AMAN CYBERSECURITY

Download as pdf or txt
Download as pdf or txt
You are on page 1of 12

Module 01

2 mks
Q.1. Explain any four Network Protocols and their Vulnerabilities.
Ans. Address Resolution Protocol (ARP): ARP is used to map IP addresses to MAC
addresses, enabling communication within a local network.
Vulnerability: ARP spoofing, where an attacker sends fake ARP messages to link their MAC
address with a legitimate IP address, enabling interception or modification of data.
Domain Name System (DNS): DNS translates human-readable domain names (like
www.example.com) into IP addresses that computers use to identify each other on the
network.
Vulnerability: DNS cache poisoning, where an attacker inserts false data into a DNS
resolver’s cache, redirecting users to malicious websites.
File Transfer Protocol (FTP): FTP is used to transfer files between a client and a server over a
network.
Vulnerability: FTP transmits data in plain text, making it susceptible to unauthorized access.
Hypertext Transfer Protocol Secure (HTTPS): HTTPS is used for secure communication over
a computer network, ensuring data integrity and confidentiality.
Vulnerability: HTTPS can be vulnerable to attacks like DROWN, which exploit weaknesses in
SSLv2 to decrypt traffic.

Q.2. How do you interpret an IP address? Give an example of a


Class C IP address.
Ans. An IP address is a unique identifier assigned to each device connected to a network,
allowing them to communicate with each other. It consists of four octets (8-bit numbers)
separated by periods, each ranging from 0 to 255.
Example of a Class C IP Address:
IP Address: 192.168.1.20
Range: Class C IP addresses cover the range from 192.0.0.0 to 223.255.255.255.
Subnet Mask: Typically uses a subnet mask of 255.255.255.0, which means the first three
octets (192.168.1) define the network, and the last octet (20) identifies the specific device
within that network.
Network Size: This class can accommodate up to 254 devices (hosts) on the same network
because the last octet can range from 1 to 254.
Q.3. Explain the steps of ethical hacking.
Ans.
Ethical hacking involves five key phases:
Reconnaissance: Gathering information about the target system to identify potential entry
points. This is also known as foot printing.
Scanning: Using tools to scan the target for vulnerabilities, such as open ports and services.
Gaining Access: Using weaknesses in a system to break in without permission.
Maintaining Access: Keeping the system open for more use or study later.
Covering Tracks: Erasing evidence of the hacking activities to avoid detection.

Q.4. Difference Between HTTP vs HTTPs.


Ans.
Q.5. What is IP Protocol? Explain the Network classes.
Ans. The Internet Protocol (IP) is a set of rules governing the format of data sent over the
Internet or local network. It is responsible for addressing and routing packets of data so they
can travel across networks and arrive at the correct destination.

Explain the Table if you want


Module 02
Q.1. Explain biometric authentication.
Ans. Biometric authentication is a cybersecurity process that uses a person's unique
biological characteristics to verify their identity. It's considered a more secure and user-
friendly way to access devices, systems, and sensitive information than traditional methods
like passwords or security tokens.
Here's how biometric authentication works:
1) A sample of a biometric trait is captured, such as a fingerprint or face.
2) The sample is analysed and converted into a mathematical representation called a
template.
3) The captured sample is compared to the template.
4) Biometric authentication can be used for many things, including: Unlocking smartphones,
accessing secure facilities, authorizing financial transactions, ensuring secure access to
computer systems, and verifying a passenger's identity at an airport.
5) Biometric authentication is more secure than traditional methods because it's difficult to
replicate data in the form of fingerprints, voiceprints, or faceprints.

Q.2. Explain lightweight cryptography.


Ans. 1) Lightweight cryptography, also known as lightweight encryption, is a form of
encryption designed, for resource-constrained devices.
2) Lightweight encryption technology uses less memory, fewer computing resources, and a
smaller amount of power to provide secure solutions for limited resources in a network.
3) LWC algorithms are designed to be compact, efficient, and energy-saving, while still
maintaining a sufficient level of security.
Characteristics of LWC:
1) Low footprint: LWC algorithms have a small footprint and low computational complexity.
2) Tailored for specific applications: LWC algorithms are designed for specific applications,
such as RFID systems and wireless sensor networks.
3) Faster cryptographic operations: LWC algorithms promote faster cryptographic
operations.
4) Security without compromising confidentiality: LWC algorithms maintain the
confidentiality and integrity of data.
Q.3. Explain Cryptographic Hash Functions & applications.
Ans. 1) Cryptographic hash functions (CHFs) are mathematical algorithms that convert an
input of any size into a fixed-sized output, called a hash value.
2) A cryptographic hash function combines the message-passing capabilities of hash
functions with security properties.
3) A hash function is basically performing some calculations in the computer.
4) Typical hash functions take inputs of variable lengths to return outputs of a fixed length.
5) Hash functions are used for cryptocurrency, password security, and message security.
They have many applications in cybersecurity, including:
Password storage: CHFs can be used to store passwords in an encrypted form, instead of
the original password.
Data integrity: CHFs can help ensure the integrity of data and protect it from unauthorized
changes.
File management: Businesses can use CHFs to index data, recognize files, and remove
duplicate files.
Authentication: CHFs are used in digital signatures and message authentication codes.

Q.4. What is a honeypot? Give advantages/benefits of a honeypot.


Ans. Honeypots are designed to look like attractive targets, and they get deployed to allow
IT teams to monitor the system's security responses and to redirect the attacker away from
their intended target. Honeypots are used in cybersecurity to detect, deflect, and analyse
unauthorized attempts to access information systems.
There are different types of honeypots: -
1) Email honeypots: Also known as spam traps, these are fake email addresses that attract
and receive spam.
2) Spider honeypots: These create web pages or links that are only accessible to automated
crawlers.
Advantages/ Benefits: (Any 5)
Detect threats: Honeypots can detect and log attack attempts, and provide information
about the attacker's behaviour.
Analyse attacks: Honeypots can help security teams understand how cybercriminals
operate, including their tactics, techniques, and procedures.
Test incident response: Honeypots can help security teams see how they and their systems
will react to a threat.
Reduce false positives: Honeypots are less likely to attract legitimate activity than
traditional cybersecurity measures.
Improve network safety: Honeypots can help prevent and see vulnerabilities in a network
system.
Protect other systems: By wasting hackers' time on honeypots, they have less time to hack
live systems.
Be cost-effective: Honeypots typically run on their own with minimal monitoring.

Q.5. Explain any Private-key encryption, public key-encryption.


Ans. Public key encryption is an encryption method that uses a pair of keys, a public key
and a private key, to encrypt and decrypt data, respectively. The public key is available to
anyone who wants to send an encrypted message to the owner of the private key. It is used
to encrypt the data and can be shared freely.
In public key encryption, a user generates a public-private key pair using a cryptographic
algorithm. When a user wants to send a message to the owner of the private key, they use
the public key to encrypt the message, which can only be decrypted using the private key.
Advantages of Public Key Encryption:
Secure Communication
Confidentiality
Scalability
Private, or symmetric, key encryption, is a type of encryption where the same key is used to
both encrypt and decrypt the message. This means that the sender and recipient must have
the same encryption key in order to communicate securely.
Private key encryption involves four steps:
1. Key generation: The sender and recipient each generate their own unique secret key
that will be used for encryption and decryption.
2. Encryption: The sender uses the secret key to encrypt the message, transforming it
into an unreadable format.
3. Transmission: The encrypted message is transmitted through a communication
channel, such as the internet or a phone line.
4. Decryption: The recipient uses their secret key to decrypt the message, converting it
back to its original readable format.

Advantages of Private Key Encryption: Security, Confidentiality, Efficiency


Module 03
Q.1. Give advantages and disadvantages of Next-generation
Firewall.
Ans.
Advantages:

Advanced Threat Protection: Next-Generation Firewalls (NGFWs) use advanced methods


like sandboxing, checking behavior patterns, and matching known threat signatures to
detect and block complex threats.

Improved Visibility and Control: NGFWs give detailed insight into network traffic,
allowing administrators to set up rules based on who the user is, what application they are
using, and the content involved.

Context-Aware Security: NGFWs can analyze network traffic by considering user identity,
location, and device type, which helps make better security decisions.

Integration with Other Security Tools: NGFWs can work alongside other security tools
like intrusion detection systems (IDS) and security information and event management
(SIEM) systems to enhance overall security.

Flexibility and Scalability: NGFWs can be used in different settings, including on-site,
cloud-based, or hybrid environments, and can be scaled up to handle the needs of growing
businesses.

Disadvantages:

• Complexity: Next-Generation Firewalls (NGFWs) can be difficult to set up and manage,


requiring special skills and training.
• Cost: NGFWs usually cost more than traditional firewalls, especially when used in large
setups.
• Resource Intensive: NGFWs need a lot of resources like CPU power, memory, and storage
to handle advanced threat protection and analysis.
• Overwhelming Alerts: NGFWs can produce many alerts, which might be too much for
security teams to handle effectively.
Requires Continuous Updates: NGFWs need regular updates to stay effective against new
and changing threats, which can be time-consuming and require a lot of resources.
Q.2. Distinguish between Firewall and IDS.
Ans.
Q.3. Explain different malwares and their operations.
Ans. Malware is a software that gets into the system without user consent to steal the
user’s private and confidential data, including bank details and passwords. They also
generate annoying pop-up ads and change system settings. Malware includes computer
viruses, worms, Trojan horses, ransomware, spyware, and other malicious programs.
Types of Malwares and their operations:
Viruses – A Virus is a malicious executable code attached to another executable file. The
virus spreads when an infected file is passed from system to system. Viruses can be
harmless or they can modify or delete data. Opening a file can trigger a virus. Once a
program virus is active, it will infect other programs on the computer.
Worms – Worms replicate themselves on the system, attaching themselves to different files
and looking for pathways between computers, such as computer network that shares
common file storage areas. Worms usually slow down networks. A virus needs a host
program to run but worms can run by themselves. After a worm affects a host, it is able to
spread very quickly over the network.
Trojan horse – A Trojan horse is a malware that carries out malicious operations under the
appearance of a desired operation such as playing an online game. A Trojan horse varies
from a virus because the Trojan binds itself to non-executable files, such as image files, and
audio files.
Adware – It displays unwanted ads and pop-ups on the computer. It comes along with
software downloads and packages. It generates revenue for the software distributer by
displaying ads.
Spyware – Its purpose is to steal private information from a computer system for a third
party. Spyware collects information and sends it to the hacker.
Q.4. What different social engineering attacks. ( Any 8 )
Ans. Phishing: Uses fake emails or links to trick people into giving up personal information,
like passwords or credit card numbers. Variants include:
Angler Phishing: Uses fake customer service accounts on social media.
Spear Phishing: Targets specific individuals or organizations.
Whaling: Targets top executives with fake emails that seem urgent, aiming to steal sensitive
information.
Diversion Theft: Tricks victims into sending sensitive data to the wrong person, often by
faking the email address of a trusted contact.
Baiting: Lures victims with free offers to get them to provide personal information or
credentials.
Honey Trap: Attacker pretends to be romantically interested to get the victim to reveal
confidential information or money.
Pretexting: Uses a fake story or scenario, like pretending to be a tax auditor, to get personal
or financial information.
SMS Phishing: Sends fake text messages that look like security alerts to trick victims into
providing credentials or installing malware.
Scareware: Pops up fake virus alerts on your screen to scare you into buying fake security
software, stealing your info in the process.
Tailgating/Piggybacking: Attacker follows someone into a secure area, often by pretending
to have forgotten their access card.
Watering Hole: Infects a trusted website that the target visits, stealing their login details or
installing malware when they access the site.
Q.5. List out the different types of Intrusion Detection Systems
based on categories.
Ans. Intrusion Detection System (IDS): An IDS is a security tool that monitors
networks or systems for suspicious activities or policy violations. It helps detect
unauthorized access and potential threats by analyzing traffic and alerting
administrators to take action.
Types of Intrusion Detection Systems:
1. Network Intrusion Detection System (NIDS):
o Monitors all network traffic at a specific point in the network.
o Compares traffic to known attack patterns.
o Alerts administrators if it detects an attack or unusual behavior.
o Example: Placed on a subnet with firewalls to detect attempts to breach the
firewall.
2. Host Intrusion Detection System (HIDS):
o Monitors activity on a specific host or device.
o Tracks incoming and outgoing packets and alerts if it finds anything
suspicious.
o Takes snapshots of system files to detect changes or deletions.
o Example: Used on critical machines that shouldn't change frequently.
3. Protocol-Based Intrusion Detection System (PIDS):
o Monitors specific protocols between users/devices and servers.
o Focuses on protecting web servers by monitoring protocol streams like
HTTPS.
o Example: Placed at the interface between encrypted HTTPS and unencrypted
web presentation layers.
4. Application Protocol-Based Intrusion Detection System (APIDS):
o Monitors communication using application-specific protocols.
o Example: Monitors SQL protocol to track interactions between the database
and web server.
5. Hybrid Intrusion Detection System:
o Combines different types of IDS to get a complete view of the network.
o More effective than using a single type of IDS.
o Example: Prelude IDS, which combines host and network information.
Q.6. Explain reconnaissance, scanning, vulnerability assessment.
Ans.
Reconnaissance:

• Reconnaissance is the initial phase in penetration testing where the tester gathers as
much information as possible about the target system.
• This can include details about network topology, operating systems, applications,
and user accounts.
• The goal is to collect data that will help in planning an effective attack strategy.
Reconnaissance can be either passive (using publicly available information) or active
(directly interacting with the target system) 1.
• This phase is crucial as it lays the groundwork for the subsequent steps by providing
a comprehensive understanding of the target environment.

Scanning:

• Once the reconnaissance phase is complete, the next step is scanning.


• This involves using various tools to identify open ports, services, and other potential
entry points on the target system.
• Scanning helps in understanding how the target system responds to different types
of intrusions.
• It maps out the system’s digital terrain, enabling the tester to spot possible
vulnerabilities 2.
• Scanning can be divided into network scanning, port scanning, and vulnerability
scanning, each providing different insights into the system’s security posture.

Vulnerability Assessment:

• In the vulnerability assessment phase, the tester uses the data gathered during
reconnaissance and scanning to identify potential vulnerabilities.
• This involves a detailed analysis of the target system to determine if the identified
vulnerabilities can be exploited.
• The assessment can be done using automated tools and manual techniques to
ensure a thorough evaluation.
• The goal is to prioritize vulnerabilities based on their severity and the potential
impact on the system 1.
• This phase is critical as it helps in understanding the risk associated with each
vulnerability and in planning mitigation strategies.

You might also like