PACIFIC SCHOOL OF ENGINEERING

Department of Computer Engineering

===============================================================

Semester: 6th Subject: BIS (Code: 4360702)

UNIT – 1

1. Define the terms: Confidentiality, Data integrity, Non-repudiation

[S,W-2020] (3Marks)
[ANS]
Confidentiality – This refers to the protection of information from unauthorized access or disclosure.
It ensures that only authorized individuals or entities can access sensitive data, preventing unauthorized
parties from viewing, copying, or stealing the information. Confidentiality is often enforced through
encryption, access controls, and authentication mechanisms.
Data Integrity – This ensures that data remains accurate, complete, and unaltered during storage,
transmission, and processing. Data integrity prevents unauthorized or accidental modifications,
corruption, or loss of data. Techniques such as checksums, hash functions, and digital signatures help
maintain data integrity.

Non-repudiation – This guarantees that a party in a communication cannot deny having sent or
received a message. It ensures accountability by providing proof of origin and delivery, typically using
digital signatures and cryptographic methods. Non-repudiation is essential in legal and financial
transactions to prevent disputes.

2. Differentiate confidentiality and authentication. [S,W-2021]

(3Marks)

Or
Differentiate data confidentiality and data integrity. [W-2022]
(3Marks)
[ANS]

Feature Confidentiality Authentication

Ensures that information is
Verifies the identity of users, systems, or
Definition accessible only to authorized
entities before granting access.
individuals.
Protects data from unauthorized Confirms whether someone or something is
Purpose
access and disclosure. legitimate.
Implemented through encryption, Achieved using passwords, biometrics, digital
Mechanism access controls, and data certificates, and multi-factor authentication
masking. (MFA).
 Feature Confidentiality Authentication
Protecting sensitive information Ensuring that only legitimate users or systems
Focus
from exposure. gain access.
Encrypting a file so that only Logging into a website using a username and
Example
authorized users can read it. password to verify identity.

3. Define following Principles of Security: 1) Confidentiality 2)

Integrity 3)Availability
[W-2023,S-2024,W-2024] (4Marks)
[ANS]

• Confidentiality – Ensures that information is accessible only to authorized individuals and is

protected from unauthorized access or disclosure. It prevents data breaches and leakage using
methods like encryption, access control, and authentication.
• Integrity – Ensures that data remains accurate, consistent, and unaltered throughout its lifecycle.
Integrity protects data from unauthorized modifications, corruption, or accidental changes using
techniques such as cryptographic hash functions, checksums, and digital signatures.
• Availability – Ensures that authorized users can access data, applications, and systems when needed
without interruptions. It prevents service disruptions due to cyberattacks, hardware failures, or other
issues using redundancy, backups, load balancing, and disaster recovery plans.

4. Define Security attacks and describe any two attacks in detail. [S-
2024] (3,7Marks)
[ANS]

Security attacks refer to the risks that threaten a system's security. These are unauthorized or illegal actions
aimed at government, corporate, or private IT assets to destroy, modify, or steal sensitive data.
Security attacks are categorized into:
1. Active Attacks
2. Passive Attacks
3. Denial of Service (DoS) Attacks
1. Active Attacks
An active attack involves the modification of transmitted data or the creation of new false data streams.
These attacks actively alter the system’s integrity and can cause direct harm.
Types of Active Attacks:
1. Masquerade Attack
o Occurs when an entity pretends to be another entity to gain unauthorized access.
 o Example: An attacker captures authentication credentials and reuses them to impersonate a
legitimate user.

2. Message Replay Attack

o Involves the passive capture of data and its subsequent retransmission to cause unauthorized
effects.
o Example: An attacker records a valid transaction and replays it to fraudulently transfer money.

3. Message Modification Attack

o An attacker alters, delays, or reorders a message to produce an unauthorized effect.
o Example: Changing the recipient’s bank account number in a financial transaction.

Passive Attack
A passive attack is an attack where the attacker attempts to learn or make use of information from
a system without affecting system resources. Since these attacks do not alter or damage data, they are
difficult to detect.
Types of Passive Attacks:
1. Release of Message Contents
o In this type of attack, a mail message, phone call, or any transmitted message is
intercepted or listened to by an unauthorized entity.
o Example: A hacker secretly listens to a private phone conversation.

2. Traffic Analysis
o Involves observing the pattern of communication between a sender and receiver. The
attacker analyses the frequency, length, and timing of messages to gain insights.
o Example: An attacker monitors encrypted emails between two parties to determine
communication patterns.
 UNIT – 2
1 Construct a PlayFair Matrix with the key “TRUST” and encrypt the message “BE CONFIDENT IN
YOURSELF”. [W,S-2024, W2023] (7 Marks)
2 Encrypt the plain text “THIS IS A SECRET MESSAGE” using a Rail Fence with 3 rails. [W,S-2024]
(7 Marks)
3 Differentiate between symmetric key cryptography and
asymmetric key cryptography. [W 2024] (4Marks)
[ANS]

Feature Symmetric Key Cryptography Asymmetric Key Cryptography

Conventional Cryptography, Secret Key
Other Names Public Key Cryptography
Cryptography, Private Key Cryptography
Number of Keys A single key is used for both encryption and Uses two keys: a public key (known to everyone) and a
Used decryption. private key (known only to the receiver).
DES (Data Encryption Standard), AES RSA (Rivest-Shamir-Adleman), DSA (Digital Signature
Examples
(Advanced Encryption Standard) Algorithm)
Difficult, as both sender and receiver must Easier, as only the public key is shared while the
Key Distribution
securely exchange the key. private key remains secret.
Encryption Faster, as it requires fewer computational Slower, due to the complex mathematical operations
Speed resources. involved.
Less secure, as the same key is used for More secure, since two different keys are used,
Security Level
encryption and decryption. reducing the risk of key compromise.
Algorithm More complex, involving advanced mathematical
Less complex, making it easier to implement.
Complexity computations.
Highly efficient for handling large amounts of
Efficiency Less efficient, suitable for smaller amounts of data.
data.

4 Differentiate mono alphabetic ciphers and poly alphabetic

ciphers. [W 2024 S,W2023] (3,4Marks)
[ANS]

Feature Monoalphabetic Cipher Polyalphabetic Cipher

Each symbol in plaintext is mapped to a fixed Uses multiple substitution alphabets for
Definition
symbol in ciphertext. encryption.
Mapping One-to-One: Each plaintext character is mapped to One-to-Many: Each plaintext character can be
Relationship a single ciphertext character. mapped to multiple ciphertext characters.
Each alphabetic character of plaintext can be
Encryption Each alphabetic character of plaintext is mapped
mapped onto multiple alphabetic characters in
Process onto a unique alphabetic character in ciphertext.
ciphertext.
Stream Cipher If the key does not depend on the position of the If the key depends on the position of the plaintext
Dependency plaintext character, it is a monoalphabetic cipher. character, it is a polyalphabetic cipher.
Additive, Multiplicative, Affine, Monoalphabetic Autokey, Playfair, Vigenere, Hill, One-Time Pad,
Examples
Substitution Ciphers. Rotor, and Enigma Ciphers.
Multiple substitutions used, making it more
Complexity Simple substitution cipher.
secure.
5 List types of Steganography. [W,S-2024] (4,7 marks)
[ANS]

A plain text message can be hidden in two ways:

1. Steganography – Hiding a message within another message or image.
2. Encryption – Converting a message into an unreadable format using a key.
• The word "Steganography" comes from Greek words:
• "Stegos" – meaning hidden
• "Grayfia" – meaning writing
• Definition: The art of hiding a message, image, or file within another message, image, or file.
• Examples of Steganography:
• Invisible Ink – Writing messages using ink that becomes visible under special conditions.
• Character Marking – Overwriting selected letters in printed text.
• Pin Punctures – Small punctures on selected letters in a document.

Text Steganography – Hiding data in text by changing formatting, replacing words, or using random
characters.
Image Steganography – Hiding data in images by modifying pixels.

Video Steganography – Hiding data inside a video stream (images and sounds).

Audio Steganography – Embedding secret messages in audio files by altering their binary sequences.

Network Steganography – Also called protocol steganography, it hides data within network traffic
patterns

6 List substitution and transposition techniques. [S-2024] (4 marks)

[ANS]

Substitution Techniques
Substitution techniques involve replacing letters with other letters, numbers, or symbols. The original
characters of the plaintext are replaced according to a specific rule to form the ciphertext
Types of Substitution Ciphers:
1. Monoalphabetic Cipher
o Each letter in the plaintext is replaced by another letter based on a fixed substitution rule.
o Example: If letter A is replaced by G, every A in the plaintext will always be replaced by G.
o Example Ciphers:
▪ Caesar Cipher (Each letter is shifted by a fixed number).
2. Polyalphabetic Cipher
o Uses multiple substitution alphabets, meaning the same letter may be replaced by different
letters at different positions.
o Example: The letter A may be replaced by C in one place and by N in another.
o Example Ciphers:
▪ Vigenère Cipher (Uses a keyword to change substitutions at different positions).
Examples of Substitution Ciphers:
1. Caesar Cipher
2. Playfair Cipher
3. Hill Cipher
4. One-Time Pad

Transposition Techniques
Transposition techniques rearrange the order of characters in the plaintext without changing their identity.
Instead of substituting letters, the position of letters is changed to create the ciphertext.
Types of Transposition Ciphers:
A) Rail Fence Cipher
• The plaintext is written in a zig-zag pattern and then read row by row.
B) Columnar Transposition Cipher
• The plaintext is written in columns, then rearranged based on a key.
✔ Difference:
• Substitution Ciphers: Change the actual letters in the text.
• Transposition Ciphers: Only change the order of the letters.

7 Describe plain text, cipher text, encryption and decryption in

Cryptography. [S-2024] (4 marks)
[ANS]
Plaintext:
• Plaintext is the original, readable message or data before encryption.
• Example: "HELLO" is plaintext before it is encrypted.
Ciphertext:
• Ciphertext is the encrypted form of plaintext, which appears as random or unreadable text.
• Example: If "HELLO" is encrypted, it might become "XJHQR".
Encryption:
• Encryption is the process of converting plaintext into ciphertext using an encryption algorithm and a
secret key.
• Purpose: To keep data secure from unauthorized access.
Decryption:
• Decryption is the process of converting ciphertext back into plaintext using a decryption key.
• Purpose: To allow authorized users to read the original message.

8 Write short note on structure of Data Encryption Standard (DES)

[S-2024.S2023] (4,7 marks)
[ANS]

DES is a symmetric-key block cipher used for data encryption. It was developed by IBM and later
adopted by NIST as a standard encryption method.
type: Block cipher (encrypts data in fixed-size blocks).
Block Size: 64-bit.
Key Size: 64-bit (only 56 bits are used, 8 bits are for error checking).
Encryption Process:
• Uses two permutations (P-boxes):
1. Initial Permutation (IP) – Scrambles data before encryption.
2. Final Permutation (FP) – Rearranges data after encryption.
• 16 Feistel Rounds: Data is split into two halves and processed multiple times for security
Key Features of DES
• Feistel Cipher Structure with 16 rounds.
• Block Size: 64-bit.
• Key Length: 64-bit (only 56 bits used for encryption; 8 bits are for error checking).
Components of DES
1. Round Function – Performs encryption in each of the 16 rounds.
2. Key Schedule – Generates 16 subkeys from the main key.
3. Initial and Final Permutations (IP & FP):
o These are Permutation Boxes (P-boxes) that shuffle data.
o IP (Initial Permutation) rearranges bits before encryption.
o FP (Final Permutation) restores the order after encryption.
o They do not add security, only structure the data.
Input Data (Plaintext) → Initial Permutation (IP) → 16 Rounds of Encryption → Final
Permutation (FP) → Encrypted Data (Ciphertext)
Round Function
The DES function f applies a 48-bit key to the rightmost 32 bits to produce a 32-bit output.
The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key.
 UNIT – 3

1. List applications of public key cryptosystems. [W,S-2024] (3,4

marks)
[ANS]

Public-key cryptosystems play a crucial role in ensuring secure communication and data protection across
various applications. Below are some key areas where public-key cryptography is widely used:
1. Secure Communication
Public-key cryptography is extensively used to establish secure communication channels over insecure
networks.
Example: Online banking and e-commerce transactions.
2. Digital Signatures
It is employed to create and verify digital signatures, ensuring the authenticity and integrity of digital
messages.
Example: Signing digital documents or emails to prove the identity of the sender.
3. Email Encryption
Public-key cryptography is utilized to encrypt emails and authenticate the sender’s identity.
Example: Pretty Good Privacy (PGP) and S/MIME protocols for secure email communication.
4. Virtual Private Networks (VPNs)
It is used to establish secure connections between remote users and private networks over the internet.
Example: VPNs and other VPN protocols like OpenVPN and IPsec.
5. Secure Chat and Messaging Apps
Public-key cryptography ensures the confidentiality and integrity of messages in secure chat and messaging
applications.
Example: Signal, WhatsApp, and Telegram implement end-to-end encryption.
6. Secure File Transfer
It secures file transfers by encrypting files before transmission and decrypting them at the destination.
Example: SFTP (Secure File Transfer Protocol) and encrypted file attachments in emails.
7. Key Exchange Protocols
Public-key cryptography is used in key exchange protocols to establish shared secret keys for symmetric
encryption.
Example: Diffie-Hellman and RSA key exchange protocols.

2. Describe basics of digital signatures and digital certificates Write

down steps to obtain Digital Certificate. Also write steps for
verifying authenticity and integrity of Digital Certificate. [W,S-
2024] (4,7 marks)
OR
3. Describe certificate authorities and registration authorities. [W,S-
2024] (4,7 marks)
[ANS]
 A Digital Certificate is a file signed by a Certificate Authority (CA) for an entity. It ensures the
authenticity, integrity, and validity of the entity’s public key.
Components of a Digital Certificate
A digital certificate includes the following information:
✔ Identity Information of the entity (such as name, organization, and domain).
✔ Public Key of the entity.
✔ Name and Digital Signature of the CA.
✔ Validity Period of the certificate.
✔ CA’s Signature, which ensures the certificate’s authenticity and authority.
Types of Digital Certificates
1. Local Certificate – A digital certificate signed by a CA for an entity.
2. CA Certificate – A root or intermediate certificate issued by a Certificate Authority.
A Certificate Authority (CA) is composed of software, hardware, policies, and people responsible
for issuing digital certificates.

A digital certificate binds a public key to information about its owner.

Steps for Obtaining a Digital Certificate
1. User Requests a Certificate
o The user submits a request through a web form, entering necessary identity information.
2. Public Key Generation
o The user provides a public key or is guided to create a public/private key pair with a chosen
key size.
3. Request Sent to Registration Authority (RA)
o The public key and registration form are forwarded to the Registration Authority (RA) for
processing.
o The RA verifies the user’s identity but does not generate certificates.
4. RA Sends Request to CA
o After verifying the identity, the RA submits the request to the Certificate Authority (CA).
5. CA Issues the Digital Certificate
o The CA uses the information provided by the RA to generate a digital certificate.
o The certificate is signed using the CA’s private key.
o A copy of the certificate is sent to the user.

Steps for Verifying the Authenticity and Integrity of a Digital Certificate

1. Check the Certificate Information
• Review the details included in the digital certificate.
2. Verify the Certificate Chain
• Digital certificates form a chain of trust.
• Ensure that each certificate in the chain is signed by the entity above it (root, intermediate, and
end-user certificates).
3. Check the Certificate’s Validity Period
• Verify that the certificate is still within its validity period (start and expiry dates).
4. Verify the Certificate’s Status
• Some CAs provide online services to check whether a certificate has been revoked (e.g., CRL or
OCSP).
5. Check the Digital Signature
• Every certificate is signed by the issuing CA’s private key.
• Verify the signature using the CA’s public key to ensure it hasn’t been tampered with.
6. Use a Trusted Certificate Authority
• Ensure that the certificate is issued by a recognized and trusted CA.
 7. Verify the Certificate Thumbprint
• Digital certificates have a unique identifier (thumbprint) generated from the certificate data.
• Ensure that the thumbprint matches the expected value.
8. Compare Certificate Details with the Website
• If the certificate is used for website security (SSL/TLS), compare the certificate details with the
website domain and presented information.

4. Write short note on RSA Algorithm with example. [W,S-2024]

(4,7 marks)
[ANS]
The RSA algorithm is an asymmetric cryptography algorithm, meaning it uses two different keys: a
Public Key for encryption and a Private Key for decryption. It is the most common public-key algorithm
and is named after its inventors Rivest, Shamir, and Adelman (RSA).
Step 1: Generate Public and Private Keys
1. Select two large prime numbers, ppp and qqq.
2. Compute nnn by multiplying these numbers:
n=p×qn = p \times qn=p×q
(nnn is the modulus for encryption and decryption).
3. Compute Euler's totient function:
φ(n)=(p−1)×(q−1)\varphi(n) = (p - 1) \times (q - 1)φ(n)=(p−1)×(q−1)
4. Choose an integer eee such that:
1<e<φ(n)andgcd⁡(e,φ(n))=11 < e < \varphi(n) \quad \text{and} \quad \gcd(e, \varphi(n)) =
11<e<φ(n)andgcd(e,φ(n))=1
5. Compute ddd (the modular multiplicative inverse of e modulo φ(n)\varphi(n)φ(n)):
d=e−1mod φ(n)d = e^{-1} \mod \varphi(n)d=e−1modφ(n)
This satisfies:
e×d≡1mod φ(n)e \times d \equiv 1 \mod \varphi(n)e×d≡1modφ(n)
6. The Public Key is: { e, n }
7. The Private Key is: { d, n }

Step 2: Encrypt Message Using Public Key

A plaintext message mmm is encrypted using the public key {e,n}\{ e, n \}{e,n} to generate ciphertext
CCC using the formula:
C=memod nC = m^e \mod nC=memodn
Step 3: Decrypt Message Using Private Key
A ciphertext message CCC is decrypted using the private key {d,n}\{ d, n \}{d,n} to recover the original
plaintext mmm using the formula:
m=Cdmod nm = C^d \mod nm=Cdmodn

5. Write a short note on public key infrastructure [W,S 2023] (3,7

marks)
[ANS]

✔ Also Known as Asymmetric Key Infrastructure – Uses a key pair for encryption and decryption.
✔ Ensures Secure Data Exchange – Allows users to securely exchange data over an untrusted network
using public and private key cryptography.
 ✔ Consists of a Key Pair – Includes a Private Key and a Public Key.
✔ Private Key Must Be Kept Secret – Only the owner should have access to it.
✔ Public Key Needs to Be Distributed – Shared openly for encryption and verification purposes.
✔ Encryption and Decryption – Data encrypted with one key can only be decrypted with the other.
✔ Public Key Management Challenge – The main issue in PKI is managing public keys securely.
✔ Solution: Digital Certificates – PKI uses digital certificates to bind public keys to their owners.
✔ Secure Key Distribution – Digital certificates help securely distribute public keys in large networks.
✔ Entity – The end user of PKI services, such as:
• A person
• An organization
• A device (e.g., router)
✔ Certificate Authority (CA) – A trusted entity responsible for:
• Issuing digital certificates
• Verifying the identity of certificate holders
✔ Registration Authority (RA) – Handles:
• Identity authentication of users
• Key pair generation (public/private key creation)
• Key pair backup for security
✔ PKI Repository – A server or common database that:
• Stores and manages certificate requests, issued certificates, and keys
• Allows entities to retrieve local and CA certificates (e.g., via an LDAP server)

6. Write a short note on digital signature [W,S 2023]

[ANS]

A Digital Signature is a cryptographic technique used to provide authentication, integrity, and non-
repudiation in digital communication.
Key Features of Digital Signatures
• ✔ Acts as a Unique Code – Enables the sender to attach a unique code that serves as a
signature.
• ✔ Used When Trust is Limited – Necessary when there is no complete trust between the sender
and receiver.
• ✔ Electronic Authentication – Ensures the identity of the sender and verifies that the content
remains unchanged.
• ✔ Ensures Integrity – Guarantees that the message or document has not been altered during
transmission.
• ✔ Prevents Denial (Non-Repudiation) – The sender cannot deny having sent the message.
Properties of a Digital Signature
1. Verification of Sender, Date, and Time
o Confirms the identity of the sender and records the exact time of signing.
2. Authentication of Content
o Ensures that the content remains unchanged from the time of signing.
3. Verifiability by Third Parties
o Can be verified by independent third parties to resolve disputes regarding authenticity.
 UNIT – 4

1. Describe Demilitarized Zone ( DMZ) and its applications. [W,S-

2024] (4 marks)
[ANS]

A Demilitarized Zone (DMZ) is a security barrier that separates an organization's internal network from the
internet, providing an additional layer of protection against online threats. Despite its serious-sounding
name, a DMZ is a vital tool for securing a network and preventing unauthorized access.
Understanding DMZ Functionality
• The DMZ acts as a protective wall, separating the trusted internal network from the untrusted external
network (such as the internet).
• It functions as a filter that manages requests from external users who need to access company services,
such as a website or email server.
• The primary goal of a DMZ is to allow controlled access from external sources while keeping the
internal network secure.
• DMZs are typically used in combination with firewalls to strengthen cybersecurity measures.
• By placing critical services within a DMZ, businesses can prevent direct exposure of internal systems to
potential threats.
Applications of DMZ
1. Web Servers: Hosting web servers in the DMZ enables external users to access a company’s website
without connecting to the internal network, protecting sensitive data.
2. Email Servers: Placing email servers in the DMZ ensures that external communications (such as client
emails) are processed securely before reaching the internal network.
3. FTP Servers: File Transfer Protocol (FTP) servers in the DMZ allow secure file transfers while
preventing unauthorized access to internal infrastructure.
4. DNS Servers: Domain Name System (DNS) servers in the DMZ handle external DNS requests,
isolating this critical service from the internal network to reduce attack risks.
5. Authentication Services: Placing authentication servers in the DMZ enables external users to verify
their credentials without directly accessing internal user databases, enhancing security.
6. Virtual Private Network (VPN) Servers: DMZs often host VPN servers, providing secure remote
access to internal resources while maintaining network integrity.

Advantages of DMZ
• Enhanced Security: Acts as a buffer zone, preventing unauthorized access and reducing security risks.
• Isolation of Critical Services: Web, email, and DNS servers can be segmented in the DMZ, reducing
the impact of security breaches.
• Controlled Access: Ensures restricted and monitored access to external users while protecting internal
systems.
• Secure Internet Connectivity: Proxy servers in the DMZ enable safe internet access, filtering potential
threats.
• Protection Against External Threats: By processing external requests within the DMZ, malware, hacking
attempts, and cyber threats are neutralized before reaching the internal network.
Disadvantages of DMZ
• Complex Implementation: Setting up and managing a DMZ requires advanced network security
knowledge and often specialized hardware/software.
• Potential Performance Overhead: Additional security layers may slow down communication between
external and internal networks.
• Maintenance Challenges: Regular updates and monitoring are needed to keep the DMZ effective
against evolving cyber threats.
2. Describe working and components of IDS. [W,S-2024] (4,7 marks)
An Intrusion Detection System (IDS) is a monitoring system that detects suspicious activities within a
network and generates alerts when potential threats are identified. Network administrators use these
alerts to investigate security incidents and take necessary actions to remediate threats.
Components of IDS

Sensors
• Sensors capture and collect data from the network, including monitoring traffic, packets, or log files.
• Network-based IDS (NIDS) sensors are placed at strategic points in the network to analyze data in
transit.
Analyzers
• Analyzers examine data collected by sensors.
• They use different detection techniques, such as:
o Signature-Based Detection – Matches network activity against known attack patterns.
o Anomaly Detection – Identifies deviations from normal network behavior.
o Behavioral Analysis – Observes user and system behavior to detect threats.
Database
• Stores essential information for comparison and analysis, such as:
o Known attack signatures
o Baseline network behavior
o Historical security data
• The database is continually updated to adapt to emerging threats.
Alerting System
• Generates alerts when suspicious activity is detected.
• Notifies security personnel or a Security Operations Center (SOC) to take immediate action.
User Interface
• Provides a platform for security administrators to:
o Configure IDS settings.
o Review alerts.
o Manage system responses.
• Enhances interaction for effective monitoring and response.
Logging and Reporting
• Maintains detailed logs of detected events for future analysis.
• Supports post-incident investigation and compliance reporting.
Response Mechanism
• Some IDS systems can initiate automated responses to mitigate threats, such as:
o Blocking malicious IP addresses.
o Adjusting firewall rules.
• Manual response options are also available for handling complex security incidents.
 Update Mechanism
• Ensures the IDS stays up-to-date with the latest:
o Threat intelligence
o Attack signatures
o Software patches
• Regular updates are crucial to maintaining effective threat detection.

3. Describe different types of firewall. [W,S-2024] (4 marks)

[ANS]

A firewall is a network security device or software program that monitors and filters incoming and outgoing
network traffic based on a predefined set of security rules. It acts as a barrier between a private internal
network and the public internet, ensuring that only legitimate traffic is allowed while blocking potentially
harmful data.
Functions of a Firewall:
• Firewalls are designed primarily to allow non-threatening traffic while preventing malicious traffic, thus
protecting computers from viruses and cyber threats.
• They serve as a cybersecurity tool that filters out malicious or unwanted traffic and prevents infected
software from accessing the internet.
Types of Firewalls:
1. Hardware Firewalls – These are physical network security devices that regulate traffic between
external networks and internal systems.
2. Software Firewalls – These are security programs installed on a computer or server to monitor and
control network activity.

TYPES OF FIREWALL
1. Packet-filtering Firewalls
2. Circuit-level Gateways
3. Application-level Gateways (Proxy Firewalls)
4. Stateful Multi-layer Inspection (SMLI) Firewalls
5. Next-generation Firewalls (NGFW)
6. Threat-focused NGFW
7. Network Address Translation (NAT) Firewalls
8. Cloud Firewalls
9. Unified Threat Management (UTM) Firewalls

1) Packet Filtering Firewall

A Packet Filtering Firewall is a network security device that operates at the network layer (Layer 3) of
the OSI model. Its primary function is to examine packets of data as they move through the network and
make decisions based on predefined security rules.
Key Functions of a Packet Filtering Firewall:
• Analyzes incoming and outgoing data packets.
• Determines whether packets should be allowed or blocked based on set rules.
• Helps control network traffic and enhances security by preventing unauthorized access.
Types of Packet Filtering:
Packet filtering can be classified into four types:
1. Dynamic Packet Filtering – Adjusts filtering rules dynamically based on network activity and
connection status.
2. Static Packet Filtering – Uses fixed, manually configured rules to filter traffic.
3. Stateless Packet Filtering – Examines each packet independently without keeping track of established
connections.
4. Stateful Packet Filtering – Monitors active connections and retains context to make more informed
filtering decisions.
Working of a Packet Filtering Firewall:
1. Packet Inspection: When data packets attempt to pass through the network, the firewall examines each
packet to identify its content and determine its legitimacy.
2. Rule Matching: The firewall checks the packet against predefined security rules, which may include
parameters such as IP addresses, port numbers, and protocols.
3. Decision Making: Based on the rules, the firewall either allows or blocks the packet, ensuring secure
network communication.

2) Application-Level Gateway

An Application-Level Gateway (ALG) firewall, also known as a Proxy Firewall, is a network security device
that operates at the application layer (Layer 7) of the OSI model. Unlike traditional packet-filtering firewalls
that work at the network layer, ALG firewalls inspect and control traffic based on specific applications and
protocols.
Key Features of an ALG Firewall:
• Examines and filters network traffic at the application layer.
• Uses proxies to mediate communication between internal users and external networks.
• Provides an additional layer of security by verifying data before allowing access.
Working of an ALG Firewall:
1. Security Checkpoint: The ALG firewall acts as a security checkpoint, standing between internal users
and the internet.
2. Traffic Inspection: It checks all incoming and outgoing traffic at the application layer to detect and
block potential threats.
3. Proxy Functionality: Instead of allowing direct communication, it uses proxies to establish secure
connections, ensuring that external traffic does not interact directly with internal network resources.
4. Application Layer Focus: Since it operates at Layer 7, it manages network applications and software,
ensuring that only verified connections are established.
5. Enhanced Security: By verifying data packets before granting access, ALG firewalls make it
significantly harder for intruders to penetrate the network or extract sensitive information.
6. Controlled Network Access: In a network protected by an ALG firewall, only one designated server has
direct access to the internet. All other devices must route their traffic through this server, reducing
exposure to external threats.

4. Describe Virtual LAN (VLAN) security topology. [S-2024] (4,7

marks)
[ANS]
A Virtual Local Area Network (VLAN) is a networking technology that enables the logical segmentation of
a physical network into multiple virtual networks. This segmentation allows devices within a VLAN to
communicate as if they are on the same physical network, regardless of their actual physical location.
Real-Time Applications of VLANs:
1. Voice over IP (VoIP): VLANs isolate voice traffic from data, improving call quality and minimizing
network congestion.
2. Video Conferencing: VLANs prioritize video traffic to ensure sufficient bandwidth for high-quality
video communication.
3. Remote Access: Secure VLANs enable remote users to access cloud resources while remaining isolated
from the main network.
4. Gaming: Gaming VLANs prioritize gaming traffic, ensuring smooth gameplay by providing necessary
bandwidth.
Advantages of VLANs:
• Network Segmentation: Efficiently divides a large network into smaller, more manageable segments.
• Broadcast Control: Limits broadcast traffic, reducing network congestion.
• Enhanced Security: Isolates groups of devices, allowing controlled communication between VLANs.
• Improved Performance: Reduces unnecessary traffic, enhancing overall network efficiency.
Disadvantages of VLANs:
• Complexity: VLAN configuration and management require careful planning and expertise.
• Potential for Misconfiguration: Incorrect VLAN settings may lead to connectivity issues or security
vulnerabilities.
• Cost: Implementing VLANs may require managed switches and additional hardware, increasing
expenses.
• Inter-VLAN Communication Overhead: Routing between VLANs introduces some overhead, which may
impact performance.

5. Discuss advantages and disadvantages of Host based IDS (HIDS)

also explain it in brief. [S-2024] (7 marks)
[ANS]

A Host-Based Intrusion Detection System (HIDS) is a security solution designed to monitor and analyze
activities occurring on individual computer systems or hosts. Unlike Network-Based Intrusion Detection
Systems (NIDS), which focus on network traffic monitoring, HIDS operates directly on a host machine,
detecting suspicious behaviour at the operating system and application levels.
Working of HIDS
1. Data Collection
o HIDS gathers information from servers, computers, and host systems.
2. Data Types Analyzed
o Examines security logs such as authentication records.
 o Analyzes operating system and application logs to identify unusual patterns.
3. Pattern Recognition
o Detects anomalies or suspicious behavior by comparing current data with previous snapshots.
4. Response Action
o Security teams can block suspicious IP addresses or take other preventive actions based on alerts.
5. Data Correlation
o Links different data sources to provide a deeper context about potential security threats.
6. Interpretation
o Helps determine whether attackers are probing for vulnerabilities (unsuccessful) or have
successfully breached the host system.
7. Alert Generation
o Issues alerts when suspicious activity is detected.
o Alerts assist in quickly identifying security issues and allow rapid responses to mitigate cyber
threats.

Advantages of HIDS
Individual Host Protection
• Focuses on securing each host system, making it effective in detecting host-specific threats.
Insider Threat Detection
• Monitors user activities on the host, identifying unauthorized or suspicious actions from inside the
organization.
System Integrity Monitoring
• Tracks critical system files and configurations, detecting unauthorized changes to maintain system
integrity.
Log Analysis
• Examines local logs and system events to identify anomalies, security incidents, or signs of compromise.
Low Network Impact
• Operates independently of network traffic analysis, reducing its impact on overall network performance.
Application-Level Monitoring
• Detects threats at the application level, monitoring software and services running on the host.

Disadvantages of HIDS
Resource Intensive
• HIDS requires significant processing power to continuously monitor and analyze activities, potentially
slowing down the host system.
High Deployment & Maintenance Overhead
• Deploying and managing HIDS on multiple hosts in large networks can be time-consuming and
resource-intensive.
Dependency on Host Integrity
• If the host is compromised, the HIDS might also be affected, reducing its reliability and effectiveness.
Limited External Threat Visibility
• HIDS is focused on the host system, meaning it may fail to detect external threats targeting the network
infrastructure.
Scalability Challenges
• Scaling HIDS across large networks is complex due to the need for individual deployment,
configuration, and management on each host.
Limited Network Traffic Coverage
• While effective at host-level monitoring, HIDS does not provide complete visibility into network-wide
attacks.
 OR
6. Describe Network Based Intrusion Detection System. [W,S-2024]
(7 marks)
[ANS]

A Network Intrusion Detection System (NIDS) is a security tool designed to monitor and analyze
network traffic for suspicious activities. It helps identify potential threats, such as hacking attempts,
malware infections, and unauthorized access. When a potential security breach is detected, NIDS
generates alerts to notify administrators.
Working of NIDS
1. NIDS Function
o Monitors network traffic for signs of attacks or intrusions.
2. Operating Modes
o Passive Mode: Observes network traffic without altering or blocking it.
o Inline Mode: Can modify or block network traffic to prevent intrusions (not always
recommended).
3. Alert Generation
o When a potential threat is detected, NIDS generates an alert.
4. Alert Content
o Provides attack details, including:
▪ Type of attack
▪ Source and destination IP addresses
▪ Timestamp
5. Action Taken
o May take preventive actions, such as:
▪ Blocking the source IP
▪ Modifying network traffic
6. Data Gathering
o Collects incoming and outgoing network traffic information.
7. Sensor Placement
o Strategic deployment of sensors in areas such as:
▪ Local Area Networks (LANs)
▪ Demilitarized Zones (DMZs)
8. Detection Methods
o Signature-Based Detection: Compares network activity against known attack patterns.
o Anomaly-Based Detection: Identifies deviations from normal network behavior.
9. Alerts for Investigation
o Generates alerts when detecting suspicious activities, such as:
▪ Unusual traffic spikes
 ▪ Repeated unauthorized access attempts
Advantages of NIDS
Comprehensive Network Visibility
• Provides a holistic view of network traffic, detecting threats spanning multiple systems.
Centralized Monitoring
• Allows network security to be monitored from a single location, streamlining management.
Identification of Network-Wide Threats
• Detects coordinated cyberattacks affecting multiple hosts simultaneously.
Scalability
• Can be expanded to cover small, medium, and large networks.
Real-Time Monitoring
• Operates continuously, allowing immediate response to security incidents.
Cost-Effective
• More affordable than deploying host-based security on every individual device.

Disadvantages of NIDS
Limited Visibility into Encrypted Traffic
• Struggles to analyze encrypted network data, reducing its effectiveness.
Inability to Monitor Host-Level Activities
• Focuses on network traffic and may miss threats originating from specific hosts.
Additional Network Overhead
• Can introduce latency and performance issues, especially in high-traffic environments.
Difficulty in Handling Complex Networks
• Challenging to deploy in cloud environments, virtualized networks, and distributed systems.
Limited Protection Against Insider Threats
• Primarily detects external threats and may not effectively identify insider attacks.
Dependency on Regular Updates
• Requires frequent updates to its threat database to recognize new cyberattacks.
 UNIT – 5

1. List types of cyber-attacks. [W,S-2024] (3,4 marks)

[ANS]

1. Malware Attacks
• Malware (malicious software) includes viruses, worms, trojans, spyware, and ransomware.
• It spreads through unsafe links, phishing emails, and downloads.
• Effects: Data theft, system disruption, and complete shutdown.
2. Phishing Attacks
• Attackers send fake emails posing as a trusted source to steal sensitive data.
• Types:
o Spear Phishing: Targets specific individuals.
o Whaling: Targets high-profile executives.
3. Denial-of-Service (DoS) & Distributed Denial-of-Service (DDoS) Attacks
• DoS Attack: Overloads a system with fake requests, making it unavailable.
• DDoS Attack: Uses multiple infected devices (botnets) to crash a system.
• Example: Amazon Web Services (AWS) faced a major DoS attack in 2020.
4. Man-in-the-Middle (MitM) Attacks
• Hackers intercept communication between two parties to steal or alter data.
5. SQL Injection
• Attackers inject malicious SQL code into web forms to access databases.
• NoSQL Injection targets non-relational databases.
6. Supply Chain Attacks
• Hackers target third-party vendors to infiltrate a company’s system.
• Example: Tampering with supplier software to gain access to the main company.
Intruders and Hackers
Intruders
• Unauthorized users attempting to gain system access.
Hackers
• White Hat Hackers: Ethical security experts.
• Black Hat Hackers: Malicious attackers.
• Grey Hat Hackers: Operate between ethical and unethical hacking.
Types of Intruders
• Masquerader: Uses stolen credentials.
• Misfeasor: Authorized user misusing access.
• Clandestine User: Hides activities to avoid detection.
• Script Kiddie: Uses pre-made hacking tools.
• Cybercriminal: Engages in fraud and data theft.
• State-Sponsored Hacker: Works for government espionage.
• Hacktivist: Hacks for social or political causes.

2. Discuss different types of threats. [W,S-2024] (3,7 marks)

[ANS]
1) Malware Attacks
Definition: Malicious software like viruses, worms, trojans, spyware, and ransomware designed to harm
systems.
Impact: Data theft, system corruption, and financial loss.
Example: Ransomware encrypts files and demands payment for decryption.
2) Phishing Attacks
Definition: Fraudulent emails, messages, or websites designed to trick users into revealing sensitive
information.
Impact: Identity theft, financial fraud, and unauthorized account access.
Example: An email pretending to be from a bank asking for login details.
3) Denial-of-Service (DoS) & Distributed Denial-of-Service (DDoS) Attacks
Definition: Overloading a network or server with excessive traffic, making it unavailable.
Impact: Website downtime, financial loss, and operational disruption.
Example: A DDoS attack shutting down an online shopping website.
4) Man-in-the-Middle (MitM) Attacks
Definition: Attackers secretly intercept communication between two parties.
Impact: Data theft, fraud, and eavesdropping.
Example: Intercepting banking transactions on an unsecured Wi-Fi network.
5) SQL Injection Attacks
Definition: Attackers insert malicious SQL queries into web applications to manipulate databases.
Impact: Data breaches, unauthorized access, and loss of sensitive information.
Example: Hacking an e-commerce website to steal customer credit card details.
6) Insider Threats
Definition: Security risks posed by employees or trusted individuals misusing their access.
Impact: Data leaks, financial fraud, and intellectual property theft.
Example: A disgruntled employee leaking confidential company data.
7) Zero-Day Exploits
Definition: Cyberattacks that exploit unknown vulnerabilities in software before developers fix them.
Impact: Unauthorized access, malware infections, and data theft.
Example: Hackers targeting newly discovered software bugs before updates are available.
8) Supply Chain Attacks
Definition: Targeting a company’s third-party suppliers to gain access to its network.
Impact: Widespread security breaches and data theft.
Example: Hackers infecting a software update with malware before distribution.

3. Discuss traditional problems associated with computer crime.

[W,S-2024] (3,4 marks)
[ANS]

Cybercrime refers to illegal activities carried out using digital technology, such as computers, networks, and
the internet. These crimes often target sensitive information, cause financial harm, or disrupt digital systems.
Example:
A cybercriminal might send phishing emails pretending to be your bank, tricking you into revealing your
login credentials. Once obtained, they can steal money or sell your personal information.
Common Cybersecurity Challenges
1) Unauthorized Access and Hacking
• Problem: Hackers gain access to systems, networks, or databases without permission.
• Impact: Breach of sensitive data, system disruption, and loss of integrity.
2) Malware Attacks
• Problem: Malicious software (viruses, worms, trojans, ransomware) infects and damages systems.
• Impact: Data loss, financial losses, and system corruption.
3) Phishing and Social Engineering
• Problem: Cybercriminals use deceptive tactics to trick users into revealing sensitive information.
• Impact: Identity theft, financial fraud, and unauthorized access.
4) Identity Theft
• Problem: Stolen personal information is used for fraudulent activities.
• Impact: Financial losses, damage to credit history, and legal issues for victims.
5) Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
• Problem: Attackers flood systems with fake traffic, disrupting normal operations.
• Impact: Downtime, financial losses, and reputational damage.
6) Data Breaches
• Problem: Hackers gain unauthorized access to confidential information.
• Impact: Loss of trust, legal consequences, and exposure of sensitive data.
7) Insider Threats
• Problem: Employees or trusted individuals intentionally or accidentally cause security issues.
• Impact: Data leaks, loss of intellectual property, and security breaches.

4. Define Cybercrime, Cybersecurity and Cyber-attack. [W,2024] (3

marks)
[ANS]
1) Cybercrime
Cybercrime refers to illegal activities carried out using digital technology, computers, networks, or the
internet. These crimes often target individuals, organizations, or governments to steal data, cause
financial harm, or disrupt systems.
Example: Hacking, identity theft, online fraud, and ransomware attacks.
2) Cybersecurity
Cybersecurity is the practice of protecting systems, networks, and data from cyber threats such as
hacking, malware, and unauthorized access. It includes preventive measures, risk management, and
response strategies to ensure digital safety.
Example: Using firewalls, encryption, antivirus software, and multi-factor authentication.
3) Cyber-Attack
A cyber-attack is a deliberate attempt to disrupt, damage, or gain unauthorized access to computers,
networks, or data. Cybercriminals use different techniques like malware, phishing, and denial-of-service
attacks.
Example: A hacker using ransomware to lock company files and demand payment.