NETWORK AND INFORMATION SECURITY IS 22620

Solve following questions:

1. Describe the need for computer security.

The need of computer security has been threefold: confidentiality, integrity, and availability—the
“CIA” of security.
1. Confidentiality: the principle of confidentiality specifies that only sender and intended recipients
should be able to access the contents of a message. Confidentiality gets compromised if an
unauthorized person is able to access the contents of a message. Example of compromising the
Confidentiality of a message is shown in fig

Fig. Loss of Confidentiality

Here, the user of a computer A send a message to user of computer B. another user C gets access to this
message, which is not desired and therefore, defeats the purpose of Confidentiality. This type of attack
is also called as interception.
2. Authentication: Authentication helps to establish proof of identities. The Authentication process
ensures that the origin of a message is correctly identified. For example, suppose that user C sends a
message over the internet to user B. however, the trouble is that user C had posed as user A when he
sent a message to user B. how would user B know that the message has come from user C, who posing
as user A? This concept is shown in fig. below. This type of attack is called as fabrication.

Fig. Absence of Authentication

3. Integrity: when the contents of the message are changed after the sender sends it, but before it reaches
the intended recipient, we say that the integrity of the message is lost. For example, here user C tampers
with a message originally sent by user A, which is actually destined for user B. user C somehow

AN Department Page 1
 NETWORK AND INFORMATION SECURITY IS 22620

manages to access it, change its contents and send the changed message to user B. user B has no way of
knowing that the contents of the message were changed after user A had sent it. User A also does not
know about this change. This type of attack is called as modification.

Fig. Loss of Integrity

2. Explain any four the password selection strategies.

There are four basic techniques to reduce guessable passwords:
a) User education: Tell the importance of hard-to-guess passwords to the users and provide
guidelines for selecting strong password.
b) Computer generated password: Computer generated passwords are random in nature so difficult
for user to remember it and may note down somewhere.
c) Reactive password checking: the system periodically runs its own password cracker program to find
out guessable passwords. If the system finds any such password, the system cancels it and notifies the
user.
d) Proactive password checking: It is a most promising approach to improve password security. In this
scheme, a user is allowed to select his own password, if password is allowable then allow or reject it.

3. Define the following terms:

1) Cryptography
2) Crypt analysis
3) Plain text
4) Cipher text.
1. Cryptography: Cryptography is art & science of achieving security by encoding messages to make
them non-readable.

AN Department Page 2
 NETWORK AND INFORMATION SECURITY IS 22620

2. Cryptanalysis: Cryptanalysis is the technique of decoding messages from a non-readable format

without knowing how they were initially converted from readable format to non-readable format.
3. Plain text: Plain text or clear text significance that can be understood by sender, the recipient & also
by anyone else who gets an access to that message.
4. Cipher Text: When plain text message is codified using any suitable scheme, the resulting message
is called as cipher text.

4. Describe SYN flooding attack with diagram.

Denial of service (DOS) attacks can exploit a known vulnerability in a specific application or
operating system, or they may attack features (or weaknesses) in specific protocols or services. In this
form of attack, the attacker is attempting to deny authorized users access either to specific information
or to the computer system or network itself. The purpose of such an attack can be simply to prevent
access to the target system, or the attack can be used in conjunction with other actions in order to gain
unauthorized access to a computer or network. SYN flooding is an example of a DOS attack that takes
advantage of the way TCP/IP networks were designed to function, and it can be used to illustrate the
basic principles of any DOS attack. SYN flooding utilizes the TCP three-way handshake that is used to
establish a connection between two systems. In a SYN flooding attack, the attacker sends fake
communication requests to the targeted system. Each of these requests will be answered by the target
system, which then waits for the third part of the handshake. Since the requests are fake the target will
wait for responses that will never come, as shown in Figure.

The target system will drop these connections after a specific time-out period, but if the attacker sends
requests faster than the time-out period eliminates them, the system will quickly be filled with requests.
The number of connections a system can support is finite, so when more requests come in than can be
processed, the system will soon be reserving all its connections for fake requests. At this point, any
further requests are simply dropped (ignored), and legitimate users who want to connect to the target
system will not be able to. Use of the system has thus been denied to them.
Following are types of DOS:

AN Department Page 3
 NETWORK AND INFORMATION SECURITY IS 22620

1. POD (ping-of-death)
2. DDOS (Distributed Denial of Service attack)

5. Define the term virus and describe the different phases of virus.
Virus is a program which attaches itself to another program and causes damage to the computer system
or the network. It is loaded onto your computer without your knowledge and runs against your wishes.
During the lifecycle of virus it goes through the following four phases:
1. Dormant phase: The virus is idle and activated by some event.
2. Propagation phase: It places an identical copy of itself into other programs or into certain system
areas on the disk.
3. Triggering phase: The virus is activated to perform the function for which it was intended. 4.
Execution phase: The function of virus is performed.

6. Describe overview of Kerberos with diagram.

Kerberos is a network authentication protocol and it is designed to provide strong authentication for
client server applications. It uses secret key cryptography. It is a solution to your network security
problems. It provides the tools of authentication and strong cryptography over the network to help you
secure your information system.
There are four parties involved in the Kerberos protocol
• The client workstation
• Authentication Server (AS)
• Ticket Granting Server (TGS)
• The server offering services such as network printing, file sharing.
1) The AS, receives the request from the client and then AS verifies the client. This is done by just
looking into a simple database of the user’s ID.

2) After verification, a time stamp is created. It will put the current time in user session with an expiry
date. Then the encryption key is created. The timestamp tells that after 8 hours the encryption key is
useless.

AN Department Page 4
 NETWORK AND INFORMATION SECURITY IS 22620

3) The key is sent back to the client in the form of a ticket-granting ticket (TGT).It is a simple ticket
which is issued by the authentication server(AS) and used for authenticating the client for future
reference.

Then the client submits this TGT to the ticket granting server (TGS), for authentication.

4) TGS creates an encrypted key with a time stamp and grants a service ticket to the client.

5) Then the client decrypts the ticket, intimate the TGS that is done and sends its own encrypted key to the
service server or application.

AN Department Page 5
 NETWORK AND INFORMATION SECURITY IS 22620

The service server decrypts the key send by the client and checks the validity of the time stamp. If
timestamp is valid, the service server contacts the key distribution center to receive a session which is
returned to the client.
6) The client then decrypts the ticket. If the key is still valid then the communication is initiated between
client and server.

7. Draw and explain biometric system.

AN Department Page 6
 NETWORK AND INFORMATION SECURITY IS 22620

Biometric refers study of methods for uniquely recognizing humans based upon one or more intrinsic
physical or behavioural characteristics. Biometric identification is used on the basis of some unique
physical attribute of the user that positively identifies the user. Example: finger print recognition, retina
and face scan technic, voice synthesis and recognition and so on. Physiological are related to shape of
the body. For example, finger print, face recognition, DNA, palm print, iris recognition and so on.
Behavioural are related to the behaviour of a person. For example, typing rhythm, gait, signature and
voice. The first time an individual uses a biometric system is called an enrollment. During the
enrollment, biometric information from an individual is stored. In the subsequent uses, biometric
information is detected and compared with the information stored at the time of enrollment.
1) The first block (sensor) is the interface between the real world and the system; it has to acquire all
the necessary data.
2) The 2nd block performs all the necessary pre-processing.
3) The third block extracts necessary features. This step is an important step as the correct features need
to be extracted in the optimal way.
4) If enrollment is being performed the template is simply stored somewhere (on a card or within a
database or both). if a matching phase is being performed the obtained template is passed to a matcher
that compares it with other existing templates, estimating the distance between them using any
algorithm. The matching program will analyse the template with the input. This will then be output for
any specified use or purpose.

8. What are the techniques for transforming plain text to cipher text? Explain any one in detail.
Transforming plain text to cipher text is the science of encrypting information scheme is based on
algorithms.

AN Department Page 7
 NETWORK AND INFORMATION SECURITY IS 22620

Different techniques are: (2 marks)

1. Substitution technique
a) Caesar cipher
b) Modified version of Caesar cipher
c) Mono-alphabetic cipher
d) Vigenere’s cipher
2. Transposition technique
a) Rail fence
b) Route cipher
c) Columnar cipher
3. Steganography
4. Hashing
5. Symmetric and asymmetric cryptography
6. DES (data encryption standard)
Rail Fence Technique algorithm:
1. Write down the plain text message as a sequence of diagonals.
2. Read the plain text written in step1 as a sequence of rows. The cipher text for the plain text COME
HOME as follows:

9. Describe the working principle of PEM email security.

AN Department Page 8
 NETWORK AND INFORMATION SECURITY IS 22620

PEM supports the 3 main cryptographic functions of encryption, nonrepudiation and message integrity.
The steps involved in PEM operation as follows.

Step 1: Canonical conversion: there is a distinct possibility that the sender and the receiver of an
email message use computers that have different architecture and operating systems. PEM transforms
each email message into an abstract, canonical representation. This means that regardless of the
architecture and the operating system of the sending and receiving computers, the email travels in a
uniform, independent format.
Step 2: Digital signature

-It starts by creating a MD of email message using an algorithm such as MD2 or MD5.
-The MD thus created is then encrypted with sender’s private key to form the sender’s digital signature.

Step 3 Encryption: The original email and the digital signature are encrypted together with a
symmetric key

AN Department Page 9
 NETWORK AND INFORMATION SECURITY IS 22620

Step 4: Base- 64 encoding-This process transforms arbitrary binary input into printable character
output. The binary input is processed in blocks of 3 octets or 24 bits. These 24 bits are considered to be
made up of 4 sets, each of 6 bits. Each such set of 6 bits is mapped into an 8-bit output character in this
process.

10. Describe: (i) application patches (ii) upgrades.

i) Application patches: As o.s continues to grow and introduce new functions, the potential
for problems with the code grows as well. It is almost impossible for an operating system
vendor to test its product on every possible platform under every possible platform under
every possible circumstance, so functionality and security issues do arise after an o.s. has
been released. Application patches are likely to come in three varieties: hot fixes, patches
and upgrades. Application patches are supplied from the vendor who sells the application.
Application patches can be provided in many different forms like can be downloaded
directly from the vendor’s web site or FTP site or by CD. Application patches are probably
come in three varieties: hot fixes, patches and upgrades.

AN Department Page 10
 NETWORK AND INFORMATION SECURITY IS 22620

ii) Upgrades: These are another popular method of patching applications, and they are likely
to be received with a more positive role than patches. The term upgrade has a positive
implication-you are moving up to a better, more functional and more secure application. The
most vendors will release upgrades for fixes rather than any new or enhanced functionality.
11. Consider a plain text “Computer Security” encrypt it with the help of Rail Fence Technique also
write the algorithm.
Rail Fence Technique algorithm:
1. Write down the plain text message as a sequence of diagonals.
2. Read the plain text written in step1 as a sequence of rows. The cipher text for the plain text
Computer security as follows:

12. Describe packet filtering router firewall with neat diagram.

AN Department Page 11
 NETWORK AND INFORMATION SECURITY IS 22620

A packet filtering router firewall applies a set of rules to each packet and based on outcome, decides to
either forward or discard the packet. Such a firewall implementation involves a router, which is
configured to filter packets going in either direction i.e. from the local network to the outside world and
vice versa.
A packet filter performs the following functions.
1. Receive each packet as it arrives.
2. Pass the packet through a set of rules, based on the contents of the IP and transport header
fields of the packet. If there is a match with one of the set rule, decides whether to accept or discard the
packet based on that rule.
3. If there is no match with any rule, take the default action. It can be discard all packets or
accept all packets.
Advantages: simplicity, transparency to the users, high speed
Disadvantages: difficult to set up packet filtering rules, lack of authentication.

13. Describe the following w.r.t. cyber laws: 1) IT act 2000 2) IT act 2008.
1) IT act 2000: According to Indian cyber laws, Information technology is the important law and it had
passed in Indian parliament in year 2000.This act is helpful to encourage business by use of internet.
Due to misuse of internet and increase of cybercrime, the Govt. of India made an act for safeguarding
the internet users.
The main objectives of this act are as follows.
1. To provide legal recognition to the transaction that can be done by electronic way or by using
internet.
2. To provide legal recognition to digital signature used in transaction.
3. To provide facilities like filling of document online relating to admission or registration.
4. To provide facility to any company that they can store their data in electronic storage.
5. To provide legal recognition for bankers and other companies to keep accounts in electronic form.
2) IT act 2008: It is the Information Technology Amendment Act,2008. The act was developed for IT
industries, control e-commerce, to provide e-governance facility and to stop cybercrime attacks.
Following are the characteristics of IT ACT 2008:
a) This act provide legal recognition for the transaction i.e. Electronic Data Interchange (EDI) and other
electronic communications.
b) This Act also gives facilities for electronic filling of information with the Government agencies.

AN Department Page 12
 NETWORK AND INFORMATION SECURITY IS 22620

c) It is considered necessary to give effect to the said resolution and to promote efficient delivery of
Government services by means of reliable electronic records.

14. Describe Caeser’s cipher technique. Write its algorithm with an example.
Caesar cipher: It is proposed by Julius Caesar. In cryptography, Caesar cipher also known as Caesar’s
cipher/code, shift cipher/code. It is one of the simplest and most widely known encryption techniques.
It is a type of substitution technique in which each letter in the plain text is replaced by a letter some
fixed number of position down the alphabet. For example, with a shift of 3, A would be replaced by D,
B would became E, and so on as shown in the table below.

Using this scheme, the plain text “SECRET” encrypts as Cipher text “VHFUHW” . To allow someone
to read the cipher text, you tell them that the key is 3 Algorithm to break Caesar cipher:
1. Read each alphabet in the cipher text message, and search for it in the second row of the table above.
2. When a match in found, replace that alphabet in the cipher text message with the corresponding
alphabet in the same column but the first row of the table. (For example, if the alphabet cipher text is J,
replace it with G).
3. Repeat the process for all alphabets in the cipher text message.

15. Describe DMZ with suitable diagram.

DMZ (Demilitarized Zone)

AN Department Page 13
 NETWORK AND INFORMATION SECURITY IS 22620

It is a computer host or small network inserted as a “neutral zone” in a company’s private network and
the outside public network. It avoids outside users from getting direct access to a company’s data
server. A DMZ is an optional but more secure approach to a firewall. It can effectively acts as a proxy
server.
The typical DMZ configuration has a separate computer or host in network which receives requests
from users within the private network to access a web sites or public network. Then DMZ host initiates
sessions for such requests on the public network but it is not able to initiate a session back into the
private network. It can only forward packets which have been requested by a host. The public
network’s users who are outside the company can access only the DMZ host. It can store the
company’s web pages which can be served to the outside users. Hence, the DMZ can’t give access to
the other company’s data. By any way, if an outsider penetrates the DMZ’s security the web pages may
get corrupted but other company’s information can be safe.

16. Describe: (i) hacking (ii) cracking.

(i) Hacking: Hacking is one of the most well-known types of computer crime. A hacker is
someone who find out and exploits the weaknesses of s computer systems or networks. Hacking
refers to unauthorized access of another’s computer systems. These intrusions are often
conducted in order to launch malicious programs known as viruses, worms, and Trojan horses
that can shut down hacking an entire computer network. Hacking is also carried out as a way to
talk credit card numbers, intent passwords, and other personal information. By accessing
commercial database, hackers are able to steal these types of items from millions of internet
users all at once. There are different types of hackers: 1. White hat 2. Black hat 3. Grey hat 4.
Elite hacker 5. Script hacker

AN Department Page 14
 NETWORK AND INFORMATION SECURITY IS 22620

(ii) Cracking: In the cyber world, a cracker is someone who breaks into a computer system or
network without authorization and with the intention of doing damage. Crackers are used to
describe a malicious hacker. Crackers get into all kinds of mischief like he may destroy files,
steal personal information like credit card numbers or client data, infect the system with a virus,
or undertake many others things that cause harm. Cracking can be done for profit, maliciously,
for some harm to organization or to individuals. Cracking activity is harmful, costly and
unethical.

17. Explain secure socket layer and describe the SSL protocol stack with neat diagram.
SSL: SSL is a commonly used internet protocol for managing the security of a message transmission
between web browser and web server. SSL is succeeded by transport layer security (TLS) and it is
based on SSL. SSL uses a program layer which is located between internet’s hypertext transfer protocol
(http) and transport control protocol (TCP) layers. SSL is included as part of both the Microsoft and
Netscape browsers and most web server products. SSL provides two levels of security services,
authentication and confidentiality. SSL is logically a pipe between web browser and web server.

1. Handshake protocol: This protocol allows the server and client to authenticate each other. Also, it
will allow negotiating an encryption and MAC algorithm. This protocol is used before transmitting any
application data. Basically, this protocol contains a series of messages exchanged by client and server.
The handshake protocol is actually made up of four phases, those are:
I. Establish security capabilities
II. Server authentication and key exchange
III. Client authentication and key exchange
IV. Finish
2. Record protocol: Record protocol comes into the picture after a successful completion of handshake
between client and server. It provides two services for SSL connection, as follow:
a) Confidentiality: this is achieved by using the secret key that is defined by the handshake protocol.
b) Integrity: the handshake protocol also defines a shared secret key (MAC) that is used for assuring the
message integrity.

AN Department Page 15
 NETWORK AND INFORMATION SECURITY IS 22620

3. Alert protocol: when either the client or the server detects an error, the detecting party sends an
error message to other party. If the error is fatal, both the parties immediately close the SSL connection.
Both the parties also destroy the session identifiers, secret and keys associated with this connection
before it is terminated. Other errors, which are not so severe, do not result in the termination of the
communication. Instead, the parties handle the error and continue.

18. List any four biometrics methods used for identification. List any four advantages of biometrics.
Biometric refers study of methods for uniquely recognizing humans based upon one or more intrinsic
physical or behavioural characteristics.
Different methods of Biometrics:
1. Finger print recognition
2. Hand print recognition
3. Retina/iris scan technique
4. Face recognition
5. Voice patterns recognition
6. Signature and writing patterns recognition
7. Keystroke dynamics.
Advantages of biometrics:
i) Biometrics cannot be lost, stolen or forgotten. Barring disease or serious physical injury, the
biometric is consistent and permanent.
ii) It is also secure in that the biometric itself cannot be socially engineered, shared or used by
others.
iii) There is no requirement to remember password or pins, thus eliminating an overhead cost.
iv) Coupled with a smart card, biometrics provides strong security for any credentials on the
smart card.
v) It provides a high degree of confidence in user identity
vi)
19. Define Encryption and Decryption with reference to computer security.
Encryption: The process of encoding plain text into cipher text message is known as Encryption.

Decryption: The reverse process of transforming cipher text message back to plain text message is
called decryption.

AN Department Page 16
 NETWORK AND INFORMATION SECURITY IS 22620

Encryption and Decryption process

In the communication, the computer at sender‘s end usually transforms a plain text into cipher text by
performing encryption by applying encryption algorithm. The encrypted cipher text is then sent to the
receiver over the network. The receiver‘s computer then takes the encrypted message and then perform
the reverse of encryption i.e. decryption by applying decryption algorithm

20. Explain following terms w.r.t. security : i) Intruders ii) Insiders.

i. Intruders: An intruder is a person that enters territory that does not belong to that person.
Intruders try to intrude into the privacy of the network. Intruders are said to be of three types, as
below:
a) Masquerader: A user who does not have the authority to use a computer, but penetrates into a
system to access a legitimate user‘s account is called a masquerader. It is generally an external
user.
b) Misfeasor: There are two possible cases for an internal user to be called as a misfeasor:
i) A legitimate user, who does not have access to some applications, data or resources,
accesses them.
ii) A legitimate user, who has access to some applications, data or resources, misuses
these privileges.
c) Clandestine user: An internal or external user who tries to work using the privileges of a
supervisor user to avoid auditing information being captured and recorded is called as a
clandestine user.
ii. Insiders: Insiders are authorized users who try to access system or network for which he is
unauthorized. Insiders are legal users. More dangerous than Intruders. They have knowledge

AN Department Page 17
 NETWORK AND INFORMATION SECURITY IS 22620

about the security system. They have easy access to the system because they are authorized
users. There is no such mechanism to protect system from Insiders. Insiders are more dangerous
than intruders because: The insiders have the access and necessary knowledge to cause
immediate damage to an organization. There is no security mechanism to protect system from
Insiders. So they can have all the access to carry out criminal activity like fraud. They have
knowledge of the security systems and will be better able to avoid detection.
21. What is the application of firewall ? How it works ? Enlist its limitations.
A firewall is a networking device – hardware, software or a combination of both– whose purpose
is to enforce a security policy across its connection.
Working: Firewalls enforce the establishment security policies. Variety of mechanism includes:
• Network Address Translation (NAT)
• Basic Packet Filtering
• Stateful Packet Filtering
• Access Control Lists (ACLs)
• Application Layer Proxies.
One of the most basic security function provided by a firewall is Network Address Translation (NAT).
This service allows you to mask significant amounts of information from outside of the network.
This allows an outside entity to communicate with an entity inside the firewall without truly knowing
its address. Basic Packet Filtering, the most common firewall technique, looking at packets, their
protocols and destinations and checking that information against the security policy. Telnet and FTP
connections may be prohibited from being established to a mail or database server, but they may be
allowed for the respective service servers. This is a fairly simple method of filtering based on
information in each packet header, like IP addresses and TCP/UDP ports. This will not detect and catch
all undesired packet but it is fast and efficient.
Limitations:
1. Firewall do not protect against inside threats.
2. Packet filter firewall does not provide any content based filtering.
3. Protocol tunneling, i.e. sending data from one protocol to another protocol which negates the
purpose of firewall.
4. Encrypted traffic cannot be examine and filter.

22.Describe in brief : i) Piggybacking ii) Shoulder surfing.

AN Department Page 18
 NETWORK AND INFORMATION SECURITY IS 22620

1. Piggy-backing is the simple process of following closely behind a person who has just used
their own access card or PIN to gain physical access to a room or building.
2. An attacker can thus gain access to the facility without having to know the access code or
having to acquire an access card.
3. Piggybacking, in a wireless communications context, is the unauthorized access of a wireless
LAN.
4. Piggybacking is sometimes referred to as ―Wi-Fi squatting‖.
5. The usual purpose of piggybacking is simply to gain free network access rather than any
malicious intent, but it can slow down data transfer for legitimate users of the network. Furthermore,
6. a network that is vulnerable to piggybacking for network access is equally vulnerable when the
purpose is data theft, dissemination of viruses, or some other illicit activity.
Example: Access of wireless internet connection by bringing one's own computer within the range of
another wireless network & using that without explicit permission.
Shoulder surfing
1. is a similar procedure in which attackers position themselves in such a way also be-able to
observe the authorized user entering the correct access code or data.
2. Shoulder surfing is using direct observation techniques, such as looking over someone's
shoulder, to get information.
3. Shoulder surfing is an effective way to get information in crowded places because it's
relatively easy to stand next to someone and watch as they fill out a form, enter a PIN
number at an ATM machine.
4. Shoulder surfing can also be done long-distance with the idea of binoculars or other vision-
enhancing devices.
5. To prevent shoulder surfing, experts recommend that you shield paper work or your keypad
from view by using your body or cupping your hand.

23. What is meant by steganography? Describe its importance.

Steganography:
1. Steganography is the art and science of writing hidden message in such a way that no one,
apart from the sender and intended recipient, suspects the existence of the message.

AN Department Page 19
 NETWORK AND INFORMATION SECURITY IS 22620

2. Steganography works by replacing bits of useless or unused data in regular computer files
(such as graphics, sound, text, html or even floppy disks) with bits of different, invisible
information. This hidden information can be plain text, cipher text or even images.
3. In modern steganography, data is first encrypted by the usual means and then inserted,
using a special algorithm, into redundant data that is part of a particular file format such as a JPEG
image.
Steganography process : Cover-media + Hidden data + Stego-key = Stego-medium

4. Cover media is the file in which we will hide the hidden data, which may also be encrypted
using stego-key. The resultant file is stego-medium. Cover-media can be image or audio file.
Stenography takes cryptography a step further by hiding an encrypted message so that no one
suspects it exists. Ideally, anyone scanning your data will fail to know it contains encrypted
data.
5. Stenography has a number of drawbacks when compared to encryption. It requires a lot of
overhead to hide a relatively few bits of information.

24. With the help of neat diagram describe host based Intrusion Detection System.
Host Intrusion Detection Systems are run on individual hosts or devices on the network. A HIDS
monitors the inbound and outbound packets from the device only and will alert the user or
administrator when suspicious activity is detected. HIDS is looking for certain activities in the log file
are:
Logins at odd hours
Login authentication failure
Adding new user account
Modification or access of critical system files
Modification or removal of binary files
Starting or stopping processes
Privilege escalation
Use of certain programs

AN Department Page 20
 NETWORK AND INFORMATION SECURITY IS 22620

Basic Components HIDS:

1. Traffic collector: This component collects activity or events from the IDS to examine. On Host-based
IDS, this can be log files, audit logs, or traffic coming to or leaving a specific system. On Network-based
IDS, this is typically a mechanism for copying traffic of the network link.
2. Analysis Engine: This component examines the collected network traffic & compares it to known
patterns of suspicious or malicious activity stored in the signature database. The analysis engine acts
like a brain of the IDS.
3. Signature database: It is a collection of patterns & definitions of known suspicious or malicious
activity.
4. User Interface & Reporting: This is the component that interfaces with the human element,
providing alerts when suitable & giving the user a means to interact with & operate the IDS.
Advantages:
• O.S specific and detailed signatures.
• Examine data after it has been decrypted.
• Very application specific.
• Determine whether or not an alarm may impact that specific.
Disadvantages:
• Should a process on every system to watch.
• High cost of ownership and maintenance.
• Uses local system resources.
• If logged locally, could be compromised or disable.

AN Department Page 21
 NETWORK AND INFORMATION SECURITY IS 22620

25. Describe in brief the process of application hardening.

Application Hardening: Application hardening- securing an application against local & Internet-
based attacks.
In this you can remove the functions or components you do not need, restrict the access where you
can and make sure the application is kept up to date with patches. It includes:
1. Application Patches: Application patches are supplied from the vendor who sells the
application. They are probably come in three varieties: hot fixes, patches & up-grades.
a. Hotfixes: Normally this term is given to small software update designed to address a
particular problem like buffer overflow in an application that exposes the system to
attacks.
b. Patch: This term is generally applied to more formal, larger s/w updates that may
address several or many s/w problems. Patches often contain improvement or additional
capabilities & fixes for known bugs.
c. Upgrades: Upgrades are another popular method of patching application & they are
likely to be received with a more positive role than patches.
2. Web servers: Web servers are the most common Internet server-side application in use.
These are mainly designed to provide content & functionality to remote users through a
standard web browser.
3. Active directory: Active Directory allows single login access to multiple applications, data
sources and systems and it includes advanced encryption capabilities like Kerberos and PKI.

26. Describe rail fence technique. Convert “I am a student” into cipher text using rail fence method.
In Rail fence cipher, techniques are essentially Transposition Ciphers and generated by
rearrangement of characters in the plaintext.
The characters of the plaintext string are arrange in the form of a rail-fence as follows – let the Plaintext
be ―I AM A STUDENT
Rail Fence Technique algorithm:
1. Write down the plain text message as a sequence of diagonals.
2. Read the plain text written in step1 as a sequence of rows. Example: plain text = “I AM A STUDENT “
is converted to cipher text with this help of Rail Fence Technique with dual slope.

AN Department Page 22
 NETWORK AND INFORMATION SECURITY IS 22620

Cipher text = “ IMSUETAATDN”

27. Explain with neat sketch the working of Secure Socket Layer (SSL).
1. SSL: SSL is a commonly used internet protocol for managing the security of a message
transmission between web browser and web server.
2. SSL is succeeded by transport layer security (TLS) and it is based on SSL.
3. SSL uses a program layer which is located between internet‘s hypertext transfer protocol (http)
and transport control protocol (TCP) layers.
4. SSL is included as part of both the Microsoft and Netscape browsers and most web server
products.
5. SSL provides two levels of security services, authentication and confidentiality. SSL is logically a
pipe between web browser and web server.

Fig. SSL protocol stack

1. Handshake protocol: This protocol allows the server and client to authenticate each other. Also, it
will allow negotiating an encryption and MAC algorithm.
a. This protocol is used before transmitting any application data. Basically, this
protocol contains a series of messages exchanged by client and server.
The handshake protocol is actually made up of four phases, those are:
I. Establish security capabilities

AN Department Page 23
 NETWORK AND INFORMATION SECURITY IS 22620

II. Server authentication and key exchange

III. Client authentication and key exchange
IV. Finish
2. Record protocol: Record protocol comes into the picture after a successful completion of handshake
between client and server. It provides two services for SSL connection,
a) Confidentiality: this is achieved by using the secret key that is defined by the handshake
protocol.
b) Integrity: the handshake protocol also defines a shared secret key (MAC) that is used for
assuring the message integrity.
3. Alert protocol: when either the client or the server detects an error, the detecting party sends an
error message to other party.
1. If the error is fatal, both the parties immediately close the SSL connection. Both the parties also
destroy the session identifiers, secret and keys associated with this connection before it is
terminated. Other errors, which are not so severe, do not result in the termination of the
communication. Instead, the parties handle the error and continue.

28. Describe the role of individual user while maintaining security. What are the limitations of
following biometrics identification methods. i) Hand print ii) Retina iii) Voice iv) Signature.
Role of in individual user in security
Individual user responsibilities:
i) Lock the door of office or workspace.
ii) Do not leave sensitive information inside your car unprotected.
iii) Secure storage media which contains sensitive information.
iv) Shredding paper containing organizational information before discarding it.
Give proper guidelines for:
a) Password selection:
b) Piggybacking:
c) Shoulder surfing:
d) Dumpster diving:
e) Installing Unauthorized Software /Hardware:
f) Access by non-employees:
g) Security awareness:

AN Department Page 24
 NETWORK AND INFORMATION SECURITY IS 22620

i. Hand print: Because of cuts in hands and rough work handled by user it may create error while
reading occasionally
ii. Retina: As per change in age and physical conditions and accidents there may be problem in
accessing (Even changing numbers of spectacles, Lenses etc.)
iii. Voice: because health problem illness there is variation in voice even because of weather change it
may cause errors.
iv. Signature: As per mood and temper there is change in signature of user which also creates problem
to access the data.

29. i) Describe working principle of SMTP.

ii) With neat sketch explain the working of Network Based IDS.

Simple mail Transfer Protocol(SMTP):

• Popular network services in Email.
• It is system for sending messages to other computer users based on email.
• It is request response based activity.
• Also provides email exchange process.
• It attempts to provide reliable service but not guarantees to sure recovery from failure.
ii) Network Based IDS

AN Department Page 25
 NETWORK AND INFORMATION SECURITY IS 22620

Network Based IDS

1. Network-based IDS focuses on network traffic —the bits & bytes traveling along the cables & wires
that interconnect the system.
2. A network IDS should check the network traffic when it passes & it is able to analyse traffic
according to protocol type, amount, source, destination, content, traffic already seen etc.
3. Such an analysis must occur quickly, &the IDS must be able to handle traffic at any speed the
network operates on to be effective.
4. Network-based IDSs are generally deployed so that they can monitor traffic in &out of an
organization’s major links like connection to the Internet, remote offices, partner etc.
Network-based IDSs looks for certain activities like:
• Denial of service attacks
• Port scans or sweeps
• Malicious content in the data payload of a packet or packets
• Vulnerability scanning Trojans, viruses, or worms
• Tunneling
• Brute-force attacks

AN Department Page 26
 NETWORK AND INFORMATION SECURITY IS 22620

30. Give IP Sec configuration. Describe AH and ESP modes of IPSEC

IP sec overview:
• It encrypts and seal the transport and application layer data during transmission. It also offers
integrity protection for internet layer.
• It sits between transport and internet layer of conventional TCP/IP protocol.
1. Secure remote internet access: Using IPsec make a local call to our internet services provider (ISP) so
as to connect to our organization network in a secure fashion from our house or hotel from there; To
access the corporate network facilities or access remote desktop/servers.
2. Secure branch office connectivity: Rather than subscribing to an expensive leased line for connecting
its branches across cities, an Organization can setup an IPsec enabled network to securely can‘t all its
branches over internet.
3. Setup communication with other organization: Just as IPsec allow connectivity between various
branches of an organization, it can also be used to connect the network of different organization
together in a secure & inexpensive fashion.
Main advantages of IPsec:
• IPsec is transparent to end users.

AN Department Page 27
 NETWORK AND INFORMATION SECURITY IS 22620

• There is no need for an user training key, key issuance or revocation.

• When IPsec is configured to work with firewall it becomes the only entry-exit point for all
traffic, making it extra secure.
• IPsec works at network layer. Hence no changes are needed to upper layers or router, all
outgoing & incoming traffic gets protected.
• IPsec allow travelling staff to have secure access to the corporate network
• IPsec allows interconnectivity between branches/offices in a very in expensive manner.
Basic Concept of IPsec Protocol:
IP packet consist two position IP header & actual data IPsec feature are implemented in the form of
additional headers called as extension header to the standard, default IP header.
IPsec offers two main services authentication & confidentially. Each of these requires its own extension
header. Therefore, to support these two main services, IPsec defines two IP extension header one for
authentication & another for confidentiality.
It consists of two main protocols:

Authentication header (AH): Authentication header is an IP Packet (AH) protocol provides

authentication, integrity &an optional anti-reply service. The IPsec AH is a header in an IP packet. The
AH is simply inserted between IP header & any subsequent packet contents no changes are required to
data contents of packet. Security resides completing in content of AH.

AN Department Page 28
 NETWORK AND INFORMATION SECURITY IS 22620

Encapsulation Header (ESP): Used to provide confidentiality, data origin authentication, data
integrity, It is based on symmetric key cryptography technique. ESP can be used in isolation or it can
be combined with AH.

31. What is meant by access control. Describe : i) DAC ii) MAC iii) RBAC in brief.
Access is the ability of a subject to interest with an object. Authentication deals with verifying the
identity of a subject. It is ability to specify, control and limit the access to the host system or

AN Department Page 29
 NETWORK AND INFORMATION SECURITY IS 22620

application, which prevents unauthorized use to access or modify data or resources.

Various access controls are:

Discretionary Access control (DAC): Restricting access to objects based on the identity of subjects
and or groups to which they belongs to, it is conditional, basically used by military to control access on
system. UNIX based System is common method to permit user for read/write and execute.
Mandatory Access control (MAC): It is used in environments where different levels of security are
classified. It is much more restrictive. It is sensitivity based restriction, formal authorization subject to
sensitivity. In MAC the owner or User cannot determine whether access is granted to or not. i.e.
Operating system rights. Security mechanism controls access to all objects and individual cannot
change that access.
Role Based Access Control (RBAC): Each user can be assigned specific access. permission for
objects associated with computer or network. Set of roles are defined. Role in-turn assigns access
permissions which are necessary to perform role. • Different User will be granted different permissions
to do specific duties as per their classification.

32. Explain Virtual Private Network in brief.

A VPN is a mechanism of employing encryption, authentication, and integrity protection so that we can
use a public network as if it is a private network Suppose an organization has two networks, Network 1
and Network 2, which are physically apart from each other and we want to connect them using VPN
approach. In such case we set up two firewalls, Firewall 1 and Firewall 2.The encryption and
decryption are performed by firewalls. Network 1 connects to the Internet via a firewall named Firewall
1 and Network 2 connects to the Internet with its own firewall , Firewall 2.
Working: Let us assume that host X on Network 1 wants to send a data packet to host Y on Network
2. 1) Host X creates the packet, inserts its own IP address as the source address and the IP address of
host Y as the destination address.

AN Department Page 30
 NETWORK AND INFORMATION SECURITY IS 22620

2) The packet reaches Firewall 1.Firewall 1 now adds new headers to the packet. It changes the source
IP address of the packet from that of host X to its own address(i.e. IP address of Firewall 1, F1).
3) It also changes the destination IP address of the packet from that of host Y to the IP address of
Firewall 2,F2.It also performs the packet encryption and authentication, depending on the settings and
sends the modified packet over the Internet
4) The packet reaches to firewall 2 over the Internet, via routers. Firewall 2 discards the outer header
and performs the appropriate decryption. It then takes a look at the plain text contents of the packet and
realizes that the packet is meant for host Y.It delivers the packet to host Y

33. Explain model of security with block diagram

CIA Model for security:
1. Confidentiality: the principle of confidentiality specifies that only sender and intended recipients
should be able to access the contents of a message. Confidentiality gets compromised if an
unauthorized person is able to access the contents of a message. Example of compromising the
Confidentiality of a message is shown in fig

Fig. Loss of Confidentiality

Here, the user of a computer A send a message to user of computer B. another user C gets access to this
message, which is not desired and therefore, defeats the purpose of Confidentiality. This type of attack
is also called as interception.
2. Authentication: Authentication helps to establish proof of identities. The Authentication process
ensures that the origin of a message is correctly identified. For example, suppose that user C sends a
message over the internet to user B. however, the trouble is that user C had posed as user A when he
sent a message to user B. how would user B know that the message has come from user C, who posing
as user A? This concept is shown in fig. below. This type of attack is called as fabrication.

AN Department Page 31
 NETWORK AND INFORMATION SECURITY IS 22620

Fig. Absence of Authentication

4. Integrity: when the contents of the message are changed after the sender sends it, but before it reaches
the intended recipient, we say that the integrity of the message is lost. For example, here user C tampers
with a message originally sent by user A, which is actually destined for user B. user C somehow
manages to access it, change its contents and send the changed message to user B. user B has no way of
knowing that the contents of the message were changed after user A had sent it. User A also does not
know about this change. This type of attack is called as modification.

Fig. Loss of Integrity

34. Explain Cyber crime

Crimes against people are a category of crime that consists of offenses that usually involve causing or
attempting to cause bodily harm or a threat of bodily harm. These actions are taken without the consent
of the individual the crime is committed against, or the victim. These types of crimes do not have to
result in actual harm - the fact that bodily harm could have resulted and that the victim is put in fear for
their safety is sufficient. i.e. Assault, Domestic Violence, Stalking.
Cybercrime is a bigger risk now than ever before due to the sheer number of connected people and
devices. ‗Cybercrime, as it's a bigger risk now than ever before due to the sheer number of connected
people and devices. it is simply a crime that has some kind of computer or cyber aspect to it. To go into
more detail is not as straightforward, as it takes shape in a variety of different formats.
Cybercrime:

AN Department Page 32
 NETWORK AND INFORMATION SECURITY IS 22620

• Cybercrime has now surpassed illegal drug trafficking as a criminal moneymaker

• Somebody‘s identity is stolen every 3 seconds as a result of cybercrime
• Without a sophisticated security package, your unprotected PC can become infected within four
minutes of connecting to the Internet.
Criminals committing cybercrime use a number of methods, depending on their skillset and their goal.
Here are some of the different ways cybercrime can take shape:
• Theft of personal data
• Copyright infringement
• Fraud
• Child pornography
• Cyber stalking
• Bullying
Cybercrime covers a wide range of different attacks, that all deserve their own unique approach when it
comes to improving our computer's safety and protecting ourselves. The computer or device may be the
agent of the crime, the facilitator of the crime, or the target of the crime. The crime may take place on
the computer alone or in addition to other locations. The broad range of cybercrime can be better
understood by dividing it into two overall categories.

35. Define virus. And explain any five types of viruses.

Viruses: A program designated to spread from file to file on a single PC , it does not intentionally try
to move to another PC and it must replicate and execute itself. Used as delivery tool for hacking
Types of viruses:
• Parasitic Viruses: It attaches itself to executable code and replicates itself. Once it is infected it will
find another program to infect.
• Memory resident viruses: lives in memory after its execution it becomes a part of operating system
or application and can manipulate any file that is executed, copied or moved.
• Non- resident viruses: it executes itself and terminates or destroys after specific time. • Boot sector
Viruses: It infects boot sector and spread through a system when it is booted from disk containing virus.
• Overwriting viruses: It overwrites the code with its own code.
• Stealth Virus: This virus hides the modification it has made in the file or boot record.
• Macro Viruses: These are not executable. It affects Microsoft word like documents, they can spreads
through email.

AN Department Page 33
 NETWORK AND INFORMATION SECURITY IS 22620

• Polymorphic viruses: it produces fully operational copies of itself, in an attempt to avoid signature
detection.
• Companion Viruses: creates a program instead of modifying an existing file.
• Email Viruses: Virus gets executed when email attachment is open by recipient. Virus sends itself to
everyone on the mailing list of sender.
• Metamorphic viruses: keeps rewriting itself every time, it may change their behavior as well as
appearance code.

36. Compare symmetric and asymmetric key cryptography.

37. What is software piracy ?

Software piracy is the illegal copying, distribution, or use of software. It is such a profitable "business"
that it has caught the attention of organized crime groups in a number of countries. Software piracy
causes significant lost revenue for publishers, which in turn results in higher prices for the
consumer.Software piracy applies mainly to full-function commercial software. The time-limited or
function-restricted versions of commercial software called shareware are less likely to be pirated since

AN Department Page 34
 NETWORK AND INFORMATION SECURITY IS 22620

they are freely available. Similarly, freeware, a type of software that is copyrighted but freely
distributed at no charge.
Types of software piracy include:
Soft-lifting: Borrowing and installing a copy of a software application from a colleague. Client-server
overuse: Installing more copies of the software than you have licenses for.
Hard-disk loading: Installing and selling unauthorized copies of software on refurbished or new
computers.
Counterfeiting: Duplicating and selling copyrighted programs.
Online piracy: Typically involves downloading illegal software from peer-to-peer network, Internet
auction or blog. (In the past, the only place to download software was from a bulletin board system and
these were limited to local areas because of long distance charges while online.)

38. Explain DOS and DDOS with neat diagram.

Denial Of Service Attack: Denial of service (DOS) attack scan exploits a known vulnerability in a
specific application or operating system, or they may attack features (or weaknesses) in specific
protocols or services. In this form of attack, the attacker is attempting to deny authorized users access
either to specific information or to the computer system or network itself. The purpose of such an attack
can be simply to prevent access to the target system, or the attack can be used in conjunction with other
actions in order to gain unauthorized access to a computer or network. SYN flooding is an example of a
DOS attack that takes advantage of the way TCP/IP networks were designed to function, and it can be
used to illustrate the basic principles of any DOS attack. SYN flooding utilizes the TCP three-way
handshake that is used to establish a connection between two systems. In a SYN flooding attack, the
attacker sends fake communication requests to the targeted system. Each of these requests will be
answered by the target system, which then waits for the third part of the handshake. Since the requests
are fake the target will wait for responses that will never come, as shown in Figure.

AN Department Page 35
 NETWORK AND INFORMATION SECURITY IS 22620

The target system will drop these connections after a specific time-out period, but if the attacker sends
requests faster than the time-out period eliminates them, the system will quickly be filled with requests.
The number of connections a system can support is finite, so when more requests come in than can be
processed, the system will soon be reserving all its connections for fake requests. At this point, any
further requests are simply dropped (ignored), and legitimate users who want to connect to the target
system will not be able to. Use of the system has thus been denied to them.
Distributed denial-of-service (DDoS): DDoS is the attack where source is more than one, often
thousands of, unique IP addresses. It is analogous to a group of people crowding the entry door or gate
to a shop or business, and not letting legitimate parties enter into the shop or business, disrupting
normal operations. DDoS is a type of DOS attack where multiple compromised systems, which are
often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS)
attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously
used and controlled by the hacker in the distributed attack. A Denial of Service (DoS) attack is different
from a DDoS attack. The DoS attack typically uses one computer and one Internet connection to flood
a targeted system or resource. The DDoS attack uses multiple computers and Internet connections to
flood the targeted resource. DDoS attacks are often global attacks, distributed via botnets.
Types of DDoS Attacks:
Traffic attacks: Traffic flooding attacks send a huge volume of TCP, UDP and ICPM packets to the
target. Legitimate requests get lost and these attacks may be accompanied by malware exploitation.
Bandwidth attacks: This DDoS attack overloads the target with massive amounts of junk data. This
results in a loss of network bandwidth and equipment resources and can lead to a complete denial of
service.
Application attacks: Application-layer data messages can deplete resources in the application layer,
leaving the target's system services unavailable.
Stacheldraht is a piece of software written by Random for Linux and Solaris systems which acts as a
distributed denial of service (DDoS) agent. This tool detects and automatically enables source address
forgery. Stacheldraht uses a number of different DoS attacks, including UDP flood, ICMP flood, TCP
SYN flood andSmurf attack.

AN Department Page 36
 NETWORK AND INFORMATION SECURITY IS 22620

39. Describe dumpster diving with its prevention mechanism.

Dumpster diving: It is the process of going through a target’s trash in order to find little bits of
information System attackers need certain amount of information before launching their attack. One
common place to find this information, if the attacker is in the vicinity of target is to go through the
target‟s thrash in order to find little bits of information that could be useful. The process of going
through target‟s thrash is known as “dumpster diving”. The search is carried out in waste paper,
electronic waste such as old HDD, floppy and CD media recycle and trash bins on the systems etc. If
the attacker is lucky, the target has poor security process they may succeed in finding user ID‟s and
passwords. If the password is changed and old password is discarded, lucky dumpster driver may get
valuable clue. To prevent dumpster divers from learning anything valuable from your trash, experts
recommend that your company should establish disposal policy.

40. Explain the term stenography with example.

Steganography: Steganography is the art and science of writing hidden message in such a way that no
one, apart from the sender and intended recipient, suspects the existence of the message. Steganography
works by replacing bits of useless or unused data in regular computer files (such as graphics, sound,
text, html or even floppy disks) with bits of different, invisible information. This hidden information
can be plain text, cipher text or even images. In modern steganography, data is first encrypted by the
usual means and then inserted, using a special algorithm, into redundant data that is part of a particular
file format such as a JPEG image. Steganography process : Cover-media + Hidden data + Stego-
key = Stego-medium
Cover media is the file in which we will hide the hidden data, which may also be encrypted using
stego-key. The resultant file is stego-medium. Cover-media can be image or audio file. Stenography

AN Department Page 37
 NETWORK AND INFORMATION SECURITY IS 22620

takes cryptography a step further by hiding an encrypted message so that no one suspects it exists.
Ideally, anyone scanning your data will fail to know it contains encrypted data. Stenography has a
number of drawbacks when compared to encryption. It requires a lot of overhead to hide a relatively
few bits of information. i.e. One can hide text, data, image, sound, and video, behind image.
41. Explain e-mail security techniques (protocols).
Ans.
1. SMTP- Simple Mail Transfer Protocol.
(i). It is a popular network services in email communication.
(ii). It is system for sending messages to other computer users based on email.
(iii). It is request response-based activity.
(iv). It also provides email exchange process.
(v). It attempts to provide reliable service but not guarantees to sure recovery from failure.

2. PEM- Privacy Enhanced Mail.

(i). Privacy-Enhanced Mail (PEM) is an Internet standard that provides for secure exchange of electronic
mail.
(ii). PEM employs a range of cryptographic techniques to allow for
(iii). Confidentiality
(iv). Non - repudiation
(v). Message integrity
(vi). The confidentiality feature allows a message to be kept secret from people to whom the message
was not addressed.
(vii). The Non - repudiation allows a user to verify that the PEM message that they have received is truly
from the person who claims to have sent it.
(viii). The message integrity aspects allow the user to ensure that a message hasn't been modified
during transport from the sender.

3. PGP- Pretty Good Privacy: Pretty Good Privacy is a popular program used to encrypt and decrypt
email over the internet.
(i). It becomes a standard for e-mail security.
(ii). It is used to send encrypted code (digital signature) that lets the receiver verify the sender„s
identity and takes care that the route of message should not change.
(iii). PGP can be used to encrypt files being stored so that they are in unreadable form and not readable
by users or intruders.
(iv). It is available in Low cost and Freeware version.
(v). It is most widely used privacy ensuring program used by individuals as well as many corporations.

AN Department Page 38
 NETWORK AND INFORMATION SECURITY IS 22620

4. S/MIME – Secure Multipurpose Internet Mail Extension:

(i). The traditional email system using SMTP protocol are text based which means that a person can
compose text message using an editor and them sends it over Internet to the recipient, but multimedia
files or documents in various arbitrary format cannot be sent using this protocol.
(ii). To cater these needs the Multipurpose Internet Mail Extensions (MIME) system extends the basic
email system by permitting users to send the binary files using basic email system.
(iii). And when basic MIME system is enhanced to provide security features, it is called as Secure
Multipurpose Internet Mail Extensions.
(iv). S/MIME provides security for digital signature and encryption of email message.

42. Describe the process of cyber-crime investigation.

Ans.
• Cybercrime investigation is done to determine the nature of crime and collect evidence e.g.,
hardware, software related with the crime.
• This is used to stop a crime in progress, report crime which was done in the past.
• Relevant IT training is necessary for Cybercrime investigation.
• First step of investigation team is to secure computers, networks & components that are
connected with crime.
• Investigators may clone the system to explore it. They can take a detailed audit of a computer.
• Interviews: Investigators arrange interviews with victims, witness.
• Surveillance: Investigators checks the digital activities, monitors all elements of suspect.
• Forensics: Mining a computer for all related information to detect potential evidence.
• Undercover: Steps to uncover to trap criminals using fake online identities.
• Obtain a search warrant and seize the victim’s equipment.
• Identify the victim's configuration.
• Acquire the evidence carefully.

43. State the types of attacks and describe Active and Passive attack with at least one example each.
Ans.
Passive Attack:
A passive attack monitors unencrypted traffic and looks for clear-text passwords and sensitive
information that can be used in other types of attacks.
Passive attacks include:
• traffic analysis
• release of message contents
• monitoring of unprotected communications
• decrypting weakly encrypted traffic
• Capturing authentication information such as passwords.

Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions.

• The goal of the opponent is to obtain information that is being transmitted.

• The release of message contents is easily understood. A telephone conversation, an electronic
mail message, and a transferred file may contain sensitive or confidential information. We
would like to prevent an opponent from learning the contents of these transmissions.
• A second type of passive attack, traffic analysis.

AN Department Page 39
 NETWORK AND INFORMATION SECURITY IS 22620

• Suppose that we had a way of masking the contents of messages or other information traffic so
that opponents, even if they captured the message, could not extract the information from the
message. The common technique for masking contents is encryption. If we had encryption
protection in place, an opponent might still be able to observe the pattern of these messages.
The opponent could determine the location and identity of communicating hosts and could
observe the frequency and length of messages being exchanged. This information might be
useful in guessing the nature of the communication that was taking place.
• Passive attacks are very difficult to detect because they do not involve any alteration of the
data.
• Typically, the message traffic is not sent and received in an apparently normal fashion and the
sender nor receiver is aware that a third party has read the messages or observed the traffic
pattern.
• However, it is feasible to prevent the success of these attacks, usually by means of encryption.
Thus, the emphasis in dealing with passive attacks is on prevention rather than detection.

Active Attack:

• In an active attack, the attacker tries to bypass or break into secured systems.
• This can be done through stealth, viruses, worms, or Trojan horses.
• Active attacks include attempts to circumvent or break protection features, to introduce
malicious code, and to steal or modify information.
• These attacks are mounted against a network backbone, exploit information in transit,
electronically penetrate an enclave, or attack an authorized remote user during an attempt to
connect to an enclave.
• Active attacks result in the disclosure or dissemination of data files, DoS, or modification of
data.

Active attacks can be divided into four categories:

• Masquerade
• Replay
• modification of messages
• Denial of Service(DoS)
• A masquerade takes place when one entity pretends to be a different entity. A masquerade
attack usually includes one of the other forms of active attack.
• In replay attack, authentication sequences can be captured and replayed after a valid
authentication sequence has taken place, thus enabling an authorized entity with few
privileges to obtain extra privileges by impersonating an entity that has those privileges.
• Replay involves the passive capture of a data unit and its subsequent retransmission to
produce an unauthorized effect.
• Modification of messages simply means that some portion of a legitimate message is altered,
or that messages are delayed or reordered, to produce an unauthorized effect. For example, a
message meaning "Allow Ajay to read confidential accounts" is modified to mean "Allow Vijay
to read confidential accounts."

AN Department Page 40
 NETWORK AND INFORMATION SECURITY IS 22620

44. What is pornography?

Ans.
PORNOGRAPHY: The depiction of nudity or erotic behavior, in writing, pictures, video, or otherwise,
with the intent to cause sexual excitement. Is the depiction of erotic behavior (as in pictures or writing)
intended to cause sexual excitement material (as books or a photograph) that depicts erotic behavior
and is intended to cause sexual excitement the depiction of acts in a sensational manner so as to
arouse a quick intense emotional reaction? Pornography is defined as imagery, in addition to various
forms of media, that depicts actions presumed to be overtly sexual and erotic in nature. In a legal
spectrum, Pornography can be defined as sexually-explicit material that is displayed or viewed with the
intention of the provision of sexual gratification.

45. What is PGP? How PGP is used for email security.

Ans.
PGP is Pretty Good Privacy. It is a popular program used to encrypt and decrypt email over the internet.
It becomes a standard for e-mail security. It is used to send encrypted code (digital signature) that lets
the receiver verify the sender’s identity and takes care that the route of message should not change.
PGP can be used to encrypt files being stored so that they are in unreadable form and not readable by
users or intruders It is available in Low cost and Freeware version. It is most widely used privacy
ensuring program used by individuals as well as many corporations.

How PGP works

There are five steps as shown in fig.

1. Digital signature: it consists of the creation a message digest of the email message using SHA-1
algorithm. The resulting MD is then encrypted with the sender‟s private key. The result is the sender‟s
digital signature.

2. Compression: the input message as well as p digital signature are compressed together to reduce the
size of final message that will be transmitted. For this the Lempel-Ziv algorithm is used.

3. Encryption: The compressed output of step 2 (i.e. the compressed form of the original email and the
digital signature together) are encrypted with a symmetric key.

AN Department Page 41
 NETWORK AND INFORMATION SECURITY IS 22620

4. Digital enveloping: the symmetric key used for encryption in step 3 is now encrypted with the
receiver’s public key. The output of step 3 and 4 together form a digital envelope.

5. Base -64 encoding: this process transforms arbitrary binary input into printable character output.
The binary input is processed in blocks of 3 octets (24-bits).these 24 bits are considered to be made up
of 4 sets, each of 6 bits. Each such set of 6 bits is mapped into an 8-bit output character in this process.

AN Department Page 42
 NETWORK AND INFORMATION SECURITY IS 22620

Solve following questions 6 marks

1. Draw the flow diagram of DES algorithm and explain each step-in detail.
Ans.
The Data Encryption Standard is generally used in the ECB, CBC, or the CFB mode. DES is a block cipher.
It encrypts data in blocks of size 64 bits each. That is, 64 bits of plain text goes as the input to DES,
which produces 64 bits of cipher text. DES is based on the two fundamental attributes of cryptography:
substitution and transposition.
The process diagram as follows:

Initial Permutation (IP): It happens only once. It replaces the first bit of the original plain text block
with the 58th bit of the original plain text block, the second bit with the 50th bit of original plain text
block and so on. The resulting 64-bits permuted text block is divided into two half blocks. Each half
block consists of 32 bits. The left block called as LPT and right block called as RPT.16 rounds are
performed on these two blocks. Details of one round in DES

Step 1: key transformation: the initial key is transformed into a 56-bit key by discarding every 8th bit of
initial key. Thus, for each round, a 56-bit key is available, from this 56-bit key, a different 48-bit sub key
is generated during each round using a process called as key transformation.

AN Department Page 43
 NETWORK AND INFORMATION SECURITY IS 22620

Step 2: Expansion permutation: During Expansion permutation the RPT is expanded from 32 bits to 48
bits. The 32-bit RPT is divided into 8 blocks, with each block consisting of 4-bits. Each 4-bits block of the
previous step is then expanded to a corresponding 6-bit block, per 4-bit block, 2 more bits are added.
They are the repeated 1st and 4th bits of the 4-bit block. The 2nd and 3rd bits are written as they were
in the input. The 48-bit key is XOR ed with the 48-bit RPT and the resulting output is given to the next
step.

Step 3: S-box substitution: It accepts the 48-bits input from the XOR operation involving the
compressed key and expanded RPT and produces 32-bit output using the substitution techniques. Each
of the 8 S-boxes has a 6-bit input and a 4-bit output. The output of each S-box then combined to form a
32-bit block, which is given to the last stage of a round.

Step 4: P- box permutation: the output of S-box consists of 32-bits. These 32-bits are permuted using P-
box.

Step 5: XOR and Swap: The LPT of the initial 64-bits plain text block is XORed with the output produced
by P box-permutation. It produces new RPT. The old RPT becomes new LPT, in a process of swapping.

Final Permutation: At the end of 16 rounds, the final permutation is performed. This is simple
transposition. For e.g., the 40th input bit takes the position of 1st output bit and so on.

2. Define access control and describe DAC, MAC and RBAC access control models.
Ans.

AN Department Page 44
 NETWORK AND INFORMATION SECURITY IS 22620

Access is the ability of a subject to interest with an object. Authentication deals with verifying the
identity of a subject. It is ability to specify, control and limit the access to the host system or
application, which prevents unauthorized use to access or modify data or resources.
It can be displayed using Access Control matrix or List

Various access controls are:

Discretionary Access control (DAC): Restricting access to objects based on the identity of subjects and
or groups to which they belong to, it is conditional, basically used by military to control access on
system. UNIX based System is common method to permit user for read/write and execute.

Mandatory Access control (MAC): It is used in environments where different levels of security are
classified. It is much more restrictive. It is sensitivity-based restriction, formal authorization subject to
sensitivity. In MAC the owner or User cannot determine whether access is granted to or not. i.e.
Operating system rights. Security mechanism controls access to all objects and individual cannot
change that access.

Role Based Access Control (RBAC): Each user can be assigned specific access permission for objects
associated with computer or network. Set of roles are defined. Role in-turn assigns access permissions
which are necessary to perform role.

• Different User will be granted different permissions to do specific duties as per their
classification.

AN Department Page 45
 NETWORK AND INFORMATION SECURITY IS 22620

3. Compare Insider and Intruders of four points and describe who is more dangerous.

Describe who is more dangerous.

Insiders are more dangerous than intruders because:
i) The insiders have the access and necessary knowledge to cause immediate damage to an
organization.
ii) There is no security mechanism to protect system from Insiders. So, they can have all the
access to carry out criminal activity like fraud. They have knowledge of the security systems
and will be better able to avoid detection.

4. Describe: (i) man in the middle attack (ii) replay attach with diagrams.
Ans.

Man in the middle attack: A man in the middle attack occurs when attackers are able to place
themselves in the middle of two other hosts that are communicating in order to view or modify the
traffic. This is done by making sure that all communication going to or from the target host is routed
through the attacker’s host. Then the attacker is able to observe all traffic before transmitting it and
can actually modify or block traffic. To the target host, communication is occurring normally, since all
expected replies are received.

Replay attack with diagram: In replay attack an attacker captures a sequence of events or some data
units and resends them. For example, suppose user A wants to transfer some amount to user C’s bank
account. Both users A and C have account with bank B. User A might send an electronic message to
bank B requesting for fund transfer. User C could capture this message and send a copy of the same to
bank B. Bank B would have no idea that this is an unauthorized message and would treat this as a
second and different fund transfer request from user A. So, C would get the benefit of the fund transfer
twice. -once authorized and once through a replay attack.

AN Department Page 46
 NETWORK AND INFORMATION SECURITY IS 22620

5. Describe the role of people in security.

Ans.
a) Password selection:
1) User should be able to create their own easy to remember passwords, but should not be
easy for someone else to guess or obtain using password cracking utilities.
2) Password should meet some essential guidelines for eg.pw should contain some special
characters etc.
3) It should not consist of dictionary words. Etc.
b) Piggybacking: It is a simple approach of following closely behind a person who has just used their
own access card or PIN to gain physical access. In this way an attacker can gain access to the facility
without knowing the access code.
c) Shoulder surfing: An attacker positions themselves in such a way that he is able to observe the
authorized user entering the correct access code.
d) Dumpster diving: It is the process of going through a target’s trash in order to find little bits of
information.
e) Installing Unauthorized Software/Hardware: because of possible risks, many organizations do not
allow their users to load software or install new hardware without the information and help of
administrators. Organizations also restrict what an individual do by received e-mails.
f) Access by non-employees: If attacker can get physical access to a facility then there are many
chances of obtaining enough information to enter into computer systems and networks. Many
organizations restrict their employees to wear identification symbols at work.
g) Security awareness: security awareness program is most effective method to oppose potential social
engineering attacks when organization’s security goals and policies are established. An important
element that should concentrate in training is which information is sensitive for organization and which
may be the target of a social engineering attack.
h) Individual user responsibilities:
i) Lock the door of office or workspace.
ii) Do not leave sensitive information inside your car unprotected.
(iii)Secure storage media which contains sensitive information.

iv) Shredding paper containing organizational information before discarding it. (more points
can be added).

6. Describe the components of HIDS with neat diagram. State its advantages and disadvantages.
Ans.
Intrusion detection system (IDS):
An intrusion detection system (IDS) monitors network traffic and monitors for suspicious activity and
alerts the system or network administrator. In some cases the IDS may also respond to anomalous or

AN Department Page 47
 NETWORK AND INFORMATION SECURITY IS 22620

malicious traffic by taking action such as blocking the user or source IP address from accessing the
network.

HIDS: Host Intrusion Detection Systems are run on individual hosts or devices on the network. A HIDS
monitors the inbound and outbound packets from the device only and will alert the user or
administrator when suspicious activity is detected.

HIDS is looking for certain activities in the log file are:

• Logins at odd hours

• Login authentication failure
• Adding new user account
• Modification or access of critical system files
• Modification or removal of binary files
• Starting or stopping processes
• Privilege escalation
• Use of certain programs

Basic Components HIDS:

Traffic collector:

• This component collects activity or events from the IDS to examine.

• On Host-based IDS, this can be log files, audit logs, or traffic coming to or leaving a
specific system.
• On Network-based IDS, this is typically a mechanism for copying traffic of the
network link.

AN Department Page 48
 NETWORK AND INFORMATION SECURITY IS 22620

Analysis Engine:

• This component examines the collected network traffic & compares it to known
patterns of suspicious or malicious activity stored in the signature database.
• The analysis engine act like a brain of the IDS.

Signature database: It is a collection of patterns & definitions of known suspicious or

malicious activity.

User Interface & Reporting: This is the component that interfaces with the human
element, providing alerts when suitable & giving the user a means to interact with &
operate the IDS.

Advantages:

• O.S specific and detailed signatures.

• Examine data after it has been decrypted.
• Very application specific.
• Determine whether or not an alarm may impact that specific.

Disadvantages:

• Should a process on every system to watch.

• High cost of ownership and maintenance.
• Uses local system resources.
• If logged locally, could be compromised or disable.

7. What is IP sec? Draw and explain the AH format of IP sec. (In Model Answer Paper there is half
answer)[Winter 2014, page no.21]
Ans.
IPsec architecture: The overall idea of IPsec is to encrypt and seal the transport and application layer
data during transmission. Also offers integrity protection for the Internet layer. IPsec layer sits in
between the transport and the Internet layers of conventional TCP/IP protocol stack

IPsec actually consists of two main protocols: a) Authentication Header (AH): b) Encapsulating Security
Payload (ESP):

AN Department Page 49
 NETWORK AND INFORMATION SECURITY IS 22620

a) Authentication Header (AH):

The AH provides support for data integrity and authentication of IP packets. The data integrity
service ensures that data inside IP packet is not altered during the transit. The authentication
service enables an end user or computer system to authenticate the user or the application at the
other end and decides to accept or reject packets accordingly. This also prevents IP spoofing
attacks. AH is based on MAC protocol, which means that the two communicating parties must
share a secret key in order to use AH.
Diagram:

Modes of operation: Both AH and ESP works in two modes:

Tunnel mode:

In tunnel mode, IPsec protects the entire IP datagram. It takes an IP datagram, adds the IPSec header
and trailer and encrypts the whole thing. it then adds new IP header to this encrypted datagram.

Diagram:

Transport mode:

Transport mode does not hide the actual source and destination addresses. They are visible in plain
text, while in transit. In the transport mode, IPsec takes the transport layer payload, adds IPsec header
and trailer, encrypts the whole thing and then adds the IP header. Thus IP header is not encrypted.

Diagram:

AN Department Page 50
 NETWORK AND INFORMATION SECURITY IS 22620

b) Encapsulating Security Payload (ESP):

AN Department Page 51
 NETWORK AND INFORMATION SECURITY IS 22620

8. Describe the following attacks: i) Sniffing ii) Spoofing.

Ans.

(i)Sniffing:

The group of protocols which make up the TCP/ IP suite was designed to work in a friendly environment
where everybody who was connected to the network used the protocols as they were designed. The
abuse of this friendly assumption is illustrated by network traffic sniffing programs, is referred to as
sniffers.

A network “sniffer” is a software or hardware device that is used to observe traffic as it passes through
a network on shared broadcast media. The device can be used to views all traffic or it can target a
specific protocol, service, or even string of characters.

(ii)Spoofing:

Spoofing is nothing more than making data look like it has come from a different source. This is possible
in TCP/ IP because of the friendly assumption behind the protocol. When the protocols were
developed, it was assumed that individuals who had access to the network layer would be privileged
users who could be trusted. When a packet is sent from one system to another, it includes not only the
destination IP address ant port but the source IP address as well which is one of the forms of Spoofing.

Example of spoofing: e-mail spoofing, URL spoofing, IP address spoofing.

9. Enlist any four cyber crimes. Describe any one in detail.

1) Hacking
2) Cracking
3) Theft
4) Malicious software
5) Child soliciting and abuse
(i) Hacking:
Hacking is one of the most well-known types of computer crime. A hacker is someone who
find out and exploits the weaknesses of s computer systems or networks. Hacking refers to
unauthorized access of another‘s computer systems. These intrusions are often conducted
in order to launch malicious programs known as viruses, worms, and Trojan horses that can
shut down hacking an entire computer network. Hacking is also carried out as a way to talk
credit card numbers, intent passwords, and other personal information. By accessing
commercial database, hackers are able to steal these types of items from millions of
internet users all at once. There are different types of hackers: 1. White hat 2. Black hat 3.
Grey hat 4. Elite hacker 5. Script hacker
(ii) Cracking:
In the cyber world, a cracker is someone who breaks into a computer system or network
without authorization and with the intention of doing damage. Crackers are used to
describe a malicious hacker. Crackers get into all kinds of mischief like he may destroy files,
steal personal information like credit card numbers or client data, infect the system with a
virus, or undertake many others things that cause harm. Cracking can be done for profit,
maliciously, for some harm to organization or to individuals. Cracking activity is harmful,
costly and unethical.

AN Department Page 52
 NETWORK AND INFORMATION SECURITY IS 22620

10. Explain following attacks : i) Man In Middle Attack and ii) Denial Of Service Attack. Also suggest ways
to avoid them.
Ans.
(1) Man in the middle attack.
• A man in the middle attack occurs when attackers are able to place themselves in the
middle of two other hosts that are communicating in order to view or modify the
traffic. This is done by making sure that all communication going to or from the target
host is routed through the attacker‘s host.
• Then the attacker is able to observe all traffic before transmitting it and can actually
modify or block traffic. To the target host, communication is occurring normally, since
all expected replies are received.

To prevent this attack both sender and receiver must authenticate each other.

Denial Of Service Attack.

Denial of service (DOS) attack scan exploits a known vulnerability in a specific application or
operating system, or they may attack features (or weaknesses) in specific protocols or services.
In this form of attack, the attacker is attempting to deny authorized users access either to
specific information or to the computer system or network itself.

The purpose of such an attack can be simply to prevent access to the target system, or the
attack can be used in conjunction with other actions in order to gain unauthorized access to a
computer or network.

SYN flooding is an example of a DOS attack that takes advantage of the way TCP/IP networks
were designed to function, and it can be used to illustrate the basic principles of any DOS
attack.SYN flooding utilizes the TCP three-way handshake that is used to establish a connection
between two systems.

In a SYN flooding attack, the attacker sends fake communication requests to the targeted
system. Each of these requests will be answered by the target system, which then waits for the
third part of the handshake. Since the requests are fake the target will wait for responses that
will never come, as shown in Figure.

AN Department Page 53
 NETWORK AND INFORMATION SECURITY IS 22620

The target system will drop these connections after a specific time-out period, but if the
attacker sends requests faster than the time-out period eliminates them, the system will
quickly be filled with requests. The number of connections a system can support is finite, so
when more requests come in than can be processed, the system will soon be reserving all its
connections for fake requests. At this point, any further requests are simply dropped (ignored),
and legitimate users who want to connect to the target system will not be able to. Use of the
system has thus been denied to them.

Following are types of DOS:

1. POD (ping-of-death)

2. DDOS (Distributed Denial of Service attack)

These types of attacks are difficult to prevent because the behaviour of whole networks needs
to be analysed, not only the behaviour of small piece of code.

11. Give characteristics of good password. ii) What is meant by Dumpster diving ? How it is used for
attacking? Give the ways to avoid/prevent this.
Ans.
1. Password should be at least eight characters in length.
2. Password should have at least three of the following four elements:
i. One or more upper case letters (A-Z)
ii. One or more lower case letters (a-z)
iii. One or more numerical (0to9)
iv. One or more special character (!, @,#,$,&,:,.,;,?)
3. Password should not consist of dictionary words.
4. Password should not at all be the same as login name.
5. Password should not consist of user's first or last name, family members name, birth dates, pet
names, pin and mobile numbers.
Dumpster diving:
System attackers need certain amount of information before launching their attack. One common place
to find this information, if the attacker is in the vicinity of target is to go through the target ‘s thrash in
order to find little bits of information that could be useful. The process of going through target ‘s thrash
is known as “dumpster diving”.
The search is carried out in waste paper, electronic waste such as old HDD, floppy and CD media recycle
and trash bins on the systems etc.
If the attacker is lucky, the target has poor security process they may succeed in finding user ID‘s and
passwords. If the password is changed and old password is discarded, lucky dumpster driver may get
valuable clue.
To prevent dumpster divers from learning anything valuable from your trash, experts recommend that
your company should establish disposal policy.

12. Enlist different challenges to be faced while considering computer security.

Ans.
Enlist different challenges: It includes different types of threats & attacks.
Threats to security:
1. Viruses & worms
2. Intruders & Insiders
3. Criminal organizations

AN Department Page 54
 NETWORK AND INFORMATION SECURITY IS 22620

4. Terrorist & Information security

Different types of attacks:

1. Denial of service attack

2. Man – In – Middle attack
3. Backdoors & Trapdoors
4. Sniffing & Spoofing
5. Encryption attack
6. Replay attack
7. TCP/IP hacking attack
8. Hacking & Cracking
9. Pornography
10. Software piracy
11. Intellectual property
12. Legal system of information technology
13. Mail Bombs
14. Bug Exploits
15. Cyber-crime investigation

AN Department Page 55
 NETWORK AND INFORMATION SECURITY IS 22620

13. Describe the working of PEM e-mail security & PGP with reference to e-mail security.
Ans 1.
PEM supports the 3 main cryptographic functions of encryption, nonrepudiation and message integrity.
The steps involved in PEM operation as follows.

Step 1: canonical conversion: there is a distinct possibility that the sender and the receiver of an email
message use computers that have different architecture and operating systems.PEM transforms each
email message into an abstract, canonical representation. This means that regardless of the
architecture and the operating system of the sending and receiving computers, the email travels in a
uniform, independent format.

Step 2: Digital signature

-It starts by creating a MD of email message using an algorithm such as MD2 or MD5.

- The MD thus created is then encrypted with sender’s private key to form the sender’s digital
signature.

Step 3-encryption:

AN Department Page 56
 NETWORK AND INFORMATION SECURITY IS 22620

The original email and the digital signature are encrypted together with a symmetric key

Step 4: Base- 64 encoding-

This process transforms arbitrary binary input into printable character output. The binary input is
processed in blocks of 3 octets or 24 bits. These 24 bits are considered to be made up of 4 sets, each of
6 bits. Each such set of 6 bits is mapped into an 8-bit output character in this process.

Ans 2.

PGP is Pretty Good Privacy. It is a popular program used to encrypt and decrypt email over the internet.
It becomes a standard for e-mail security. It is used to send encrypted code (digital signature) that lets
the receiver verify the sender’s identity and takes care that the route of message should not change.
PGP can be used to encrypt files being stored so that they are in unreadable form and not readable by
users or intruders It is available in Low cost and Freeware version. It is most widely used privacy
ensuring program used by individuals as well as many corporations.

How PGP works

AN Department Page 57
 NETWORK AND INFORMATION SECURITY IS 22620

There are five steps as shown in fig.

1. Digital Signature

2. Compression

3. Encryption

4. Enveloping

5. Base-64 Encoding

1. Digital signature: it consists of the creation a message digest of the email message using SHA-1
algorithm. The resulting MD is then encrypted with the sender’s private key. The result is the sender’s
digital signature.

2. Compression: the input message as well as p digital signature are compressed together to reduce the
size of final message that will be transmitted. For this the Lempel-Ziv algorithm is used.

3. Encryption: The compressed output of step 2 (i.e. the compressed form of the original email and the
digital signature together) are encrypted with a symmetric key.

4. Digital enveloping: the symmetric key used for encryption in step 3 is now encrypted with the
receiver’s public key. The output of step 3 and 4 together form a digital envelope.

5. Base -64 encoding: this process transforms arbitrary binary input into printable character output.
The binary input is processed in blocks of 3 octets (24-bits).these 24 bits are considered to be made up
of 4 sets, each of 6 bits. Each such set of 6 bits is mapped into an 8-bit output character in this process.

14. Give IPSEC configuration. Describe AH & ESP Modes of IPSEC.

Ans.

AN Department Page 58
 NETWORK AND INFORMATION SECURITY IS 22620

IP sec overview:
• It encrypts and seal the transport and application layer data during transmission. It also offers
integrity protection for internet layer.
• It sits between transport and internet layer of conventional TCP/IP protocol.

1. Secure remote internet access:

Using IPsec make a local call to our internet services provider (ISP) so as to connect to our organization
network in a secure fashion from our house or hotel from there; To access the corporate network
facilities or access remote desktop/servers.

2. Secure branch office connectivity: Rather than subscribing to an expensive leased line for
connecting its branches across cities, an organization can setup an IPsec enabled network to securely
can ‘t al lits branches over internet.

3. Setup communication with other organization: Just as IPsec allow connectivity between various
branches of an organization; it can also be used to connect the network of different organization
together in a secure & inexpensive fashion.

Main advantages of IPsec:

• IPsec is transparent to end users.

• There is no need for an user training key, key issuance or revocation.
• When IPsec is configured to work with firewall it becomes the only entry-exit point for all
traffic, making it extra secure.
• IPsec works at network layer. Hence no changes are needed to upper layers or router, all
outgoing & incoming traffic gets protected.
• IPsec allow travelling staff to have secure access to the corporate network
• IPsec allows interconnectivity between branches/offices in a very in expensive manner.

AN Department Page 59
 NETWORK AND INFORMATION SECURITY IS 22620

AN Department Page 60