Q.

1 Attempt any Four

a) List any four type of Cybercrime.
1. Ans. Phishing
2. Malware
3. Hacking
4. Identity Theft
5. Distributed Denial of Service (DDoS)
6. Cyberstalking
7. Online Fraud
8. Data Breach
9. Cyberbullying
10. Child Exploitation

B) What is PGP
Ans. Pretty Good Privacy (PGP) is an encryption system used for both sending
encrypted emails and encrypting sensitive files. Since its invention back in 1991, PGP
has become the de facto standard for email security.

The popularity of PGP is based on two factors. The first is that the system was originally
available as freeware, and so spread rapidly among users who wanted an extra level
of security for their email messages. The second is that since PGP uses both symmetric
encryption and public-key encryption, it allows users who have never met to send
encrypted messages to each other without exchanging private encryption keys.

c) What is steganography.
Ans. A steganography technique involves hiding sensitive information within an ordinary,
non-secret file or message, so that it will not be detected. The sensitive information will then
be extracted from the ordinary file or message at its destination, thus avoiding
detection. Steganography is an additional step that can be used in conjunction with
encryption in order to conceal or protect data.

d) What is Kerberos
ans. Kerberos is a computer network security protocol that authenticates service requests
between two or more trusted hosts across an untrusted network, like the internet. Initially
developed by the Massachusetts Institute of Technology (MIT) for Project Athena in the late
'80s, it's now a default authorization technology in Microsoft Windows and is also
implemented in other operating systems like Apple OS, FreeBSD, UNIX, and Linux.

Q. 2 Attempt any Three

a) List the type of firewall. Explain packet filter with diagram

1. Ans.- Software firewall. ...
2. Hardware firewall. ...
 3. Packet filtering firewall. ...
4. Circuit-level gateway. ...
5. Proxy service application firewall. ...
6. Cloud firewall. ...
7. Stateful inspection firewall. ...
8. Next-Generation firewall (NGFW)
Packet Filtering Firewall:-
A packet filtering firewall is a network security technique that
regulates data flow to and from a network. It is a security mechanism
that allows packets to move across networks while controlling their
flow through the use of a set of rules, protocols, IP addresses, and
ports. Firewalls are appliances that protect networks against external
intrusion by screening incoming data and admitting or excluding traffic.
Packet filtering firewalls achieve this goal by applying security rules
to data packets. If packets pass these tests, they can enter the
network. If not, the data is rejected.

Digram:-

b) Describe IP security.
Ans. IP Sec (Internet Protocol Security) is an Internet Engineering Task Force (IETF) standard
suite of protocols between two communication points across the IP network that provide
data authentication, integrity, and confidentiality. It also defines the encrypted, decrypted,
and authenticated packets. The protocols needed for secure key exchange and key
management are defined in it.

Components of IP Security
It has the following components:
1. Encapsulating Security Payload (ESP)
2. Authentication Header (AH)
3. Internet Key Exchange (IKE)

 Features of IPSec

1.Authentication: IPSec provides authentication of IP packets using digital signatures

or shared secrets. This helps ensure that the packets are not tampered with or forged.
2.Confidentiality: IPSec provides confidentiality by encrypting IP packets, preventing
eavesdropping on the network traffic.
3.Integrity: IPSec provides integrity by ensuring that IP packets have not been
modified or corrupted during transmission.

Advantages of IPSec

Strong security: IPSec provides strong cryptographic security services that

help protect sensitive data and ensure network privacy and integrity.
Wide compatibility: IPSec is an open standard protocol that is widely
supported by vendors and can be used in heterogeneous environments.
Flexibility: IPSec can be configured to provide security for a wide range of
network topologies, including point-to-point, site-to-site, and remote
access connections.
Scalability: IPSec can be used to secure large-scale networks and can be
scaled up or down as needed.
c) Compare symmetric and asymmetric key Cryptography
ans.
Factors Symmetric Key Asymmetric Key
Cryptography Cryptography
Size of cipher text The same or smaller than The same or larger than
the original plain text the original plain text
Data size Used for large amounts of Used for small amounts of
data data
Resource Utilization Low High
Key Lengths 128 or 256 bits 2048 or higher
 Security Less secure as only one key More secure as two keys
is used for both encryption are used, one for
and decryption encryption and the other
for decryption
Number of keys One key for both Two keys, a public key and
encryption and decryption a private key, one for
encryption and the other
for decryption
Techniques Provides confidentiality Provides confidentiality,
authenticity, and non-
repudiation
Confidentiality Only the key holder can Only the private key
decrypt the message holder can decrypt the
message
Speed Fast Slow
Algorithms Examples: 3DES, AES, Examples: Diffie-Hellman,
DES and RC4 ECC, DSA, and RSA

d) Explain Working principle of SMTP

o ans. SMTP stands for Simple Mail Transfer Protocol.

o SMTP is a set of communication guidelines that allow software to transmit an
electronic mail over the internet is called Simple Mail Transfer Protocol.
o It is a program used for sending messages to other computer users based on
e-mail addresses.
o It provides a mail exchange between users on the same or different computers,
and it also supports:
o It can send a single message to one or more recipients.
o Sending message can include text, voice, video or graphics.
o It can also send the messages on networks outside the internet.
o The main purpose of SMTP is used to set up communication rules between
servers. The servers have a way of identifying themselves and announcing what
kind of communication they are trying to perform. They also have a way of
handling the errors such as incorrect email address. For example, if the recipient
address is wrong, then receiving server reply with an error message of some
kind.

Working of SMTP:-

1. Submission of Mail: After composing an email, the mail client then submits
the completed e-mail to the SMTP server by using SMTP on TCP port 25.
2. Receipt and Processing of Mail: Once the incoming message is received, the
exchange server delivers it to the incoming server (Mail Delivery Agent) which
stores the e-mail where it waits for the user to retrieve it.
3. Access and Retrieval of Mail: The stored email in MDA can be retrieved by
using MUA (Mail User Agent). MUA can be accessed by using login and
password.