NIS QUESTION BANK (TEST 2)

(2 MARKS)

a. Define firewall. Enlist types of firewalls.

➢ Define:- A firewall is a network security device that monitors incoming and outgoing
network traffic and permits or blocks data packets based on a set of security rules. Its
purpose is to establish a barrier between your internal network and incoming traffic from
external sources (such as the internet) in order to block malicious traffic like viruses and
hackers.
➢ Types:- 1 .Packet Filter
2. Circuit level Gateway
3. Application Gateway
4. Software
5. Hardware
6. Hybrid
7. Stateful multilayer Inspection Firewall

b. Classify following cybercrimes:

i) Cyber stalking
ii) Email harassment
➢ i) Cyber stalking: Cyber Stalking means following some one’s activity over internet. This
can be done with the help of many protocols available such as e- mail, chat rooms, user
net groups.
OR
Cyber stalking: Cyberstalking/ Harassment refers to the use of the internet and other
technologies to harass or stalk another person online, and is potentially a crime in the
India under IT act-2000.
This online harassment, which is an extension of cyberbullying and in person stalking,
can take the form of e-mails, text messages, social media posts, and more and is often
methodical, deliberate, and persistent.

➢ ii) Email harassment: Email harassment is usually understood to be a form of stalking in

which one or more people send consistent, unwanted, and often threatening electronic
messages to someone else.
OR
Email harassment: Cybercrime against individual
c. Define AH & ESP with respect to IP security.
➢ Authentication header (AH):
1. The AH provides support for data integrity and authentication of IP packets. The
data integrity service ensures that data inside IP packet is not altered during the transit.
2. The authentication service enables an end user or computer system to authenticate
the user or the application at the other end and decides to accept or reject packets
accordingly.
➢ Encapsulation Header (ESP):
1. Used to provide confidentiality, data origin authentication, data integrity.
2. It is based on symmetric key cryptography technique.
3. ESP can be used in isolation or it can be combined with AH.

d. State the meaning of hacking.

➢ Hacking in simple terms means an illegal intrusion into a computer system and/or
network. Government websites are the hot target of the hackers due to the press
coverage; it receives. Hackers enjoy the media coverage.
OR
➢ Hacking is the act of identifying and then exploiting weaknesses in a computer system
or network, usually to gain unauthorized access to personal or organizational data.
Hacking is not always a malicious activity, but the term has mostly negative
connotations due to its association with cybercrime.

e. Explain need of firewall.

➢ Controlling access to network resources.
➢ Protecting against unauthorized intrusion.
➢ Blocking harmful traffic and software.
➢ Regulating network traffic.
➢ Shielding from cyber threats.
➢ Preventing data breaches.

f. Explain use of PCI DSS.

➢ The Payment Card Industry Data Security Standard (PCI DSS) is a set of security
standards designed to ensure that all companies that accept process, store or transmit
credit card information maintain a secure environment. PCI DSS is the global data
security standard that any business of any size must adhere to in order to accept
payment cards, and to store, process, and/or transmit cardholder data. It presents
common sense steps that mirror best security practices.
g. Explain Policies of Firewall.
➢ Policies of firewall: a) All traffic from inside to outside and vice versa must pass
through the firewall. To achieve this all access to local network must first be
physically blocked and access only via the firewall should be permitted. As per local
security policy traffic should be permitted.
b) The firewall itself must be strong enough so as to render attacks on it useless.

h. Explain limitations of Firewall.

➢ Limitations:-
1. Firewall do not protect against inside threats.
2. Packet filter firewall does not provide any content based filtering.
3. Protocol tunneling, i.e. sending data from one protocol to another protocol which
negates the purpose of firewall.
4. Encrypted traffic cannot be examine and filter.
 (4 MARKS)
a) Differentiate between host-based & network-based IDS.
b) Explain DMZ.
➢ i) It is a computer host or small network inserted as a “neutral zone” in a
company’s private network and the outside public network. It avoids outside users
from getting direct access to a company’s data server. A DMZ is an optional but
more secure approach to a firewall. It can effectively acts as a proxy server.
ii) The typical DMZ configuration has a separate computer or host in network
which receives requests from users within the private network to access a web
sites or public network. Then DMZ host initiates sessions for such requests on the
public network but it is not able to initiate a session back into the private network.
It can only forward packets which have been requested by a host.

Advantages:-
1. Security: Protects internal network.
2. Simplified Management: Easier maintenance.
3. Reliability: Minimizes disruptions.
4. Scalability: Allows for separate scaling of external-facing services.
5. Compliance: Facilitates adherence to security standards.
Disadvantages:-
1. Complexity: Requires configuration.
2. Cost: Increased expenses.
3. Limited Flexibility: May restrict access.
4. Maintenance Overhead: Ongoing monitoring.
5. Single Point of Failure: Vulnerability risk.
c) Differentiate between firewall & IDS.
d) Explain working principle of SMTP.
➢ 1) Composition of Mail: A user sends an e-mail by composing an electronic mail
message using a Mail User Agent (MUA). Mail User Agent is a program which is
used to send and receive mail. The message contains two parts: body and header.
The body is the main part of the message while the header includes information such
as the sender and recipient address. The header also includes descriptive information
such as the subject of the message. In this case, the message body is like a letter and
header is like an envelope that contains the recipient's address.
2) Submission of Mail: After composing an email, the mail client then submits the
completed e-mail to the SMTP server by using SMTP on TCP port 25.
3) Delivery of Mail: E-mail addresses contain two parts: username of the recipient
and domain name. For example, vivek@gmail.com, where "vivek" is the username
of the recipient and "gmail.com" is the domain name. If the domain name of the
recipient's email address is different from the sender's domain name, then MSA will
send the mail to the Mail Transfer Agent (MTA). To relay the email, the MTA will
find the target domain. It checks the MX record from Domain Name System to
obtain the target domain. The MX record contains the domain name and IP address
of the recipient's domain. Once the record is located, MTA connects to the exchange
server to relay the message.
4) Receipt and Processing of Mail: Once the incoming message is received, the
exchange server delivers it to the incoming server (Mail Delivery Agent) which
stores the e-mail where it waits for the user to retrieve it.
5) Access and Retrieval of Mail: The stored email in MDA can be retrieved by using
MUA (Mail User Agent). MUA can be accessed by using login and password.
e) Explain the working of Kerberos.
➢ Kerberos is a network authentication protocol. It is designed to provide strong
authentication for client/server applications by using secret-key cryptography. It
uses secret key cryptography. It is a solution to network security problems. It
provides tools for authentication and strong cryptography over the network to help
you secure your information system There are 4 parties involved in Kerberos
protocol:- i)User ii) Authentication service (AS) iii) Ticket granting server (TGS)
iv) Service server
➢ Working of Kerberos:
i. The authentication service, or AS, receivers the request by the client and
verifies that the client is indeed the computer it claims to be. This is usually
just a simple database lookup of the user’s ID.

ii. Upon verification, a timestamp is created. This puts the current time in a user
session, along with an expiration date. The default expiration date of a
timestamp is 8 hours. The encryption key is then created. The timestamp
ensures that when 8 hours is up, the encryption key is useless.
iii. The key is sent back to the client in the form of a ticket-granting ticket, or
TGT. This is a simple ticket that is issued by the authentication service. It is
used for authentication the client for future reference.

iv. The client submits the ticket-granting ticket to the ticket-granting server, or
TGS, to get authenticated.
 v. The TGS creates an encrypted key with a timestamp, and grants the client a
service ticket.

vi. The client decrypts the ticket, tells the TGS it has done so, and then sends its
own encrypted key to the service.

vii. The service decrypts the key, and makes sure the timestamp is still valid. If it
is, the service contacts the key distribution center to receive a session that is
returned to the client.

viii. The client decrypts the ticket. If the keys are still valid, communication is
initiated between client and server.
f) Explain honeypots.
➢ Honeypots are designed to purposely engage and deceive hackers and identify
malicious activities performed over the Internet. The honeypots are designed to
do the following:
i. Divert the attention of potential attacker.
ii. Collect information about the intruder’s action.
iii. Provide encouragement to the attacker so as to stay for some time, allowing the
administrations to detect this and swiftly act on this.
Honeypots are designed for 2 important goals:-
1. Make them look-like full real-life systems.
2. Do not allow legitimate users to know about or access them.
 g) Explain IPsec security with help of diagram.
➢

It encrypts and seal the transport and application layer data during transmission. It also
offers integrity protection for internet layer. It sits between transport and internet layer
of conventional TCP/IP protocol.
1. Secure remote internet access: Using IPsec make a local call to our internet
services provider (ISP) so as to connect to organization network in a secure
fashion from our house or hotel from there; to access the corporate network
facilities or access remote desktop/servers.
2. Secure branch office connectivity: Rather than subscribing to an expensive leased
line for connecting its branches across cities, an organization can setup an IPsec
enabled network for security.
3. Setup communication with other organization: Just as IPsec allow connectivity
between various branches of an organization, it can also be used to connect the
network of different organization together in a secure & inexpensive fashion.
Basic Concept of IPsec Protocol: IP packet consist two position IP header & actual data
IPsec feature are implemented in the form of additional headers called as extension
header to the standard, default IP header. IPsec offers two main services authentication
& confidentially. Each of these requires its own extension header. Therefore, to support
these two main services, IPsec defines two IP extension header one for authentication
& another for confidentiality.
It consists of two main protocols
• Authentication header (AH): Authentication header is an IP Packet (AH) protocol
provides authentication, integrity & an optional antireply service. The IPsec AH
is a header in an IP packet. The AH is simply inserted between IP header & any
subsequent packet contents no changes are required to data contents of packet.
Security resides completing in content of AH.
• Encapsulation Header (ESP): Used to provide confidentiality, data origin
authentication, data integrity. It is based on symmetric key cryptography
technique. ESP can be used in isolation or it can be combined with AH.
h) Write short note on firewall configuration.
➢ A firewall is combination of packet filter and application-level gateway, Base on
these there are three types of configurations

1. Screened Host firewall, Single-Homed Base station:-

a) Here, the firewall configuration consist of two parts a packet filter router and
application level gateway.
b) A packet filter router will ensure that the income traffic will allowed only if it is
intended for the application gateway, by examining the destination address field of each
incoming IP Packet.
2. Screened Host Firewall , Dual Homed Bastion:-
a) Configuration the direct connection between internal host and packet filter are
avoided.
b) Here the packet filter connection only to the application gateway, which is turned as
separate connection with the internal host.
c) Hence, Packet filter is successfully attacked, and then only application gateway is
visible to the attacker.

3. Screened Subnet Firewall:-

a) This type of configuration offer highest security among the possible configurations.
b) In this type two packet filters are used, one between internet and application
gateway and other in between application gateway and internal network.
c) This configuration achieve 3 level of security of an attacker to break into