Information Security Section A&B

Course Code: CS-324 Max marks=50 Time Allowed: 210 min

Instructions:

a- Gaining knowledge and practicing honesty go hand in hand. So, be honest with you during
online examination.
b- Don’t waste your time by searching the questions from internet. None of the question in
this sheet are taken from internet.
c- Question paper is conceptual, and ideology based. It is also assumed that no one can have
same ideas and same concepts on case studies. So, be careful in attempting the question
paper.
d- Any justification or similar idea found in answer sheets will be considered as cheating. All
papers having same answer (excluding mathematical) will be assumed copied and will be
treated as cheating.
e- The time which is 210 min includes the downloading of question paper and after
attempting the answers, uploading of answer sheets on LMS. So, don’t ask for extra time
please. The answer sheet uploaded after the said time will not be accepted in any case.
f- All questions having equal marks which is (2.5+2.5) marks of each question.

Final term Examination 19-08-2020

Information Security Section A&B

Case Study 1:
Networks Security starts from monitoring the network traffic and detecting any unusual activity.
These activities include multiple file traces which have inbound and outbound data. The attacker
uses this to penetrate in systems and for any malicious activity. See below the log file and network
architecture and answer the following questions.

Figure 1: Network Architecture

Sample Log File

Note: This is the log file collected from Host IDs and Network IDs. Most of the irrelevant entries
are not shown in this file.
1- 03:45:05. Packet from 10.15.3.6 to 45.2.14.55 (Log Entry= NIDs)
2- 03:45:07. Host 45.2.14.55. A login attempt was failed for account Ali (Log Entry = Host
= 45.2.14.55)
3- 03:45:08. Packet from 45.2.14.55 to 10.15.3.6 (Log Entry= NIDs)
4- 03:49:10. Packet from 10.15.3.6 to 45.2.14.55 (Log Entry= NIDs)

Final term Examination 19-08-2020

Information Security Section A&B

5- 03:49:12. Host 45.2.14.55. A login attempt was failed for account Ali (Log Entry = Host
= 45.2.14.55) External Host Internal Host
6- 03:49:13. Packet from 45.2.14.55 to 10.15.3.6 (Log Entry= NIDs)
7- 03:52:07. Packet from 10.15.3.6 to 45.2.14.55 (Log Entry= NIDs)
8- 03:52:09. Host 60.3.4.5. Successful login attempt for account Lee (Log Entry = Host =
45.2.14.55)
9- 03:52:10. Packet from 45.2.14.55 to 10.15.3.6 (Log Entry= NIDs)
10- 8:56:12. Packet from 45.2.14.55 to 123.28.5.2
11- TFTP request (Log Entry= NIDs)
12- (no corresponding host log entry)
13- 03:56:28. Series of packets from 123.28.5.210 to 45.2.14.55. TFTP response (Log Entry=
NIDs)
14- (no more host log entries)
15- 04:03:17. Packet from 45.2.14.55 to 10.17.8.40. SMTP (Log Entry= NIDs)
16- 04:06:12. Packet from 45.2.14.55 to 10.40.22.8. SMTP (Log Entry= NIDs)
17- 04:10:12. Packet from 45.2.14.55 to 60.0.1.1. TCP SYN=1, Destination Port 80 (Log
Entry= NIDs)
18- 04:10:13: Packet from 45.2.14.55 to 60.0.1.2. TCP SYN=1, Destination Port 80 (Log
Entry= NIDs)
Q.1(a+b). The log entries comprise of from HIDs and NIDs. As being an administrator, what do
you understand by this log file?
Q.2(a+b). Suppose the attacker wants to get into the Ali’s account. What are the possibilities of
success? Discuss using the available information in log file.
Q.3(a+b). Which steps should administrator take after reading the log file.
Q.4(a+b). Do you think attacker is out of options or do he have any options to get into the system?
Discuss your point of view.
Q.5(a+b). See the network architecture provided in the Figure.1 for moderate level sensitivity and
propose a suitable place of IDPS installations. Which type of IDs can be placed and what
should be the appropriate locations to install the IDPS.
Q.6(a+b). Using Figure. 1 for highly sensitive organization how can be honeynet or honeypot can
be deployed. What are the criteria and what will be the better option? Discuss in detail. Justify
your answer using the architecture diagram using honeynets or honeypots.

Case Study 2:
Select any random prime numbers to encrypt using RSA algorithm. It is to assume that none of
you will have the similar prime numbers. The prime number should be greater than 50.
Considering the above conditions, answer the following questions.

Final term Examination 19-08-2020

Information Security Section A&B

Q.7(a+b). After choosing the e (public key), calculate d (private key) using Euclid Algorithm.
Show the complete steps of calculation using the method.
Q.8(a+b). Take the number “025” add your roll number and encrypt the same data using the
calculated keys in Q.7. For example, if the roll number is 18201519-020, in this case add 020
in 025 which will become “45”. Take the plain text which will be 45 in this case and encrypt
and decrypt the plain text using the calculated keys.
Q.9(a+b). Make the ciphertext of following plain text using Vignere cipher.
Plain Text: “this is my final term paper of information security course”
Key: your first and last name initials to make it for 64 bits. For example, for me it will be
“ayeshaal”

Q.10(a+b). Ahmed is the owner of a website like amazon. Which type of security certificate it
requires? And how you (as a customer) can access that the website is genuine before having
any transaction. Which information you can have for that certificate? Discuss the case using
the labeled diagram along with explanation.

BEST OF LUCK

Final term Examination 19-08-2020