphic viruses: it produces fully operational copies of itself, in an attempt to
avoid signature detection.
 Companion Viruses: creates a program instead of modifying an existing file.
 Email Viruses: Virus gets executed when email attachment is open by recipient. Virus
sends itself to everyone on the mailing list of sender.
 Metamorphic viruses: keeps rewriting itself every time, it may change their behavior
as well as appearance code.
Page 19 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
5. Attempt any TWO : 16 Marks
(a) Explain individual user responsibilities in Computer Security. 8M
Ans: Individual user responsibilities in computer security are: (Each
point: 1
1. Lock the door of office or workspace.
mark, any
2. Do not leave sensitive information inside your car unprotected.
3. Secure storage media in a secure storage device which contains sensitive information. 8 points)
4. Shredding paper containing organizational information before discarding it.
5. Do not expose sensitive information to individuals that do not have an authorized need
to know it.
6. Do not discuss sensitive information with family members.
7. Be alert to, and do not allow, piggybacking, shoulder surfing or access without the
proper identifications.
8. Establish different procedures to implement good password security practice that
employees should follow.
Give proper guidelines for:
(a) Password selection
(b) Piggybacking
(c) Shoulder surfing
(d) Dumpster diving
(e) Installing Unauthorized Software /Hardware
(f) Access by non-employees
(g) Security awareness
(b) What is Security topology? Describe Security zone in detail. 8M
Ans: Security topology: A security topology is the arrangement of hardware devices on a (Security
network with respect to internal security requirements and needs for public access. Topology:
OR 1 mark,
Security topology is a local map that depicts the interconnectivity between security devices security
and security domains that host these networks. zone: 1
mark,
Security Zone: Security zones are the building blocks for policies; they are logical Listing
entities to which one or more interfaces are bound. Security zones provide a means of types of
distinguishing groups of hosts (user systems and other hosts, such as servers) and their security
resources from one another in order to apply different security measures to them. zones: 2
Marks,
Explanati
Types of security zone: on of four
i. Internet Zone: zones: 1
mark
 This zone contains websites. each)
 These sites are not on your computer or on your local intranet.
 It is not a single network but it is a series of interconnected networks.
 It is used to transfer email, files, financial records etc. from one network to another.
 Since everyone has access to this network, so it is difficult to impose security policies,
so it is considered to be un-trusted system.
Page 20 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
 www (World Wide Web) is frequently used with internet.
ii. Intranet Zone:
 It is a private network and is restricted within an organization (LAN).

 It consists of connections through one or more gateway computers to the outside world
i.e. Internet.
 Purpose of Intranet is to share information and computing resources between the
employees of a company.
 It provides facility to work in groups and for telecommunication.
 It uses Internet protocol like TCP/IP, HTTP etc.
iii. Trusted Sites:
 This zone contains websites that you trust are safe.

 When you add websites to trusted site zone you believe that files you download or that
you run from the websites will not damage the computer or data.
iv. iv. Restricted Sites:
 This zone contains websites which are not trusted.

 When anyone adds a website to this zone, he believes that the files that are downloaded
or that run from this website may damage the computer or data.
(c) Explain need for firewall and explain one of the type of firewall with diagram. 8M
Ans: Need for Firewall: (Explanatio

n of need: 4
1. A firewall works as a barrier, or a shield, between your PC and cyber space. marks, Any
one firewall
2. When you are connected to the Internet, you are constantly sending and receiving explanation
information in small units called packets. : 4 marks)
3. The firewall filters these packets to see if they meet certain criteria set by a series of
rules, and thereafter blocks or allows the data.
4. This way, hackers cannot get inside and steal information such as bank account
numbers and passwords from you.
Capabilities:
 All traffic from inside to outside and vice versa must pass through the firewall.
 To achieve this all access to local network must first be physically blocked and access
only via the firewall should be permitted.
 As per local security policy traffic should be permitted.
Page 21 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
 The firewall itself must be strong enough so as to render attacks on it useless.
Types of Firewalls
a. Packet Filter Firewall

b. Circuit level Gateway Firewall
c. Application Gateway Firewall
d. Stateful multilayer Inspection Firewall
e. Software
f. Hardware
g. Hybrid
1. Packet Filter Firewall: A packet filtering router firewall applies a set of rules to
each packet and based on outcome, decides to either forward or discard the packet.
Such a firewall implementation involves a router, which is configured to filter packets
going in either direction i.e. from the local network to the outside world and vice versa.
Packet filter performs the following functions.
a. Receive each packet as it arrives.
b. Pass the packet through a set of rules, based on the contents of the IP and
transport header fields of the packet. If there is a match with one of the set rule,
decides whether to accept or discard the packet based on that rule.
c. If there is no match with any rule, take the default action. It can be discard all
packets or accept all packets.
Advantages: simplicity, transparency to the users, high speed
Disadvantages: difficult to set up packet filtering rules, lack of authentication.
Packet Filtering Firewall
Page 22 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
2. Circuit level gateway Firewalls:

The circuit level gateway firewalls work at the session layer of the OSI model. They
monitor TCP handshaking between the packets to determine if a requested session is
legitimate. And the information passed through a circuit level gateway, to the internet,
appears to have come from the circuit level gateway. So, there is no way for a remote
computer or a host to determine the internal private ip addresses of an organization, for
example. This technique is also called Network Address Translation where the private IP
addresses originating from the different clients inside the network are all mapped to the
public IP address available through the internet service provider and then sent to the
outside world (Internet). This way, the packets are tagged with only the Public IP address
(Firewall level) and the internal private IP addresses are not exposed to potential intruders.
3. Application level gateway Firewalls:

Application level firewalls decide whether to drop a packet or send them through based on
Page 23 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
the application information (available in the packet). They do this by setting up various
proxies on a single firewall for different applications. Both the client and the server
connect to these proxies instead of connecting directly to each other. So, any suspicious
data or connections are dropped by these proxies. Application level firewalls ensure
protocol conformance. For example, attacks over http that violates the protocol policies
like sending Non-ASCII data in the header fields or overly long string along with Non-
ASCII characters in the host field would be dropped because they have been tampered
with, by the intruders.
(a) Describe dumpster diving with its prevention mechanism. 4M

Ans: Dumpster diving: (Concept 3
1. It is the process of going through a target’s trash in order to find little bits of marks,
information System attackers need certain amount of information before launching Prevention
their attack. mechanism
2. One common place to find this information, if the attacker is in the vicinity of target is 1 mark)
to go through the target’s thrash in order to find little bits of information that could be
useful.
3. The process of going through target’s thrash is known as “dumpster diving”.
4. The search is carried out in waste paper, electronic waste such as old HDD, floppy and
CD media recycle and trash bins on the systems etc.
5. If the attacker is lucky, the target has poor security process they may succeed in finding
user ID‟s and passwords.
6. If the password is changed and old password is discarded, lucky dumpster driver may
get valuable clue.
Prevention Mechanism: To prevent dumpster divers from learning anything valuable

from your trash, experts recommend that your company should establish disposal
policy.
Page 24 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
(b) Explain the term stenography with example. 4M
Ans: {{**Note: Considering question as Steganography instead of Stenography**}} (Term:1

Steganography: mark,
 Steganography is the art and science of writing hidden message in such a way that no Concept: 3
one, apart from the sender and intended recipient, suspects the existence of the marks)
message.
 Steganography works by replacing bits of useless or unused data in regular computer
files (such as graphics, sound, text, html or even floppy disks) with bits of different,
invisible information.
 This hidden information can be plain text, cipher text or even images. In modern
steganography, data is first encrypted by the usual means and then inserted, using a
special algorithm, into redundant data that is part of a particular file format such as a
JPEG image.
Steganography process : Cover-media + Hidden data + Stego-key = Stego-medium
 Cover media is the file in which we will hide the hidden data, which may also be
encrypted using stego-key.
 The resultant file is stego-medium.
 Cover-media can be image or audio file. Stenography takes cryptography a step further
by hiding an encrypted message so that no one suspects it exists.
 Ideally, anyone scanning your data will fail to know it contains encrypted data.
Stenography has a number of drawbacks when compared to encryption.
 It requires a lot of overhead to hide a relatively few bits of information. i.e. One can
hide text, data, image, sound, and video, behind image.
(c) Explain e-mail security techniques (protocols). 4M
Page 25 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
Ans: A. SMTP- Simple Mail Transfer Protocol. (Listing: 1
mark: any
1. It is a popular network services in Email communication.
two
2. It is system for sending messages to other computer users based on email.
3. It is request response based activity. protocols:
4. It also provides email exchange process. 1.5 marks)
5. It attempts to provide reliable service but not guarantees to sure recovery from failure.
B. PEM- Privacy Enhanced Mail.
1. Privacy-Enhanced Mail (PEM) is an Internet standard that provides for secure

exchange of electronic mail.
2. PEM employs a range of cryptographic techniques to allow for
 Confidentiality
 Non - repudiation
 Message integrity
 The confidentiality feature allows a message to be kept secret from people to whom the
message was not addressed.
 The Non - repudiation allows a user to verify that the PEM message that they have
received is truly from the person who claims to have sent it.
 The message integrity aspects allow the user to ensure that a message hasn't been
modified during transport from the sender.
C. PGP- Pretty Good Privacy
 Pretty Good Privacy is a popular program used to encrypt and decrypt email over the
internet.
 It becomes a standard for e-mail security.
 It is used to send encrypted code (digital signature) that lets the receiver verify the
sender‘s identity and takes care that the route of message should not change.
Page 26 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
 PGP can be used to encrypt files being stored so that they are in unreadable form and
not readable by users or intruders.
 It is available in Low cost and Freeware version.
 It is most widely used privacy ensuring program used by individuals as well as many
corporations.
D. S/MIME – Secure Multipurpose Internet Mail Extension
 The traditional email system using SMTP protocol are text based which means that a
person can compose text message using an editor and them sends it over Internet to the
recipient, but multimedia files or documents in various arbitrary format cannot be sent
using this protocol.
 To cater these needs the Multipurpose Internet Mail Extensions (MIME) system
extends the basic email system by permitting users to send the binary files using basic
email system.
 And when basic MIME system is enhanced to provide security features, it is called as
Secure Multipurpose Internet Mail Extensions.
 S/MIME provides security for digital signature and encryption of email message.
(d) What is intrusion detection system? Explain host based IDS. 4M
Ans: Intrusion detection system (IDS):
An intrusion detection system (IDS) monitors network traffic and monitors for suspicious (IDS:1mark,
activity and alerts the system or network administrator. In some cases the IDS may also Explanati
respond to anomalous or malicious traffic by taking action such as blocking the user or on of
source IP address from accessing the network. HIDS: 2
marks,
HIDS Host Intrusion Detection Systems Diagram:
i. They are run on individual hosts or devices on the network. 1 mark)
ii. A HIDS monitors the inbound and outbound packets from the device only and will
iii. HIDS is looking for certain activities in the log file are:
 Login authentication failure
 Adding new user account
Page 27 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
 Modification or access of critical system files
 Modification or removal of binary files
 Starting or stopping processes
Basic Components HIDS:
This component collects activity or events from the IDS to examine.

On Host-based IDS, this can be log files, audit logs, or traffic coming to or leaving a
specific system
suspicious or malicious activity stored in the signature database.
The analysis engine acts like a brain of the IDS.
(e) What is TLS? What are two layers of TLS? 4M
Page 28 of 29
lOMoARcPSD|29063204

(Autonomous)
___________________________________________________________________________________________________________________
Ans: The Transport Layer security (TLS) protocol provides communications privacy over (Explanation
internet. The protocol allows client-server applications to communicate in a way that is : 2 marks,
designed to prevent eavesdropping, tampering or message forgery. The primary goal of the Layers: 1
TLS protocol is to provide privacy in data integrity between two communicating mark each)
applications.
The protocol is composed of two layers:
1. TLS Record Protocol provides connection security with some encryption method such
as the Data Encryption Standard (DES). The TLS Record Protocol can also be used
without encryption. The
2. TLS Handshake Protocol allows the server and client to authenticate each other and to
negotiate an encryption algorithm and cryptographic keys before data is exchanged.
Page 29 of 29
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
Subject Title: Computer Security Subject Code: 17514
scheme.
figure drawn.
concept.

No. Q. N. Scheme
1. (A) Attempt any THREE of the following: 12Marks
(a) Describe CIA Security model. 4M
Ans: CIA Model for security: (CIA: 2

Confidentiality, Integrity and Authentication i.e. these three concepts are considered as marks,
backbone of security. These concepts represent the fundamental principles of security. Explanation
of Each
1. Confidentiality: Concept
 The principle of confidentiality specifies that only sender and intended recipients with
Example:2
should be able to access the contents of a message.
marks )
 Confidentiality gets compromised if an unauthorized person is able to access the
 Example of compromising the Confidentiality of a message is shown in fig
 Here, the user of a computer A send a message to user of computer B. another user C
gets access to this message, which is not desired and therefore, defeats the purpose
Page | 1
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
of Confidentiality.
 This type of attack is also called as Interception.
2. Authentication:
 Authentication helps to establish proof of identities.
 The Authentication process ensures that the origin of a message is correctly
identified.
 For example, suppose that user C sends a message over the internet to user B.
as user A?
 This concept is shown in fig. below. This type of attack is called as Fabrication.
3. Integrity:
 When the contents of the message are changed after the sender sends it, but before it
reaches the intended recipient, we say that the integrity of the message is lost.
 For example, here user C tampers with a message originally sent by user A, which is
 This type of attack is called as Modification.
Page | 2
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
(b) What is shoulder surfing? How it can be prevented? 4M
Ans:  Shoulder surfing is a similar procedure in which attackers position themselves in (Explanatio
such a way as-to be-able to observe the authorized user entering the correct access n: 3 marks,
code or data. Prevention:
 Both of these attack techniques can be easily countered by using simple procedures 1 mark)
to ensure nobody follows you too closely or is in a position to observe your actions.
 Shoulder surfing is using direct observation techniques, such as looking over
someone's shoulder, to get information.
 Shoulder surfing is an effective way to get information in crowded places because
it's relatively easy to stand next to someone and watch as they fill out a form, enter a
PIN number at an ATM machine.
 Shoulder surfing can also be done long-distance with the idea of binoculars or other
vision-enhancing devices.
 To prevent shoulder surfing:
Experts recommend that you shield paper work or your keypad from view by using
your body or cupping your hand.
(c) Describe symmetric and asymmetric key cryptography. 4M
Ans: Symmetric-Key Cryptography: (Symmetric

key: 2
 Symmetric-key cryptography uses a single key for both encryption and decryption.
marks,
 Encryption and decryption algorithm are inverse of each other. Asymmetric
key: 2
Example: marks)
To create the cipher text from the plain text John uses an encryption algorithm and a
key. To create the plain text from cipher text, Bob uses the decryption algorithm and the
same key.
Asymmetric-Key cryptography:
 It is also called public key cryptography.
 In public key cryptography two keys: a private key and a public key is used.
 Encryption is done through the public key and decryption through private key.
 Receiver creates both the keys and is responsible for distributing its public key to the
communication community.
 Example: The sender (say John) uses the public key to encrypt the plain text into
cipher text and the receiver (say Bob) uses his private key to decrypt the cipher text.
Page | 3
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
(d) What is a Virus? Describe various phases of virus. 4M
Ans: Virus is a program which attaches itself to another program and causes damage to the (Definition
computer system or the network. It is loaded onto your computer without your of Virus: 1
knowledge and runs against your wishes. mark
,Listing
During the lifecycle of virus it goes through the following four phases:
phases of
Virus: 1
 Dormant phase: The virus is idle and activated by some event. mark,
 Propagation phase: It places an identical copy of itself into other programs or into Explanation
certain system areas on the disk. of Phases: 2
 Triggering phase: The virus is activated to perform the function for which it was marks)
intended.
 Execution phase: The function of virus is performed
(B) Attempt any ONE of the following: 6Marks
(a) Describe with the neat diagram model for security. 6M
Ans: ( Diagram:
2 marks,
Explanation
: 4 marks)
OR
Page | 4
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
A message is to be transferred from one use to another user in secret form using this
security system it can be two or more parties accessing information via Internet.
Sender & receiver are principals of transaction and must cooperate for exchange to
take place.
Model shows four basic tasks:
1. Design algorithm in such a way that an opponent cannot defeat its purpose. This
algorithm is used for security related information.
2. Generate secret information that can be used with algorithm.
3. Develop method for distributing and sharing of secret information.
4. Specify a protocol which can be used by two principals that make use of security
algorithm and secret information to achieve a security service. An information
channel is established by defining a route through Internet from source to destination
with the help of communication protocol like TCP/IP or using normal PC to PC
communication through any media.
Techniques for providing security have following components:-
 A security related transformation on information to be sent.
 This information shared by two principals should be secret.
 A trusted party is required to achieve secure transmission.
 This is responsible for distributing secret information between two principals.
OR
(2 mark for each point)
Model for security:
1. Confidentiality:
 The principle of confidentiality specifies that only sender and intended recipients
should be able to access the contents of a message.
 Confidentiality gets compromised if an unauthorized person is able to access the
Page | 5
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
 Example of compromising the Confidentiality of a message is shown in fig:
 Here, the user of a computer A send a message to user of computer B. another user C
gets access to this message, which is not desired and therefore, defeats the purpose
of Confidentiality.
 This type of attack is also called as interception.
2. Authentication:
 Authentication helps to establish proof of identities.
 The Authentication process ensures that the origin of a message is correctly
identified.
 For example, suppose that user C sends a message over the internet to user B.
as user A?
 This concept is shown in fig. below.
 This type of attack is called as fabrication.
3. Integrity:
 When the contents of the message are changed after the sender sends it, but before it
 For example, here user C tampers with a message originally sent by user A, which is
Page | 6
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
 This type of attack is called as modification.
(b) Describe the process of formatted partition recovery. 6M
Ans: Formatted partition recovery: (Explanation

: 2 marks,
 Formatting refers to dividing the disk in accordance with certain principles, allowing
Steps: 4
computer to store and search files. marks)
 Formatting disk is to eliminate all files on disk.
 There are various formatted partition recovery tool available.
 Although every tool will have different GUI & method of recovery.
 These tools usually operate as per following process steps:
Step 2: Select the file types you want to recover & volume where the formatted hard
drive is. The tool will automatically scan the selected volume.
Step 3: Then the founded data will be displayed on the screen & you can get a preview
of it. Then select the file or directory that you want to recover & save them to a healthy
drive.
2. Attempt any TWO of the following: 16Marks
(a) Describe the following term: 8M

i) Sniffing
ii) Spoofing
Page | 7
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
iii) Man-in-the middle
iv) TCP/IP Hijack
Ans: i) Sniffing: (2 marks for

Each)
 This is software or hardware that is used to observe traffic as it passes through a
network on shared broadcast media.
 It can be used to view all traffic or target specific protocol, service, or string of
characters like logins.
 Some network sniffers are not just designed to observe the all traffic but also modify
the traffic.
 Network administrators use sniffers for monitoring traffic.
 They can also use for network bandwidth analysis and to troubleshoot certain
problems such as duplicate MAC addresses.
ii) Spoofing:
 Spoofing is nothing more than making data look like it has come from a different
source.
 This is possible in TCP/ IP because of the friendly assumption behind the protocol.
When the protocols were developed, it was assumed that individuals who had access
to the network layer would be privileged users who could be trusted.
 When a packet is sent from one system to another, it includes not only the
destination IP address ant port but the source IP address as well which is one of the
forms of Spoofing.
 Example of spoofing: e-mail spoofing, URL spoofing, IP address spoofing.
iii) Man-in-the middle:
 A man in the middle attack occurs when attackers are able to place themselves in the
middle of two other hosts that are communicating in order to view or modify the
traffic.
 This is done by making sure that all communication going to or from the target host
is routed through the attacker‘s host.
 Then the attacker is able to observe all traffic before transmitting it and can actually
modify or block traffic.
 To the target host, communication is occurring normally, since all expected replies
are received.
 To prevent this attack both sender and receiver must authenticate each other.
Page | 8
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
iv) TCP/IP Hijack:
 TCP/IP Hijacking is when an authorized user gains access to a genuine network

connection of another user.
 It is done in order to bypass the password authentication which is normally the start
of a session.
 In theory, a TCP/IP connection is established as shown below
 To hijack this connection, there are two possibilities −

 Find the seq which is a number that increases by 1, but there is no chance to predict
it.
 The second possibility is to use the Man-in-the-Middle attack which, in simple
words, is a type of network sniffing. For sniffing, we use tools
like Wireshark or Ethercap.
 Example:
 An attacker monitors the data transmission over a network and discovers the IP’s of
two devices that participate in a connection.
 When the hacker discovers the IP of one of the users, he can put down the
connection of the other user by DoS attack and then resume communication by
spoofing the IP of the disconnected user.
Page | 9
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
(b) Describe Biometric security mechanism with suitable diagram. 8M
Ans: (Diagram: 2
mark,
Explanation:
4 marks,
Example: 2
mark)
 Biometric refers study of methods for uniquely recognizing humans based upon one
or more intrinsic physical or behavioral characteristics.
 Biometric identification is used on the basis of some unique physical attribute of the
user that positively identifies the user.
 Example: finger print recognition, retina and face scan technic, voice synthesis and
recognition and so on.
 Physiological are related to shape of the body.
 For example finger print, face recognition, DNA, palm print, iris recognition and so
on.
 Behavioral are related to the behavior of a person.
 For example typing rhythm, gait, signature and voice.
 The first time an individual uses a biometric system is called an enrollment.
 During the enrollment, biometric information from an individual is stored.
 In the subsequent uses, biometric information is detected and compared with the
information stored at the time of enrollment.
1. Preprocessing
2. Sensor
3. Feature extractor
4. Template generator
5. Matcher
6. Stored templates
7. Application device
8. Enrollment
Page | 10
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
Step 1): The first block (sensor) is the interface between the real world and the system;
it has to acquire all the necessary data.
Step 2):The 2nd block performs all the necessary preprocessing.
Step 3) The third block extracts necessary features. This step is an important step as the
Step 4) If enrollment is being performed the template is simply stored somewhere (on a
card or within a database or both).if a matching phase is being performed the obtained
template is passed to a matcher that compares it with other existing templates,
estimating the distance between them using any algorithm. The matching program will
analyze the template with the input. This will then be output for any specified use or
purpose.
 List of various biometrics used for computer

security:
 Finger print
 Hand print
 Iris scan
 Face recognition
 DNA recognition
 Voice pattern
 Signature recognition
 Keystrokes
 Example:
During registration, first time an individual uses a biometric system is called an
enrolment. During the enrolment, biometric information from an individual is stored. In
the verification process, biometric information is detected and compared with the
information stored at the time of enrolment.
(c) Describe DES Algorithm with suitable diagram. 8M
Ans: The Data Encryption Standard is generally used in the ECB, CBC, or the CFB mode. (Definition:
DES is a block cipher. It encrypts data in blocks of size 64 bits each. That is, 64 bits of 1 mark ;
plain text goes as the input to DES, which produces 64 bits of cipher text .DES is
Diagram:
based on the two fundamental attributes of cryptography: substitution and
1m; process
transposition. The process diagram as follows.
Diagram: 1
mark, for
each step: 1
Page | 11
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
mark)
Initial Permutation (IP): It happens only once. It replaces the first bit of the original
plain text block with the 58th bit of the original plain text block, the second bit with the
50th bit of original plain text block and so on. The resulting 64-bits permuted text block
is divided into two half blocks. Each half block consists of 32 bits. The left block called
as LPT and right block called as RPT.16 rounds are performed on these two blocks.
Details of one round in DES
Step 1 : key transformation: the initial key is transformed into a 56-bit key by
discarding every 8th bit of initial key. Thus ,for each round , a 56 bit key is available,
from this 56-bit key, a different 48-bit sub key is generated during each round using a
process called as key transformation
Expansion Permutation
Key Transformation
Page | 12
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
S-box substitution
XOR and swap
P-box Permutation
Step 2: Expansion permutation: During Expansion permutation the RPT is expanded
from 32 bits to 48 bits. The 32-bit RPT is divided into 8 blocks, with each block
consisting of 4-bits. Each 4-bits block of the previous step is then expanded to a
corresponding 6-bit block, per 4-bit block, 2 more bits are added. They are the repeated
1st and 4th bits of the 4-bit block. The 2nd and 3rd bits are written as they were in the
input. The 48 bit key is XORed with the 48-bit RPT and the resulting output is given to
the next step.
Step 3: S-box substitution: It accepts the 48-bits input from the XOR operation
involving the compressed key and expanded RPT and produces 32-bit output using the
substitution techniques. Each of the 8 S-boxes has a 6-bit input and a 4-bit output. The
output of each S-box then combined to form a 32-bit block, which is given to the last
stage of a round.
Step 4: P- box permutation: the output of S-box consists of 32-bits. These 32-bits are
permuted using P-box.
Step 5: XOR and Swap: The LPT of the initial 64-bits plain text block is XORed with
the output produced by P box-permutation. It produces new RPT. The old RPT
becomes new LPT, in a process of swapping.
Page | 13
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
Final Permutation: At the end of 16 rounds, the final permutation is performed. This is
simple transposition. For e.g., the 40th input bit takes the position of 1st output bit and
so on.
3. Attempt any FOUR of the following: 16Marks
(a) Describe DMZ with suitable diagram. 4M
Ans: It is a computer host or a small network inserted as a neutral zone between company’s (Relevant
private network and outside public network. It prevents direct Access to a server that has Diagram: 2
company data. marks, 1
mark per
point)
 It avoids outside users from getting direct access to a company’s data server. A DMZ
is an optional but more secure approach to a firewall. It can effectively acts as a
Page | 14
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
proxy server.
 The typical DMZ configuration has a separate computer or host in network which
receives requests from users within the private network to access a web sites or
public network.
 Then DMZ host initiates sessions for such requests on the public network but it is
not able to initiate a session back into the private network. It can only forward
packets which have been requested by a host.
 The public network’s users who are outside the company can access only the DMZ
host.
 It can store the company’s web pages which can be served to the outside users.
Hence, the DMZ can’t give access to the other company’s data.
 By any way, if an outsider penetrates the DMZ’s security the web pages may get
corrupted but other company’s information can be safe.
(b) State the importance of security awareness. How it can be achieved? 4M
Ans: Security awareness program is most effective method to oppose potential social (Importance:
engineering attacks when organization’s security goals and policies are established. An 2 marks,
important element that should concentrate in training is which information is sensitive Relevant
for organization and which may be the target of a social engineering attack
point for
 An unaware user is as dangerous to the system as the attacker.
acquiring
 An active security awareness program is most effective method to oppose potential
social engineering attacks. security:
 User should be able to create their own easy to remember passwords, but should not 1mark)
be easy for someone else to guess or obtain using password cracking utilities.
 Password should meet some essential guidelines for e.g. password should contain
some special characters etc.
 It should not consist of dictionary words.
 An approach of following closely behind a person who has just used their own
access card or PIN to gain physical access. In this way an attacker can gain access to
the facility without knowing the access code.
 An attacker positions themselves in such a way that he is able to observe the
authorized user entering the correct access code.
 Because of possible risks, many organizations do not allow their users to load
software or install new hardware without the information and help of administrators.
Organizations also restrict what an individual do by received e-mails.
 An attacker can get physical access to a facility then there are many chances of
obtaining enough information to enter into computer systems and networks. Many
organizations restrict their employees to wear identification symbols at work.
Page | 15
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
(c) What is steganography? What are its applications? 4M
Ans:  Steganography is a technique that facilitates hiding of message that is to keep secret (Explanation
inside other message. : 2 marks
,Applications
 Steganography is the art and science of writing hidden message in such a way that no : 2 mark,
one, apart from the sender and intended recipient, suspects the existence of the
Any 2
message.
 Steganography works by replacing bits of useless or unused data in regular computer applications
files (such as graphics, sound, text, html or even floppy disks) with bits of different, expected )
invisible information. This hidden information can be plain text, cipher text or even
images.
 In modern steganography, data is first encrypted by the usual means and then
inserted, using a special algorithm, into redundant data that is part of a particular file
format such as a JPEG image.
 Steganography process :
 Cover-media + Hidden data + Stego-key = Stego-medium
 Cover media is the file in which we will hide the hidden data, which may also be
encrypted using stego-key. The resultant file is stego-medium. Cover-media can be
image or audio file.
 Stenography takes cryptography a step further by hiding an encrypted message so
that no one suspects it exists. Ideally, anyone scanning your data will fail to know it
contains encrypted data.
 Applications :
1. Confidential communication and secret data storing
2. Protection of data alteration
3. Access control system for digital content distribution
4. Media Database systems
(d) Describe IP based VLAN in detail. 4M
Ans: A Virtual Local Area Network (VLAN) is a logical network allowing systems on (Explanation
different physical networks to interact as if they were connected to the same physical : 3 marks,
network. Diagram: 1
IP Subnet VLANs
mark)
In this type of VLAN, all the incoming traffic will be divided according to the IP subnet
address of each source/destination. This will provide great flexibility in network because
Page | 16
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
the users can move computers from one location to another location and can remain in
the same VLAN. The disadvantage of VLAN is that it needs additional processing for
the layer 3 header and therefore it adds more latency than the other VLAN segments.
(e) Describe SET participants. 4M
Ans: For secure electronic transaction SET participant are there. (Each
1) Cardholders- cardholder is an authorized holder of payment card like Master card, participants:
visa that has been issued by an issuer. 1 mark ,
2) Merchant- A merchant is a person or organization that has goods or services to sell
Any 4
to cardholder.
3) Issuer- This is financial institution like bank. participants
4) Acquirer- This is a financial institution that establishes account with merchant & expected )
process payment card authorization & payment.
5) Payment Gateway- This is a function operated by acquire.
6) The payment gateway process between SET & existing bankcard payment networks
.For authorization & payment function.
7) The merchant exchanges SET messages with payment gateway over internet.
8) Certificate Authority- This is an entity that is trusted to issue public key for
cardholder, merchant & payment gateways.
4. (A) Attempt any THREE: 12Marks
(a) Convert plain text into cipher text by using simple columnas technique of the 4M
following sentence:
‘ALL IS WELL FOR YOUR EXAM’
Ans: ALL IS WELL FOR YOUR EXAM (4 marks for

Correct step
The columnar transposition cipher is a transposition cipher that follows a simple rule for
)
Mixing up the characters in the plaintext to form the cipher-text. It can be combined
Page | 17
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
with other ciphers, such as a substitution cipher, the combination of which can be more
difficult to break than either cipher on its own. The cipher uses a columnar transposition
to greatly improve its security.
Algorithm:
1. The message is written out in rows of a fixed length.
Example
The key for the columnar transposition cipher is a keyword e.g. MANGO
The row length that is used is the same as the length of the keyword.
To encrypt a below plaintext
ALL IS WELL FOR YOUR EXAM
4 5 3 2 1
M A N G O
A L L I S
W E L L F
O R Y O U
R E X A M
The Encrypted text or Cipher text is:
SFUM ILOA LLYX AWOR LERE
Page | 18
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
(b) Describe IPsec configuration. 4M
Ans: (Diagram: 2
marks ,
Explanation:
2 marks )
IP sec overview:
It encrypts and seal the transport and application layer data during transmission. It also
offers integrity protection for internet layer. It sits between transport and internet layer
of conventional TCP/IP protocol
1. Secure remote internet access:

Using IPsec make a local call to our internet services provider (ISP) so as to connect to
organization network in a secure fashion from our house or hotel from there; to access
the corporate network facilities or access remote desktop/servers.
2. Secure branch office connectivity:
Rather than subscribing to an expensive leased line for connecting its branches across
cities, an organization can setup an IPsec enabled network for security.
3. Setup communication with other organization:
Just as IPsec allow connectivity between various branches of an organization, it can also
be used to connect the network of different organization together in a secure &
inexpensive fashion.
IP packet consist two position IP header & actual data IPsec feature are implemented in
the form of additional headers called as extension header to the standard, default IP
header. IPsec offers two main services authentication & confidentially. Each of these
requires its own extension header. Therefore, to support these two main services, IPsec
defines two IP extension header one for authentication & another for confidentiality.
Page | 19
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
It consists of two main protocols
Authentication header (AH): Authentication header is an IP Packet (AH) protocol

provides authentication, integrity &an optional anti-reply service. The IPsec AH is a
header in an IP packet. The AH is simply inserted between IP header & any subsequent
packet contents no changes are required to data contents of packet. Security resides
completing in content of AH.
Encapsulation Header (ESP): Used to provide confidentiality, data origin

authentication, data integrity. It is based on symmetric key cryptography technique. ESP
can be used in isolation or it can be combined with AH.
Page | 20
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
(c) Describe the process of cyber crime investigation. 4M
Ans:  Cybercrime investigation is done to determine the nature of crime and collect (Each step: 1
evidence e.g. hardware, software related with the crime. mark, Any
 This is used to stop a crime in progress, report crime which was done in the past. four steps
 Relevant IT training is necessary for Cybercrime investigation. expected)
 First step of investigation team is to secure computers, networks & components that
are connected with crime.
 Investigators may clone the system to explore it. They can take a detailed audit of a
computer
 Interviews: Investigators arrange interviews with victims, witness.
 Surveillance: Investigators checks the digital activities, monitors all elements of
suspect.
 Forensics: Mining a computer for all related information to detect potential
evidence.
 Undercover: Steps to uncover to trap criminals using fake online identities.
 Obtain a search warrant and seize the victims equipment
 Identify the victim's configuration.
 Acquire the evidence carefully.
(d) What is an application hardening? How it can be achieved? 4M
Ans: Application Hardening: It is to secure an application against local & (Definition: 2

Internet-based attacks. In this the functions or components are removed which are not marks, steps:
needed, 2 marks, Any
Restrict the access where you can and make sure the application is kept up to date with
two steps
patches.
It includes: expected)
1. Application Patches- Application patches are supplied from the vendor who sells the
application. They are probably come in three varieties: hot fixes, patches & up-grades.
Hotfixes: Normally this term is given to small software update designed to address a
particular problem like buffer overflow in an application that exposes the system to
attacks.
Patch: This term is generally applied to more formal, larger s/w updates that may
address several or many s/w problems. Patches often contain improvement or additional
capabilities & fixes for known bugs.
Upgrades: Upgrades are another popular method of patching application & they are
likely to be received with a more positive role than patches.
2. Web servers: Web servers are the most common Internet server-side application in
use. These are mainly designed to provide content & functionality to remote users
through a standard web browser.
Page | 21
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER

Applications, data sources and systems and it includes advanced encryption capabilities
like Kerberos and PKI.
(B) Attempt any ONE of the following: 6Marks
(a) What is Risk? How it can be analyzed? List various assets. 6M
Ans:  A computer security risk is any event or action that could cause a loss or damage to (Definition: 2
computer hardware, software, data, or information. marks,
Analyzing: 2
 Some breaches to computer security are accidental, but some are planned. Any marks,
illegal act involving a computer is generally referred to as a computer crime. Assets: 2
marks)
 Cybercrime refers to online or Internet-based illegal acts.
 Some of the more common computer security risks include Computer viruses,
Unauthorized access and use of computer systems ,Hardware theft and software
theft, Information theft and information privacy, System failure
 When performing risk analysis it is important to weigh how much to spend

protecting each asset against the cost of losing the asset.
 It is also important to take into account the chance of each loss occurring.
 If a hacker makes a copy of all a company's credit card numbers it does not cost
them anything directly but the loss in fine and reputation can be enormous.
An asset is any data, device, or other component of the environment that supports
information-related activities.
Assets generally include

 hardware (e.g. servers and switches),
 software (e.g. mission critical applications and support systems)
 Confidential information.
Assets should be protected from unauthorized access, use, alteration, destruction, and/or
theft, resulting in loss to the organization.
Page | 22
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
(b) State the types of attacks and describe Active and Passive attack with at least one 6M
example each.
Ans: Passive Attack: (Explanation

A passive attack monitors unencrypted traffic and looks for clear-text passwords and Each types: 2
sensitive information that can be used in other types of attacks. marks,
Passive attacks include
Example
 traffic analysis,
Each types:1
 release of message contents
 monitoring of unprotected communications, mark)
 decrypting weakly encrypted traffic,
 Capturing authentication information such as passwords.
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions.
 The goal of the opponent is to obtain information that is being transmitted.
 The release of message contents is easily understood. A telephone conversation, an
electronic mail message, and a transferred file may contain sensitive or confidential
information. We would like to prevent an opponent from learning the contents of
these transmissions.
 A second type of passive attack, traffic analysis.
 Suppose that we had a way of masking the contents of messages or other
information traffic so that opponents, even if they captured the message, could not
extract the information from the message. The common technique for masking
contents is encryption. If we had encryption protection in place, an opponent might
still be able to observe the pattern of these messages. The opponent could determine
the location and identity of communicating hosts and could observe the frequency
and length of messages being exchanged. This information might be useful in
guessing the nature of the communication that was taking place.
 Passive attacks are very difficult to detect because they do not involve any alteration
of the data.
 Typically, the message traffic is not sent and received in an apparently normal
fashion and the sender nor receiver is aware that a third party has read the messages
or observed the traffic pattern.
 However, it is feasible to prevent the success of these attacks, usually by means of
encryption. Thus, the emphasis in dealing with passive attacks is on prevention
rather than detection.
Active Attack:
 In an active attack, the attacker tries to bypass or break into secured systems.
 This can be done through stealth, viruses, worms, or Trojan horses.
 Active attacks include attempts to circumvent or break protection features, to
introduce malicious code, and to steal or modify information.
 These attacks are mounted against a network backbone, exploit information in
transit, electronically penetrate an enclave, or attack an authorized remote user
Page | 23
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
during an attempt to connect to an enclave.
 Active attacks result in the disclosure or dissemination of data files, DoS, or
modification of data.
Active attacks can be divided into four categories:

 masquerade,
 replay,
 modification of messages,
 Denial of Service(DoS)
 A masquerade takes place when one entity pretends to be a different entity. A

masquerade attack usually includes one of the other forms of active attack.
 In replay attack, authentication sequences can be captured and replayed after a valid
authentication sequence has taken place, thus enabling an authorized entity with few
privileges to obtain extra privileges by impersonating an entity that has those
privileges.
 Replay involves the passive capture of a data unit and its subsequent retransmission
to produce an unauthorized effect.
 Modification of messages simply means that some portion of a legitimate message is

altered, or that messages are delayed or reordered, to produce an unauthorized effect.
For example, a message meaning "Allow Ajay to read confidential accounts" is
modified to mean "Allow Vijay to read confidential accounts."
5. Attempt any TWO of the following: 16Marks
(a) What is a password? Describe various policies for password selection. 8M
Ans: Password: Password is a secret word or expression used by authorized persons to prove (Password:
their right to access, information, etc. 4 marks,
Four
Components of good password: selection
1. It should be at least eight characters long. Policies: 1
2. It should include uppercase and lowercase letters, numbers, special characters or marks each)
punctuation marks.
3. It should not contain dictionary words.
4. It should not contain the user's personal information such as their name, family
member's name, birth date, pet name, phone number or any other detail that can
easily be identified.
5. It should not be the same as the user's login name.
Page | 24
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
6. It should not be the default passwords as supplied by the system vendor such as
password, guest, and admin and so on.
Policies for Password selection:

1. User education: Users can be told the importance of using hard-to-guess passwords and
can be provided with guidelines for selecting strong passwords. This user education
strategy is unlikely to succeed at most installations, particularly where there is a large
user population or a lot of turn over. Many users will simply ignore the guidelines.
Others may not be good judges of what is a strong password. For example, many users
believe that reversing a word or capitalizing the last letter makes a password un-
guessable.
users will not be able to remember them. Even if the password is pronounceable, the
user may have difficulty remembering it and so be tempted to write it down. In general,
computer-generated password schemes have a history of poor acceptance by users.
FIPS PUB 181 defines one of the best-designed automated password generators. The
standard includes not only a description of the approach but also a complete listing of
the C source code of the algorithm. The algorithm generates words by forming
pronounceable syllables and concatenating them to form a word. A random number
generator produces a random stream of characters used to construct the syllables and
words.
the system periodically runs its own password cracker to find guessable passwords. The
system cancels any passwords that are guessed and notifies the user. This tactic has a
number of drawbacks. First it is resource intensive, if the job is done right. Because a
determined opponent who is able to steal a password file can devote full CPU time to
the task for hours or even days an effective reactive password checker is at a distinct
disadvantage. Furthermore, any existing passwords remain vulnerable until the reactive
password checker finds them.
security is a proactive password checker. In this scheme, a user is allowed to select his
or her password. However, at the time of selection, the system checks to see if the
password is allowable and if not, rejects it. Such checkers are based on the philosophy
that with sufficient guidance from the system, users can select memorable passwords
from a fairly large password space that are not likely to be guessed in a dictionary
attack. The trick with a proactive password checker is to strike a balance between user
acceptability and strength. If the system rejects too many passwords, users will
complain that it is too hard to select a password. If the system uses some simple
Page | 25
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
algorithm to define what is acceptable, this provides guidance to password crackers to
refine their guessing technique. In the remainder of this subsection, we look at possible
approaches to proactive password checking.
(b) Describe with suitable diagram Intrusion Detection System. 8M
Ans: An IDS (Intrusion detection system) is intrusion detection system is process of (IDS: 2
monitoring the events occurring in computer system or network & analyzing tem for marks,
signs of possible incident which are threats of computer security. Intrusion detection Diagram: 2
system (IDS) is a device or software application that monitors network or system marks, IDS
activities for malicious activities or policy violations and produces reports to a components
management station. IDS come in a variety of “flavors” and approach the goal of : 2 marks,
detecting suspicious traffic in different ways. Types: 2
marks)
IDS have following logical components

1. Traffic collection: collects activity as events from IDS to examine. On Host-based
IDS, this can be log files, Audit logs or traffic coming to or leaving a system. On
network based IDS, this is typically a mechanism for copying traffic of network link
2. Analysis Engine: examines collected network traffic & compares it to known
patterns of suspicious or malicious activity stored in digital signature. The analysis
engine act like a brain of IDS
3. Signature database: a collection of patterns & definitions‟ of known suspicious or
malicious activity.
4. User Interface & Reporting: interfaces with human element, providing alerts when
suitable & giving the user a means to interact with & operate the IDS.
IDS are mainly divided into two categories, depending on monitoring activity:
1) Host-based IDS: Host based IDS looks for certain activities in the log files are:
1. Logins at odd hours
2. Login authentication failure.
Page | 26
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
3. Adding new user account
4. Modification or access of critical systems files.
5. Modification or removal of binary files
6. Starting or stopping processes.
7. Privilege escalation
8. Use of certain program
2) Network based IDS: Network based IDS looks for certain activities like:
1. Denial of service attacks.

2. Port scans or sweeps
3. Malicious contents in the data payload of packet(s)
4. Vulnerability of scanning
5. Trojans, Viruses or worms
6. Tunneling
7. Brute force attacks.
(c) Describe ‘Kerberos’ protocol with suitable diagram. 8M
Ans: Kerberos: (Explanation

Kerberos is a network authentication protocol. It is designed to provide strong :3 marks,
authentication for client/server applications by using secret-key cryptography. Diagram: 1
It uses secret key cryptography. mark, Each
step: ½
It is a solution to network security problems.
mark)
It provides tools for authentication and strong cryptography over the network to help
you secure your information system
There are 4 parties involved in Kerberos protocol
i) User
ii) Authentication service (AS)
iii) Ticket granting server (TGS)
iv) Service server
Working of Kerberos:
1. The authentication service, or AS, receivers the request by the client and verifies that
the client is indeed the computer it claims to be. This is usually just a simple
database lookup of the user’s ID.
Page | 27
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
2. Upon verification, a timestamp is created. This puts the current time in a user
session, along with an expiration date. The default expiration date of a timestamp is
8 hours. The encryption key is then created. The timestamp ensures that when 8
hours is up, the encryption key is useless.
3. The key is sent back to the client in the form of a ticket-granting ticket, or TGT. This
is a simple ticket that is issued by the authentication service. It is used for
authentication the client for future reference.
4. The client submits the ticket-granting ticket to the ticket-granting server, or TGS, to
get authenticated.
ticket.
Page | 28
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
service contacts the key distribution center to receive a session that is returned to the
client.
6. Attempt any FOUR of the following: 16Marks
(a) What is piggybacking? How it can be prevented? 4M
Ans: Piggybacking: It is the simple process of following closely behind a person who has (Piggybacki
just used their own access card or PIN to gain physical access to a room or building. An ng: 2
attacker can thus gain access to the facility without having to know the access code or marks,
having to acquire an access card. i.e. Access of wireless internet connection by Prevention:
bringing one's own computer within range of another wireless connection & using that 2 marks)
without explicit permission, it means when an authorized person allows (intentionally
or unintentionally) others to pass through a secure door. Piggybacking on Internet
access is the practice of establishing a wireless Internet connection by using another
subscriber's wireless Internet access service without the subscriber’s explicit permission
Page | 29
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
or knowledge. It is the simple tactic of following closely behind a person who has just
used their own access card or PIN to gain physical access to a room or building. An
attacker can thus gain access to the facility without having to know the access code or
having to acquire an access card. Piggybacking is sometimes referred to as "Wi-Fi
squatting." The usual purpose of piggybacking is simply to gain free network access
rather than any malicious intent, but it can slow down data transfer for legitimate users
of the network.
Prevention:
1. Piggybacking can be prevented by ensuring that encryption is enabled in router by
using Wireless Encryption Protocol (WEP) or Wireless Protected Access (WPA) or
WPA2.
2. Using a strong password for encryption key, consisting of at least 14 characters and
mixing letters and numbers.
(b) What is One Time Pad (OTP) security mechanism? 4M
Ans: One time pad Security Mechanism: One time pad (Vernam Cipher) is the encryption (Explanation
mechanism in which the encryption-key has at least the same length as the plaintext and : 2 marks,
consists of truly random numbers. Each letter of the plaintext is mixed with one element Example: 2
marks)
from the OTP. This results in a cipher-text that has no relation with the plaintext when
the key is unknown. At the receiving end, the same OTP is used to retrieve the original
plaintext
Steps for One time pad :
1. The key should be as long as the message
2. Key and plain text calculated modulo 26
3. There should only be 2 copies of the key (1 for sender and 1 for receiver)
Example: Suppose Alice wishes to send the message "HELLO" to Bob In OTP assign
each letter a numerical value: e.g. "A" is 0, "B" is 1, and so on. Here, we combine the
key and the message using modular addition. The numerical values of corresponding
message and key letters are added together, modulo 26. If key is "XMCKL" and the
message is "HELLO", then the encrypted text will be “EQNVZ”
Page | 30
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
Fig: One time pad
(c) Describe PGP with suitable diagram. 4M
Ans: PGP is Pretty Good Privacy. It is a popular program used to encrypt and decrypt email (Diagram: 2
over the internet. It becomes a standard for e-mail security. It is used to send encrypted marks,
code (digital signature) that lets the receiver verify the sender’s identity and takes care Description:
that the route of message should not change. PGP can be used to encrypt files being 2 marks)
stored so that they are in unreadable form and not readable by users or intruders It is
available in Low cost and Freeware version. It is most widely used privacy ensuring
program used by individuals as well as many corporations.
Fig. PGP
There are five steps as shown in fig.
1. Digital signature: it consists of the creation a message digest of the email message
using SHA-1 algorithm. The resulting MD is then encrypted with the sender’s private
key. The result is the sender’s digital signature.
2. Compression: the input message as well as p digital signature are compressed
Page | 31
lOMoARcPSD|29063204

(Autonomous)
MODEL ANSWER
together to reduce the size of final message that will be transmitted. For this the Lempel-
Ziv algorithm is used.
3. Encryption: The compressed output of step 2 (i.e. the compressed form of the
original email and the digital signature together) are encrypted with a symmetric key.
4. Digital enveloping: the symmetric key used for encryption in step 3 is now encrypted
with the receiver’s public key. The output of step 3 and 4 together form a digital
envelope.
5. Base-64 encoding: this process transforms arbitrary binary input into printable
character output. The binary input is processed in blocks of 3 octets (24-bits).these 24
bits are considered to be made up of 4 sets, each of 6 bits. Each such set of 6 bits is
mapped into an 8-bit output character in this process.
(d) What is pornography? 4M
Ans: PORNOGRAPHY: The depiction of nudity or erotic behavior, in writing, pictures, (Explanation
video, or otherwise, with the intent to cause sexual excitement. Is the depiction of erotic : 4 marks)
behavior (as in pictures or writing) intended to cause sexual excitement material (as
books or a photograph) that depicts erotic behavior and is intended to cause sexual
excitement the depiction of acts in a sensational manner so as to arouse a quick intense
emotional reaction? Pornography is defined as imagery, in addition to various forms of
media, that depicts actions presumed to be overtly sexual and erotic in nature. In a legal
spectrum, Pornography can be defined as sexually-explicit material that is displayed or
viewed with the intention of the provision of sexual gratification.
(e) What is SSL/TLS? 4M
Ans: Transport Layer Security (TLS) and Secure Sockets Layer (SSL), both referred to as (Explanation
"SSL" are cryptographic protocols that provide communications security over a network. : 4 marks)
The Transport Layer security (TLS) protocol provides communications privacy over
internet. The protocol allows client-server applications to communicate in a way that is
designed to prevent eavesdropping, tampering or message forgery. The primary goal of
the TLS protocol is to provide privacy in data integrity between two communicating
applications.
1. TLS Record Protocol provides connection security with some encryption method
such as the Data Encryption Standard (DES). The TLS Record Protocol can also be
used without encryption.
2. The TLS Handshake Protocol allows the server and client to authenticate each other
and to negotiate an encryption algorithm and cryptographic keys before data is
exchanged.
Page | 32
lOMoARcPSD|29063204

(Autonomous)
Model Answer Subject Code:
17514
______________________________________________________________________________________________
scheme.
figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed constant values may
vary and there may be some difference in the candidate‟s answers and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of relevant answer based
on candidate‟s understanding.
7) For programming language papers, credit may be given to any other program based on equivalent concept.

No Q. Scheme
. N.
1. a) Attempt any three. 12
a) Describe the basic principles of computer security. 4M
Ans: The need of computer security has been threefold: confidentiality, integrity, and (1 mark for
availability the “CIA” of security. Confidentiality, Integrity, Availability, Availability, each
Authentication, Other elements are Authorization, Non-repudiation, Access control and element)
accountability.
1. Confidentiality: The goal of confidentiality is to ensure that only those individuals who
have the authority can view a piece of information, the principle of confidentiality specifies
that only sender and intended recipients should be able to access the contents of a
message. Confidentiality gets compromised if an unauthorized person is able to access the
Fig. Loss of confidentiality

Here, the user of a computer A send a message to user of computer B. another user C
gets access to this message, which is not desired and therefore, defeats the purpose of
Confidentiality.
Page 1 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
Authentication deals with the desire to ensure that an individual is who they claim to be.
however, the trouble is that user C had posed as user A when he sent a message to user B.
how would user B know that the message has come from user C, who posing as user A?
This concept is shown in fig. below.

3. Integrity: Integrity is a related concept but deals with the generation and modification
of data. Only authorized individuals should ever be able to create or change (or delete)
information. When the contents of the message are changed after the sender sends it, but
before it reaches the intended recipient, we say that the integrity of the message is lost.
actually destined for user B. user C somehow manages to access it, change its contents
and send the changed message to user B. user B has no way of knowing that the contents
of the message were changed after user A had sent it. User A also does not know about
this change.

4. Availability: The goal of availability s to ensure that the data, or the system itself, is
available for use when the authorized user wants it.
b) List types of attacks. Explain backdoors and trapdoors attack. 4M
Ans: Attack is any attempt to expose, destroy alter, modify sizable, steal or gain unauthorized (List: 2 mark
access or use of an asset. It is kind of malicious activity that attempts to collect disrupt, and 1 mark
deny degrade, or destroy information system resources or information. each for
explanation
Types of attacks are: of backdoor
 Passive attacks and trap
Page 2 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
 Active attacks door attacks)
 Denial of service attacks
 Backdoor attacks
 Trapdoor attacks
 Sniffing/spoofing attacks
 Man-in-the middle attacks
Backdoor Attacks:
 It is secret entry point into program that allows user to gain access without going
through the usual security access procedures.
 It is used legitimately in debugging and testing
 It also refers to the entry and placement of a program or utility into a network that
creates a backdoor entry for attackers.
 This may allow a certain user ID to log on without password a program or gain of
administrative services.
 It becomes threat when programmers use them to gain unauthorized access.
 There are several backdoor programs and tools used by hackers in terms of
automated tools
Trapdoor Attacks:
 A trap door is an entrance in an system which circumvents the normal safety
measures.
 It is secret entry point into a program that allows someone who is aware of gaining
access using procedure other that security procedure.
 It might be hidden program which makes the protection system ineffective.
 This entry can be deliberately in traduced by the developer to maintain system in
case of disaster management.
 Trapdoor programs can be installed through malware using internet.
c) Describe piggy backing and shoulder surfing. 4M
Ans: (2 marks
Piggybacking: It is the simple process of following closely behind a person who has just each for
used their own access card or PIN to gain physical access to a room or building. An attacker piggybacks
can thus gain access to the facility without having to know the access code or having to & shoulder
acquire an access card. i.e.: Access of wireless internet connection by bringing one's own surfing)
computer within range of another wireless connection & using that without explicit
permission , it means when an authorized person allows (intentionally or unintentionally)
others to pass through a secure door. Piggybacking on Internet access is the practice of
establishing a wireless Internet connection by using another subscriber's
wireless Internet access service without the subscriber‟s explicit permission or knowledge.
It is a legally and ethically controversial practice, with laws that vary by jurisdiction
around the world. While completely outlawed or regulated in some places, it is permitted in
others. The process of sending data along with the acknowledgment is called
piggybacking. Piggybacking is distinct from war driving, which involves only the
logging or mapping of the existence of access points. It is the simple tactic of following
closely behind a person who has just used their own access card or PIN to gain physical
access to a room or building. An attacker can thus gain access to the facility without having
Page 3 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
to know the access code or having to acquire an access card .Piggybacking, in a wireless
communications context, is the unauthorized access of a wireless LAN. Piggybacking is
sometimes referred to as "Wi-Fi squatting." The usual purpose of piggybacking is simply to
gain free network access rather than any malicious intent, but it can slow down data transfer
for legitimate users of the network.
Shoulder surfing is a similar procedure in which attackers position themselves in such

away as -to be-able to observe the authorized user entering the correct access code.
Shoulder surfing is an effective way to get information in crowded places because it's
relatively easy to stand next to someone and watch as they fill out a form, enter a PIN
number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing
can also be done long distance with the aid of binoculars or other vision-enhancing devices.
To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad
from view by using your body or cupping your hand. Both of these attack techniques can be
easily countered by using simple procedures to ensure nobody follows you too closely or is
in a position to observe your actions. Shoulder surfing is using direct observation
techniques, such as looking over someone's shoulder, to get information.
d) Explain the terms: Cryptography, cryptanalysis and Cryptology. 4M
Ans: 1. Cryptography: Cryptography is art & science of achieving security by encoding (1 mark for
messages to make them non-readable. explanation
each term
Readable Cryptography Unreadable and 1 mark
message system message for diagram
drawn)
2. Cryptanalysis: Cryptanalysis is the technique of decoding messages from a non-

readable format without knowing how they were initially converted from readable format to
non-readable format.
Unreadable Cryptanalysis Readable
message message
3. Cryptology: It is originated from the Greek logos, means hidden words. This technique
is used in cryptography for generating secured information.
b) Attempt any one. 6
a) Describe Model for security with the help of diagram. 6M
Ans: ( Diagram 2
marks and
explanation
4 marks)
Page 4 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
OR
A message is to be transferred from one use to another user in secret form using this
security system it can be two or more parties accessing information via Internet.
OR
Sender & receiver are principals of transaction and must cooperate for exchange to take
place.
Model shows four basic tasks:
1. Design algorithm in such a way that an opponent cannot defeat its purpose. This
algorithm is used for security related information.
2. Generate secret information that can be used with algorithm.
3. Develop method for distributing and sharing of secret information.
4. Specify a protocol which can be used by two principals that make use of security
algorithm and secret information to achieve a security service. An information channel is
established by defining a route through Internet from source to destination with the help of
communication protocol like TCP/IP or using normal PC to PC communication through
any media. Techniques for providing security have following components:-
 A security related transformation on information to be sent.
 This information shared by two principals should be secret.
 A trusted party is required to achieve secure transmission.
 This is responsible for distributing secret information between two principals.
b) Explain IT Act, 2000 and IT Act, 2008. 6M
Page 5 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
Ans: 1) IT Act 2000: According to Indian cyber laws, Information technology is the important (3 marks each
law and it had passed in Indian parliament in year 2000.This act is helpful to encourage for IT Act
business by use of internet. Due to misuse of internet and increase of cybercrime, the Govt. 2000 ,and IT
of India made an act for safeguarding the internet users. Act 2008)
The main objectives of this act are as follows.
1. To provide legal recognition to the transaction that can be done by electronic way or by
using internet.
2. To provide legal recognition to digital signature used in transaction.
3. To provide facilities like filling of document online relating to admission or registration.
4. To provide facility to any company that they can store their data in electronic storage.
5. To provide legal recognition for bankers and other companies to keep accounts in
electronic form.
It is introduced with many additional features of IT Act 2000: They have amplified the
existing provisions or introduced new provisions. (OPTIONAL)
 Electronics signature introduced

 Important definitions added
 Legally validated electronic documents reemphasized.
 Critique on power of controller under the IT Act 2008
 The role of adjudicating officer under the IT Act 2008.
 Composition of CAT (Cyber Appellate Tribunal)
 New cybercrimes as offences under amended Act
 Power of Block unlawful websites should be exercised with caution.
 Section 69B added to confer power to collect, monitor traffic data
 Significance of the term Critical Information Infrastructure
 Important Clarifications on the Act‟s application and effect
 The combination effect of section 88 and 77B
 Combined effect of section 78 and 80.
This helps to effective enforce cyber law in India.
IT acts 2008: It is the Information Technology Amendment Act, 2008.the act was
developed for IT industries, control e-commerce, to provide e-governance facility and to
stop cybercrime attacks.
Following are the characteristics of IT ACT 2008: This act provides legal recognition
for the transaction i.e. Electronic Data Interchange (EDI) and other electronic
communications. This Act also gives facilities for electronic filling of information with the
Government agencies. It is considered necessary to give effect to the said resolution and to
promote efficient delivery of Government services by means of reliable electronic records.
State characteristics of IT Act 2008.
Different Fraudulent situations: (OPTIONAL)

 Tampering with any computer source code use for a computer, computer programmer
computer system or computer network.
 Hacking with computer system
 Sending offensive or false information through computer or a communicative device.
Page 6 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
 Receiving or retaining stolen computer resource or communication device.
 Capturing transmitting or publishing the image of a private area of any person without
consent.
 Punishment for Cyber terrorism.
 Publishing transmitting information which is obscene in electronic form.
 Publishing and transmission of containing sexually explicit act or conduct.
 Penalty for mis-representation.: imprisonment for a term which may extend to two years
or with fine up to Rs. 1 lakh or with both.
 Penalty for breach of confidentiality and privacy
 Punishment for disclosure of information in breach of contract.
 Punishment for publishing digital signature certificate false in certain particulars.
 Publication for fraudulent purpose.
Features of I.T. Amendment Act 2008: (Optional)
 Focusing on data privacy

 Focusing on information security.
 Defining cyber café.
 Making digital signature technology neutral.
 Defining reasonable security practices to be followed by corporate.
 Redefining the role of intermediaries.
 Recognizing the role of Indian computer Emergency Response Team.
 Inclusion of some additional cybercrimes like child pornography and cyber
terrorism.
 Authorizing an Inspector to investigate cyber offences.
2. Attempt any two. 16
a) Explain threat to security in detail w.r.t virus, worms, intruders, insiders. 8M
Ans: Threats create vulnerabilities in computer system or (2 marks for

network. Following are threats to security. each threat)
1. Virus & worms
2. Intruders
3. Insiders
4. Criminal organization
5. Terrorists
6. Information warfare
7. Avenues of attack
8. Steps in attack
Virus: Computer Virus attach itself to a program or file enabling it to spread from one
computer to another , leaving infection as it travels from PC to PC or over network. It
copies itself into previously uninfected programs or files, and executes over other source of
attack. It can cause the loss or alteration of program or data and can compromise
confidentiality. It is almost attached with executable files,
Steps are:
Page 7 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
 Virus program is launched.
 Virus code is loaded into destination.
 Virus delivers itself destructive payload.
 Virus copies itself to another program.
Characteristics are: hard to detect, not easily destroyable, spreads infection widely, easy to
create, machine and operating system independent.
Worms:
 Worms are malicious programs that spread them automatically.
 Spread from computer to computer, without any human action intervention.
 It propagate autonomously, they are spread by exploiting vulnerabilities in
computer system.
 Worm is designed to copy itself from PC to PC via networks or internet.
 They spread much faster than viruses.
 Its effects are localized its damage to the computer network by causing increased
bandwidth.
 Worms consists of attack mechanism, payload and target selection
Intruders :
 Extremely patient as time consuming More dangerous than outsiders
 Outsiders Insiders
 Keep trying attacks till success As they have the access and knowledge to cause
 Individual or a small group of attackers They can be more in numbers who are
 Next level of this group is script writers, i.e. Elite hackers are of three types:
Masquerader, Misfeasor, Clandestine user is misuse of access given by insiders
directly or indirectly access the organization.
 They may give remote access to the Organization
 Intruders are authorized or unauthorized users who are trying access the system or
network.
 They are hackers or crackers
 Intruders are illegal users.
 Less dangerous than insiders They have to study or to gain knowledge about the
security system
 They do not have access to system.
 Many security mechanisms are used to protect system from Intruders.
Insiders:
 More dangerous than outsiders As they have the access and knowledge to cause
 They can be more in numbers who are directly or indirectly access the organization.
 They may give remote access to the organization.
 Insiders are authorized users who try to access system or network for which he is
unauthorized.
 Insiders are not hackers.
 Insiders are legal users.
Page 8 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
 More dangerous than Intruders.
 They have knowledge about the security system.
 They have easy access to the system because they are authorized users.
 There is no such mechanism to protect system from Insiders.

i) The insiders have the access and necessary knowledge to cause immediate damage to an
organization.
ii) There is no security mechanism to protect system from Insiders. So they can have all the
access to carry out criminal activity like fraud. They have knowledge of the security
systems and will be better able to avoid detection.
b) What is access control? Explain DAC, MAC and RBAC access control model. 8M
Ans: Access is the ability of a subject to interest with an object. Authentication deals with (2 marks for
verifying the identity of a subject. It is ability to specify, control and limit the access to the description
host system or application, which prevents unauthorized use to access or modify data or and 2 mark
resources. each for three
types of
control
including
table)

 Discretionary Access control (DAC): Restricting access to objects based on the
identity of subjects and or groups to which they belongs to, it is conditional,
 Mandatory Access control (MAC): It is used in environments where different
restriction, formal authorization subject to sensitivity. In MAC the owner or User
cannot determine whether access is granted to or not. i.e. Operating system rights.
Security mechanism controls access to all objects and individual cannot change that
access.
 Role Based Access Control (RBAC): Each user can be assigned specific access
Page 9 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
permission for objects associated with computer or network. Set of roles are defined.
Role in-turn assigns access permissions which are necessary to perform role.
 Different User will be granted different permissions to do specific duties as per their
classification.
c) Explain transposition technique. Convert plain text to cipher text using rail Fence 8M
technique “COMPUTER SECURITY”.
Ans: (2 marks for

C M U E S C R T definition, 2
marks for
O P T R E U I Y Step 1, 2
marks for
TYPES OF TRANSPOSITION SYSTEMS:
conversion
Nature of Transposition: Transposition systems are fundamentally different from and 2 marks
substitution systems. In substitution systems, plaintext values are replaced with other for cipher
values. In transposition systems, plaintext values are rearranged without otherwise text.)
changing them. All the plaintext characters that were present before encipherment are still
present after encipherment. Only the order of the text changes. Most transposition systems
rearrange text by single letters. It is possible to rearrange complete words or groups of
letters rather than single letters, but these approaches are not very secure and have little
practical value. Larger groups than single letters preserve too much recognizable plaintext.
a) Some transposition systems go through a single transposition process. These are
called single transposition. Others go through two distinctly separate transposition
processes. These are called double transposition.
b) Most transposition systems use a geometric process. Plaintext is written into a
geometric figure, most commonly a rectangle or square, and extracted from the
geometric figure by a different path than the way it was entered. When the geometric
figure is a rectangle or square, and the plaintext is entered by rows and extracted by
columns, it is called columnar transposition. When some route other than rows and
columns is used, it is called route transposition.
Rail Fence Technique: It is one of the easiest transposition techniques to create cipher
text. When plain text message is codified using any suitable scheme, the resulting message
is called Cipher text or Cipher.
Steps are:
Plain text = COMPUTER SECURITY
1. Write down Plain text as sequence of diagonal.
Read Plain text written in Step 1 as sequence of rows.

As ,
CMUESCRT,
Followed with
O P T R E U IY
Page 10 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
Cipher text: CMUESCRTOPTREUIY
Following details will be OPTIONAL.
Some other examples of rail fence techniques

(1) The rail-fence cipher is inscribed by zigzag pattern and extracted by rows.
(2)The triangular pattern is inscribed by rows and extracted by columns.
3. Attempt any four. 16
a) Explain use of Biometrics in computer Security. List various Biometrics used for 4M
computer security.
Ans: Use of biometric system in computer Security: Biometric is a science & technology of (Use of
measuring & statically analyzing biological data. The purpose of biometrics is to uniquely biometric
identify or verify an individual through the characteristics of the human body. Biometric system in
technology must first gather information into a computer database, for example, a database
computer
of fingerprints. The computer will compare the fingerprints in the database to any new
sample and recognize when there is a match. The matches can be used for both Security: 2
identification and verification purposes. marks, listing
of any four
Enrollment: A biometrics system searches the database for a match to the newly captured biometric
sample, and grants access if it is found. Using a fingerprint as part of the login process to a
security
computer is an example of this mode.
Verification: A biometrics system searches the database for a match to the newly captured system:2
sample, and authenticates an individual's claimed identity from his or her previously marks)
enrolled pattern. Biometrics uses characteristics that can be physical such hand shape, a
fingerprint, facial characteristics, voice, or DNA. Biometrics can also use characteristics
Page 11 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
that are learned or acquired, behavioral traits such our signature, they way we speak or use
a computer.
Strongest & highly reliable authentication method which involves the creation of users
sample of authentication & store it on high end server.
During actual authentication user is required to provide same sample of authentication
Both are matched up to certain degree
Biometric helps to prove WHO ARE YOU.
At very important places like BARC, ISRO you are supposed to prove your identity
biometric system is the answer.
List of various biometrics used for computer security:
1. Finger print
2. Hand print
3. Iris scan
4. Face recognition
5. DNA recognition
6. Voice pattern
7. Signature recognition
8. Keystrokes
b) Distinguish between substitution cipher and transportation cipher. 4M
Ans: (Each point

carries 1
Substitution cipher Transposition cipher mark )
Simple letter substitution Letter substitution along with permutation
Guessing key is easy Bit difficult to find a key
Less security more security
Example Caesar Cipher Rail fence technique / columnar technique
c) List types of firewall. Explain packet filter with diagrams. 4M
Ans: List of types of firewall: (Listing of

types of
 Packet filter as a firewall firewall: 1
 Circuit level gateway firewall mark,
 Application level gateway firewall Explanation
 Proxy server as a firewall of packet
Explanation : As per the diagram given below Firewall will act according to the table filter as a
given for example source IP 150.150.0.0 is the IP address of a network , all the packets firewall: 2
which are coming from this network will be blocked by the firewall in this way it is acting marks
as a firewall. ,diagram of
Page 12 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
Table also having port 80, IP Address 200.75.10.8 & port 23 firewall will act in the similar packet filter
fashion. Port 23 is for Telnet remote login in this case firewall won‟t allow to login onto as a firewall:
this server 1 mark)
IP Address 200.75.10.8 is the IP address of individual Host, all the packet having this IP
address as a destination Address will be denied.
Port 80 no HTTP request allowed by firewall.
Diagram of packet filter as a firewall:
Packet Filtering
d) What is IP security? Describe authentication header mode of IP security. 4M
Ans: The IPSec Authentication Header (AH) protocol allows the recipient of a datagram to verify (IP security:
its authenticity. It is implemented as a header added to an IP datagram that contains 1 mark ,
an integrity check value computed based on the values of the fields in the datagram. This Diagram:
value can be used by the recipient to ensure that the data has not been changed in transit. 1mark ,
The Authentication Header does not encrypt data and thus does not ensure the privacy of Explanation:
transmissions. Authentication Header (AH) is a member of the IPSec protocol suite. AH 2 marks)
guarantees connectionless integrity and data origin authentication of IP packets. Further, it
can optionally protect against replay attacks by using the sliding window technique and
discarding old packets.
e) Explain the architecture of secure socket layer. 4M
Ans: Architecture of SSL: Diagram: (Explanation:

2 marks,
Diagram:2
Page 13 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
marks)
• SSL developed for NETSCAPE NAVIGATOR

• Provides secure & authenticated communication between BROWSER & SERVER
• SSL provide transport layer security (TLS)
• SSL provide either server only authentication or client server authentication
In server only authentication client receives the server certificate, verify it & generate KEY
& encrypt it with server‟s public key
• Client sends this encrypted secret Key to the server
• Server decrypt it with his private key & use the client generated key to encrypt the
message to be sent to the client
In SERVER / CLIENT authentication client sends it‟s certificate along with secret Key so
client can be authenticated
• SSL consists of following protocols:
• SSL Handshake Protocol
• SSL Change Cipher Spec Protocol
• SSL Alert Protocol
• SSL Record Protocol
• SSL Handshake Protocol:
• Used to initiate session between client & server
• Authenticate both parties to each other
Algorithm & key used for encryption are negotiated
• SSL Change Cipher Spec Protocol:
• Used to choose cryptographic key between client & server
• Key exchange method
• Encryption algorithm used
Functions used to obtain MAC value
4. a) Attempt any three. 12
a) Define Caesar cipher. Write its algorithm and convert “COMPUTER SECURITY” 4M
using Caesar cipher.
Page 14 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
Ans: Caesar Cipher: In cryptography, a Caesar cipher, also known as Caesar's cipher, (definition: 1
the shift cipher, Caesar's code or Caesar shift, is one of the simplest and most widely mark.,
known encryption techniques. It is a type of substitution cipher in which each letter in Algorithm 2
the plaintext is replaced by a letter some fixed number of positions down the alphabet. For marks,
example, with a left shift of 3, D would be replaced by A, E would become B, and so on. Conversion 1
The method is named after Julius Caesar, who used it in his private correspondence. mark)
Plain Text : Computer Security
CIPHER TEXT: FRPSXWHU VHFXULWB
Algorithm:
1. Write all the Alpha bit from A TO Z
2. Give The Numbering As 1 To 26
3. Replace 1st With Fourth Alpha Bit That Is A With D
4. Write the cipher text
b) Draw and explain virtual private network. 4M
Ans: VPN Diagram: (Diagram of

VPN :2
marks ,
Explanation:
2 marks)
Explanation: private network created virtually between two branch networks of same
company across the world. Instead of using dedicated leased line to the internetwork of
company public lines can be used called as VPN. In the diagram two firewalls are acting as
an intermediate between user X & user Y. If the user x is sending the message to user .If
the user X is sending the message to user Y message first comes to firewall 1 which uses its
own address to send this message to user Y thus over the network the packet send from user
X is protected & it‟s IP address is protected like private network .In VPN the Tunnel
technology is used to have communication between two branches of same company by
wrapping the packet on another packet thus protecting network like private network.
c) Describe pornography and software piracy related to cybercrime. 4M
Page 15 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
Ans: PORNOGRAPHY: Is the depiction of erotic behavior (as in pictures or writing) (Pornograph:
intended to cause sexual excitement material (as books or a photograph) that 2 marks,
depicts erotic behavior and is intended to cause sexual excitement the depiction of software
acts in a sensational manner so as to arouse a quick intense emotional reaction.
piracy:2
Pictures. movies and writing about sex is called pornography (or porn).
Pornography is a picture. movies and writing that is created to make people get marks)
sexually excited.
SOFTWARE PIRACY: The unauthorized copying of software. Most

retail programs are licensed for use at just one computer site or for use by only one user at
any time. By buying the software, you become a licensed user rather than an owner
(see EULA). You are allowed to make copies of the program for backup purposes, but it is
against the law to give copies to friends and colleagues. Software piracy is all but
impossible to stop, although software companies are launching more and more lawsuits
against major infectors. Originally, software companies tried to stop software piracy
by protecting their software. This strategy failed, however, because it was inconvenient for
users and was not 100 percent foolproof. Most software now requires some sort of
registration, which may discourage would-be pirates, but doesn't really stop software
piracy.
d) Explain what application hardening is. 4M
Ans: Application Hardening : In computing, hardening is usually the process of securing a (Application
system by reducing its surface of vulnerability, which is larger when a system performs Hardening
more functions; in principle a single-function system is more secure than a multipurpose (Each point
one. Reducing available ways of attack typically includes changing default passwords, the carries 1
removal of unnecessary software, unnecessary usernames or logins, and the disabling or mark)
removal of unnecessary services. Application hardening specifically involves updating the
application up to date.
Don‟t keep open your application always

Use hot fix & patches whenever required
Take license copy of application always
Don‟t down load an application from internet site which is not registered
Don‟t share admin key to anybody
b) Attempt any one. 6
a) With neat sketches explain the following: 6M

(i). SYN Flood Attack
(ii). Main-in-the middle attack
Page 16 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
Ans: Diagram: (SYN flood
Attack:
diagram 1
mark,
explanation 2
marks)
A SYN flood is a form of denial-of-service attack in which an attacker sends a succession

of SYN requests to a target's system in an attempt to consume enough server resources to
make the system unresponsive to legitimate traffic
Normally when a client attempts to start a TCP connection to a server, the client and server
exchange a series of messages which normally runs like this:
1. The client requests a connection by sending a SYN (synchronize) message to the server.
2. The server acknowledges this request by sending SYN-ACK back to the client.
3. The client responds with an ACK, and the connection is established.
This is called the TCP three-way handshake, and is the foundation for every connection
established using the TCP protocol.
A SYN flood attack works by not responding to the server with the expected ACK code.
The malicious client can either simply not send the expected ACK, or by spoofing the
source IP address in the SYN, causing the server to send the SYN-ACK to a falsified IP
address - which will not send an ACK because it "knows" that it never sent a SYN.
The server will wait for the acknowledgement for some time, as simple network congestion
could also be the cause of the missing ACK. However, in an attack, the half-open
connections created by the malicious client bind resources on the server and may eventually
exceed the resources available on the server. At that point, the server cannot connect to any
clients, whether legitimate or otherwise. This effectively denies service to legitimate
clients. Some systems may also malfunction or crash when other operating system
functions are starved of resources in this way.
ii) Man in the middle attack :
Page 17 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
In cryptography and computer security, a man-in-the-middle attack (often

abbreviated MitM, MiM attack, MitMA or the same using all capital letters) is an attack
where the attacker secretly relays and possibly alters the communication between two
parties who believe they are directly communicating with each other. A man-in-the-middle
attack can be used against many cryptographic protocols.[1] One example of man-in-the-
middle attacks is active eavesdropping, in which the attacker makes independent
connections with the victims and relays messages between them to make them believe they
are talking directly to each other over a private connection, when in fact the entire
conversation is controlled by the attacker. The attacker must be able to intercept all relevant
messages passing between the two victims and inject new ones
b) Describe packet sniffing and packet spoofing attacks. 6M
Ans: packet sniffing: A packet analyzer also known as a network analyzer, protocol (Packet
analyzer or packet sniffer, for particular types of networks, an Ethernet sniffer or wireless sniffing: 3
sniffer) is a computer program or piece of computer hardware that can intercept and log marks packet
traffic that passes over a digital network or part of a network. As data streams flow across spoofing: 3
the network, the sniffer captures each packet. marks)
Packet sniffer specifically viewing the contents of the packet & can intimated to third
required party. Like tender of a company can obtain just by viewing the info of other
companies tender info & can adjusted the value as per requirement.
Packet Spoofing: In the context of network security, a spoofing attack is a situation in
which one person or program successfully masquerades as another by falsifying data,
thereby gaining an illegitimate advantage spoofing involves packet can be captured , data
can be modified as per the requirement of third party and may sent to recipients. Following
are the types of spoofing
IP Address spoofing
GPS spoofing
Caller id spoofing
Mail spoofing
Third party may use any spoofing technique as per requirement & may get
5. Attempt any two. 16
Page 18 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
a) Explain the role of people with respect to password selection in detail. 8M
Ans: Four Password selection strategies are: (2 marks list:

1. User education: 1.5 marks:
(i). Users can be told the importance of using hard-to-guess passwords and can be explanation
provided with guidelines for selecting strong passwords.
of each
(ii). This user education strategy is unlikely to succeed at most installations, particularly
where there is a large user population or a lot of turnover. Many users will simply strategy)
ignore the guidelines.
(iii). Others may not be good judges of what is a strong password.
(iv). For example, many users believe that reversing a word or capitalizing the last letter
makes a password un-guessable.
2. Computer-generated passwords:
(i). Passwords are quite random in nature. Computer generated passwords also have
problems.
(ii). If the passwords are quite random in nature, users will not be able to remember them.
Even if the password is pronounceable, the user may have difficulty remembering it and
so be tempted to write it down.
(iii). In general, computer-generated password schemes have a history of poor
acceptance by users.
(iv). FIPS PUB 181 defines one of the best-designed automated password generators.
The standard includes not only a description of the approach but also a complete listing
of the C source code of the algorithm.
(v). The algorithm generates words by forming pronounceable syllables and
concatenating them to form a word. A random number generator produces a random
stream of characters used to construct the syllables and words.
3. Reactive password checking:
(i). A reactive password checking strategy is one in which the system periodically runs its
own password cracker to find guessable passwords.
(ii). The system cancels any passwords that are guessed and notifies the user.
(iii). This tactic has a number of drawbacks. First it is resource intensive, if the job is done
right. Because a determined opponent who is able to steal a password file can devote
full CPU time to the task for hours or even days an effective reactive password checker
is at a distinct disadvantage.
(iv). Furthermore, any existing passwords remain vulnerable until the reactive password
checker finds them.
4. Proactive password checking:
(i). The most promising approach to improved password security is a proactive password
checker.
(ii). In this scheme, a user is allowed to select his/her own password. However, at the time
of selection, the system checks to see if the password is allowable and if not, rejects it.
(iii). Such checkers are based on the philosophy that with sufficient guidance from the
system, users can select memorable passwords from a fairly large password space that
are not likely to be guessed in a dictionary attack.
(iv). The trick with a proactive password checker is to strike a balance between user
acceptability and strength.
(v). If the system rejects too many passwords, users will complain that it is too hard to select
a password.
Page 19 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
(vi). If the system uses some simple algorithm to define what is acceptable, this provides
guidance to password crackers to refine their guessing technique. In the remainder of
this subsection, we look at possible approaches to proactive password checking.
b) What is security topology? Describe security zone in detail. 8M
Ans: Security topology: A security topology is the arrangement of hardware devices on a (2 marks
network with respect to internal security requirements and needs for public access. Definition:
OR 1 mark
Security topology is a local map that depicts the interconnectivity between security
Listing
devices and security domains that host these networks.
zones: 1.5
Security Zone: Security zones are the building blocks for policies; they are logical marks
entities to which one or more interfaces are bound. Security zones provide a means of explanation
distinguishing groups of hosts (user systems and other hosts, such as servers) and their of each
resources from one another in order to apply different security measures to them. zone)
Types of security zone:

i. Internet Zone:
 This zone contains websites.
 These sites are not on your computer or on your local intranet.
 It is not a single network but it is a series of interconnected networks.
 It is used to transfer email, files, financial records etc from one network to another.
 Since everyone has access to this network, so it is difficult to impose security
policies, so it is considered to be un-trusted system.
 www (World Wide Web) is frequently used with internet.
ii. Intranet Zone:
 It is a private network and is restricted within an organization (LAN).
 It consists of connections through one or more gateway computers to the outside
world i.e. Internet.
 Purpose of Intranet is to share information and computing resources between the
employees of a company.
 It provides facility to work in groups and for telecommunication.
 It uses Internet protocol like TCP/IP, HTTP etc.
iii. Trusted Sites:
 This zone contains websites that you trust are safe.
 When you add websites to trusted site zone you believe that files you download or
that you run from the websites will not damage the computer or data.
iv. Restricted Sites:
 This zone contains websites which are not trusted.
 When anyone adds a website to this zone, he believes that the files that are
downloaded or that run from this website may damage the computer or data.
c) What is Kerberos? Explain with diagram different servers involved in Kerberos. 8M
Ans: 1. Kerberos is a network authentication protocol. It is designed to provide strong (2 marks

Page 20 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
authentication for client/server applications by using secret-key cryptography. Kerberos
2. It uses secret key cryptography. Explanatio
3. It is a solution to network security problems. n: 6 marks
4. It provides tools for authentication and strong cryptography over the network to
working
help you secure your information system
5. There are 4 parties involved in Kerberos protocol with
 User diagram)
 Authentication service (AS)
 Ticket granting server (TGS)
 Service server
1. The authentication service, or AS, receivers the request by the client and verifies
that the client is indeed the computer it claims to be. This is usually just a simple database
lookup of the user‟s ID.
2. Upon verification, a timestamp is created. This puts the current time in a user
session, along with an expiration date. The default expiration date of a timestamp is 8
hours. The encryption key is then created. The timestamp ensures that when 8 hours is up,
the encryption key is useless.
3. The key is sent back to the client in the form of a ticket-granting ticket, or TGT.
This is a simple ticket that is issued by the authentication service. It is used for
authentication the client for future reference.
4. The client submits the ticket-granting ticket to the ticket-granting server, or TGS, to
get authenticated.
ticket.
Page 21 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
client.
6. Attempt any four. 16
a) Describe security awareness in security. 4M
Ans: 1. Security awareness program is most effective method to oppose potential social (1 mark for
engineering attacks when organization‟s security goals and policies are established. each
2. An important element that should concentrate in training is which information is relevant
sensitive for organization and which may be the target of a social engineering attack.
point)
3. Companies implement tools and procedures to protect against these threats and to
comply with law and regulations.
4. Establishing and maintaining information-security awareness through a security
awareness program is vital to an organization‟s progress and success. A robust and
properly implemented security awareness program assists the organization with the
education, monitoring, and ongoing maintenance of security awareness within the
organization.
Page 22 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
5. Security awareness should be conducted as an on-going program to ensure that
training and knowledge is not just delivered as an annual activity, rather it is used to
maintain a high level of security awareness on a daily basis.
b) Distinguish between symmetric and asymmetric cryptography (any 4 points). 4M
Ans: Categories Symmetric key Asymmetric key (Each

Cryptography Cryptography comparison
Key used for encryption Same key is used for One key is used for point:
/decryption encryption & decryption. encryption & another 1mark , any
different key is used for
four points)
decryption.
Key process Ke=Kd Ke# Kd
Speed of Very fast Slower
encryption/decryption
Size of resulting encrypted Usually same as or less than More than the original clear
text the original clear text size. text size.
Key agreement/exchange A big problem No problem at all.
Usage Mainly used for encryption Can be used for encryption

and decryption, cannot be and decryption as well as
used for digital signatures. for digital signatures.
Efficiency in usage Symmetric key Asymmetric key
cryptography is often used cryptography is more
for long messages. efficient for short messages.
c) Explain e-mail security techniques (protocols). 4M
Ans: (i). SMTP- Simple Mail Transfer Protocol. (2 marks for

any two
(i). It is a popular network services in Email communication.
protocol and
(ii). It is system for sending messages to other computer users based on email.
(iii). It is request response based activity. its
(iv). It also provides email exchange process. explanation)
(v). It attempts to provide reliable service but not guarantees to sure recovery from
failure.
Page 23 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
(ii). PEM- Privacy Enhanced Mail.
(i). Privacy-Enhanced Mail (PEM) is an Internet standard that provides for secure
exchange of electronic mail.
(ii). PEM employs a range of cryptographic techniques to allow for
(iii). Confidentiality
(iv). Non - repudiation
(v). Message integrity
(vi). The confidentiality feature allows a message to be kept secret from people to whom
the message was not addressed.
(vii). The Non - repudiation allows a user to verify that the PEM message that they have
received is truly from the person who claims to have sent it.
(viii). The message integrity aspects allow the user to ensure that a message hasn't been
modified during transport from the sender.
(iii). PGP- Pretty Good Privacy: Pretty Good Privacy is a popular program used to
encrypt and decrypt email over the internet.
(i). It becomes a standard for e-mail security.
(ii). It is used to send encrypted code (digital signature) that lets the receiver verify the
sender„s identity and takes care that the route of message should not change.
(iii). PGP can be used to encrypt files being stored so that they are in unreadable form and
not readable by users or intruders.
(iv). It is available in Low cost and Freeware version.
(v). It is most widely used privacy ensuring program used by individuals as well as many
corporations.
(iv). S/MIME – Secure Multipurpose Internet Mail Extension:
(i). The traditional email system using SMTP protocol are text based which means that a
person can compose text message using an editor and them sends it over Internet to
the recipient, but multimedia files or documents in various arbitrary format cannot be
sent using this protocol.
(ii). To cater these needs the Multipurpose Internet Mail Extensions (MIME) system
extends the basic email system by permitting users to send the binary files using basic
email system.
(iii). And when basic MIME system is enhanced to provide security features, it is called as
Secure Multipurpose Internet Mail Extensions.
(iv). S/MIME provides security for digital signature and encryption of email message.
d) What is intrusion detection system? Explain host based IDS. 4M
Ans: Intrusion detection system (IDS): An intrusion detection system (IDS) monitors network (1 mark
traffic and monitors for suspicious activity and alerts the system or network administrator. IDS: 2
In some cases the IDS may also respond to anomalous or malicious traffic by taking action marks,
Page 24 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
such as blocking the user or source IP address from accessing the network. HIDS
explanation:
HIDS Host Intrusion Detection Systems: 1 mark
(i). They are run on individual hosts or devices on the network.
diagram)
(ii). A HIDS monitors the inbound and outbound packets from the device only and will
(iii). HIDS is looking for certain activities in the log file are:
 Login authentication failure
 Adding new user account
 Modification or access of critical system files
 Modification or removal of binary files
 Starting or stopping processes
(i). Basic Components HIDS:

This component collects activity or events from the IDS to examine. On Host-based IDS,
this can be log files, audit logs, or traffic coming to or leaving a specific system
suspicious or malicious activity stored in the signature database. The analysis engine acts
like a brain of the IDS.
e) List and explain the key participants in secure electronic transaction. 4M
Ans: Secure electronic Transaction is an open encryption and security specification that is (1 mark:
designed for protecting credit card transactions on the Internet. It is a set of security list, 3 marks
protocols and formats that enable the users to employ the existing credit card payment for any
infrastructure on the internet in a secure manner. Three
Page 25 of 26
lOMoARcPSD|29063204

(Autonomous)
17514
______________________________________________________________________________________________
Components
)
Components of SET:
1. Cardholder
2. Merchant
3. Issuer
4. Acquirer
5. Payment gateway
6. Certification Authority(CA)
1. Cardholder: A cardholder is an authorized holder of a payment card such as
MasterCard or Visa that has been issued by an Issuer.
2. Merchant: Merchant is a person or an organization that wants to sell goods or
services to cardholders.
3. Issuer: The issuer is a financial institution that provides a payment card to a
cardholder.
4. Acquirer: this is a financial institution that has a relationship with merchants for
processing payment card authorizations and payments. Also provides an assurance that a
particular cardholder account is active and that the purchase amount does not exceed the
credit limits. It provides electronic fund transfer to the merchant account.
5. Payment Gateway: It processes the payment messages on behalf of the merchant.
It connects to the acquirer‟s system using a dedicated network line.
6. Certification Authority (CA): This is an authority that is trusted to provide public
key certificates to cardholders, merchant, and Payment Gateway.
Page 26 of 26
lOMoARcPSD|29063204

(Autonomous)
SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 1 / 25

1) The answers should be examined by key words and not as word-to-word as given in themodel
answer scheme.
2) The model answer and the answer written by candidate may vary but the examiner may tryto
assess the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more
importance. (Not applicable for subject English and Communication Skills)
4) While assessing figures, examiner may give credit for principal components indicated in
thefigure. The figures drawn by candidate and model answer may vary. The examiner may give
credit for any equivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed
constantvalues may vary and there may be some difference in the candidate‟s answers and
modelanswer.
6) In case of some questions credit may be given by judgment on part of examiner of
relevantanswer based on candidate‟s understanding.
7) For programming language papers, credit may be given to any other program based on
equivalent concept.
Q.1) A) Attempt any three: 12M

i) State the need for computer security.
(1M for each point, any four points)
Ans.
1. For prevention of data theft such as bank account numbers, credit card information,
passwords, work related documents or sheets, etc.
2. To make data remain safe and confidential.
3. To provide confidentiality which ensures that only those individuals should ever be able
to view data they are not entitled to.
4. To provide integrity which ensures that only authorized individuals should ever be able
change or modify information.
5. To provide availability which ensure that the data or system itself is available for use
when authorized user wants it.
6. To provide authentication which deals with the desire to ensure that an authorized
individual.
7. To provide non-repudiation which deals with the ability to verify that message has been
sent and received by an authorized user.
ii) Describe role based access control.

(Relevant explanation - 4M)
Ans.
Role-based access control (RBAC) is a method of regulating access to computer or network
resources based on the roles of individual users within an enterprise. Each user can be

lOMoARcPSD|29063204

(Autonomous)

assigned specific access permission for objects associated with computer or network. Set of
roles are defined. Role in-turn assigns access permissions which are necessary to perform
role. Different User will be granted different permissions to do specific duties as per their
classification.
RBAC enables users to carry out a wide range of authorized tasks by dynamically
regulating their actions according to flexible functions, relationships & constraints. In
RBAC roles can be easily changed as per need of the enterprise, without having to
individually update the privileges for every user.
In RBAC there are three rules:
1. A person must be assigned a certain role in order to conduct a certain action, called a
transaction.
2. A user needs a role authorization to be allowed to hold that role.
3. Transaction authorization allows the user to perform certain transactions. The transaction
has to be allowed to occur through the role membership. Users won't be able to perform
transaction other than the ones they are authorized for.
iii) Define the following term:

A) Cryptograph B) Cryptology
C) Cryptanalysis D) Cipher text
(Each term 1M)
Ans.
A. Cryptography: Cryptography is art & science of achieving security by encoding messages to
make them non-readable.
B. Cryptology: Cryptology is a combination of cryptography and cryptanalysis.
C. Cryptanalysis: Cryptanalysis is the technique of decoding messages from a non-readable

format without knowing how they were initially converted from readable format to non-
readable format.
D. Cipher Text: When plain text message is codified using any suitable scheme, the
resulting message is called as cipher text.
iv) Define virus and logic bomb.

(Each definition- 2M)
Ans.
Virus: Virus is a program which attaches itself to another program and causes damage to
the computer system or the network. It is loaded onto your computer without your
knowledge and runs against your wishes.
Logic Bomb:Logic bomb is a type of malicious software that is deliberately installed,

generally by an authorized user. A logic bomb is a piece of code that sits dormant for a
period of time until some event invokes its malicious payload.

lOMoARcPSD|29063204

(Autonomous)

Q.1) B) Attempt any one: 6M
i) Describe the following attacks:
A) Sniffing B) Spooting
(Sniffing-3M, Spoofing- 3M)
Ans.
A) Sniffing: This is software or hardware that is used to observe traffic as it passes through
a network on shared broadcast media. It can be used to view all traffic or target specific
protocol, service, or string of characters like logins. Some network sniffers are not just
designed to observe the all traffic but also modify the traffic. Network administrators use
sniffers for monitoring traffic. They can also use for network bandwidth analysis and to
troubleshoot certain problems such as duplicate MAC addresses.
B) Spoofing: Spoofing is nothing more than making data look like it has come from a
different source. This is possible in TCP/ IP because of the friendly assumption behind the
protocol. When the protocols were developed, it was assumed that individuals who had
access to the network layer would be privileged users who could be trusted. When a packet
is sent from one system to another, it includes not only the destination IP address ant port
but the source IP address as well which is one of the forms of Spoofing.
Example of spoofing: e-mail spoofing, URL spoofing, IP address spoofing.
ii) Describe data recovery procedure.

(Relevant explanation- 6M)
Ans.
Data recovery: All computer users need to be aware of backup and recovery procedures to
protect their data. Data Protection can be taken seriously as its important for financial, legal
or personal reasons.
These are various formatted partition recovery tools available.Every tool will have different
GUI & method of recovery.
There are standard ethical procedures that need be followed as described in following steps:
1. Incident identification: - Identifying the incident and the analysis of the case.
2. Preparation of tools, monitoring, techniques, management support and authorization
etc.
3. Decide a clear and well defined approach, strategy to proceed with the case.
4. Collection of the evidence & even duplicating the digital evidence is also an important
part of ethical conduct.
5. The evidence that is collected should be incorporated with the date, time & the place
where it was found. The importance of preservation of the evidence need be prevented.
6. The analysis of the evidence should be carried out in such a way so as to eliminate the
evidence that cannot be produced in the court law.

lOMoARcPSD|29063204

(Autonomous)

7. This step in an ethical behaviour includes the presentation of the evidence in the court
of law.
8. The return of evidence to the owner also forms a part in ethical behaviour.
Q.2) Attempt any two: 16M

a) Describe CIA model for computer security with example.
(CIA- 2M, Explanation of each concept with example- 2M (Three Points))
Ans.CIA Model for security:Confidentiality, Integrity and Authentication i.e. these three
concepts are considered as backbone of security. These concepts represent the fundamental
principles of security.
1. Confidentiality: The principle of confidentiality specifies that only sender and intended
recipients should be able to access the contents of a message. Confidentiality gets
compromised if an unauthorized person is able to access the contents of a message.
Example of compromising the Confidentiality of a message is shown in fig

Here, the user of a computer A send a message to user of computer B. another user C gets
access to this message, which is not desired and therefore, defeats the purpose of
Confidentiality.
This type of attack is also called as Interception.
2. Authentication: Authentication helps to establish proof of identities. The Authentication

process ensures that the origin of a message is correctly identified.
For example, suppose that user C sends a message over the internet to user B. however, the
trouble is that user C had posed as user A when he sent a message to user B. how would
user B know that the message has come from user C, who posing as user A? This concept
is shown in fig. below.
This type of attack is called as Fabrication.

lOMoARcPSD|29063204

(Autonomous)

Fig. Absence of authentication
3. Integrity: when the contents of the message are changed after the sender sends it, but
before it reaches the intended recipient, we say that the integrity of the message is lost.
actually destined for user B. user C somehow manages to access it, change its contents and
send the changed message to user B. user B has no way of knowing that the contents of the
message were changed after user A had sent it. User A also does not know about this
change.
This type of attack is called as Modification.
b) What is the importance of biometrics in computer security? Describe finger prints

registration and verification process.
(Importance- 4M, Registration &Verification process- 4M)
Ans.
Importance:
1. Biometric refers study of methods for uniquely recognizing humans based upon one or
more intrinsic physical or behavioral characteristics.
2. Biometric identification is used on the basis of some unique physical attribute of the user
that positively identifies the user. Example: finger print recognition, retina and face scan
technique, voice synthesis and recognition and so on.
3. Biometrics cannot be lost, stolen or forgotten. Barring disease or serious physical injury,
the biometric is consistent and permanent.
4. It is also secure in that the biometric itself cannot be socially engineered, shared or used
by others.

lOMoARcPSD|29063204

(Autonomous)

5. There is no requirement to remember password or pins, thus eliminating an overhead
cost.
6. Coupled with a smart card, biometrics provides strong security for any credentials on the
smart card.
7. It provides a high degree of confidence in user identity.

During registration, first time an individual uses a biometric system is called an enrolment.
During the enrolment, biometric information from an individual is stored. In the
verification process, biometric information is detected and compared with the information
stored at the time of enrolment.
1) The first block (sensor) is the interface between the real world and the system; it has to
acquire all the necessary data.
2) The 2nd block performs all the necessary pre-processing.
3) The third block extracts necessary features. This step is an important step as the correct
features need to be extracted in the optimal way.
4) If enrolment is being performed the template is simply stored somewhere (on a card or
within a database or both).if a matching phase is being performed the obtained template is
passed to a matcher that compares it with other existing templates, estimating the distance
between them using any algorithm. The matching program will analyze the template with
the input. This will then be output for any specified use or purpose.
c) Explain rail fence technique with algorithm. Encrypt “Computer Security

Technology” using rail fence technique.
(Algorithm- 4M, encryption - 4M)
Ans.
In Rail fence cipher, techniques are essentially Transposition Ciphers and generated by
rearrangement of characters in the plaintext. The characters of the plain text string are arranged
in the form of a rail-fence as follows.
Given Plaintextis ― COMPUTER SECURITY TECHNOLOGY
Rail Fence Technique algorithm:

lOMoARcPSD|29063204

(Autonomous)

1. Write down the plain text message as a sequence of diagonals.
2. Read the plain text written in Step-1 as a sequence of rows.
Example: plain text = ―COMPUTER SECURITY TECHNOLOGY―is converted to cipher

text with this help of Rail Fence Technique with dual slope.
C M U E S C R T T C N L G
O P T R E U I Y E H O O Y
Ciphertext: CMUESCRTTCNLGOPTREUIYEHOOY
Q.3) Attempt any four: 16M

a) Explain VPN with Neat diagram. Enlist different VPN protocols.
(Diagram: 1M, Explanation: 2M, Listing Protocols: 1M (any 2))
Ans:
A VPN or Virtual Private Network is a network connection that enables you to create a
secure connection over the public Internet to private networks at a remote location. With a
VPN, all network traffic (data, voice, and video) goes through a secure virtual tunnel
between the host device (client) and the VPN provider‟s servers, and is encrypted. VPN
technology uses a combination of features such as encryption, tunneling protocols, data
encapsulation, and certified connections to provide you with a secure connection to private
networks and to protect your identity.
VPN connections technically give you all the benefits of a Local Area Network (LAN),
which is similar to that found in many offices but without requiring a hard-wired
connection.These systems use encryption and other security mechanisms to ensure that
only authorized users can access the network and that the data cannot be intercepted.
Figure: VPN
Different VPN protocols are:

lOMoARcPSD|29063204

(Autonomous)

1. PPTP (Point-to-Point Tunneling Protocol)
2. L2TP (Layer 2 Tunneling Protocol)
3. IPsec (Internet Protocol Security)
4. SSL (Secure Socket Layer)
b) Describe different Password Selection criteria

(Any 4 Criteria: 1M each)
Ans. There are four basic techniques passwords selection strategies:
a) User education: Tell the importance of hard-to-guess passwords to the users and
provide guidelines for selecting strong password.
b) Computer generated password: Computer generated passwords are random in nature

so difficult for user to remember it and may note down somewhere.
c) Reactive password checking: the system periodically runs its own password cracker
program to find out guessable passwords. If the system finds any such password, the
system cancels it and notifies the user.
d) Proactive password checking: It is a most promising approach to improve password

security. In this scheme, a user is allowed to select his own password, if password is
allowable then allow or reject it.
c) Distinguish between Symmetric and asymmetric key cryptography (four points).

(Any 4 differences: 1M each)
Ans.
Symmetric-key Cryptography Asymmetric-key Cryptography

It only needs one key to encrypt the It needs two different keys- public key and private
message. And both users only need the key. Everyone can see the public key and only the
same key to decode the message person who has private key can decode the
message.
The symmetric-key system only needs one Asymmetric-key is like double encryption. First,
key, in order to crack the message. the user use his private key to encrypt the message,
them he/she public the message with public key;
although everyone can see the message, only the
person with his own private key can decode the
message. So, in order to crack the system, you need
the person‟s private key, or need to know how they
created the private key
Symmetric-key confirms sender‟s identity Asymmetric-key confirms the sender‟s identity by
by knowing who can encrypt the message double the encryption. One person encrypts the
or decode the message; in other words, by message with his private key, and sends that with

lOMoARcPSD|29063204

(Autonomous)

knowing who has the key public key. And only the person with another
private key can decode the message.
Advantages: Safer (lots of probability), Advantages: Allow letting other people read the
and faster. encrypted message without any risk.
No problem for distributing the key.
Disadvantages: One time transactions, Disadvantages: Big and slow

how to give the key to the other person.
And once other people know the key, you
have to change the key at both sides.
Example: DES Example: Diffie-Hellman Algorithm
d) Describe Host based IDS with its advantages and disadvantages.

(Diagram: 1M, Explanation: 1M, any twoadvantages: 1M, any two disadvantages: 1M)
Ans.
HIDS: Host Intrusion Detection Systems are run on individual hosts or devices on the
network. HIDS monitors the inbound and outbound packets from the device only and will
alert the user or administrator when suspicious activity is detected. HIDS is looking for
certain activities in the log file are:
Logins at odd hours
Login authentication failure
Adding new user account
Modification or access of critical system files
Modification or removal of binary files
Starting or stopping processes
Privilege escalation
Use of certain programs

lOMoARcPSD|29063204

(Autonomous)

Figure: HIDS
1. Traffic collector: This component collects activity or events from the IDS to examine.
In Host-based IDS, this can be log files, audit logs, or traffic coming to or leaving a
specific system.
2. Analysis Engine:This component examines the collected network traffic & compares it
to known patterns of suspicious or malicious activity stored in the signature database. The
analysis engine acts like a brain of IDS.
3. Signature database: It is a collection of patterns & definitions of known suspicious or
malicious activity.
4. User Interface & Reporting: This is the component that interfaces with the human
element, providing alerts when suitable & giving the user a means to interact with &
operate the IDS.
Advantages:
1. Operating System specific and detailed signatures.
2. Examine data after it has been decrypted.
3. Application specific.
4. Determine whether or not an alarm may impact that specific.
Disadvantages:
1. Should have a process on every system to watch.
2. High cost of ownership and maintenance.
3. Uses local system resources.
4. If logged locally, could be compromised or disable.
e) Describe SET with its requirements and participants.

(SET description: 1M, Requirements: 1M, Participants: 2M(any 4))

lOMoARcPSD|29063204

(Autonomous)

Ans:
Secure Electronic Transaction is an open encryption and security specification that is
designed for protecting credit card transactions on the Internet. It is a set of security
protocols and formats that enable the users to employ the existing credit card payment
infrastructure on the internet in a secure manner.
There are four essential security requirements for Secure electronic Transaction
1. Authentication
2. Encryption
3. Integrity
4. Non-repudiation
Participants/Components of SET
1. Cardholder: A cardholder is an authorized holder of a payment card such as
2. Merchant: Merchant is a person or an organization that wants to sell goods or services
to cardholders.
3. Issuer: The issuer is a financial institution that provides a payment card to a cardholder.
4. Acquirer: this is a financial institution that has a relationship with merchants for
processing payment card authorizations and payments. Also provides an assurance that a
particular cardholder account is active and that the purchase amount does not exceed the
credit limits. It provides electronic fund transfer to the merchant account.
5. Payment Gateway: It processes the payment messages on behalf of the merchant. It
connects to the acquirer‟s system using a dedicated network line.
6. Certification Authority (CA): This is an authority that is trusted to provide public key
certificates to cardholders, merchant, and Payment Gateway.
Q.4) a) Attempt any three: 12M

i) Explain simple columnar transposition technique with algorithm and example.
(Algorithm-2M, Example: 2M)
Ans:
The columnar transposition cipher is a transposition cipher that follows a simple rule for
mixing up the characters in the plaintext to form the cipher-text. It can be combined with
other ciphers, such as a substitution cipher, the combination of which can be more difficult
to break than either cipher on its own. The cipheruses a columnar transposition to greatly
improve its security.
Algorithm:
1. The message is written out in rows of a fixed length.
Example
The key for the columnar transposition cipher is a keyword e.g. ORANGE.
The row length that is used is the same as the length of the keyword.

lOMoARcPSD|29063204

(Autonomous)

To encrypt a below plaintext
COMPUTER PROGRAMMING
O R A N G E
C O M P U T
E R P R O G
R A M M I N
G L E X X M
In the above example, the plaintext has been padded so that it neatly fits in a rectangle. This
is known as a regular columnar transposition. An irregular columnar transposition leaves
these characters blank, though this makes decryption slightly more difficult. The columns
are now reordered such that the letters in the key word are ordered alphabetically.
5 6 1 4 3 2
O R A N G E
C O M P U T
E R P R O G
R A M M I N
G L E X X M
The Encrypted text or Cipher text is:
MPMET GNMUO IXPRM XCERG ORAL (Written in blocks of Five)
ii) Describe IP security architecture.

(Diagram: 2M, Explanation: 2M)
Ans:
IPsec architecture: IPsec is to encrypt and seal the transport and application layer data
during transmission. Also offers integrity protection for the Internet layer. IPSec layer sits
in between the transport and the Internet layers of conventional TCP/IP protocol stack.

lOMoARcPSD|29063204

(Autonomous)

IPSec actually consists of two main protocols

a) Authentication Header (AH):
b) Encapsulating Security Payload (ESP):
a) Authentication Header (AH): The AH provides support for data integrity and
authentication of IP packets. The data integrity service ensures that data inside IP
packet is not altered during the transit. The authentication service enables an end user
or computer system to authenticate the user or the application at the other end and
decides to accept or reject packets accordingly. This also prevents IP spoofing attacks.
AH is based on MAC protocol, which means that the two communicating parties must
share a secret key in order to use AH.
b) Encapsulating Security Payload (ESP): ESP is a member of the IPsec protocol suite.
In IPsec it provides origin authenticity, integrity and confidentiality protection
of packets. ESP also supports encryption-only and authentication-only configurations,
but using encryption without authentication is strongly discouraged because it is
insecure.
Modes of operation: Both AH and ESP works in two modes:

1. Tunnel mode: In tunnel mode, IPsec protects the entire IP datagram. It takes an IP
datagram, adds the IPSec header and trailer and encrypts the whole thing. It then adds
new IP header to this encrypted datagram.
2. Transport mode: Transport mode does not hide the actual source and destination
addresses. They are visible in plain text, while in transit. In the transport mode, IPSec
takes the transport layer payload, adds IPSec header and trailer, encrypts the whole
thing and then adds the IP header. Thus IP header is not encrypted.
iii) Define cyber crime. List different types of cyber crimes.

(Define: 2M, Types: 2M (any 4))
Ans.

lOMoARcPSD|29063204

(Autonomous)

Cybercrime is defined as a crime in which a computer is the object of the crime (hacking,
phishing, spamming) or is used as a tool to commit an offense (child pornography, hate
crimes). Cybercriminals may use computer technology to access personal information,
business trade secrets, or use the Internet for exploitive or malicious purposes. Criminals
can also use computers for communication and document or data storage. Criminals who
perform these illegal activities are often referred to as hackers.
Cybercrime may also be referred to as computer crime.
Types of Cybercrimes are
1. Hacking
2. Cracking
3. Theft
4. Malicious software
5. Child soliciting and abuse
iv) What is Software piracy?
(Any Relevant Description: 4M)
Ans:
Software piracy is the illegal copying, distribution, or use of software. It is such a profitable
"business" that it has caught the attention of organized crime groups in a number of
countries. Software piracy causes significant lost revenue for publishers, which in turn
results in higher prices for the consumer.Software piracy applies mainly to full-function
commercial software. The time-limited or function-restricted versions of commercial
software called shareware are less likely to be pirated since they are freely available.
Similarly, freeware, a type of software that is copyrighted but freely distributed at no
charge.
Types of software piracy include:

Soft-lifting: Borrowing and installing a copy of a software application from a colleague.
Client-server overuse: Installing more copies of the software than you have licenses for.
Hard-disk loading: Installing and selling unauthorized copies of software on refurbished
or new computers.
Counterfeiting: Duplicating and selling copyrighted programs.
Online piracy: Typically involves downloading illegal software from peer-to-peer
network, Internet auction or blog. (In the past, the only place to download software was
from a bulletin board system and these were limited to local areas because of long
distance charges while online.)
Q.4) b) Attempt any one: 6M

i) Explain DOS and DDOS with neat diagram.
(Explanation: 2M Each, Diagram: 1M Each)
Ans.
Denial Of Service Attack: Denial of service (DOS) attack scan exploits a known
vulnerability in a specific application or operating system, or they may attack features (or

lOMoARcPSD|29063204

(Autonomous)

weaknesses) in specific protocols or services. In this form of attack, the attacker is
attempting to deny authorized users access either to specific information or to the computer
system or network itself. The purpose of such an attack can be simply to prevent access to
the target system, or the attack can be used in conjunction with other actions in order to
gain unauthorized access to a computer or network. SYN flooding is an example of a DOS
attack that takes advantage of the way TCP/IP networks were designed to function, and it
can be used to illustrate the basic principles of any DOS attack. SYN flooding utilizes the
TCP three-way handshake that is used to establish a connection between two systems. In a
SYN flooding attack, the attacker sends fake communication requests to the targeted
system. Each of these requests will be answered by the target system, which then waits for
the third part of the handshake. Since the requests are fake the target will wait for responses
that will never come, as shown in Figure.
Fig: DOS Attack

The target system will drop these connections after a specific time-out period, but if the
attacker sends requests faster than the time-out period eliminates them, the system will
quickly be filled with requests. The number of connections a system can support is finite,
so when more requests come in than can be processed, the system will soon be reserving all
its connections for fake requests. At this point, any further requests are simply dropped
(ignored), and legitimate users who want to connect to the target system will not be able to.
Use of the system has thus been denied to them.
Distributed denial-of-service (DDoS): DDoS is the attack where source is more than one,
often thousands of, unique IP addresses. It is analogous to a group of people crowding the
entry door or gate to a shop or business, and not letting legitimate parties enter into the
shop or business, disrupting normal operations.DDoS is a type of DOS attack where
multiple compromised systems, which are often infected with a Trojan, are used to target a
single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist
of both the end targeted system and all systems maliciously used and controlled by the
hacker in the distributed attack.
A Denial of Service (DoS) attack is different from a DDoS attack. The DoS attack typically
uses one computer and one Internet connection to flood a targeted system or resource. The

lOMoARcPSD|29063204

(Autonomous)

DDoS attack uses multiple computers and Internet connections to flood the targeted
resource. DDoS attacks are often global attacks, distributed via botnets.
Types of DDoS Attacks:
Traffic attacks: Traffic flooding attacks send a huge volume of TCP, UDP and ICPM
packets to the target. Legitimate requests get lost and these attacks may be accompanied by
malware exploitation.
Bandwidth attacks: This DDoS attack overloads the target with massive amounts of
junk data. This results in a loss of network bandwidth and equipment resources and can
lead to a complete denial of service.
Application attacks: Application-layer data messages can deplete resources in the
application layer, leaving the target's system services unavailable.
Stacheldraht is a piece of software written by Random for Linux and Solarissystems
which acts as a distributed denial of service (DDoS) agent. This tool detects and
automatically enables source address forgery.Stacheldraht uses a number of different DoS
attacks, including UDP flood, ICMP flood, TCP SYN flood andSmurf attack.
Fig: DDOS Attack

ii) Explain worm and virus. Differentiate between worm and virus.
(Explanation of Worm & Virus: 2M Each, Any 2 Differences: 2M)
Ans.
Worm: A worm is similar to a virus by design and is considered to be a sub-class of a
virus. Worms spread from computer to computer, but unlike a virus, it has the capability to
travel without any human action. A worm takes advantage of file or information transport
features on your system, which is what allows it to travel unaided.
The biggest danger with a worm is its capability to replicate itself on your system, so rather
than your computer sending out a single worm, it could send out hundreds or thousands of
copies of itself, creating a huge devastating effect. One example would be for a worm to
send a copy of itself to everyone listed in your e-mail address book. Then, the worm

lOMoARcPSD|29063204

(Autonomous)

replicates and sends itself out to everyone listed in each of the receiver's address book, and
the manifest continues on down the line.
Due to the copying nature of a worm and its capability to travel across networks the end
result in most cases is that the worm consumes too much system
memory (or network bandwidth), causing Web servers, network servers and individual
computers to stop responding. In recent worm attacks such as the much-talked-about
Blaster Worm, the worm has been designed to tunnel into your system and allow malicious
users to control your computer remotely.
Virus:A computer virus attaches itself to a program or file enabling it to spread from one
computer to another, leaving infections as it travels. Like a human virus, a computer virus
can range in severity: some may cause only mildly annoying effects while others can
damage your hardware, software or files. Almost all viruses are attached to anexecutable
file, which means the virus may exist on your computer but it actually cannot infect your
computer unless you run or open the malicious program.
It is important to note that a virus cannot be spread without a human action, (such as
running an infected program) to keep it going. Because a virus is spread by human action
people will unknowingly continue the spread of a computer virus by sharing infecting files
or sending emails with viruses as attachments in the email.
Virus Worm
The virus is the program code that attaches The worm is code that replicate itself in order
itself to application program and when to consume resources to bring it down.
application program run it runs along with it.
It inserts itself into a file or executable It exploits a weakness in an application or
program. operating system by replicating itself.
It has to rely on users transferring infected It can use a network to replicate itself to other
files/programs to other computer systems. computer systems without user intervention.
Yes, it deletes or modifies files. Sometimes a Usually not. Worms usually only monopolize
virus also changes the location of files. the CPU and memory.
Virus is slower than worm. Worm is faster than virus
E.g. Macro virus, Directory virus, Stealth E.g. Code red
Virus
Q.5) Attempt any two: 16M

a) Explain individual user responsibilities in computer security.
(Eachpoint 1M, any 8 points)
Ans. Individual user responsibilities in computer security are:
a) Lock the door of office or workspace.
b) Do not leave sensitive information inside your car unprotected.
c) Secure storage media in a secure storage device which contains sensitive information.
d) Shredding paper containing organizational information before discarding it.

lOMoARcPSD|29063204

(Autonomous)

e) Do not expose sensitive information to individuals that do not have an authorized need to
know it.
f) Do not discuss sensitive information with family members.
g) Be alert to, and do not allow, piggybacking, shoulder surfing or access without the proper
identifications.
h) Establish different procedures to implement good password security practice that
employees should follow.
b) What is PGP? How PGP is used for email security?

(Explanation of PGP2M, Diagram 2M, Working 4M)
Ans.
PGP is Pretty Good Privacy. It is a popular program used to encrypt and decrypt email
over the internet. It becomes a standard for e-mail security. It is used to send encrypted
code (digital signature) that lets the receiver verify the sender„s identity and takes care that
the route of message should not change. PGP can be used to encrypt files being stored so
that they are in unreadable form and not readable by users or intruders It is available in
Low cost and Freeware version. It is most widely used privacy ensuring program used by
individuals as well as many corporations.
How PGP works

1.Digital Signature
2. Compression
3. Encryption
4. Enveloping
5. Base-64 Encoding
There are five steps as shown in fig.
1. Digital Signature
2. Compression
3. Encryption
4. Enveloping
5. Base-64 Encoding

lOMoARcPSD|29063204

(Autonomous)

1. Digital signature: it consists of the creation a message digest of the email message
using SHA-1 algorithm. The resulting MD is then encrypted with the sender‟s private
key. The result is the sender‟s digital signature.
2. Compression: the input message as well as p digital signature are compressed together
to reduce the size of final message that will be transmitted. For this the Lempel-Ziv
algorithm is used.
3. Encryption: The compressed output of step 2 (i.e. the compressed form of the original
email and the digital signature together) are encrypted with a symmetric key.
with the receiver‟s public key. The output of step 3 and 4 together form a digital
envelope.
5. Base -64 encoding: this process transforms arbitrary binary input into printable
character output. The binary input is processed in blocks of 3 octets (24-bits).these 24
c) Explain characteristics, working, design principle and limitation of firewall.

(Characteristics 1M, Diagram 1M, working 2M, design principle 2M and Limitation of
firewall 2M)
Ans.
Characteristics:
1. All traffic from inside to outside must pass through the firewall (physically blocking all
access to the local network except via the firewall)
2. Only authorized traffic (defined by the local security police) will be allowed to pass
3. The firewall itself is immune to penetration (use of trusted system with a secure
operating system)
Design Principal:
A firewall is a networking device – hardware, software or a combination of both–
whose purpose is to enforce a security policy across its connection. It is much like a
wall that has a window: the wall serves to keep things out, except those permitted
through the window.

lOMoARcPSD|29063204

(Autonomous)

Working:Firewalls enforce the establishment security policies. Variety of
mechanism includes:
Packet filtering router
Circuit level gateways
Application Gateways/ Proxy Server.
Network Address Translation (NAT)
One of the most basic security function provided by a firewall is Network Address
Translation (NAT). This service allows you to mask significant amounts of information
from outside of the network. This allows an outside entity to communicate with an entity
inside the firewall without truly knowing its address.
Basic Packet Filtering, the most common firewall technique, looking at packets, their
protocols and destinations and checking that information against the security policy.
Telnet and FTP connections may be prohibited from being established to a mail or
database server, but they may be allowed for the respective service servers.
This is a fairly simple method of filtering based on information in each packet header,
like IP addresses and TCP/UDP ports. This will not detect and catch all undesired packet
but it is fast and efficient.
A firewall can either be software-based or hardware-based and is used to help keep a
network secure. Its primary objective is to control the incoming and outgoing traffic of
network by analyzing the data packets and determining whether it should be allowed
through or not, based on a predetermined rule set. A network's firewall builds a brigade
between an internal network that is assumed to be secure and trusted, and another
network, usually an external (inter)network, such as the Internet, that is not assumed to be
secure and trusted.
Many personal computer operating systems include software-based firewalls to protect
against threats from the public Internet. Many routers that pass data between networks
contain firewall components and, conversely, many firewalls can perform basic routing
functions.
Limitations:
1. Firewall do not protect against inside threats.
2. Packet filter firewall does not provide any content based filtering.
3. Protocol tunneling, i.e. sending data from one protocol to another protocol which
negates the purpose of firewall.
4. Encrypted traffic cannot be examine and filter.
Q.6) Attempt any four: 16M

a) Describe dumpster diving with its prevention mechanism.
(Concept 3M, Prevention mechanism 1M)
Ans.
Dumpster diving: It is the process of going through a target‟s trash in order to find
little bits of information System attackers need certain amount of information before

lOMoARcPSD|29063204

(Autonomous)

launching their attack. One common place to find this information, if the attacker is in the
vicinity of target is to go through the target‟s thrash in order to find little bits of
information that could be useful. The process of going through target‟s thrash is known as
“dumpster diving”.
The search is carried out in waste paper, electronic waste such as old HDD, floppy and
CD media recycle and trash bins on the systems etc.
If the attacker is lucky, the target has poor security process they may succeed in finding
user ID‟s and passwords. If the password is changed and old password is discarded, lucky
dumpster driver may get valuable clue.
To prevent dumpster divers from learning anything valuable from your trash, experts
recommend that your company should establish disposal policy.
b) Explain the term steganography with example.

(Term – 1M, Concept- 2M, Example 1M)
Ans..
Steganography: Steganography is the art and science of writing hidden message in such a
way that no one, apart from the sender and intended recipient, suspects the existence of the
message. Steganography works by replacing bits of useless or unused data in regular
computer files (such as graphics, sound, text, html or even floppy disks) with bits of
different, invisible information. This hidden information can be plain text, cipher text or
even images. In modern steganography, data is first encrypted by the usual means and then
inserted, using a special algorithm, into redundant data that is part of a particular file format
such as a JPEG image.
Steganography process :
Cover-media + Hidden data + Stego-key = Stego-medium
Cover media is the file in which we will hide the hidden data, which may also be encrypted
using stego-key. The resultant file is stego-medium. Cover-media can be image or audio
file.
Stenography takes cryptography a step further by hiding an encrypted message so that no
one suspects it exists. Ideally, anyone scanning your data will fail to know it contains
encrypted data.
Stenography has a number of drawbacks when compared to encryption. It requires a lot of
overhead to hide a relatively few bits of information.
i.e. One can hide text, data, image, sound, and video, behind image.
c) Describe the concept of Kerberos.

(Explanation with Diagrams of different steps 4M)
Ans.
Kerberos is a network authentication protocol. It is designed to provide strong
authentication for client/server applications by using secret-key cryptography.

lOMoARcPSD|29063204

(Autonomous)

Kerberos was created by MIT as a solution for network security problems and it is freely
available from MIT, under copyright permission.
How Kerberos does works?

Kerberos operates by encrypting data with a symmetric key. A symmetric key is a type of
authentication where both the client and server agree to use a single encryption/decryption
key for sending and receiving data.
When working with the encryption key, the details are actually sent to a key distribution
center (KDC), instead of sending the details directly between each computer.
The entire process takes a total of eight steps, as shown below.
1. The authentication service, or AS, receivers the request by the client and verifies that the
client is indeed the computer it claims to be. This is usually just a simple database lookup
of the user‟s ID.
User Id
client
Authentication server (AS)
2. Upon verification, a timestamp is crated. This puts the current time in a user session,
along with an expiration date. The default expiration date of a timestamp is 8 hours. The
encryption key is then created. The timestamp ensures that when 8 hours is up, the
encryption key is useless. (This is used to make sure a hacker doesn‟t intercept the data,
and try to crack the key. Almost all keys are able to be cracked, but it will take a lot
longer than 8 hours to do so)
Ticket granting ticket

Time stamp: 8 hrs.
Client
Authentication server (AS)
3. The key is sent back to the client in the form of a ticket-granting ticket, or TGT. This is
a simple ticket that is issued by the authentication service. It is used for authentication
the client for future reference.

lOMoARcPSD|29063204

(Autonomous)

4. The client submits the ticket-granting ticket to the ticket-granting server, or TGS, to get
authenticated.
ticket.

lOMoARcPSD|29063204

(Autonomous)

client.
d) Describe IT Act 2008

(Any four features of IT Act 2008- 2M, any four amendments-2M )
Ans.
It is introduced with many additional features of IT Act 2000:
They have amplified the existing provisions or introduced new provisions.
Electronics signature introduced
Important definitions added
Legally validated electronic documents reemphasized.
Critique on power of controller under the IT Act 2008
The role of adjudicating officer under the IT Act 2008.
Composition of CAT (Cyber Appellate Tribunal)
New cybercrimes as offences under amended Act
Power of Block unlawful websites should be exercised with caution.
Section 69B added to confer power to collect, monitor traffic data
Significance of the term Critical Information Infrastructure
Important Clarifications on the Act‟s application and effect
The combination effect of section 88 and 77B
Combined effect of section 78 and 80.
Features of I.T. Amendment Act 2008:

Focusing on data privacy
Focusing on information security.
Defining cyber café.
Making digital signature technology neutral.
Defining reasonable security practices to be followed by corporate.
Redefining the role of intermediaries.

lOMoARcPSD|29063204

(Autonomous)

Recognizing the role of Indian computer Emergency Response Team.
Inclusion of some additional cybercrimes like child pornography and cyber
terrorism.
Authorizing an Inspector to investigate cyber offences.
e) What is TLS? What are two layers of TLS?

(Explanation-2M, Layers-2M)
Ans.
The Transport Layer security (TLS) protocol provides communications privacy over
internet. The protocol allows client-server applications to communicate in a way that is
designed to prevent eavesdropping, tampering or message forgery. The primary goal of the
TLS protocol is to provide privacy in data integrity between two communicating
applications.
TLS Record Protocol provides connection security with some encryption method such as
the Data Encryption Standard (DES). The TLS Record Protocol can also be used without
encryption. The
TLS Handshake Protocol allows the server and client to authenticate each other and to
negotiate an encryption algorithm and cryptographic keys before data is exchanged.

lOMoARcPSD|29063204

(Autonomous)
WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 1/31

1) The answers should be examined by key words and not as word-to-word as given in the model
answer scheme.
2) The model answer and the answer written by candidate may vary but the examiner may try to
3) The language errors such as grammatical, spelling errors should not be given more
Importance.
4) While assessing figures, examiner may give credit for principal components indicated in the
figure. The figures drawn by candidate and model answer may vary. The examiner may give
5) In case of some questions credit may be given by judgement on part of examiner of relevant
answer based on candidate‘s understanding.
Q.1) a) Attempt any three of the following: 12

1) Describe security principles based on CIA.
(Meaning of CIA-1M, explanation of each point-1M, example optional)
Ans.
The security principles based on CIA are : confidentiality, integrity, and authentication—the ―CIA‖
of security.

A Secret B
Confidentiality.

lOMoARcPSD|29063204

(Autonomous)


A I am B
user A
3. Integrity: when the contents of the message are changed after the sender sends it,
but before it reaches the intended recipient, we say that the integrity of the message is
lost.
Ideal route of message B

A
Actual route of message

lOMoARcPSD|29063204

(Autonomous)

2) Explain piggybacking.
(Explanation -2M, example- 2M)
Ans.
Piggybacking is the simple process of following closely behind a person who has just used
their own access card or PIN to gain physical access to a room or building. An attacker can
thus gain access to the facility without having to know the access code or having to acquire
an access card.
Piggybacking, in a wireless communications context, is the unauthorized access of a
wireless LAN. Piggybacking is sometimes referred to as ―Wi-Fi squatting‖. The usual
purpose of piggybacking is simply to gain free network access rather than any malicious
intent, but it can slow down data transfer for legitimate users of the network. Furthermore,
a network that is vulnerable to piggybacking for network access is equally vulnerable when
the purpose is data theft, dissemination of viruses, or some other illicit activity.
Example: Access of wireless internet connection by bringing one's own computer within
the range of another wireless network & using that without explicit permission.
3) Compare symmetric and asymmetric key cryptography.

(Each comparison point- 1M, any four points)
Ans.
Categories Symmetric key Cryptography Asymmetric key Cryptography
Key used for Same key is used for encryption & One key is used for encryption &
encryption decryption. another different key is used for
/decryption decryption.
Key process Ke=Kd Ke# Kd
Speed of Very fast Slower
encryption/decryption
Size of resulting Usually same as or less than the More than the original clear text
encrypted text original clear text size. size.
Key A big problem No problem at all.
agreement/exchange
Usage Mainly used for encryption and Can be used for encryption and
decryption, cannot be used for decryption as well as for digital
digital signatures. signatures.
Efficiency in usage Symmetric key cryptography is Asymmetric key cryptography
often used for long messages. are more efficient for short
messages.

lOMoARcPSD|29063204

(Autonomous)

4) Describe terms regarding computer security.
i) Assets ii) Vulnerability
iii) Threats iv) Risk
(1M for each term)
Ans.
i. Assets: Asset is any data, device, or other component of the environment that supports
information-related activities. Assets generally include hardware, software and confidential
information.
ii. Vulnerability: It is a weakness in computer system & network.
iii. Threats: It is a set of things which has potential to loss or harm to computer system & network.
iv. Risk: Risk is probability of threats that may occur because of presence of vulnerability in a
system.
Q.1) b) Attempt any one of the following: 6

1) Explain model of security with block diagram.
(Explanation of each point with diagram- 2M)
Ans.
CIA Model for security:

Example of compromising the Confidentiality of a message is shown in fig:
A Secret B
Confidentiality.

lOMoARcPSD|29063204

(Autonomous)

A I am B
user A
3. Integrity: when the contents of the message are changed after the sender sends it,
but before it reaches the intended recipient, we say that the integrity of the message is
lost.
Ideal route of message B

A

lOMoARcPSD|29063204

(Autonomous)

2) Explain data recovery tools and procedures.
(Explanation of data recovery 4M, procedures-2M)
Ans.
These are various formatted partition recovery tool available .Although every tool will have
different GUI & method of recovery.
Steps of data recovery:

Step 2: Select the file types you want to recover & volume where the formatted hard drive
is. The tool will automatically scan the selected volume.
Step 3: Then the founded data will be displayed on the screen & you can get a preview of
it. Then select the file or directory that you want to recover & save them to a healthy drive.
Data recovery procedures:

 A computer data recovery procedure is an important part for any computer literate
personality that cannot be neglected. Computer professional or computer forensic expert
who uses data recovery should maintain the secrecy and privacy of the client.
 Any action or activity that leads to disclosure of privacy of the client should be avoided.
 The values such as integrity, accuracy & authenticity should be exercised in an ethical
environment. The evidence that is produced before the court should be fairly examined &
analyzed. There should not be any carelessness and ignorance regarding the handling of
evidence. The case evidence should be examined in detail based upon validated principles.
Q.2) Attempt any two of the following: 16

1) Explain any four attacks on computer systems security.
(Explanation of each attack- 2M, any four attacks)
Ans.
Different types of attacks are as follows:
i. Denial-of-service attacks
ii. Backdoors and Trapdoors
iii. Sniffing
iv. Spoofing
v. Spoofing E-mail
vi. Man In middle attack
vii. Replay attacks
viii. TCP/ IP Hijacking

lOMoARcPSD|29063204

(Autonomous)

ix. Attacks on Encryption
x. Malware or malicious code such as viruses
1. Denial-of-service attacks can exploit a known vulnerability in a specific application or

o.s, or may attack features in specific protocols or services. In this form attacker is trying
to deny authorized users access either to specific information or to the computer system or
either network. The purpose of such an attack is to simply prevent access to target system
or the attack may be used in conjunction with other action in order to gain unauthorized
access to system or network. SYN flooding attack is one of the examples of this type.
2. Backdoors and Trapdoors: They are the methods used by software developers to
ensure that they could gain access to an application even if something were to happen in
the future to prevent normal access methods. For e.g. A hard coded password that could
be used to gain access to the program in the event that administrator forgot their own
system password. The problem with this sort password (sometimes referred to as
trapdoor) is that since the password is hard coded it cannot be removed. If the attacker
learns about the backdoor, all systems running the software would be vulnerable.
3. Sniffing: A network sniffer is a software or hardware device that is used to observe the
traffic as it passes through the network on shared broadcast media. The device can be
used to view all traffic, all it can target a specific protocol, service or even string of
characters. Normally the network device that connects a computer to a network is
designed to ignore all traffic that is not destined for that computer. Network sniffers
ignore this friendly agreement and observe all traffic on the network whether destined for
that computer or others.
4. Spoofing: It makes the data look like it has come from other source. This is possible in
TCP/IP because of the friendly assumptions behind the protocols. When a packet is sent
from one system to another, it includes not only the destination IP address but the source
IP address. The user is supposed to fill in the source with your own address, but there is
nothing that stops you from filling in another system‘s address.
2) Explain at least four roles of peoples in security.

(Explanation of each role – 2M, any four roles, examples optional)
Ans.
Role of people in security
1. Password selection:
1) User should be able to create their own easy to remember passwords, but should not be
easy for someone else to guess or obtain using password cracking utilities.

lOMoARcPSD|29063204

(Autonomous)

2) Password should meet some essential guidelines for eg.pw should contain some special
characters etc.
3) It should not consist of dictionary words. Etc
2. Piggybacking is the simple process of following closely behind a person who has
just used their own access card or PIN to gain physical access to a room or building.
An attacker can thus gain access to the facility without having to know the access
code or having to acquire an access card.
Piggybacking, in a wireless communications context, is the unauthorized access of a
wireless LAN. Piggybacking is sometimes referred to as ―Wi-Fi squatting‖.
The usual purpose of piggybacking is simply to gain free network access rather than
any malicious intent, but it can slow down data transfer for legitimate users of the
network. Furthermore, a network that is vulnerable to piggybacking for network
access is equally vulnerable when the purpose is data theft, dissemination of viruses,
or some other illicit activity.
Example: Access of wireless internet connection by bringing one's own computer
within the range of another wireless network & using that without explicit
permission.
3. Shoulder surfing is a similar procedure in which attackers position themselves in

such a way as-to be-able to observe the authorized user entering the correct access
code or data.
Both of these attack techniques can be easily countered by using simple procedures
to ensure nobody follows you too closely or is in a position to observe your actions.
Shoulder surfing is using direct observation techniques, such as looking over
someone's shoulder, to get information. Shoulder surfing is an effective way to get
information in crowded places because it's relatively easy to stand next to someone
and watch as they fill out a form, enter a PIN number at an ATM machine. Shoulder
surfing can also be done long-distance with the idea of binoculars or other vision-
enhancing devices.
To prevent shoulder surfing, experts recommend that you shield paper work or your
keypad from view by using your body or cupping your hand.
4. Dumpster diving:-Dumpster is diving is the process of going through a target‘s

trash in order to find little bits of information.
In the world of information technology, dumpster diving is a technique used to
retrieve information that could be used to carry out an attack on a computer network.
The search is carried out in waste paper, electronic waste such as old HDD, floppy
and CD media recycle and trash bins on the systems etc.
recommend that your company should establish disposal policy.

lOMoARcPSD|29063204

(Autonomous)

5. Installing Unauthorized Software/Hardware: because of possible risks, many
organizations do not allow their users to load software or install new hardware without the
information and help of administrators. Organizations also restrict what an individual do by
received e-mails.
6. Access by non-employees: If attacker can get physical access to a facility then there are
many chances of obtaining enough information to enter into computer systems and
networks. Many organizations restrict their employees to wear identification symbols at
work.
7. Security awareness: Security awareness program is most effective method to oppose

potential social engineering attacks when organization‗s security goals and policies are
established. An important element that should concentrate in training is which information
is sensitive for organization and which may be the target of a social engineering attack.
8. Individual user responsibilities:

iii) Secure storage media which contains sensitive information.
iv) Shredding paper containing organizational information before discarding it. (More
3) Explain SHA-1 algorithm with diagram.

(Explanation -6M, Diagram- 2M)
**Note: Relevant answer shall be considered
Ans.
SHA-1 is secure hashing algorithm. It is used create message digest or hash value of
original message. SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function .
A hash is a special function that performs one way encryption meaning that once the
algorithm is processed, there is no feasible way to take the cipher text and retrieve the plain
text that was used to generate it.
Algorithm steps:
 Hashing starts with 160-bit seed as hash value.
 A sequence of non-linear operation is carried out on the first message block 512-
bits.
 The sequence is cyclically repeated 80 times and a 160 bit hash value is generated.
 The cyclic sequence is repeated for the second message block of 512 bits.
 The process is continued until all the N message block have been hashed and the
final 160bit hash value is generated.

lOMoARcPSD|29063204

(Autonomous)

Q.3) Attempt any four of the following: 16

1) Explain the concept of Kerberos.
(1M Concept, 3M –Diagram/ Explanation of Kerberos)
Ans.
Kerberos is a network authentication protocol. This is developed by MIT. It‘s taken from
mythology; Kerberos was a three headed dog who guards gates of Hades. It is secure
method for authentication of request for a service in a computer network. It provides strong
authentication for client/server application by using secret-key cryptography. From
Kerberos allows a user request an encrypted ―Ticket‖ from an Authentication process that
can be used to request a particular service from server. The user password does not have to
pass through the network.
It Consists of:
 User
 Authentication service and
 Ticket granting server
 Service server
User want to access server, it needs a Kerberos ticket before request.
 Request Authentication from request Authentication server (AS), It creates ―session key-
encryption key ―based on your password, its effectively a Ticket-granting ticket.
 User sends his/her ticket granting ticket to ticket granting server(TGS), it may be
physically same server as Authentication server, Now TGT returns the ticket that can be
sent to the server for the requested service.
 The service rejects the ticket or accepts it to perform service.

lOMoARcPSD|29063204

(Autonomous)

 Ticket received from TGT is a Time-stamped, It allows user to make additional request
using same ticket within a certain time period without re-authentication. This improves
security as ticket is granted for limited time period.
 Following diagrams optional
a) User ID
Client Authentic
ation
server
(AS)
Authentication service receives the request by client and verifies that the client is indeed
the authentic computer. It‘s valid for time-stamp allotted (i.e. 8 hours).
b)
Ticket-Granting Ticket
(Timestamp 8 hours) Authentic
Client
ation
server
(AS)
c)
Client Authentica
tion server
(AS)
Ticket-Granting Ticket (Timestamp 8 hours)

Ticket
granting
server (TGS)

lOMoARcPSD|29063204

(Autonomous)

d)
Authentic
Client
ation
server
(AS)
Encrypted Key Ticket-Granting Ticket

Ticket
(Timestamp 8 hours)
granting
server
(TGS)
e)
Authenticat
ion server
Client
Ticket
granting
Encrypted Key Ticket-Granting Ticket
Service
Server
f)
Success Service
Client
Server

lOMoARcPSD|29063204

(Autonomous)

2) Describe the process of biometric authentication with neat labelled diagram for finger
print.
(Basic Diagram of biometric authentication 2M, explanation of process 2M)
Ans.
Environment Reference template
Pre-processing Feature Template Matching process

Extraction generation
Sensor (as per Device used for

mechanism) application
Fig. Basic Biometric system
To provide physical security following methods are there.
1) Access controls: Use of physical access controls is same as that of computer &
network access controls to restrict access to unauthorized users. Most common access
control mechanisms are security guard & lock and key combination
2) Biometrics: Biometrics is idea to map measurement s of human physical

characteristics to human uniqueness. The major biometrics forms are:
Handprint, Fingerprint, Retina, Voice/speech, Handwriting/signature, Face
3) Physical Barriers: A physical barrier helps in implementing physical world equivalent of

layered security.
3) Explain use of S-Box in implementation of DES algorithm.

(2M Explanation of S-box Substitution, 2M diagram, steps of DES optional)
Ans.
The Data Encryption Standard is generally used in the ECB, CBC, or the CFB mode.
DES is a block cipher. It encrypts data in blocks of size 64 bits each. That is, 64 bits of
plain text goes as the input to DES, which produces 64 bits of cipher text. DES is based
on the two fundamental attributes of cryptography:
Substitution and transposition
S-box substitution: it accepts the 48-bits input from the XOR operation involving the
compressed key and expanded RPT and produces 32-bit output using the substitution
techniques. Each of the 8 S-boxes has a 6-bit input and a 4-bit output. The output of

lOMoARcPSD|29063204

(Autonomous)

each S-box then combined to form a 32-bit block, which is given to the last stage of a
round.
Key Transformation
S-Box Substitution
P Box Permutation
XOR and Swap
Fig. Details of one round in DES
4) Explain working of PGP email security.

(2M Explanation, 2M working)
Ans.
Pretty Good Privacy is a popular program used to encrypt and decrypt email over
the internet. It becomes a standard for e-mail security. It is used to send
encrypted code (digital signature) that lets the receiver verify the sender‘s

lOMoARcPSD|29063204

(Autonomous)

identity and takes care that the route of message should not change. PGP can be
used to encrypt files being stored so that they are in unreadable form and not
readable by users or intruders It is available in Low cost and Freeware version. It
is most widely used privacy ensuring program used by individuals as well as
many corporations.
Working of PGP:
1. Authentication: Here sender creates message, SHA-1 used to generate 160
bit hash table of message. The hash code is encrypted using the sender‘s
private key and the result is pretended to the message. Receiver uses senders
public key to decrypt and recover the hash table. Receiver generates new
hash code and is compared with decrypted hash code. If match found then
message is authentic.
2. Confidentiality:
This is Basic service provided by PGP. It provides an encrypted message to
be transmitted or stored locally as file. Sender generates a message and
random 128 bit no. used as a session key only for this message, which is
encrypted. Session key is used to decrypt the message.
5) Explain the steps for hardening applications.

(Explanation 4M)
Ans.
Application Hardening is a security feature designed to avoid/prevent exploitation of
various types of vulnerabilities in software application. It also secures against local
and internet attacks. Vulnerabilities are introduced by programmers who fail to
check the properly the input data entering into the application. If there are
vulnerabilities in application then it can be exploited by an attacker.
Hardening application is fairly similar to hardening operating system- you remove
the functions or components you do not need, restrict access where you can and
make sure that the application is kept up to date with patches & maintain application
patches.
Application hardening has following mechanisms:

a) Process spawning Control: uses fact that in most cases the application does not
need the ability to launch other executable for proper functioning. By taking away
the process spawning ability from the application, hackers will not be able to
perform the process spawning attack.
b) EXE file protection: another method to break into system is to trick the
vulnerable application into modifying or creating executable file protection defense
is based on in most of the cases, the application does not need to create or modify

lOMoARcPSD|29063204

(Autonomous)

executable files. Hackers will not be able to perform attacks tampering with
executable files on the system.
c) System tampering protection: Another possibility to break into the system is

to trick the vulnerable application into modifying special sensitive area of the
operating system and taking advantage of those modifications. Those sensitive areas
include Windows registry keys used to control launching of application on system
startup the system.ini and win.ini files… The system tampering protection defense is
based on the fact that in almost all cases normal applications do not need to perform
such operations for their proper function, by preventing applications to modify
special areas of Operating system. Hackers will not be able to attack by tampering
with sensitive special areas of the system.
Application Patches will be helpful in this case like Hotfixes, Patches, and upgrades.
Q.4) a) Attempt any three of the following: 12

1) Explain concept of Hashing with example and properties.
(Explanation 2M, properties of hash function 2M)
Ans.
Hashing:
 Hashing functions are one of the most commonly used encryption methods.
 A hash is a special function that performs one-way encryption, meaning that once
the algorithm is processed, there is no feasible way to take the cipher text and
retrieve the plain text that was used to generate it.
 The hash code is a function of all bits of the message and provides as error
detection capability. A change in any bit or bits results in a change of hash value.
 A hash value h is generated by a function H of the form
h = H(M)
where,
M is variable length message and
H(M) is the fixed length hash value.
 The hash value is appended to the message at the source at a time when the
message is assumed or known to be correct.
 The receiver authenticates that message by re-computing the hash value. Hash
value is not considered to be secret so something is required to protect the hash value.
 The message plus concatenated Hash code is encrypted using symmetric
encryption. Sender and receiver share the same secret key. The message must have
come from authorized sender and has not been altered is checked by recomputing and
comparing hash code by receiver.

lOMoARcPSD|29063204

(Autonomous)

Hash value should have following properties for message authentication:
1. H can be applied to a block of data of any size.
2. H produces a fixed length output.
3. H(X) is relatively easy to compute for any given x making both hardware and
software implementation practical.
4. For any given value of h , it is computationally infeasible to find x such that
H(X) = h This is referred to as the one way property.
5. For any given block of x, it is computationally infeasible to find y ≠ x with
H(y) = H(x)
6. This is referred to as weak collision resistance.
2) Describe following term:

i) DMZ ii) Internet
iii) Intranet iv) IDS
(1M for each point, explanation in short)
Ans.
i) DMZ (Demilitarized Zone):
It is a Computer host or small network inserted as a neutral zone between a company
private network and public network. It prevents outside users from getting direct
access to a server that has company data. A DMZ is an optional and more secure
approach to a firewall and effectively acts as proxy server. In DMZ a separate
computer or host in network terms receives requests from users within the private
network to provide access to web sites or other companies accessible on the public
network. DMZ host initiates sessions for request on public networks. DMZ host is not
able to initiate a session back into the private network. It only forward packets that
have already been requested. Users of the public network outside the company can
access only the DMZ host.
DMZ may also have the company‘s web pages so these could be served to the outside
world. DMZ provides access to no other company data.
CISCOS are the leading makers of routers those facilitate for setup of DMZ.

lOMoARcPSD|29063204

(Autonomous)

(Diagram or description (Any one can be considered) 1 Mark)
Computer - 1
Computer - 2
Computer - 3 INTERNET
FIREWALL
DMZ
ii) Internet:
Internet is a network that can be used to transfer email , financial records, files, remote
access etc. from one network to another network.
It is not a single network it is series of interconnected network, that allows protocol to
operate to make possible a data flow across network. WWW (World Wide Web) term
is used with internet. It is based on HTTP (Hypertext Transfer Protocol service) This
can have different actual services and contents, including files, images, audio, video
and even viruses and worms.
iii) Intranet:
Intranet is a private network that is contained within an organization/enterprise. It may
consists of interlinked local area networks also use leased lines in the wide area
network. It includes connections through one or more gateway computers to the
outside Internet. The main purpose is to share company information and computing
resources among employees. It facilitates working in groups and for teleconferences.
Intranet uses TCP/IP, HTTP, and other Internet protocol.
When part of an intranet is made accessible to customer, partners suppliers or outside
the company, then it becomes part of an extranet.
iv) IDS (Intrusion Detection system):

An intrusion detection system (IDS) monitors network traffic and monitors for
suspicious activity and alerts the system or network administrator. In some cases the IDS
may also respond to anomalous or malicious traffic by taking action such as blocking

lOMoARcPSD|29063204

(Autonomous)

the user or source IP address from accessing the network.
IDS come in a variety of Flavors and approach the goal of detecting suspicious
traffic in different ways. there are IDS that detect based on comparing traffic patterns
against a ]baseline and looking for anomalies. There are IDS that simply monitor
and alert and there are IDS that perform an action or actions in response to a
detected threat. We‘ll cover each of these briefly.
3) Explain cyber crime.

(Relevant Explanation of cybercrime -4M)
Ans.
Crimes against people are a category of crime that consists of offenses that usually involve
causing or attempting to cause bodily harm or a threat of bodily harm. These actions are
taken without the consent of the individual the crime is committed against, or the victim.
These types of crimes do not have to result in actual harm - the fact that bodily harm could
have resulted and that the victim is put in fear for their safety is sufficient.
i.e. Assault, Domestic Violence, Stalking
Cybercrime is a bigger risk now than ever before due to the sheer number of connected
people and devices. ‗Cybercrime, as it's a bigger risk now than ever before due to the
sheer number of connected people and devices. it is simply a crime that has some kind
of computer or cyber aspect to it. To go into more detail is not as straightforward, as it
takes shape in a variety of different formats.
Cybercrime:
 Cybercrime has now surpassed illegal drug trafficking as a criminal moneymaker
 Somebody‘s identity is stolen every 3 seconds as a result of cybercrime
Without a sophisticated security package, your unprotected PC can become infected
within four minutes of connecting to the Internet.
Criminals committing cybercrime use a number of methods, depending on their skill-
set and their goal. Here are some of the different ways cybercrime can take shape:
 Theft of personal data
 Copyright infringement
 Fraud
 Child pornography
 Cyber stalking
 Bullying

lOMoARcPSD|29063204

(Autonomous)

Cybercrime covers a wide range of different attacks, that all deserve their own unique
approach when it comes to improving our computer's safety and protecting ourselves.
The computer or device may be the agent of the crime, the facilitator of the crime, or
the target of the crime. The crime may take place on the computer alone or in addition
to other locations. The broad range of cybercrime can be better understood by dividing
it into two overall categories.
4) Explain working of Handshake protocol in SSL.

(Explanation of Handshake protocol 2M, Listing four phases 2M)
Ans.
The SSL protocol was originally developed by Netscape, to ensure security of data
transported and routed through HTTP, LDAP or POP3 application layers. SSL is designed
to make use of TCP as a communication layer to provide a reliable end-to-end secure and
authenticated connection between two points over a network (for example between the
service client and the server). Netscape Navigator browser provided with SSL-enabled
client software.
SSL protocol stack:

The SSL protocol stack is illustrated in Figure
The SSL Protocol Stack:

Message types are:
Hello request, Client hello, Server hello, Certificate, server key exchange,
Certificate request, Server hello done, Certificate verify, Client-key exchange,
finished.
The handshake protocol:

The handshake protocol constitutes the most complex part of the SSL protocol. It is
used to initiate a session between the server and the client. Within the message of
this protocol, various components such as algorithms and keys used for data

lOMoARcPSD|29063204

(Autonomous)

encryption are negotiated. Due to this protocol, it is possible to authenticate the
parties to each other and negotiate appropriate parameters of the session between
them.
It can be divided into 4 phases separated with horizontal broken lines.

 Establish security capabilities
Client hello, then server replies hello
 Server authentication and key exchange
Certificate, Server key exchange, Certificate request, Server hello done
 Client authentication and key exchange
Certificate, client key exchange, Certificate verify
 Finish
Change cipher specification, finished,
Q.4) b) Attempt any one of the following: 6

1) Define attack. Explain steps in attack.
(Definition 2M, Steps 4M)
Ans.
Attack on computer system is either by specifically targeted by attacker, or an opportunistic
target.
Attacks may have having following steps:

Interception: concept of confidentiality, Here an unauthorized party has gained access to a
resource, it can be person, program, or computer based system. i.e. copying of data or
programs, listening to network traffic.
Fabrication: concept of authorization, It involves the creation of illegal objects on a
computer system. i.e. attacker adds fake records to data base.
Modification: Its under Integrity, Here attacker may modify the values in the database.
Interruption: It‘s related to availability, Here Resources become unavailable, Lost or
unusable, i.e. denial of service, problem causing to a hardware device, erasing program, data,
or operating system components.
2) Define virus. Explain atleast 5 types of viruses.

(Definition 1M, Five types of virus with explanation 1M each)
Ans.
Viruses: A program designated to spread from file to file on a single PC , it does not
intentionally try to move to another PC and it must replicate and execute itself. Used as
delivery tool for hacking.

lOMoARcPSD|29063204

(Autonomous)

Types of viruses:
 Parasitic Viruses: It attaches itself to executable code and replicates itself. Once it
is infected it will find another program to infect.
 Memory resident viruses: lives in memory after its execution it becomes a part of
operating system or application and can manipulate any file that is executed, copied
or moved.
 Non- resident viruses: it executes itself and terminates or destroys after specific
time.
 Boot sector Viruses: It infects boot sector and spread through a system when it is
booted from disk containing virus.
 Overwriting viruses: It overwrites the code with its own code.
 Stealth Virus: This virus hides the modification it has made in the file or boot
record.
 Macro Viruses: These are not executable. It affects Microsoft word like documents,
they can spreads through email.
 Polymorphic viruses: it produces fully operational copies of itself, in an attempt to
avoid signature detection.
 Companion Viruses: creates a program instead of modifying an existing file.
 Email Viruses: Virus gets executed when email attachment is open by recipient.
Virus sends itself to everyone on the mailing list of sender.
 Metamorphic viruses: keeps rewriting itself every time, it may change their
behavior as well as appearance code.
Q.5) Attempt any two of the following: 16

1) Explain what are components of good password and four password selection
strategies.
(Any four components: 1M each, Four Strategies: 1M each)
Ans.
Components of good password:
1. It should be at least eight characters long.
2. It should include uppercase and lowercase letters, numbers, special characters or
punctuation marks.
3. It should not contain dictionary words.
4. It should not contain the user's personal information such as their name, family
member's name, birth date, pet name, phone number or any other detail that can easily
be identified.

lOMoARcPSD|29063204

(Autonomous)

5. It should not be the same as the user's login name.
6. It should not be the default passwords as supplied by the system vendor such as
password, guest, and admin and so on.
Four Password selection strategies:
1. User education: Users can be told the importance of using hard-to-guess passwords
and can be provided with guidelines for selecting strong passwords. This user
education strategy is unlikely to succeed at most installations, particularly where there
is a large user population or a lot of turn over. Many users will simply ignore the
guidelines. Others may not be good judges of what is a strong password. For
example, many users believe that reversing a word or capitalizing the last letter makes
a password un-guessable.
users will not be able to remember them. Even if the password is pronounceable, the
user may have difficulty remembering it and so be tempted to write it down. In
general, computer-generated password schemes have a history of poor acceptance by
users. FIPS PUB 181 defines one of the best-designed automated password
generators. The standard includes not only a description of the approach but also a
complete listing of the C source code of the algorithm. The algorithm generates words
by forming pronounceable syllables and concatenating them to form a word. A
random number generator produces a random stream of characters used to construct
the syllables and words.
the system periodically runs its own password cracker to find guessable passwords.
The system cancels any passwords that are guessed and notifies the user. This tactic
has a number of drawbacks. First it is resource intensive, if the job is done right.
Because a determined opponent who is able to steal a password file can devote full
CPU time to the task for hours or even days an effective reactive password checker is
at a distinct disadvantage. Furthermore, any existing passwords remain vulnerable
until the reactive password checker finds them.
security is a proactive password checker. In this scheme, a user is allowed to select
his or her own password. However, at the time of selection, the system checks to see
if the password is allowable and if not, rejects it. Such checkers are based on the
philosophy that with sufficient guidance from the system, users can select memorable
passwords from a fairly large password space that are not likely to be guessed in a
dictionary attack. The trick with a proactive password checker is to strike a balance

lOMoARcPSD|29063204

(Autonomous)

between user acceptability and strength. If the system rejects too many passwords,
users will complain that it is too hard to select a password. If the system uses some
simple algorithm to define what is acceptable, this provides guidance to password
crackers to refine their guessing technique. In the remainder of this subsection, we
look at possible approaches to proactive password checking.
2) Explain in detail intrusion detection systems.
(IDS: 2M, Diagram: 2M, IDS components: 2M, Types: 2M)
Ans.
An IDS (Intrusion detection system) is process of monitoring the events occurring in
computer system or network & analyzing tem for signs of possible incident which are
threats of computer security. Intrusion detection system (IDS) is a device or software
application that monitors network or system activities for malicious activities or policy
violations and produces reports to a management station. IDS come in a variety of
―flavors‖ and approach the goal of detecting suspicious traffic in different ways.
IDS have following logical components

1) Traffic collection: collects activity as events from IDS to examine. On Host-based IDS,
this can be log files, Audit logs or traffic coming to or leaving a system. On network based
IDS, this is typically a mechanism for copying traffic of network link.
2) Analysis Engine: examines collected network traffic & compares it to known patterns
of suspicious or malicious activity stored in digital signature. The analysis engine act like a
brain of IDS
3) Signature database: a collection of patterns & definitions‟ of known suspicious or
malicious activity.
4) User Interface & Reporting: interfaces with human element, providing alerts when

lOMoARcPSD|29063204

(Autonomous)

IDS are mainly divided into two categories, depending on monitoring activity:
1) Host-based IDS:
2) Network based IDS:
1) Host based IDS looks for certain activities in the log files are:
1. Logins at odd hours
2. Login authentication failure.
3. Adding new user account
4. Modification or access of critical systems files.
5. Modification or removal of binary files
6. Starting or stopping processes.
7. Privilege escalation
8. Use of certain program
2) Network based IDS looks for certain activities like:
1. Denial of service attacks.
2. Port scans or sweeps
3. Malicious contents in the data payload of packet(s)
4. Vulnerability of scanning
5. Trojans, Viruses or worms
6. Tunneling
7. Brute force attacks.
3) Explain need for firewall and explain one of the type of firewall with diagram.
(Explanation of need: 4M, Any one firewall explanation: 4M)
Ans.
A firewall works as a barrier, or a shield, between your PC and cyber space. When you are
connected to the Internet, you are constantly sending and receiving information in small
units called packets. The firewall filters these packets to see if they meet certain criteria set
by a series of rules, and thereafter blocks or allows the data. This way, hackers cannot get
inside and steal information such as bank account numbers and passwords from you.
Capabilities:
1. All traffic from inside to outside and vice versa must pass through the firewall. To
achieve this all access to local network must first be physically blocked and access only via
the firewall should be permitted.
2. As per local security policy traffic should be permitted.
3. The firewall itself must be strong enough so as to render attacks on it useless.
Types of Firewalls
1. Packet Filter
2. Circuit level Gateway

lOMoARcPSD|29063204

(Autonomous)

3. Application Gateway
4. Software
5. Hardware
6. Hybrid
7. Stateful multilayer Inspection Firewall
1.Packet Filtering Firewall: Packet Filtering Firewalls are normally deployed on the
Routers which connect the Internal Network to Internet. Packet Filtering Firewalls can only
be implemented on the Network Layer of OSI Model. Packet Filtering Firewalls work on
the Basis of Rules defines by Access Control Lists. They check all the Packets and screen
them against the rules defined by the Network Administrator as per the ACLs. If in case,
any packet does not meet the criteria then that packet is dropped and Logs are updated
about this information. Administrators can create their ACLs on the basis Address,
Protocols and Packet attributes.
Advantage:
The Biggest Advantage of Packet Filtering Firewalls is Cost and Lower Resource Usage
and best suited for Smaller Networks.
Disadvantage:
Packet Filtering Firewalls can work only on the Network Layer and these Firewalls do not
support Complex rule based models. And it‘s also Vulnerable to Spoofing in some Cases.
Fig: Packet Filtering Firewall

lOMoARcPSD|29063204

(Autonomous)

Q.6) Attempt any four of the following: 16
1) Enlist any four consequences when the system is accessed by non-employee.
(Any Four Consequences: 1M each)
Ans.
1. Unauthorized disclosure of information: disclosure of confidential, sensitive or
embarrassing information can result in loss of credibility, reputation, market share, and
competitive edge.
2. Disruption of computer services: be unable to access resources when they are needed can
cause a loss of productivity. Disruption of services during critical processing time may be
disastrous.
3. Loss of productivity: misuse of IT resources such as network bandwidth may cause slow
response times, delaying legitimate computer activities that, in time-critical applications
such as stock trading, can be very costly.
4. Use of a computer or its data for unapproved or possibly illegal activities: Someone
gaining access to a bank computer and performing an unauthorized transfer
5. Financial loss: the losses can be directly from the theft of money or indirectly from the
recovery of security incidents such as corruption of information or disruption of services.
6. Legal implications: security or privacy breaches can expose a company to lawsuits from
investors, customers, or the public.
7. Blackmail: intruders can extort money from the company by threatening to exploit the
security breach.
2) Explain rail fence transposition technique.
(Algorithm – 2M, Example- 2M)
Ans.
In Rail fence cipher, techniques are essentially Transposition Ciphers and generated by
rearrangement of characters in the plaintext. The characters of the plain text string are
arranged in the form of a rail-fence as follows.
Let the Plaintext be ― COMPUTER SECURITY

2. Read the plain text written in Step-1 as a sequence of rows.
Example: plain text = ―COMPUTER SECURITY ―is converted to cipher text with this help
of Rail Fence Technique with dual slope.
Ciphertext: CMUESCRTOPTREUIY

lOMoARcPSD|29063204

(Autonomous)

3) Explain AH mode of IP security.
(Diagram: 1M, Explanation of Fields: 3M)
Ans.
Authentication Header (AH) provides authentication, integrity, and anti-replay for the
entire packet (both the IP header and the data payload carried in the packet). It does not
provide confidentiality, which means it does not encrypt the data. The data is readable, but
protected from modification. AH uses the HMAC algorithms described earlier to sign the
packet for integrity.For example, Alice on Computer A sends data to Bob on Computer B.
The IP header, the AH header, and the data are protected with integrity. This means Alice
can be certain it was really Bob who sent the data and that the data was unmodified.
Integrity and authentication are provided by the placement of the AH header between the
IP header and the transport (layer 4) protocol header, which is shown as TCP/UDP in the
Figure AH uses an IP protocol ID of 51 to identify itself in the IP header.
Figure: Authentication Header
AH can be used alone or in combination with the Encapsulating Security Payload (ESP)
protocol.
The AH header contains the following fields:
1. Next Header: Identifies the next header that uses the IP protocol ID. For example, the
value might be "6" to indicate TCP.
2. Length: Indicates the length of the AH header.
3. Security Parameters Index (SPI): Used in combination with the destination address and
the security protocol (AH or ESP) to identify the correct security association for the
communication. The receiver uses this value to determine with which security
association this packet is identified.

lOMoARcPSD|29063204

(Autonomous)

4. Sequence Number Provides anti-replay protection for the SA. It is 32-bit,
incrementally increasing number (starting from 1) that is never allowed to cycle and
that indicates the packet number sent over the security association for the
communication. The receiver checks this field to verify that a packet for a security
association with this number has not been received already. If one has been received,
the packet is rejected.
5. Authentication Data Contains the Integrity Check Value (ICV) that is used to verify
the integrity of the message. The receiver calculates the hash value and checks it
against this value (calculated by the sender) to verify integrity.
4) Explain IT Act 2000 and 2008.

(IT Act 2000: 2M, IT ACT 2008: 2M)
Ans.
Information Technology Act
The Government of India enacted The Information Technology Act with some major
objectives which are as follows –
 To deliver lawful recognition for transactions through electronic data interchange (EDI)
and other means of electronic communication, commonly referred to as electronic
commerce or E-Commerce. The aim was to use replacements of paper-based methods of
communication and storage of information.
 To facilitate electronic filing of documents with the Government agencies and further to
amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books
Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected
therewith or incidental thereto.
The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000. The I.
T. Act got the President‘s assent on June 9, 2000 and it was made effective from October
17, 2000. By adopting this Cyber Legislation, India became the 12th nation in the world to
adopt a Cyber Law regime.
Objectives of the IT Act 2000 are:
1. To grant legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication commonly referred to as
―electronic commerce‖ in place of paper based methods of communication.
2. To give legal recognition to Digital signatures for authentication of any information
or matter this requires authentication under any law.
3. To facilitate electronic filing of documents with Government departments
4. To facilitate electronic storage of data

lOMoARcPSD|29063204

(Autonomous)

5. To facilitate and give legal sanction to electronic fund transfers between banks and
financial institutions
6. To give legal recognition for keeping of books of accounts by banker‘s in electronic
form.
7. To amend the Indian Penal Code, the Indian Evidence Act, 1872, the Banker‘s Book
Evidence Act, 1891, and the Reserve Bank of India Act, 1934.
IT ACT 2008:
It is the information Technology Amendment Act, 2008 also known as ITA-2008
It is a considerable addition to the ITA-2000 and is administered by the Indian Computer
Emergency Response Team (CERT-In) in year 2008.
Basically, the act was developed for IT industries, to control e-commerce, to provide e-
governance facility and to stop cybercrime attacks.
The alterations are made to address some issues like the original bill failed to cover, to
accommodate the development of IT and security of e-commerce transactions.
The modification includes.
1.Redefinition of terms like communication device which reflect the current use.
2.Validation of electronic signatures and contracts.
3.The owner of an IP address is responsible for content that are accessed or
distributed through it.
Organizations are responsible for implementation of effective data security practices.
Following are the characteristics of IT ACT 2008:

1. This Act provides legal recognition for the transaction i.e. Electronic Data
Interchange (EDI) and other electronic communications. Electronic commerce is the
alternative to paper based methods of communication to store information.
2. This Act also gives facilities for electronic filling of information with the Government
agencies and further to change the Indian Penal Code-Indian Evidence Act 1872,
Bankers code Evidence Act 1891 and Reserve Bank of India Act, 1934 and for matter
connected therewith or incidental thereto.
3. The General Assembly of the United Nations by resolution A/RES/51/162, dated 30
January 1997 has adopted the model law on Electronic Commerce adopted by the
United Nations Commission on International Trade Law.
4. This recommends that all States give favourable consideration to the above said
model law when they enact or revise their laws, in terms of need for uniformity of the
law applicable to alternative to paper based methods of communication and storage of
information.
5. It is considered necessary to give effect to the said resolution and to promote efficient

lOMoARcPSD|29063204

(Autonomous)

5) Explain the function of entities used in SET.

(Four Entities with function: 1M each)
Ans.
Secure Electronic Transaction (SET) is a security technology proposed by Visa and
MasterCard to allow for more secure credit card transaction possibilities than what is
currently available. SET has been waiting in the wings for full implementation and
acceptance as a standard for quite some time. Although SET provides an effective way of
transmitting credit card information, businesses and users do not see it as efficient because
it requires more parties to coordinate their efforts, more software installation and
configuration for each entity involved, and more effort and cost than the widely used SSL
method.
SET is a cryptographic protocol and infrastructure developed to send encrypted credit card
numbers over the Internet. The following entities would be involved with a SET
transaction, which would require each of them to upgrade their software, and possibly their
hardware:
The main entities in SET:
1. Cardholder
2. Merchant
3. Payment Gateway
4. Certificate Authority
The function of the entities is as given below.
 The Cardholder Application, also referred to as a digital wallet, is held by an online

consumer and packages a digital signature and credit card information that ensures his or
her identity and safeguards his or her financial information through a complex encryption
system.
 The Merchant Server component is the verification product held by the merchant to process
the online card payment.
 The Payment Gateway component is held by an acquiring bank or other trusted third party
that accepts and processes the merchant's verification and the customer's payment
information and filters them to their appropriate financial institutions.
 The Certificate Authority component, usually run by a financial institution, is the trusted
agent that issues the digital certificates and is responsible for ensuring that all users of
digital certificates are in fact secure and trustworthy customers.

lOMoARcPSD|29063204
MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION

(Autonomous)
Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 1/ 26

answer scheme.
3) The language errors such as grammatical, spelling errors should not be given more importance
(Not applicable for subject English and Communication Skills)
figure. The figures drawn by candidate and model answer may vary. The examiner may give credit
for any equivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed constant
values may vary and there may be some difference in the candidate‘s answers and model answer.
6) In case of some questions credit may be given by judgment on part of examiner of relevant
answer based on candidate‘s understanding.
equivalent concept.
Q 1. A) Attempt Any Three (12 marks)
a) What is CIA security? Describe in brief.
(1 Mark each Point explanation)Total 4 Marks)
The need of computer security has been threefold: confidentiality, integrity, and
availability—the ―CIA‖ of security. (1 mark for each principle)
1. Confidentiality: the principle of confidentiality specifies that only sender and intended
recipients should be able to access the contents of a message. Confidentiality gets compromised if
an unauthorized person is able to access the contents of a message.
A Secret B
C
Here, the user of a computer A send a message to user of computer B. another user C gets access
to this message, which is not desired and therefore, defeats the purpose of Confidentiality.
For example, suppose that user C sends a message over the internet to user B. however, the trouble
is that user C had posed as user A when he sent a message to user B. how would user B know that
the message has come from user C, who posing as user A? This concept is shown in fig. below.
A I am B
user A
C

lOMoARcPSD|29063204

(Autonomous)
3. Integrity: when the contents of the message are changed after the sender sends it, but before it
For example, here user C tampers with a message originally sent by user A, which is actually
destined for user B. user C somehow manages to access it, change its contents and send the
changed message to user B. user B has no way of knowing that the contents of the message were
changed after user A had sent it. User A also does not know about this change.
Ideal route of message
A B
b) List any four biometrics methods used for identification. List any four advantages of
biometrics.
Biometric refers study of methods for uniquely recognizing humans based upon one or more
intrinsic physical or behavioral characteristics.
Different methods of Biometrics (any four 2Marks)
1. Finger print recognition
2. Hand print recognition
3. Retina/iris scan technique
4. Face recognition
5. Voice patterns recognition
6. Signature and writing patterns recognition
7. Keystroke dynamics
Advantages of biometrics (any four 2 marks)

i) Biometrics cannot be lost, stolen or forgotten. Barring disease or serious physical injury,
the biometric is consistent and permanent.
ii) It is also secure in that the biometric itself cannot be socially engineered, shared or used
by others.
iii) There is no requirement to remember password or pins, thus eliminating an overhead cost.
iv) Coupled with a smart card, biometrics provides strong security for any credentials on the
smart card.
v) It provides a high degree of confidence in user identity.

lOMoARcPSD|29063204

(Autonomous)
c) Encryption and Decryption with reference to computer security.
Encryption:
The process of encoding plain text into cipher text message is known as Encryption.
dddee
Plain text Encrypt Cipher text (1 mark)
Decryption:
The reverse process of transforming cipher text message back to plain text message is called
decryption.
(1 mark)
Cipher text Decrypt Plain text
Encryption and Decryption process (2 marks)

In the communication, the computer at sender‘s end usually transforms a plain text into cipher text by
performing encryption by applying encryption algorithm. The encrypted cipher text is then sent to the
receiver over the network. The receiver‘s computer then takes the encrypted message and then perform the
reverse of encryption i.e. decryption by applying decryption algorithm.
sender receiver
Plain text Plain text
Decrypt
Encrypt
Cipher text
Cipher text Internet
d) Explain following terms with respect to security:

i. Intruders (2 marks)
An intruder is a person that enters territory that does not belong to that person. Intruders try
to intrude into the privacy of the network.
Intruders are said to be of three types, as below:
a) Masquerader: A user who does not have the authority to use a computer, but penetrates
into a system to access a legitimate user‘s account is called a masquerader. It is generally
an external user.
b) Misfeasor: There are two possible cases for an internal user to be called as a misfeasor:
i) A legitimate user, who does not have access to some applications, data or resources,
accesses them.
lOMoARcPSD|29063204

(Autonomous)
ii) A legitimate user, who has access to some applications, data or resources, misuses these
privileges.
c) Clandestine user: An internal or external user who tries to work using the privileges of a
supervisor user to avoid auditing information being captured and recorded is called as a
clandestine user.
ii. Insiders (2marks)
Insiders are authorized users who try to access system or network for which he is
unauthorized. Insiders are legal users. More dangerous than Intruders. They have
knowledge about the security system. They have easy access to the system because they
are authorized users. There is no such mechanism to protect system from Insiders.
The insiders have the access and necessary knowledge to cause immediate damage to an
organization. There is no security mechanism to protect system from Insiders. So they can have all
the access to carry out criminal activity like fraud. They have knowledge of the security systems
and will be better able to avoid detection.
Q. 1) B) Attempt Any One (6 Marks)
a) Describe the following attacks (3 marks each)
i) Sniffing:
The group of protocols which make up the TCP/ IP suite was designed to work in a friendly
environment where everybody who was connected to the network used the protocols as they were
designed. The abuse of this friendly assumption is illustrated by network traffic sniffing programs,
is referred to as ‗sniffers‘.
A network ―sniffers‖ is a software or hardware device that is used to observe traffic as it passes
through a network on shared broadcast media. The device can be used to views all traffic or it can
target a specific protocol, service, or even string of characters.
ii)spoofing:
Spoofing is nothing more than making data look like it has come from a different source. This is
possible in TCP/ IP because of the friendly assumption behind the protocol. When the protocols
were developed, it was assumed that individuals who had access to the network layer would be
privileged users who could be trusted. When a packet is sent from one system to another, it
includes not only the destination IP address ant port but the source IP address as well which is one
of the forms of Spoofing.
Example of spoofing: e-mail spoofing, URL spoofing, IP address spoofing.
b) Enlist any four cyber-crimes (2 marks). Describe anyone in detail.(4 marks)
1) Hacking
2) Cracking
3) Theft
4) Malicious software
5) Child soliciting and abuse
lOMoARcPSD|29063204

(Autonomous)
(Any one explanation is expected)

(i) Hacking:
Hacking is one of the most well-known types of computer crime. A hacker is someone who
find out and exploits the weaknesses of s computer systems or networks.
Hacking refers to unauthorized access of another‘s computer systems. These intrusions are
often conducted in order to launch malicious programs known as viruses, worms, and Trojan
horses that can shut down hacking an entire computer network.
Hacking is also carried out as a way to talk credit card numbers, intent passwords, and other
personal information.
By accessing commercial database, hackers are able to steal these types of items from millions
of internet users all at once.
There are different types of hackers:
1. White hat
2. Black hat
3. Grey hat
4. Elite hacker
5. Script hacker
(ii) Cracking:
In the cyber world, a cracker is someone who breaks into a computer system or network
without authorization and with the intention of doing damage.
Crackers are used to describe a malicious hacker.
Crackers get into all kinds of mischief like he may destroy files, steal personal information
like credit card numbers or client data, infect the system with a virus, or undertake many
others things that cause harm.
Cracking can be done for profit, maliciously, for some harm to organization or to individuals.
Cracking activity is harmful, costly and unethical.
Q.2) Attempt Any Two 16 Marks
a) Explain following attacks (4 marks each)

i) Man in the middle attack.
A man in the middle attack occurs when attackers are able to place themselves in the
middle of two other hosts that are communicating in order to view or modify the traffic.
This is done by making sure that all communication going to or from the target host is
routed through the attacker‘s host.
Then the attacker is able to observe all traffic before transmitting it and can actually modify
or block traffic. To the target host, communication is occurring normally, since all expected
replies are received.
Communication appears to direct
Host B Host A
Attacker relays messages

to destination host
Communication actually Attacker
send to attacker

lOMoARcPSD|29063204

(Autonomous)
To prevent this attack both sender and receiver must authenticate each other.
ii) Denial Of Service Attack.
Denial of service (DOS) attack scan exploits a known vulnerability in a specific application or
operating system, or they may attack features (or weaknesses) in specific protocols or services. In
this form of attack, the attacker is attempting to deny authorized users access either to specific
information or to the computer system or network itself.
The purpose of such an attack can be simply to prevent access to the target system, or the attack
can be used in conjunction with other actions in order to gain unauthorized access to a computer or
network.
SYN flooding is an example of a DOS attack that takes advantage of the way TCP/IP networks
were designed to function, and it can be used to illustrate the basic principles of any DOS
attack.SYN flooding utilizes the TCP three-way handshake that is used to establish a connection
between two systems.
In a SYN flooding attack, the attacker sends fake communication requests to the targeted system.
Each of these requests will be answered by the target system, which then waits for the third part of
the handshake. Since the requests are fake the target will wait for responses that will never come,
as shown in Figure .
The target system will drop these connections after a specific time-out period, but if the attacker
sends requests faster than the time-out period eliminates them, the system will quickly be filled
with requests. The number of connections a system can support is finite, so when more requests
come in than can be processed, the system will soon be reserving all its connections for fake
requests. At this point, any further requests are simply dropped (ignored), and legitimate users who
want to connect to the target system will not be able to. Use of the system has thus been denied to
them.
Following are types of DOS:

1. POD (ping-of-death)
2. DDOS (Distributed Denial of Service attack)
These types of attacks are difficult to prevent because the behavior of whole networks needs to be
analyzed, not only the behavior of small piece of code.
b) i) characteristics of good password.(4 marks)

1. Password should be at least eight characters in length.
2. Password should have at least three of the following four elements:
i. One or more upper case letters (A-Z)
ii. One or more lower case letters (a-z)
iii. One or more numerical (0to9)
iv. One or more special character (!, @,#,$,&,:,.,;,?)
3. Password should not consist of dictionary words.
4. Password should not at all be the same as login name.
lOMoARcPSD|29063204

(Autonomous)
5. Password should not consist of user's first or last name, family members name, birth dates,
pet names, pin and mobile numbers.
ii) Dumpster diving (4 marks)

System attackers need certain amount of information before launching their attack. One common
place to find this information, if the attacker is in the vicinity of target is to go through the target‘s
thrash in order to find little bits of information that could be useful. The process of going through
target‘s thrash is known as ―dumpster diving‖.(2 marks)
The search is carried out in waste paper, electronic waste such as old HDD, floppy and CD media
recycle and trash bins on the systems etc.
If the attacker is lucky, the target has poor security process they may succeed in finding user ID‘s
and passwords. If the password is changed and old password is discarded, lucky dumpster driver
may get valuable clue.(1mark)
recommend that your company should establish disposal policy (1 mark)
d) Concept of hashing with the help of diagram. (4 marks) .list advantages (4 marks)
Message
Message
II I
Hash Compare
I H
S
I
S=single security key
A hash is a special function that performs one way encryption meaning that once the
algorithm is processed, there is no feasible way to take the cipher text and retrieve the plain text
that was used to generate it.
The hash code is a function of all bits of the message and provides an error detection
capability. A change in any bit or bits result in a change hash value.
A hash value h is generated by a function H of the form h=H(M)
Where M is variable length message and H(M) is the fix length hash value.

lOMoARcPSD|29063204

(Autonomous)
The hash value is appended to the message at the source at a time when the message is
assumed or known to be correct.
The receiver authenticates that message by recomputing the hash value.
The message plus concatenated Hash code is encrypted using symmetric encryption.
Sender and receiver share the same secret key. The message must have come from
authorized sender and has not been altered is checked by recomputing and comparing hash
code by receiver.
Advantages (4 points 1 mark each)
It is more efficient to compute a digital signature using a document‘s message digest.

A digest can be made public without revealing the contents of the document from which it
derives.
It is used for digital authentication must have certain properties that make it secure enough
for cryptographic use.
Combining the data message with the secret, and running it through a hash function, a
signature is generated in the form of the hash value. The data message is transmitted along
with the signature. The recipient combines the received message with the secret, generates
a hash value, and checks to make sure it's identical to the signature. The message's
authenticity is thus verified.
Q. 3 Attempt any four: (16 Marks)
a) What is then application of firewall? How it works? Enlist limitations.
(Application – 1 Mark, Working- 2 Marks, Any two Limitation- 1 Mark)

Application:
A firewall is a networking device – hardware, software or a combination of both– whose purpose
is to enforce a security policy across its connection.
Working: Firewalls enforce the establishment security policies. Variety of mechanism includes:
Network Address Translation (NAT)
Basic Packet Filtering
Stateful Packet Filtering
Access Control Lists (ACLs)
Application Layer Proxies.
One of the most basic security function provided by a firewall is Network Address Translation
(NAT). This service allows you to mask significant amounts of information from outside of the
network.
This allows an outside entity to communicate with an entity inside the firewall without truly
knowing its address. Basic Packet Filtering, the most common firewall technique, looking at
packets, their protocols and destinations and checking that information against the security
policy. Telnet and FTP connections may be prohibited from being established to a mail or
database server, but they may be allowed for the respective service servers. This is a fairly
simple method of filtering based on information in each packet header, like IP addresses and
TCP/UDP ports. This will not detect and catch all undesired packet but it is fast and efficient.
Limitations:
1. Firewall do not protect against inside threats.
2. Packet filter firewall does not provide any content based filtering.
3. Protocol tunneling, i.e. sending data from one protocol to another protocol which negates
the purpose of firewall.
lOMoARcPSD|29063204

(Autonomous)
4. Encrypted traffic cannot be examine and filter.
b) Describe in brief:
i. Piggybacking
ii. Shoulder surfing
(Explanation of Piggybacking- 2 Marks, Explanation of Shoulder surfing- 2 Marks)

Piggy-backing is the simple process of following closely behind a person who has just used their
own access card or PIN to gain physical access to a room or building. An attacker can thus gain
access to the facility without having to know the access code or having to acquire an access
card. Piggybacking, in a wireless communications context, is the unauthorized access of a
wireless LAN. Piggybacking is sometimes referred to as ―Wi-Fi squatting‖. The usual purpose
of piggybacking is simply to gain free network access rather than any malicious intent, but it
can slow down data transfer for legitimate users of the network. Furthermore, a network that is
vulnerable to piggybacking for network access is equally vulnerable when the purpose is data
theft, dissemination of viruses, or some other illicit activity.
Example: Access of wireless internet connection by bringing one's own computer within the
range of another wireless network & using that without explicit permission
Shoulder surfing is a similar procedure in which attackers position themselves in such a way as-
to be-able to observe the authorized user entering the correct access code or data. Both of these
attack techniques can be easily countered by using simple procedures to ensure nobody follows
you too closely or is in a position to observe your actions. Shoulder surfing is using direct
observation techniques, such as looking over someone's shoulder, to get information. Shoulder
surfing is an effective way to get information in crowded places because it's relatively easy to
stand next to someone and watch as they fill out a form, enter a PIN number at an ATM
machine. Shoulder surfing can also be done long-distance with the idea of binoculars or other
vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield
paper work or your keypad from view by using your body or cupping your hand.
c) What is meant by steganography? Describe its importance.

(Meaning – 1 Mark, Importance- 3Marks)
Steganography:
Steganography is the art and science of writing hidden message in such a way that no one, apart
from the sender and intended recipient, suspects the existence of the message.
Steganography works by replacing bits of useless or unused data in regular computer files (such
as graphics, sound, text, html or even floppy disks) with bits of different, invisible information.
This hidden information can be plain text, cipher text or even images.
In modern steganography, data is first encrypted by the usual means and then inserted, using a
special algorithm, into redundant data that is part of a particular file format such as a JPEG
image.
Steganography process :
Cover-media + Hidden data + Stego-key = Stego-medium
Cover media is the file in which we will hide the hidden data, which may also be encrypted using
stego-key. The resultant file is stego-medium. Cover-media can be image or audio file.
Stenography takes cryptography a step further by hiding an encrypted message so that no one
suspects it exists. Ideally, anyone scanning your data will fail to know it contains encrypted
data.
Stenography has a number of drawbacks when compared to encryption. It requires a lot of
overhead to hide a relatively few bits of information.
lOMoARcPSD|29063204

(Autonomous)
d) With the help of neat diagram describe host based intrusion detection system (HIDS).
(Diagram -2 Marks, Expnation-2 Marks)
Host Intrusion Detection Systems are run on individual hosts or devices on the network. A HIDS
monitors the inbound and outbound packets from the device only and will alert the user or
administrator when suspicious activity is detected. HIDS is looking for certain activities in the
log file are:
Logins at odd hours

1. Traffic collector:
On Host-based IDS, this can be log files, audit logs, or traffic coming to or leaving a
specific system.
On Network-based IDS, this is typically a mechanism for copying traffic of the network
link.
2. Analysis Engine:
suspicious or malicious activity stored in the signature database.
The analysis engine acts like a brain of the IDS.
3. Signature database: It is a collection of patterns & definitions of known suspicious or

malicious activity.
4. User Interface & Reporting: This is the component that interfaces with the human
element, providing alerts when suitable & giving the user a means to interact with & operate
the IDS.
Advantages:
O.S specific and detailed signatures.
Examine data after it has been decrypted.
Very application specific.
Determine whether or not an alarm may impact that specific.
lOMoARcPSD|29063204

(Autonomous)
Disadvantages:
Should a process on every system to watch.
High cost of ownership and maintenance.
Uses local system resources.
If logged locally, could be compromised or disable.
e) Describe in brief the process of application hardening.
(Explanation – 4 Marks)
Application Hardening: Application hardening- securing an application against local &
Internet-based attacks. In this you can remove the functions or components you do not need,
restrict the access where you can and make sure the application is kept up to date with
patches.
It includes:
1. Application Patches- Application patches are supplied from the vendor who sells
the application. They are probably come in three varieties: hot fixes, patches & up-grades.
Hotfixes: Normally this term is given to small software update designed to address a
particular problem like buffer overflow in an application that exposes the system to attacks.
Patch: This term is generally applied to more formal, larger s/w updates that may address
several or many s/w problems. Patches often contain improvement or additional capabilities
& fixes for known bugs.
Upgrades: Upgrades are another popular method of patching application & they are likely
to be received with a more positive role than patches.
2. Web servers: Web servers are the most common Internet server-side application in
use. These are mainly designed to provide content & functionality to remote users through a
standard web browser.
applications, data sources and systems and it includes advanced encryption capabilities like
Kerberos and PKI.
Q. 4
A. Attempt any three: 12
a) Describe rail fence technique. Convert “I am student” into cipher text using
rail fence method.
(Algorithm – 2 Marks, Conversion- 2 Marks)

a. In Rail fence cipher, techniques are essentially Transposition Ciphers and generated by
rearrangement of characters in the plaintext. The characters of the plaintext string are arrange
in the form of a rail-fence as follows – let the Plaintext be ―I AM A STUDENT‖
2. Read the plain text written in step1 as a sequence of rows.
Example: plain text = “I AM A STUDENT “ is converted to cipher text with this help of
Rail Fence Technique with dual slope.
I m s u e t
a
Downloaded a
by Mangesh Kanse t
(1927mangesh@gmail.com) a n
lOMoARcPSD|29063204

(Autonomous)
Cipher text = “ IMSUETAATDN”
b) Describe PGP with reference to email security.
Working of PGP: Five steps in PGP (Diagram- 1 Mark, Explanation- 3 marks)

DIG:
1.Digital Signature
2. Compression
3. Encryption
4. Enveloping
5. Base-64 Encoding
1. Digital Signature
2. Compression
3. Encryption
4. Enveloping
5. Base-64 Encoding
1. Digital signature: it consists of the creation a message digest of the email message using
SHA-1 algorithm. The resulting MD is then encrypted with the sender‘s private key. The
result is the sender‘s digital signature.
2. Compression: the input message as well as p digital signature are compressed together to
reduce the size of final message that will be transmitted. For this the Lempel-Ziv
algorithm is used.
3. Encryption: The compressed output of step 2 (i.e. the compressed form of the original
email and the digital signature together) are encrypted with a symmetric key.
with the receiver‘s public key. The output of step 3 and 4 together form a digital
envelope.
5. Base -64 encoding: this process transforms arbitrary binary input into printable character
output. The binary input is processed in blocks of 3 octets (24-bits).these 24 bits are
considered to be made up of 4 sets, each of 6 bits. Each such set of 6 bits is mapped into
an 8-bit output character in this process.

lOMoARcPSD|29063204

(Autonomous)
c) Explain how deleted file can be recovered.
(4 Marks)
Deleted file recovery: When we delete a file on the disk having FAT32 or NTFS (new
technology file system) file system, its content is not erased from the disk but only reference
to file data in file allocation Table or master table is marked as deleted. It means that we
might be able to recover deleted files or make it visible for file system again. Methods of
data recovery from deleted file or File /data recovery process: There are various data/file
recovery tools available these tools find & recover recoverable deleted files from NTFS &
FAT.
These tools usually operate as per following process steps:
Step 1: scan the hard drive & build the index of existing & deleted files & directories
(folder) on any logical drive of your computer with supported file formats.
Step 2: Provide control over to the user to select which files to recover and what destination
to recover them to. If you find a deleted file if you remember at least one of the following:
- File size
Step 3: Allows previewing deleted files of certain types without performing recovery.
d) Explain with neat sketch then working of secure socket layer (SSL).
(Diagram 1 mark, Explanation of blocks 3 marks)

SSL: SSL is a commonly used internet protocol for managing the security of a message
transmission between web browser and web server. SSL is succeeded by transport layer
security (TLS) and it is based on SSL. SSL uses a program layer which is located between
internet‘s hypertext transfer protocol (http) and transport control protocol (TCP) layers. SSL
is included as part of both the Microsoft and Netscape browsers and most web server
products. SSL provides two levels of security services, authentication and confidentiality.
SSL is logically a pipe between web browser and web server.
Fig. SSL protocol stack
1. Handshake protocol: This protocol allows the server and client to authenticate each
other. Also, it will allow negotiating an encryption and MAC algorithm. This protocol is
used before transmitting any application data. Basically, this protocol contains a series of
messages exchanged by client and server.

lOMoARcPSD|29063204

(Autonomous)
The handshake protocol is actually made up of four phases, those are:

I. Establish security capabilities
II. Server authentication and key exchange
III. Client authentication and key exchange
IV. Finish
2. Record protocol: Record protocol comes into the picture after a successful completion of
handshake between client and server. It provides two services for SSL connection, as follow:
a) Confidentiality: this is achieved by using the secret key that is defined by the handshake
protocol.
b) Integrity: the handshake protocol also defines a shared secret key (MAC) that is used for
assuring the message integrity.
3. Alert protocol: when either the client or the server detects an error, the detecting party
sends an error message to other party. If the error is fatal, both the parties immediately close
the SSL connection. Both the parties also destroy the session identifiers, secret and keys
associated with this connection before it is terminated.
Other errors, which are not so severe, do not result in the termination of the communication.
Instead, the parties handle the error and continue.
B. Attempt any one : 6
a) Enlist different challenges to be faced while considering computer security.

(6 Marks)
Enlist different challenges: It includes different types of threats & attacks.
Threats to security:
1. Viruses & worms
2. Intruders & Insiders
3. Criminal organizations
4. Terrorist & Information security
Different types of attacks:
1. Denial of service attack
2. Man – In – Middle attack
3. Backdoors & Trapdoors
4. Sniffing & Spoofing
5. Encryption attack
6. Replay attack
7. TCP/IP hacking attack
8. Hacking & Cracking
9. Pornography
10. Software piracy
11. Intellectual property
12. Legal system of information technology
13. Mail Bombs
14. Bug Exploits
15. Cyber-crime investigation
[Any Related answer shall be considered]

lOMoARcPSD|29063204

(Autonomous)
b) With suitable example explain:

i. Logic Bomb attack and
ii. Time Bomb attack
(Each attack- 3 Marks)

i. Logic Bomb attack:
Logic bombs are a type of malicious software that is deliberately installed, generally by an
authorized user. A logic bomb is a piece of code that sits dormant for a period of time until
some event invokes its malicious payload.
An example of a logic bomb might be a program that is set to load & run automatically and
that periodically checks an organization‘s payroll or personal database for a specific
employee. If the employee is not found, the malicious payload executes, deleting vital
corporate files.
Logic bombs are difficult to detect because they are often installed by authorized users & by
administrators.
ii. Time bomb attack:

A time bomb refers to a computer program that has been written so that it will stop
functioning after a predetermined date or time is reached. Time bombs are commonly used in
beta (pre-release) software when the manufacturer of the software does not want the beta
version being used after the final release date.
Example of time bomb software would be Microsoft's Windows Vista Beta 2, which was
programmed to expire on May 31, 2007. The time limits on time bomb software are not
usually as heavily enforced as they are on trial software, since time bomb software does not
usually implement secure clock functions.
Q. 5 Attempt any two: 16
a) Describe the role of individual user while maintaining security. What are then limitations
of following biometric identification method?
i. Hand print
ii. Retina
iii. Voice
iv. Signature
Ans: Role of in individual user in security (each point ½ Mark)

Individual user responsibilities:
iv) Shredding paper containing organizational information before discarding it.
Give proper guidelines for:

a) Password selection:
b) Piggybacking:
c) Shoulder surfing:
lOMoARcPSD|29063204

(Autonomous)
d) Dumpster diving:
e) Installing Unauthorized Software /Hardware:
f) Access by non-employees:
g) Security awareness:
i. Hand print: Because of cuts in hands and rough work handled by user it may create error while
reading occasionally
ii. Retina: As per change in age and physical conditions and accidents there may be problem in
accessing (Even changing numbers of spectacles, Lenses etc.)
iii. Voice: because health problem illness there is variation in voice even because of weather change
it may cause errors.
iv. Signature: As per mood and temper there is change in signature of user which also creates
problem to access the data.
b)
i. Describe working principle of SMTP.
(2marks diagram, 2 marks explanation of working principle.)
Simple mail Transfer Protocol:
Popular network services in Email.

It is system for sending messages to other computer users based on email.
It is request response based activity.
Also provides email exchange process.
It attempts to provide reliable service but not guarantees to sure recovery from failure.

lOMoARcPSD|29063204

(Autonomous)
ii. With neat sketch explain then working of Network Based IDS.
Network Based IDS
1. Network-based IDS focuses on network traffic —the bits & bytes traveling along the cables &
wires that interconnect the system.
2. A network IDS should check the network traffic when it passes & it is able to analyze traffic
accordingto protocol type, amount, source, destination, content, traffic already seen etc.
3. Such an analysis must occur quickly, &the IDS must be able to handle traffic at any speed the
network operates on to be effective.
4. Network-based IDSs are generally deployed so that they can monitor traffic in &out of an
organization’s major links like connection to the Internet, remote offices, partner etc.
Network-based IDSs looks for certain activities like:

Denial of service attacks
Port scans or sweeps
Malicious content in the data payload of a packet or packets
Vulnerability scanning
Trojans, viruses, or worms
Tunneling
Brute-force attacks

lOMoARcPSD|29063204

(Autonomous)
c) Give IP Sec configuration. Describe AH and ESP mode of IPSEC.
(Diagram 1 Mark, 1 Mark Explanation, 1 Mark for AH and ESP
Advantages and Disadvantages -Optional)
Sender Receive
Original Message
Original Message
Application layer
Application layer
data
Transport layer
Transport layer
IPsec layer
IPsec layer
Internet layer
Internet layer
Transmission medium
IP sec overview:
It encrypts and seal the transport and application layer data during transmission. It also offers
integrity protection for internet layer.
It sits between transport and internet layer of conventional TCP/IP protocol.

lOMoARcPSD|29063204

(Autonomous)
1. Secure remote internet access:

Using IPsec make a local call to our internet services provider (ISP) so as to connect to our
organization network in a secure fashion from our house or hotel from there; To access the
corporate network facilities or access remote desktop/servers.
2. Secure branch office connectivity:
Rather than subscribing to an expensive leased line for connecting its branches across cities, an
Organization can setup an IPsec enabled network to securely can‘t al lits branches over
internet.
3. Setup communication with other organization:

Just as IPsec allow connectivity between various branches of an organization, it can also be
used to connect the network of different organization together in a secure & inexpensive
fashion.
Main advantages of IPsec:
IPsec is transparent to end users.
There is no need for an user training key, key issuance or revocation.
When IPsec is configured to work with firewall it becomes the only entry-exit point for
all traffic, making it extra secure.
IPsec works at network layer. Hence no changes are needed to upper layers or router, all
outgoing & incoming traffic gets protected.
IPsec allow travelling staff to have secure access to the corporate network
IPsec allows interconnectivity between branches/offices in a very in expensive manner.
IP packet consist two position IP header & actual data IPsec feature are implemented in the
form of additional headers called as extension header to the standard, default IP header.
IPsec offers two main services authentication & confidentially. Each of these requires its
own extension header. Therefore, to support these two main services, IPsec defines two IP
extension header one for authentication & another for confidentiality.
It consists of two main protocols.
IPSEC
Authentication Encapsulating security

Header (AH) Payload(ESP)

lOMoARcPSD|29063204

(Autonomous)
Authentication header (AH):
Authentication header is an IP Packet (AH) protocol provides authentication, integrity &an

optional anti-reply service. The IPsec AH is a header in an IP packet. The AH is simply
inserted between IP header & any subsequent packet contents no changes are required to
data contents of packet. Security resides completing in content of AH. (2Marks)
Encapsulation Header (ESP):
Used to provide confidentiality, data origin authentication, data integrity,
It is based on symmetric key cryptography technique.

ESP can be used in isolation or it can be combined with AH.
Q. 6 Attempt any four: (16 Marks)

lOMoARcPSD|29063204

(Autonomous)
a) Describe role of people in security.
Ans: Role of people in security (each point ½ Mark)

1) User should be able to create their own easy to remember passwords, but should
not be easy for someone else to guess or obtain using password cracking utilities.
2) Password should meet some essential guidelines for eg.pw should contain some special
characters etc
3) It should not consist of dictionary words. etc
b) Piggybacking: It is a simple approach of following closely behind a person who

has just used their own access card or PIN to gain physical access. In this way an
attacker can gain access to the facility without knowing the access code.
c) Shoulder surfing: An attacker positions themselves in such a way that he is

able to observe the authorized user entering the correct access code.
d) Dumpster diving: It is the process of going through a target‘s trash in order to

find little bits of information.
e) Installing Unauthorized Software/Hardware: because of possible risks, many

organizations do not allow their users to load software or install new hardware without
the information and help of administrators. Organizations also restrict what an
individual do by received e-mails.
f) Access by non-employees: If attacker can get physical access to a facility then there are
many chances of obtaining enough information to enter into computer systems and
networks. Many organizations restrict their employees to wear identification symbols at
work.
g) Security awareness: security awareness program is most effective method to
oppose potential social engineering attacks when organization‘s security goals and
policies are established. An important element that should concentrate in training is
which information is sensitive for organization and which may be the target of a social
engineering attack.
ii) Do not leave sensitive information inside
your car unprotected. iii) Secure storage media
which contains sensitive information.
iv) Shredding paper containing organizational information before discarding it.(more

b) What is meant by access control Describe in brief:
i. DAC
lOMoARcPSD|29063204

(Autonomous)
ii. MAC
iii. RBAC
Ans:
(1 Mark for Access control , 1 Mark each for Type of Access Control)
Access is the ability of a subject to interest with an object. Authentication deals with
verifying the identity of a subject. It is ability to specify, control and limit the access to the
host system or application, which prevents unauthorized use to access or modify data or
resources.
It can be represented using Access Control matrix or List:
Process 1 Process 2 File 1 File 2 Printer

Read,
Process 1 Write, --- Read Read Write
Execute
Read,
Process 2 Execute Write, Read Read, Write Write
Execute

Discretionary Access control (DAC): Restricting access to objects based on the
identity of subjects and or groups to which they belongs to , It is conditional,
Mandatory Access control (MAC): It is used in environments where different
levels of security are classified. It is much more restrictive. It is sensitivity
based restriction, formal authorization subject to sensitivity. In MAC the owner or
User can not determine whether access is granted to or not. i.e. Operating system
rights. Security mechanism controls access to all objects and individual cannot change
that access.
Role Based Access Control (RBAC): Each user can be assigned specific access
permission for objects associated with computer or network. Set of roles are defined.
Role in-turn assigns access permissions which are necessary to perform role.
Different User will be granted different permissions to do specific duties as per their
classification.
c) Explain Virtual Private Network in brief. Define DMZ.
Ans.: VPN architecture and working (2 marks)
A VPN is a mechanism of employing encryption, authentication, and integrity protection

so that we can use a public network as if it is a private network Suppose an organization
has two networks, Network 1 and Network 2, which are physically apart from each other
and we want to connect them using VPN approach. In such case we set up two firewalls,
Firewall
1 and Firewall 2.The encryption and decryption are performed by firewalls. Network 1
connects to the Internet via a firewall named Firewall 1 and Network 2 connects to the
Internet with its own firewall , Firewall 2.
lOMoARcPSD|29063204

(Autonomous)
Working
Let us assume that host X on Network 1 wants to send a data packet to host Y on Network 2.
1) Host X creates the packet, inserts its own IP address as the source address and the IP
address of host Y as the destination address.
2) The packet reaches Firewall 1.Firewall 1 now adds new headers to the packet. It changes
the source
IP address of the packet from that of host X to its own address(i.e. IP address of Firewall 1,
F1).
3) It also changes the destination IP address of the packet from that of host Y to the
IP address of Firewall 2,F2.It also performs the packet encryption and authentication,
depending on the settings and sends the modified packet over the Internet
4) The packet reaches to firewall 2 over the Internet, via routers. Firewall 2 discards the
outer header and performs the appropriate decryption. It then takes a look at the plain
text contents of the packet and realizes that the packet is meant for host Y.It delivers the
packet to host Y
Diagram (1 marks)
Definition of Demilitarized Zone (DMZ): It is a computer host or a small network

inserted as a neutral zone between company‘s private network and outside public network. It
prevents direct Access to a server that has company data.
d) Describe data recovery principle and ethnics.

Ans.:( 2 marks Data Recovery 2 marks Ethics)
Explanation of following points in short.
Evaluation of Hard drive
Recovering data
Securing the data
Returning of data.
Data Recovery Ethics: It is concerned with security of your data. These are used to think
through different situations.
lOMoARcPSD|29063204

(Autonomous)
 It is a major part of the society and should be followed in letter and spirit
 There are policies in many organizations that provide guidelines for ethics.
 It is a behavior of the person in relation with the subject.
 There are four primary issues:
Privacy, Accuracy, Property and Access
 Some standards are :
Standard of right and wrong behavior
A gauge of personal integrity
The basis of trust and cooperation in relationships with others.
e) Describe any four components of secure electronic transaction. Give sketch also.
Ans.: Components of SET (3 marks, 1 mark Diagram)
Transactions supported by SET are:

a) Purchase request
b) Payment authorization
c) Payment capture
a) Purchase request:
Before the purchase request exchange begins, the cardholder has completed
browsing, selecting, and ordering. The end of this preliminary phase occurs when
the merchant sends a completed order from to the customer. All of the preceding
occurs without the use of SET. The purchase request exchange consists of four
messages: initiate Request, Initiate Response, and Purchase Response.
In order sent SET messages to the merchant, the cardholder must have a copy of the
certificates of the merchant and the payment gateway. The customer requests the
lOMoARcPSD|29063204

(Autonomous)
certificates in the Initiate Request message, sent to the merchant. This message
includes the brand of the credit card that the customer is using. The message also
i nc l ud e s an ID assigned to this request/ response pair by the customer and a nonce
used to ensure timeliness.
The cardholder verifies the merchant and gateway certificates by means of their
respective CA signatures and then creates the OI and PI. The transaction ID
assigned by the merchant is placed in both the OI and PI. The OI does not
contain explicit order data such as the n u m b e r a n d p r i c e of items Rather, it
contains an o rd er r e f e r e n c e g e n e r a t e d i n the exchange between merchant
and customer during the shopping phase before the first SET message.
Next, the cardholder prepares the Purchase Request message. For this purpose,
the cardholder generates a one-time symmetric encryption key; K. the message
includes the following:
1. Purchase- related information.
2. Order-Related information.
3. Cardholder certificate
The Purchase Response message includes a response block that acknowledges

the order and references t h e corresponding t r a n s a c t i o n n u m b e r . This block
is signed by the merchant using its private signature key. The block and its
signature are sent to the customer, along with the merchant‘s signature certificate.
b) Payment Authorization
During the processing of an order from a cardholder, the merchant authorizes the
transaction with the payment gateway. The payment authorization e n s u r e s that
the transaction was approved by the issuer. This authorization guarantees that the
merchant will receive payment; the merchant can therefore provide the services or goods to
the customer. The payment authorization exchange consists of two messages:
Authorization Request and Authorization response.
The merchant sends an Authorization Request message to the payment
gateway consisting of
1. Purchase-Related i n f ormati on
2. Authorization-related information .
3. Certificates.
Having obtained authorization from the issuer, the payment gateway returns
an Authorization Response message to the merchant. It includes the following elements:
1. Authorization- related information.

2. Capture token information.
3. Certificate.
With t he authorization from t he gateway, the merchant can provide the
goods or service to the customer.
lOMoARcPSD|29063204

(Autonomous)
c) Payment Capture
To obtain payment, the merchant engages the payment gateway in a payment

capture transaction, consisting of a capture request and a capture response message.
For the Capture Request message, the merchant generates, signs, and encrypts
a capture request block, which includes the payment amount and the
transaction ID. The message also includes the encrypted capture token received
earlier for this transaction, as well as the merchant‘s signature key and key-exchange
key certificates.
When the payment gateway receives the capture request message, it decrypts
and verifies the capture request block and decrypts and verifies the capture token
block. It then checks for consistency between the c a p t u r e request and capture
token. It then creates a clearing request that is sent to t h e issuer over the
private payment network. This request causes funds to be transferred to the
merchant‘s account.
The gateway then notifies the merchant of payment in a Capture Response message.
The message includes a capture response block that the gateway signs and
encrypts. The message also includes the gat ewa y‘s signature key certificate.
The m e r c h a n t software stores the capture response to be used for reconciliation with
payment received from the acquirer.

lOMoARcPSD|29063204

(Autonomous)
Winter – 14 EXAMINATION

answer scheme.
3) The language errors such as grammatical, spelling errors should not be given more importance
(Not applicable for subject English and Communication Skills.
figure. The figures drawn by candidate and model answer may vary. The examiner may give
5) Credits may be given step wise for numerical problems. In some cases, the assumed constant
values may vary and there may be some difference in the candidate’s answers and model
answer.
6) In case of some questions credit may be given by judgement on part of examiner of relevant
answer based on candidate’s understanding.
equivalent concept.
Q.1.
a) Attempt any Three of the following:

i. Describe the need for computer security.
(1 Mark – for this statement)
(1 Marks each for explanation of following points, example optional)
The need of computer security has been threefold: confidentiality, integrity, and availability—the
“CIA” of security.
1. Confidentiality: the principle of confidentiality specifies that only sender and intended
recipients should be able to access the contents of a message. Confidentiality gets compromised
if an unauthorized person is able to access the contents of a message.
A Secret B
Here, the user of a computer A send a message to user of computer B. another user C gets access
to this message, which is not desired and therefore, defeats the purpose of Confidentiality.


lOMoARcPSD|29063204

(Autonomous)
For example, suppose that user C sends a message over the internet to user B. however, the
trouble is that user C had posed as user A when he sent a message to user B. how would user B
know that the message has come from user C, who posing as user A? This concept is shown in
fig. below.
A I am B
user A
C
3. Integrity: when the contents of the message are changed after the sender sends it, but before it
For example, here user C tampers with a message originally sent by user A, which is actually
destined for user B. user C somehow manages to access it, change its contents and send the
changed message to user B. user B has no way of knowing that the contents of the message were
changed after user A had sent it. User A also does not know about this change.
Ideal route of message
A B
ii. Explain any four the password selection strategies.( 4 marks for 4 points)
The major security problems are because of user is not following established security policies.
- User always chooses a password that is easy to remember but easier passwords are easy to
crack by attacker but when user choose difficult passwords that again it is difficult to remember.
- To make the job of attacker difficult organization encourage their users to use mixture of
upper case & lower character & also include numbers & special symbols in their passwords. This
may make the guessing of password difficult.
Organization also includes additional policies & rules related to password selection.
- In the organization, user may frequently change their passwords.
- Password should not written down on paper & do not kept in purse or wallet because if
attacker get physical access then they will find a password of user somewhere in drover or desk
,inside of desk calendar.

lOMoARcPSD|29063204

(Autonomous)
- Many users have many accounts & password to remember. Selecting different password
for each account, following the guidelines mentioned above for character selection & frequency
of changes, aggravates the problem of remembering the passwords. This results that the users
frequently use the same password for all accounts. If user does this, then one of account is broken,
all other accounts are subsequently under threat. Good password selection & protection is applied
to electronic world also.
OR
There are four basic techniques to reduce guessable passwords:
a) User education: Tell the importance of hard-to-guess passwords to the users and provide
guidelines for selecting strong password.
b) Computer generated password: Computer generated passwords are random in nature so
difficult for user to remember it and may note down somewhere..
c) Reactive password checking: the system periodically runs its own password cracker
program to find out guessable passwords. If the system finds any such password, the system
cancels it and notifies the user.
d) Proactive password checking: It is a most promising approach to improve password
security. In this scheme, a user is allowed to select his own password, if password is allowable
then allow or reject it.
iii. Define the following terms: (each 1Mark)

1. Cryptography
2. Crypt analysis
3. Plain text
4. Cipher text.
1. Cryptography: Cryptography is art & science of achieving security by encoding messages to
make them non-readable.
2. Cryptanalysis: Cryptanalysis is the technique of decoding messages from a non-readable

format without knowing how they were initially converted from readable format to non-readable
format.
3. Plain text: Plain text or clear text significance that can be understood by sender, the recipient
& also by anyone else who gets an access to that message.
4. Cipher Text: When plain text message is codified using any suitable scheme, the resulting
message is called as cipher text.
iv. Describe SYN flooding attack with diagram. (1 marks for diagram, 3 marks for
explanation)
Denial of service (DOS) attacks can exploit a known vulnerability in a specific application or
operating system, or they may attack features (or weaknesses) in specific protocols or services. In
this form of attack, the attacker is attempting to deny authorized users access either to specific
information or to the computer system or network itself.
The purpose of such an attack can be simply to prevent access to the target system, or the attack
can be used in conjunction with other actions in order to gain unauthorized access to a computer
or network.
SYN flooding is an example of a DOS attack that takes advantage of the way TCP/IP networks
were designed to function, and it can be used to illustrate the basic principles of any DOS

lOMoARcPSD|29063204

(Autonomous)
attack.SYN flooding utilizes the TCP three-way handshake that is used to establish a connection
between two systems.
In a SYN flooding attack, the attacker sends fake communication requests to the targeted system.
Each of these requests will be answered by the target system, which then waits for the third part of
the handshake. Since the requests are fake the target will wait for responses that will never come,
as shown in Figure .
The target system will drop these connections after a specific time-out period, but if the attacker
sends requests faster than the time-out period eliminates them, the system will quickly be filled
with requests. The number of connections a system can support is finite, so when more requests
come in than can be processed, the system will soon be reserving all its connections for fake
requests. At this point, any further requests are simply dropped (ignored), and legitimate users
who want to connect to the target system will not be able to. Use of the system has thus been
denied to them.
Following are types of DOS:

1. POD (ping-of-death)
2. DDOS (Distributed Denial of Service attack)
b) Attempt any one of the following:

i. Define the term virus and describe the different phases of virus.
(2 –marks for term virus & 1-mark for each phase)
Virus is a program which attaches itself to another program and causes damage to the computer
system or the network. It is loaded onto your computer without your knowledge and runs against
your wishes.
During the lifecycle of virus it goes through the following four phases:
1. Dormant phase: The virus is idle and activated by some event.
2. Propagation phase: It places an identical copy of itself into other programs or into certain
system areas on the disk.
3. Triggering phase: The virus is activated to perform the function for which it was
intended.
4. Execution phase: The function of virus is performed.

lOMoARcPSD|29063204

(Autonomous)
ii. Explain the following terms:

1) Deleted file recovery
2) Formatted partition recovery.
(3 marks for each point)
1) Deleted file recovery:
When we delete a file on the disk having FAT32 or NTFS (new technology file system) file
system, its content is not erased from the disk but only reference to file data in file allocation
Table or master table is marked as deleted. It means that we might be able to recover deleted files
or make it visible for file system again.
Methods of data recovery from deleted file or File /data recovery process:
There are various data/file recovery tools available these tools find & recover recoverable deleted
files from NTFS & FAT.
These tools usually operate as per following process steps:
Step 1: scan the hard drive & build the index of existing & deleted files & directories (folder) on
any logical drive of your computer with supported file formats.
Step 2: Provide control over to the user to select which files to recover and what destination to
recover them to. If you find a deleted file if you remember at least one of the following:
- File size
Step 3: Allows previewing deleted files of certain types without performing recovery.
2) Formatted partition recovery:

Formatting refers to dividing the disk in accordance with certain principles, allowing computer to
store and search files. Formatting disk is to eliminate all files on disk.
There are various formatted partition recovery tool available .Although every tool will have
different GUI & method of recovery. These tools usually operate as per following process steps:
Step 2: Select the file types you want to recover & volume where the formatted hard drive is. The
tool will automatically scan the selected volume.
Step 3: Then the founded data will be displayed on the screen & you can get a preview of it. Then
select the file or directory that you want to recover & save them to a healthy drive.
Q.2. Attempt any Two of the following:

a) Draw the flow diagram of DES algorithm and explain each step in detail.
The Data Encryption Standard is generally used in the ECB, CBC, or the CFB mode.DES is a
block cipher . It encrypts data in blocks of size 64 bits each. That is, 64 bits of plain text goes as
the input to DES, which produces 64 bits of cipher text.DES is based on the two fundamental
attributes of cryptography: substitution and transposition ( 1 mark)
The process diagram as follows (1 mark)

lOMoARcPSD|29063204

(Autonomous)
Explanation of each step (1mark each=6 marks)

Initial Permutation (IP): It happens only once. It replaces the first bit of the original
plain text block with the 58th bit of the original plain text block, the second bit with the
50th bit of original plain text block and so on. The resulting 64-bits permuted text block is
divided into two half blocks. Each half block consists of 32 bits. The left block called as
LPT and right block called as RPT.16 rounds are performed on these two blocks.
Details of one round in DES
Key Transformation
S-box substitution
P-box Permutation
XOR and swap
Step 1 : key transformation: the initial key is transformed into a 56-bit key by discarding
every 8th bit of initial key. Thus ,for each round , a 56 bit key is available, from this 56-bit
key, a different 48-bit sub key is generated during each round using a process called as
key transformation
Step 2: Expansion permutation: During Expansion permutation the RPT is expanded

from 32 bits to 48 bits. The 32-bit RPT is divided into 8 blocks, with each block
consisting of 4-bits. Each 4-bits block of the previous step is then expanded to a

lOMoARcPSD|29063204

(Autonomous)
corresponding 6-bit block, per 4-bit block, 2 more bits are added. They are the repeated
1st and 4th bits of the 4-bit block. The 2nd and 3rd bits are written as they were in the
input. The 48 bit key is XORed with the 48-bit RPT and the resulting output is given to
the next step.
Step 3: S-box substitution: It accepts the 48-bits input from the XOR operation involving
the compressed key and expanded RPT and produces 32-bit output using the substitution
techniques. Each of the 8 S-boxes has a 6-bit input and a 4-bit output. The output of each
S-box then combined to form a 32-bit block, which is given to the last stage of a round.
Step 4: P- box permutation: the output of S-box consists of 32-bits. These 32-bits are
permuted using P-box.
Step 5: XOR and Swap: The LPT of the initial 64-bits plain text block is XORed with
the output produced by P box-permutation. It produces new RPT. The old RPT becomes
new LPT, in a process of swapping.
Final Permutation: At the end of 16 rounds, the final permutation is performed. This is
simple transposition. For e.g., the 40th input bit takes the position of 1st output bit and so
on.

lOMoARcPSD|29063204

(Autonomous)
b) Define access control and describe DAC, MAC and RBAC access control model.
(2 marks- definition, 2-marks for each access control)

Access is the ability of a subject to interest with an object. Authentication deals with
verifying the identity of a subject. It is ability to specify, control and limit the access to the
host system or application, which prevents unauthorized use to access or modify data or
resources.
- Discretionary Access control (DAC): Restricting access to objects based on the
identity of subjects and or groups to which they belongs to , It is conditional, basically
used by military to control access on system. UNIX based System is common method to
permit user for read/write and execute
- Mandatory Access control (MAC): It is used in environments where different
restriction, formal authorization subject to sensitivity. In MAC the owner or User cannot
determine whether access is granted to or not. i.e. Operating system rights. Security
mechanism controls access to all objects and individual cannot change that access.
- Role Based Access Control (RBAC): Each user can be assigned specific access
permission for objects associated with computer or network. Set of roles are defined. Role
in-turn assigns access permissions which are necessary to perform role.
Different User will be granted different permissions to do specific duties as per their
classification.
c) Gives the step for verification of a digital certificate.

Steps for verification of a digital certificate :(1 mark for each step)
Suppose Y receives digitally signed message from X, who he does not know or trust. X
has included his digital certificate with message, which has his public key embedded
within it. Before Y can be sure of the message from X, he has to go through following
steps:
1) Y will see that which CA signed X’s certificate and compares it to the list of CAs he
has configured.
2) If X’s certificate is in the list of trusted CAs, then he will pass X’s certificate through
hashing algorithm which will result in Message digest A.
3) Every certificate has a different encrypted Message digest value embedded within it,
which is a Digital signature. Y takes CA’s public key and decrypts the embedded Digital
signature value which is called decrypted DS value B.
4) If value A & B matches then Y can be assured that this CA have actually created a
certificate.
5) Y needs to be ensured that the issuing CA has not revoked this certificate.
6) Y will compare email address which is inserted by CA in the certificate with the
address that sent this message. If these values are the same he can be assured that the
message came from email address that was provided during registration process of
certificate.
7) Validity of certificate is proven according to start and stop date of the certificate.
8) Y trusts that this certificate is legal and belongs to X.Y could read the message.

lOMoARcPSD|29063204

(Autonomous)
Q.3. Attempt ant Four of the following:

a) Describe overview of Kerberos with diagram.
Kerberos is a network authentication protocol and it is designed to provide strong authentication
for client server applications. It uses secret key cryptography. It is a solution to your network
security problems. It provides the tools of authentication and strong cryptography over the network
to help you secure your information system. (1 mark)
There are four parties involved in the Kerberos protocol (3 marks)
The client workstation
Authentication Server(AS)
Ticket Granting Server(TGS)
The server offering services such as network printing, file sharing.
1) The AS, receives the request from the client and then AS verifies the client. This is done
by just looking into a simple database of the user’s ID.
User ID
client
Authentication
2) After verification, a time stamp is created. It will put the current time in user session with
an expiry date. Then the encryption key is created. The timestamp tells that after 8 hours the
encryption key is useless.
3) The key is sent back to the client in the form of a ticket-granting ticket (TGT).It is a
simple ticket which is issued by the authentication server(AS) and used for authenticating the
client for future reference.
Ticket granting
Client ticket
Time stamp:8
Authentication Server
Then the client submits this TGT to the ticket granting server (TGS), for authentication.
Client
Authentication
TGT
Timestamp:8
Ticket Granting server

(TGS)
lOMoARcPSD|29063204

(Autonomous)
4) TGS creates an encrypted key with a time stamp and grants a service ticket to the
client.
Client
Authentication Server
Encrypted
key
Ticket Granting server
5) Then the client decrypts the ticket, intimate the TGS that is done and sends its
own encrypted key to the service server or application.
Client
Authentication Server (AS)
Encrypted key
Time stamp:
8hours
Ticket granting server (TGS)
Service server
The service server decrypts the key send by the client and checks the validity of the time
stamp. If timestamp is valid, the service server contacts the key distribution center to
receive a session which is returned to the client.

lOMoARcPSD|29063204

(Autonomous)
6) The client then decrypts the ticket. If the key is still valid then the communication is
initiated between client and server.
succes
client s Service
server
b) Draw and explain biometric system.

(diagram 1M, explanation 3M)
Stored
templates
Enrollment
Feature Template Matcher
Preprocessing
extractor generator
Sensor
Application
device
Biometric refers study of methods for uniquely recognizing humans based upon one or
more intrinsic physical or behavioral characteristics. Biometric identification is used on
the basis of some unique physical attribute of the user that positively identifies the user.
Example: finger print recognition, retina and face scan technic, voice synthesis and
recognition and so on. Physiological are related to shape of the body. For example finger
print, face recognition, DNA, palm print, iris recognition and so on. Behavioral are related
to the behavior of a person.
For example typing rhythm, gait, signature and voice.
The first time an individual uses a biometric system is called an enrollment. During the
enrollment, biometric information from an individual is stored. In the subsequent uses,
biometric information is detected and compared with the information stored at the time of
enrollment.
1) The first block (sensor) is the interface between the real world and the system; it has
to acquire all the necessary data.
2) The 2nd block performs all the necessary preprocessing.
3) The third block extracts necessary features. This step is an important step as the
4) If enrollment is being performed the template is simply stored somewhere (on a card
or within a database or both).if a matching phase is being performed the obtained
template is passed to a matcher that compares it with other existing templates,
estimating the distance between them using any algorithm. The matching program
will analyze the template with the input. This will then be output for any specified use
or purpose.

lOMoARcPSD|29063204

(Autonomous)
c) What are the techniques for transforming plain text to cipher text? Explain
any one in detail.
(Explanation of any one is allowed) (Marks 2) for example.
Transforming plain text to cipher text is the science of encrypting information

scheme is based on algorithms.
Different techniques are: (2 marks)
1. Substitution technique
a) Caesar cipher
b) Modified version of Caesar cipher
c) Mono-alphabetic cipher
d) Vigenere’s cipher
2. Transposition technique
a) Rail fence
b) Route cipher
c) Columnar cipher
3. Steganography
4. Hashing
5. Symmetric and asymmetric cryptography
6. DES (data encryption standard)
Caesar cipher:
It is proposed by Julius Caesar. In cryptography Caesar cipher also known as caesar’s
cipher/code, shift cipher/code.
It is one of the simplest and most widely known encryption techniques.
It is a type of substitution technique in which each letter in the plain text is replaced by a
letter some fixed number of position down the alphabet.
For example, with a shift of 3, A would be replaced by D, B would became E, and so on
as shown in the table below.
Plain
A B C D E F G H I J K L M
text
Cipher
D E F G H I J K L M N O P
text
Plain N O P Q R S T U V W X Y Z
text
Cipher Q R S T U V W X Y Z A B C
text
Using this scheme, the plain text “SECRET” encrypts as

Cipher text “VHFUHW” .
To allow someone to read the cipher text, you tell them that the key is 3
Algorithm to break Caesar cipher:
1. Read each alphabet in the cipher text message, and search for it in the second row of
the table above.
2. When a match in found, replace that alphabet in the cipher text message with the
corresponding alphabet in the same column but the first row of the table. (For
example, if the alphabet cipher text is J, replace it with G).
Or

lOMoARcPSD|29063204

(Autonomous)

The cipher text for the plain text COME HOME as follows:
C M H M
O E O E
Cipher text is CMHMOEOE
d) Describe the working principle of PEM email security.

PEM supports the 3 main cryptographic functions of encryption, nonrepudiation and
message integrity. The steps involved in PEM operation as follows. (1 mark for each
step)
1.Canonical Conversion Key
2. Digital Signature Expansion

Permutation
3. Encryption
4. Base 64 encoding-box substitution

Step 1: canonical conversion: there is a distinct possibility that the sender and the
receiver of an email message use computers that have different architecture and operating
systems.PEM transforms each email message into an abstract, canonical representation.
This means that regardless of the architecture and the operating system of the sending and
receiving computers, the email travels in a uniform, independent format.
Step 2: Digital signature
Email message Message digest 10101

To:
01010
From: Algorithm (MD2 or MD5)
10…
Subject:
Message Digest
-It starts by creating a MD of email message using an algorithm such as MD2 or MD5.

lOMoARcPSD|29063204

(Autonomous)
- The MD thus created is then encrypted with sender’s private key to form the sender’s
digital signature.
10101
01010 encrypt Digital
10… signature
Sender’s private key
Step 3-encryption:
The original email and the digital signature are encrypted together with a
symmetric key
Email message
To: Symmetric key
From:
Subject: Encrypted
encrypt
+ result
Digital
DES or DES-3 in CBC mode
signature
Step 4: Base- 64 encoding-This process transforms arbitrary binary input into printable
character output. The binary input is processed in blocks of 3 octets or 24 bits. These 24
Input bit stream

01010101010101010000110001011111001001…..
Divided into 24-bits

01010101.. 00010101….. 00010101…
blocks
010101 010000 111110

Each 24-bit divided into four 6-bit
blocks
01010110 01000011 11111010 00101100

6-bit block mapped to 8-bit
block

lOMoARcPSD|29063204

(Autonomous)
e) Describe:
i. Application patches
ii. Upgrades.
i) Application patches (2marks)
As o.s continues to grow and introduce new functions, the potential for problems with
the code grows as well. It is almost impossible for an operating system vendor to test
its product on every possible platform under every possible platform under every
possible circumstance, so functionality and security issues do arise after an o.s. has
been released. Application patches are likely to come in three varieties: hot fixes,
patches and upgrades.
Application patches are supplied from the vendor who sells the application.
Application patches can be provided in many different forms like can be downloaded
directly from the vendor’s web site or FTP site or by CD. Application patches are
probably come in three varieties: hot fixes, patches and upgrades.
ii) Upgrades (2 marks)
These are another popular method of patching applications, and they are likely to be
received with a more positive role than patches. The term upgrade has a positive
implication-you are moving up to a better, more functional and more secure
application. The most vendors will release upgrades for fixes rather than any new or
enhanced functionality.
Q.4.
a) Attempt any Three of the following:
i. Consider a plain text “Computer Security” encrypt it with the help of rail fence
Technique also write the algorithm.
(2 marks for encryption and 2 marks for algorithm)
The cipher text for the plain text Computer security as follows:
C m u e s c r
o p t r e u i y
Cipher text: cmuescroptreuiy
ii. Describe packet filtering router firewall with neat diagram.(2 marks for explanation and
2 marks for diagram)
Internal(private internet
) network

lOMoARcPSD|29063204

(Autonomous)
Packet filter
Outgoing packets
Outgoing packets Incoming packetspackets
incoming
Receive each packet.

Apply rules.
If no rules, apply default
rules.
A packet filtering router firewall applies a set of rules to each packet and based on
outcome, decides to either forward or discard the packet. Such a firewall
implementation involves a router, which is configured to filter packets going in either
direction i.e. from the local network to the outside world and vice versa.
A packet filter performs the following functions.
1. Receive each packet as it arrives.
2. Pass the packet through a set of rules, based on the contents of the IP and transport
header fields of the packet. If there is a match with one of the set rule, decides whether
to accept or discard the packet based on that rule.
3. If there is no match with any rule, take the default action. It can be discard all packets
or accept all packets.
Advantages: simplicity, transparency to the users, high speed
Disadvantages: difficult to set up packet filtering rules, lack of authentication.
iii. Describe the following w.r.t. cyber laws:

1) IT act 2000
2) IT act 2008
1) IT act 2000(2 marks):
According to Indian cyber laws, Information technology is the important law and it
had passed in Indian parliament in year 2000.This act is helpful to encourage business
by use of internet. Due to misuse of internet and increase of cybercrime, the Govt. of
India made an act for safeguarding the internet users.
The main objectives of this act are as follows.
1. To provide legal recognition to the transaction that can be done by electronic way or
by using internet.
2. To provide legal recognition to digital signature used in transaction.
3. To provide facilities like filling of document online relating to admission or
registration.
4. To provide facility to any company that they can store their data in electronic storage.
5. To provide legal recognition for bankers and other companies to keep accounts in
electronic form.

lOMoARcPSD|29063204

(Autonomous)
2) IT act 2008(2 marks):
It is the Information Technology Amendment Act,2008.the act was developed for IT

industries, control e-commerce, to provide e-governance facility and to stop
cybercrime attacks.
Following are the characteristics of IT ACT 2008:
a) This act provide legal recognition for the transaction i.e. Electronic Data
Interchange(EDI) and other electronic communications.
b) This Act also gives facilities for electronic filling of information with the Government
agencies.
c) It is considered necessary to give effect to the said resolution and to promote efficient
iv. What is secure electronic transaction? Enlist and describe any four components
of SET.
Secure electronic Transaction is an open encryption and security specification that is
designed for protecting credit card transactions on the Internet. It is a set of security
protocols and formats that enable the users to employ the existing credit card payment
infrastructure on the internet in a secure manner.(1 mark)
Components of SET (1 mark)
1) Cardholder
2) Merchant
3) Issuer
4) Acquirer
5) Payment gateway
6) Certification Authority(CA)
Describe any four (1/2 mark for each)
1) Cardholder: A cardholder is an authorized holder of a payment card such as
2) Merchant: Merchant is a person or an organization that wants to sell goods or services
to cardholders.
3) Issuer: The issuer is a financial institution that provides a payment card to a
cardholder.
4) Acquirer: this is a financial institution that has a relationship with merchants for
processing payment card authorizations and payments. Also provides an assurance that
a particular cardholder account is active and that the purchase amount does not exceed
the credit limits. It provides electronic fund transfer to the merchant account.
5) Payment Gateway: It processes the payment messages on behalf of the merchant. It
connects to the acquirer’s system using a dedicated network line.
6) Certification Authority(CA): This is an authority that is trusted to provide public key
certificates to cardholders, merchant, and Payment Gateway.

lOMoARcPSD|29063204

(Autonomous)
b) Attempt any ONE of the following:

i. Compare Insider and Intruders of four points and describe who is more
dangerous.(4marks for any 4 points)
Intruders Insiders
Intruders are authorized or unauthorized Insiders are authorized users who try to
users who are trying access the system or access system or network for which he is
network. unauthorized.
They are hackers or crackers Insiders are not hackers.
Intruders are illegal users. Insiders are legal users.
Less dangerous than insiders More dangerous than Intruders.
They have to study or to gain knowledge They have a knowledge about the
about the security system security system.
They do not have access to system. They have easy access to the system
because they are authorized users.
Many security mechanisms are used to There is no such mechanism to protect
protect system from Intruders. system from Insiders.
Describe who is more dangerous. (2 marks)

i) The insiders have the access and necessary knowledge to cause immediate damage to
an organization.
ii) There is no security mechanism to protect system from Insiders. So they can have all
the access to carry out criminal activity like fraud. They have knowledge of the
security systems and will be better able to avoid detection.
ii. Describe:
1. Man in the middle attack
2. Replay attach with diagrams.
i) Man in the middle attack:(3 marks)
A man in the middle attack occurs when attackers are able to place themselves in the
middle of two other hosts that are communicating in order to view or modify the
traffic. This is done by making sure that all communication going to or from the target
host is routed through the attacker’s host.
Then the attacker is able to observe all traffic before transmitting it and can actually
modify or block traffic. To the target host, communication is occurring normally, since
all expected replies are received.
Communication appears to direct
Host B Host A
Attacker relays messages

to destination
hostCommunication Attacker
actually
send to attacker

lOMoARcPSD|29063204

(Autonomous)
i) Replay attack with diagram(3 marks)
In replay attack an attacker captures a sequence of events or some data units and
resends them. For example suppose user A wants to transfer some amount to user C’s
bank account. Both users A and C have account with bank B. User A might send an
electronic message to bank B requesting for fund transfer. User C could capture this
message and send a copy of the same to bank B. Bank B would have no idea that this
is an unauthorized message and would treat this as a second and different fund transfer
request from user A. So C would get the benefit of the fund transfer twice.-once
authorized and once through a replay attack.
message
Host A(User A) Host B(Bank)
message
message
Host C(attacker)
Q.5. Attempt any Two of the following:

a) Describe the role of people in security.
Role of people in security (each point 1 Mark, 8 point)
1) User should be able to create their own easy to remember passwords, but
should not be easy for someone else to guess or obtain using password cracking
utilities.
2) Password should meet some essential guidelines for eg.pw should contain some
special characters etc.
3) It should not consist of dictionary words. Etc.
b) Piggybacking: It is a simple approach of following closely behind a person who
has just used their own access card or PIN to gain physical access. In this way an
attacker can gain access to the facility without knowing the access code.
c) Shoulder surfing: An attacker positions themselves in such a way that he is
able to observe the authorized user entering the correct access code.
d) Dumpster diving: It is the process of going through a target’s trash in order
to find little bits of information.
e) Installing Unauthorized Software/Hardware: because of possible risks, many
organizations do not allow their users to load software or install new hardware
without the information and help of administrators. Organizations also restrict what
an individual do by received e-mails.
f) Access by non-employees: If attacker can get physical access to a facility then
there are many chances of obtaining enough information to enter into computer
systems and networks. Many organizations restrict their employees to wear
identification symbols at work.
g) Security awareness: security awareness program is most effective method to
oppose potential social engineering attacks when organization’s security goals and

lOMoARcPSD|29063204

(Autonomous)
policies are established. An important element that should concentrate in training is

which information is sensitive for organization and which may be the target of a
social engineering attack.
iv) Shredding paper containing organizational information before discarding it.(more
b) Describe the components of HIDS with neat diagram. State its advantages and
disadvantages.(2 marks explanation , diagram 2 marks, 2 Advantages, Disadvantages 2
Marks)
Intrusion detection system (IDS):
An intrusion detection system (IDS) monitors network traffic and monitors for
suspicious activity and alerts the system or network administrator. In some cases the IDS
may also respond to anomalous or malicious traffic by taking action such as blocking
the user or source IP address from accessing the network.
1. HIDS
Host Intrusion Detection Systems are run on individual hosts or devices on the
network. A HIDS monitors the inbound and outbound packets from the device
only and will alert the user or administrator when suspicious activity is detected.
HIDS is looking for certain activities in the log file are:

Logins at odd hours

1. Traffic collector:
On Host-based IDS, this can be log files, audit logs, or traffic coming to or
leaving a specific system.

lOMoARcPSD|29063204

(Autonomous)
On Network-based IDS, this is typically a mechanism for copying traffic of the

network link.
2. Analysis Engine:
This component examines the collected network traffic & compares it to known
patterns of suspicious or malicious activity stored in the signature database.
The analysis engine act like a brain of the IDS.
3. Signature database:
4. User Interface & Reporting:
This is the component that interfaces with the human element, providing alerts when
Advantages:
O.S specific and detailed signatures.
Examine data after it has been decrypted.
Very application specific.
Determine whether or not an alarm may impact that specific.
Disadvantages:
Should a process on every system to watch.
High cost of ownership and maintenance.
Uses local system resources.
If logged locally, could be compromised or disable.
c) What is IP sec? Draw and explain the AH format of IP sec.

IPSec architecture: The overall idea of IPSec is to encrypt and seal the transport and
application layer data during transmission. Also offers integrity protection for the
Internet layer. IPSec layer sits in between the transport and the Internet layers of
conventional TCP/IP protocol stack
Diagram and Theory (2 mark)
IPSec actually consists of two main protocols a) Authentication Header (AH):

b) Encapsulating Security Payload (ESP):
a) Authentication Header (AH) (2 marks)

The AH provides support for data integrity and authentication of IP packets. The
data integrity service ensures that data inside IP packet is not altered during the transit.
The authentication service enables an

lOMoARcPSD|29063204

(Autonomous)
end user or computer system to authenticate the user or the application at the other end
and decides to accept or reject packets accordingly. This also prevents IP spoofing
attacks. AH is based on MAC protocol, which means that the two communicating parties
must share a secret key in order to use AH.
Diagram
Modes of operation (4 marks)

Both AH and ESP works in two modes:
Tunnel mode:
In tunnel mode, IPsec protects the entire IP datagram. It takes an IP datagram, adds
the IPSec header and trailer and encrypts the whole thing. it then adds new IP header to
this encrypted datagram.
Diagram
2) Transport mode:
Transport mode does not hide the actual source and destination addresses. They are
visible in plain text, while in transit. In the transport mode, IPSec takes the transport
layer payload, adds IPSec header and trailer, encrypts the whole thing and then adds the
IP header. Thus IP header is not encrypted.

lOMoARcPSD|29063204

(Autonomous)
Diagram
Q.6. Attempt any FOUR of the following:

a) State any four different types of problems occur due to installation of unauthorized
software/hardware.(1 mark for each)
1. Installing unauthorized software from internet may create backdoors in your system or
network which can be used to access a system by avoiding normal security mechanism.
2. When we are installing various games from the internet, the problems with such a
download is that users don’t know from where the software originally came and what may
be hidden inside it?
3. Accessing and downloading data from unofficial sites can create virus problem into
your system as well in entire network.
4. Unauthorized hardware device and software product is not capable to protect your
system/network due to lack in security functionality.
b) Describe Caeser’s cipher technique. Write its algorithm with an example.

(Algorithm 2 marks Explanation 2 marks)
Caesar cipher:
It is proposed by Julius Caesar. In cryptography, Caesar cipher also known as Caesar’s
cipher/code, shift cipher/code.
It is one of the simplest and most widely known encryption techniques.
It is a type of substitution technique in which each letter in the plain text is replaced
by a letter some fixed number of position down the alphabet.
For example, with a shift of 3, A would be replaced by D, B would became E, and so on

as shown in the table below.

lOMoARcPSD|29063204

(Autonomous)
Plain
A B C D E F G H I J K L M
text
Cipher
D E F G H I J K L M N O P
text
Plain
N O P Q R S T U V W X Y Z
text
Cipher
Q R S T U V W X Y Z A B C
text
Using this scheme, the plain text “SECRET” encrypts as

Cipher text “VHFUHW” .
To allow someone to read the cipher text, you tell them that the key is 3
Algorithm to break Caesar cipher:

1. Read each alphabet in the cipher text message, and search for it in the second row of
the table above.
2. When a match in found, replace that alphabet in the cipher text message
with the corresponding alphabet in the same column but the first row of the table.
(For example, if the alphabet cipher text is J, replace it with G).
c) Describe DMZ with suitable diagram.

(Diagram 1 mark , Explanation 3 marks)
DMZ (Demilitarized Zone)
It is a computer host or small network inserted as a “neutral zone” in a company’s private

network and the outside public network.
It avoids outside users from getting direct access to a company’s data server. A DMZ is an
optional but more secure approach to a firewall. It can effectively acts as a proxy server.

lOMoARcPSD|29063204

(Autonomous)
The typical DMZ configuration has a separate computer or host in network which receives
requests from users within the private network to access a web sites or public network.
Then DMZ host initiates sessions for such requests on the public network but it is not able
to initiate a session back into the private network. It can only forward packets which have
been requested by a host.
The public network’s users who are outside the company can access only the DMZ host.
It can store the company’s web pages which can be served to the outside users. Hence, the
DMZ can’t give access to the other company’s data.
By any way, if an outsider penetrates the DMZ’s security the web pages may get
corrupted but other company’s information can be safe.
d) Describe:
i. Hacking
ii. Cracking
(2 marks for each)
(i) Hacking:
Hacking is one of the most well-known types of computer crime. A hacker is someone who
find out and exploits the weaknesses of s computer systems or networks.
Hacking refers to unauthorized access of another’s computer systems. These intrusions are
often conducted in order to launch malicious programs known as viruses, worms, and Trojan
horses that can shut down hacking an entire computer network.
Hacking is also carried out as a way to talk credit card numbers, intent passwords, and other
personal information.
By accessing commercial database, hackers are able to steal these types of items from
millions of internet users all at once.
There are different types of hackers:
1. White hat
2. Black hat
3. Grey hat
4. Elite hacker
5. Script hacker
(ii) Cracking:
In the cyber world, a cracker is someone who breaks into a computer system or network
without authorization and with the intention of doing damage.
Crackers are used to describe a malicious hacker.
Crackers get into all kinds of mischief like he may destroy files, steal personal information
like credit card numbers or client data, infect the system with a virus, or undertake many
others things that cause harm.
Cracking can be done for profit, maliciously, for some harm to organization or to individuals.
Cracking activity is harmful, costly and unethical.

lOMoARcPSD|29063204

(Autonomous)
e) Explain secure socket layer and describe the SSL protocol stack with neat diagram.
(Diagram 1 mark, Explanation of blocks 3 marks)
SSL:
SSL is a commonly used internet protocol for managing the security of a message
transmission between web browser and web server.
SSL is succeeded by transport layer security (TLS) and it is based on SSL.
SSL uses a program layer which is located between internet’s hypertext transfer protocol
(http) and transport control protocol (TCP) layers.
SSL is included as part of both the Microsoft and Netscape browsers and most web server
products.
SSL provides two levels of security services, authentication and confidentiality. SSL is
logically a pipe between web browser and web server.
Fig. SSL protocol stack
1. Handshake protocol:
This protocol allows the server and client to authenticate each other.
Also, it will allow negotiating an encryption and MAC algorithm.
This protocol is used before transmitting any application data. Basically, this protocol contains
a series of messages exchanged by client and server.
The handshake protocol is actually made up of four phases, those are:
I. Establish security capabilities
II. Server authentication and key exchange
III. Client authentication and key exchange
IV. Finish
2. Record protocol:
Record protocol comes into the picture after a successful completion of handshake between
client and server. It provides two services for SSL connection, as follow:
a) Confidentiality: this is achieved by using the secret key that is defined by the handshake
protocol.
b) Integrity: the handshake protocol also defines a shared secret key (MAC) that is used for
assuring the message integrity.
3. Alert protocol: when either the client or the server detects an error, the detecting party
sends an error message to other party.
If the error is fatal, both the parties immediately close the SSL connection. Both the parties
also destroy the session identifiers, secret and keys associated with this connection before it is
terminated.
Other errors, which are not so severe, do not result in the termination of the communication.
Instead, the parties handle the error and continue.

All Merged

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

All Merged

Uploaded by

Copyright:

Available Formats

lOMoARcPSD|29063204

Network and information security (Marathwada Mitra Mandal's Polytechnic)

Studocu is not sponsored or endorsed by any college or university

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

Q. Sub Answers Marking

1. (A) Attempt any THREE: 12 Marks

(a) What is Computer Security & its need? 4M

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

3. Authentication: Authentication helps to establish proof of identities. The

(b) Explain criteria for password selection. 4M

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

Fig: One Time Pad

Then using following values:

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(a) Explain Security Basics in detail. 6M

3. Authentication: Authentication helps to establish proof of identities. The

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

This type of attack is called as fabrication.

(b) Explain following terms of Intellectual property: 6M

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(a) Explain risk & threat analysis w.r.t. 8M

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(b) Describe Access control policies in detail. 8M

Various access controls are:

• Discretionary Access control (DAC): Restricting access to objects based on

• Mandatory Access control (MAC): It is used in environments where different

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

• Different User will be granted different permissions to do specific duties as per

(c) Describe digital signature mechanism with neat diagram. 8M

Ans: Digital Signature: (Any

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

3. Attempt any FOUR: 16 Marks

(a) Describe proxy server. 4M

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

1. Monitoring and Filtering

2. Filtering encrypted data

4. Accessing services anonymously

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

Fig. Proxy Server

(b) Describe in brief : 4M

• Piggybacking on Internet access is the practice of establishing a wireless

• It is a legally and ethically controversial practice, with laws that vary by

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(ii) Shoulder Surfing:

• Shoulder surfing is an effective way to get information in crowded places

• Both of these attack techniques can be easily countered by using simple

• Shoulder surfing is using direct observation techniques, such as looking over

(c) Decipher a message : 4M

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

Original Message:- THIS IS A SECRET MESSAGE VCLIENT BVP

Ans: VPN(Virtual Private Network) : (Explanation

Fig: Virtual Private Network (VPN)

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

Ans: Steps to create active directory in windows server OS: (Correct

• Install a minimum of two Domain Controllers to provide redundancy against

7. The Installation Results screen will hopefully show Installation Succeeded,

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

4. a) Attempt any THREE: 12 Marks

1. Caesar cipher: It is proposed by Julius Caesar. In cryptography Caesar cipher

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

2. The columnar transposition cipher is a transposition cipher that follows a simple