NIS UT 2 Question Bank Solution

________________________________________________________________
1.State need of firewall.

A firewall is needed to protect a computer network from unauthorized access, cyber threats,
and malware attacks. It acts as a security barrier between a trusted internal network and
untrusted external networks like the internet.

Key Reasons for Using a Firewall:

1. Prevents Unauthorized Access – Blocks hackers and unauthorized users from

accessing private data.
2. Protects Against Malware & Viruses – Stops harmful software from entering the
network.
3. Monitors Network Traffic – Controls incoming and outgoing data to detect suspicious
activities.
4. Enhances Security Policies – Enforces rules for safe internet usage in an organization.
5. Prevents Data Theft – Secures sensitive information from cybercriminals.

___________________________________________________________________________

2.State importance Steganography

Steganography is the technique of hiding secret information within digital media like
images, audio, videos, or text. It is important because it provides secure and hidden
communication without drawing attention.

Key Importance of Steganography:

1. Ensures Data Confidentiality – Hides information so that only the intended recipient
knows about it.
2. Prevents Unauthorized Access – Even if someone intercepts the file, they won’t
detect the hidden message.
3. Used in Secure Communication – Helps in military, government, and corporate data
exchange.
4. Avoids Detection by Hackers – Unlike encryption, steganography does not raise
suspicion.
5. Helps in Digital Watermarking – Protects copyrights by embedding hidden
ownership details in media files.
3. State email security Protocol

Simple Mail Transfer Protocol (SMTP)

 The TCP/IP protocol that supports electronic mail on the Internet is called Simple Mail
Transfer Protocol (SMTP).
 SMTP is request/response-based, meaning the email client software at the sender’s end
gives the email message to the SMTP server.
 SMTP provides mail exchange between users on the same or different computers.
 The SMTP protocol is used to transfer messages from the SMTP sender to the SMTP
receiver over a TCP connection.

POP – Post Office Protocol

 Post Office Protocol (POP) is used only for retrieving emails from a mail server.
 It uses plain text for communication and follows a request/response mechanism like
SMTP.
 The POP server sends a plus (+) sign at the beginning of a successful response and a
minus (-) sign to indicate failure.

Simpler Version (Easy to Remember)

 POP is used to retrieve emails from the server to a device.

 It communicates in plain text and follows a request/reply system like SMTP.
 The server responds with (+) for success and (-) for failure.

IMAP – Internet Mail Access Protocol

 IMAP is a plaintext mail protocol that combines features of both POP and SMTP. It
allows users to send and receive emails.
 The user connects to the IMAP server, authenticates, and then starts working.
 IMAP stores emails on the server by default, but users can also download emails for
offline access.
 Communication between the client and server using SMTP is in human-readable ASCII
text.

Simpler Version (Easy to Remember)

 IMAP helps in both sending and receiving emails, combining features of POP and
SMTP.
 Users connect, authenticate, and access emails on the server.
 Emails are stored on the server by default, but users can also save them offline.
 SMTP communication uses human-readable ASCII text.

(Draw the diagram in which centre is types of emails protocols and 3 protocols names
joint to it.)
4. Describe working principle of SMTP.
(Writes some theory regarding to SMTP Protocol which are men oned above)
SMTP opera on follows three phases The basic phases of an email communica on consists
of the following steps :
• At the sender’s end, an SMTP server takes the message sent by a users computer
• The SMTP server at the senders end then transfer the message to the SMTP server of the
receiver
• The receivers computer then pulls the mail message from the SMTP server at the receivers
end using other email protocols such as Post Office Protocol (POP) or Internet Mail Access
Protocol (IMAP).
(Draw the diagram where 3 nodes sender receiver and server with its protocols.)

5.Define AS, TGT with respect to Kerberos.

AS (Authentication Server) in Kerberos:

 The Authentication Server (AS) is responsible for authenticating the user and issuing a
Ticket Granting Ticket (TGT).
 When a user first logs into the network, the AS verifies their credentials (like a
password) and generates a TGT.
 The TGT is a temporary ticket that proves the user’s identity and can be used to request
additional service tickets from the Ticket Granting Server (TGS).

TGT (Ticket Granting Ticket) in Kerberos:

 The Ticket Granting Ticket (TGT) is a time-limited credential that proves a user’s
identity after authentication by the AS.
 It is issued by the Authentication Server (AS) and allows the user to request service
tickets for accessing various services within the network, without needing to re-enter
credentials.
 The TGT can be used by the user to authenticate to the Ticket Granting Server (TGS)
to receive service-specific tickets for accessing resources.

Summary:

 AS is the server that authenticates the user and issues the TGT.
 TGT is a special ticket used to obtain other service tickets for accessing network
resources securely.
6. List different types of Firewall

1. Packet Filtering Firewall

2. Stateful Inspection Firewall
3. Proxy Firewall (Application-Level Gateway)
4. Next-Generation Firewall (NGFW)
5. Circuit-Level Gateway
6. Dual-Homed Gateway
7. Bastion Host

7.Explain Firewall configuration.

(Ask for how much we have to write)

8. Describe Identity theft and Fraud

 Identity theft is a specific form of fraud in which cybercriminals steal personal data such
as passwords, bank account information, credit cards, debit cards, social security
numbers, and other sensitive information.

 Fraud is a broader term used to describe any cybercrime aimed at deceiving a person to
gain access to important data. Fraud can involve altering, destroying, stealing, or suppressing
information to gain unlawful access or benefits.

9 .State importance of honey pots

A honeypot is a security tool used to attract and trap cybercriminals by simulating vulnerable
systems or networks. Here's why honeypots are important:

1. Detect Cyber Attacks – Honeypots help in identifying and tracking cyber attacks
early, providing valuable insights into attacker methods.
2. Deceive Hackers – By acting as fake targets, honeypots distract hackers from real
systems, preventing damage to important data or networks.
3. Study Attacker Behavior – Honeypots allow security teams to study hacker
techniques and improve defenses against future threats.
4. Prevent Network Breaches – They act as an early warning system, detecting
potential breaches before they affect critical systems.
5. Improve Security Measures – Honeypots help in strengthening overall security by
revealing weaknesses and testing new defense strategies.
10. Same Question (Firewall Configuration with neat diagram)

11. Explain Digital Signature in detail

• A digital signature is an electronic signature

• It is used to authenticate the identity of the sender of a document

• It is the ability to ensures that the original content of the message or document that has been
sent is unchanged.

• If the message with digital signature arrived means that the sender cannot easily repudiate it
later

• A digital signature can be used with encrypted or plain text message , so that the receiver can
be ensured the identity of the sender & the message received is original.

How Digital Signatures Work:

1. Hashing the Message:

o A hash function is applied to the message or document, creating a unique
digital fingerprint (hash) of the data. This ensures that even a small change in
the document will result in a completely different hash.
2. Private Key Encryption:
o The sender's private key is used to encrypt the hash. This encrypted hash
becomes the digital signature.
3. Transmission:
o The digital signature is sent along with the document to the recipient.
4. Verification by Recipient:
o The recipient uses the sender’s public key to decrypt the digital signature,
which returns the hash value.
o The recipient then calculates the hash of the received message and compares
it to the decrypted hash. If they match, the message is authentic and
untampered.
Advantages of Digital Signatures:

1. Security: Digital signatures use strong encryption, making them very secure and hard
to forge or alter.
2. Authentication: They prove the identity of the sender, ensuring that the message
really came from them.
3. Integrity: Any change to the message will break the signature, so you can be sure the
message hasn’t been tampered with.
4. Non-Repudiation: The sender cannot deny sending the message once it's signed,
providing proof of the transaction.
5. Efficiency: Digital signatures are faster and more convenient than traditional paper-
based signatures, especially for online transactions.

Disadvantages of Digital Signatures:

1. Dependence on Technology: Digital signatures require software and hardware for

creating and verifying them, so they can be difficult to use without the right tools.
2. Cost: Some digital signature services require a fee or subscription, making them more
expensive than traditional methods.
3. Public Key Infrastructure (PKI) Dependency: The system relies on a trusted
third-party (like a certificate authority) to verify signatures, which could cause
problems if the system fails.
4. Complexity: The process of obtaining and managing digital certificates can be
complicated for non-technical users.
5. Privacy Concerns: If the public key is misused or compromised, someone could
impersonate the sender or read encrypted data.

12. Describe Network Based Intrusion detection technique with suitable

diagram.

What is NIDS?

 A Network-based Intrusion Detection System (NIDS) focuses on monitoring

network traffic, looking at the bits and bytes traveling through the cables that
connect the system.
 It examines network traffic in real time, analyzing it based on:
o Protocol
o Type
o Amount
o Source and destination
o Content
What NIDS Looks for:

 Denial of Service (DoS) Attacks

 Port Scans or Sweeps
 Malicious Content in Data
 Vulnerability Scanning
 Trojans, Viruses, or Worms
 Tunneling
 Brute Force Attacks

Components of NIDS:

1. Traffic Collector:
o Reads every packet that passes through the network.
o Attaches itself to the network interface card (NIC) to receive every packet
and forward it to the analysis engine.
2. Analysis Engine:
o Examines the packets individually, and if needed, reassembles the entire
traffic session.
o Can handle the flow of traffic and match attack patterns in real time.
3. Signature Database:
o A collection of patterns or definitions of known malicious activities.
4. User Interface:
o Provides an interface for the user to interact with the IDS.
o Alerts the user when suspicious activity is detected.

Advantages of NIDS:

 Low Cost: Cheaper to deploy, maintain, and upgrade.

 Wide Coverage: It provides IDS coverage to multiple systems across the network.
 Traffic Visibility: Can monitor all network traffic, correlating attacks across
multiple systems.

Disadvantages of NIDS:

 Encrypted Traffic: It is ineffective with encrypted network traffic.

 Limited Traffic Scope: Cannot see traffic that doesn’t pass through it.
 High Traffic Volume: Needs to handle large amounts of traffic effectively.
 Limited Host Visibility: Doesn’t have direct access to host activities.
Simplified Version for Easy Understanding:

 NIDS watches network traffic to spot problems like DoS attacks, viruses, or
scanning.
 It uses a traffic collector to read all data, an analysis engine to check for issues, and
a signature database to recognize known attacks.
 Advantages: It’s cheap, sees all network traffic, and gives coverage for multiple
systems.
 Disadvantages: Encrypted traffic can’t be checked, it misses traffic that doesn’t go
through it, and it struggles with high traffic volumes.

13.What is Kerberos? Explain with diagram different servers involved in

Kerberos.

 Kerberos is a network authentication protocol designed to provide strong

authentication for client/server applications using secret key cryptography.
 It helps solve network security problems and provides tools for authentication and
strong cryptography to secure your information system.
Servers Involved in Kerberos:

1. User:
o The individual or system trying to access services within the network.
2. Authentication Server (AS):
o Verifies the user's identity and provides a Ticket Granting Ticket (TGT).
3. Ticket Granting Server (TGS):
o Uses the TGT from the Authentication Server to issue service-specific tickets
to the user.
4. Service Server:
o The server that provides the requested services to the user, using the ticket
provided by the TGS.

Simplified Version for Easy Understanding:

 Kerberos is a protocol that uses secret keys to securely authenticate users and
services in a network.
 4 Servers in Kerberos:
1. User (who needs access)
2. Authentication Server (AS) (checks user identity)
3. Ticket Granting Server (TGS) (gives tickets for services)
4. Service Server (provides the actual service).
14.What is IPSec? Describe Authentication Header of IP Security.
TheIP security (IPSec) is an Internet Engineering Task Force (IETF) standard suite of protocols
between 2 communication points across the IP network that provide data authentication,
integrity, and confidentiality. It also defines the encrypted, decrypted and authenticated packets.
Authentication Header (AH)-
It also provides data integrity, authentication and anti replay and it does not provide encryption.
The anti replay protection, protects against unauthorized transmission of packets. It does not
protect data’s confidentiality.
AH Protocol: AH (Authentication Header) Protocol provides both Authentication and Integrity
service. Authentication Header is implemented in one way only: Authentication along with
Integrity.

15. Describe Host Based Intrusion detection technique with suitable

diagram.
Host-based IDS:
Examines activity on an individual system, such as a mail server, web server, or individual PC.
It is concerned only with an individual system and usually has no visibility into the activity on
the network or systems around it.
What is HIDS?

 HIDS is a security system designed to monitor and detect suspicious activities only
on a specific host (computer/server).
 It examines log files, audit trails, and network traffic related to that particular
system.
 It can work in real-time (monitoring continuously) or in batch mode (checking logs
periodically).

How HIDS Works?

1. Monitors System Logs:

o HIDS examines logs generated by the operating system or applications.
o It checks for unusual activities like failed logins, new user accounts, or
system file changes.
2. Uses Local System Resources:
o HIDS runs directly on the host machine and uses its memory and CPU
power to operate.
3. Can Work with a Central System:
o Modern HIDS can send reports to a central management system for better
monitoring.
What HIDS Monitors?

On UNIX Systems:

 Syslog logs (messages, kernel logs, error logs).

On Windows Systems:

 Event Logs:
o Application logs
o System logs
o Security logs

Specific Applications:

 HIDS can also monitor logs for FTP, web services, and other applications.

Activities Detected by HIDS:

HIDS looks for actions that may indicate an attack or misuse, such as:

✅ Logins at odd hours

✅ Failed login attempts
✅ New user accounts created
✅ Changes or access to important system files
✅ Modification or removal of program files
✅ Starting or stopping system processes
✅ Privilege escalation (gaining higher system access)
✅ Use of certain unauthorized programs

Simplified Version for Easy Understanding:

 HIDS monitors a single computer or server, checking its logs, user activities, and
system changes to detect attacks.
 It works continuously or periodically to find anything suspicious.
 Detects unusual logins, file changes, and system modifications to keep the system
safe.
16.Describe COBIT framework with neat sketch.

17.Explain X.509 Certificate in detail.

 X.509 is a digital cer ficate standard used for authen ca on, encryp on, and secure
communica on over the internet.
 It is commonly used in SSL/TLS protocols for secure websites and email encryp on.

Purpose of X.509 Certificate:

Verifies Iden ty: Confirms that a website or user is genuine.

Ensures Secure Communica on: Encrypts data to protect it from hackers.
Used in Digital Signatures: Helps in verifying authen city in emails and documents.

Structure of an X.509 Certificate:

An X.509 cer ficate contains the following key components:

1. Version → Defines the cer ficate format. (Commonly Version 3)

2. Serial Number → A unique number assigned by the Cer ficate Authority (CA).
3. Signature Algorithm → Specifies the encryp on method used to sign the cer ficate.
4. Issuer → The organiza on (CA) that issued the cer ficate.
5. Validity Period → The me period during which the cer ficate is valid.
6. Subject → The en ty (website, user, or organiza on) to whom the cer ficate is issued.
7. Public Key → Used for encryp ng messages and verifying signatures.
8. Extensions → Addi onal security features (only in Version 3).

How X.509 Cer ficate Works?

1. A website (or user) requests a cer ficate from a Cer ficate Authority (CA).
2. The CA verifies the iden ty and issues an X.509 cer ficate.
3. The cer ficate is installed on the server.
4. When a user visits the website, the browser checks the cer ficate to ensure it is valid.
5. If the cer ficate is trusted, secure communica on (HTTPS) is established.

Types of X.509 Cer ficates:

1. Self-Signed Cer ficate – Created by the user, not verified by a CA (used for tes ng).
2. CA-Signed Cer ficate – Issued by a trusted CA (used for secure websites).
3. Wildcard Cer ficate – Secures mul ple subdomains under one cer ficate.
4. Mul -Domain Cer ficate (SAN Cer ficate) – Used for mul ple domains.
Advantages of X.509 Cer ficate:

Provides strong security and trust.

Supports data encryp on for secure communica on.
Prevents phishing a acks by verifying website iden ty.

Disadvantages of X.509 Cer ficate:

Needs to be renewed periodically.

If compromised, security is at risk.
Some cer ficates can be expensive.

Simplified Version to Remember:

 X.509 is a digital cer ficate used for secure communica on.

 It contains details like issuer, validity, subject, and public key.
 It is issued by a Cer ficate Authority (CA) and used in SSL/TLS, email security, and digital
signatures.

________________________________________________________________
18.Explain PGP Protocol in Details.
Introduction:
PGP (Pretty Good Privacy) is a data encryption and decryption protocol used for securing
email communication and file encryption. It ensures data privacy, authentication, and
integrity.

Purpose of PGP:

 Encrypts emails and files to maintain confidentiality.

 Ensures authentication using digital signatures.
 Protects against eavesdropping and cyber threats.

Working of PGP:
PGP uses a combination of two encryption methods:

1. Symmetric Encryption: Uses a single key for encryption and decryption (fast but
less secure).
2. Asymmetric Encryption: Uses two keys (Public Key & Private Key) for encryption
and decryption (secure but slower).

Steps in PGP Encryption:

1. Key Generation: Sender generates a public key (shared) and a private key (kept
secret).
2. Encryption: Message is encrypted using the receiver’s public key.
3. Transmission: The encrypted message is sent to the receiver.
 4. Decryption: Receiver uses their private key to decrypt the message.
5. Digital Signature (Optional): Sender signs the message with their private key, and
the receiver verifies it with the sender’s public key.

Components of PGP:

 Key Rings: Stores public and private keys.

 Web of Trust: Users authenticate each other’s keys instead of a central authority.
 Message Encryption: Ensures confidentiality of messages.
 Digital Signatures: Confirms the identity of the sender.

Advantages of PGP:

 Provides strong encryption and security.

 Works without a central authority (Web of Trust).
 Used for both encryption and digital signatures.

Disadvantages of PGP:

 Can be complex for beginners.

 If the private key is lost, decryption is impossible.
 Slower compared to symmetric encryption methods.

Key Points for Exams:

 PGP is used for secure email and file encryption.

 Uses both symmetric and asymmetric encryption for protection.
 Components include Key Rings, Web of Trust, encryption, and digital signatures.
 Provides strong security but has some usability challenges.
 Commonly used for email security, file encryption, and data protection.

19. Describe ISO 27000 compliance standard.

ISO 27000 is a family of standards developed by the International Organization for
Standardization (ISO) for information security management systems (ISMS). It helps
organizations protect sensitive data and manage risks effectively.

Purpose of ISO 27000:

 Provides guidelines for implementing and maintaining an Information Security

Management System (ISMS).
 Helps organizations protect data confidentiality, integrity, and availability.
 Ensures compliance with legal, regulatory, and business requirements.

Key Standards in ISO 27000 Series:

1. ISO 27001: Specifies requirements for establishing and maintaining an ISMS.

2. ISO 27002: Provides security controls and best practices for information security.
 3. ISO 27005: Focuses on risk management in information security.
4. ISO 27017: Provides security guidelines for cloud services.
5. ISO 27018: Focuses on the protection of personal data in cloud computing.

Benefits of ISO 27000 Compliance:

 Improves security management and risk assessment.

 Helps in preventing cyber threats and data breaches.
 Builds trust with customers and stakeholders.
 Ensures compliance with legal and regulatory requirements.
 Enhances business reputation and competitiveness.

Conclusion:
ISO 27000 compliance helps organizations secure their data, reduce risks, and maintain
trust in an increasingly digital world. It provides a structured approach to information
security, making it essential for businesses handling sensitive information.

20.Explain modes of IPSec in Details.

Modes of IPSec (Internet Protocol Security)

Introduction:
IPSec (Internet Protocol Security) is a security protocol suite used to secure IP
communication by encrypting and authenticating data packets. It operates in two modes:
Transport Mode and Tunnel Mode.

1. Transport Mode

 Definition:
In this mode, only the data (payload) inside the IP packet is encrypted, while the
original IP header remains unchanged.
 Working:
o Encrypts and/or authenticates only the data portion of the packet.
o The original IP header remains visible, allowing routers to process it.
 Uses:
o Used in end-to-end communication between two devices (e.g., client to
server).
o Commonly used in remote access VPNs and private networks.
 Advantages:
o Less overhead, making it faster than Tunnel Mode.
o Efficient for internal secure communication within an organization.
 Disadvantages:
o Does not hide the source and destination IP, making it less secure than
Tunnel Mode.
2. Tunnel Mode

 Definition:
In this mode, the entire IP packet (including the header and payload) is encrypted and
encapsulated inside a new IP packet with a new header.
 Working:
o Encrypts both the IP header and payload.
o Adds a new IP header to hide the original source and destination IP.
o Requires IPSec gateways (VPN routers/firewalls) to process the packets.
 Uses:
o Used in site-to-site VPNs, where two networks communicate securely over
the internet.
o Ideal for secure communication between two organizations or remote
offices.
 Advantages:
o Provides higher security by encrypting the entire packet.
o Hides the source and destination IP addresses, protecting identity.
 Disadvantages:
o More processing overhead, making it slower than Transport Mode.

Comparison: Transport Mode vs. Tunnel Mode

Feature Transport Mode Tunnel Mode

Encryption Entire IP packet (header + payload)
Only data (payload) is encrypted
Scope is encrypted
IP Header Remains visible Replaced with a new IP header
Security Level Moderate High
End-to-end communication (Client Network-to-network (VPNs,
Usage
to Server) gateways)
Performance Faster, less overhead Slower due to full encryption

Conclusion:

 Transport Mode is best for secure communication between two devices within a
network.
 Tunnel Mode is used for VPNs and securing communications between networks
over the internet.
 The choice depends on security needs, performance requirements, and network
architecture.