Subject Name: Basics of Information Security Subject Code: 4360702

GTU IMP Questions

1) Explain Security Basics.
Ans:
Confidentiality, Integrity and Availability (CIA Model)
 CIA is a model design to guide policy for information security within an organization.

Confidentiality:
 It is a set of rules that limits access to information.
 It prevents sensitive information from reaching the wrong people.
 Confidentiality means that the data is only available to authorized parties.
 Information kept private and secure, like account no. when banking online.
 Everyone has information they wish to keep a secret. Protecting such information is a
very major part of information security.
 When information has been kept confidential it means that it has not been compromised
by other parties; confidential data are not disclosed to people who do not require them
or who should not have access to them.
 Example: account number when banking online
 To accomplish Confidentiality:
 Require strong authentication for any access to data.(password, biometrics etc…)
 Use strict access control(Privileges)
 Encryption of the data

Prepared By: Department of Computer Engineering Page 1

Subject Name: Basics of Information Security Subject Code: 4360702

Integrity:
 It maintains consistency and accuracy of data over its entire life cycle.
 Integrity of information refers to protecting information from being modified by
unauthorized parties.
 Data should not modify, deleted or added in the way of transmission.
 Information only has value if it is correct.
 If changes occur, a change copy must be available to restore the affected data.
Availability
 It means that the information is available to authorized users when it is needed.
 Information only has value if the right people can access it at the right times.
 This involves properly maintaining hardware and technical infrastructure and systems
that hold and display the information.
 It is achieved by maintaining all hardware, hardware repairs immediately when needed,
provide sufficient bandwidth and implement backup power system.
2) List security attacks. Explain Active attack.
Ans:
 Security attacks mean risk of the system's security.
 These are the unauthorized or illegal actions that are taken against the government,
corporate, or private IT assets in order to destroy, modify, or steal the sensitive data.
 They are further classified into active, passive attacks and Denial of Service.
Active attacks
  An active attack involves modification of transmitted data, or the creation of new
false data streams.
 There are four sub-categories here:
1. masquerade or fabrication,
2. message modification
3. message replay, and
4. denial of service (DoS)

Masquerade attacks: It takes place when one entity pretends to be a different entity.
For example: authentication sequences can be captured and replayed after a valid authentication
sequences has taken place.

Prepared By: Department of Computer Engineering Page 2

Subject Name: Basics of Information Security Subject Code: 4360702

Message replay it involves the passive capture of a data and its subsequent retransmission to
produce an unauthorized effect.

Message modification: To produce an authorized effect, some portion of message is altered or that
messages are delayed or reordered.

Denial-of-service attacks prevent the normal use of communication services.

It disrupts network services either by disabling the network or overloading server with useless
messages.

Denial-of-Service Attack
 It is Active attack.
 It is a special kind of Internet attack aimed at large websites.

Prepared By: Department of Computer Engineering Page 3

Subject Name: Basics of Information Security Subject Code: 4360702

 In DoS attack, disruption (interruption) of an entire network is done either by disabling the
network or by overloading it with messages.
 DoS attack, is an explicit attempt to make a computer resource unavailable by flooding the
network with useless traffic.
 It attempts to "flood" a network, thereby preventing legal network traffic.
 It attempts to disrupt (interrupt) connections between two machines, thereby preventing
access to a service.
 It attempts to prevent a particular individual from accessing a service
 In DoS, One computer and one internet connection is used to flood server.

Effect of DoS attack:

 Slow network performance
 Unavailability of a particular website
 In ability to access any web site
3) Explain Passive attack.
Ans:
 Passive Attack: Attempts to learn or make use of information from the system but does not
affect system resources.
 There are two main types of passive attacks:
 1) Release of message contents and
 2) Traffic analysis.
 Passive attacks are very hard to detect because they don‘t damage or change the
information.(so you can‘t tell they have been attacked.)
1. Release of Message contents
 In this type of passive attack a mail message, phone call or any transferred message would
be intercepted or listened to.

Prepared By: Department of Computer Engineering Page 4

Subject Name: Basics of Information Security Subject Code: 4360702

2. Traffic Analysis
 Traffic Analysis is a little more complicated. Here the attacker observes the pattern of the
message that is transferred between sender and receiver. Attacker may also observe
frequency of occurrences of message and length of message.
4) Explain Substitution cipher and Transposition cipher techniques.
Ans:
Substitution Techniques
 Substitution technique involves replacing letters with other letters and symbols. In simple
terms, the characters present in the initial message are restored by the other characters or
numbers or by symbols.
 There are various types of substitution ciphers which are as follows
1) Monoalphabetic Cipher
o A Monoalphabetic cipher is any cipher in which the letters of the plain text are
mapped to cipher text letters based on a single alphabetic key.
o For Example, if a letter A in the plaintext is changed to G then each appearance of A
in the plaintext will be restored by G.
o Examples of Monoalphabetic ciphers would include the Caesar-shift cipher, where
each letter is shifted based on a numeric key.
2) Polyalphabetic Cipher
o A Polyalphabetic cipher is any cipher based on substitution, using multiple
substitution alphabets.
o For example, letter ‗A‘ can be restored by the letter ‗C‘ and the similar letter ‗A‘ can
be restored by ‗N‘ later in the cipher text.
o The Vigenere cipher is probably the best-known example of a Polyalphabetic cipher,
though it is a simplified special case.
 There are various types of substitution ciphers which are as follows:
1. Caesar Cipher
2. Playfair Cipher
3. Hill Cipher
4. One Time Pad
Transposition Techniques
 Transposition technique is an encryption method which is achieved by performing
permutation over the plain text.
 Mapping plain text into cipher text using transposition technique is called transposition
cipher.
 Transposition Cipher Technique rearranges the position of the plain text‘s characters. In
transposition Cipher Technique, The position of the character is changed but character‘s
identity is not changed.
 Types of Transposition Techniques are as follow
A. Rail Fence Transposition
B. Columnar Transposition
Prepared By: Department of Computer Engineering Page 5
Subject Name: Basics of Information Security Subject Code: 4360702

5) Define Terms: Plain text, Cipher text, Encryption, Decryption, Cryptography and
Cryptanalysis
Ans:
1. Plain text
 It is any readable data — including binary files — in a form that can be seen or utilized
without the need for a decryption key or decryption device.
 Data that can be read and understand without any special measure.
 Plaintext would refer to any message, document, file, and the like intended or having been
encrypted.
 Plaintext is the input to a crypto system, with cipher text being the output.
 In cryptography, algorithms transform plaintext into cipher text, and cipher text into
plaintext.
2. Cipher text
 Cipher text is encrypted text transformed from plaintext using an encryption algorithm.
 Cipher text can't be read until it has been converted into plaintext (decrypted) with a key.
3. Cryptography or Cryptology
 Cryptography is a Greek word having the meaning of ―Secret Writing‖. It is the science of
using mathematics to encrypt and decrypt data.
 Cryptography focuses on creating secret codes for providing security to information.
 Cryptography is technique of securing information and communications through use of
codes so that only that person for whom the information is designed can understand it and
process it.
4. Cryptanalysis
 It is the breaking of ―Secret Codes‖.
 It is the science of breaking Encryption.
 Cryptanalysis which is the study of the cryptographic algorithm and the breaking of those
secret codes.
5. Encryption
 Encryption is the process by which a readable message is converted to an unreadable form
to prevent unauthorized user from reading it.
 It is an Algorithm for transforming plain text to cipher text.
6. Decryption
 Decryption is the process of converting an encrypted message back to its original (readable)
format. The original message is called the plaintext message.
 It is an Algorithm for transforming cipher text to plain text.
6) Explain Caesar cipher with example.
Ans:
 It is also known as shift cipher or additive cipher.
 It is a type of substitution cipher in which each letter in the plaintext is 'shifted' a certain
number of places down the alphabet.

Prepared By: Department of Computer Engineering Page 6

Subject Name: Basics of Information Security Subject Code: 4360702

 For example, with a shift of 1, A would be replaced by B, B would become C, and so on.
 First translate all of characters to numbers, 'a'=0, 'b'=1, 'c'=2, ... , 'z'=25.
 For Encryption, C=E(P)=(P+K) mod 26
 For Decryption, P=D(C)=(C-k)mod 26
Example:
Plain Text=HELLO AND Key=3
Encryption: Cipher Text=KHOOR
Decryption: Plain Text=HELLO

7) Explain Rail fence cipher with example.

Ans:
 The rail fence cipher is the simplest transposition cipher.
 It's a type of cryptographic algorithm that rearranges the positions of the letters in a message
to create a new, seemingly unrelated message.
 The technique gets its name from the way we write the message.
 Here, Plaintext symbols are rearranged to produce Cipher text.(reordering of letters of
Plaintext to calculate Cipher text –in transposition techniques)
 Rail fence cipher(Explain with example)
 Rail fence cipher is a type of transposition cipher.
 It involves rearranging of letters in plain text to encrypt the message.
Example,
Plain Text: THIS IS A SECRET MESSAGE

Prepared By: Department of Computer Engineering Page 7

Subject Name: Basics of Information Security Subject Code: 4360702

Key (Rail): 3
For Encryption, (P.T. to C.T.)
Write message vertically

T S A C T S G
H I S R M S E
I S E E E A X
o Then message is read horizontally (to find cipher text):
o TSACTSG HISRMSE ISEEEAX
o This is cipher text.
o For Decryption, (C.T. to P.T.)
o Cipher Text: TSACTSG HISRMSE ISEEEAX
o Key (Rail):3,
o TSACTSG HISRMSE ISEEEAX
o So in each rail write 7 letters, means write horizontally and read vertically.

T S A C T S G

H I S R M S E

I S E E E A X

Plain text: THIS IS A SECRET MESSAGEX (read vertically to find P.T.)

8) Explain one time pad (OTP) with example.

Ans:
 The one-time pad (OTP) or Vernam cipher is the strongest form of encryption at the time.
 It is unbreakable, solid encryption technique this is why it became known as the perfect
cipher. It uses keys with randomly generated letters to replace letters in messages.
 Vernam cipher is a stream cipher where the plain text is added with a random stream of data
of the same length to generate the encrypted data.
Key characteristics:
 Key must truly random.
 key must be as long as the plaintext, and not repeating
 Key must be used once.
 There should be two copies of the key: One for sender and other for receiver.
 It is also known as One Time Pad (OTP).
Example :

Prepared By: Department of Computer Engineering Page 8

Subject Name: Basics of Information Security Subject Code: 4360702

Plaintext: HOW ARE YOU

Onetime pad (Key): NCB TZQ ARX

9) Explain DES structure. Give advantages and disadvantages of DES.

Ans:
Data Encryption Standard (DES):
 The Data Encryption Standard (DES) is a symmetric-key block cipher published by the
National Institute of Standards and Technology (NIST).
DES Structure:
 The Data Encryption Standard (DES) is a block cipher.
 The encryption process is made of two permutations (P-boxes), which we call initial and
final permutations, and sixteen Feistel rounds.
 General Structure of DES is shown in figure:

Prepared By: Department of Computer Engineering Page 9

Subject Name: Basics of Information Security Subject Code: 4360702

 DES is an implementation of a Feistel Cipher.

 It uses 16 round Feistel structure. The block size is 64-bit.
 Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the 64
bits of the key are not used by the encryption algorithm (function as check bits only).
 Since DES is based on the Feistel Cipher, all that is required to specify DES is −
o Round function
o Key schedule
o Any additional processing − Initial and final permutation
 Initial and Final Permutation
 The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses
of each other. They have no cryptography significance in DES.
 The initial and final permutations are shown as follows –

Round Function
 The DES function f applies a 48-bit key to the rightmost 32 bits to produce a 32-bit output.

Key Generation

Prepared By: Department of Computer Engineering Page 10

Subject Name: Basics of Information Security Subject Code: 4360702

 The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key.

Advantage of DES
 DES uses the symmetric-key algorithm, thus, it is possible to perform encryption and
decryption by a single key with the same algorithm.
 It is more efficient in hardware, showing a higher and faster implementation.
 DES is relatively fast and efficient, making it suitable for use in a wide range of.
 DES has a relatively small key size, which makes it easier to use and store.
 It‘s not a group cipher, hence DES instances can be applied many times to a
plaintext.(2DES 3DES).
 The DES satisfies both the desired properties of block cipher. These two properties make
cipher very strong.
 Avalanche effect − A small change in plaintext results in the very great change in the
ciphertext.
 Completeness − Each bit of ciphertext depends on many bits of plaintext.
Disadvantage of DES
 Because DES uses a smaller key, it is less secure.
 The DES algorithm is less efficient when implemented in software, resulting in slower
performance.
 DES offers a lower level of security due to its 56-bit key, which can be feasibly broken by a
brute-force attack.
 Now in the age of parallel computing, breaking DES has become easy with the help of brute
force attack which was impossible during that time.( it's possible to brute-force in finite time
on modern processors).
 In a new technology, it is improving a several possibility to divide the encrypted code,
therefore AES is preferred than DES.

Prepared By: Department of Computer Engineering Page 11

Subject Name: Basics of Information Security Subject Code: 4360702

10) Differentiate symmetric and asymmetric key cryptography.

Ans:
Symmetric key cryptography/Encryption
It is also known as Conventional
Cryptography/Secret Key /Private Key
Cryptography.
Both sender and receiver use single same key for
Encryption and Decryption.
Example: DES(Data Encryption Standard),AES
Key distribution poses serious problem.
The encryption process is very fast.
Security is less as only one key is used for both
encryption and decryption purpose.
Asymmetric key cryptography/Encryption
It is also known as Public key cryptography.
It uses two keys:
1. Public key known to everyone.
2. Private key known to receiver.
Example: RSA algorithm, DSA
Key distribution does not pose serious problem.
The encryption process is slow.
It is more secure as two keys are used here- one
for encryption and the other for decryption.

Less complexity of algorithm. More complexity of algorithm.

It is efficient as it is used for handling large It is comparatively less efficient as it can
amount of data. handle a small amount of data.

11) Write steps for making 5x5 Play-fair key matrix. For given plain text=‘SECRET
MESSAGE‘ & Key= ‗KEYWORD‘ find cipher text using Play-fair cipher.
Ans:

Prepared By: Department of Computer Engineering Page 12

Subject Name: Basics of Information Security Subject Code: 4360702

12) Differentiate mono alphabetic ciphers and poly alphabetic ciphers.

Ans:

Monoalphabetic Cipher Polyalphabetic Cipher

The relationship between a character The relationship between a character
in the plain text and the characters in in the plain text and the characters
the cipher text is one-to-one. in the cipher text is one-to-many.

It is a simple substitution cipher. It is multiple substitutions cipher.

Monoalphabetic ciphers are not that Polyalphabetic ciphers are much

strong as compared to Polyalphabetic stronger.
cipher.
Ex. Caesar cipher Ex: Vigenere cipher
13) Write a short note on Stegnography.
Ans:
 A plain text message may be hidden in one of two ways: Stegnography and encryption
 The word Steganography is derived from two Greek words- ‗stegos‘ meaning ‗to hidden‘
and ‗grayfia‘, meaning ‗writing‘, thus translating to ‗covered writing‘, or ‗hidden writing‘.
 Steganography means hiding a message within another message or image.
 Steganography is the art of hiding a message, image, or file within another message, image,
or file.
 Example of Stegnography,
o Written message using invisible ink.
o Character marking: selected letters of printed or typewritten text are over written in
pencil.
o Pin punctures: Small pin punctures on selected letters.
 Types of Stegnography: There are five main types of Stegnography
1. Text Stegnography: It involves hiding information inside text files.Ex: changing the
format of existing text, changing words within a text, generating random character
sequences etc.
2. Image Stegnography: It involves hiding information within image files.
3. Video Stenography: It allows large amount of data to be hidden within a moving stream
of images and sounds.
4. Audio Stegnography: It involves secret messages being embedded into an audio signal
which alters the binary sequences of the audio file.
5. Network Stegnography: It is also known as protocol Stegnography
 Digital Steganography: We can insert date or we can hide data in the image by
replacing bits of image.
 Most common technique are:
o LSB,

Prepared By: Department of Computer Engineering Page 13

Subject Name: Basics of Information Security Subject Code: 4360702

o DCT and
o Append type.
14) Give the application of Public Key cryptography. Explain it.
Ans:
 Public-key cryptosystems play a crucial role in ensuring secure communication and data
protection in various applications.
 Secure communication: public key cryptography is widely used to establish secure
communication channels over insecure networks. For Example: online Banking and e-
commerce transaction
 Digital Signature: public key cryptography is employed to create and verify digital
signatures ensuring the authenticity and integrity of digital messages. For Example: signing
digital documents or emails to prove the identity of the sender.
 Email encryption: public key cryptography is utilized or emails to prove the identity of
sender. For Example: Pretty good Privacy and S/MIME protocols for secure email
communication.
 Virtual private network: public key cryptography is used to establish secure connection
between remote users and private networks over the internet. For Example: VPNs , or other
VPN protocols
 Secure chat and messaging Apps: public key cryptography ensures the confidentiality and
integrity of message in secure chat and messaging applications. For Example: Signal
WhatsApp or Telegram implementing end to end encryption.
 Secure File Transfer: public key cryptography secures the transfer file by encrypting them
before transmission and decrypting at the destination. For Example: SFTP or encrypted file
attachments in emails.
 Key Exchange Protocols: It is used in key exchange protocols to establish shared secret
keys for symmetric encryption.
15) Explain RSA algorithm with Example.
Ans:
 RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually means that it
works on two different keys i.e. Public Key and Private Key.
 RSA is the most common public-key algorithm, named after its inventors Rivest, Shamir,
and Adelman (RSA).

Prepared By: Department of Computer Engineering Page 14

Subject Name: Basics of Information Security Subject Code: 4360702

Steps for RSA:

Step 1: Generate public and private keys.
Step 2: Encrypt message using Public Key.
Step 3: Decrypt message using Private key.
Step 1: Generate public and private keys.
Select two large prime numbers, p and q.
Multiply these numbers to find n = p x q, where n is called the modulus for encryption and
decryption.
Calculate ∅(n) =(p-1)*(q-1)
Choose a value of e , such that 1 < e < ∅(n) and gcd(∅(n),e)=1
Calculate d= e-1 mod ∅(n)
ed= 1 mod ∅(n)
ed mod ∅(n)=1
The public key is {e, n}.
The private key is {d, n}.
Encrypt message using Public Key.
A plaintext message m is encrypted using public key {e, n}. To find cipher text from the plain
text following formula is used to get cipher text C.
C = me mod n
Decrypt message using Private Key.
A cipher text message c is decrypted using private key {d, n}. To calculate plain text m from
the cipher text c following formula is used to get plain text m.
m = cd mod n
Characteristics of RSA
It is a public key encryption technique.
It is safe for exchange of data over internet.
It maintains confidentiality of the data.

Prepared By: Department of Computer Engineering Page 15

Subject Name: Basics of Information Security Subject Code: 4360702

RSA has high toughness as breaking into the keys by interceptors is very difficult.
16) Write a short note on digital signature.
Ans:
 Digital signatures are a cryptographic technique used to provide authentication, integrity
and non-repudiation in digital communication.
 It is a method that enables the creator of message to attach a code that act as a signature.
 When there is not complete trust between sender and receiver, Digital Signature is needed.
 Digital Signature is an electronic signature that can be used to authenticate the identity of
the sender of a message and ensure that content of the message that has been sent is
unchanged.
 It ensure that a message or document has been created by a particular entity has not been
altered during transit (integrity) and the sender cannot later deny having sent the message.
Property of Digital Signature:
 It must verify the sender, date and time of signature.
 It must authenticate the content at the time of signature.
 It must be verifiable by third parties to resolve disputes.

Signature for M (Sender Side)

Prepared By: Department of Computer Engineering Page 16

Subject Name: Basics of Information Security Subject Code: 4360702

(Receiver Side)
 Digital signature give two algorithm: one for sender which involve the user‘s private key
and one for verifying signature which involve user‘s public key.
17) What is Digital Certificate? Write down steps to obtain Digital Certificate. Also
write steps for verifying authenticity and integrity of Digital Certificate.
Ans:
 Digital Certificate is a file signed by a CA for an entity.
 It includes identity information of the entity, Public key of the entity, name and signature of
CA, validity period of the certificate where the signature of CA ensures the validity and
authority of the certificate.
 Digital Certificate binds a public key to information about its owner.
 Two types of certificate: Local and CA certificate.
 Local Certificate is a digital certificate signed by CA for entity.
 Digital Certificate is issued by CA.
 CA is made of software, hardware, policies, policies and people.
Steps for obtaining Digital Certificate
1. When a user requests a certificate, the registration process will require the user to enter
specific information in to a web form.
2. The web page accepts the user‘s public key or it will step the user to create a
public/private key pair, which allow user to choose the size of the keys to be created.
3. Then public key and registration form are forwarded to the RA for processing.RA is
responsible only for registration process and cannot actually generate a certificate.
4. Once the RA is finished processing the request and verify the individual‘s identity , the
RA sends request to the CA.

Prepared By: Department of Computer Engineering Page 17

Subject Name: Basics of Information Security Subject Code: 4360702

5. The CA uses the RA – provided information to generate a digital certificate and

integrates necessary data into the certificate and send a copy of the certificate to the user.
Steps for verifying authenticity and integrity of a certificate
o Check the certificate Information: Review the information contained in the digital
certificate.
o Verify the certificate chain: Digital certificates often form a chain of trust. Ensure
that the certificate chain is valid and that each certificate in the chain is signed by the
entity above it.
o Check the Certificate’s validity period: Verify that the digital certificate is still
within its validity period.
o Verify the Certificate’s Status: Some CA provides online services to check the
status of a certificate, known as confirm that the certificate has not been revoked.
o Check the digital signature: Every digital certificate is signed by issuing CA using
its private key. Verify the digital signature on the certificate using the public key of
issuing CA. If the signature is valid, the certificate has not been tampered.
o Use a trusted certificate authority: Ensures that certificate was issued by a trusted
authority.
o Verify the certificate thumbprint: Certificates has unique identifiers called
thumbprint, which is has value generated from the certificate data. Verify that
thumbprint matches the expected value or not.
o Compare certificate details with the website: If the certificate is used for securing
a website, compare certificate details with the information presented by the website.
18) Draw PKI architecture. Explain in brief.
Ans:
 PKI is also called asymmetric key Infrastructure, uses a key pair to encrypt and decrypt the
data.
 A PKI enables users of an unsecure to securely and privately exchange data through the use
of a private and public cryptography.
 The Key pair is consists of a private and public key.
 The Private Key must be kept secret.
 Public key needs to be distributed.
 Data encrypted by one of the two keys can be decrypted by the other.
 The key problem of PKI is to manage the public keys.
 Currently, PKI uses Digital Certificate mechanism to solve the problem.
 Digital Certificate binds public key to their owners, help to distribute public keys in large
network securely.

Architecture of PKI

Prepared By: Department of Computer Engineering Page 18

Subject Name: Basics of Information Security Subject Code: 4360702

Entity: End user of PKI services, such as person, an organization, a device like a router.
Certificate Authority: A CA is a trusted entity that issues digital certificates. It verifies the identity
of the certificate holder.
Registration Authority: RA implements functions like identity authentication, Key pair generation
and key pair backup.
PKI Repository: Server or common database. It stores and manages information like certificate
request, certificates, and keys. From LDAP server, an entity can retrieve local and CA certificates.
19) Define firewall. List Types of Firewall. Explain any two in detail.
Ans:
 A firewall is a network security device or software program that monitors and filters
incoming and outgoing network traffic based on a defined set of security rules.
 Basically a firewall acts as a barrier between a private internal network and the public
internet.
 Fire walls are designed primarily to allow non-threatening traffic and prevent malicious
traffic for protecting computers from viruses.
 It is a cyber security tool that filters malicious or unwanted prevents malicious software
from accessing the Internet on a computer that is infected.
 It is one of the most challenging questions to determine whether a firewall is a hardware or
software product. As stated above, a firewall can be a network security device or a software
program on a computer. In other words, the firewall is available in both hardware and
software formats, and it is best to have both.

Prepared By: Department of Computer Engineering Page 19

Subject Name: Basics of Information Security Subject Code: 4360702

TYPES OF FIREWALL
1. Packet-filtering Firewalls
2. Circuit-level Gateways
3. Application-level Gateways (Proxy Firewalls)
4. Stateful Multi-layer Inspection (SMLI) Firewalls
5. Next-generation Firewalls (NGFW)
6. Threat-focused NGFW
7. Network Address Translation (NAT) Firewalls
8. Cloud Firewalls
9. Unified Threat Management (UTM) Firewalls

1) PACKET FILTERING
 A Packet Filtering Firewall is a network security device that operates at the network layer
(Layer 3) of the OSI model.
 Its primary function is to examine packets of data as they move through the network and
make decisions based on predefined rules.
 The rules specify the criteria that packets must meet to be either allowed or blocked, helping
to control the flow of network traffic and enhance security.
 There are four types of packet filtering
1. Dynamic packet filtering
2. Static packet filtering
3. Stateless packet filtering
4. Stateful packet filtering
Working of packet filtering firewall
 Packet Inspection: When data (packets) tries to go through the network, the firewall
checks each packet to see what kind of information it contains.

Prepared By: Department of Computer Engineering Page 20

Subject Name: Basics of Information Security Subject Code: 4360702

 Rule Check: The firewall follows a set of rules that you or your system administrator
have defined. These rules decide whether a packet is allowed to pass through or not.
 Decision Making: If a packet meets the criteria set in the rules (like the type of data
or the source/destination address), the firewall lets it pass. If not, the firewall blocks
it.
 Protection: The main goal is to prevent unauthorized access and potential threats.
The firewall acts as a filter, only allowing safe and permitted data to enter or leave
the network.
Advantages of packet filter firewall
o Efficiency: Fast and efficient, suitable for high-speed networks and high-traffic
environments.
o Simplicity: Simple to implement and manage, offering ease of configuration.
o Transparency: Operates at a low level, providing transparency to higher-layer
protocols and applications.
o Centralized Filtering: A single device can filter traffic for the entire network,
streamlining management.
o Cost-Effective: Inexpensive solution, making it cost-effective for basic network
security needs.
Disadvantages of packet filter firewall
o Statelessness: Less effective in handling complex protocols and dynamic
connections due to its stateless nature.
o Vulnerability to Spoofing: Susceptible to IP spoofing attacks, where attackers
manipulate source IP addresses.
o Payload Inspection Gap: Doesn't check the payload, making it susceptible to attacks
that may be hidden in the data.

2) APPLICATION LEVEL GATEWAY

 An Application Level Gateway (ALG) firewall, also known as a Proxy Firewall, is a
network security device that operates at the application layer (Layer 7) of the OSI model.
 Unlike traditional packet filtering firewalls that work at the network layer, ALG firewalls
are designed to inspect and control traffic based on specific applications and protocols.
 Here are the key details about Application Level Gateway firewalls:
Working of ALG firewall
 An application-level gateway is like a security checkpoint for your network, standing
between your internal activities (like users and applications) and the internet.
 It checks all incoming and outgoing traffic at the application layer for anything harmful.
 Think of it as a proxy firewall because it uses proxies to create a safe connection for
remote users to access the network without sacrificing speed or security.
 It focuses on the seventh layer of the OSI model, where network applications and
software operate.

Prepared By: Department of Computer Engineering Page 21

Subject Name: Basics of Information Security Subject Code: 4360702

 This process ensures that your network's applications don't directly connect with outside
traffic until it's verified.
 This extra step makes it tough for intruders to access your network or extract
information from data packets.
 In simpler terms, only one server in each part of your network has direct access to the
internet. All other devices have to send their traffic through this server, whether it's
going out or coming in. This helps keep your network safer from potential threats.
Advantages of ALG firewall
 Application Visibility: Offers detailed visibility into applications and protocols used on
the network.
 Granular Control: Provides granular control over individual applications, allowing
precise rule enforcement.
 Content Filtering: Enables content filtering to manage and control the types of content
traversing the network.
 Enhanced Security Measures: Enhances security by inspecting and controlling
application-level traffic, effectively preventing certain types of attacks.
 Disadvantages of ALG firewall
 Latency Introduction: Proxy functionality may introduce latency as it acts as an
intermediary between users and external servers.
 Complex Configuration: Configuring and managing policies for each supported
application can be more complex compared to packet filtering firewalls.
 Higher Cost: Generally costlier than some other firewall options, potentially affecting
budget considerations.
 Protocol Limitations: Doesn't work with all network protocols, restricting its
compatibility with diverse network environments.
20) Give the Functions of firewall.
Ans:
 The main purpose of firewalls is to prevent malware and network attacks. They can also
assist in preventing application-layer attacks.
 These firewalls act as a gatekeeper. In order to maintain security, they monitor each attempt
made by our computer to communicate with another network. They do not allow data
packets to be transferred between two networks unless the source of the data packet has
been specified by the user as a trusted source.
 A firewall is designed in such a way that it can detect and counter-attacks throughout a
network quickly. We can use the firewall as a traffic controller by implementing rules
configured to protect the network and conducting quick assessments to detect suspicious
activity.
 The firewall system analyzes network traffic according to pre-defined rules. It then filters
the traffic and prevents any unreliable or suspicious traffic. It only lets in traffic selected as
acceptable by the user.

Prepared By: Department of Computer Engineering Page 22

Subject Name: Basics of Information Security Subject Code: 4360702

 As a security measure, firewalls can allow or block data packets based on predefined
security rules. Incoming traffic is allowed only via trusted IP addresses, or sources.
 It distinguishes between positive and malicious traffic and either allows or blocks specific
data packets according to pre-established security rules.
 Several aspects of packet data are taken into account when deciding these rules, such as the
source, destination, and content of the packet.
 They block traffic coming from suspicious sources to prevent cyber attacks.
 For example, figure shows how a firewall allows good traffic to pass to the user's private
network.

 As shown below, the firewall prevents malicious traffic from entering the firewall,
preventing the user's network from being hacked.

 It is possible to use different types of firewalls to read data packets at different levels of the
network. This helps detect malware and other suspicious activity quickly.
21) Differentiate Internet and Intranet.
Ans:
Aspect Internet Intranet
Accessibility Open to the public; anyone with Private network; restricted to a

Prepared By: Department of Computer Engineering Page 23

Subject Name: Basics of Information Security Subject Code: 4360702

internet access can connect. specific group or organization.

Purpose Connects millions of devices Used within an organization to
worldwide for global communication facilitate internal communication,
and information exchange. collaboration, and resource
sharing.
Security Generally less secure More secure
Content Contains a vast range of public Contains internal company
information, websites, and services. resources, documents, and tools
for employee use.
Privacy Limited privacy due to its open Higher level of privacy, with
nature; public information is confidential company information
accessible. restricted to authorized personnel.
Examples Worldwide web, online services Company portal, employee
accessible to the public databases, and internal
communication platforms.

22) List security zones. Explain VLAN.

Ans:
 Here are common security zones:
1. Internet-Facing Zone
2. DMZ (Demilitarized Zone)
3. Internal Network Zone
4. Management Zone
5. Wireless Zone
6. VPN (Virtual Private Network) Zone
VLAN
 A Virtual Local Area Network (VLAN) is a networking technology that enables the logical
segmentation of a physical network into multiple virtual networks. This segmentation
allows devices within a VLAN to communicate as if they are on the same physical network,
regardless of their actual physical location. VLANs are often implemented to enhance
network efficiency, security, and performance.
 For example, in a large organization, different departments such as HR, Marketing, and IT
may be assigned to separate VLANs. This logical separation facilitates broadcast control, as
broadcasts are confined within each VLAN, reducing network traffic.
 Additionally, VLANs contribute to enhanced security by isolating groups of devices;
administrators can control and restrict traffic between VLANS.

The basic figure of VLAN is given below; it is implemented using software and various networking
devices.

Prepared By: Department of Computer Engineering Page 24

Subject Name: Basics of Information Security Subject Code: 4360702

Real-Time Applications of VLAN

 Voice over IP (VoIP): Use VLANs to isolate voice traffic from data, enhancing VoIP call
quality and minimizing network congestion.
 Video Conferencing: Prioritize video traffic with VLANs to ensure sufficient bandwidth
for high-quality video conferencing.
 Remote Access: Employ VLANs for secure remote access to cloud resources, isolating
remote users from the main network.
 Gaming: Prioritize gaming traffic through VLANs to guarantee gamers receive the
necessary bandwidth for a smooth gaming experience.

Advantages of VLAN

 Network Segmentation: Efficiently divides a large network into smaller segments.

 Broadcast Control: Reduces broadcast traffic, as broadcasts are contained within each
VLAN.
 Enhanced Security: Improves network security by isolating groups of devices; traffic
between VLANs can be controlled.
 Improved Performance: Enhances network performance by limiting the scope of
broadcast domains.

Disadvantages of VLAN

 Complexity: Setting up and managing VLANs can be complex, requiring careful planning
and configuration.
 Potential for Misconfiguration: Misconfiguration may lead to connectivity issues or
security vulnerabilities.
 Cost: Implementing VLANs may involve additional costs, especially for managed switches
that support VLAN functionality.
 Inter-VLAN Communication Overhead: Routing between VLANs may introduce some
overhead, impacting performance.

Prepared By: Department of Computer Engineering Page 25

Subject Name: Basics of Information Security Subject Code: 4360702

23) Explain DMZ.

Ans:
 A Demilitarized Zone, or DMZ, is like a security barrier on a company's computer network.
 It separates the inside network from the internet to protect the company from online threats.
Despite its serious- sounding name, a DMZ is actually a helpful tool for keeping the
network safe.
 Think of the DMZ as a protective wall between the part of the network that's safe and the
part that's not.
 It's like a filter that handles requests from outside users who want to access the company's
information or website. The DMZ arranges these requests on the public network.
 The main goal of the DMZ is to allow access from the outside network while keeping the
inside network secure. Using a DMZ with a firewall is a smart way to make things stay safe
online.

 Demilitarized zones (DMZs) act as secure intermediaries on the enterprise perimeter,

separating the internal network from external ones to prevent unauthorized traffic.
 In analogy to military ceasefires, DMZS create a peace zone on the network frontier. Within
a DMZ, critical services like DNS, FTP, and web servers are placed, isolated with limited
access to the internal network.
 This setup ensures that these services can be accessed from the internet but not directly from
the internal LAN, making it challenging for hackers to breach internal systems.
 The primary goal of a DMZ is to enable connectivity with external networks, such as the
internet, while safeguarding the security of the private LAN.
Application of DMZ
o Web Servers: Hosting web servers in the DMZ allows external users to access a company's
website without directly connecting to the internal network, safeguarding sensitive data.
o Email Servers: Placing email servers in the DMZ ensure that external communications,
such as emails from clients or partners, are processed in a secure environment before
reaching the internal network.
o FTP Servers: File Transfer Protocol (FTP) servers in the DMZ facilitate secure file
transfers between internal and external networks while preventing direct access to the
internal infrastructure.

Prepared By: Department of Computer Engineering Page 26

Subject Name: Basics of Information Security Subject Code: 4360702

o DNS Servers: DNS servers in the DMZ handle external DNS requests, separating this
critical service from the internal network to prevent potential attacks.
o Authentication Services: placing authentication services in the DMZ allows external users
to authenticate without gaining direct access to internal user databases, enhancing security.
o Virtual Private Network (VPN) Servers: DMZs are commonly employed to host VPN
servers, enabling secure remote access for external users without compromising the internal
network's integrity.
Advantages of DMZ
 Enhanced Security: DMZ acts as a protective barrier between the internal network and
external entities, preventing unauthorized access and mitigating security risks.
 Isolation of Critical Services: Critical services like web servers, email servers, and DNS
servers can be placed in the DMZ, isolating them from the internal network and minimizing
the impact of potential security breaches.
 Controlled Access: DMZ allows organizations to provide controlled access to external
users while maintaining the security of internal resources.
 Secure Internet Connectivity: Placing proxy servers in the DMZ enables secure internet
access for internal users, filtering and monitoring traffic for potential threats.
 Protection against External Threats: By processing external requests in the DMZ,
potential threats, such as malware or hacking attempts, are intercepted before reaching the
internal network.
Disadvantages of DMZ
 Complex Implementation: Setting up and configuring a DMZ can be complex, requiring a
good understanding of network security principles and potentially involving specialized
hardware and software.
24) Explain Tunnelling.
Ans:
 Tunneling in computer networks is a way of sending information between different
networks by putting it in a secure and hidden "tunnel." It's like using a secret pathway to
transfer data safely.
 Tunneling in computer networks is like building a secret passage on top of the usual way
information travels. It uses the regular network's messages to carry its own hidden
messages.
 Tunneling has two main jobs. First, it helps use new or not commonly supported ways of
sending information in the existing system. Second, it helps create safe and private virtual
connections between devices or networks, especially over the not-so-safe public Internet.
 Tunneling makes it possible for secure connections between different places, even if they
are far apart. It can also go around firewall restrictions by hiding the information in a way
that the firewall allows but because of this special hiding process, the communication might
be a bit slower.

Prepared By: Department of Computer Engineering Page 27

Subject Name: Basics of Information Security Subject Code: 4360702

Tunneling Protocols

 Various protocols are used for tunneling, each with its own characteristics. Some common
tunneling protocols include
 Point-to-Point Tunneling Protocol (PPTP): Commonly used for creating VPNs. It
encapsulates data in PPP frames and operates over a variety of protocols, including IP.
 Layer 2 Tunneling Protocol (L2TP): Often used in combination with IPsec to create
secure VPN connections. It doesn't provide encryption itself but relies on the security
features of IPsec.
 IPsec (Internet Protocol Security): It can be used alone or in conjunction with other
protocols to secure data at the IP layer. IPsec can encrypt and authenticate the data being
transmitted.

Features of Tunneling

 Encapsulation involves packaging data from one protocol within the packets of another.
 Secure Transmission: Facilitates secure communication by creating encrypted tunnels.
 Compatibility: Allows data to traverse networks with different communication protocols.

Advantages of Tunneling

 Secure Connections: Provides a method for establishing secure connections over public
networks.
 VPN Implementation: Enables the creation of Virtual Private Networks for secure remote
access.
 Firewall Bypass: You can get around firewall restrictions by hiding blocked types of
information inside ones that the firewall allows.
 Network Compatibility: Facilitates communication between networks using different
protocols.

Disadvantages of Tunneling:

Prepared By: Department of Computer Engineering Page 28

Subject Name: Basics of Information Security Subject Code: 4360702

 Performance Overhead: Encapsulation and Decapsulation processes may introduce some

communication latency.
 Complexity: Configuring and managing tunnels can be complex.
 Potential for Misuse: Tunneling could potentially be misused for malicious activities if not
properly secured.
25) Define IDS. Explain Components of IDS.
Ans:
 An Intrusion Detection System (IDS) is a monitoring system that detects suspicious
activities and generates alerts when they are detected.
 Based upon these alerts, network administrator investigates the issue and takes the
appropriate action to remediate the threat.
 It watches the network traffic to catch any harmful action and quickly sends alerts when it
finds something suspicious.
 The main job of the intrusion detector is to learn and create a smart system that can tell the
difference between ―bad‖ action like attacks and ―good‖ action like normal computer
connections.
COMPONENTS OF IDS

 In network security, an Intrusion Detection System (IDS) comprises several key

components to monitor, detect, and respond to potential security threats. The main
components of IDS in network security include:
 Sensors: Sensors capture and collect data from the network, monitoring traffic, packets,
or log files. Network-based IDS (NIDS) sensors are strategically placed to analyze data
in transit.
 Analyzers: Analyzers examine the data collected by sensors, using various methods
such as signature- based detection, anomaly detection, or behavioral analysis to identify
patterns indicative of potential intrusions.
 Database: The database stores information used for comparison and analysis, including
known attack signatures, baseline network behavior, and other relevant data. It is
continually updated to adapt to new threats.
 Alerting System: When the IDS detect suspicious activity, it generates alerts. The
alerting system notifies security personnel or a Security Operations Center (SOC) about
potential security incidents.
 User Interface: The user interface provides a platform for security administrators to
configure settings, review alerts, and manage the IDS. It enhances the human interaction
with the IDS for monitoring and response.
 Logging and Reporting: Logging and reporting functionalities document information
about detected events and the overall performance of the IDS. Detailed logs aid in post-
incident analysis and compliance reporting.

Prepared By: Department of Computer Engineering Page 29

Subject Name: Basics of Information Security Subject Code: 4360702

 Response Mechanism: Some IDS can initiate automated responses to specific threats,
such as blocking malicious IP addresses or adjusting firewall rules. Manual response
options may also be available for more complex incidents.
 Update Mechanism: Regular updates are crucial for keeping the IDS current with the
latest threat intelligence, attack signature and software patches. An effective update
mechanism ensures the IDS's ability to identify new and evolving threats.
26) Differentiate types of IDS with advantages and disadvantages.
Ans:
HIDS NIDS

Host Intrusion Detection System Network Intrusion Detection System

It doesn‘t work in real-time Operates in real-time

HIDS is related to just a single system, as
NIDS is concerned with the entire network
the name suggests it is only concerned
system; NIDS examines the activities and
with the threats related to the Host
traffic of all the systems in the network.
system/computer,

HIDs are stored locally on the devices. NIDs are put away on the network

NIDs are utilized for network

HIDs are used for device driver
establishment, troubleshooting, and
guarantee claims.
HID is a unique identifier assigned to a
computer hardware device.
Response time is slow
administration, security, and
communication between devices on the
network.
NID is a unique identifier assigned to a
network.
Fast response time

27) Explain HIDS.

Ans:
 A Host-based Intrusion Detection System (HIDS) is a security measure designed to observe
and assess activities taking place on individual computer systems or hosts.
 In contrast to Network-based IDS (NIDS), which concentrates on monitoring network
traffic, HIDS operates directly on host machines to identify and address suspicious behavior
occurring at the operating system and application levels.
 Host intrusion detection systems are deployed on standalone hosts or devices within the
network.
 They monitor both incoming and outgoing packets specific to the device and promptly alert
administrators upon detecting any potentially malicious or suspicious activity.
 HIDS functions by capturing a snapshot of the current system files and comparing it with a
previous snapshot.
Prepared By: Department of Computer Engineering Page 30
Subject Name: Basics of Information Security Subject Code: 4360702

 If the analysis reveals any modifications or deletions in the system files, an alert is
generated. Signaling the administrator to conduct further investigation.

Working of HIDS

Data Collection: HIDS gathers information from servers, computers, and host systems.
Data Types Analyzed:
 Examines security-centric data like authentication logs.
 Analyzes application and operating system logs for unusual patterns.
Pattern Recognition: Detects anomalies or suspicious activity by comparing data patterns.
Response Action: Security teams can block offending IP addresses based on the detected
activity.
Data Correlation: Links and correlates different data sources for deeper context on
potential security events.
Interpretation: Helps interpret whether attackers are attempting to find vulnerabilities
(unsuccessful) or have already breached the application (successful).
Alert Generation: Issues alerts when suspicious activity is confirmed.
Purpose of Alerts: Alerts aid in quickly identifying the cause of the issue, enabling a swift
response to stop potential cyber-attacks.
Advantages of HIDS
 Individual Host Protection: Focuses on the security of individual hosts, making it
effective in detecting threats and vulnerabilities specific to each system.
 Insider Threat Detection: Well-suited for detecting insider threats as it closely monitors
activities on the host, identifying unauthorized or suspicious behavior from within the
organization.
 System Integrity Monitoring: Monitors changes to critical system files and configurations,
providing a means to detect unauthorized modifications and maintaining the integrity of the
host system.

Prepared By: Department of Computer Engineering Page 31

Subject Name: Basics of Information Security Subject Code: 4360702

 Log Analysis: Analyzes local logs and system events, aiding in the identification of security
incidents, unusual patterns, or signs of compromise.
 Low Network Impact: Does not rely heavily on network traffic analysis, minimizing the
impact on the overall network performance.
 Application-Level Monitoring: Monitors activities at the application level, identifying
potential threats specific to the software and services running on the host.
Disadvantages of HIDS
 Resource Intensive: The monitoring and analysis activities conducted by HIDS can be
resource-intensive, potentially impacting the performance of the host system, particularly in
environments with limited resources.
 High Deployment and Maintenance Overhead: Deploying and maintaining HIDS on
numerous individual hosts can be time-consuming and resource-intensive for large-scale
networks.
 Dependency on Host Integrity: HIDS effectiveness depends on the integrity of the host
system. If the host is compromised, the HIDS may be compromised as well, limiting its
reliability.
 Limited External Threat Visibility: HIDS may have challenges detecting external threats
that do not directly impact the host, such as attacks targeting network infrastructure.
 Difficulty in Scalability: Scaling HIDS for large networks may be challenging due to the
need to deploy, configure, and manage the system on numerous individual hosts.
 Limited Coverage for Network Traffic: While HIDS is effective for host-specific
activities; it may not provide a complete picture of network-level threats, making it less
suitable for certain types of attacks.

28) Explain NIDS.

Ans:
NETWORK INTRUSION DETECTION SYSTEMS (NIDS)

 A Network Intrusion Detection System (NIDS) is a software application designed to

identify and alert on network security issues.
 It accomplishes this by monitoring activities within a network or system, detecting patterns
of malicious or unusual behavior.
 A NIDS (Network Intrusion Detection System) is a security tool that watches over a
computer network to find signs of harmful actions or rule-breaking.
 Its main job is to spot and notify network administrators about possible attacks or
unauthorized access.
 NIDS does this by checking the data moving through the network for specific patterns that
could indicate an attack, like someone trying to disrupt the network or access it without
permission.
 It's like a digital guard that helps protect the network from things like viruses, hacking
attempts, and other security problems.
Prepared By: Department of Computer Engineering Page 32
Subject Name: Basics of Information Security Subject Code: 4360702

 Having a NIDS is important for keeping the network safe and responding quickly to
potential threats.

Working of NIDS

NIDS Function: Monitors network traffic for signs of attacks or intrusions.

Operating Modes:
Passive Mode: Watches network traffic without interfering.
Inline Mode: Can modify traffic to detect or block intrusions (not always recommended).
Alert Generation: When potential threats are spotted, NIDS generates an alert.
Alert Content: Includes details like the type of attack, source/destination IP addresses, and
time.
Action Taken: May take preventive measures like blocking the source IP or modifying
network traffic.
Data Gathering: Gathers info about incoming/outgoing internet traffic.
Sensor Placement: Strategically places sensors across the network, e.g., on a LAN or DMZ
Detection Methods:
Signature-Based: Compares data characteristics with known malicious signatures.
Anomaly-Based: Monitors events against a baseline of typical network activity.
Alerts for Investigation: Detects unusual activity (e.g., sudden traffic increase) and
generates alerts for further investigation.
Advantages of NIDS
 Comprehensive Network Visibility: NIDS provides a holistic view of network traffic,
allowing for the detection of threats that may span multiple hosts or systems.
 Centralized Monitoring: Centralized deployment enables monitoring and analysis of
network traffic from a single location, streamlining management and response efforts.
 Identification of Network-wide Threats: Capable of identifying attacks that target
multiple systems simultaneously, aiding in the detection of coordinated and widespread
threats.
Prepared By: Department of Computer Engineering Page 33
Subject Name: Basics of Information Security Subject Code: 4360702

 Scalability: NIDS can scale to accommodate the size and complexity of diverse networks,
making it suitable for both small and large organizations.
 Real-time Monitoring: Operates in real-time, allowing for immediate response to emerging
security incidents and minimizing the impact of potential threats.
 Cost-Effective: Often more cost-effective than deploying individual intrusion detection
solutions on each host within the network.
Disadvantages of NIDS

 Limited Visibility into Encrypted Traffic: NIDS may struggle to inspect encrypted traffic,
limiting its ability to detect threats within secure communication channels.
 Inability to Monitor Host-Level Activities: NIDS focuses on network traffic and may not
provide detailed insights into activities at the host level, potentially missing host-specific
threats.
 Additional Network Overhead: Deploying and managing NIDS can introduce additional
network overhead, impacting performance, especially in high-traffic environments.
 Difficulty in Handling Network Complexity: In complex network architectures, including
cloud environments, virtualized networks, and distributed systems, deploying NIDS can be
challenging.
 Limited Protection against Insider Threats: NIDS is primarily designed to detect external
threats and may have limitations in identifying insider threats or malicious activities
originating within the network.
 Dependency on Regular Updates: NIDS relies on regularly updated signature databases to
identify known threats. Failure to update these signatures may result in the system being
less effective against new threats.

29) Explain various types of cyber attack in details.

Ans:

1. Malware Attacks

 Malware, short for "malicious software," includes viruses, worms, trojans, spyware, and
ransomware, making it a common type of cyber attack.
 It gets into computer a system usually through unsafe website links, emails, or unwanted
downloads.
 Once inside, malware does harmful things like stealing important information, messing with
the network, and sometimes even deleting data or shutting down the whole system.

2. Phishing Attack

 The attacker sends emails pretending to come from a trusted source. Phishing often involves
sending fraudulent emails to as many users as possible, but can also be more targeted.
 For example, "spear phishing personalizes the email is to target a specific user, while
"whaling" takes this a step further by targeting high-value individuals such as CEOs."
Different types of phishing attack are

Prepared By: Department of Computer Engineering Page 34

Subject Name: Basics of Information Security Subject Code: 4360702

3. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks

 A denial-of-service (DoS) attack aims to overwhelm a system, making it unable to respond

to genuine requests. In a distributed denial-of-service (DDoS) attack, the attacker uses many
infected computers to drain the system's resources.
 These attacks are called 'denial of service" because the targeted website can't help users
trying to access it.
 In a DoS attack, the site gets flooded with fake requests, using up its resources and causing it
to shut down. Unlike other cyber attacks that aim to gain access, DoS and DDoS attacks just
want to disrupt the target's service.
 If an attacker is hired by a competitor, they might benefit financially from the target's down
time. A DoS attack can also make the system vulnerable to other attacks when it goes
offline.
 To prevent DoS attacks, some use firewalls to detect and discard fake requests, ensuring
normal traffic flows without interruption.
 For instance, Amazon Web Services (AWS) experienced a major DoS attack in February
2020.

4. Man-in-the-Middle (MitM) Attacks

 A Man-in-the-Middle (MitM) attack occurs when an unauthorized entity intercepts the

communication between two end points, such as a user and an application.
 The attacker gains the ability to eavesdrop on the communication, steal sensitive data, and
assume the identity of each participant in the communication.

5. SQL Injection

 The attacker inputs an SQL query through an end user input channel, like a web form or
comment field.
 If the application is susceptible, it forwards the attacker's data to the database and executes
any injected SQL, commands. Many web applications, relying on Structured Query
Language (SQL) databases, are prone to SQL injection.
 A novel form of this attack is NoSQL attacks, specifically aimed at databases that don't
utilize a relational data structure.

6. Supply Chain Attacks

 A supply chain attack is when cyber bad guys try to break into a system by targeting its
connections. Instead of attacking a company directly, they go after its friends, like suppliers
or partners.
 Imagine a store that gets products from different suppliers. Instead of breaking into the store
directly, hackers might sneak into one of the suppliers and mess with the products there.
 Now, when the store gets those products, the problem comes along with them. So, the bad
guys get into the store's system without attacking it directly. It's like getting into a club by
pretending to be friends with someone already inside.
30) Explain Intruders and Hackers. (Types of Intruders and Types of Hackers. )
Ans:

Prepared By: Department of Computer Engineering Page 35

Subject Name: Basics of Information Security Subject Code: 4360702

Intruders
 In network security, an intruder refers to an unauthorized individual, system, or entity
that attempts to gain access to computer networks, systems, or data without proper
permission.
 The term is commonly associated with malicious actors who seek to exploit
vulnerabilities in network defenses for various purposes, such as unauthorized data
access, service disruption, or other malicious activities.
 Intruders can employ a variety of techniques, including exploiting software
vulnerabilities, phishing attacks, or using brute-force methods to compromise
passwords.
 Effective network security measures, including firewalls, intrusion
detection/prevention systems, encryption, and regular security audits, are crucial to
detect and mitigate the risks posed by potential Intruders and protect the integrity and
confidentiality of network resources.
Three Classes of Intruders
 Masquerader: - An individual who is not authorized to use the computer and who
penetrates a system's access controls to exploit a legitimate user's account.
 Misfeasor: - A legitimate user who accesses data, programs, or resources for
which such access not authorized, or who is authorized for such access but misuses
his or her privileges.
 Clandestine User: - An individual who seizes supervisory control of the system
and uses this control to escape auditing and access controls.
Hackers
 A hacker is someone who uses their computer skills to gain unauthorized access to
systems, networks, or data. Not all hackers are malicious; some use their skills for
ethical purposes, helping organizations Improve their security.
Types of Hackers
o Black Hat Hackers: Engage in hacking for malicious purposes, like stealing
information, causing damage, or disrupting systems.
o White Hat Hackers: Use their skills for good, working to strengthen security by
identifying and fixing vulnerabilities. They are often employed as ethical hackers or
security professionals.
o Grey Hat Hackers: Fall somewhere in between, engaging in hacking without official
authorization but not necessarily for harmful purposes. They may later inform
organizations about vulnerabilities.
 A black hat hacker would be like a thief trying to break in to steal valuable items. On
the other hand, a white hat hacker would act like a security consultant hired to find
weak points in the fortress and strengthen them.
 The black hat hacker wants to exploit weaknesses for personal gain, while the white
hat hacker aims to protect and improve security.
31) Explain Cyber space.
Ans:
 Cyberspace refers to the interconnected environment of computer systems, networks, and
digital technologies where information is created, stored, processed, and exchanged.

Prepared By: Department of Computer Engineering Page 36

Subject Name: Basics of Information Security Subject Code: 4360702

 It is essentially the virtual space in which digital communication, data storage, and online
activities take place. Here are some key aspects of cyberspace.
o Digital Realm: Cyberspace exists in the digital realm, comprising electronic data
and information accessible through computers and digital devices.
o Internet Infrastructure: The internet serves as a significant component of
cyberspace, connecting a vast network of computers and enabling global
communication.
o Information Exchange: Cyberspace facilitates the exchange of information
through various online platforms, including websites, social media, emails, and
messaging services.
o E-Commerce: Online transactions, shopping, and financial activities are
conducted within cyberspace through secure electronic payment systems.
o Cloud Computing: Services such as cloud storage and computing contribute to
cyberspace, allowing users to store and access data remotely.
o Virtual Communities: Social networks, forums, and online communities provide
spaces for people to interact and share information within cyberspace.
o Digital Innovation: Cyberspace is a hub for technological innovation, fostering the
development of new applications, software, and digital solutions.
o Internet of Things (IoT): Connected devices, part of the lot, contribute to the
expansion of cyberspace by creating an extensive network of interconnected smart
devices.
o Cyber Laws and Governance: Legal frameworks and regulations govern
activities within cyberspace, addressing issues such as privacy, data protection, and
cybercrimes.
o Cyber Threats and Risks: As a dynamic environment, cyberspace is vulnerable to
various threats, including cyber attacks, data breaches, and online fraud.
o Remote Collaboration: Cyberspace enables remote work and collaboration,
allowing individuals and teams to communicate and work together from different
locations.
32) Describe Cyber crime and problems associated with computer crime.
Ans:
 Cybercrimes are illegal activities carried out using digital technology, such as computers,
networks, and the internet.
 These illegal actions are often aimed at stealing sensitive information, causing financial
harm or disrupting digital systems.
 Imagine you have an online bank account. A cybercriminal might use phishing emails,
pretending to be your bank, to trick you into revealing your login credentials.
 Once they have this information, they could access your account, steal money, or even sell
your personal details to others.
 Traditional problems associated with computer crime, also known as cyber security
challenges, have evolved alongside the rapid advancement of technology. Here are some
longstanding issues
1) Unauthorized Access and Hacking
o Problem: Unauthorized individuals gaining access to computer systems, networks, or
databases

Prepared By: Department of Computer Engineering Page 37

Subject Name: Basics of Information Security Subject Code: 4360702

o Impact: Breach of sensitive information, loss of data integrity, and potential disruption
of services
2) Malware Attacks
o Problem: Malicious software (viruses, worms, Trojans, ransomware) designed to infect
and damage computer systems
o Impact: Data loss, system damage, financial losses, and potential compromise of
personal information
3) Phishing and Social Engineering
o Problem: Deceptive tactics used to trick individuals into revealing sensitive information
o Impact: Identity theft, financial losses, and unauthorized access to accounts
4) Identity Theft
o Problem: Unauthorized use of personal information to commit fraud or other criminal
activities
o Impact: Financial losses, damage to credit history, and potential legal issues for the
victim
5) Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks
o Problem: Overwhelming a system, network, or website with traffic to disrupt normal
functioning
o Impact: Service downtime, financial losses, and potential damage to an organization's
reputation
6) Data Breaches
o Problem: Unauthorized access to and disclosure of sensitive information
o Impact: Compromised customer data, loss of trust, and legal consequences
7) Insider Threats
o Problem: Employees or trusted individuals intentionally or unintentionally causing
harm to an organization's security
o Impact: Unauthorized access, data breaches, and compromised intellectual property

33) Explain DOS and DDOS attack.

Ans:
 A denial-of-service (DoS) attack aims to overwhelm a system, making it unable to respond
to genuine requests. In a distributed denial-of-service (DDoS) attack, the attacker uses
many infected computers to drain the system's resources.
 These attacks are called 'denial of service" because the targeted website can't help users
trying to access it.
 In a DoS attack, the site gets flooded with fake requests, using up its resources and causing
it to shut down. Unlike other cyber attacks that aim to gain access, DoS and DDoS attacks
just want to disrupt the target's service.
 If an attacker is hired by a competitor, they might benefit financially from the target's
down time. A DoS attack can also make the system vulnerable to other attacks when it
goes offline.
 To prevent DoS attacks, some use firewalls to detect and discard fake requests, ensuring
normal traffic flows without interruption.
 For instance, Amazon Web Services (AWS) experienced a major DoS attack in February
2020.

Prepared By: Department of Computer Engineering Page 38

Subject Name: Basics of Information Security Subject Code: 4360702

DoS attack techniques include

 HTTP flood DDoS- the attacker uses HTTP requests that appear legitimate to overwhelm
an application or web server.
 UDP flood DDoS-a remote host is flooded with User Datagram Protocol (UDP) packets
sent to random ports.
 ICMP flood -a barrage of ICMP Echo Request packets overwhelms the target, consuming
both inbound and outgoing bandwidth.

34) Define vulnerabilities and list out types of vulnerabilities.

Ans:
 Vulnerability is a weakness present in a computer system, network, or application, which
could be exploited by unauthorized individuals or malicious software. After exploiting
vulnerability, a cyber attack can run malicious code, install malware, and even steal
sensitive data.
 Various techniques can be used to exploit weaknesses, such as SQL injection, buffer
overflows, cross-site scripting (XSS), and open-source exploit kits that seek out known
vulnerabilities and security flaws in web applications.

Types of Vulnerabilities

o Software Vulnerabilities: Software vulnerabilities are weaknesses in computer programs

or applications. If a software program has a bug or error, it could be exploited by attackers.
An example is a security flaw in a web browser that allows hackers to take control of a
computer when a user visits a compromised website.
o Hardware Vulnerabilities: Hardware vulnerabilities are weaknesses in the physical
components of a computer or device. For example, a flaw in a computer's microprocessor
might allow unauthorized access.
o Human-Related Vulnerabilities: Human-related vulnerabilities involve mistakes or
actions by people that can be exploited. For instance, falling for phishing emails where
someone clicks on a fake link and unknowingly provides sensitive information, such as
passwords, is a human-related vulnerability.
o Network vulnerability: Network vulnerabilities refer to weaknesses in the connections
between devices, which can be exploited by attackers. It's like having a hole in the wall that
allows unwanted guests to enter. Example: Think of a Wi-Fi network without a password.
It's like leaving your front door wide open. Anyone nearby can connect, even those with bad
intentions. An attacker could sneak in, access your devices, and cause trouble. To fix this
vulnerability, you should "lock" your Wi-Fi with a strong password, making it harder for
unauthorized users to get in.

Prepared By: Department of Computer Engineering Page 39

Subject Name: Basics of Information Security Subject Code: 4360702

Prepared By: Department of Computer Engineering Page 40