CCS354- Network Security Class Test 1.

1 PART- A Ans
1. What is Network Security ?
Network security protects a network's infrastructure from unauthorized access, misuse, or
theft. It involves creating a secure environment for devices, applications, and users.
2. Mention the essential Network computer Security requirements. / CIA triad (write about
Confidentiality, Integrity and availability.
Confidentiality: Preserving authorized restrictions on
information access and disclosure, including means for
protecting personal privacy and proprietary information.
Integrity: Guarding against improper information
modification or destruction, including ensuring
information nonrepudiation and authenticity.
Availability: Ensuring timely and reliable access to and
use of information.
Authenticity: The property of being genuine and being
able to be verified and trusted; confidence in the validity
of a transmission, a message, or message originator.
Accountability: The security goal that generates the
requirement for actions of an entity to be traced uniquely
to that entity. This supports nonrepudiation.
Nonrepudiation: Provides protection against denial by
one of the entities involved in a communication of having
participated in all or part of the communication.
3. Analyze the significance of network security.
Network security is crucial because it safeguards sensitive data from cyberattacks, ensuring the
reliability and usability of a network by protecting it from unauthorized access, malicious
activities, and data breaches, thereby maintaining the integrity and confidentiality of
information within an organization or system; essentially, it acts as a critical defense
mechanism against cyber threats, protecting both individual users and businesses from
potential damage and financial losses.
4. List and briefly define categories of security services.( (for 2 marks just give the list)
List : Authentication, Access control, Data confidentiality, Data integrity, Nonrepudiation and
availability of service.
Authentication: The assurance that the communicating entity is the one that it claims to be.
Access control: The prevention of unauthorized use of a resource (i.e., this service controls
 who can have access to a resource, under what conditions access can occur, and what those
accessing the resource are allowed to do).
Data confidentiality: The protection of data from unauthorized disclosure.
Data integrity: The assurance that data received are exactly as sent by an authorized entity (i.e.,
contain no modification, insertion, deletion, or replay).
Nonrepudiation: Provides protection against denial by one of the entities involved in a
communication of having participated in all or part of the communication.
Availability service: The property of a system or a system resource being accessible and usable
upon demand by an authorized system entity
5. Compare active and passive attack.
An "active attack" involves an attacker directly manipulating or altering data within a system,
causing disruption or damage, while a "passive attack" involves an attacker only observing and
collecting information from a system without modifying it, aiming to gather sensitive data
without being detected
6. List and briefly define categories of security mechanisms. (for 2 marks just give the list)
List : Cryptographic algorithms , data integrity, digital signature, Authentication exchange,
traffic padding, routing control, notarization and access control.
Cryptographic algorithms: Transform data between plaintext and ciphertext.
Data integrity: Mechanisms used to assure the integrity of a data unit or stream of data units.
Digital signature: Data appended to, or a cryptographic transformation of, a data unit that
allows a recipient of the data unit to prove the source and integrity of the data unit and protect
against forgery.
Authentication exchange: A mechanism intended to ensure the
identity of an entity by means of information exchange.
Traffic padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis
attempts.
Routing control: Enables selection of particular physically or logically secure routes for certain
data and allows routing changes, especially when a breach of security is suspected.
Notarization: The use of a trusted third party to assure certain properties of a data exchange.
Access control: A variety of mechanisms that enforce access rights to resources.
7. Consider an automated teller machine (ATM) in which users provide a personal
identification number (PIN) and a card for account access. Give examples of
confidentiality, integrity, and availability requirements associated with the system and, in
 each case, indicate the degree of importance of the requirement.
Confidentiality
Secure PIN storage: The ATM system must keep PINs confidential in the host system and
during transmission.
Encrypted PINs: The PIN should be encrypted to protect bank details.
Integrity
Protect account records: The system must protect the integrity of account records and
individual transactions.
Atomic bank transfers: The linkage of bank transfers should be atomic.
Availability
Ensure cash availability
The ATM should be loaded with enough cash to meet demand, especially during peak periods.
Monitor cash levels
Cash levels should be monitored regularly, and vendors should be notified to replenish cash
when needed.
8. Distinguish between threat and attack.

Threat Attack
A threat is a possible security violation that An attack is a deliberate unauthorized action
might exploit the vulnerability of a system or on a system or asset. Attacks can be classified
asset. The origin of the threat may be as active and passive attacks. An attack will
accidental, environmental (natural disaster), have a motive and will follow a method when
human negligence, or human failure. the opportunity arises.
Different types of security threats are
interruption, interception, fabrication, and
modification.
9. Differentiate between an unconditionally secure cipher and a computationally secure
cipher.
An encryption scheme is unconditionally secure if the ciphertext generated
by the scheme does not contain enough information to determine uniquely the
corresponding plaintext, no matter how much ciphertext is available.
An encryption scheme is said to be computationally secure if:
(1) the cost of breaking the cipher exceeds the value of the encrypted information, and
(2) the time required to break the cipher exceeds the useful lifetime of the information.
10. Is Denial of Service (DoS) Active Attack or Passive Attack?

A Denial-of-Service (DoS) attack is considered an active attack in cybersecurity, as it involves

actively interfering with a system by overwhelming it with traffic, making it unavailable to
legitimate users.
11. Convert the given Plain text “ Hard work” into Cipher text using Rail fence technique.

12. What are the principal elements of a public-key cryptosystem?

Plaintext − This is the readable message or information .
 Encryption algorithm − The encryption algorithm performs several conversion on the
plaintext.
Public and Private keys − This is a set of keys that have been selected so that if one can be
used for encryption, and the other can be used for decryption.
Ciphertext − This is scrambled message generated as output. It is based on the plaintext and
the key
Decryption Algorithm − This algorithm get the ciphertext and the matching key and create the
original plaintext.
13. Identify roles of the public and private key.

In cryptography, a public key is used to encrypt data, while a private key is used to decrypt
data; essentially, the public key can be shared freely with anyone, while the private key must
be kept secret by the owner and is used to access the encrypted information only accessible to
them.
Example scenario:
Sending a secure email:
The sender uses the recipient's public key to encrypt the email.
The recipient then uses their private key to decrypt the email and read its content.
14. Describe in general terms an efficient procedure for picking a prime number.
Start with a relatively large odd number and check if it's divisible by any prime number less
than or equal to its square root; if no divisors are found, the number is prime; otherwise,
increment the number by 2 and repeat the process until a prime number is identified.