Security In Computing

Q1)Explain OSI Layer with functionality and Devices of each Layer.

Diagram→

→ 1. Physical Layer:

• Function: Hub, Repeaters, Cables, Fibers, Wireless.

The Physical Layer deals with the physical transmission of data bits over a
communication channel. It defines the electrical, mechanical, and procedural
characteristics for transmitting raw data bits over a physical medium.

• Devices:
o Hub: A basic networking device that connects multiple devices in a network and
operates at the Physical Layer.
 o Repeater: Extends the distance of a network segment by amplifying and
regenerating signals.
o Network Interface Card (NIC): Interfaces a device with a network medium,
translating data between the device and the network.
• Definition: This layer is concerned with the physical connection between devices,
addressing how data is transmitted over different types of physical media, such as cables
(Ethernet, fiber optics).

2. Data Link Layer:

• Function: Bridges, Modems, Network Cards, 2-Layer switches

The Data Link Layer provides reliable data transfer across a physical link. It detects and
possibly corrects errors that may occur in the Physical Layer. It also manages access to
the physical medium.
• Devices:
o Switch: Forwards data packets between devices within the same network based
on MAC addresses.
o Bridge: Connects two LANs and filters traffic based on MAC addresses to reduce
traffic congestion.
o Network Interface Card (NIC): Operates at both the Physical and Data Link
layers to facilitate data transmission.
• Definition: This layer ensures data integrity by providing error detection and correction.
It also manages flow control and access to the physical medium, organizing bits into
frames.

3. Network Layer:

• Function: Routers, Modems, Network Cards, 3 Layer Switches

The Network Layer handles the routing of data packets from the source to the destination
across multiple networks. It determines the best path for data transfer and manages
logical addressing (IP addresses).
• Devices:
o Router: Connects multiple networks together and forwards data packets between
them based on IP addresses.
o Layer 3 Switch: Combines features of a switch and a router, capable of routing
data packets based on IP addresses.
• Definition: Responsible for logical addressing, routing, and packet forwarding across
different networks. It translates logical network addresses (IP addresses) into physical
addresses (MAC addresses).

4. Transport Layer:

• Function: Gateways, Firewalls

The Transport Layer ensures reliable data transfer between end systems, providing error-
checking mechanisms, flow control, and retransmission of lost or corrupted data.
• Devices:
 o Gateways: Convert protocols to enable communication between networks with
different architectures.
• Definition: Manages end-to-end communication sessions, ensuring data integrity and
reliable transmission between applications.

5. Session Layer:

• Function: Gateways, Firewalls, PC’s

The Session Layer establishes, manages, and terminates communication sessions between
applications. It synchronizes data exchange and manages dialogue control.
• Devices: Not typically associated with specific hardware devices.
• Definition: Controls the connections and sessions between applications, handling session
establishment, maintenance, and termination.

6. Presentation Layer:

• Function: Gateways, Firewalls, PC’s

The Presentation Layer translates, encrypts, or compresses data for efficient transmission
across the network. It handles data formatting, syntax control, and encryption/decryption.
• Devices: Not associated with specific hardware devices.
• Definition: Ensures data is presented in a readable format for applications, managing
data representation and encryption.

7. Application Layer:

• Function: Gateways, Firewalls, end device like PC’s, Phones, Servers

The Application Layer provides network services directly to end-user applications. It
enables communication between software applications and network services.
• Devices: End-user devices such as computers, smartphones, and servers.
• Definition: Interacts directly with software applications to provide network services and
user interfaces, enabling applications to access network resources.

Each layer of the OSI model performs specific functions that collectively enable communication
between devices and applications across networks, ensuring interoperability and reliable data
transmission.

-------------------------------------------------------------------------------------------------------------
Q2)How to build Security explain 9 steps in detail.
→ Building a comprehensive security program involves several key steps and considerations to
protect an organization's assets, data, and operations. Here's a detailed guide to building a
security program:

1. Build an Information Security Team:

• Definition: Establish a dedicated team within the organization responsible for overseeing
and implementing security measures to protect systems, networks, and data from threats
and vulnerabilities.
• Responsibilities:
o Implementation: Deploy security controls and technologies to safeguard assets.
o Monitoring: Continuously monitor systems and networks for suspicious activities
and potential security breaches.
o Response: Promptly respond to and mitigate security incidents to minimize
impact and prevent further damage.

2. Inventory and Manage Assets:

• Definition: Conduct a thorough inventory of all organizational assets, including

hardware, software, data, and infrastructure, to understand their location, importance, and
security requirements.
• Steps:
o Asset Discovery: Identify all assets within the organization, including physical
devices, virtual machines, databases, and critical applications.
o Asset Categorization: Classify assets based on their criticality to operations and
sensitivity of data they handle.
o Asset Management: Maintain an updated inventory with details such as asset
owner, location, configuration, and security controls applied.

3. Assess Risk:

• Definition: Evaluate potential threats and vulnerabilities that could affect organizational
assets, operations, and objectives, and prioritize them based on likelihood and potential
impact.
• Steps:
o Threat Identification: Identify and categorize potential threats, including cyber
threats (e.g., malware, phishing attacks), physical threats (e.g., theft, natural
disasters), and operational threats (e.g., human errors).
o Vulnerability Assessment: Identify weaknesses and vulnerabilities in systems,
networks, and processes that could be exploited by threats.
o Risk Analysis: Assess and prioritize risks by considering the likelihood of
occurrence, potential impact on assets and operations, and existing security
controls.
4. Manage Risk:

• Definition: Develop strategies and controls to mitigate, transfer, accept, or avoid

identified risks to achieve an acceptable level of risk within the organization's tolerance.
• Steps:
o Risk Mitigation: Implement security controls and measures (e.g., encryption,
access controls, patch management) to reduce the likelihood and impact of
identified risks.
o Risk Transfer: Transfer risk to third parties through insurance policies or
contractual agreements, particularly for risks that cannot be fully mitigated
internally.
o Risk Acceptance: Accept certain risks if the cost of mitigation outweighs the
potential impact or if mitigation is not feasible.
o Risk Avoidance: Take actions to eliminate or avoid risks where possible, such as
discontinuing high-risk activities or investments.

5. Develop an Incident Management and Disaster Recovery Plan:

• Definition: Create documented procedures and protocols to effectively respond to

security incidents and recover from disruptions to business operations caused by cyber
attacks, natural disasters, or other emergencies.
• Components:
o Incident Response Plan (IRP): Outline steps to detect, analyze, contain,
eradicate, and recover from security incidents. Assign roles and responsibilities
for incident response team members.
o Disaster Recovery Plan (DRP): Define processes and procedures to restore
critical systems, applications, and data in the event of a major disruption or
disaster. Include backup strategies, recovery objectives, and testing procedures.

6. Inventory and Manage Third Parties:

• Definition: Assess and manage security risks associated with third-party vendors,
suppliers, and partners who have access to the organization's systems, networks, or
sensitive information.
• Steps:
o Third-Party Inventory: Maintain a list of all third-party relationships, including
vendors and service providers, and categorize them based on the level of access to
sensitive data or critical systems.
o Security Assessment: Evaluate the security posture and practices of high-risk
third parties through audits, assessments, and due diligence reviews.
o Contractual Security Controls: Establish and enforce security requirements
through contractual agreements, including data protection clauses, security audits,
and incident response obligations.
o Ongoing Monitoring: Continuously monitor third-party compliance with
security requirements and update risk assessments as the relationship evolves.
7. Apply Security Controls:

• Definition: Implement a combination of technical and non-technical controls to protect

systems, networks, and data from unauthorized access, misuse, or compromise.
• Examples of Security Controls:
o Technical Controls: Deploy firewalls, intrusion detection/prevention systems
(IDS/IPS), encryption technologies, antivirus software, and secure authentication
mechanisms (e.g., multi-factor authentication).
o Non-technical Controls: Establish and enforce security policies, procedures, and
guidelines covering areas such as access control, data handling, incident response,
and employee awareness training.
o Security Policy Framework: Develop and maintain a comprehensive set of
security policies that define organizational security objectives, responsibilities,
and standards for protecting assets and information.

8. Establish Security Awareness Training:

• Definition: Provide ongoing education and training programs to raise awareness among
employees, contractors, and stakeholders about security threats, best practices, and their
roles in maintaining a secure environment.
• Steps:
o Training Programs: Develop and deliver regular security awareness training
sessions covering topics such as phishing awareness, password hygiene, social
engineering tactics, and data protection principles.
o Simulated Exercises: Conduct simulated phishing campaigns, security drills, and
tabletop exercises to test employee responses to security incidents and reinforce
training concepts.
o Continuous Education: Provide updates on emerging threats, regulatory
changes, and security technologies to keep employees informed and vigilant.

9. Audit:

• Definition: Conduct regular audits, assessments, and evaluations of the organization's

security program to identify gaps, measure effectiveness, and ensure compliance with
internal policies and external regulations.
• Steps:
o Third-Party Audits: Engage independent auditors or security consultants to
perform comprehensive audits and assessments of the organization's security
controls, practices, and compliance with industry standards.
o Internal Audits: Conduct internal audits and reviews to evaluate the
implementation and effectiveness of security policies, procedures, and controls
across different functional areas.
o Audit Findings: Document audit findings, prioritize corrective actions, and
develop improvement plans to address identified weaknesses, enhance security
posture, and mitigate future risks.
By following these detailed steps and definitions, organizations can establish a robust security
program that protects against a wide range of threats, ensures compliance with regulatory
requirements, and enhances resilience to security incidents and disruptions. Continuous
monitoring, adaptation to emerging threats, and stakeholder engagement are essential for
maintaining an effective security posture over time.

---------------------------------------------------------------------------------------------------------------------
Q3)Explain 3 D’s (Defense, Detection, Detterence).
→ The Three D's: Defense, Detection, and Deterrence
The "Three D's"—Defense, Detection, and Deterrence—form a comprehensive approach to
security and risk management. Each component plays a crucial role in protecting assets,
information, and people from potential threats and vulnerabilities.
Defense
It is nothing but resisting attack. Defense has to do with protecting something or fighting against an
opponent. Defense is the opposite of offense. It has to do with defending against all sorts of things: In the
military, defense is about protecting a country from attack.
Defensive controls on the network can include access control devices such as firewalls, network access
control, spam, malware filtering, web content filtering etc...
These controls provide protection from software vulnerabilites, bugs, atatck scripts, ethical and policy
violations, accidental data damage etc,

Defense is about resisting attacks and protecting against threats. It involves measures and
strategies to safeguard assets, information, and people from potential harm. Defense focuses on
creating barriers that make it difficult for threats to succeed. It can be categorized into:

• Military Defense: Protecting a country from attacks.

• Network Defense: Implementing access control devices such as firewalls, network access
control, spam and malware filtering, and web content filtering. These controls provide
protection from software vulnerabilities, bugs, attack scripts, ethical and policy violations, and
accidental data damage.

Detection
It is the process of identifying the presence of some malicious activity which is concealed(Hidden).Eg-
IDS, IPS and SIEM(Security information and event Management)alerts, reports and dashboards.
Without adequate detection a security breach may go unnoticed for hours, days, or even forever.

Detection is the process of identifying the presence of malicious activity that is often concealed.
Effective detection mechanisms allow for a quick response to minimize damage and address
vulnerabilities. Examples include:

• Intrusion Detection Systems (IDS): Monitor network traffic for suspicious activities.
• Intrusion Prevention Systems (IPS): Actively prevent detected threats.
• Security Information and Event Management (SIEM): Provides alerts, reports, and dashboards
to identify and respond to security incidents.

Without adequate detection, a security breach may go unnoticed for hours, days, or even forever.

Deterrence
It is discouraging an action or event through instilling doubt or fear of the consequences.
It is effective method of reducing the frequency of security compromises,
and there by total loss due to security incidents.
Many companies implement deterrent contorls like using threats of discipline and termination of policy,
communication program to employees
about acceptable usage and security policies. with the use of deterrent controls attackers may decide not
to cause damage since they are aware of the consequences.

Deterrence involves discouraging an action or event by instilling doubt or fear of the

consequences. This method reduces the frequency of security compromises and the total loss due
to security incidents. Examples include:

• Threats of Discipline and Termination: Policies that outline consequences for violating security
protocols.
• Communication Programs: Educating employees about acceptable usage and security policies.
• Visible Security Measures: Cameras, alarms, and signage indicating the presence of security
systems.

Deterrent controls make attackers aware of the consequences, potentially leading them to decide
not to cause damage.

-------------------------------------------------------------------------------------------------------------
Q4)Difference between Strategy and Tactics (7 Points each).
→ Security Strategy- It is the plan which helps the organization to achieve its
security mission and objectives of defense, deterrence and detection.
Security Tactics:- these are the actions, projects or events needed to protect the
company assets.
Aspect Strategy Tactics
Definition A long-term plan to achieve a broad Short-term actions to achieve specific parts
goal. of the strategy.
Timeframe Long-term (months to years). Short-term (days to weeks).
Scope Broad, overarching vision and Narrow, focused on specific tasks or
direction. objectives.
Focus What and why (the overall mission and How and when (the execution of tasks).
goals).
Examples Market expansion, brand positioning,Marketing campaigns, sales promotions,
entering new markets. product launches.
Decision Made by top management or Made by middle management or
Level leadership. operational teams.
Flexibility Less flexible, more stable over time.
More flexible, can change frequently based
on immediate needs.
Resource Involves significant and often long-term Involves allocation of resources to specific
Allocation commitment of resources. tasks or operations.
Measurement Evaluated by overall progress towards Measured by the success of specific actions
long-term goals. or short-term objectives.
Example in Overall plan to win a war, including Individual battles or maneuvers to win
Warfare alliances and territorial objectives. specific engagements.

-------------------------------------------------------------------------------------------------------------
Q5)Difference OR What is Business Process and Technical Control.
→
Aspect Business Process Controls Technical Controls
Procedures and policies to ensure
Automated mechanisms to safeguard
Definition business processes are effective and
information systems and data.
efficient.
Ensure compliance, accuracy, and Protect against cyber threats and
Purpose
efficiency in business operations. unauthorized access.
Organizational policies, procedures, Technology-based measures such as
Focus
and workflows. software, hardware, and protocols.
Approval workflows, segregation of Firewalls, antivirus software, encryption,
Examples
duties, audit trails. multi-factor authentication.
Typically implemented by business Implemented by IT and security
Implementation
managers and process owners. professionals.
Regular audits, process reviews, and Continuous monitoring through
Monitoring
management oversight. automated systems and security tools.
May need adjustments based on
Must be updated regularly to counter
Flexibility business needs and regulatory
evolving threats.
changes.
Broad, affecting various departments Specific to IT infrastructure and data
Scope
and processes. protection.
Ensures adherence to industry
Ensures technical compliance with
Compliance standards and regulatory
security standards and protocols.
requirements.
Risk Identifies and mitigates operational Identifies and mitigates technical and
Management risks. cyber risks.

Business Processes VS Technical Controls:-

BPRe-engineering is found in 1990’s. There are four component (Phases)
1) Identify process- what the old process is.
2) Review Update and Analyze (Find where the strategy lack)
3) Design To - be ( actual design in field)
4) Test & Implement To - Be
Eg-Case study on one motor company
Technical control:-
Technical controls are the hardware and software components that protect a
system against cyberattacks. Firewalls, intrusion detection systems (IDS),
encryption, and identification and authentication.
-------------------------------------------------------------------------------------------------------------
Q.6)Active Attack and Passive Attack.
→
Active Attack
In an active attack, Modification in
information takes place.
Active Attack is a danger to Integrity as
well as availability.
In an active attack, attention is on
prevention.
Due to active attacks, the execution
system is always damaged.
In an active attack, Victim gets
informed about the attack.
In an active attack, System resources
can be changed.
Active attack influences the services of
the system.
In an active attack, information
collected through passive attacks is
used during execution.
An active attack is tough to restrict
from entering systems or networks.
Can be easily detected.
The purpose of an active attack is to
harm the ecosystem.
In an active attack, the original
information is modified.
The duration of an active attack is
short.
The prevention possibility of active
attack is High
Complexity is High
-------------------------------------------------------------------------------------------------------------
Passive Attack
While in a passive attack, Modification
in the information does not take place.
Passive Attack is a danger to
Confidentiality.
While in passive attack attention is on
detection.
While due to passive attack, there is no
harm to the system.
While in a passive attack, Victim does
not get informed about the attack.
While in passive attack, System
resources are not changing.
While in a passive attack, information
and messages in the system or
network are acquired.
While passive attacks are performed
by collecting information such as
passwords, and messages by
themselves.
Passive Attack is easy to prohibit in
comparison to active attack.
Very difficult to detect.
The purpose of a passive attack is to
learn about the ecosystem.
In passive attack original information is
Unaffected.
The duration of a passive attack is long.
The prevention possibility of passive
attack is low.
Complexity is low.
Q.7)Explain or Eloborate Target of Threat.
→There ate differant sources of threats-
1. External-Hacker, Malicious attacker, Malware etc..
2. Internal- Employee, partners, Vendors etc..There are targets of Threats:-

1. System Vulnerabilities
• What It Is: These are weaknesses in software or hardware that can be
exploited by hackers.
• Examples: Things like outdated software or settings that haven't been
changed, making it easy for attackers to get in.
• Consequences: If exploited, these vulnerabilities can lead to stolen data or
systems crashing.
• How to Find: Regularly checking for security flaws and testing the system
can help identify these weaknesses.
• Prevention: Keeping software updated, using firewalls, and following secure
coding guidelines can protect against attacks.
2. Backend Databases
• Importance: These databases hold important information like customer
details and financial records, making them valuable targets for hackers.
• Common Attacks: Hackers often use methods like SQL injection to trick
databases into giving up sensitive information.
• Protecting Data: Encrypting data helps keep it safe from unauthorized
access.
• Access Control: Limiting who can access the database and requiring strong
passwords helps secure sensitive information.
• Regular Checks: Monitoring database activity and conducting security
reviews can help spot suspicious actions quickly.
3. User Profile Data
• High Value: User profile data includes personal information that can be
used for identity theft and fraud.
• Phishing Threats: Hackers often use fake emails to trick users into giving
away their personal information.
• Risks of Breaches: If user data is stolen in a data breach, it can harm both
the individual and the organization.
• User Awareness: Teaching users about strong passwords and how to spot
phishing attempts can help protect their data.
• Collecting Less Data: Organizations should only collect the information they
really need and safely delete what they no longer use.
4. Business Processes and Services Offered
• Impact on Operations: Threats to business processes can cause
interruptions in services, affecting customers and revenue.
• Denial of Service Attacks: Hackers can overload systems, making them
temporarily unavailable for legitimate users.
• Vulnerable Suppliers: Problems with third-party suppliers can also put a
business at risk.
• Emergency Plans: Having a plan in place for responding to incidents can
help organizations recover quickly from disruptions.
• Ongoing Monitoring: Continuously watching business activities can help
detect problems and respond to threats immediately.

-------------------------------------------------------------------------------------------------------------
Q.8)Explain Type Of Viruses (8 to 10)
→ File Virus:
This type of virus infects the system by appending itself to the end of a file. It
changes the start of a program so that the control jumps to its code. After the
execution of its code, the control returns back to the main program. Its
execution is not even noticed. It is also called a Parasitic virus because it
leaves no file intact but also leaves the host functional.

Boot sector Virus:

It infects the boot sector of the system, executing every time system is booted
and before the operating system is loaded. It infects other bootable media like
floppy disks. These are also known as memory viruses as they do not infect
the file systems.
Macro Virus:
Unlike most viruses which are written in a low-level language(like C or
assembly language), these are written in a high-level language like Visual
Basic. These viruses are triggered when a program capable of executing a
macro is run. For example, the macro viruses can be contained in spreadsheet
files.

Source code Virus:

It looks for source code and modifies it to include virus and to help spread it.

Polymorphic Virus:
A virus signature is a pattern that can identify a virus(a series of bytes that
make up virus code). So in order to avoid detection by antivirus a polymorphic
virus changes each time it is installed. The functionality of the virus remains
the same but its signature is changed.

Encrypted Virus:
In order to avoid detection by antivirus, this type of virus exists in encrypted form.
It carries a decryption algorithm along with it. So the virus first decrypts and then
executes.

Stealth Virus:
It is a very tricky virus as it changes the code that can be used to detect it. Hence,
the detection of viruses becomes very difficult. For example, it can change the
read system call such that whenever the user asks to read a code modified by a
virus, the original form of code is shown rather than infected code.
Tunneling Virus:
This virus attempts to bypass detection by antivirus scanner by installing itself in
the interrupt handler chain. Interception programs, which remain in the
background of an operating system and catch viruses, become disabled during the
course of a tunneling virus. Similar viruses install themselves in device drivers.

Multipartite Virus:
This type of virus is able to infect multiple parts of a system including the boot
sector, memory, and files. This makes it difficult to detect and contain.

Armored Virus:
An armored virus is coded to make it difficult for antivirus to unravel and
understand. It uses a variety of techniques to do so like fooling antivirus to believe
that it lies somewhere else than its real location or using compression to
complicate its code.

Browser Hijacker:
As the name suggests this virus is coded to target the user’s browser and can alter
the browser settings. It is also called the browser redirect virus because it
redirects your browser to other malicious sites that can harm your computer
system.

FAT Virus:
The File Allocation Table is the part of the disk used to store all information about
the location of files, available space , unusable space etc. This virus affects the FAT
section and may damage crucial information.
-------------------------------------------------------------------------------------------------------------
Q.9)Explain or Eloborate Security Categories.
→
Security controls can be logically group into several categories-
Preventative- Blocking threats before they can exploit a vulnerability.
• Access Control: Only allowed people can access sensitive information. This
is done using passwords and other authentication methods.
• Firewalls and Antivirus: These tools keep out hackers and viruses by
blocking harmful traffic and scanning for malware.
• Security Training: Teaching employees about security practices helps
prevent mistakes that could lead to breaches.

Detective:- Discover and provide notification of attacks or misuse when

they happen.
• Intrusion Detection Systems (IDS): These systems watch for unusual activity
on the network and alert the security team if something suspicious occurs.
• Log Monitoring: Checking logs from computers and servers can reveal
unauthorized access or strange behavior.
• Security Information Management Tools: These tools collect and analyze
security data from different sources to provide alerts about potential
threats.

Deterrent:- Discourage outsider attacks and insider policy violations.

• Security Cameras: Visible cameras can make people think twice before
trying to break in.
• Warning Signs: Signs about security measures remind people that there are
consequences for accessing areas they shouldn't.
 • Incident Response Plans: Having a plan for how to handle security issues
shows that the organization takes security seriously.
Corrective:- Restore the integrity of data or another asset.
• Data Backup: Regularly saving copies of data ensures it can be restored if it
gets lost or damaged.
• Applying Security Updates: Keeping software up to date helps close
security gaps that could be exploited.
• Response Teams: Having a team ready to address security incidents can
help minimize damage after a breach.

Recovery:- Restore the avilability of service.

• Disaster Recovery Plans: These plans explain how to respond to major
incidents to restore critical services quickly.
• Backup Systems: Having extra systems ready to take over ensures that
services remain available if primary systems fail.
• Business Continuity Plans: These plans help keep essential functions
running during and after a crisis.

Compensative:- Providing protection when another control fails.

• Alternative Security Measures: If a primary control (like a firewall) fails,
other measures, such as extra monitoring, can help keep things secure.
• Multi-Factor Authentication (MFA): This adds another layer of security, like
needing both a password and a code sent to your phone.
• Incident Reporting: Having a clear way for people to report security issues
helps address problems quickly when they arise.

-------------------------------------------------------------------------------------------------------------
Q.10)Explain Different Risk Process.
→ Framing Risk:- It addresses how organization frame risk or establish a risk
context(describing environment in whish risk based decisions are made)

Risk Assessment:- Approaches can be done quantitatively or Qualitatively.

Responding ti Risk:- It is based on the result of the risk assessment . It

addesses how organization respond to risk once that risk is determined. It
helps to develop and evaluate an alternative courses of action.

Monitoring Risk:- It helps to determine the ongoing effectiveness of the

risk responses.

-------------------------------------------------------------------------------------------------------------
Q.11)Explain CIA Trade.(Confidentiality, Integrity and Availability)
→ CIA Trade:- Confidentiality, Integrity, and Availability
It is a guiding model in Information Security.
It is used for the development of security policies and security controls that
minimize threats to these three crucial components.
Diagram:-

Confidentiality:-
1)Only the authorized individuals or systems can view sensitive or classified
information.
2)The data being sent over the network should not be accessed by
unauthorized individuals.
3)The attacker may try to capture the data using differant tools available on the
internet and gain access to the sensitive information

Integrity:-
1)The data has not been altered in an unauthorized way.
21)The main goal is to block the ability of unauthorized people to make
changes to data and to provide a means of restoring data back to the
original state.
3)Corruption of data is a failure to maintain data integrity.

Availability:-
1)The data should be readily available to its users when needed. This applies
to systems and to data.
2)It can be ensured by implementing high availability or continuous service
controls on computers, networks and storage, making regular upgrades,
having a plan for backups and prevent bottleneck in a network.
-------------------------------------------------------------------------------------------------------------
Q.12)Explain Defense Model and its types or (Security Approaches)
--Loli pop Model
→Diagram:

• Basic Concept: The Lollipop Model is likened to a lollipop, where the stick
represents a single layer of security (like a firewall) and the candy
represents the valuable data or assets.
• Weakness: This model focuses primarily on perimeter security, meaning it
tries to keep attackers out but does not provide much protection once they
get past that first layer. If a hacker breaks through the outer defense, they
can easily access everything inside.
• Limited Protection: It treats all assets equally, offering no additional
security measures for more sensitive data. This can lead to significant
vulnerabilities, especially if an attacker is already inside the network.
• Not Ideal for Complex Environments: Because it lacks multiple layers of
defense, the Lollipop Model is generally not recommended for
organizations with complex security needs.
• Example: Think of it as having a strong gate at the entrance of a property
but leaving all the windows and doors unlocked
 --Onion Model
→Diagram:

• Basic Concept: The Onion Model uses the analogy of an onion, which has
multiple layers. Each layer represents a different level of security, creating a
more robust defense system.
• Layered Defense: In this model, if an attacker tries to breach the system,
they must get through multiple layers of security (like firewalls, intrusion
detection systems, and encryption) before reaching the valuable data. This
makes it much harder for them to succeed.
• Defense in Depth: The Onion Model embodies the principle of "defense in
depth," meaning that even if one layer fails, others are still in place to
protect the data. This approach significantly increases the difficulty for
attackers.
• Customizable Security: Organizations can tailor the layers based on their
specific needs, defining different levels of security for various types of data
and access points.
• Example: Imagine a castle with several walls and gates; even if an enemy
breaches the outer wall, they still face multiple defenses before reaching
the treasure inside.
Q13)Explain type of Worms.
→ A worm virus is a computer virus that can self-replicate, mostly
without human intervention. It is a stand alone computer program that
replicate itself in order to spread to other computer.
1. Email Worms
• How They Spread: Email worms spread through email attachments or links.
They trick people into opening infected attachments or clicking on malicious
links in emails.
• Famous Example: The ILOVEYOU worm, which appeared in 2000, disguised
itself as a love letter attachment. When someone opened it, it infected their
computer and sent copies to everyone in their address book.
• Impact: This worm caused significant damage, affecting millions of
computers and leading to billions in losses.
2. Network Worms
• How They Spread: Network worms move through computer networks by
exploiting security weaknesses in network services or protocols. They can
infect many systems quickly by scanning and copying themselves
automatically.
• Famous Example: The Conficker worm exploited vulnerabilities in Windows
operating systems and spread rapidly across networks, infecting millions of
computers worldwide.
• Impact: It caused significant disruptions and highlighted the importance of
network security.
3. File-Sharing Worms
• How They Spread: File-sharing worms target shared folders or peer-to-peer
file-sharing networks. They pretend to be normal files and trick users into
downloading and running them.
 • Famous Example: The Napster worm affected the Napster file-sharing
network in the late 1990s. It targeted specific songs and replaced them with
infected files.
• Impact: This type of worm can spread quickly among users sharing files,
leading to widespread infections.
4. Instant Messaging (IM) Worms
• How They Spread: IM worms spread through instant messaging platforms.
They send infected links or files to a person’s contacts.
• Famous Example: The Kelvir worm spread through popular instant
messaging platforms like MSN Messenger. It sent infected links to contacts,
enticing them to click and download the worm unknowingly.
• Impact: This type of worm can quickly infect many users within a network
of contacts.
5. Internet Worms
• How They Spread: Internet worms target vulnerabilities in websites, web
servers, or web applications. They can infect computers when people visit
compromised websites or interact with infected web content.
• Famous Example: The Code Red worm affected web servers running
Microsoft IIS in 2001. It exploited a vulnerability and defaced websites while
spreading by scanning the internet for vulnerable servers.
• Impact: This worm demonstrated how easily vulnerabilities could be
exploited on the internet, leading to widespread infections.
Q14)Explain type of Trojans.
→ Trojans are malware, and like most forms of malware, Trojans are
designed to damage files, redirect internet traffic, monitor the user's activity,
steal sensitive data or set up backdoor access points to the system.
1. Backdoor Trojan
• Description: This type of Trojan allows attackers to gain remote access to
the compromised computer.
• Functionality: Once installed, the attacker can control the machine, delete
files, steal data, or install more malware without the user's knowledge.
• Example: A backdoor Trojan might be used to create a botnet, where
multiple infected computers are controlled by the attacker.
2. Ransom Trojan
• Description: This Trojan encrypts the data on the victim's computer and
demands payment for the decryption key.
• Functionality: Users are locked out of their files and must pay a ransom to
regain access.
• Example: Ransomware attacks often use this method to extort money from
individuals and organizations.
3. Trojan Banker
• Description: Designed specifically to steal sensitive financial information,
such as online banking credentials and credit card details.
• Functionality: It often targets users of online banking services, capturing
login information as users attempt to access their accounts.
• Example: A Trojan Banker might redirect users to fake banking websites to
collect their login details.
4. Trojan Downloader
 • Description: This type of Trojan is designed to download additional
malicious files onto the victim's computer.
• Functionality: It can install other Trojans, adware, or spyware without the
user's consent.
• Example: A Trojan Downloader might pull in the latest version of a banking
Trojan or other harmful software.
5. Trojan Dropper
• Description: A Trojan Dropper is designed to install other malicious files
while avoiding detection.
• Functionality: It can hide the presence of other malware on the system,
making it harder for security software to find and remove them.
• Example: A Trojan Dropper might install a backdoor Trojan or ransomware
without the user realizing it.
6. Trojan GameThief
• Description: This Trojan targets online gamers, stealing their account
information and in-game assets.
• Functionality: It can capture login credentials for gaming accounts, allowing
attackers to take over accounts or steal virtual items.
• Example: A Trojan GameThief might be disguised as a game cheat or mod.
7. Trojan I’s
• Description: This type of Trojan is designed to steal login credentials and
passwords from various applications.
• Functionality: It can target popular services like Skype, Yahoo Messenger,
and others to capture sensitive information.
• Example: A Trojan I’s might log keystrokes to gather usernames and
passwords as users type them.
Uses of Trojan Horses
Trojans can be used in various malicious ways:
• Spyware: Some Trojans act as spyware, collecting sensitive information like
social media usernames, passwords, and credit card details without the
user's knowledge.
• Creating Backdoors: Trojans can modify system settings to allow other
malware or cybercriminals to access the device easily.
• Zombie Computers: Attackers may use infected computers as "zombies" to
perform tasks like sending spam or launching attacks without the owner's
consent.