Information Security (CSPC-02)

(Theory)

Group ‘A’

Q. No.1

a) Define “Cryptography”

ans- the process of encryption and decryption is knoen as cryptography.

b) “Trojan Horse” is a _________.

Ans- malware

c) “Steganography” is a technique to conceal the existence of the message. (True/False)

ans- false.

d) “DDoS” Attacks Stands for___________.

Ans- Distributed denial-of-service

e) What is a “botnet”

ans- A bot is a piece of malware that infects a computer to carry out commands under the remote control
of the attacker

f) The process of creation of E-mail messages with a forged sender address is known as _________.

Ans- Email spoofing

g) Define “Phishing”

ans- Phishing is a fraudulent practice in which an attacker masquerades as a reputable entity or person
in an email or other form of communication.

h) ______________ is the protection of data that resides on disk drives on computer systems or is transmitted
between systems.

Ans-data encrption

i) ____________ is the identification or verification of someone's identity on the basis of physiological or

behavioural characteristics.

Ans-Biometric identification

j) Those individuals who engage in computer hacking activities are typically referred to as _____________.

Cybercriminals
Group ‘B’

Q. No 2.

a) What are the different types of security attack? Explain briefly

There are several types of security attacks but we can classify them based on the security goals they compromise.
i.Attacks on Confidentiality

Snooping refers to unauthorized access to or interception of data.

Traffic analysis refers to obtaining some other type of information by monitoring online traffic.

ii. Attacks on Integrity

Modification means that the attacker intercepts the message and changes it.

Masquerading or spoofing happens when the attacker impersonates somebody else. Replaying means the attacker
obtains a copy of a message sent by a user and later tries to replay it. Repudiation means that sender of the
message might later deny that she has sent the message; the receiver of the message might later deny that he has
received the message.

iii. Attacks on Availability Denial of Service (DoS) is a very common attack. It may slow down or totally interrupt the
service of a system

b) What is malware? How it is different from Virus?

malware stands for Malicious Software and it is designed to gain access or installed into the computer without the
consent of the user.

Malware is a catch-all term for any type of malicious software, regardless of how it works, its
intent, or how it's distributed. A virus is a specific type of malware that self-replicates by inserting
its code into other programs.

c) Distinguish between Symmetric and Asymmetric Key Cryptography.

Symmetric Key Cryptography Asymmetric Key Cryptography

There is only one key (symmetric key) There are two different cryptographic keys
is used, and the similar key can be used (asymmetric keys), known as the public and the
to encrypt and decrypt the message. private keys, are used for encryption and
decryption.

It is effective as this technique is It is inefficient as this approach is used only for

recommended for high amounts of text. short messages.

Symmetric encryption is generally used It is generally used in smaller transactions. It is

to transmit bulk information. used for making a secure connection channel
before transferring the actual information.

Symmetric key cryptography is also Asymmetric key cryptography is also known as

known as secret-key cryptography or public-key cryptography or a conventional
private key cryptography. cryptographic system.

Symmetric key cryptography uses fewer Asymmetric key cryptography uses more
resources as compared to asymmetric resources as compared to symmetric key
 Symmetric Key Cryptography Asymmetric Key Cryptography

key cryptography. cryptography.

The length of the keys used is The length of the keys is much higher, such as
frequently 128 or 256 bits, based on the the recommended RSA key size is 2048 bits or
security need. higher.

d) Differentiate between Passive Attacks and Active Attacks.

Active Attack Passive Attack

In an active attack, Modification in While in a passive attack, Modification in the

information takes place. information does not take place.

Active Attack is a danger to Integrity as

Passive Attack is a danger to Confidentiality.
well as availability.

In an active attack, attention is on

While in passive attack attention is on detection.
prevention.

Due to active attacks, the execution While due to passive attack, there is no harm to
system is always damaged. the system.

In an active attack, Victim gets informed While in a passive attack, Victim does not get
about the attack. informed about the attack.

Group ‘C’

Q. No 3.

a) What do you mean by Hacking? Explain different types of Hacking.

A commonly used hacking definition is the act of compromising digital devices and networks
through unauthorized access to an account or computer system. Hacking is not always a malicious
act, but it is most commonly associated with illegal activity and data theft by cyber criminals
Types of Hacking :
Hacking is something from which you’ve to protect yourself and solely can be done by
anticipating how a hacker might think to get into the system.
1. Phishing –
In this type of hacking, hackers intention is to steal critical information of users like
account passwords, MasterCard detail, etc. For example, hackers can replicate an
original website for users interaction and can steal critical information from the
 duplicate website the hacker has created.

2. Virus –
These are triggered by the hacker into the filters of the website once they enter into it .
The purpose is to corrupt the information or resources on the net website.

3. UIredress –
In this technique, the hacker creates a pretend interface and once the user clicks with
the intent of progressing to a particular website, they are directed to a special website.

4. Cookie theft –
Hackers access the net website exploitation malicious codes and steal cookies that
contain tips, login passwords, etc. Get access to your account then will do any factor
besides your account.

5. DistributedDenial-of-service(DDoS) –
This hacking technique is aimed toward taking down a website so that a user cannot
access it or deliver their service. Gets the server down and stops it from responding,
which may cause a condition error constantly.

6. DNSspoofing –
This essentially uses the cache knowledge of an internet website or domain that the
user might have forgotten keeping up to date. It then directs the data to a distinct
malicious website.

7. SocialEngineering –
Social engineering is an attempt to manipulate you to share personal info, sometimes
by impersonating a trustworthy supply.

8. Missing Security Patches –

Security tools will become outdated as a result of the hacking landscape advancement
and needs frequent updates to protect against new threats.

9. Malware-Injection Devices –
Cyber-criminals will use hardware to sneak malware onto your pc. You would have
detected infected USB sticks which can allow hackers remote access to your device
when it is connected to your pc.

10. CrackingPassword –
Hackers will get your credentials through a technique known as key-logging.

b) Differentiate between threat, vulnerabilities and risks with example.

 Threat Vulnerability Risks

Take advantage of Known as the weakness in

vulnerabilities in the hardware, software, or The potential for loss or
system and have the designs, which might destruction of data is caused
potential to steal and allow cyber threats to by cyber threats.
1. damage data. happen.

Generally, can’t be
Can be controlled. Can be controlled.
2. controlled.

It may or may not be

Generally, unintentional. Always intentional.
3. intentional.

Reducing data transfers,

Vulnerability management downloading files from
is a process of identifying reliable sources, updating the
the problems, then software regularly, hiring a
Can be blocked by
categorizing them, professional cybersecurity
managing the
prioritizing them, and team to monitor data,
vulnerabilities.
resolving the developing an incident
vulnerabilities in that management plan, etc. help to
order. lower down the possibility of
4. cyber risks.

Can be detected by
Can be detected by Can be detected by identifying mysterious emails,
anti-virus software penetration testing suspicious pop-ups, observing
and threat detection hardware and many unusual password activities, a
logs. vulnerability scanners. slower than normal network,
5. etc.

c) Define “Cyber Crime”. List the reasons for the Commission of Cyber Crimes.

Cybercrime is criminal activity that either targets or uses a computer, a computer network or a
networked device. Most cybercrime is committed by cybercriminals or hackers who want to make
money. However, occasionally cybercrime aims to damage computers or networks for reasons
other than profit. These could be political or personal.

Cybercrime can be carried out by individuals or organizations. Some cybercriminals are organized,
use advanced techniques and are highly technically skilled. Others are novice hackers.

Reasons for Commission of Cyber Crimes

There are many reasons which act as a catalyst in the growth of cyber crime. Some of the
prominent reasons are:
a. Money: People are motivated towards committing cyber crime is to make quick and easy
money.
b. Revenge: Some people try to take revenge with other person/organization/society/ caste or
religion by defaming its reputation or bringing economical or physical loss. This comes
under the category of cyber terrorism.
c. Fun: The amateur do cyber crime for fun. They just want to test the latest tool they have
encountered.
d. Recognition: It is considered to be pride if someone hack the highly secured networks like
defense sites or networks.
e. Anonymity- Many time the anonymity that a cyber space provide motivates the person to
commit cyber crime as it is much easy to commit a cyber crime over the cyber space and
remain anonymous as compared to real world.
It is much easier to get away with criminal activity in a cyber world than in the real world.
There is a strong sense of anonymity than can draw otherwise respectable citizens to
abandon their ethics in pursuit personal gain.
f. Cyber Espionage: At times the government itself is involved in cyber trespassing to keep
eye on other person/network/country. The reason could be politically, economically socially
motivated.

d) Explain the Network Security Model with diagram.

A model for network security is shown in the following figure. A message is to be transferred from
one party to another across some sort of Internet service. The two parties, who are the principals in
this transaction, must cooperate for the exchange to take place. A logical information channel is
established by defining a route through the Internet from source to destination and by the
cooperative use of communication protocols (e.g., TCP/IP) by the two principals.
Security aspects come into play when it is necessary or desirable to protect the information
transmission from an opponent who may present a threat to confidentiality, authenticity, and so on.
All the techniques for providing security have two components: One is a security-related
transformation on the information to be sent. Examples include the encryption of the message,
which scrambles the message so that it is unreadable by the opponent, and the other is the addition
of a code based on the contents of the message, which can be used to verify the identity of the
sender.
Some secret information shared by the two principals and, it is hoped, unknown to the opponent.
An example is an encryption key used in conjunction with the transformation to scramble the
message before transmission and unscramble it on reception. A trusted third party may be needed
to achieve secure transmission. For example, a third party may be responsible for distributing the
secret information to the two principals while keeping it from any opponent. Otherwise a third
party may be needed to arbitrate disputes between the two principals concerning the authenticity of
a message transmission
This general model shows that there are four basic tasks in designing a particular security service:
1. Design an algorithm for performing the security-related transformation. The algorithm should
be such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the security algorithm and
the secret information to achieve a particular security service
Group ‘D’

Q. No 4.

a) What is an Intrusion Detection System? Explain the different categories Intrusion Detection System in details.

An Intrusion Detection System (IDS) is a device or software application that monitors network or
system activities for malicious activities or policy violations and produces reports to a
management. In some cases the IDS may also respond to anomalous or malicious traffic by taking
action such as blocking the user or source IP address from accessing the network. An Intrusion
Prevention System (IPS) is a type of IDS that can prevent or stop unwanted traffic. The IPS usually
logs such events and related information.
There are three main components to the Intrusion detection system.
a. Network Intrusion Detection system (NIDS)–It performs an analysis for a passing traffic on
the entire subnet. Works in a promiscuous mode, and matches the traffic that is passed on
the subnets to the library of knows attacks. Once the attack is identified, or abnormal
behaviour is sensed, the alert can be send to the administrator. Example of the NIDS would
be installing it on the subnet where you firewalls are located in order to see if someone is
trying to break into your firewall.
 b. . Host Intrusion Detection System (HIDS) – It takes a snap shot of your existing system files
and matches it to the previous snap shot. If the critical system files were modified or
deleted, the alert is sent to the administrator to investigate. The example of the HIDS can be
seen on the mission critical machines that are not expected to change their configuration.

c. Network Node Intrusion detection system (NNIDS) – It performs the analysis of the traffic
that is passed from the network to a specific host. The difference between NIDS and
NNIDS is that the traffic is monitored on the single host only and not for the entire subnet.
The example of the NNIDS would be, installing it on a VPN device, to examine the traffic
once it was decrypted. This way you can see if someone is trying to break into your VPN
device
b) Explain RSA algorithm with suitable example.

The asymmetric algorithm RSA was published in 1977 and patented by MIT in 1983. The RSA
Algorithm is the most common asymmetric cryptography algorithm and is the basis for several
products. RSA stands for last names of its three developers, Ron Rivest, Adi Shamir and Leonard
Adleman. The RSA algorithm multiples two large prime numbers (a prime number is a number
divisible only by itself and 1), p and q, to compute their product (n=pq)). Next a number e is
chosen that is less than n and a prime factor to (p-1)(q-1). Another number d is determined, so that
(ed-1) is divisible by (p-1) (q-1). The values of e and d are the public and private exponents. The
public key is the pair (n.e), while the private key is (n,d). The numbers p and q can be discarded.
An illustration of the RSA algorithm using very small number is as follows:
Select two prime numbers, p and q (in this example), p=7 and q=19). multiply p and q together to
create n (7*19=133)
iii. Calculate m as p-1* q-1([7-1] * [19-1] or 6 * 18 = 108)
iv. Find a number e so that it and m have no common positive divisor other than 1(5)
v. Find a number d so that d=1+n*m)/e ([1+3*108]/5 or 325/5 = 65 For this example, the public
key n is 133 and e is 5, while for the private key, n is133 and d is 65. Note: RSA is slower than
other algorithms; DES is approximately 100 times faster than RSA in software and between 1,000
and 10,000 times as fast in hardware