Nis 22620 Sample Papers S-22, w22, s23

Zeal Education Society’s
ZEAL POLYTECHNIC, PUNE.

NARHE │PUNE -41 │ INDIA
THIRD YEAR (TY)
DIPLOMA IN COMPUTER ENGINEERING

SCHEME: I SEMESTER: VI
NAME OF SUBJECT: NETWORK INFORMATION SECURITY

SUBJECT CODE: 22620
MSBTE QUESTION PAPERS & MODEL ANSWERS

1. MSBTE SUMMER -22 EXAMINATION
2. MSBTE WINTER -22 EXAMINATION
3. MSBTE SUMMER -23 EXAMINATION
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620
Important Instructions to examiners:

1) The answers should be examined by key words and not as word-to-word as given in the model answer
scheme.
2) The model answer and the answer written by candidate may vary but the examiner may try to assess
the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more Importance (Not
applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in the figure.
The figures drawn by candidate and model answer may vary. The examiner may give credit for any
equivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed constant values
may vary and there may be some difference in the candidate‟s answers and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of relevant answer
based on candidate‟s understanding.
7) For programming language papers, credit may be given to any other program based on equivalent
concept.
8) As per the policy decision of Maharashtra State Government, teaching in English/Marathi and
Bilingual (English + Marathi) medium is introduced at first year of AICTE diploma Programme from
academic year 2021-2022. Hence if the students in first year (first and second semesters) write
answers in Marathi or bilingual language (English +Marathi), the Examiner shall consider the same
and assess the answer based on matching of concepts with model answer.
Q.N Sub Answer Marking

o Q.N. Scheme
1. Attempt any FIVE of the following: 10
a) Define following terms: 2M
i) Confidentiality
ii) Accountability
Ans i) Confidentiality: The principle of confidentiality specifies that only 1M for
sender and intended recipients should be able to access the contents of each
a message. Confidentiality gets compromised if an unauthorized person definition
is able to access the contents of a message.
OR
The goal of confidentiality is to ensure that only those individuals who
have the authority can view a piece of information, the principle of
confidentiality specifies that only sender and intended recipients
should be able to access the contents of a message. Confidentiality gets
compromised if an unauthorized person is able to access the contents
of a message.
ii) Accountability: The principle of accountability specifies that every
individual who works with an information system should have specific
Page 1 / 28
(Autonomous)

MODEL ANSWER
responsibilities for information assurance.

The tasks for which a individual is responsible are part of the overall
information security plan and can be readily measurable by a person
who has managerial responsibility for information assurance.
One example would be a policy statement that all employees must
avoid installing outside software on a company-owned information
infrastructure.
OR
The security goal that generates the requirement for actions of an entity
to be traced uniquely to that entity.
b) Explain the terms: 2M
i) Shoulder surfing
ii) Piggybacking
Ans. i) Shoulder surfing: It is using direct observation techniques, such as 1M for
looking over someone's shoulder, to get information. Shoulder surfing each
is a similar procedure in which attackers position themselves in such a explanation
way as to- be-able to observe the authorized user entering the correct
access code.
• Shoulder surfing is an effective way to get information in crowded
places because it's relatively easy to stand next to someone and watch
as they fill out a form, enter a PIN number at an ATM machine, or use
a calling card at a public pay phone. Shoulder surfing can also be done
long distance with the aid of binoculars or other vision-enhancing
devices.
ii) Piggybacking : Piggybacking on Internet access is the practice of

establishing a wireless Internet connection by using another
subscriber's wireless Internet access service without the subscriber‟s
explicit permission or knowledge.
OR
Access of wireless internet connection by bringing one's own computer
within range of another wireless connection & using that without
explicit permission , it means when an authorized person allows
(intentionally or unintentionally) others to pass through a secure door.
OR
An attacker can thus gain access to the facility without having to know
the access code or having to acquire an access card. It is the simple
tactic of following closely behind a person who has just used their own
access card or PIN to gain physical access to a room or building.
Page 2 / 28
(Autonomous)

MODEL ANSWER
c) Define term cryptography. 2M

Ans. Cryptography is art & science of achieving security by encoding 2M for
messages to make them non-readable. definition,
diagram is
optional
d) Classify following cyber crimes: 2M

i) Cyber stalking
ii) Email harassment 1M for
Ans. i) Cyber stalking : Cyber Stalking means following some ones each
activity over internet. This can be done with the help of many protocols explanation
available such as e- mail, chat rooms, user net groups.
OR
Cyber stalking :Cyberstalking/ Harassment refers to the use of the
internet and other technologies to harass or stalk another person online,
and is potentially a crime in the India under IT act-2000.
This online harassment, which is an extension of cyberbullying and in-
person stalking, can take the form of e-mails, text messages, social
media posts, and more and is often methodical, deliberate, and
persistent.
ii) Email harassment : Email harassment is usually understood to be

a form of stalking in which one or more people send consistent,
unwanted, and often threatening electronic messages to someone else
OR
Email harassment : Cybercrime against individual
e) Differentiate between viruses & worms (any two) 2M
Ans. S. N Worms Virus 1M for
1. The worm is code that The virus is the program code each
replicate itself in order to that attaches itself to difference,
consume resources to application program and when any two can
bring it down. application program run it be
runs along with it considered
2. It exploits a weakness in It inserts itself into a file or
an application or operating executable program.
system by replicating itself
Page 3 / 28
(Autonomous)

MODEL ANSWER
3 It can use a network to It has to rely on users

replicate itself to other transferring infected
computer systems without files/programs to other
user intervention. computer systems.
4 Usually not. Worms Yes, it deletes or modifies
usually only monopolize files. Sometimes a virus also
the CPU and memory. changes the location of files.
5 Worm is faster than virus Virus is slower than worm.
6 E.g. Code red E.g. Macro virus, Directory
virus, Stealth Virus
f) Define firewall. Enlist types of firewalls. 2M
Ans. Definition Firewall: A firewall is a network security device that 1M for
monitors incoming and outgoing network traffic and permits or blocks definition
data packets based on a set of security rules. Its purpose is to establish 1M for
a barrier between your internal network and incoming traffic from listing any
external sources (such as the internet) in order to block malicious two types
traffic like viruses and hackers.
Types of Firewall :
1 .Packet Filter
2. Circuit level Gateway
3. Application Gateway
4. Software
5. Hardware
6. Hybrid
7. Stateful multilayer Inspection Firewall
g) Define AH & ESP with respect to IP security. 2M

Ans. Authentication header (AH): 1M each,
1. The AH provides support for data integrity and authentication of any one
IP packets. The data integrity service ensures that data inside IP point also
packet is not altered during the transit. can be
2. The authentication service enables an end user or computer system considered
to authenticate the user or the application at the other end and decides
to accept or reject packets accordingly
Encapsulation Header (ESP):
1. Used to provide confidentiality, data origin authentication, data
integrity.
2. It is based on symmetric key cryptography technique.
Page 4 / 28
(Autonomous)

MODEL ANSWER
3. ESP can be used in isolation or it can be combined with AH.
2. Attempt any THREE of the following: 12

a) Define following terms: 4M
i) Operating System Security
ii) Hot fix
iii) Patch
iv) Service pack
Ans. i) Operating System Security: The OS must protect itself from 1M for
security breaches, such as runaway processes ( denial of service ), each
memory-access violations, stack overflow violations, the launching of definition
programs with excessive privileges, and many others.
ii)Hot Fix : Normally this term is given to small software update
designed to address a particular problem like buffer overflow in an
application that exposes the system to attacks.
iii) Patch: This term is generally applied to more formal, larger s/w
updates that may address several or many s/w problems. Patches often
contain improvement or additional capabilities & fixes for known
bugs.
iv) Service Pack : service pack is a collection of updates and fixes,
called patches, for an operating system or a software program. Many of
these patches are often released before a larger service pack, but the
service pack allows for an easy, single installation.
OR
A service pack (SP) is an update, often combining previously released
updates, that helps make Windows more reliable. Service packs can
include security and performance improvements and support for new
types of hardware.
b) Explain the mechanism of fingerprint & voice pattern in 4M
Biometrics. 2M for
Ans. each
explanation
, diagram is
optional
Page 5 / 28
(Autonomous)

MODEL ANSWER
Fingerprint registration & verification mechanism

1. During registration, first time an individual uses a biometric system
is called an enrollment.
2. During the enrollment, biometric information from an individual is
stored.
3. In the verification process, biometric information is detected and
compared with the information stored at the time of enrolment.
4. The first block (sensor) is the interface between the real world and
the system; it has to acquire all the necessary data.
5. The 2nd block performs all the necessary pre-processing.
6. The third block extracts necessary features. This step is an important
step as the correct features need to be extracted in the optimal way.
7. If enrollment is being performed the template is simply stored
somewhere (on a card or within a database or both).
8. If a matching phase is being performed the obtained template is
passed to a matcher that compares it with other existing templates,
estimating the distance between them using any algorithm.
9. The matching program will analyze the template with the input. This
will then be output for any specified use or purpose.
Voice pattern :
1. Biometric Voice Recognition is the use of the human voice to
uniquely identify biological characteristics to authenticate an
individual unlike passwords or tokens that require physical input.
2. Voice biometric recognition works by inputting the voice of the
individual whose identity has to be stored in the system. This input
is kept as a print for authentication. The input print is made with
software that can split the voice statement into multiple frequencies
3. A voice biometrics tool collects a user‟s voice template.
Page 6 / 28
(Autonomous)

MODEL ANSWER
it only checks who is speaking and what is speaking (Who you are and
what you speak)
c) Differentiate between symmetric and asymmetric key 4M
cryptography. 1M for
Ans. each valid
point, any
four points
can be
considered
d) Write & explain DES algorithm 4M

Ans.
2M for
diagram
2M for
explanation
Initial Permutation (IP): It happens only once. It replaces the first bit
of the original plain text block with the 58th bit of the original plain
text block, the second bit with the 50th bit of original plain text block
and so on. The resulting 64-bits permuted text block is divided into
two half blocks. Each half block consists of 32 bits. The left block
called as LPT and right block called as RPT.16 rounds are performed
on these two blocks. Details of one round in DES
Page 7 / 28
(Autonomous)

MODEL ANSWER
Step 1 : key transformation: the initial key is transformed into a 56-

bit key by discarding every 8th bit of initial key. Thus ,for each round ,
a 56 bit key is available, from this 56-bit key, a different 48-bit sub key
is generated during each round using a process called as key
transformation Expansion Permutation Key Transformation
S-box substitution
XOR and swap
P-box Permutation
Step 2: Expansion permutation: During Expansion permutation the

RPT is expanded from 32 bits to 48 bits. The 32-bit RPT is divided
into 8 blocks, with each block consisting of 4-bits. Each 4-bits block of
the previous step is then expanded to a corresponding 6-bit block, per
4-bit block, 2 more bits are added. They are the repeated 1st and 4th
bits of the 4-bit block. The 2nd and 3rd bits are written as they were in
the input. The 48 bit key is XOR ed with the 48-bit RPT and the
resulting output is given to the next step.
Step 3: S-box substitution: It accepts the 48-bits input from the XOR
operation involving the compressed key and expanded RPT and
produces 32-bit output using the substitution techniques. Each of the 8
S-boxes has a 6-bit input and a 4-bit output. The output of each S-box
then combined to form a 32-bit block, which is given to the last stage
of a round
Step 4: P- box permutation: the output of S-box consists of 32-bits.
These 32-bits are permuted using P-box. Step
5: XOR and Swap: The LPT of the initial 64-bits plain text block is
XORed with the output produced by P box-permutation. It produces
Page 8 / 28
(Autonomous)

MODEL ANSWER
new RPT. The old RPT becomes new LPT, in a process of swapping.
Final Permutation: At the end of 16 rounds, the final permutation is

performed. This is simple transposition. For e.g., the 40th input bit
takes the position of 1st output bit and so on.

a) Describe the features of DAC access control policy. 4M
Ans. DAC (discretionary access control) policy utilizes user identification 1M for
procedures to identify and restrict object access .It restricts access to explanation
objects based on the identity of subjects and or groups to which they , 3M for
belongs to. The owner of information or any resource is able to change features
its permissions at his discretion .Data Owners can transfer ownership
of information to other users .Data Owners can determine the type of
access given to other users (read, write etc.)
Features of DAC policy are as follows :-

Flexible –In DAC policy owner of information or resource can change
its permission.
Page 9 / 28
(Autonomous)

MODEL ANSWER
Backup - Discretionary access control allows organizations to

backup security policies and data to ensure effective access points.
Usability - Discretionary access control is easy to use. Data Owners

can transfer ownership of information to other users easily.
b) Consider plain text “COMPUTER ENGINEERING” and convert 4M

given plain text into cipher text using „Caesar Cipher‟ with shift of
position three- write down steps in encryption.
Ans. Caesar cipher technique is proposed by Julius Caesar. It is one of the 2M for
simplest and most widely known encryption techniques. It is a type of explanation
substitution technique in which each letter in the plain text is replaced 2M for
by a letter some fixed number of position down the alphabet. The problem
Caesar cipher involves replacing each letter of the alphabet with the solution
letter three places further down the alphabet. For example, with a shift
of 3, A would be replaced by D, B would became E, and so on as
shown in the table below
PLAIN TEXT -COMPUTER ENGINEERING

CIPHER TEXT–FRPSXWHU HQJLQHHULQJ
c) Differentiate between host-based & network based IDS 4M

Ans. SN Host Based Ids Network Based Ids 1M for
1 Examines activity on an Examines activity on the each valid
individual system, such as a network itself point, any
mail server, web server, or four points
individual PC. can be
2 It is concerned only with an It has visibility only into the considered
individual system and traffic crossing the network
usually has no visibility into link it is monitoring and
the activity on the network typically has no idea of
or systems around it what is happening on
individual systems.
Page 10 / 28
(Autonomous)

MODEL ANSWER
3 HIDS is looking for certain NIDSs look for certain

activities that typify hos- activities that typify hostile
tile actions or misuse, such actions or misuse, such as
as the following: the following:
 Logins at odd hours  Denial-of-service
 Login authentication attacks
failures  Port scans or sweeps
 Additions of new user  Malicious content in the
accounts data payload of a packet
 Modification or access or packets
of critical system files  Vulnerability scanning
 Trojans, viruses, or
worms
 Tunneling
 Brute-force attacks
4
5 It is host dependent It is host independent

6 It has low false positive rate It has high false positive
rate
7 It senses local attack. It senses network attack
8 It slow down the host that It slow down the network
have IDS client installed that have IDS client
installed
d) Define access control and explain authentication mechanism for 4M
access control.
Ans. Access Control – 2M for
Access is the ability of a subject to interest with an object. Access
Authentication deals with verifying the identity of a subject. It is control
ability to specify, control and limit the access to the host system or
application, which prevents unauthorized use to modify data or
Page 11 / 28
(Autonomous)

MODEL ANSWER
resources. Access control is to specify, control and limit the access to 2M for
the host system or application, which prevents unauthorized use to authenticati
access or modify data or resources. on
Authentication -
Authentication helps to establish proof of identities. The
Authentication process ensures that the origin of a message is correctly
identified. For example, suppose that user C sends a message over the
internet to user B. however, the trouble is that user C had posed as user
A when he sent a message to user B. how would user B know that the
message has come from user C, who posing as user A? This concept is
shown in fig. below. This type of attack is called as fabrication
Authentication is the process of determining identity of a user or other
entity. It is performed during log on process where user has to submit
His / her username and password.

There are three methods used in it.
1. Something you know - User knows user id and password.
2. Something you have - Valid user has lock and key.
3. Something about you - User‟s unique identity like fingerprints,
DNA etc.

a) Enlist substitution techniques & explain any one. 4M
Ans. Substitution Techniques:- In substitution technique letters of plain text 1M for list,
are replaced by the other letters or by numbers or by symbols. 2M for
Substitution techniques are as follows:- explanation
a) Caesar cipher 1M for
b) Modified version of Caesar cipher example
c) Mono-alphabetic cipher
d) Vigener„s cipher
Page 12 / 28
(Autonomous)

MODEL ANSWER
Caesar cipher:
It is proposed by Julius Caesar. In cryptography Caesar cipher also
known as Caesar cipher/code, shift cipher/code. It is one of the
simplest and most widely known encryption techniques. It is a type of
substitution technique in which each letter in the plain text is replaced
by a letter some fixed number of position
down the alphabet. For example, with a shift of 3, A would be replaced
by D, B would became E, and so on as shown in the table below.
Using this scheme, the plain text “SECRET” encrypts as Cipher text
“VHFUHW”. To allow someone to read the cipher text, you tell them
that the key is 3
For S:= (p+k)mod26
= (18 + 3) mod 26
= 21
=V
To allow someone to read the cipher text, you tell them that the key is3
Algorithm to break Caesar cipher:
1. Read each alphabet in the cipher text message, and search for it in
the second row of the table above.
2. When a match in found, replace that alphabet in the cipher text
message with the corresponding alphabet in the same column but the
first row of the table. (For example, if the alphabet cipher text is J,
replace it with G).
3. Repeat the process for all alphabets in the cipher text message.
b) Explain DMZ 4M
Ans. DMZ (Demilitarized Zone):- 1M for
 It is a computer host or small network inserted as a “neutral diagram
zone” in a company‟s private network and the outside public network. 2M for
It avoids outside users from getting direct access to a company‟s data explanation
server. A DMZ is an optional but more secure approach to a firewall. It 1M for
Page 13 / 28
(Autonomous)

MODEL ANSWER
can effectively acts as a proxy server. example

 The typical DMZ configuration has a separate computer or host
in network which receives requests from users within the private
network to access a web sites or public network. Then DMZ host
initiates sessions for such requests on the public network but it is not
able to initiate a session back into the private network. It can only
forward packets which have been requested by a host.
Advantage: The main benefit of a DMZ is to provide an internal

network with an additional security layer by restricting access to
sensitive data and servers. A DMZ enables website visitors to obtain
certain services while providing a buffer between them and the
organization's private network.
c) Differentiate between firewall & IDS 4M

Ans. S. N Firewall IDS 1M for
1 Firewall is hardware or An intrusion detection system each
software that stands (IDS) is a device or software correct
between a local network application that monitors a point
and the Internet and filters traffic for malicious activity or Any four
traffic that might be policy violations and sends points
harmful based on alert on detection.
predetermined rules.
2 Firewall does not inspect IDS inspects overall network
content of permitted traffic
traffic
Page 14 / 28
(Autonomous)

MODEL ANSWER
3 A firewall can block an An IDS can only report an

unauthorized access to intrusion .It cannot block it.
network
4 Firewalls Block traffic IDS gives Alerts/alarms on
based on rules the detection of anomaly
5 It filters traffic based on It detects real time traffic and
IP address and port looks for traffic patterns or
numbers signatures of attack and them
generates alerts
d) Explain Email security in SMTP. 4M
Ans. Email Security Email is emerging as one of the most valuable services 1M for
on the internet today. Most of the internet systems use SMTP as a diagram
method to transfer mail from one user to another. SMTP is a push 3M for
protocol and is used to send the mail whereas POP (post office explanation
protocol) or IMAP (internet message access protocol) are used to
retrieve those mails at the receiver„s side.
1. SMTP (simple mail transfer protocol)
2. PEM (Privacy Enhance Mail)
3. PGP (Pretty Good Privacy)
SMTP (Simple Mail Transfer Protocol)
Simple Mail Transfer Protocol, a protocol for sending email messages
between servers. Most e-mail systems that send mail over the Internet
use SMTP to send messages from one server to another; the messages
can then be retrieved with an e-mail client using either POP or IMAP.
In addition, SMTP is generally used to send messages from a mail
client to a mail server. This is why you need to specify both the POP or
IMAP server and the SMTP server when you configure your e-mail
application. SMTP usually is implemented to operate over Internet port
25. An alternative to SMTP that is widely used in Europe is X.400.
Many mail servers now support Extended Simple Mail Transfer
Protocol (ESMTP), which allows multimedia files to be delivered as e-
mail.
Page 15 / 28
(Autonomous)

MODEL ANSWER
The basic phases of an email communication consists of the following

steps :-
1. At sender„s end an SMTP server takes the message sent by uses
computer
2. The SMTP server at the sender„s end then transfer the message to
the SMTP server of the receiver.
3. The receiver„s computer then pulls the email message from the
SMTP server at the receiver„s end, using the other mail protocol such
as Post Office Protocol (POP) or IMAP (Internet mail access protocol )
e) Explain digital signature in Cryptography. 4M

Ans. Digital Signature: 1Mfor
1. Digital signature is a strong method of authentication in an diagram
electronic form. 3M for
2. It includes message authentication code (MAC), hash value of a explanation
message and digital pen pad devices. It also includes cryptographically
based signature protocols.
3. Digital Signature is used for authentication of the message and the
sender to verify the integrity of the message.
4. Digital Signature may be in the form of text, symbol, image or
audio.
5. In today‟s world of electronic transaction, digital signature plays a
major role in authentication. For example, one can fill his income tax
return online using his digital signature, which avoids the use of paper
and makes the process faster.
6. Asymmetric key encryption techniques and public key infrastructure
are used in digital signature.
7. Digital signature algorithms are divided into two parts-
a. Signing part: It allows the sender to create his digital signature.
b. Verification part: It is used by the receiver for verifying the
signature after receiving the message.
Generation and Verification of digital signatures:
Working:
1. Message digest is used to generate the signature. The message digest
(MD) is calculated from the plaintext or message.
2. The message digest is encrypted using user‟s private key.
3. Then, the sender sends this encrypted message digest with the
plaintext or message to the receiver.
Page 16 / 28
(Autonomous)

MODEL ANSWER
4. The receiver calculates the message digest from the plain text or
message he received.
5. Receiver decrypts the encrypted message digest using the sender‟s
public key. If both the MDs are not same then the plaintext or message
is modified after signing.
Advantages of Digital Signatures

 Speed: Businesses no longer have to wait for paper documents to
be sent by courier. Contracts are easily written, completed, and
signed by all concerned parties in a little amount of time no matter
how far the parties are geographically.
 Costs: Using postal or courier services for paper documents is
much more expensive compared to using digital signatures on
electronic documents.
 Security: The use of digital signatures and electronic documents
reduces risks of documents being intercepted, read, destroyed, or
altered while in transit.
 Authenticity: An electronic document signed with a digital
signature can stand up in court just as well as any other signed
paper document.
 Non-Repudiation: Signing an electronic document digitally
identifies you as the signatory and that cannot be later denied.
 Time-Stamp: By time-stamping your digital signatures, you will
clearly know when the document was signed
Page 17 / 28
(Autonomous)

MODEL ANSWER
5. a) Attempt any TWO of the following 12

Define Information. Explain the basic principle of information 6M
Ans. security.
Information is organized or classified data, which has some
meaningful values for the receiver. Information is the processed data
on which knowledge, decisions and actions are based.
For the decision to be meaningful, the processed data must qualify for 2M for
the following characteristics definition
 Timely − Information should be available when required. 1M for
 Accuracy − Information should be accurate. diagram
 Completeness − Information should be complete. 3M for
principles
Basic Principles of information security explanation
Fig CIA Triad of information security

1. Confidentiality: The goal of confidentiality is to ensure that only
those individuals who have the authority can view a piece of
information, the principle of confidentiality specifies that only
sender and intended recipients should be able to access the contents
of a message. Confidentiality gets compromised if an unauthorized
person is able to access the contents of a message.
2. Authentication helps to establish proof of identities. Authentication
process ensures that the origin of a message is correctly identified.
Authentication deals with the desire to ensure that an individual is
who they claim to be.
3. Integrity: Integrity is a related concept but deals with the generation
and modification of data. Only authorized individuals should ever be
able to create or change (or delete) information. When the contents
of the message are changed after the sender sends it, but before it
reaches the intended recipient, we say that the integrity of the
message is lost.
Page 18 / 28
(Autonomous)

MODEL ANSWER
b) Define & explain. 6M

i) Circuit Gateway
ii) Honey Pots
iii) Application Gateway
Ans. i) Circuit level gateway does not permit an end-to-end TCP 2M for
connection; rather, the gateway sets up two TCP connections, one each
between itself and a TCP user on an inner host and one between itself definition
and a TCP user on an outer host. Once the two connections are and
established, the gateway typically relays TCP segments from one explanation
connection to the other without examining the contents. The security
function consists of determining which connections will be allowed. A
typical use of Circuit level gateways is a situation in which the system
administrator trusts the internal users. The gateway can be configured
to support application level or proxy service on inbound connections
and circuit level functions for outbound connections.
ii) Honey Pots
A relatively recent innovation in intrusion detection technology is the

honey pot. Honey pots are decoy systems that are designed to lure a
potential attacker away from critical systems. Honey pots are designed
to:
 divert an attacker from accessing critical systems
 collect information about the attacker's activity
It encourages the attacker to stay on the system long enough for
administrators to respond. These systems are filled with fabricated
information designed to appear valuable but that a legitimate user of
the system wouldn‟t access. Thus, any access to the honey pot is
suspect.
Page 19 / 28
(Autonomous)

MODEL ANSWER
iii) Application Gateway
An Application level gateway, also called a proxy server, acts as a

relay of application level traffic. The user contacts the gateway using a
TCP/IP application, such as Telnet or FTP, and the gateway asks the
user for the name of the remote host to be accessed. When the user
responds and provides a valid user ID and authentication information,
the gateway contacts the application on the remote host and relays TCP
segments containing the application data between the two endpoints.
Application level gateways tend to be more secure than packet filters.
It is easy to log and audit all incoming traffic at the application level. A
prime disadvantage is the additional processing overhead on each
connection.
c) Explain the working of Kerberos 6M

Ans Kerberos is a network authentication protocol. It is designed to provide 6M for
strong authentication for client/server applications by using secret-key relevant
cryptography. steps
Page 20 / 28
(Autonomous)

MODEL ANSWER
The entire process takes a total of eight steps, as shown below.

1. The authentication service, or AS, receivers the request by the client
and verifies that the Client is indeed the computer it claims to be. This
is usually just a simple database lookup of the user‟s ID.
2. Upon verification, a timestamp is crated. This puts the current time

in a user session, along with an expiration date. The default expiration
date of a timestamp is 8 hours. The encryption key is then created. The
timestamp ensures that when 8 hours is up, the encryption key is
useless. (This is used to make sure a hacker doesn‟t intercept the data,
and try to crack the key. Almost all keys are able to be cracked, but it
will take a lot longer than 8 hours to do so).
3. The key is sent back to the client in the form of a ticket-granting

ticket, or TGT. This is a simple ticket that is issued by the
authentication service. It is used for authentication the client for future
reference.
4. The client submits the ticket-granting ticket to the ticket-granting

server, or TGS, to get authenticated.
Page 21 / 28
(Autonomous)

MODEL ANSWER
5. The TGS creates an encrypted key with a timestamp, and grants the
client a service ticket.
6. The client decrypts the ticket, tells the TGS it has done so, and then
sends its own encrypted key to the service server.
7. The service server decrypts the key, and makes sure the timestamp is
still valid. If it is, the
service contacts the key distribution center to receive a session that is
returned to the client.
8. The client decrypts the ticket. If the keys are still valid,
communication is initiated between client and server.
Page 22 / 28
(Autonomous)

MODEL ANSWER
6. Attempt any TWO of the following: 12

a) Explain DOS with neat diagram. 6M
Ans. Denial Of Service Attack: Denial of service (DOS) attack scan exploits 2M for
a known vulnerability in a specific application or operating system, or diagram
they may attack features (or weaknesses) in specific protocols or 4M for
services. In this form of attack, the attacker is attempting to deny explanation
authorized users access either to specific information or to the
computer system or network itself. The purpose of such an attack can
be simply to prevent access to the target system, or the attack can be
used in conjunction with other actions in order to gain unauthorized
access to a computer or network. SYN flooding is an example of a
DOS attack that takes advantage of the way TCP/IP networks were
designed to function, and it can be used to illustrate the basic principles
of any DOS attack. SYN flooding utilizes the TCP three-way
handshake that is used to establish a connection between two systems.
In a SYN flooding attack, the attacker sends fake communication
requests to the targeted system. Each of these requests will be
answered by the target system, which then waits for the third part of
the handshake. Since the requests are fake the target will wait for
responses that will never come, as shown in Figure.
The target system will drop these connections after a specific time-out
period, but if the attacker sends requests faster than the time-out period
eliminates them, the system will quickly be filled with requests. The
number of connections a system can support is finite, so when more
requests come in than can be processed, the system will soon be
reserving all its connections for fake requests. At this point, any further
requests are simply dropped (ignored), and legitimate users who want
to connect to the target system will not be able to. Use of the system
has thus been denied to them.
Page 23 / 28
(Autonomous)

MODEL ANSWER
b) Explain Public Key Infrastructure with example. 6M

Ans. A public key infrastructure (PKI) is a set of roles, policies, 3M
hardware, software and procedures needed to create, manage, Explanatio
distribute, use, store and revoke digital certificates and manage public- n
key encryption. The purpose of a PKI is to facilitate the secure 1M
electronic transfer of information for a range of network activities such diagram
as e-commerce, internet banking and confidential email. 2M for
PKI is the governing body behind issuing digital certificates. It helps to example
protect confidential data and gives unique identities to users and
systems. Thus, it ensures security in communications.
The public key infrastructure uses a pair of keys: the public key and the
private key to achieve security. The public keys are prone to attacks
and thus an intact infrastructure is needed to maintain them.
PKI identifies a public key along with its purpose. It usually consists of
the following components:
 A digital certificate also called a public key certificate

 Private Key tokens
 Registration authority
 Certification authority
 CMS or Certification management system
Working on a PKI:
PKI and Encryption: The root of PKI involves the use of
cryptography and encryption techniques. Both symmetric and
asymmetric encryption uses a public key. There is always a risk of
MITM (Man in the middle). This issue is resolved by a PKI using
digital certificates. It gives identities to keys in order to make the
verification of owners easy and accurate.
Public Key Certificate or Digital Certificate: Digital certificates are
issued to people and electronic systems to uniquely identify them in the
digital world.
 The Certification Authority (CA) stores the public key of a user
along with other information about the client in the digital
certificate. The information is signed and a digital signature is also
included in the certificate.
 The affirmation for the public key then thus be retrieved by
validating the signature using the public key of the Certification
Authority.
Page 24 / 28
(Autonomous)

MODEL ANSWER
Certifying Authorities: A CA issues and verifies certificates. This

authority makes sure that the information in a certificate is real and
correct and it also digitally signs the certificate. A CA or Certifying
Authority performs these basic roles:
 Generates the key pairs – This key pair generated by the CA can be
either independent or in collaboration with the client.
 Issuing of the digital certificates – When the client successfully
provides the right details about his identity, the CA issues a
certificate to the client. Then CA further signs this certificate
digitally so that no changes can be made to the information.
 Publishing of certificates – The CA publishes the certificates so
that the users can find them. They can do this by either publishing
them in an electronic telephone directory or by sending them out to
other people.
 Verification of certificate – CA gives a public key that helps in
verifying if the access attempt is authorized or not.
 Revocation – In case of suspicious behavior of a client or loss of
trust in them, the CA has the power to revoke the digital
certificate.
The most popular usage example of PKI (Public Key Infrastructure) is

the HTTPS (Hypertext Transfer Protocol Secure) protocol. HTTPS is a
combination of the HTTP (Hypertext Transfer Protocol) and SSL/TLS
(Secure Sockets Layer/Transport Layer Security) protocols to provide
encrypted communication and secure identification of a Web server.
In HTTPS, the Web server's PKI certificate is used by the browser for
two purposes:
Page 25 / 28
(Autonomous)

MODEL ANSWER
 Validate the identity of the Web server by verify the CA's digital
signature in the certificate.
 Encrypt a secret key to be securely delivered to the Web server. The
secret key will be used to encrypt actual data to be exchanged between
the browser and the Web server.
Other examples of PKI (Public Key Infrastructure) are:
 Digital signature - The sender of a digital message uses his/her private

key to generate a digital signature attached to the message. The
receiver uses the sender's certificate to verify the digital signature to
ensure the message was sent by the claimed sender.
 Encryption of documents - The sender of a digital message uses the
receiver's certificate to encrypt the message to protect the
confidentiality of the message. Only the receiver who can use his/her
private key decrypt the message.
 Digital identification - User's certificate is stored in a smart card to be
used to verify card holder's identities.
 (CONSIDER ANY ONE EXAMPLE)
c) Explain Policies, configuration & limitations of firewall. 6M

Ans. Policies of firewall:
a) All traffic from inside to outside and vice versa must pass through the 1M for
firewall. To achieve this all access to local network must first be policies
physically blocked and access only via the firewall should be 1M for
permitted. As per local security policy traffic should be permitted. listing
b) The firewall itself must be strong enough so as to render attacks on it configurati
useless. on
2M for
Configuration of firewall configurati
There are 3 common firewall configurations. on, any one
1. Screened host firewall, single-homed bastion configuration can be
2. Screened host firewall, dual homed bastion configuration explained
3. Screened subnet firewall configuration 2M for
limitation,
1. Screened host firewall, single-homed bastion configuration any two
points
In this type of configuration a firewall consists of following parts
i)A packet filtering router
(ii)An application gateway.
Page 26 / 28
(Autonomous)

MODEL ANSWER
The main purpose of this type is as follows:Packet filter is used to

ensure that incoming data is allowed only if it is destined for
application gateway, by verifying the destination address field of
incoming IP packet. It also performs the same task on outing data by
checking the source address field of outgoing IP packet.
Application gateway is used to perform authentication and proxy
function. Here Internal users are connected to both application gateway
as well as to packet filters therefore if packet filter is successfully
attacked then the whole Internal Network is opened to the attacker
Fig single homed bastion configuration
2. Screened host firewall, dual homed bastion configuration

To overcome the disadvantage of a screened host firewall, single
homed bastion configuration, another configuration is available known
as screened host firewall, Dual homed bastion. n this, direct
connections between internal hosts and packet filter are avoided. As it
provide connection between packet filter and application gateway,
which has separate connection with the internal hosts. Now if the
packet filter is successfully attacked. Only application gateway is
visible to attacker. It will provide security to internal hosts.
Fig dual homed bastion configuration
Page 27 / 28
(Autonomous)

MODEL ANSWER
3. Screened subnet firewall configuration

It provides the highest security among all firewall configurations. It is
improved version over all the available scheme of firewall
configuration. It uses two packet filters, one between the internet and
application gateway and another between the application gateway and
the internal network. Thus this configuration achieves 3 levels of
security for an attacker to break into.
Fig Screened subnet firewall configuration
Limitations: (one mark)

1. Firewall do not protect against inside threats.
2. Packet filter firewall does not provide any content based filtering.
3. Protocol tunneling, i.e. sending data from one protocol to another
protocol which negates the purpose of firewall.
4. Encrypted traffic cannot be examine and filter.
Page 28 / 28
(Autonomous)
WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
1) The answers should be examined by key words and not as word-to-word as given in the
model answer scheme.
2) The model answer and the answer written by candidate may vary but the examiner may
try to assess the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more
Importance (Not applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in
the figure. The figures drawn by candidate and model answer may vary. The examiner
may give credit for anyequivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed
constant values may vary and there may be some difference in the candidate’s answers
and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of
relevant answer based on candidate’s understanding.
7) For programming language papers, credit may be given to any other program based on
equivalent concept.
8) As per the policy decision of Maharashtra State Government, teaching in English/Marathi
and Bilingual (English + Marathi) medium is introduced at first year of AICTE diploma
Programme from academic year 2021-2022. Hence if the students in first year (first and
second semesters) write answers in Marathi or bilingual language (English +Marathi), the
Examiner shall consider the same and assess the answer based on matching of concepts
with model answer.
Q. Sub Answer Marking

No Q.N. Scheme
1. Attempt any FIVE of the following: 10
a) Define computer security and state it’s need 2M
Ans. Definition
Computer Security refers to techniques for ensuring that data stored 1M
in a computer cannot be read or compromised by any individuals
without authorization.
Need of computer Security:

1. For prevention of data theft such as bank account numbers, credit Any one
need 1M
card information, passwords, work related documents or sheets, etc.
2. To make data remain safe and confidential.
3. To provide confidentiality which ensures that only those
individuals should ever be able to view data they are not entitled to.
Page 1 / 27
(Autonomous)

MODEL ANSWER
4. To provide integrity which ensures that only authorized individuals

should ever be able change or modify information.
5. To provide availability which ensure that the data or system itself
is available for use when authorized user wants it.
6. To provide authentication which deals with the desire to ensure
that an authorized individual.
OR
The need of computer security has been threefold: confidentiality,
integrity, and authentication—the “CIA” of security.
1. Confidentiality: the principle of confidentiality specifies that
only sender and intended recipients should be able to access the
contents of a message. Confidentiality gets compromised if an
unauthorized person is able to access the contents of a message.
2. Integrity: when the contents of the message are changed after the
sender sends it, but before it reaches the intended recipient, we
say that the integrity of the message is lost.
3. Authentication: Authentication helps to establish proof of
identities. The Authentication process ensures that the origin of a
message is correctly identified.
b) Explain shoulder surfing attack. 2M

Ans. Shoulder surfing a similar procedure in which attackers position
themselves in such a way as to- be-able to observe the authorized user Relevant
explanation
entering the correct access code. 2M
Shoulder surfing is an effective way to get information in crowded
places because it's relatively easy to stand next to someone and watch
as they fill out a form, enter a PIN number at an ATM machine, or
use a calling card at a public pay phone. Shoulder surfing can also be
done long distance with the aid of binoculars or other vision-
enhancing devices.
Shoulder surfing is using direct observation techniques, such as
looking over someone's shoulder, to get information.
Page 2 / 27
(Autonomous)

MODEL ANSWER
c) Explain the term cryptography. 2M

Ans. Cryptography: Cryptography is the art and science of achieving Correct
explanation
security by encoding messages to make them non-readable. 1M
Diagram
1M
d) State the meaning of hacking. 2M

Ans. Hacking in simple terms means an illegal intrusion into a computer Correct
system and/or network. Government websites are the hot target of the explanation
2M
hackers due to the press coverage, it receives. Hackers enjoy the
media coverage.
OR
Hacking is the act of identifying and then exploiting weaknesses in a
computer system or network, usually to gain unauthorized access to
personal or organizational data. Hacking is not always a malicious
activity, but the term has mostly negative connotations due to its
association with cybercrime.
e) Describe sniffing attack. 2M
Ans. This is software or hardware that is used to observe traffic as it passes Correct
explanation
through a network on shared broadcast media. It can be used to view 2M
all traffic or target specific protocol, service, or string of characters
like logins. Some network sniffers are not just designed to observe
the all traffic but also modify the traffic. Network administrators use
sniffers for monitoring traffic. They can also use for network
bandwidth analysis and to troubleshoot certain problems such as
duplicate MAC addresses.
f) Explain need for firewall. 2M
Ans.  A firewall is a network security device that monitors incoming Any two
needs 2M
and outgoing network traffic and permits or blocks data packets
based on a set of security rules.
 Its purpose is to establish a barrier between your internal network
and incoming traffic from external sources (such as the internet)
in order to block malicious traffic like viruses and hackers.
 Firewalls can be an effective means of protecting a local system
or network of systems from network-based security threats while
at the same time affording access to the outside world via wide
area networks and the Internet.
Page 3 / 27
(Autonomous)

MODEL ANSWER
g) Explain use of PCI DSS 2M

Ans. The Payment Card Industry Data Security Standard (PCI DSS) is a Correct
set of security standards designed to ensure that all companies that explanation
2M
accept process, store or transmit credit card information maintain a
secure environment.PCI DSS is the global data security standard that
any business of any size must adhere to in order to accept payment
cards, and to store, process, and/or transmit cardholder data. It
presents common sense steps that mirror best security practices.
a) Define Risk. Describe qualitative and quantitative risk analysis. 4M
Ans. Risk: A computer security risk is any event or action that could cause Definition
1M
a loss or damage to computer hardware, software, data, or
information OR Risk is probability of threats that may occur because Explanation
of presence of vulnerability in a system. of
qualitative
Quantitative Risk Analysis: A Process of assigning a numeric value and
quantitative
to the probability of loss based on known risks, on financial values of risk analysis
the assets and on probability of threats. It is used to determine 3M
potential direct and indirect costs to the company based on values
assigned to company assets and their exposure to risk. Assets can be
rated as the cost of replacing an asset, the cost of lost productivity, or
the cost of diminished brand reputation. In this 100% quantitative risk
analysis is not possible.
Qualitative Risk Analysis: A collaborative process of assigning

relative values to assets, assessing their risk exposure and estimating
the cost of controlling the risk. It utilizes relative measures and
approximate costs rather than precise valuation and cost
determination. Assets can be rated based on criticality - very
important, important, not-important etc. Vulnerabilities can be rated
based on how it is fixed - fixed soon, should be fixed, fix if suitable
etc. Threats can be rated based on scale of likely - likely, unlikely,
very likely etc. In this 100% qualitative risk analysis is feasible.
b) Explain working of biometric access control with any type of 4M
example. Diagram
Ans. Biometric refers study of methods for uniquely recognizing humans 1M
based upon one or more intrinsic physical or behavioral Explanation
characteristics. Biometric identification is used on the basis of some 3M
unique physical attribute of the user that positively identifies the user.
Page 4 / 27
(Autonomous)

MODEL ANSWER
Example: finger print recognition, retina and face scan technique,
voice synthesis and recognition and so on. Different types of
Biometrics
1. Finger print recognition
2. Hand print recognition
3. Retina/iris scan technique
4. Face recognition
5. Voice patterns recognition
6. Signature and writing patterns recognition
7. Keystroke dynamics
Fig. block diagram of biometric system

Finger print recognition
Above figure shows the block diagram of biometric system.
Fingerprint registration & verification process
1. During registration, first time an individual uses a biometric
system is called an enrollment.
2. During the enrollment, biometric information from an individual is
stored.
3. In the verification process, biometric information is detected and
compared with the information stored at the time of enrolment.
4. The first block (sensor) is the interface between the real world and
the system; it has to acquire all the necessary data.
5. The 2nd block performs all the necessary pre-processing
6. The third block extracts necessary features. This step is an
important step as the correct features need to be extracted in the
optimal way.
7. If enrollment is being performed the template is simply stored
somewhere (on a card or within a database or both).
8. If a matching phase is being performed the obtained template is
Page 5 / 27
(Autonomous)

MODEL ANSWER
passed to a matcher that compares it with other existing templates,
estimating the distance between them using any algorithm.
9. The matching program will analyze the template with the input.
This will then be output for any specified use or purpose.
Limitations:-
1) Using the fingerprint scanner does not take into consideration
when a person physically changes
2) The cost of computer hardware and software programs can be
expensive
3) Using the fingerprint scanner can lead to false rejections and false
acceptance.
4) It can make mistakes with the dryness or dirty of the finger„s skin,
as well as with the age (is not appropriate with children, because the
size of their fingerprint changes quickly.
c) Explain Caesar’s cipher substitute technique with suitable 4M
example.
Ans. Caesar cipher technique is proposed by Julius Caesar. It is one of the Explanation
simplest and most widely known encryption techniques. It is a type of 2M
substitution technique in which each letter in the plain text is replaced Example
by a letter some fixed number of position down the alphabet. The 2M
Caesar cipher involves replacing each letter of the alphabet with the
letter three places further down the alphabet. For example, with a
shift of 3, A would be replaced by D, B would became E, and so on
as shown in the table below
Example
PLAIN TEXT - COMPUTER ENGINEERING
Convert each alphabet in the plain text, using the table, the cipher text
can be written as
CIPHER TEXT – FRPSXWHU HQJLQHHULQJ
Algorithm to break Caesar cipher:
Page 6 / 27
(Autonomous)

MODEL ANSWER
1. Read each alphabet in the cipher text message, and search for it in
the second row of the table above.
2. When a match in found, replace that alphabet in the cipher text
message with the corresponding alphabet in the same column but the
first row of the table. (For example, if the alphabet cipher text is J,
replace it with G).
3. Repeat the process for all alphabets in the cipher text message.
d) Describe DES algorithm with suitable example. 4M
Ans. Data Encryption Standard is symmetric block cipher which takes
input of 64-bit plain text along with 64-bit key and process it, to Diagram
1M
generate the 64-bit cipher text.
The diagram below illustrates the working of DES. Explanation
in short 3M
DES Encryption:-
Step 1: In the first step the 64-bit plain text undergoes initial
permutation which rearranges the bits to produce two 32-bit permuted
block which is called left plain text (LPT 32-bit) and right plain text
(RPT 32-bit).
Step 2: Now, 16 rounds of DES encryption will be performed on this
LPT and RPT with a 56-bit key.
Step 3: After the 16th round the 32-bit LPT and 32-bit RPT are
integrated which forms a 64-bit block again and then the final
permutation is applied to this 64-bit block, to obtain the 64-bit cipher
text.
Rounds in Data Encryption Standard
Each round of DES performs the same function. So, below are the
steps of the function performed in each round of DES algorithm:
Page 7 / 27
(Autonomous)

MODEL ANSWER
1. Key Transformation: -In DES initial key size is 64-bit which is

reduced to the 56-bit key. This is done by discarding every 8th bit
from the 64-bit key. So, for each round of DES, this 56-bit key is
used. In the key transformation step, this 56-bit is transformed to the
48-bit key.
2. Expansion Permutation: -In the first step of encryption, during

the initial permutation of DES, the 64-bit plain text is permuted and
we have 32-bit LPT and 32-bit RPT. Now, the expansion permutation
is performed on the 32-bit RPT which transforms it from 32-bit to 48-
bit. The 32-bit LPT is untouched during the process.
3. S-box Substitution:-The input to S-box is 48-bit resultant block of

expansion permutation. In S-box substitution, the input 48-bit block
is transformed to 32-bit block
4. P-box Permutation:- The 32-bit output obtained from s-box

substitution is provided as an input to P-box. Here, the 32-bit input is
simply permuted and send to the next step.
5. XOR and Swap:-In this step, the 32-bit LPT of the initial 64-bit
plain text is XOR with the output of P-box permutation. The result of
the XOR is the new RPT for next round and the old RPT is swapped
with LPT.
DES Decryption:-
The same Data Encryption Standard algorithm used for encrypting
the plain text is also used to decrypting the cipher text. But the
algorithm is reversed, such as the initial and final permutation events
are reversed. Even the sequence of the sub keys applied in 16 rounds
of DES is also reversed.
a) Explain the term Authorization and Authentication with respect 4M
to security. Explanation
Ans. Authorization: It is a process of verifying that the known person has of each term
2M
the authority to perform certain operation. It cannot occur without
authentication. It is nothing but granting permissions and rights to
individual so that he can use these rights to access computer resources
or information.
Page 8 / 27
(Autonomous)

MODEL ANSWER
Authentication. Authentication is the process of determining identity
of a user or other entity. It is performed during log on process where
user has to submit his/her username and password. There are three
methods used in it. 1. Something you know User knows user id and
password. 2. Something you have Valid user has lock and key. 3.
Something about you User‟s unique identity like fingerprints, DNA
etc.
b) Write an algorithm for simple columnar transposition technique 4M
and explain with example.
Ans. Simple columnar transposition technique: Algorithm
1M
Algorithm:
1. The message is written out in rows of a fixed length. Any
2. Read out again column by column according to given order or in relevant
example 3M
random order.
3. According to order write cipher text.
Example
The key for the columnar transposition cipher is a keyword e.g.,
ORANGE. The row length that is used is the same as the length of
the keyword.
To encrypt a below plaintext: COMPUTER PROGRAMMING
In the above example, the plaintext has been padded so that it neatly
fits in a rectangle. This is known as a regular columnar transposition.
An irregular columnar transposition leaves these characters blank,
though this makes decryption slightly more difficult. The columns are
now reordered such that the letters in the key word are ordered
alphabetically.
Page 9 / 27
(Autonomous)

MODEL ANSWER
The Encrypted text or Cipher text is:

MPMETGNMUOIXPRXCERGORAL
c) Describe DMZ with suitable example. 4M
Ans. DMZ (Demilitarized Zone): It is a computer host or small network Description
2M
inserted as a “neutral zone” in a company‟s private network and the
outside public network. It avoids outside users from getting direct Diagram
access to a company‟s data server. A DMZ is an optional but more 1M
secure approach to a firewall. It can effectively acts as a proxy server. Any one
The typical DMZ configuration has a separate computer or host in Example
network which receives requests from users within the private 1M

forward packets which have been requested by a host. The public
network‟s users who are outside the company can access only the
DMZ host. It can store the company‟s web pages which can be served
to the outside users. Hence, the DMZ can‟t give access to the other
company‟s data. By any way, if an outsider penetrates the DMZ‟s
security the web pages may get corrupted but other company‟s
information can be safe.
Page 10 / 27
(Autonomous)

MODEL ANSWER
Examples:
1) Web servers
It‟s possible for web servers communicating with internal database
servers to be deployed in a DMZ. This makes internal databases more
secure, as these are the repositories responsible for storing sensitive
information. Web servers can connect with the internal database
server directly or through application firewalls, even though the DMZ
continues to provide protection.
2) DNS servers
A DNS server stores a database of public IP addresses and their
associated hostnames. It usually resolves or converts those names to
IP addresses when applicable. DNS servers use specialized software
and communicate with one another using dedicated protocols. Placing
a DNS server within the DMZ prevents external DNS requests from
gaining access to the internal network. Installing a second DNS
server on the internal network can also serve as additional security.
3)Proxy servers
A proxy server is often paired with a firewall. Other computers use it
to view Web pages. When another computer requests a Web page, the
proxy server retrieves it and delivers it to the appropriate requesting
Page 11 / 27
(Autonomous)

MODEL ANSWER
machine. Proxy servers establish connections on behalf of clients,

shielding them from direct communication with a server. They also
isolate internal networks from external networks and save bandwidth
by caching web content.
d) Write short note on DAC and MAC 4M

Ans. Discretionary Access control (DAC): Explanation
of each term
Restricting access to objects based on the identity of subjects and or 2M
groups to which they belong to, it is conditional, basically used by
military to control access on system. UNIX based System is common
method to permit user for read/write and execute
Mandatory Access control (MAC):

It is used in environments where different levels of security are
classified. It is much more restrictive. It is sensitivity-based
restriction, formal authorization subject to sensitivity. In MAC the
owner or User cannot determine whether access is granted to or not.
i.e. Operating system rights. Security mechanism controls access to
all objects and individual cannot change that access.
a) Write a short note on stegnography. 4M
Ans. Steganography is the art and science of writing hidden message in
such a way that no one, apart from the sender and intended recipient, Explanation
of technique
suspects the existence of the message. 2M
Steganography works by replacing bits of useless or unused data in Any
regular computer files (such as graphics, sound, text, html or even relevant
floppy disks) with bits of different, invisible information. diagram 2M
This hidden information can be plain text, cipher text or even images. OR
In modern steganography, data is first encrypted by the usual means Advantage
and then inserted, using a special algorithm, into redundant data that 1M
is part of a particular file format such as a JPEG image. Disadvantag
e 1M
Page 12 / 27
(Autonomous)

MODEL ANSWER
Steganography process:
Cover-media + Hidden data + Stego-key = Stego-medium
Cover media is the file in which we will hide the hidden data, which
may also be encrypted using stego-key. The resultant file is stego-
medium. Cover-media can be image or audio file.
Advantages:
1. With the help of steganography we can hide secret message within
graphics image.
2. In modern Steganography, data is encrypted first and then inserted
using special algorithm so that no one suspects its existence.
Drawbacks:
1. It requires lot of overhead to hide a relatively few bits of
information.
2. Once the system is discovered, it becomes virtually worthless.
b) Explain honey pots. 4M
Ans. Honeypots are designed to purposely engage and deceive hackers and
identify malicious activities performed over the Internet. The Explanation
2M
honeypots are designed to do the following:
Any
1. Divert the attention of potential attacker. relevant
diagram 2M
2. Collect information about the intruder‟s action.
3. Provide encouragement to the attacker so as to stay for some time,
allowing the administrations to detect this and swiftly act on this.
Page 13 / 27
(Autonomous)

MODEL ANSWER
Honeypots are designed for 2 important goals

1. Make them look-like full real-life systems.
2. Do not allow legitimate users to know about or access them.
c) Explain Host based IDS. 4M

Ans. (Host Intrusion Detection System (HIDS) Explanation
Host intrusion detection systems (HIDS) run on independent hosts or 2M
Relevant
devices on the network. A HIDS monitors the incoming and outgoing diagram 2M
packets from the device only and will alert the administrator if
suspicious or malicious activity is detected. It takes a snapshot of
existing system files and compares it with the previous snapshot. If
the analytical system files were edited or deleted, an alert is sent to
the administrator to investigate. Anexample of HIDS usage can be
seen on mission critical machines, which are not expected to change
their layout.
Basic Components HIDS:

 Traffic collector:
This component collects activity or events from the IDS to examine.
On Host-based IDS, this can be log files, audit logs, or traffic coming
to or leaving a specific system
Page 14 / 27
(Autonomous)

MODEL ANSWER
 Analysis Engine:
This component examines the collected network traffic & compares it
to known patterns of suspicious or malicious activity stored in the
signature database. The analysis engine acts like a brain of the IDS.
 Signature database:
It is a collection of patterns & definitions of known suspicious or
malicious activity.
 User Interface & Reporting:
This is the component that interfaces with the human element,
providing alerts & giving the user a means to interact with & operate
the IDS.
d) Describe working principle of SMTP. 4M
Ans. 1. Composition of Mail: A user sends an e-mail by composing an Working
principle
electronic mail message using a Mail User Agent (MUA). Mail User explanation
Agent is a program which is used to send and receive mail. The 2M
message contains two parts: body and header. The body is the main
part of the message while the header includes information such as the Suitable
sender and recipient address. The header also includes descriptive diagram 2M
information such as the subject of the message. In this case, the
message body is like a letter and header is like an envelope that
contains the recipient's address.
2. Submission of Mail: After composing an email, the mail client

then submits the completed e-mail to the SMTP server by using
SMTP on TCP port 25.
3. Delivery of Mail: E-mail addresses contain two parts: username of

the recipient and domain name. For example, [email protected],
where "vivek" is the username of the recipient and "gmail.com" is the
domain name.
If the domain name of the recipient's email address is different from
the sender's domain name, then MSA will send the mail to the Mail
Transfer Agent (MTA). To relay the email, the MTA will find the
target domain. It checks the MX record from Domain Name System
to obtain the target domain. The MX record contains the domain
name and IP address of the recipient's domain. Once the record is
located, MTA connects to the exchange server to relay the message.
Page 15 / 27
(Autonomous)

MODEL ANSWER
4. Receipt and Processing of Mail: Once the incoming message is
received, the exchange server delivers it to the incoming server (Mail
Delivery Agent) which stores the e-mail where it waits for the user to
retrieve it.
5. Access and Retrieval of Mail: The stored email in MDA can be

retrieved by using MUA (Mail User Agent). MUA can be accessed
by using login and password.
e) Explain creation and verification of digital signature. 4M

Ans. Working of digital signature Generation and Verification: Working
2M
1. Key Generation: Digital signature are electronic signatures, which
assures that the message was sent by a particular sender. While Relevant
diagram 2M
performing digital transactions authenticity and integrity should be
assured, otherwise the data can be altered or someone can also act as
if he was the sender and expect a reply.
2. Signature Verification: Verifier receives Digital Signature along

with the data. It then uses Verification algorithm to process on the
digital signature and the public key (verification key) and generates
some value. It also applies the same hash function on the received
data and generates a hash value. Then the hash value and the output
of the verification algorithm are compared. If they both are equal,
then the digital signature is valid else it is invalid.
Page 16 / 27
(Autonomous)

MODEL ANSWER

a) Explain any three criteria for classification of information. 6M
Ans. i) Useful life Any three
criteria 2M
A data is labeled „more useful‟ when the information is available each
ready for making changes as and when required. Data might need to
be changed from time to time, and when the „change‟ access is
available, it is valuable data.
ii) Value of data
This is probably the most essential and standard criteria for
information classification. There is some confidential and valuable
information of every organization, the loss of which could lead to
great losses for the organization while creating organizational issues.
Therefore, this data needs to be duly classified and protected.
iii) Personal association
It is important to classify information or data associated with
particular individuals or addressed by privacy law.
iv) Age
The value of information often declines with time. Therefore, if the
given data or information comes under such a category, the data
classification gets lowered.
Page 17 / 27
(Autonomous)

MODEL ANSWER
b) List types of firewall and explain any one of them. 6M

Ans. (Note: Firewalls available in market can also be considered)
List four
List of firewall: types 2M
1. Packet filter as a firewall
2. Circuit level gateway firewall Diagram
3. Application level gateway firewall with
4. Proxy server as a firewall explanation
of any one
5. Stateful multilayer Inspection Firewall 4M
.
1. Packet filter as a firewall : As per the diagram given below
Firewall will act according to the table given for example source IP
150.150.0.0 is the IP address of a network , all the packets which are
coming from this network will be blocked by the firewall in this way
it is acting as a firewall. Table also having port 80, IP Address
200.75.10.8 & port 23 firewall will act in the similar fashion. Port 23
is for Telnet remote login in this case firewall won‟t allow to login
onto this server. IP Address 200.75.10.8 is the IP address of
individual Host, all the packet having this IP address as a destination
Address will be denied. Port 80 no HTTP request allowed by firewall
2. Circuit level gateway Firewalls: The circuit level gateway

firewalls work at the session layer of the OSI model. They monitor
TCP handshaking between the packets to determine if a requested
session is legitimate. And the information passed through a circuit
level gateway, to the internet, appears to have come from the circuit
level gateway. So, there is no way for a remote computer or a host to
determine the internal private ip addresses of an organization, for
example. This technique is also called Network Address Translation
where the private IP addresses originating from the different clients
inside the network are all mapped to the public IP address available
Page 18 / 27
(Autonomous)

MODEL ANSWER
through the internet service provider and then sent to the outside
world (Internet). This way, the packets are tagged with only the
Public IP address (Firewall level) and the internal private IP
addresses are not exposed to potential intruders
3. Application level gateway Firewalls: Application level firewalls

decide whether to drop a packet or send them through based on the
application information (available in the packet). They do this by
setting up various proxies on a single firewall for different
applications. Both the client and the server connect to these proxies
instead of connecting directly to each other. So, any suspicious data
or connections are dropped by these proxies. Application level
firewalls ensure protocol conformance. For example, attacks over http
that violates the protocol policies like sending Non-ASCII data in the
header fields or overly long string along with NonASCII characters in
the host field would be dropped because they have been tampered
with, by the intruders.
Page 19 / 27
(Autonomous)

MODEL ANSWER
4. Stateful multilayer Inspection Firewall (SMLI)

The stateful multi-layer inspection (SMLI) firewall uses a
sophisticated form of packet-filtering that examines all seven layers
of the Open System Interconnection (OSI) model. Each packet is
examined and compared against known states of friendly packets.
While screening router firewalls only examine the packet header,
SMLI firewalls examine the entire packet including the data. SMLI is
a mechanism that uses a sophisticated form of packet-filtering,
examining all major layers of the OSI model. In other words, this
type of filter examines packets on the network, transmission, and
application levels, comparing them to known trusted packets. SMLI
checks the entire packet and only allows it to pass through each layer
individually. Such firewalls inspect packets to assess the state of
communication in order to ensure that all facilitated communication
only takes place with trusted sources. To be more specific, an SMLI
firewall is not necessarily a single firewall implementation. Rather, it
is a series of firewalls that work in concert to secure traffic at
different levels of the OSI model. It may be a composition of a
stateless packet filter, a stateful firewall, as well as an application-
level proxy. SMLI.
Page 20 / 27
(Autonomous)

MODEL ANSWER
c) Explain IP sec security with help of diagram. 6M

Ans.
Diagram
2M
Explanation
4M
It encrypts and seal the transport and application layer data during
transmission. It also offers integrity protection for internet layer. It
sits between transport and internet layer of conventional TCP/IP
protocol 1. Secure remote internet access: Using IPsec make a local
call to our internet services provider (ISP) so as to connect to
organization network in a secure fashion from our house or hotel
from there; to access the corporate network facilities or access remote
desktop/servers. 2. Secure branch office connectivity: Rather than
subscribing to an expensive leased line for connecting its branches
across cities, an organization can setup an IPsec enabled network for
security. 3. Setup communication with other organization: Just as
IPsec allow connectivity between various branches of an
organization, it can also be used to connect the network of different
organization together in a secure & inexpensive fashion. Basic
Concept of IPsec Protocol: IP packet consist two position IP header &
actual data IPsec feature are implemented in the form of additional
headers called as extension header to the standard, default IP header.
IPsec offers two main services authentication & confidentially. Each
of these requires its own extension header. Therefore, to support these
two main services, IPsec defines two IP extension header one for
authentication & another for confidentiality.
Page 21 / 27
(Autonomous)

MODEL ANSWER
It consists of two main protocols

Authentication header (AH): Authentication header is an IP Packet
(AH) protocol provides authentication, integrity &an optional anti-
reply service. The IPsec AH is a header in an IP packet. The AH is
simply inserted between IP header & any subsequent packet contents
no changes are required to data contents of packet. Security resides
completing in content of AH.
Encapsulation Header (ESP): Used to provide confidentiality, data
origin authentication, data integrity. It is based on symmetric key
cryptography technique. ESP can be used in isolation or it can be
combined with AH.
Fig: AP and ESP

a) Define virus and describe the phases of virus. 6M
Ans. Definition: Virus is a program which attaches itself to another Definition
2M
program and causes damage to the computer system or the network. It
is loaded onto your computer without your knowledge and runs Phases 4M
against your wishes.
During the lifecycle of virus it goes through the following four
phases:
1. Dormant phase: The virus is idle and activated by some event.
2. Propagation phase: It places an identical copy of itself into other
programs or into certain system areas on the disk.
3. Triggering phase: The virus is activated to perform the function
for which it was intended.
4. Execution phase: The function of virus is performed
Page 22 / 27
(Autonomous)

MODEL ANSWER
b) Explain Kerberos with help of suitable diagram. 6M

Ans. Kerberos: Kerberos is a network authentication protocol. It is
designed to provide strong authentication for client/server Step by step
applications by using secret-key cryptography. It uses secret key explanation
with
cryptography. It is a solution to network security problems. It suitable
provides tools for authentication and strong cryptography over the diagram 6M
network to help you secure your information system There are 4
parties involved in Kerberos protocol
i) User
ii) Authentication service (AS)
iii) Ticket granting server (TGS)
iv) Service server
Working of Kerberos:
1. The authentication service, or AS, receivers the request by the
client and verifies that the client is indeed the computer it claims to
be. This is usually just a simple database lookup of the user‟s ID.
2. Upon verification, a timestamp is created. This puts the current

time in a user session, along with an expiration date. The default
expiration date of a timestamp is 8 hours. The encryption key is then
created. The timestamp ensures that when 8 hours is up, the
encryption key is useless.
authentication service. It is used for authentication the client for
future reference.
Page 23 / 27
(Autonomous)

MODEL ANSWER

sends its own encrypted key to the service.
Page 24 / 27
(Autonomous)

MODEL ANSWER
7. The service decrypts the key, and makes sure the timestamp is still
valid. If it is, the service contacts the key distribution center to
receive a session that is returned to the client.
c) Write a brief note on firewall configuration 6M
Ans. A firewall is combination of packet filter and application level Diagram
2M
getway , Base on these there are three types of configurations
Explanation
4M
1. Screened Host firewall, Single-Homed Bastion

a) Here , the firewall configuration consist of two parts a packet
filter router and application level gateway
b) A packet filter router will insure that the income traffic will
allowded only if it is intended for the application gatway, by
examining the dstination address field of each incomming IP
Packet
Page 25 / 27
(Autonomous)

MODEL ANSWER
c) It will also insure that outgoing traffic is allowded only if it is
originated from appliocation level gateway, by examining the
source address field of every outgoing IP packet.
d) An application level gateway perfors authentication as well as
proxy function
Fig: Single Homed Bastion

Advantages: It improve security of network by performing checks at
both levels- thet is packet and application level.
It provide flexibility fexibility to the network administrator to define
more secure policies.
Disadvantages : Internal users are connected to the application
gateway as well as packet filter router , So if any how packet filter is
attacked , then the whole internal network is exposed to the attacker.
1. Screened Host Firewall , Dule Homed Bastion: In this type of
Configuration the direct connection between internal host and packet
filter are avoided.
Here the packet filter connection only to the application gateway,
which is turned as separate connection with the internal host.
Hence, Packet filter is successfully attacked, and then only
application gateway is visible to the attacker.
Fig: Dule Homed Bastion
Page 26 / 27
(Autonomous)

MODEL ANSWER
3 Screened Subnet Firewall

This type of configuration offer highest security among the possible
configurations
In this type two packet filters are used , one between internet and
application gateway and other in between application gateway and
internal network
This configuration achieve 3 level of security of an attacker to break
into
Fig: Screened Subnet Firewall
Page 27 / 27
(Autonomous)

MODEL ANSWER-Only for the Use of RAC Assessors
Subject: Network and Information Security Subject Code: 22620

1) The answers should be examined by key words and not as word-to-word as given in the
model answer scheme.
2) The model answer and the answer written by candidate may vary but the examiner may
try to assess the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more
Importance (Not applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in
the figure. The figures drawn by candidate and model answer may vary. The examiner
may give credit for anyequivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed
constant values may vary and there may be some difference in the candidate’s answers
and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of
relevant answer based on candidate’s understanding.
7) For programming language papers, credit may be given to any other program based on
equivalent concept.
8) As per the policy decision of Maharashtra State Government, teaching in English/Marathi
and Bilingual (English + Marathi) medium is introduced at first year of AICTE diploma
Programme from academic year 2021-2022. Hence if the students in first year (first and
second semesters) write answers in Marathi or bilingual language (English +Marathi), the
Examiner shall consider the same and assess the answer based on matching of concepts
with model answer.
Q. Sub Answer Marking
No Q.N. Scheme
1. Attempt any FIVE of the following 10M
a) Compare virus and logic bomb (any two points) 2M
Ans. virus Logic bomb Any two
Virus is a program which A logic bomb is a set of points 1M
each
attaches itself to another instructions in a program
program and causes damage carrying a malicious payload
to the computer system or the that can attack an operating
network. It is loaded onto system, program, or network.
your computer without your It only goes off after certain
knowledge and runs against conditions are met. A simple
your wishes example of these conditions
is a specific date or time.
Characteristic of a virus is, Characteristic of a logic
How it spread. bomb is, how it's triggered.
Page 1 / 25
(Autonomous)

b) Identify any four user responsibility in computer security. 2M

Ans. i) Do not share passwords, OTP etc to anyone. Any four
ii) Do not leave sensitive information unprotected. points
1/2M each
iii) Secure storage media which contains sensitive information.
iv) Shredding paper containing organizational information before
discarding it.
c) Define following terms 2M

(i) Cryptography
(ii) Cryptology. Definition
Ans. Cryptography: Cryptography is the art and science of achieving of
Each term
security by encoding messages to make them non-readable. 1M
Cryptology: It is the art and science of transforming the intelligent

data into unintelligent data and unintelligent data back to intelligent
data.
Cryptology = Cryptography + Cryptanalysis
d) Construct digital signature using cryptool. 2M

Ans. Step 1: Open Cryptool application. Correct
Step 2: Open the file and enter message to create digital signature. steps 2M
Step 3: Select menu Digital signature -> Sign Document

Step 4: Select any Hash function and choose private key.
Step 5: Enter PIN number and Click on Sign button to generate
digital signature.
e) List any two types of active and passive attacks 2M
Ans. Active Attack: Any two
 Masquerade active
attacks
 Replay 1M,
 Message Modification
 Denial-Of-Service Any two
passive
attacks 1M
Passive Attack:
 Eavesdropping
 Traffic Analysis
Page 2 / 25
(Autonomous)

f) State any two policies of the firewall 2M

Ans.  Service control: Determines the types of Internet services that can
Any two
be accessed, inbound or outbound. The firewall may filter traffic policies 2M
on the basis of IP address, protocol, or port number; may provide
proxy software that receives and interprets each service request
before passing it on; or may host the server software itself, such as
a Web or mail service.
 Direction control: Determines the direction in which particular
service requests may be initiated and allowed to flow through the
firewall.
 User control: Controls access to a service according to which user
is attempting to access it. This feature is typically applied to users
inside the firewall perimeter (local users).
 Behavior control: Controls how particular services are used. For
example, the firewall may filter e-mail to eliminate spam, or it may
enable external access to only a portion of the information on a
local Web server.
g) List any types of cybercrimes 2M

Ans. Types of cyber crime :- Any four
1. Hacking types 1/2M
each
2. Digital Forgery
3. Cyber Stalking / Harassment
4. Cyber Pornography
5. Identity Theft and Fraud
6. Cyber Terrorism
7. Cyber Defamation
2. Attempt any THREE of the following: 12M
a) Describe CIA model with suitable diagram. 4M
Ans. 1. Confidentiality: the principle of confidentiality specifies that only
Explanatio
sender and intended recipients should be able to access the contents n with
of a message. Confidentiality gets compromised if an unauthorized diagram
4M
person is able to access the contents of a message. Example of
compromising the Confidentiality of a message is shown in fig.
Page 3 / 25
(Autonomous)

Fig. Loss of confidentiality

Here, the user of a computer A send a message to user of computer B.
another user C gets access to this message, which is not desired and
therefore, defeats the purpose of Confidentiality. This type of attack
is also called as interception
2. Authentication: Authentication helps to establish proof of

identities. The Authentication process ensures that the origin of a
message is correctly identified. For example, suppose that user C
sends a message over the internet to user B. however, the trouble is
that user C had posed as user A when he sent a message to user B.
how would user B know that the message has come from user C, who
posing as user A? This concept is shown in fig. below. This type of
attack is called as fabrication.
Fig. absence of authentication
3. Integrity: when the contents of the message are changed after the
sender sends it, but before it reaches the intended recipient, we say
that the integrity of the message is lost. For example, here user C
tampers with a message originally sent by user A, which is actually
destined for user B. user C somehow manages to access it, change its
contents and send the changed message to user B. user B has no way
of knowing that the contents of the message were changed after user
A had sent it. User A also does not know about this change. This type
of attack is called as modification.
Page 4 / 25
(Autonomous)

Fig. Loss of Integrity
b) Define the following with suitable example 4M

i) DAC
Definition
ii) MAC with
i) DAC: DAC (discretionary access control) policy utilizes user example of
Ans. DAC 2M
identification procedures to identify and restrict object access .It
restricts access to objects based on the identity of subjects and or
groups to which they belongs to. The owner of information or any
resource is able to change its permissions at his discretion .Data
Owners can transfer ownership of information to other users .Data
Owners can determine the type of access given to other users (read,
write etc.)
Features of DAC policy are as follows :-
Flexible –In DAC policy owner of information or resource can
change its permission.
Backup - Discretionary access control allows organizations to
backup security policies and data to ensure effective access points.
Usability - Discretionary access control is easy to use. Data Owners
can transfer ownership of information to other users easily.
Definition
ii) MAC :It is used in environments where different levels of security with
are classified. It is much more restrictive. It is sensitivity based example of
MAC 2M
restriction, formal authorization subject to sensitivity. In MAC the
owner or User cannot determine whether access is granted to or not.
i.e. Operating system rights. Security mechanism controls access to
all objects and individual cannot change that access.
Page 5 / 25
(Autonomous)

c) Differentiate between symmetric and asymmetric key 4M

cryptography (any four points)
Ans. Any four
points 1M
each
d) Explain Steganography with suitable example. 4M

Ans. Steganography: Steganography is the art and science of writing
hidden message in such a way that no one apart from sender and Correct
explanatio
intended recipient suspects the existence of the message. n with
Steganography works by replacing bits of useless or unused data in suitable
example
regular computer files (such as graphics, sound, text, html or even
4M
floppy disks) with bits of different, invisible information. This hidden
information can be plain text, cipher text or even images. In modern
steganography, data is first encrypted by the usual means and then
inserted, using a special algorithm, into redundant data that is part of
a particular file format such as a JPEG image.
Steganography process:
Cover-media + Hidden data + Stego-key = Stego-medium
Fig : Steganography
Page 6 / 25
(Autonomous)

Cover media is the file in which we will hide the hidden data, which
may also be encrypted using stego-key. The resultant file is stego-
medium. Cover-media can be image or audio file. Stenography takes
cryptography a step further by hiding an encrypted message so that
no one suspects it exists. Ideally, anyone scanning your data will fail
to know it contains encrypted data. Stenography has a number of
drawbacks when compared to encryption. It requires a lot of overhead
to hide a relatively few bits of information. I.e. One can hide text,
data, image, sound, and video, behind image.
Applications :
1. Confidential communication and secret data storing
2. Protection of data alteration
3. Access control system for digital content distribution
4. Media Database systems
3. Attempt any THREE of the following 12M

a) Describe piggy backing and shoulder surfing 4M
Ans. Piggybacking: It is the simple process of following closely behind a
Descriptio
person who has just used their own access card or PIN to gain n of piggy
physical access to a room or building. An attacker can thus gain backing
access to the facility without having to know the access code or 2M
having to acquire an access card. i.e. Access of wireless internet
connection by bringing one's own computer within range of another
wireless connection & using that without explicit permission, it
means when an authorized person allows (intentionally or
unintentionally) others to pass through a secure door. Piggybacking
on Internet access is the practice of establishing a wireless Internet
connection by using another subscriber's wireless Internet access
service without the subscriber’s explicit permission or knowledge.
Piggybacking is sometimes referred to as "Wi-Fi squatting." The
usual purpose of piggybacking is simply to gain free network access
rather than any malicious intent, but it can slow down data transfer
for legitimate users of the network.
Page 7 / 25
(Autonomous)

Shoulder surfing: Shoulder surfing a similar procedure in which

Descriptio
attackers position themselves in such a way as to- be-able to observe n of
the authorized user entering the correct access code. Shoulder surfing shoulder
is an effective way to get information in crowded places because it's surfing
2M
relatively easy to stand next to someone and watch as they fill out a
form, enter a PIN number at an ATM machine, or use a calling card
at a public pay phone. Shoulder surfing can also be done long
distance with the aid of binoculars or other vision enhancing devices.
Shoulder surfing is using direct observation techniques, such as
looking over someone's shoulder, to get information.
b) Convert plain text into cipher text by using single columnar 4M

technique of the following sentence:
―Maharashtra State board of Technical Education‖ 2M for
plain text
Ans. 1 2 3 4 5 table
M A H A R
2M for
A S T R A cipher text
S T A T E
B O A R D
O F T E C
H N I C A
L E D U C
A T I O N
PLAIN TEXT:
MAHARASTRA STATE BOARD OF TECHNICAL EDUCATION
LET ORDER BE:4,5,3,2,1
CIPHER
TEXT:ARTRECUORAEDCACNHTAATIDIASTOFNETMASBOH
LA
Note: Any relevant order shall be considered.
Page 8 / 25
(Autonomous)

c) State any four difference between Firewall and Intrusion 4M

Detection System
Ans.
Any four
differences
1M each
d) Describe any four password selection criteria. 4M

Ans. Password: Password is a secret word or expression used by Any four
criteria’s
authorized persons to prove their right to access, information, etc. 1M each
Components of good password:
1. It should be at least eight characters long.
2. It should include uppercase and lowercase letters, numbers, special
characters or punctuation marks.
3. It should not contain dictionary words.
4. It should not contain the user's personal information such as their
name, family member's name, birth date, pet name, phone number or
any other detail that can easily be identified.
5. It should not be the same as the user's login name.
6. It should not be the default passwords as supplied by the system
vendor such as password, guest, and admin and so on.
Page 9 / 25
(Autonomous)

4. Attempt any THREE of the following 12M

a) Convert the given plain text, encrypt it with the help of Caesor‟s 4M
cipher technique.
“Network and Information Security”. 2M for
plain text
Ans. table
2M for
Caesor’s
cipher
technique
PLAIN TEXT: NETWORK AND INFORMATION SECURITY

CIPHER TEXT:QHWZRUNDQGLQIRUPDWLRQVHFXULWB
b) Demonstrate configuration of Firewall setting windows operating 4M
system.
Ans. Correct
A firewall is a device which monitors and filters all the incoming and explanatio
outgoing network traffic and prevents unauthorized access to/within n 4M
the network. The firewall is the most important line of defense in
maintaining the security of the network and the application. Every
firewall has a set of rules predefined to allow type of data within the
network; accordingly, it allows or denies the incoming traffic within
the network.
Configuring firewalls on Windows 10

Since Windows is widely used at personal level, this article has been
written specifically for configuring firewalls on Windows.
These are the steps for opening any specific port on the Windows 10
firewall:
1) Search ―firewall‖ and click on Windows Defender Firewall, as
shown below:
Page 10 / 25
(Autonomous)

2) Click on Inbound Rules, as shown.
3) Click on New Rule, select port and click Next as shown:
Page 11 / 25
(Autonomous)

4) Enter a specific port number. In this case, it’s 443. Click Next.
Page 12 / 25
(Autonomous)

5) Allow or block the connection as needed.
6) Name the rule and description as needed.
7) The same steps need to be followed for allowing outbound

connection. In step 1, instead of selecting Inbound Rules, select
Outbound Rules and follow the same steps as above.
That’s easy it is to configure to allow or deny any connection for a
particular port on Windows 10.
Page 13 / 25
(Autonomous)

c) Describe DMZ with suitable diagram. 4M

Ans. DMZ (Demilitarized Zone): It is a computer host or small network
inserted as a ―neutral zone‖ in a company‟s private network and the Explanatio
outside public network. It avoids outside users from getting direct n 2M
access to a company‟s data server. A DMZ is an optional but more
secure approach to a firewall. It can effectively acts as a proxy server.
Diagram
The typical DMZ configuration has a separate computer or host in 2M
network which receives requests from users within the private
forward packets which have been requested by a host. The public
network‟s users who are outside the company can access only the
DMZ host. It can store the company‟s web pages which can be
served to the outside users. Hence, the DMZ can‟t give access to the
other company‟s data. By any way, if an outsider penetrates the
DMZ‟s security the web pages may get corrupted but other
company‟s information can be safe.
d) Describe PGP with suitable diagram. 4M

Ans. PGP is Pretty Good Privacy. It is a popular program used to encrypt
and decrypt email over the internet. It becomes a standard for email Explanatio
n 2M
security. It is used to send encrypted code (digital signature) that lets
the receiver verify the sender’s identity and takes care that the route
of message should not change. PGP can be used to encrypt files being
stored so that they are in unreadable form and not readable by users
or intruders It is available in Low cost and Freeware version. It is
Page 14 / 25
(Autonomous)

most widely used privacy ensuring program used by individuals as

well as many corporations.
Diagram
2M
There are five steps as shown below:

1. Digital signature: it consists of the creation a message digest of the
email message using SHA-1 algorithm. The resulting MD is then
encrypted with the sender’s private key. The result is the sender’s
digital signature.
2. Compression: The input message as well as p digital signature are
compressed together to reduce the size of final message that will be
transmitted. For this the Lempel -Ziv algorithm is used.
3. Encryption: The compressed output of step 2 (i.e. the compressed
form of the original email and the digital signature together) are
encrypted with a symmetric key.
4. Digital enveloping: the symmetric key used for encryption in step 3
is now encrypted with the receiver’s public key. The output of step 3
and 4 together form a digital envelope.
5. Base -64 encoding: this process transforms arbitrary binary input
into printable character output. The binary input is processed in
blocks of 3 octets (24-bits).these 24 bits are considered to be made up
of 4 sets, each of 6 bits. Each such set of 6 bits is mapped into an 8-
bit output character in this process.
e) Find the output of initial permutation box when the input is given 4M
in hexadecimal as
0 x 0003 0000 0000 0001
Page 15 / 25
(Autonomous)

Ans.
0 0 0 3 Hexadecimal
0000 0000 0000 0011 Binary
Correct
0 0 0 0 Hexadecimal output 4M
0000 0000 0000 0000 Binary
0 0 0 0 Hexadecimal
0000 0000 0000 0000 Binary
0 0 0 1 Hexadecimal
0000 0000 0000 0001 Binary
Input
1 2 3 4 5 6 7 8
1 0 0 0 0 0 0 0 0
2 0 0 0 0 0 0 1 1
3 0 0 0 0 0 0 0 0
4 0 0 0 0 0 0 0 0
5 0 0 0 0 0 0 0 0
6 0 0 0 0 0 0 0 0
7 0 0 0 0 0 0 0 0
8 0 0 0 0 0 0 0 1
Permutation table
1 2 3 4 5 6 7 8
1 58 50 42 34 26 18 10 2
2 60 52 44 36 28 20 12 4
3 62 54 46 38 30 22 14 6
4 64 56 48 40 32 24 16 8
5 57 49 41 33 25 17 9 1
6 59 51 43 35 27 19 11 3
7 61 53 45 37 29 21 13 5
8 63 55 47 39 31 23 15 7
Page 16 / 25
(Autonomous)

Output
1 2 3 4 5 6 7 8
1 0 0 0 0 0 0 0 0
2 0 0 0 0 0 0 0 0
3 0 0 0 0 0 0 0 0
4 1 0 0 0 0 0 1 0
5 0 0 0 0 0 0 0 0
6 0 0 0 0 0 0 0 0
7 0 0 0 0 0 0 0 0
8 0 0 0 0 0 0 1 0
Hexadecimal
0000 0082 0000 0002
Note: Any other relevant logic shall be considered.
5. Attempt any TWO of the following 12M
a) Describe the following terms 6M
i) Asset
ii) Vulnerability
iii) Risks
Ans. i) Asset: Asset is any data, device, or other component of the
environment that supports information-related activities. Assets
Descriptio
generally include hardware, software and confidential information. n of each
term 2M
ii) Vulnerability: It is a weakness in computer system & network.
The term "vulnerability" refers to the security flaws in a system that
allows an attack to be successful. Vulnerability testing should be
performed on an on-going basis by the parties responsible for
resolving such vulnerabilities, and helps to provide data used to
identify unexpected dangers to security that need to be addressed.
Such vulnerabilities are not particular to technology — they can also
apply to social factors such as individual authentication and
authorization policies.
iii) Risks: Risk is probability of threats that may occur because of

presence of vulnerability in a system.
Page 17 / 25
(Autonomous)

OR
Risk is any event or action that could cause a loss or damage to
computer hardware, software, data, or information.
b) Describe network base IDS with suitable diagram 6M
Ans.
Diagram
2M
1. Network-based IDS focuses on network traffic —the bits & bytes

Explanatio
traveling along the cables & wires that interconnect the system. n 4M
2. A network IDS should check the network traffic when it passes &
it is able to analyse traffic according to protocol type, amount, source,
destination, content, traffic already seen etc.
3. Such an analysis must occur quickly, &the IDS must be able to
handle traffic at any speed the network operates on to be effective.
4. Network-based IDSs are generally deployed so that they can
monitor traffic in &out of an organization’s major links like
connection to the Internet, remote offices, partner etc.
Network-based IDSs looks for certain activities like:
 Denial of service attacks
 Port scans or sweeps
 Malicious content in the data payload of a packet or packets
 Vulnerability scanning Trojans, viruses, or worms
 Tunneling
 Brute-force attacks
OR
1. Traffic collector: This component collects activity or events from
the IDS to examine. On Host-based IDS, this can be log files, audit
logs, or traffic coming to or leaving a specific system. On Network-
based IDS, this is typically a mechanism for copying traffic of the
network link.
Page 18 / 25
(Autonomous)

2. Analysis Engine: This component examines the collected network

traffic & compares it to known patterns of suspicious or malicious
activity stored in the signature database. The analysis engine acts like
a brain of the IDS.
3. Signature database: It is a collection of patterns & definitions of
known suspicious or malicious activity.
4. User Interface & Reporting: This is the component that interfaces
with the human element, providing alerts when suitable & giving the
user a means to interact with & operate the IDS.
Advantages:
 O.S specific and detailed signatures.
 Examine data after it has been decrypted.
 Very application specific.
 Determine whether or not an alarm may impact that specific.
Disadvantages:
 Should a process on every system to watch.
 High cost of ownership and maintenance.
 Uses local system resources.
 If logged locally, could be compromised or disable.
c) Describe COBIT framework with neat diagram 6M
Ans.
Diagram
2M
COBIT stands for ―Control Objectives for Information and related Explanatio
Technology‖, it is a framework that was developed by ISACA n 4M
(Information System Audit and Control Association). It is a set of
guidance material for IT governance to manage their requirements,
technical issues, and business risks.
Page 19 / 25
(Autonomous)

COBIT connects IT initiatives with business requirements, monitors

and improves IT management practices, and ensures quality control
and reliability of information systems in an organization.
 Plan and Organize: This domain addresses direction to solutions,
Information architecture, managing IT investments, assess the
risks, quality, and project.
 Acquire and Implement: This domain acquires and maintains
application software and technology infrastructure, develops as
well as maintains procedures and manages changes, implements
desired solutions and passes them to be turned into services.
 Deliver and Support: This domain defines and manages service
levels, ensures the security of the system, educates or trains, and
advises users. It receives solutions and makes them usable for end
users.
 Monitor and Evaluate: This domain monitors the process, assesses
internal control capability, finds independent assurance, and
provides independent audit.
Principle of COBIT:
 Providing service of delivering information that an organization
requires.
 Undesired events will be prevented, detected, and corrected.
 Managing and controlling IT resources using a structured set of
processes.
Fulfilling client’s requirements.
Note: Any other relevant framework shall be considered
6. Attempt any TWO of the following 12M

a) Describe any three phases of virus with suitable example 6M
Ans. Definition: Virus is a program which attaches itself to another
program and causes damage to the computer system or the network. It Any three
Phases 3M
is loaded onto your computer without your knowledge and runs
against your wishes. Suitable
During the lifecycle of virus it goes through the following four example
phases: 3M
Page 20 / 25
(Autonomous)

1. Dormant phase: The virus is idle and activated by some event.

2. Propagation phase: It places an identical copy of itself into
other programs or into certain system areas on the disk.
3. Triggering phase: The virus is activated to perform the function
for which it was intended.
4. Execution phase: The function of virus is performed
Note: Any other relevant example shall be considered

b) Describe „ Kerberos‟ protocol with suitable diagram 6M
Ans. Kerberos: Kerberos is a network authentication protocol. It is
designed to provide strong authentication for client/server
applications by using secret-key cryptography. It uses secret key Descriptio
cryptography. It is a solution to network security problems. It n with
provides tools for authentication and strong cryptography over the suitable
network to help you secure your information system There are 4 diagram of
parties involved in Kerberos protocol Authentica
tion service
i) User (AS)
ii) Authentication service (AS) 3M
iii) Ticket granting server (TGS)
iv) Service server
Working of Kerberos: Descriptio
n with
1. The authentication service, or AS, receivers the request by the suitable
client and verifies that the client is indeed the computer it claims to diagram of
be. This is usually just a simple database lookup of the user’s ID. Ticket
granting
server
(TGS)
3M
Page 21 / 25
(Autonomous)

2. Upon verification, a timestamp is created. This puts the current

time in a user session, along with an expiration date. The default
expiration date of a timestamp is 8 hours. The encryption key is then
created. The timestamp ensures that when 8 hours is up, the
encryption key is useless.
authentication service. It is used for authentication the client for
future reference.

sends its own encrypted key to the service.
Page 22 / 25
(Autonomous)

4. The service decrypts the key, and makes sure the timestamp is still
valid. If it is, the service contacts the key distribution center to
receive a session that is returned to the client.
c) Write a brief note on firewall configuration 6M
i) Packet filter as a firewall
ii) Application level gateway firewall
iii) Circuit level gateway firewall Explanatio
Ans. n with
1. Packet filter as a firewall : As per the diagram given below diagram
Firewall will act according to the table given for example source IP 2M
150.150.0.0 is the IP address of a network , all the packets which are each
coming from this network will be blocked by the firewall in this way
it is acting as a firewall. Table also having port 80, IP Address
200.75.10.8 & port 23 firewall will act in the similar fashion. Port 23
is for Telnet remote login in this case firewall won’t allow to login
onto this server. IP Address 200.75.10.8 is the IP address of
individual Host, all the packet having this IP address as a destination
Address will be denied. Port 80 no HTTP request allowed by firewall
Page 23 / 25
(Autonomous)

2. Application level gateway Firewalls: Application level firewalls

decide whether to drop a packet or send them through based on the
application information (available in the packet). They do this by
setting up various proxies on a single firewall for different
applications. Both the client and the server connect to these proxies
instead of connecting directly to each other. So, any suspicious data
or connections are dropped by these proxies. Application level
firewalls ensure protocol conformance. For example, attacks over http
that violates the protocol policies like sending Non-ASCII data in the
header fields or overly long string along with Non ASCII characters
in the host field would be dropped because they have been tampered
with, by the intruders.
Page 24 / 25
(Autonomous)

3. Circuit level gateway Firewalls: The circuit level gateway firewalls

work at the session layer of the OSI model. They monitor TCP handshaking
between the packets to determine if a requested session is legitimate. And
the information passed through a circuit level gateway, to the internet,
appears to have come from the circuit level gateway. So, there is no way for
a remote computer or a host to determine the internal private ip addresses of
an organization, for example. This technique is also called Network Address
Translation where the private IP addresses originating from the different
clients inside the network are all mapped to the public IP address available
through the internet service provider and then sent to the outside world
(Internet). This way, the packets are tagged with only the Public IP address
(Firewall level) and the internal private IP addresses are not exposed to
potential intruders
Page 25 / 25

Nis 22620 Sample Papers S-22, w22, s23

Uploaded by

Copyright:

Available Formats

Nis 22620 Sample Papers S-22, w22, s23

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Nis 22620 Sample Papers S-22, w22, s23

Uploaded by

Copyright:

Available Formats

Zeal Education Society’s

ZEAL POLYTECHNIC, PUNE.

THIRD YEAR (TY)

DIPLOMA IN COMPUTER ENGINEERING

NAME OF SUBJECT: NETWORK INFORMATION SECURITY

MSBTE QUESTION PAPERS & MODEL ANSWERS

SUMMER – 2022 EXAMINATION

Important Instructions to examiners:

Q.N Sub Answer Marking

SUMMER – 2022 EXAMINATION

responsibilities for information assurance.

ii) Piggybacking : Piggybacking on Internet access is the practice of

SUMMER – 2022 EXAMINATION

c) Define term cryptography. 2M

d) Classify following cyber crimes: 2M

ii) Email harassment : Email harassment is usually understood to be

SUMMER – 2022 EXAMINATION

3 It can use a network to It has to rely on users

g) Define AH & ESP with respect to IP security. 2M

2. It is based on symmetric key cryptography technique.

SUMMER – 2022 EXAMINATION

3. ESP can be used in isolation or it can be combined with AH.

2. Attempt any THREE of the following: 12

SUMMER – 2022 EXAMINATION

Fingerprint registration & verification mechanism

SUMMER – 2022 EXAMINATION

d) Write & explain DES algorithm 4M

SUMMER – 2022 EXAMINATION

Step 1 : key transformation: the initial key is transformed into a 56-

Step 2: Expansion permutation: During Expansion permutation the

SUMMER – 2022 EXAMINATION

Final Permutation: At the end of 16 rounds, the final permutation is

3. Attempt any THREE of the following: 12

Features of DAC policy are as follows :-

SUMMER – 2022 EXAMINATION

Backup - Discretionary access control allows organizations to

Usability - Discretionary access control is easy to use. Data Owners

b) Consider plain text “COMPUTER ENGINEERING” and convert 4M

PLAIN TEXT -COMPUTER ENGINEERING

c) Differentiate between host-based & network based IDS 4M

SUMMER – 2022 EXAMINATION

3 HIDS is looking for certain NIDSs look for certain

5 It is host dependent It is host independent

SUMMER – 2022 EXAMINATION

His / her username and password.

4. Attempt any THREE of the following: 12

SUMMER – 2022 EXAMINATION

SUMMER – 2022 EXAMINATION

can effectively acts as a proxy server. example

Advantage: The main benefit of a DMZ is to provide an internal

c) Differentiate between firewall & IDS 4M

SUMMER – 2022 EXAMINATION

3 A firewall can block an An IDS can only report an

SUMMER – 2022 EXAMINATION

The basic phases of an email communication consists of the following

e) Explain digital signature in Cryptography. 4M

SUMMER – 2022 EXAMINATION

Advantages of Digital Signatures

SUMMER – 2022 EXAMINATION