Q1a.

Write a short note on Network-Layer Attack

Ans: Network-layer attacks attempt to compromise network devices and protocol stacks. These attacks are not as common as
application-layer attacks. Network-layer attacks include packet-sniffing and protocol-anomaly exploits. • Packet Sniffing •
Sniffing occurs when an unauthorized third party captures network packets destined for computers other than their own. •
Packet sniffing allows the attacker to look at transmitted content and may reveal passwords and confidential data. Protocol
Anomaly Attacks • A rogue attacker can create malformed network packets that do not follow the intended format and
purpose of the protocol, with the result that the attacker is able to either compromise a remote host or network, or able to
compromise a confidential network data stream. • Network-layer attacks are most often used to get past firewalls and to
cause DoS attacks. • Malformed traffic can be created by tools called packet injectors or traffic generators. • Packet
injectors are used by legitimate sources to test the throughput of network devices or to test the security defences of firewalls
and IDSs.2 Attackers can even manually create the malformed traffic as a text file and then send it using a traffic replay tool.

Q1b. Explain various components used to build security program.

Ans: Components that go into the building of a security program: • Authority (Security program charter, Resourcing plan) •
The security program must include the right level of responsibility and authorization to be effective. • Framework (Policies,
Standards, Guidelines) • A security framework provides a defensible approach to building the program. • Assessment (Risk
analysis, gap analysis, remediation plan)• Assessing what needs to be protected, why, and how leads to a strategy for
improving the security posture. • Planning(roadmap, architecture, project) • Planning produces priorities and timelines for
security initiatives. • Action • The actions of the security team produce the desired results based on the plans. • Maintenance
• The end stage of the parts of the security program that have reached maturity is to maintain them. Diagram

Q 1c. What are the three recognized variants of malicious mobile code? Explain.

Ans: Three recognized variants of malicious mobile code: viruses, worms, and Trojans. • Virus 1A virus is a self-replicating
program that uses other host files or code to replicate. 2 Most viruses infect files so that every time the host file is executed,
the virus is executed too.3 Viruses can infect program files, boot sectors, hard drive partition tables, data files, memory,
macro routines, and scripting files. • Worm 1. A computer worm uses its own coding to replicate, although it may rely on the
existence of other related code to do so. 2. The key to a worm is that it does not directly modify other host code to replicate. •
Trojan 1. Trojan horse programs, or Trojans, work by posing as legitimate programs that are activated by an unsuspecting
user. 2. After execution, the Trojan may attempt to continue to pose as the other legitimate program (such as a screensaver)
while doing its malicious actions in the background.

Q1d. List and explain the steps to create a Security Defence Plan.

Ans: A security defence plan consists of the following steps: 1. Inventory the assets you have to protect. 2. Decide the value of
each asset and its chance of being exploited in order to come up with a quantifiable exposure risk. 3. Using the steps outlined
in this chapter (and summarized next), develop a plan to tighten the security on your protected assets. Assets with the highest
exposure risk should be given the most protection, but make sure all assets get some baseline level of security. 4. Develop and
document security baseline tools and methods. For example, develop an acceptable security template for end-user
workstations. Document a method for applying security templates to those workstations (probably a group policy), and put
policies and procedures in force to make sure each workstation gets configured with a security template. 5. Use vulnerability
testing tools to confirm assets have been appropriately configured. 6. Do periodic testing to make sure security settings stay
implemented. 7. Change and update the plan as dictated by new security events and risks.

Q 1c. Write a note on Threat Vector. SAME ANS 1C

Ans: Threat Vector: It is a term used to describe where a threat originates and the path it takes to reach a target. Eg: an e-mail
message sent from outside the organization to an inside employee, containing an irresistible subject line along with an
executable attachment that happens to be a Trojan program, which will compromise the recipient’s computer if opened. A
good way to identify potential threat vectors is to create a table containing a list of threats you are concerned about, along
with sources and targets
Q1e. What are the importance of information protection? Explain with example.

Companies may have confidential information, such as research and development plans, manufacturing processes, strategic
corporate information, product roadmaps, process descriptions, customer lists and contact information, financial forecasts,
and earnings announcements, that is intended for internal use on a need-to-know basis. Loss or theft of confidential
information could violate the privacy of individuals, reduce the company’s competitive advantage, or cause damage to the
company. Specialized information or secret information may include trade secrets, such as formulas, production details, and
other intellectual property, proprietary methodologies and practices that describe how services are provided, research plans,
electronic codes, passwords, and encryption keys. If disclosed, this type of information may severely damage the company’s
competitive advantage. It is usually restricted to only a few people or departments within a company and is rarely disclosed
outside the company. Eg: Egghead Software was a well-known software retailer who discovered in 2000 that Internet
attackers might have stolen as many as 3.7 million credit card numbers from its web site, housed offsite at an e-commerce
service provider that lacked good security.
Q2a. Define authentication. Explain two parts of authentication

Authentication is the process by which people prove they are who they say they are. It’s composed of two parts: • a public
statement of identity (usually in the form of a username) • combined with a private response to a challenge (such as a
password). • The following types of password authentication systems are commonly used today: • Local storage and
comparison :- • They create and manage their own stored-password file and do no encryption. • Security relies on the
protection of the password file. Because passwords can be intercepted by rogue software, these systems are not well
protected • Central storage and comparison :- • The password entered by the user is encrypted, passed over the network in
this state, and then compared by the remote server to its stored encrypted password. • Kerberos :- • a network
authentication system based on the use of tickets • One-time password (OTP) :- • Two current methods that use one-time
passwords are time-based keys and sequential keys

Q2b. Explain the authorization systems.

Diagram User Rights: User rights provide the authorization to do things that affect the entire system. The ability to create
groups, assign users to groups, log in to a system, and many more user rights can be assigned. Other user rights are implicit
and are rights that are granted to default groups—groups that are created by the operating system instead of by
administrators. These rights cannot be removed. Role Based Authorization: Each employee requires privileges (the right to do
something) and permissions (the right to access particular resources and do specified things with them) if they are to do their
job. Access Control Lists (ACLs): Information systems use ACLs to determine whether the requested service or resource is
authorized. Access to files on a server is often controlled by information that is maintained on each file. The ability for
different types of communication to pass a network device can be controlled by ACLs. Rule Based Authorization: It requires
the development of rules that stipulate what a specific user can do on a system.

Q2e. Write a short note on integrity risks.

Integrity risks affect both the validity of information and the assurance that the information is correct. If information can be
changed without warning, authorization, or an audit trail, its integrity cannot be guaranteed a. Malfunctions: Computer and
storage failures that corrupt data damage the integrity of that data. • Defense Make sure the storage infrastructure you select
has appropriate RAID redundancy built in and that archives of important data are part of the service. • Detection Employ
integrity verification software that uses checksums or other means of data verification. b. Data Deletion and Data Loss: Data
can be accidentally or intentionally destroyed due to computer system failures or mishandling. Such data may include
financial, organizational, personal, and audit trail information.  Defense Ensure that your critical data is redundantly stored
and housed in more than one location.  Detection Maintain and review audit logs of data deletion. c. Data Corruption and
Data Tampering: Changes to data caused by malfunction in computer or storage systems, or by malicious individuals or
malware, can damage the integrity of that data. Integrity can also be damaged by people who modify data with intent to
defraud.  Detection Use integrity-checking software to monitor and report alterations to key data.  Residual risk Corrupted
or damaged data can cause significant issues because valid, reliable data is the cornerstone of any computing system

Q2c. Write a note on symmetric key cryptography.

Symmetric key cryptography is any cryptographic algorithm that is based on a shared key that is used to encrypt or decrypt
text/cypher text, in contract to asymmetric key cryptography, where the encryption and decryption keys are different.
Symmetric encryption is generally more efficient than asymmetric encryption and therefore preferred when large amounts of
data need to be exchanged. Establishing the shared key is difficult using only symmetric encryption algorithms, so in many
cases, an asymmetric encryption is used to establish the shared key between two parties. Examples for symmetric key
cryptography include AES, DES, and 3DES. Key exchange protocols used to establish a shared encryption key include Diffie-
Hellman (DH), elliptic curve (EC) and RSA. Symmetric-key encryption can use either stream ciphers or block ciphers. [5] ➢
Stream ciphers encrypt the digits (typically bytes), or letters (in substitution ciphers) of a message one at a time. An example
is the Vigenere Cipher. ➢ Block ciphers take a number of bits and encrypt them as a single unit, padding the plaintext so that
it is a multiple of the block size. Blocks of 64 bits were commonly used. The Advanced Encryption Standard (AES) algorithm
approved by NIST in December 2001, and the GCM block cipher mode of operation use 128-bit blocks.
Q2f. Explain Database Level Security.

: Database level security involves setting database level permissions regarding database administration security and assigning
roles and permissions to users accessing the databases.  Database Administration Security: Important tasks include creating
databases, removing unneeded databases, managing disk space allocation, monitoring performance, and performing backup
and recovery operations. Database platforms allow the default systems administrator account to delegate permissions to
other users, allowing them to perform these important operations Database Roles and Permissions: In order to actually
access a database, the user’s login must be authorized to use it. The general process begins with specifying to which
database(s) a login may connect. Then, permissions must be assigned within the database. Generally, database administrators
create “groups” or “roles,” and each of these will contain users. Specific permissions are assigned to the roles.
3a.Difference between hubs,switches and routers.

Q3d. Explain the features of firewall.

Features of Firewall: • Application Awareness: The firewall must be able to process and interpret traffic at least from OSI
layers three through seven. At layer three, it should be able to filter by IP address; at layer four by port; at layer five by
network sessions; at layer six by data type, and, most significantly, at layer seven to properly manage the communications
between applications. • Accurate Application Fingerprinting: The firewall should be able to correctly identify applications, not
just based on their outward appearance, but by the internal contents of their network communications as well. Features of
Firewall: • Application Awareness: The firewall must be able to process and interpret traffic at least from OSI layers three
through seven. At layer three, it should be able to filter by IP address; at layer four by port; at layer five by network sessions;
at layer six by data type, and, most significantly, at layer seven to properly manage the communications between applications.
• Accurate Application Fingerprinting: The firewall should be able to correctly identify applications, not just based on their
outward appearance, but by the internal contents of their network communications as well. • Bandwidth Management
(QoS): The Quality of Service (QoS) of preferred applications, which might include Voice over IP (VoIP) for example, can be
managed through the firewall based on real-time network bandwidth availability.

Q3e. Explain the five different types of wireless attacks.

Five different types of wireless attacks are: • Wired Side Leakage o when wireless connected to wired networks this
broadcast and multicast traffic can leak into the wireless airspace. • Rogue Access Points o Rogue AP is an unsanctioned
wireless access point connected to your physical network • Misconfigured Access Points o Enterprise wireless LAN
deployments can be riddled with misconfigurations. o Human error coupled with different administrators installing the access
points and switches can lead to a variety of misconfigurations • Wireless Phishing o users may unknowingly connect to a
wireless network that they believe is the legitimate access point but that has, in fact, been set up as a honeypot or open
network specifically to attract unsuspecting victims• Client Isolation o Most users connect to the access point to obtain
Internet access or access to the corporate network, but they can also fall victim to a malicious user of that same wireless
network.

Q3a. Explain the Cisco Hierarchical Internetworking Model

The Cisco three-tier model is derived from the Public Switched Telephone Network (PSTN) model, which is in use for much of
the world’s telephone infrastructure. • Core layer(core) o Forms the network backbone and is focused on moving data as fast
as possible between distribution layers. o Primary focus is performance, so it should not be used to perform CPU-intensive
operations such as filtering, compressing, encrypting, or translating network addresses for traffic. • Distribution
layer(Accounting,Human Resources,Manufacturing) o Sits between the core and the access layer. This layer is used to
aggregate accesslayer traffic for transmission into and out of the core. • Access layer(Users,Users,Users) o Composed of the
user networking connections. • Filtering, compressing, encrypting, and address-translating operations should be performed at
the access and distribution layers.
Q3b. Explain network availability and security.

Network Availability: • Network availability requires that systems are appropriately resilient and available to users on a timely
basis (meaning, when users require them). • The opposite of availability is denial of service, which is when users cannot access
the resources they need on a timely basis. • Denial of service can be intentional (for example, the act of malicious individuals) or
accidental (such as when hardware or software fails). • Unavailable systems result in o Loss of revenue o Reduced employee
productivity o Loss of consumer confidence o Negative publicity. Network Security: • When designing and implementing security
in network and system architectures, it is helpful to identify critical security controls and understand the consequences of a
failure in those controls • Firewalls o protect hosts by limiting what services users can connect to on a given system o can allow
different sets of users selective access to different services.
Q4a. Write a note on H.323 protocol that includes: i) Governing Standard ii) Purpose iii) Function iv) Known Compromises and
Vulnerabilities v) Recommendations.

Governing Standard H.323: It is itself a “standard” currently in ITU-T revision 7 (H.323 v7). It is a component of the “H-series” ITU-
T recommendations for Audiovisual and Multimedia Systems specifically addressing systems and terminal equipment for
audiovisual services. Purpose: Standardized approach for terminals and other entities that provide multimedia communications
services over packet-based networks that may not provide a guaranteed quality of service. Audio support is mandatory, but
entities may support real-time video and/or data communications. Function: H.323 entities may be integrated into PCs or
implemented in standalone devices (videoconferencing codecs, IP cameras, MCUs, for example) and support many types of
networks and internetworking, Known Compromises and Vulnerabilities: The most common and impacting types of H.323
vulnerabilities are DoS, DDoS, flooding, Gateway compromises Remote code execution and arbitrary code execution.
Recommendations: Turn it off if it is not being used. Many devices are shipped with this protocol enabled for convenience, so
leaving H.323 enabled on an Internet-facing gateway can lead to disaster.

Q.4b.DAC and MAC

Q.4c.Write a short note on Private Branch Exchange.

A Private Branch Exchange (PBX) is a computer-based switch that can be

thought of as a local phone company. Following are some common PBX
features:  Multiple extensions  Voicemail  Call forwarding. Hacking PBX:
Attackers hack PBXs for several reasons such as to gain confidential
information (espionage), to place outgoing calls that are charged to the
organization’s account (and thus free to the attacker), and to cause damages
by crashing the PBX. Securing PBX: Following measures can be taken to
secure a PBX.  Connect administrative ports only when necessary.  Protect
remote access with a third-party device or a dial-back.  Review the
password strength of your users’ passwords.  Block international calls to
places such as the Caribbean that fraudsters tend to call.  Train your help
desk staff to identify attempted PBX hacks, such as excessive hangups, wrong
number calls, and locked-out mailboxes.  Make sure your PBX model is
immune to common DoS attacks.

Q4f. Write a short note on trustworthy computing.

Four goals of the Trustworthy Computing initiative are Security: As a customer, you can expect to withstand attack. In addition,
you can expect the data is protected to prevent availability problems and corruption. Privacy: You have the ability to control
information about yourself and maintain privacy of data sent across the network. Reliability: When you need your system or
data, they are available. Business integrity: The vendor of a product acts in a timely and responsible manner, releasing security
updates when a vulnerability is found. To track and assure its progress in complying with the Trustworthy Computing initiative,
Microsoft created a framework to explain its objectives: that its products be secure by design, secure by default, and secure in
deployment, and that it provide communications. 1. Build a secure architecture. This is imperative. Software needs to be
designed with security in mind first and then features. 2. Add security features. Feature sets need to be added to deal with new
security vulnerabilities.

Q4e. Explain different classic security models.---ANS----The different classic security models are: Bell-LaPadula: One of the first
attempts to formalize an information security model. It was designed to prevent users and processes from reading above their
security level. This is used within a data classification system—so a given classification cannot read data associated. Biba: It
focuses on integrity labels, rather than sensitivity and data classification. It attempts to preserve the first goal of integrity, namely
to prevent unauthorized users from modifying data. Clark-Wilson: It attempts to define a security model based on accepted
business practices for transaction processing. It is much more real-world-oriented and articulates the concept of well-formed
transactions. TCSEC: It was developed to meet three objectives:  To give users a yardstick for assessing how much they can trust
computer systems for the secure processing of classified or other sensitive information To provide a basis for specifying security
requirements for software and hardware acquisitions. Labels: TCSEC makes heavy use of the concept of labels. Labels are simply
security-related information that has been associated with objects such as files, processes, or devices. The ability to associate
security labels with system objects is also under security control
Q5a. What is cloud computing? Explain the types of cloud services.

Cloud computing provides a way to increase capacity or add capabilities on the fly without investing in new infrastructure,
training new personnel, or licensing new software. It encompasses any subscription-based or pay-per-use service that, in real
time over the Internet, extends existing IT capabilities. Types of Cloud Services: Infrastructure-as-a-Service (IaaS): allows
consumers to provision processing, storage, and networking resources, allowing them to deploy and run their own operating
systems or applications in their own cloud environment Software-as-a-Service (SaaS): Delivers a single application through
the browser to customers Utility computing: Companies that offer storage and virtual servers that IT can access on demand
Platform-as-a-Service (PaaS): Delivers development environments as a service. You build your own applications that run on
the provider’s infrastructure and are delivered to your users via the Internet from the provider’s servers. Web services in the
Cloud: Web service providers offer APIs that enable developers to exploit functionality over the Internet, rather than
delivering full-blown applications. Managed service providers (MSP): It is basically an application exposed to IT rather than to
end users. Examples include virus scanning services, e-mail spam filtering services, application monitoring services, and
managed security services. Service commerce platforms: It is a service hub that users interact with, such as an expense
management system, to order travel or secretarial services from a common platform that then coordinates the service
delivery and pricing within the specifications set by the user.

Q5b. Write a note on Custom Remote Administration

Some applications are controlled remotely via a GUI or through console applications, such as SQL Server, Exchange Server,
firewalls, and intrusion detection systems (IDSs). An application may also control clients with probes, as an IDS does.
Advantages: • Complex graphics: Sometimes the console needs to display complex graphics that can’t be shown using a
regular web administration interface. • Authentication and encryption: The application may use either a stronger
authentication method or a stronger encryption method to secure the session. Disadvantages: • Specific OS Some vendors
will require a specific OS to run the controlling GUI, and the administrator will have to install it if it isn’t already installed. •
Unavailability The application can be administered only from computers on which the GUI is installed, and if the administrator
is not in the office, it may not be possible to administer it from other computers. In case of custom remote administration,
following things should be considered: Session Security: It’s important that the session between the client (GUI or console)
and the application be secure. Authentication: It’s important that authentication take place and that it isn’t based upon easily
forged assumptions, like the IP or MAC address of the computer. The sequence of the authentication process is also critical.

Q5a. Define virtual machine. How is hypervisor responsible for managing all guest OS installations on a VM server?

A virtual machine is an emulation of a computer system. Virtual machines are based on computer architectures and provide
functionality of a physical computer. Their implementations may involve specialized hardware, software, or a combination. In
addition to securing the VMs themselves, additional steps are needed to secure the virtual environment as a whole.
Hypervisor is a centralised management platform for virtual machines. It is responsible for managing all guest OS installations
on a VM server. The service console provides a centralized location for managing all the servers in a virtual environment. It
needs to be properly patched and secured, as well as logically separated through the use of isolated networks with strict
access controls. Also administrative access should be strictly controlled Hypervisor manages access to hardware resources so
that each guest OS is able to access only its own allocated resources, such as CPU, memory, and storage, but not those
resources allocated to other guest Oss.

Q5c. Explain the application security practices and decisions that appear in most secure development lifecycle.

Security Training: Includes technical security awareness training for everyone and rolespecific training for most individuals.
Role-specific training goes into more detail about the security activities a particular individual participates in, and the
technologies in use (for developers). Secure Development Infrastructure: At the beginning of a new project, source code
repositories, file shares, and build servers must be configured for team members’ exclusive access, bug tracking software must
be configured to disclose security bugs only according to organization policies. Security Requirements: Include access control
matrices, security objectives , abuse cases, references to policies and standards, logging requirements, security bug bars,
assignment of a security risk. Secure Design: Activities usually revolve around secure design principles and patterns. They also
frequently include adding information about security properties and responsibilities to design documents. Threat Modeling: It
is a technique for reviewing the security properties of a design and identifying potential issues and fixes. Architects can
perform it as a secure design activity, or independent design reviewers can perform it to verify architects’ work. Secure
Coding: Includes using safe or approved versions of functions and libraries, eliminating unused code, following policies,
handling data safely. Security Code Review: To find security issues by inspecting application code, development teams may
use static analysis tools, manual code review, or a combination.