Q1.)Write a short note on open access and closed access model ?

Q.2)Explain Security Methodologies and Three D’s of security ?

Ans.
1. The field of security is concerned with protec ng assets in general.
2. Informa on security is concerned with protec ng informa on in all its forms, whether wri en, spoken, electronic,
graphical, or using other methods of communica on.
3. Network security is concerned with protec ng data, hardware, and so ware on a computer network.
4. The various branches of security are related to each other, to a greater or lesser extent.
5. The field of informa on security evolves constantly, but the founda ons of good security prac ce have not
changed throughout history.

Three aspects of security can be applied to any situa on—defense, detec on, and deterrence. These are considered
the three Ds of security.

Defense: - Defense is o en the first thing that comes to mind when we think about security, and it's usually the
easiest to understand. People have an ins nc ve desire to protect themselves, so defense is o en priori zed before
other security measures. Defensive measures aim to reduce the chance of a successful a ack or breach, helping to
lower the risks and poten ally saving money by preven ng incidents that could have been costly. On the other hand,
not having enough defensive measures means valuable assets are le vulnerable, which can lead to significant
damage and financial loss.In terms of network defense, there are various controls that help protect valuable assets.
For example, access control devices like stateful firewalls and network access control limit who can access the
network and what they can do. Other defenses include spam and malware filtering, web content filtering, and
change control processes, all of which help prevent threats from entering or damaging systems. These controls work
to protect against things like so ware bugs, a ack scripts, accidental data loss, ethical viola ons, and policy
breaches.However, it's important to understand that defense is just one part of a complete security strategy. While it
helps to protect against threats, it needs to be combined with other approaches to create a well-rounded security
plan.

Detec on: -Another aspect of security is detec on. In order to react to a security incident, you first need to know
about it. Examples of detec ve controls include video surveillance cameras in local stores (or even on your house),
mo on sensors, and house or car alarm systems that alert passers-by of an a empted viola on of a security
perimeter. Detec ve controls on the network include audit trails and log files, system and network intrusion
detec on and preven on systems ,and security informa on and event management (SIEM) alerts, reports, and
dashboards. A security opera ons center (SOC) can be used to monitor these controls. Without adequate detec on,
a security breach may go unno ced for hours, days, or even forever.

Deterrence :- Deterrence is an important part of security that focuses on preven ng security incidents from
happening in the first place. It's a strategy that works by making poten al a ackers think twice before taking harmful
ac ons. The goal is to reduce the frequency of security breaches and the overall loss that might happen due to these
incidents.For example, many companies use deterrence to help ensure their own employees follow security rules.
They do this by threatening disciplinary ac ons or even termina on if someone breaks the rules. To make these
threats clear, companies put in place deterrent controls, like programs that communicate to employees what is and
isn't acceptable behavior. This could include clear communica on about security policies, monitoring employees’
web browsing habits, and offering training to help employees understand how to use company systems safely.
Addi onally, employees might be asked to sign agreements, promising that they understand and will follow the
security policies. All of these measures serve as a way to discourage employees from viola ng security rules. The idea
is that when employees know they could face consequences, they are less likely to cause harm, and this can also
deter poten al a ackers from even trying to breach security.
Q3.)Explain the components of building a security program?
Ans: The overall approach to building a security program, as with any endeavor, should begin with describing what is
needed and why, and to proceed to define how it will be implemented, when, and using which par cular methods.

COMPONENTS USED TO BUILD A SECURITY PROGRAM ARE AS FOLLOWS:

1. Authority
The security program must include the right level of responsibility and authoriza on to be effec ve. A security
program charter defines its purpose, scope, and responsibili es, giving formal authority to the program.

2. Framework
A security framework provides a structured approach to building the program. The security policy defines
management’s intent to meet business requirements, while standards ensure consistency in implementa on and
management. Guidelines offer clear instruc ons for using so ware, systems, and networks.

3. Assessment
Assessment involves iden fying what needs protec on, why, and how. Risk analysis iden fies and evaluates risks to
organiza onal assets, leading to a defined strategy. Gap analysis compares the current state with the desired state,
and remedia on planning priori zes steps to improve security.

4. Planning
Planning creates priori es and melines for security ini a ves. A roadmap outlines ac ons for implemen ng plans,
while the security architecture defines how technologies are implemented. Project plans detail the specific ac vi es
required.

5. Ac on
The security team takes ac ons based on plans. The incident response plan specifies steps to handle security events
effec vely, reducing response me and minimizing damage.

6. Maintenance
Maintenance ensures the maturity of the security program through awareness programs. These educate
stakeholders about expected behaviors, appropriate ac ons, and compliance with security policies.

Q4.)What is meant by threat ? Explain threat and threat vector in detail?

Ans:- 1.)Evalua ng threats is an important part of risk analysis. By iden fying threats, you can give your security
strategy focus and reduce the chance of overlooking important areas of risk that might otherwise remain
unprotected. Threats can take many forms, and in order to be successful, a security strategy must be comprehensive
enough to manage the most significant threats.
2.) For example, if an organiza on were to simply purchase and install a firewall (and do nothing else) without
iden fying and ranking the various threats to their most important assets, would they be secure? Probably not.

3.) These sta s cs are from Verizon’s 2010 Data Breach Inves ga ons Report (DBIR), the result of a collabora on
between Verizon and the U.S. Secret Service. This is a breakdown of “threat agents,” which are defined in the report
as “en es that cause or contribute to an incident.”
4.) incident.” This par cular study illustrates the point that insider threats should be an important considera on in
any security program. Many people that haven’t seen real-world security breaches don’t know this, so they focus
exclusively on external threats.
Threat Vectors:-

1. A threat vector is a term used to describe where a threat originates and the path it takes to reach a target. An
example of a threat vector is an e-mail message sent from outside the organiza on to an inside employee,
 containing an irresis ble subject line along with an executable a achment that happens to be a Trojan
program, which will compromise the recipient’s computer if opened.

2. A good way to iden fy poten al threat vectors is to create a table containing a list of threats you are
concerned about, along with sources and targets

3. Threat vectors take many forms such as Trojan programs, viruses, girlfriend exploit, back door configura ons.

a. Trojan programs: Trojan programs are installed pieces of so ware that perform func ons with the privileges
of authorized users but are unknown to those users.Common func ons of Trojans include stealing data and
passwords, providing remote access and/or monitoring to someone outside the trusted network, or
performing specific func ons such as spamming. Trojans are dangerous because they can hide in authorized
communica on channels such as web browsing.

b. Viruses: Viruses typically arrive in documents, executable files, and e-mail. They may include Trojan
components that allow direct outside access, or they may automa cally send private informa on, such as IP
addresses, personal informa on, and system configura ons, to a receiver on the Internet.

c. Girlfriend exploit: It refers to a Trojan program planted by an unsuspec ng employee who runs a program
provided by a trusted friend from a storage device like a disk or USB s ck that plants a back door (also known
as a trap door) inside the network

d. Back door configura ons: Pre-configured in computer and network devices to allow vendor support
personnel to connect directly to the devices using a common account and password. Almost all network
devices contain back doors and details about them can be easily found on the Internet.

Q5.)Explain different kinds of a acks?

Ans: Any computer that is accessible from the Internet will be a acked. It will constantly be probed by a ackers and
malicious programs intending to exploit vulnerabili es.
If you don’t keep up with patches and take appropriate counter measures, your computer will surely be
compromised within a short amount of me.

Malicious Mobile Code:- There are three generally recognized variants of malicious mobile code: viruses, worms, and
Trojans. In addi on, many malware programs have components that act like two or more of these types, which are
called hybrid threats or mixed threats.
The lifecycle of malicious mobile code looks like this:
1. Find 2. Exploit 3. Infect 4. Repeat
Unlike a human counterpart, malware doesn’t need to rest or eat. It just goes on every second of every day churning
out replica on cycles. Automated a acks are o en very good at their exploit and only die down over me as patches
close holes and technology passes them by. But if given the chance to spread, they will.

Computer Viruses:- A virus is a self-replica ng program that uses other host files or code to replicate. Most viruses
infect files so that every me the host file is executed, the virus is executed too. A virus infec on is simply another
way of saying the virus made a copy of itself (replicated) and placed its code in the host in such a way that it will
always be executed when the host is executed. Viruses can infect program files, boot sectors, hard drive par on
tables, data files, memory, macro rou nes, and scrip ng files.

Computer Worms:- A computer worm uses its own coding to replicate, although it may rely on the existence of other
related code to do so. The key to a worm is that it does not directly modify other host code to replicate. A worm may
travel the Internet trying one or more exploits to compromise a computer, and if successful, it then writes itself to
the computer and begins replica ng again.

E-Mail Worms :- E-mail worms are a curious intersec on of social engineering and automa on. They appear in
people’s inboxes as messages and file a achments from friends, strangers, and companies. They pose as
pornography, cute games, official patches from Microso , or unofficial applica ons found in the digital marketplace.
There cannot be a computer user in the world who has not been warned mul ple mes against opening unexpected
e-mail a achments, but o en the a achments are simply irresis ble.

Trojans :- Trojan horse programs, or Trojans, work by posing as legi mate programs that are ac vated by an
unsuspec ng user. A er execu on, the Trojan may a empt to con nue to pose as the other legi mate program (such
as a screensaver) while doing its malicious ac ons in the background. Many people are infected by Trojans for
months and years without realizing it. If the Trojan simply starts its malicious ac ons and doesn’t pretend to be a
legi mate program, it’s called a direct-ac on Trojan. Direct-ac on Trojans don’t spread well because the vic ms
no ce the compromise and are unlikely, or unable, to spread the program to other unsuspec ng users.

Malicious HTML :- The Internet allows for many different types of a acks, many of which are HTML-based. Pure
HTML coding can be malicious when it breaks browser security zones or when it can access local system files. For
example, the user may believe they are visi ng a legi mate website, when in fact an a acker has hijacked their
browser session and the user is inpu ng confiden al informa on into an a acker site. Malicious HTML has o en
been used to access files on local PCs, too. Specially cra ed HTML links can download files from the user’s
worksta on, retrieve passwords, and delete data.

Q6.)Malicious mobile code

There are three generally recognized variants of malicious mobile code: viruses, worms, and Trojans. In addi on,
many malware programs have components that act like two or more of these types, which are called hybrid threats
or mixed threats.
The lifecycle of malicious mobile code looks like this:
1. Find 2. Exploit 3. Infect 4. Repeat

Unlike a human counterpart, malware doesn’t need to rest or eat. It just goes on every second of every day churning
out replica on cycles. Automated a acks are o en very good at their exploit and only die down over me as patches
close holes and technology passes them by. But if given the chance to spread, they will.

1.Viruses:
A virus is a self-replica ng program that uses other host files or code to replicate. Viruses can infect program files,
boot sectors, hard drive par on tables, data files, memory, macro rou nes, and scrip ng files

Anatomy of a Virus
1. The damage rou ne of a virus (or really of any malware program) is called the payload.
2. a “harmless” virus takes up CPU cycles and storage space.
3. payloads can be inten onally destruc ve, dele ng files, corrup ng data, copying confiden al informa on,
forma ng hard drives, and removing security se ngs.
4. Viruses cannot break hard drive read-write heads, electrocute people, or cause fires.

2.Computer Worms:

1.A computer worm uses its own coding to replicate, although it may rely on the existence of other related code to
do so.
2.A worm doesn’t need to change other programs or files to replicate. It moves through the Internet, looking for
weaknesses in computers. When it finds one, it infects the system and starts copying itself.
3.A er it starts running, the worm can infect the computer, collect email addresses from the user’s email account,
and send itself to those addresses.
4.The worm also adds itself to the Windows startup folder, so it runs automa cally whenever the computer is turned
on. It can also a ack websites with security flaws, adding harmful JavaScript to them.

3.Trojans:
1.Trojan horse programs, or Trojans, trick users by pretending to be regular, harmless programs that the user opens.
2.A er being opened, the Trojan may con nue to look like the original program (for example, a screensaver) while
secretly performing harmful ac ons in the background.
3.If the Trojan doesn’t pretend to be a regular program and just starts causing harm right away, it’s called a direct-
ac on Trojan.
Q7.)Explain the following terms:-
a)RAT:- A Remote Access Trojan (RAT) is a type of malware that allows a ackers to remotely control a compromised
PC. Once installed, it acts as a backdoor, enabling the a acker to perform a wide range of malicious ac ons, including
dele ng files, downloading sensi ve data, and manipula ng the computer’s input and output devices. A RAT can also
record keystrokes and take screenshots, which allows a ackers to track what the user is doing, including capturing
passwords and other sensi ve informa on.

RATs can even record audio and video from the computer’s camera and microphone, poten ally exposing private
conversa ons. Unlike tradi onal viruses or worms, the damage caused by a RAT can persist long a er the malware is
removed.

RATs come with server and client programs. The client part generates server executables that run on the vic m’s PC,
while the server can be heavily customized. It can be configured to listen on specific ports, use encryp on, require
passwords, and even add extra features to evade detec on. The RAT server can also be disguised as legi mate
so ware, such as a game, making it difficult for users to iden fy.

b.) Advanced Persistent Threats :- APTs are sophis cated cybera acks aimed at businesses, especially high-tech
ones, and governments. These a acks are usually carried out by hos le governments or organized criminals for
poli cal or financial gain. APTs are stealthy and can remain undetected on a network for months, wai ng to be
ac vated.

The a ack o en starts with a targeted malware delivery, such as an infected email with a PDF or a malicious link that
triggers a drive-by download. These a acks are a form of spear-phishing, aimed at specific individuals within the
organiza on to trick them into running the malware.

Once the malware infects the vic m’s system, it connects to a Command and Control (CnC) server to download
further malicious tools like rootkits and RATs. This gives a ackers complete control over the vic m’s computer
without the user’s knowledge, making them act like an insider.

APTs are difficult to fully remove because the malware embeds deeply within the system and exploits unpatched
vulnerabili es. Detec on is typically based on the system’s connec on to known CnC servers or through advanced
behavior monitoring. Compromised systems usually need to be rebuilt from scratch.

Q8.)What do you mean by Applica on layer a ack?

Applica on-layer a acks are exploits that target vulnerabili es in applica ons running at the top of the OSI protocol
stack. These a acks focus on manipula ng so ware bugs, weak authen ca on, or unvalidated inputs to compromise
the applica on’s func onality or security. Key Features of Applica on-Layer A acks:

They exploit applica on vulnerabili es rather than network protocols.

Common targets include web servers, databases, and client-side applica ons.
Examples: Buffer overflows, password cracking, SQL injec on, and file-system traversal a acks.

i) Buffer Overflows: -A buffer overflow occurs when an applica on receives more data than it can handle or process.

a. If input valida on is not properly implemented, a ackers can send excessive or malicious data, causing the
applica on to crash or execute arbitrary code. Example: A program expects a 5-character ZIP code but
receives 400 characters instead. This can overflow the memory buffer and disrupt the CPU or introduce
malicious code.

ii) Password Cracking

a)Password cracking refers to methods used to discover or guess a user's password to gain unauthorized
access to a system.
b) Two common techniques include: Brute-force a acks: Trying every possible combina on of characters
 un l the correct password is found. Dic onary a acks: Using a list of common passwords or phrases to
guess the correct one.
c) Tools like John the Ripper or Hashcat are o en used for this purpose.

Q9.) Discuss three aspects of CIA triad. OR Write a short note on CIA Triad Model with reference to Security in
Compu ng

The CIA Triad is a fundamental model in informa on security that focuses on three key principles: Confiden ality,
Integrity, and Availability. These aspects ensure the protec on of data and systems against threats.

1. Confiden ality
Confiden ality ensures that data is accessible only to authorized individuals. It restricts access to sensi ve
informa on, preven ng unauthorized users from viewing or using it. Implemented through measures like
encryp on, strong authen ca on methods (e.g., mul -factor authen ca on), and access control policies.

2. Integrity
Integrity guarantees that data remains accurate and unaltered unless authorized changes are made. It
ensures that informa on is trustworthy and has not been tampered with. Regular backups and checksums
help restore and verify data integrity.

3. Availability
Availability ensures that computer-based services and data are accessible whenever needed. It focuses on
minimizing down me and ensuring systems remain opera onal. Achieved through redundancy (e.g., backup
servers), load balancing, and failover systems.

Q10.)What are the two defence model along with defini on ?

These models are mainly used for Defense Purpose i.e., securing the data or the asset. There are 2 main
types of Security Defense Models: Lollipop Model, and Onion Model. These are explained as following below:

1. Lollipop Model : Lollipop Model is Defense Model associated with an analogy of a Lollipop. A lollipop is
having a chocolate in the middle and around the chocolate, there is a layer of crust, mainly of sugar flavored
syrup. A person licks and licks the lollipop and finally, the chocolate in the middle is exposed.

Mapping this analogy of Lollipop to the Model, the hacker just needs to break that one layer of security to
get hands on the asset, in this case, say it is Username and Password. Once it is done, the hacker can access
the asset. So Lollipop Model is not a good model for Network Security.

2. Onion Model :

Onion Model is Defense Model associated with an analogy of an Onion. An Onion is a vegetable which is
composed of layers. Only by peeling each layer, we can get to the center of the Onion. Also, while peeling, we
get tears in our eyes.
Mapping this analogy of Onion to the Model, the hacker needs to break all the layers of security to get access
to the asset. Breaking each layer i.e., Firewall, IDS/IPS, Authen ca on, Authorisa on, and Cryptography in
this case, should bring tears to his eyes. In simple words, breaking each layer should be complex and
extremely challenging for the hacker. So Onion Model is considered as a good model for Network Security.

Q11.)Give or elaborate any good prac ces/ best prac ces for network defense?
There are many countermeasures you can implement to minimize the risk of a successful a ack, such as
securing the physical environment, hardening the opera ng systems, keeping patches updated, using an
an virus scanner, using a firewall, securing network share permissions, using encryp ons, securing
applica ons, backing up the system, crea ng a computer security defense plan, and implemen ng ARP
poisoning defenses. Secure the Physical Environment

Steps to Secure Your System

1.Secure the Physical Environment: PCs and laptops should be physically locked to desks if needed to
prevent the or unauthorized access.
2.Password-Protect Boo ng: Set a boot password in the BIOS/CMOS to ensure the computer cannot load the
opera ng system without authoriza on.
3.Password-Protect CMOS Se ngs: Add a password to the BIOS/CMOS to stop unauthorized changes to
system se ngs.
4.Harden the Opera ng System: Strengthen the OS by removing unnecessary so ware, turning off unused
services, securely configuring so ware se ngs, segmen ng the network into zones, and using strong
authen ca on methods.
5.Keep Patches Updated: Apply patches and updates regularly to fix known vulnerabili es, as a ackers o en
exploit unpatched systems.
6.Use an An virus Scanner with Real-Time Protec on: Install and enable an virus so ware with real- me
scanning, ensuring it is set to update automa cally for the latest threat protec on.
7.Use Firewall So ware: Modern firewalls offer advanced features like stateful inspec on, which can analyze
threats across mul ple OSI layers (3 to 7) and protect against complex a acks.
8.Secure Network Share Permissions: Protect shared resources like NetBIOS or SMB with strong passwords
to prevent unauthorized access and a acks.
9.Use Encryp on:Use SSH instead of Telnet or FTP for secure, encrypted remote management on Linux and
Unix systems.On Windows, use the Encryp ng File System (EFS) to protect files and folders by encryp ng and
decryp ng them automa cally.
10.Secure Applica ons: Regularly manage and update applica ons, disable unnecessary P2P services, and
ensure developers follow secure coding prac ces to minimize vulnerabili es.