Assignment#1

Network Security and Cyber Forensics (CSPC-306)

Date of Submission: 25/03/2024

Q.1: A multinational corporation, GlobalTech Inc., faced significant challenges in securing its
internal communications across its global branches. With a vast network spanning multiple
countries, the corporation is vulnerable to cyber threats, including data interception,
unauthorized access, and man-in-the-middle attacks. GlobalTech Inc. required a robust solution
to secure its network communications at the IP layer to ensure confidentiality, integrity, and
authentication of data packets transmitted across its networks. The primary challenge for
GlobalTech Inc. is to implement a security solution that could:
 Secure data transmission across different geographical locations.
 Provide flexibility in applying security policies.
 Ensure compatibility with existing network infrastructure.
 Offer scalability to accommodate future growth.

Q.2: TelecomCo, a leading telecommunications company, provided services to millions of

customers worldwide. With the advent of 5G technology and the exponential increase in the
number of connected devices, TelecomCo faced new security challenges. These challenges
included protecting data privacy, securing mobile communications against advanced cyber
threats, and ensuring the integrity of customer data in transit over both wired and wireless
networks. TelecomCo needed to address several complex security concerns:
 Protection against sophisticated cyber-attacks targeting mobile users and IoT devices.
 Ensuring data privacy and integrity for communications across diverse networks and
devices.
 Implementing a scalable and flexible security solution that could adapt to the evolving 5G
technology landscape.

Q.3: E-ShopNow, a rapidly growing e-commerce platform, experienced a surge in traffic and
transactions due to its expanding product range and customer base. While business growth was
promising, the platform faced increasing cybersecurity threats, including data breaches, man-
in-the-middle (MITM) attacks, and customer data theft. Recognizing the critical need to protect
user data and transactions, E-ShopNow sought to implement robust security measures at the
transport layer. E-ShopNow's challenges were multifaceted:
 Ensuring Data Confidentiality and Integrity: Protecting sensitive customer information,
such as credit card details and personal data, during transmission.
 Building Trust with Customers: Demonstrating a commitment to security to maintain and
grow customer trust and loyalty.
 Regulatory Compliance: Meeting stringent data protection regulations to avoid legal
penalties and reputational damage.
 Seamless Integration: Upgrading security without disrupting the existing user experience or
platform performance.
Q.4: FinBank, a leading financial institution, observed an exponential increase in mobile
banking usage among its customers. While this digital shift improved convenience and
operational efficiency, it also exposed the bank and its users to advanced cyber threats,
including sophisticated man-in-the-middle (MITM) attacks, data breaches, and interception of
financial transactions. FinBank's legacy encryption protocols were becoming inadequate in
safeguarding sensitive data exchanges, necessitating a more robust security solution to protect
its mobile banking application. FinBank faced several critical challenges:
 Advanced Threat Landscape: The bank needed to protect against advanced cyber threats
that could compromise the confidentiality and integrity of sensitive financial transactions.
 Performance and Compatibility: Implementing stronger security measures without
compromising the mobile application’s performance or user experience.
 Regulatory Compliance: Adhering to strict financial industry regulations and data
protection standards.
 Customer Trust: Ensuring that the enhanced security measures bolstered customer
confidence in using the mobile banking application.

Q.5: SecureComm, a global communications company, faced increasing challenges in

protecting the confidentiality and integrity of its email communications across its international
operations. With branches and clients across various jurisdictions, SecureComm's email system
became a prime target for cyber espionage, data breaches, and phishing attacks. The diverse
nature of the threats necessitated a robust solution that could secure email content directly at
the application layer. SecureComm's primary challenges included:
 Global Security Compliance: Adhering to varied and stringent data protection regulations
across different countries.
 Interoperability: Ensuring secure email communication across different systems and
technologies used by clients and partners.
 User Transparency: Maintaining ease of use for employees without requiring significant
changes to their email usage habits.
 Scalability: Implementing a solution that could be scaled across the company's growing
global operations.

Q.6: FinDataCorp, a leading financial data analysis company, manages sensitive financial
information and provides insights to clients worldwide. With the increasing sophistication of
cyber threats and stringent data protection regulations, the company faced significant
challenges in ensuring the security and privacy of the financial data it processed and stored.
FinDataCorp's primary challenges were multifaceted:
 Data Security: Ensuring the confidentiality and integrity of sensitive financial data both in
transit and at rest.
 Regulatory Compliance: Complying with international financial data protection standards
and regulations, such as GDPR and PCI DSS.
 Scalability and Performance: Implementing a robust encryption solution that could scale
without compromising system performance or user access times.
 Key Management: Safeguarding encryption keys while ensuring they were accessible for
legitimate processing and analysis needs.
Q.7: A financial institution is deploying a new application for online transactions that require
high levels of data integrity, confidentiality, and flow control to ensure that transactions are
processed reliably and securely.
As a network specialist, you are asked to recommend Transport Layer protocols and
mechanisms to meet the application’s requirements. Consider the following:
 Which Transport Layer protocol(s) would you recommend for the online transaction
system, and why?
 Discuss how your chosen protocol(s) ensures data integrity, confidentiality, and flow
control during a transaction process.
 Describe any potential issues that might arise with your chosen protocol(s) in terms of
performance (e.g., latency, throughput) and how you would address these issues to maintain
a balance between security and performance.

Q.8: A rapidly growing e-commerce company with a global customer base plans to significantly
expand its operations. The company operates a centralized data center in North America and
plans to open two new data centers in Europe and Asia to improve website performance and
reliability for its international customers. The network infrastructure must be designed to
support seamless data synchronization across data centers, manage large volumes of web traffic,
and provide high resilience against failures or cyber-attacks.
As a senior network engineer, you are tasked with designing a network topology that ensures
high availability, low latency communication between data centers, and scalability to
accommodate future growth. Additionally, the company requires the implementation of robust
security measures to protect sensitive customer data during transmission across the network.
Case Study question are as follows:
 Describe the network topology you would recommend for connecting the three data centers.
Include how you would implement redundancy to ensure high availability.
 Propose an IP addressing scheme that facilitates efficient routing and data synchronization
between the data centers while considering future expansion.
 Which routing protocols would you implement within and between the data centers to
support the company’s requirements for scalability, security, and performance? Justify your
choices.
 How would these protocols optimize the path selection process to ensure low latency and
high resilience in case of link or node failures?
 Discuss the security measures and protocols you would implement to protect data in transit
between the data centers against interception and tampering.
 How would you ensure the integrity and confidentiality of sensitive customer data as it
traverses the network?
 Identify potential challenges your network design might face in terms of scaling,
performance, or security.
 Provide solutions or strategies to mitigate these challenges, ensuring the network remains
robust and efficient as the company grows.

Q.9: A leading e-commerce platform experiences significant growth in user traffic, resulting in
increased load times and occasional downtime during peak shopping periods. The platform
operates on a microservices architecture, with different services handling user authentication,
product catalog management, order processing, and payment transactions. The company aims
to enhance the user experience by optimizing application performance, ensuring high
availability, and securing sensitive customer data.
As the chief architect, you are tasked with designing an optimization strategy for the application
layer that addresses the current performance bottlenecks, improves fault tolerance, and
strengthens security measures to protect user data. Case Study question are as follows:
 Identify potential causes of the increased load times and downtime during peak periods.
Propose a detailed strategy for optimizing the performance of the e-commerce platform's
application layer. Consider aspects like service scaling, load balancing, and caching
mechanisms.
 How would you modify the existing microservices architecture to handle the increased
traffic more efficiently while maintaining or improving response times?
 Describe the techniques and technologies you would implement to ensure high availability
and fault tolerance of the e-commerce platform. Discuss how you would manage service
failures to minimize impact on user experience.
 How would you design the system to automatically handle spikes in traffic, such as during
sales events or promotional campaigns, without manual intervention?
 Given the sensitive nature of customer data (e.g., personal information and payment
details), outline the security protocols and measures you would put in place at the
application layer to prevent data breaches and ensure data privacy.
 Discuss the role of encryption, secure APIs, and access control in your security strategy.
How would you ensure compliance with international data protection regulations (e.g.,
GDPR, CCPA)?
 Explain how you would implement monitoring tools and practices to continuously assess
the performance of the e-commerce platform. Include metrics and KPIs that are crucial for
identifying issues and areas for improvement.
 Describe the process for regularly updating the platform’s application layer, considering
new features, security patches, and performance enhancements. How would you ensure
these updates do not disrupt the platform’s operation?
 Assignment#2
Network Security and Cyber Forensics (CSPC-306)

Submission Date: 03-May-2024

1. Could you elucidate the concept of a virtual cluster number within the context of file system
architectures?

2. What should you consider when determining which data acquisition method to use?

3. Could you provide a detailed elucidation of the concept known as cybercrime? What are
the different roles of computers with respect to cybercrime?

4. What do you understand by dcfldd commands in Linux? Discuss the functionality of at

least five commands that can be used for data validation.

5. What are the steps involved in computer evidence handling? Explain in detail.

6. A desperate employee calls because she has accidentally deleted crucial files from her hard
drive and can’t retrieve them from the Recycle Bin. What are your options? Write one to
two pages explaining your capabilities and listing the questions you must ask her about her
system.

7. A bank has hired your firm to investigate employee fraud. The bank uses four 20 TB
machines on a LAN. You can talk to the network administrator, who knows where the data
is stored. What diplomatic strategies should you use? Which acquisition method should you
use? Write a two-page report outlining the problems you expect to encounter, explaining
how to rectify them, and describing your solution. Be sure to address any customer privacy
issues.

8. Your mentor has asked you to research current acquisition tools. Using your preferred
Internet search engine and the vendors, prepare a report containing the following
information for each tool (minimum 5) and stating which tool you would prefer to use:
 Forensics vendor name
 Acquisition tool name and latest version number
 Features of the vendor’s product
 With this data collected, prepare a spreadsheet listing vendors in the rows. For the
column headings, list the following features:
 Raw format
 Proprietary format
 AFF format
 Other proprietary formats the tool can read
 Compression of image files
 Remote network acquisition capabilities
 Method used to validate (MD5, SHA-1, and so on)
9. As part of the duties of a digital forensics examiner, creating an investigation plan is a
standard practice. Write a paper that describes how you would organize an investigation for
a potential fraud case. In addition, list methods you plan to use to validate the data collected
from drives and files, such as Word and Excel, with hashes. Specify the hash algorithm you
plan to use, such as MD5 or SHA-1.

10. In an ongoing investigation, several graphics files were transmitted via e-mail from an
unknown source to a suspect. The lead investigator gives you these graphics files and tells
you that at least four messages should be embedded. Use your problem-solving and
brainstorming skills to determine a procedure to follow. Write a short report outlining what
to do.
 Date 27-FEB-2024
Student Roll No: Student Name:

Dr B R Ambedkar National Institute of Technology, Jalandhar

B. Tech (Computer Science and Engineering)
CSPC-306, NETWORK SECURITY AND CYBER FORENSICS
Quiz-1

1. Which of the following is not true about ChangeCipherSpec protocol.

a. After ChangeCipherSpec protocol the client and server are ready to exchange data
b. This is the last message in Handshake Protocol
c. The client sends a ChangeCipherSpec message to show that it has moved all of the
cipher suite set and the parameters from the pending state to the active state.
d. The ChangeCipherSpec protocol message is only one byte

2. In transport mode, IPSec protects the ______

a) Entire IP packet
b) IP header
c) TCP payload
d) None of These

3. In IPSec the size of the window is determined by the receiver with a default value of
__________

4. When an IP datagram carries an ESP header and trailer in tunnel mode, the value of the
protocol field in the IP new header and IP old header are _____________ and
_______________ respectively.

5. Which of the following is not a valid type of Handshake messages

a. CertificateRequest
b. Identification
c. ClientHelloDone
d. ClientKeyExchange

6. Which of the following message is not a part of the Phase II of handshake protocol in
SSL.
a. CleintHelloDone
b. Certificate
c. ServerKeyExchange
d. CertificateVerify

7. In Internet key exchange phase I, who can be the initiator.

a. Sender
b. Receiver
c. Any of the following
d. Both at the same time
8. Which of the following is true about the session and connection in SSL.
a. A connection between two parties can be terminated and reestablished within the
same session.
b. A session can consist of many connections.
c. Once a session is suspended it cannot be resumed again.
d. When a connection is terminated, the two parties can also terminate the session, but
it is not mandatory.

9. After Phase I of handshake protocol in SSL, the client and server know the following:
a. The version of SSL
b. The compression method
c. The two random numbers for key generation
d. The algorithms for key exchange, message authentication, and encryption

10. In IKE phase 1 main mode, initial two message in preshared secret-key method are used
for
a. Share Nonces
b. Remove Clogging Attack
c. SA Negotiation
d. None of These

11. The AH protocol provides

a. source authentication
b. data integrity
c. privacy
d. None of These

12. Sequence numbers in IPSEC is sufficient to prevent.

a. Replay Attack
b. Man in the Middle Attack
c. Clogging Attack
d. None of These

13. Which of the following is not a part of Client Hello message in SSL Protocol
a. Half Key
b. Compression Method
c. Random Number
d. Certificate

14. Which of the following is false with respect to SSL and TLS.
a. The generation of cryptographic secrets is more complex in SSL than in TLS.
b. TLS supports all of the alerts defined in SSL except for NoCertificate.
 c. In SSL, the hash used in the CertificateVerify message is the two-step hash of the
handshake messages plus a pad and the master secret.
d. TLS uses the data-expansion function to calculate two hashes used for the Finished
message

15. Which one of the following is not a session state parameter?

a. Master Secret
b. Cipher Spec
c. Server Write Key
d. Peer Certificate

16. The _______ mode is normally used when we need host-to-host (end-to-end) protection

of data
a. Tunnel
b. Transport
c. either (a) or (b)
d. neither (a) nor (b)

17. Which protocol is used for the purpose of copying the pending state into the current state?
a. Alert Protocol
b. Handshake Protocol
c. Change Cipher Spec Protocol
d. None of These

18. In Handshake Protocol phase II, there is no requirement for Server Key Exchange in
a. RSA
b. Anonymous DH
c. Fixed DH
d. Ephemeral DH

19. Hashing in IPSEC is based on the total packet. However, only ___________________
fields of the IP header are included in the calculation of the message digest (authentication
data).

20. Security Association can be identified by the following parameters

a. Security Parameters Index
b. IPsec Mode
c. Destination IP Address
d. Security Protocol
 Name………………….. Roll No…………………..

Dr B R Ambedkar National Institute of Technology, Jalandhar

B Tech 6th Semester (Computer Science & Engineering)
Network Security & Cyber Forensics (CSPC–306)
Quiz#2

Q1: The Temporal Key Integrity Protocol (TKIP) enhances WEP by introducing several new features.
Which of the following is NOT one of these features?
A) A per-packet key mixing function to combat weak key attacks.
B) The use of a 48-bit Initialization Vector to prevent replay attacks.
C) A cryptographic message integrity code (MIC) to protect against forgeries.
D) Utilizing the RC4 cipher for encryption to maintain backward compatibility.
Q2: Which of the following best describes the key management process in the 802.1x protocol?
A) The Group Key Handshake is used to derive and distribute Pairwise Master Keys (PMKs).
B) The Pre-shared Key (PSK) is used to authenticate messages in the four-way handshake.
C) The RADIUS server distributes the Pairwise Master Key (PMK) to the Access Point (AP), which then
initiates the four-way handshake.
D) All keys are derived locally at the client and then transmitted to the server for validation.
Q3: What method is specifically mentioned as a cybercrime against property through deception and
data manipulation?
A) Salami slicing attack B) Data diddling
C) Trojan horse deployment D) Both A and B
Q4: What type of cybercrime involves unauthorized access and modification of network or personal
data?
A) Cyber vandalism B) Cyber espionage
C) Cyber squatting D) Cyber defamation
Q5: Which tool is commonly used by cybercriminals to execute attacks without the victim's
knowledge?
A) Virus B) Worm
C) Trojans D) Ransomware
Q6: What type of cybercrime involves the use of internet services to exploit or harass individuals
online?
A) Cyber espionage B) Data diddling
C) Cyber warfare D) Cyber stalking
Q7: Which phishing attack targets high-level executives within an organization to steal sensitive
information?
A) Deceptive phishing B) Spear phishing
C) Whaling D) Clone phishing
Q8: Which method is specifically used to combat 'Rootkit' installations on computer systems?
A) Isolating the infected system from the network
B) Regularly updating firewall rules
C) Scanning emails for suspicious links
D) Educating users about the dangers of phishing

Q9: Which of the following challenges is commonly faced in disk forensics?

A) High costs of digital storage
B) Files stored as graphics, making them hard to analyze
C) Rapid obsolescence of forensic software
D) Difficulty in understanding network protocols
Q10: Which tool is used for analyzing RAM in memory forensics?
A) Volatility B) Wireshark
C) NetFlow collector D) IDS
Q11: What does the forensic readiness of an organization involve?
A) Implementing strong password policies
B) Having incident response procedures and trained personnel
C) Ensuring all software is up to date
D) Regularly changing management staff
Q12: What is the primary advantage of using raw format for data acquisitions in computer forensics?
A) It provides the highest level of data compression.
B) It can read and correct bad sectors automatically.
C) It allows for fast data transfers and ignores minor read errors.
D) It supports automatic encryption of data.
Q13: Which format is developed by Dr. Simson L. Garfinkel and supports metadata storage within
the image file?
A) Raw format B) Proprietary format
C) Expert Witness Format D) Advanced Forensics Format (AFF)
Q14: What is a significant disadvantage of using proprietary formats in digital forensics?
A) They cannot be compressed.
B) They are typically slower to process.
C) They may not be interoperable between different forensic tools.
D) They do not support metadata.

Q15: Which method of data acquisition is particularly useful when dealing with large storage devices
or when time is limited?
A) Disk-to-image file acquisition B) Logical or sparse acquisition
C) Disk-to-disk copy D) Creating a full forensic clone
Q16: In the context of RAID data acquisitions, which RAID level is known for providing increased
storage without redundancy?
A) RAID 0 B) RAID 1
C) RAID 5 D) RAID 6
Q17: Which tool is specifically mentioned as allowing for disk-to-image copies and supports
segmenting the image file?
A) FTK Imager Lite B) Linux dd command
C) Mini-WinFE D) ProDiscover
Q18: What is the primary function of the Linux command 'dd' when used in data acquisitions?
A) To create a compressed backup of the data.
B) To create a raw format file from a disk or data.
C) To encrypt data during the acquisition process.
D) To analyze data before acquisition.

Q19: Which acquisition method is most suitable when only specific files relevant to an investigation
need to be preserved?
A) Full disk-to-disk copy B) Sparse data copy
C) Logical disk-to-data file acquisition D) Creating a disk-to-image file
Q20: What is the primary challenge when acquiring data from RAID configurations?
A) The inability to compress data during acquisition
B) Compatibility issues with non-Windows operating systems
C) RAID systems do not support modern forensic tools
D) The large volume of data and complex configurations
Name………………….. Roll No…………………..

Dr B R Ambedkar National Institute of Technology, Jalandhar

B Tech 6th Semester (Computer Science & Engineering)
CSPC–306, Network Security & Cyber Forensics
Quiz#3

1. Which one option is not a type of cybercrime?

a. Data theft b. Forgery
c. Damage to data and systems d . Installing antivirus for protection

2. . ___________________ the first task in computer forensics investigation.

a. Acquisition b. Validation and discrimination
c. Extraction d. Reconstruction

3. Validating data is done by obtaining

a. Binary values b. Hex values
c. Hash values d. None of the above

4. What is a common feature of PDF files that enhances their portability?

a. Audio embedding b. Video embedding
c. Text encryption d. Vector graphics

5. Which step involves ensuring the integrity and authenticity of collected forensic data?
a. Approaching digital forensics cases b. Using Autopsy to validate data
c. Recovering passwords d. Examining encrypted files
6. Identifying unknown file formats involves analyzing:
(a)File headers (b)File names
(c)File extensions (d)File contents

7. Who Can Use Computer Forensic Evidence?

a. Criminal Prosecutors, Civil litigations, Corporations, Law enforcement officials
b. Prosecutors, Civil litigations, Corporations, Law enforcement officials
c. Criminal Prosecutors, Civil litigations, Civil Attachment
d. None of These

8. You are a computer forensic examiner and want to determine when a user deleted a file
contained in a Windows XP Recycle Bin. In what file is the date and time information
about the file deletion contained?
a. Index.dat b. Link file
b. INFO2 d. Deleted.ini

9. What is the primary goal of cyber forensics?

a. To prevent cyber attacks
b. To investigate and analyze digital evidence
c. To develop new software for cyber security
d. To create backups of sensitive data
e. Both A and B
10. Which of the following is the best data acquisition method
a. static acquisitions
b. Live acquisitions
a. depends on the circumstances of the investigation.
b. Both A and B

11. A ____________________ acquisition method not only captures specific files but
also collects fragments of unallocated (deleted) data.
a. Sparse b. Live
c. Static d. Logical

12. RAID level 2 refers to?

a) Disk arrays with striping at the level of blocks
b) Disk mirroring with block striping
c) Memory style error correcting code
d) Block interleaved distributed parity

13. ______________ partitions data and parity among all N+1 disks, instead of storing
data in N-disks and parity in one disk.
a. Block interleaved parity b. Block interleaved distributed parity
c. Bit parity d. Bit interleaved parity

14. Which one of the following is a Stripping technique?

a. Byte level stripping b. Raid level stripping
c. Disk level stripping d. Block level stripping

15. Which of the following is the file extensions for metadata in AFF.
a. .afd b. .afm
d. Both of These d. None of These

16. Which of the following is not valid method of data acquiring data for forensics
analysis
a. disk-to-image file b. disk-to-disk copy,
c. disk-to-data file d. sparse data copy of a folder or file
e. None of These

17. Which of the following is consist in Pairwise Transient Key

a. Pre-Shared Key b. Master Session Key
c. Temporal Key d. Both A and B

18. Which of the following protocol is used for authentication between STA and
Authentication Server.
a. Extensible Authentication Protocol
b. Remote Authentication Dial-In User Service
c. Both of These
d. None of These

19. Which of the following services is not provided by Temporal Key Integrity Protocol
a. Confidentiality b. Message authentication
b. Replay Protection d. None of These
20. Key material are sent in which of the following operational phase of IEEE 80.2.11i
a. Discovery Phase b. Authentication Phase
b. Key Generation and Confirmation Phase d. None of These