IS Sem

1. What is spoofing and sniffing?
(E)
What is Sniffing?
Sniffing is the technique of continuously monitoring and recording all data packets that transit via a network.
Network or system administrators employ sniffers to monitor and troubleshoot network traffic. Hackers use
sniffers to capture data packets containing sensitive data such as passwords and account information. Attackers
install sniffers as hardware or software in the system.
Types of Sniffing Attacks-Active Sniffing & Passive Sniffing
Using a spoof to represent a communication coming from a known and trusted source is Spoofing. It can be as
simple as email Spoofing, phone Spoofing, website Spoofing, or more technical such as a computer Spoofing an IP
address, ARP, or DNS server.
The purpose of a Spoofing attack is to gain access to sensitive data or information by posing as a trustworthy
source. Spamming can be done through websites, emails, phone calls, texts, IP addresses, and servers.
Different Types of Spoofing Attacks
Caller ID Spoofing
Email Spoofing
Website Spoofing
DNS Server Spoofing
GPS Spoofing
ARP Spoofing
Man-in-the-Middle (MitM) attack
Text Message Spoofing
2. What would be the cipher text of the message “How Are You” using vernam cipher use
one-time pad “NCBTZQARX”. (E)
3. Explain Classification of DoS attack. (M)
A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to
its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that
triggers a crash. In both instances, the DoS attack deprives legitimate users (i.e. employees, members, or account
holders) of the service or resource they expected.
Victims of DoS attacks often target web servers of high-profile organizations such as banking, commerce, and
media companies, or government and trade organizations. Though DoS attacks do not typically result in the theft
or loss of significant information or other assets, they can cost the victim a great deal of time and money to
handle.
There are two general methods of DoS attacks: flooding services or crashing services. Flood attacks occur when the
system receives too much traffic for the server to buffer, causing them to slow down and eventually stop. Popular
flood attacks include:
 Buffer overflow attacks – the most common DoS attack. The concept is to send more traffic to a network
address than the programmers have built the system to handle. It includes the attacks listed below, in
addition to others that are designed to exploit bugs specific to certain applications or networks
 ICMP flood – leverages misconfigured network devices by sending spoofed packets that ping every
computer on the targeted network, instead of just one specific machine. The network is then triggered to
amplify the traffic. This attack is also known as the smurf attack or ping of death.
 SYN flood – sends a request to connect to a server, but never completes the handshake. Continues until
all open ports are saturated with requests and none are available for legitimate users to connect to.
Other DoS attacks simply exploit vulnerabilities that cause the target system or service to crash. In these attacks,
input is sent that takes advantage of bugs in the target that subsequently crash or severely destabilize the system,
so that it can’t be accessed or used.
4. How SQL injection works? (M)
To make an SQL Injection attack, an attacker must first find vulnerable user inputs within the web page or web
application. A web page or web application that has an SQL Injection vulnerability uses such user input directly in
an SQL query. The attacker can create input content. Such content is often called a malicious payload and is the
key part of the attack. After the attacker sends this content, malicious SQL commands are executed in the
database.
SQL is a query language that was designed to manage data stored in relational databases. You can use it to access,
modify, and delete data. Many web applications and websites store all the data in SQL databases. In some cases,
you can also use SQL commands to run operating system commands. Therefore, a successful SQL Injection attack
can have very serious consequences.
 Attackers can use SQL Injections to find the credentials of other users in the database. They can then
impersonate these users. The impersonated user may be a database administrator with all database
privileges.
 SQL lets you select and output data from the database. An SQL Injection vulnerability could allow the
attacker to gain complete access to all data in a database server.
 SQL also lets you alter data in a database and add new data. For example, in a financial application, an
attacker could use SQL Injection to alter balances, void transactions, or transfer money to their account.
 You can use SQL to delete records from a database, even drop tables. Even if the administrator makes
database backups, deletion of data could affect application availability until the database is restored. Also,
backups may not cover the most recent data.
 In some database servers, you can access the operating system using the database server. This may be
intentional or accidental. In such case, an attacker could use an SQL Injection as the initial vector and then
attack the internal network behind a firewall.
5. Write the RSA algorithm? (H)
The RSA algorithm is an asymmetric cryptography algorithm; this means that it uses a public key and a private key
(i.e two different, mathematically linked keys). As their names suggest, a public key is shared publicly, while a
private key is secret and must not be shared with anyone.
The RSA algorithm is named after those who invented it in 1978: Ron Rivest, Adi Shamir, and Leonard Adleman.
RSA algorithm uses the following procedure to generate public and private keys:
 Select two large prime numbers, p and q.

 Multiply these numbers to find n = p x q, where n is called the modulus for encryption and decryption.
 Choose a number e less than n, such that n is relatively prime to (p - 1) x (q -1). It means that e and (p - 1)
x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n), e is prime to φ (n),
gcd (e,d(n)) =1
 If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using public key <e, n>. To
find ciphertext from the plain text following formula is used to get ciphertext C.
e
C = m mod n
Here, m must be less than n. A larger message (>n) is treated as a concatenation of messages, each of
which is encrypted separately.
 To determine the private key, we use the following formula to calculate the d such that:
De mod {(p - 1) x (q - 1)} = 1
Or
De mod φ (n) = 1
 The private key is <d, n>. A ciphertext message c is decrypted using private key <d, n>. To calculate plain
text m from the ciphertext c following formula is used to get plain text m.
d
m = c mod n
6. In RSA, given N=187 and the encryption key as 17. Find out the corresponding private key? (H)
Encryption/Decryption using RSA:
Use p = 17, q = 11, and n = p*q = 17 × 11 = 187.
φ(n) = (p - 1)(q - 1) = 16 × 10 = 160
PU = {7, 187} is the public key
PR = {23, 187} is the private key
7. What are the type of DoS attack and explain all type of DoS ?
8. Explain MITM attack with example
15 marks question……………
1. Explain Classification of DoS attack. What are the type of DoS attack and explain all
type of DoS? Differentiate between DoS and DDoS? 5+5+5 (M)
handle.
Other DoS attacks simply exploit vulnerabilities that cause the target system or service to crash. In these attacks,
input is sent that takes advantage of bugs in the target that subsequently crash or severely destabilize the system,
so that it can’t be accessed or used.
1. DOS Attack is a denial of service attack, in this attack a computer sends a massive amount of traffic to a victim’s
computer and shuts it down. Dos attack is an online attack that is used to make the website unavailable for its
users when done on a website. This attack makes the server of a website that is connected to the internet by
sending a large number of traffic to it.
2. DDOS Attack means distributed denial of service in this attack dos attacks are done from many different
locations using many systems.
Difference between DOS and DDOS attacks:
DOS DDOS
DOS Stands for Denial of service attack. DDOS Stands for Distributed Denial of service attack.
In Dos attack single system targets the victim system. In DDoS multiple systems attacks the victims system..
Victim PC is loaded from the packet of data sent from a Victim PC is loaded from the packet of data sent from
single location. Multiple location.
Dos attack is slower as compared to DDoS. DDoS attack is faster than Dos Attack.
It is difficult to block this attack as multiple devices are
Can be blocked easily as only one system is used.
sending packets and attacking from multiple locations.
In DOS Attack only single device is used with DOS In DDoS attack,The volumeBots are used to attack at the
Attack tools. same time.
DOS Attacks are Easy to trace. DDOS Attacks are Difficult to trace.
Volume of traffic in the Dos attack is less as compared DDoS attacks allow the attacker to send massive volumes
to DDos. of traffic to the victim network.
Types of DOS Attacks are: 1. Buffer overflow attacks 2. Types of DDOS Attacks are: 1. Volumetric Attacks 2.
Ping of Death or ICMP flood 3. Teardrop Attack 4. Fragmentation Attacks 3. Application Layer Attacks 4.
Flooding Attack Protocol Attack.
2. What is encryption cracking? Explain private and public key cryptography? What is
spoofing and sniffing? 5+5+5 (M)
Network encryption cracking is the breaching of network encryptions (e.g., WEP, WPA, ...), usually
through the use of a special encryption cracking software. It may be done through a range of attacks
(active and passive) including injecting traffic, decrypting traffic, and dictionary-based attacks.
As mentioned above, several types of attacks are possible. More precisely they are:
 Decrypting traffic based on tricking access points (active attack)

 Injecting traffic based on known plaintext (active attack)
 Gathering traffic and performing brute force/dictionary based attacks
 Decrypting traffic using statistical analysis (passive attack)
 The private key is used in both encryption as well as decryption. This key is shared between the sender
and receiver of the encrypted sensitive information. The private key is also called "symmetric" because it
is shared by both parties. Private key cryptography is faster than public-key cryptography mechanism.
A private key is generally a lengthy, non-guessable sequence of bits created randomly or pseudo-
randomly. The complexity and length of a private key define how easy it is for an attacker to carry out a
bruteforce attack, in which they test out several keys until they find the appropriate one.
Asymmetric cryptography, often known as public-key cryptography, is a type of encryption that employs pairs of
keys. A public key (which may be known to others) and a private key (which may not be known to anyone except
the owner) make up each pair. Cryptographic techniques based on mathematical problems known as one-way
functions are used to generate such key pairs.
A private key should be kept secret for effective security; a public key can be freely circulated without jeopardizing
security.
In such a system, anybody can encrypt a message using the intended receiver's public key, but only the receiver's
private key can decode the message. This allows a server application to produce a cryptographic key for
compatible symmetric-key cryptography, then encrypt that freshly generated symmetric key using a client's freely
disclosed public key.
A public-key encryption system's most apparent application is for encrypting communication to guarantee secrecy
– a message that a sender encrypts using the recipient's public key and can only be decoded by the recipient's
associated private key.
Spoofing is when an attacker creates TCP/IP using another person's IP address. A sniffer software is
placed between two interactive endpoints in packet Sniffing, where the attacker pretends to be one end
of the connection to the target and snoops on data sent between the two points
3. What is the purpose of Information security? Describe 3 objectives of Information

security? Describe different types of attack? 5+5+5 (E)
information security protects sensitive information from unauthorized activities, including inspection,
modification, recording, and any disruption or destruction. The goal is to ensure the safety and privacy
of critical data such as customer account details, financial data or intellectual property.
Security of computer networks and systems is almost always discussed within information security that
has three fundamental objectives, namely confidentiality, integrity, and availability.
Web-based attacks
1. Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the application and fetch
the required information.
Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS resolver's cache
causing the name server to return an incorrect IP address, diverting traffic to the attacker?s computer or any other
computer. The DNS spoofing attacks can go on for a long period of time without being detected and can cause
serious security issues.
3. Session Hijacking
It is a security attack on a user session over a protected network. Web applications create cookies to store the
state and user sessions. By stealing the cookies, an attacker can have access to all of the user data.
4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login credentials and credit card
number. It occurs when an attacker is masquerading as a trustworthy entity in electronic communication.
5. Brute force
It is a type of attack which uses a trial and error method. This attack generates a large number of guesses and
validates them to obtain actual data like user password and personal identification number. This attack may be
used by criminals to crack encrypted data, or by security, analysts to test an organization's network security.
6. Denial of Service
It is an attack which meant to make a server or network resource unavailable to the users. It accomplishes this by
flooding the target with traffic or sending it information that triggers a crash. It uses the single system and single
internet connection to attack a server
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is measured in bit per
second.
Protocol attacks- It consumes actual server resources, and is measured in a packet.
Application layer attacks- Its goal is to crash the web server and is measured in request per second.
7. Dictionary attacks
This type of attack stored the list of a commonly used password and validated them to get original password.
8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a web server to deliver
web pages for which he is not authorized to browse.
9. File Inclusion attacks
It is a type of attack that allows an attacker to access unauthorized or essential files which is available on the web
server or to execute malicious files on the web server by making use of the include functionality.
10. Man in the middle attacks
It is a type of attack that allows an attacker to intercepts the connection between client and server and acts as a
bridge between them. Due to this, an attacker will be able to read, insert and modify the data in the intercepted
connection.
System-based attacks
These are the attacks which are intended to compromise a computer or a computer network. Some of the
important system-based attacks are as follows-
1. Virus
It is a type of malicious software program that spread throughout the computer files without the knowledge of a
user. It is a self-replicating malicious computer program that replicates by inserting copies of itself into other
computer programs when executed. It can also execute instructions that cause harm to the system.
2. Worm
It is a type of malware whose primary function is to replicate itself to spread to uninfected computers. It works
same as the computer virus. Worms often originate from email attachments that appear to be from trusted
senders.
3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual activity, even when the
computer should be idle. It misleads the user of its true intent. It appears to be a normal application but when
opened/executed some malicious code will run in the background.
4. Backdoors
It is a method that bypasses the normal authentication process. A developer may create a backdoor so that an
application or operating system can be accessed for troubleshooting or other purposes.
5. Bots
A bot (short for "robot") is an automated process that interacts with other network services. Some bots program
run automatically, while others only execute commands when they receive specific input. Common examples of
bots program are the crawler, chatroom bots, and malicious bots.
4. What is active and passive attack? What is DoS Attack? Explain ARP Spoofing with
diagram? 4+5+6 (H)
In active attacks, the attacker intercepts the connection and efforts to modify the message's content. It is
dangerous for integrity and availability of the message. Active attacks involve Masquerade, Modification
of message, Repudiation, Replay, and Denial of service. The system resources can be changed due to
active attacks. So, the damage done with active attacks can be harmful to the system and its resources.
Passive attacks
In passive attacks, the attacker observes the messages, then copy and save them and can use it for malicious
purposes. The attacker does not try to change the information or content he/she gathered. Although passive
attacks do not harm the system, they can be a danger for the confidentiality of the message.
In the below image, we can see the process of passive attacks.

Unlike active attacks, in passive attacks, victims do not get informed about the attack. It is difficult to detect as
there is no alteration in the message. Passive attacks can be prevented by using some encryption techniques. We
can try the below-listed measures to prevent these attacks -
 We should avoid posting sensitive information or personal information online. Attackers can use this
information to hack your network.
 We should use the encryption method for the messages and make the messages unreadable for any
unintended intruder.
handle.
What is ARP Spoofing (ARP Poisoning)
An ARP spoofing, also known as ARP poisoning, is a Man in the Middle (MitM) attack that allows attackers to
intercept communication between network devices. The attack works as follows:
1. The attacker must have access to the network. They scan the network to determine the IP addresses of at
least two devices⁠—let’s say these are a workstation and a router.
2. The attacker uses a spoofing tool, such as Arpspoof or Driftnet, to send out forged ARP responses.
3. The forged responses advertise that the correct MAC address for both IP addresses, belonging to the
router and workstation, is the attacker’s MAC address. This fools both router and workstation to connect
to the attacker’s machine, instead of to each other.
4. The two devices update their ARP cache entries and from that point onwards, communicate with the
attacker instead of directly with each other.
5. The attacker is now secretly in the middle of all communications.
5. What is topology? Describe mesh and star topology? Describe optical fiber working mechanism with
diagram? 5+5+5 (E)
Network topology is the interconnected pattern of network elements. A network topology may be physical,
mapping hardware configuration, or logical, mapping the path that the data must take in order to travel around
the network.
Star Topology: In Star topology, the nodes are connected to the central hub or router in which the information is
travel from the central hub or router to all the nodes. There are n links in Star topology if there are n nodes. The
nodes are connected to each other completely via a dedicated link in which the information is travel from node to
node.
Prerequisite - Network Topologies

Mesh Topology: In Mesh topology, the nodes are connected to each other completely via a dedicated link in which
the information is travel from node to node and there are N(N-1)/2 links in Mesh topology if there are N nodes.
Difference between Star and Mesh Topology:
Star Topology Mesh Topology

In star topology, the nodes are connected to In mesh topology, the nodes are connected to each other
the central hub or router. completely via dedicated link.
There are N links in Star topology, if there are
There are N(N-1)/2 links in Mesh topology, if there are N nodes.
N nodes.
The cost of Star topology is less. The cost of Mesh topology is expensive.
The complexity of Star topology is quite
The complexity of Mesh topology is complex.
simple.
In star topology, the information is travel
In mesh topology, the information is travel from nodes to nodes.
from central hub or router to all the nodes.
Star topology is very good extensible. Mesh topology is poor extensible.
In star topology, twisted pair cable is used for In mesh topology, twisted pair cable, coaxial cable and optical fiber
connection. cable are used for connection on the basis of type of networks.
Star topology is used in LAN as setup is easy. Mesh topology is used in WAN.
It is less robust as compared to mesh
It is highly robust.
topology.
The breakdown of central hub leads to failure The breakdown of a node does not affect other nodes in a
of entire network. network.
It is easy to install and reconfigure. It is difficult to install and reconfigure because of extensive cabling.
A cable which is used to transmit the data through fibers (threads) or plastic (glass) is known as optical fiber cable.
This cable includes a pack of glass threads which transmits modulated messages over light waves. There are many
advantages by using these cables over other types of communication cables like bandwidth of these cables is high,
less vulnerable than metal cables to interference, less thin, lighter, and the data can be transmitted in the form of
digitally. The main disadvantages of these cables are installation is expensive, more delicate and difficult to fix
together.
These cables are essential for LANs. So, telecommunication companies are replacing the telephone lines by these
cables. One day, all communications will use fiber optics. The design considerations of these cables mainly include
appearance, ruggedness, durability, tensile strength, flammability, size, range of temperature, and its flexibility.
Working of Optical Fiber
The working principle of optical fiber is the transmission of the information in the form of light atoms otherwise
photons. The cores of the fiberglass & the cladding have a special refractive index to twist inward light at a
particular angle. Whenever light gestures are transmitted through the optical cable, then they do not reflect the
cladding & core within a sequence of zigzag bounces, sticking to a method is named as total internal reflection.
An optical fiber is a lengthy, thin thread of plain material. The shape of this cable is similar to a cylinder. The core
of this cable is located in the center, and the outside of the core is named as cladding. Here cladding works like a
protective layer. These two are made with different types of plastic otherwise glass. So the traveling of light in the
core can be very slow then transmits into the cladding.
Types of Optical Fiber
The classification of optical fiber can be done based on the materials used, refractive index, & mode of
propagation light.
The optical fiber cables are classified into two types based on the used materials which include the following.
 Plastic optical-fiber cables use polymethyl methacrylate can be used as a core material for light
transmission.
 Glass fibers include very excellent glass fibers.
 A step-index fiber includes a core which is enclosed by the cladding. It includes an only uniform index for
refraction.
 In graded-index fibers, once the refractive index of the cable reduces, then the radial distance will be
increased from the fiber axis.
The optical fiber cables are classified into two types based on the mode of propagation light which include the
following.
 Single-mode fibers are mainly used for transmitting signals for long distances.
 Multimode fibers are mainly used for transmitting signals for short distances.
6. What is malicious code? How malicious code effect system describe with example?
Type of cyber threats? 5+5+5 (H)
Malicious code is the term used to describe any code in any part of a software system or script that is intended to
cause undesired effects, security breaches or damage to a system. Malicious code is an application security threat
that cannot be efficiently controlled by conventional antivirus software alone. Malicious code describes a broad
category of system security terms that includes attack scripts, viruses, worms, Trojan horses, backdoors and
malicious active content.
Malicious code may also include time bombs, hardcoded cryptographic constants and credentials, deliberate
information and data leakage, rootkits and anti-debugging techniques. These targeted malicious code threats are
hidden in software and mask their presence to evade detection by traditional security technologies.
Malicious code examples include backdoor attacks, scripting attacks, worms, trojan horse and spyware. Each type
of malicious code attack can wreak havoc on a defenseless IT infrastructure very quickly or wait on servers for a
predetermined amount of time or a trigger to activate the attack. Industry studies have revealed that detection of
malicious code often takes weeks or months before the damage is noticed and threats are defeated.
Backdoor Attacks
With a backdoor attack, the offending code can take over an application to extract trade secrets from business
databases, steal employee information for identity theft, erase critical files, and spread from one server to
another. Seeds can be planted that go unnoticed for days or even months, gathering information and sending it
back to the attacker without detection.
Scripting Attacks
Script injection can modify application functionality to reroute applications to another server, use different
databases, retrieve additional unauthorized data, and modify web pages.
Trojan Horse and Spyware
Malicious code may go undetected on infected computers, simply monitoring applications and websites accessed.
Once critical information is stolen, such as bank accounts or passwords, the information is forwarded to the
perpetrator.
Worms
Worm attacks are designed to self-replicate across multiple computers or enterprise networks, often stealing or
even destroying files and critical data.
Examples of Malicious Code Attacks
Hackers are continuously working to compromise technical defenses against malicious code. Some of the better-
known examples of malicious attacks include:
 Trojan Horse – Emotet – appears as applications a user would benefit from

 Worms – Stuxnet – replicated through network computers
 Bots – Echobot – launched a flood of attacks
 Ransomware – RYUK – disables access to company assets until the ransom is paid
A cyber security threat refers to any possible malicious attack that seeks to unlawfully access data, disrupt digital
operations or damage information. Cyber threats can originate from various actors, including corporate spies,
hacktivists, terrorist groups, hostile nation-states, criminal organizations, lone hackers and disgruntled employees.
In recent years, numerous high-profile cyber attacks have resulted in sensitive data being exposed. For example,
the 2017 Equifax breach compromised the personal data of roughly 143 million consumers, including birth dates,
addresses and Social Security numbers. In 2018, Marriott International disclosed that hackers accessed its servers
and stole the data of roughly 500 million customers. In both instances, the cyber security threat was enabled by
the organization’s failure to implement, test and retest technical safeguards, such as encryption, authentication
and firewalls.
Cyber attackers can use an individual’s or a company’s sensitive data to steal information or gain access to their
financial accounts, among other potentially damaging actions, which is why cyber security professionals are
essential for keeping private data protected.
7 Types of Cyber Security Threats
Cyber security professionals should have an in-depth understanding of the following types of cyber security
threats.
1. Malware
Malware is malicious software such as spyware, ransomware, viruses and worms. Malware is activated when a
user clicks on a malicious link or attachment, which leads to installing dangerous software. Cisco reports that
malware, once activated, can:
 Block access to key network components (ransomware)

 Install additional harmful software
 Covertly obtain information by transmitting data from the hard drive (spyware)
 Disrupt individual parts, making the system inoperable
2. Emotet
The Cybersecurity and Infrastructure Security Agency (CISA) describes Emotet as “an advanced, modular banking
Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be
among the most costly and destructive malware.”
3. Denial of Service
A denial of service (DoS) is a type of cyber attack that floods a computer or network so it can’t respond to requests.
A distributed DoS (DDoS) does the same thing, but the attack originates from a computer network. Cyber attackers
often use a flood attack to disrupt the “handshake” process and carry out a DoS. Several other techniques may be
used, and some cyber attackers use the time that a network is disabled to launch other attacks. A botnet is a type
of DDoS in which millions of systems can be infected with malware and controlled by a hacker, according to Jeff
Melnick of Netwrix, an information technology security software company. Botnets, sometimes called zombie
systems, target and overwhelm a target’s processing capabilities. Botnets are in different geographic locations and
hard to trace.
4. Man in the Middle
A man-in-the-middle (MITM) attack occurs when hackers insert themselves into a two-party transaction. After
interrupting the traffic, they can filter and steal data, according to Cisco. MITM attacks often occur when a visitor
uses an unsecured public Wi-Fi network. Attackers insert themselves between the visitor and the network, and
then use malware to install software and use data maliciously.
5. Phishing
Phishing attacks use fake communication, such as an email, to trick the receiver into opening it and carrying out
the instructions inside, such as providing a credit card number. “The goal is to steal sensitive data like credit card
and login information or to install malware on the victim’s machine,” Cisco reports.
6. SQL Injection
A Structured Query Language (SQL) injection is a type of cyber attack that results from inserting malicious code
into a server that uses SQL. When infected, the server releases information. Submitting the malicious code can be
as simple as entering it into a vulnerable website search box.
7. Password Attacks
With the right password, a cyber attacker has access to a wealth of information. Social engineering is a type of
password attack that Data Insider defines as “a strategy cyber attackers use that relies heavily on human
interaction and often involves tricking people into breaking standard security practices.” Other types of password
attacks include accessing a password database or outright guessing.
==============================================================
Module 3
5 marks question……….
1.Explain how NAT works with example?

2.How is circuit gateway different from application gateway?
3.Describe different types pf attacks on packet filtering firewall?
4.Describe the action of packet of firewall with diagram?
5.What is firewall and what are different type of firewall state its limitations?
15 marks question……
1.What is cloud technology? What are the different type of cloud technology explaining with
example? How does could technology works? What are the advantages of cloud technology?
1+5+5+4
2.What are different types of computing platform?
3. Short note: DMZ. (E)
In computer networks, a DMZ (demilitarized zone) is a physical or logical sub-network that separates an internal
local area network (LAN) from other untrusted networks, usually the Internet. External-facing servers, resources
and services are located in the DMZ so they are accessible from the Internet but the rest of the internal LAN
remains unreachable. This provides an additional layer of security to the LAN as it restricts the ability of hackers to
directly access internal servers and data via the Internet.
Any service that is being provided to users on the Internet should be placed in the DMZ. The most common of
these services are: Web, Mail, DNS, FTP, and VoIP. The systems running these services in the DMZ are reachable by
hackers and cybercriminals around the world and need to be hardened to withstand constant attack.
There are various ways to design a network with a DMZ. The two most common methods are with a single or dual
firewalls.
A more secure approach is to use two firewalls to create a DMZ. The first firewall also called the perimeter firewall
is configured to allow traffic destined to the DMZ only. The second or internal firewall only allows traffic from the
DMZ to the internal network. This is considered more secure since two devices would need to be compromised
before an attacker could access the internal LAN.
Describe different types of attacks on packet filtering firewall?
5 Firewall Threats and Vulnerabilities to Look Out For
 1) Insider Attacks. A perimeter firewall is meant to keep away attacks that originate from outside of your
network. ...
 2) Missed Security Patches. ...
 3) Configuration Mistakes. ...
 4) A Lack of Deep Packet Inspection. ...
 5) DDoS Attacks.
How is circuit gateway different from application gateway?
Application Gateway
• Host which is running proxy service is known as Application Gateway. This is needed as packet filtering routers do
not allow TELNET and FTP connections. Both packet filtering routers and application gateway are used together to
provide high levele of security as well as flexibility.
• A user which needs to connect with in-bound site need to first connect with application gateway and later to
destination host.
• There are many benefits of using application gateway such as information hiding, robust authentication &
logging, cost effectiveness and less complex filtering rules etc.
• The disadvantages of application gateway is TELNET connectivity requires two steps to connect either inbound or
outbound. Moreover here user need to connect with firewall rather than connecting with host directly.
• Examples: TELNET, FTP, E-mail
Circuit level Gateway
• It relays TCP connections .

• No processing or filtering of protocol is done by circuit level gateway.
• Example#1: NNTP server and NNTP client, here both connects with the firewall and later they can communicate
directly bypassing the firewall. This means firewall simply passes bytes between the end systems.
• Example#2: Once the connection is established using application gateway, firewall simply passes bytes between
the hosts. This is another example of circuit level gateway.
. Describe the action of packet of firewall with diagram?
A packet filtering firewall is a network security feature that controls the flow of incoming and outgoing network
data. The firewall examines each packet, which comprises user data and control information, and tests them
according to a set of pre-established rules. If the packet completes the test successfully, the firewall allows it to
pass through to its destination. It rejects those that don't pass the test. Firewalls test packets by examining sets of
rules, protocols, ports and destination addresses.
In system networking, packets are formatted units of data carried on packet-switched networks. These networks
can be fault tolerant because they disassemble messages into small pieces, or packets, and send them separately
across the network. When packages pass the firewall and arrive at their destination, they're reordered to display
their information correctly. Done correctly, packet switching optimizes networks' channel capacity, minimizes
transmission latency and increases the effectiveness of communications. Packets contain two important
components:
 Headers: Packet headers direct the data to its desired destination. They contain portions of internet
protocol (IP), addressing and any other data required to get the packets where they're meant to go.
 Payloads: The payload is the user data within the packet. This is the information that's trying to get to its
destination.
4 types of packet filtering
There are four primary types of packet filtering:
1. Static packet filtering firewall
A static packet filtering firewall requires you to establish firewall rules manually. Similarly, internal and external
network connections remain either open or closed unless otherwise adjusted by an administrator. These firewall
types allow users to define rules and manage ports, access control lists (ACLs) and IP addresses. They're often
simple and practical, making them an apt choice for smaller applications or users without a lot of criteria.
2. Dynamic packet filtering firewall
Dynamic firewalls allow users to adjust rules dynamically to reflect certain conditions. You can set ports to remain
open for specified periods of time and to close automatically outside those established time frames. Dynamic
packet filtering firewalls offer more flexibility than static firewalls because you can set adjustable parameters and
automate certain processes.
3. Stateless packet filtering firewall
Stateless packet filtering firewalls are perhaps the oldest and most established firewall option. While they're less
common today, they do still provide functionality for residential internet users or service providers who distribute
low-power customer-premises equipment (CPE). They protect users against malware, non-application-specific
traffic and harmful applications. If users host servers for multi-player video games, email or live-streamed videos,
for example, they often must manually configure firewalls if they plan to deviate from default security policies.
Manual configurations allow different ports and applications through the packet filter.
4. Stateful packet filtering firewall
Unlike stateless packet filtering options, stateful firewalls use modern extensions to track active connections, like
transmission control protocol (TCP) and user datagram protocol (UDP) streams. By recognizing incoming traffic and
data packets' context, stateful firewalls can better identify the difference between legitimate and malicious traffic
or packages. Typically, new connections must introduce themselves to the firewall before they gain access to the
approved list of allowed connections.
Benefits of packet filtering firewalls
There are many benefits to using packet filtering firewalls including:
Efficiency
One of the primary advantages of packet filtering firewalls is their efficiency. Routers typically operate at high
speeds, accepting and rejecting packets quickly based on their destinations, source ports and addresses. Inbound
and outbound packets are often only held for a few milliseconds while the filter determines its destination and
legitimacy. Most other firewall techniques have performance overheads that exceed those of packet filtering
firewalls.
Transparency
Another benefit is transparency. While users are aware of firewalls when they reject a packet, packet filters
typically operate quickly and discreetly without interfering with user functionality. Some other techniques require
users to configure firewalls for specific clients or servers manually. In this way, packet filtering firewalls are user-
friendly and easy to incorporate.
Affordability
Many routers offer built-in packet filtering, making them inexpensive. By providing built-in functionality, software
routing products and other widely used hardware offer cheap and affordable security options. Many websites use
packet filtering techniques in their routers too. Packet filtering firewalls' ubiquitous use makes them one of the
most affordable security options.
Accessibility
Besides its affordability, the ease of its use makes packet filtering an appealing option. With this security
technique, you can protect an entire network with a single screening router. Users don't need extensive
knowledge, training or support to operate firewalls because they won't be aware of packet transmission unless
there's a rejection.
What is firewall and what are different types of firewall state its limitations?
Network Firewalls are the devices that are used to prevent private networks from unauthorized access. A Firewall
is a security solution for the computers or devices that are connected to a network, they can be either in form of
hardware as well as in form of software. It monitors and controls the incoming and outgoing traffic (the amount of
data moving across a computer network at any given time ).
The major purpose of the network firewall is to protect an inner network by separating it from the outer network.
Inner Network can be simply called a network created inside an organization and a network that is not in the range
of inner network can be considered as Outer Network.
Types of Network Firewall :
1. Packet Filters –
It is a technique used to control network access by monitoring outgoing and incoming packets and
allowing them to pass or halt based on the source and destination Internet Protocol (IP) addresses,
protocols, and ports. This firewall is also known as a static firewall.
2. Stateful Inspection Firewalls –

It is also a type of packet filtering which is used to control how data packets move through a firewall. It is
also called dynamic packet filtering. These firewalls can inspect that if the packet belongs to a particular
session or not. It only permits communication if and only if, the session is perfectly established between
two endpoints else it will block the communication.
3. Application Layer Firewalls –

These firewalls can examine application layer (of OSI model) information like an HTTP request. If finds
some suspicious application that can be responsible for harming our network or that is not safe for our
network then it gets blocked right away.
4. Next-generation Firewalls –
These firewalls are called intelligent firewalls. These firewalls can perform all the tasks that are performed
by the other types of firewalls that we learned previously but on top of that, it includes additional
features like application awareness and control, integrated intrusion prevention, and cloud-delivered
threat intelligence.
5. Circuit-level gateways –
A circuit-level gateway is a firewall that provides User Datagram Protocol (UDP) and Transmission Control
Protocol (TCP) connection security and works between an Open Systems Interconnection (OSI) network
model’s transport and application layers such as the session layer.
6. Software Firewall –
The software firewall is a type of computer software that runs on our computers. It protects our system
from any external attacks such as unauthorized access, malicious attacks, etc. by notifying us about the
danger that can occur if we open a particular mail or if we try to open a website that is not secure.
7. Hardware Firewall –
A hardware firewall is a physical appliance that is deployed to enforce a network boundary. All network
links crossing this boundary pass-through this firewall, which enables it to perform an inspection of both
inbound and outbound network traffic and enforce access controls and other security policies.
8. Cloud Firewall –
These are software-based, cloud-deployed network devices. This cloud-based firewall protects a private
network from any unwanted access. Unlike traditional firewalls, a cloud firewall filters data at the cloud
level.
Working of Firewalls :
Firewalls can control and monitor the amount of incoming or outgoing traffic of our network. The data that comes
to our network is in the forms of packets(a small unit of data), it is tough to identify whether the packet is safe for
our network or not, this gives a great chance to the hackers and intruders to bombard our networks with various
viruses, malware, spam, etc.
What is circuit level gateway? State advantages of circuit level gateway over application gateway?
A circuit-level gateway firewall helps in providing the security between UDP and TCP using the connection. It also
acts as a handshaking device between trusted clients or servers to untrusted hosts and vice versa.
Generally, these circuit-level gateways work at the session layer of the OSI model. To determine whether the
session request is confirmed or not by the circuit-level gateway is with the help of handshaking between packets.
The information that passes to a remote computer with the help of a circuit-level gateway appears as it is initiated
from the gateway. This is everything because of information hiding in protected networks. Circuit Level gateways
are not expensive.
For defining a valid session in Circuit Level Gateway the component used are:-
1. The Destination addresses, Source addresses, and Ports.

2. The time of delay.
3. The protocol is being utilized.
4. The user and the password.
Working
This circuit-level gateway setup can be done with the help of two TCP connections, establishing the connection
between the gateway and inner host TCP and outer host of TCP users.
After the connection establishment of the inner and outer host, the Gateway transmits the TCP segments from one
to another without bothering about the contents.
The circuit-level gateway maintains a table that helps in validating the connections and checks which network
packets contain data to pass, whenever a network packet information matches an entry in the virtual circuit table.
When the firewall terminates the connection, it tries to remove that entry in the table and the virtual-circuit
connection between two nodes is closed.
In the Circuit Level Gateway, once a session is permitted no further checks at the level of individual packets are
executed.
Features
1. It consists of security functions that determine which connections have to be allowed.

2. It works at the session layer of the OSI model or in between the application and transport layer of TCP/IP.
3. It hides the information about the private network they protect.
4. It is a stand-alone system.
5. An example of Circuit level gateway is SOCKS packages
Explain how NAT works with example. Explain VPN architecture.
Network Address Translation (NAT) is a process in which one or more local IP address is translated into one or
more Global IP address and vice versa in order to provide Internet access to the local hosts. Also, it does the
translation of port numbers i.e. masks the port number of the host with another port number, in the packet that
will be routed to the destination. It then makes the corresponding entries of IP address and port number in the
NAT table. NAT generally operates on a router or firewall.
Network Address Translation (NAT) working –

Generally, the border router is configured for NAT i.e the router which has one interface in the local (inside)
network and one interface in the global (outside) network. When a packet traverse outside the local (inside)
network, then NAT converts that local (private) IP address to a global (public) IP address. When a packet enters the
local network, the global (public) IP address is converted to a local (private) IP address.
If NAT runs out of addresses, i.e., no address is left in the pool configured then the packets will be dropped and an
Internet Control Message Protocol (ICMP) host unreachable packet to the destination is sent.
PN stands for Virtual Private Network. It allows you to connect your computer to a private network, creating an
encrypted connection that masks your IP address to securely share data and surf the web, protecting your identity
online.
A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network. The
encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from
eavesdropping on the traffic and allows the user to conduct work remotely. VPN technology is widely used in
corporate environments.
A VPN connection is shown in the figure below −
In this figure, Routers R1 and R2 use VPN technology to guarantee privacy for the organization.
VPN connections are used in two important ways −
 To establish WAN connections using VPN technology between two distant networks that may be
thousands of miles apart, but where each has some way of accessing the internet.
 To establish remote access connections that enable remote users to access a private network through a
public network like the internet.
Types of VPNs
The types of VPNs are as follows −
Router VPN
The first type uses a router with added VPN capabilities. A VPN router cannot only handle normal routine duties,
but it can also be configured to form VPNs over the internet to other similar routers located in remote networks.
Firewall VPN
The second type of VPN is one built into a firewall device. Firewall VPN can be used both to support remote users
and also to provide VPN links.
What are different types of computing platforms? What is the difference between cloud
computing and grid computing? What is the difference between hardware and software
firewall?
7 Types of Computing Platform
 Hardware Platform. A line of hardware that are compatible with each other. ...
 Operating Systems. Operating systems provide a platform for developing and managing software with
support for a variety of hardware.
 Client/Server. ...
 Mobile Platform. ...
 Cloud Platform. ...
 Platform as a Service. ...
 Third Platform.
Key Cloud Computing Grid Computing

Cloud Computing follows a client-server computing Grid Computing follows a distributed computing
Architecture
architecture. architecture.
In Cloud Computing, resources are centrally In Grid Computing, resources are managed on a
Resource
managed. collaboration pattern.
Cloud Computing is more flexible than Grid
Flexibility Grid Computing is less flexible.
Computing.
Users pay for using the cloud computing resources.
Grid computing needs to be set up first. Users
Payment They need not to set up anything. They use the
need not pay anything once the set-up is done.
platform as a service.
Grid Computing is low on accessibility as
Cloud Computing is a highly accessible service. It
Accessibility compared to cloud computing. It can be accessed
can be accessed using conventional web protocols.
using grid middleware.
When compared to grid computing, it is extremely Grid computing, on the other hand, is not as
Scalability
scalable. scalable as cloud computing.
Difference between Hardware and Software firewall:

S.
Parameters Software Firewall Hardware Firewall
No.
Hardware Firewall do not operate on

1. Operates on A software Firewall operates on the system.
the system.
Configuration of hardware firewall is

2. Configuration Configuration of a software firewall is easy.
not easy.
S.
Parameters Software Firewall Hardware Firewall
No.
It is required to install the device between the

computer and the Internet so that it will not be easily It is installed on individual devices like
accessible. The installation requires a connection of computes and phones which results in
network cable with the firewall rather than directly blocking users or devices from
3. Working connecting to the router. Hence, a barrier is formed for accessing the individual components
blocking the incoming and outgoing data packets of the network. It basically inspects
between the network and the Internet. It protects the packets and then blocks the
against viruses, malware, spyware, email spam, and unauthorized access.
other similar attacks from outside.
It is more expensive than a software

It is less expensive to install though the cost may firewall as an initial investment is
4. Cost
increase in case of variation in computers. required based on the protection
level.
It is flexible i.e., you can choose which application has

5. Flexibility It is not flexible like software firewall.
to be installed.
6. Installation It is installed inside the individual system. It is installed outside the system.
It protects one system at a time and is not enabled for

7. Protects It protects a whole network at a time.
smart TVs, gaming consoles, and other devices.
It doesn’t affect the performance of

8. Performance It makes the performance of computers slows down.
the computer.
It is needed to be installed on every individual system It needs only one hardware to be

9. Requirement
on a network. installed for a whole network.
In software firewall, content based on keywords can be A domain or website can be blocked
10. Blocking
blocked. using hardware firewall.
What is cloud technology? What are the different types of cloud technology explaining with
example?
How does cloud technology work? What are the advantages of cloud technology?
Cloud computing technology gives users access to storage, files, software, and servers through their internet-
connected devices: computers, smartphones, tablets, and wearables. Cloud computing providers store and
process data in a location that's separate from end users.
There are four main types of cloud computing: private clouds, public clouds, hybrid clouds, and multiclouds.
There are also three main types of cloud computing services: Infrastructure-as-a-Service (IaaS), Platforms-as-a-
Service (PaaS), and Software-as-a-Service (SaaS)
How does cloud computing work?
Cloud computing is the delivery of computing resources, such as IT infrastructure or data center over the internet.
This model allows businesses to rent storage space or access software programs from a cloud service provider,
instead of building and maintaining their own IT infrastructure or data center. One major benefit of using cloud
computing services is that companies pay only for the resources they use.
To better understand its technical aspects, cloud computing processes can be divided into frontend and backend.
The frontend component allows users to access data and programs stored in the cloud through an internet
browser or by using a cloud computing application. The backend consists of servers, computers and databases that
store the data.
What are the benefits of cloud computing?
Cloud computing enables businesses to operate from virtually anywhere and with more efficiency. Some benefits
of cloud computing includes:
 Cost savings: One of the greatest benefits of cloud computing is reduced costs. Since businesses do not
need to build their own IT infrastructure or purchase hardware or equipment, it helps companies reduce
capital expenses significantly.
 Flexibility/scalability: Cloud computing offers greater flexibility to businesses of all sizes. Whether they
require extra bandwidth, computing power or storage space, they can seamlessly scale up or down
computing resources depending on their needs and budget.
 Security: Data security is a major concern for businesses today. Cloud vendors provide advanced security
features like authentication, access management, data encryption, etc., to ensure sensitive data in the
cloud is securely handled and stored.
 Mobility: Cloud computing allows users to access corporate data from any device, anywhere and at any
time, using the internet. With information conveniently available, employees can remain productive even
on the go.
 Increased collaboration: Cloud applications allow businesses to seamlessly communicate and securely
access and share information, making collaboration simple and hassle-free. Cloud computing empowers
multiple users to edit documents or work on files simultaneously and in a transparent manner.
 Disaster recovery: Data loss and downtime can cause irreparable damage to businesses of any size. Major
cloud vendors are well-equipped to withstand unforeseen disruptive events, such as hardware/software
failure, natural disasters and power outages, to ensure high application availability and business
continuity.
 Automatic updates: Performing manual organization-wide software updates can take up a lot of valuable
IT staff time. However, with cloud computing, service providers regularly refresh and update systems with
the latest technology to provide businesses with up-to-date software versions, latest servers and
upgraded processing power.
========================================================
How to select good password?
 It starts with a passphrase, “I want ice cream! for dinner in Kentucky?”

 Uses a rule to keep the first 2 letters of every word and capitalize every second letter.
 Long at 14 characters.
 Uses special characters: “!” and “?”
 Includes uppercase and lowercase letters.
How would an HTTP program handle state?
HTTP clients and servers handle state for instance via the cookies HTTP header, but HTTP protocol itself is stateless
(even though it is on top of TCP/IP, a stateful connection-oriented protocol). The HTTP state management
mechanism specifies a way to create a stateful session with HTTP requests and responses.
Generally, HTTP request/response pairs are independent of each other. However, the state management
mechanism enables clients and servers that can exchange state information to put these pairs in a larger context,
which is called a session. The state information used to create and maintain the session is called a cookie.
A cookie is a piece of data that can be stored in a browser's cache. If you visit a web site and then revisit it, the
cookie data can be used to identify you as a return visitor. Cookies enable state information, such as an online
shopping cart, to be remembered. A cookie can be short term, holding data for a single web session, that is, until
you close the browser, or a cookie can be longer term, holding data for a week or a year.
What are the types of XSS?
There are three main types of XSS attacks. These are:
 Reflected XSS, where the malicious script comes from the current HTTP request.
 Stored XSS, where the malicious script comes from the website's database.
 DOM-based XSS, where the vulnerability exists in client-side code rather than server-side code.
What is the general desktop security guideline?

Desktop security is not just a matter of protecting your own machine and the data on it. When a machine is
compromised, one of the most common outcomes is that it is used to launch attempts to break in to, or disrupt
service on, other systems located at Penn or anywhere on the Internet.
The following general guidelines are relevant for all users, no matter what operating system is being used:
 Maintain up to date and properly configured anti-virus software. Windows machines which are on
campus should generally use Symantec in Managed Mode. For others, see ISC's Virus Information. Be sure
that real-time protection scans all files.
 Don't open any e-mail attachments unless you know the sender AND know that it was intentionally sent
to you.
 Use complex passwords. Never write down your passwords or share them with anyone else. SASC staff
will never request your password.
 If you share any files from your machine (not recommended in most cases), be certain that access is
protected with a complex password.
 Keep back up copies of any important documents. Contact your LSP for information about data backup
systems.
 Periodically check web site of the OS vendor (e.g. Microsoft or Apple) for critical security updates that
may need to be applied.
 Penn insurance regulations for Property Insurance and Claims require that computing equipment be
properly secured if it is to be covered for property loss.
 More Policy Information can be found here
 And here
What is email security?
Email security includes the techniques and technologies used to protect email accounts and communications.
Email, which is an organization’s largest attack surface, is the primary target of phishing attacks and can be used to
spread malware.
Email is a critical component of organizational communication because it enables users to communicate quickly,
easily, and with a variety of devices. Further, email can be used to send a number of different types of media, and
communications can be tracked, stored, and organized according to attributes such as time and date stamps and
size.
Email security is important because email contains sensitive information, is used by everyone in the organization,
and is therefore one of a company’s largest targets for attacks. The shift to cloud-based email like Gmail and others
comes with several benefits, but cloud-based email has become a tempting attack surface for cyber criminals.
Email is a top threat vector because it is a ubiquitous tool that everyone in an organization uses. It is in an open
format that can be read on any device without decryption once it is intercepted.
An email does not go straight to the recipient. Rather, it travels between networks and servers, some vulnerable
and unsecured, before landing in an inbox. Even though an individual’s computer may be secure from an attacker,
the network or server the email has to travel through may have been compromised.
Also, cyber criminals can easily impersonate a sender or manipulate email content in the form of body copy,
attachments, Uniform Resource Locators (URLs), or a sender’s email address. This is fairly straightforward for a
hacker attacking an unsecured system because each email has fields that contain metadata detailing information
about the email, who it came from, where it is headed, etc. A hacker only needs to access this metadata and
change it, and it will look like the email came from someone or someplace it did not.
What is database security?
Security of databases refers to the array of controls, tools, and procedures designed to ensure and safeguard
confidentiality, integrity, and accessibility. This tutorial will concentrate on confidentiality because it's a
component that is most at risk in data security breaches.
Security for databases must cover and safeguard the following aspects:
 The database containing data.

 Database management systems (DBMS)
 Any applications that are associated with it.
 Physical database servers or the database server virtual, and the hardware that runs it.
 The infrastructure for computing or network that is used to connect to the database.
Security of databases is a complicated and challenging task that requires all aspects of security practices and
technologies. This is inherently at odds with the accessibility of databases. The more usable and accessible the
database is, the more susceptible we are to threats from security. The more vulnerable it is to attacks and threats,
the more difficult it is to access and utilize.
Why is it important
By definition, a data breach is a failure to maintain the confidentiality of data in a database. How much harm a
data breach inflicts on your enterprise depends on a number of consequences or factors:
Compromised intellectual property: Your intellectual property—trade secrets, inventions, proprietary practices—
may be critical to your ability to maintain a competitive advantage in your market. If that intellectual property is
stolen or exposed, your competitive advantage may be difficult or impossible to maintain or recover.
Damage to brand reputation: Customers or partners may be unwilling to buy your products or services (or do
business with your company) if they don’t feel they can trust you to protect your data or theirs.
Business continuity (or lack thereof): Some business cannot continue to operate until a breach is resolved.
Fines or penalties for non-compliance: The financial impact for failing to comply with global regulations such as the
Sarbannes-Oxley Act (SAO) or Payment Card Industry Data Security Standard (PCI DSS), industry-specific data
privacy regulations such as HIPAA, or regional data privacy regulations, such as Europe’s General Data Protection
Regulation (GDPR) can be devastating, with fines in the worst cases exceeding several million dollars per violation.
Costs of repairing breaches and notifying customers: In addition to the cost of communicating a breach to
customer, a breached organization must pay for forensic and investigative activities, crisis management, triage,
repair of the affected systems, and more.
Virtualization:
Virtualization is a technique, which allows to share a single physical instance of a resource or an

application among multiple customers and organizations. It does by assigning a logical name to a
physical storage and providing a pointer to that physical resource when demanded.
Virtualization is the "creation of a virtual (rather than actual) version of something, such as a server, a
desktop, a storage device, an operating system or network resources".
Creation of a virtual machine over existing operating system and hardware is known as Hardware
Virtualization. A Virtual machine provides an environment that is logically separated from the
underlying hardware. The machine on which the virtual machine is going to create is known as Host
Machine and that virtual machine is referred as a Guest Machine.
A hypervisor is specialized firmware or software, or both, installed on a single hardware that will allow
you to host multiple virtual machines. This allows physical hardware to be shared across multiple virtual
machines. The computer on which the hypervisor runs one or more virtual machines is called the host
machine. Virtual machines are called guest machines. The hypervisor allows the physical host machine
to run various guest machines. It helps to get maximum benefit from computing resources such as
memory, network bandwidth and CPU cycles.
Types of Virtualization:
1. Hardware Virtualization.
2. Operating system Virtualization.
3. Server Virtualization.
4. Storage Virtualization.
1) Hardware Virtualization:
When the virtual machine software or virtual machine manager (VMM) is directly installed on the
hardware system is known as hardware virtualization.
The main job of hypervisor is to control and monitoring the processor, memory and other hardware
resources. After virtualization of hardware system we can install different operating system on it and
run different applications on those OS.
Usage: Hardware virtualization is mainly done for the server platforms, because controlling virtual
machines is much easier than controlling a physical server.
2) Operating System Virtualization:
When the virtual machine software or virtual machine manager (VMM) is installed on the Host
operating system instead of directly on the hardware system is known as operating system
virtualization.
Usage: Operating System Virtualization is mainly used for testing the applications on different platforms
of OS.
3) Server Virtualization:
When the virtual machine software or virtual machine manager (VMM) is directly installed on the Server
system is known as server virtualization.
Usage: Server virtualization is done because a single physical server can be divided into multiple servers
on the demand basis and for balancing the load.
4) Storage Virtualization:
Storage virtualization is the process of grouping the physical storage from multiple network storage
devices so that it looks like a single storage device. Storage virtualization is also implemented by using
software applications.
Usage: Storage virtualization is mainly done for back-up and recovery purposes.
How does virtualization work in cloud computing?
Virtualization plays a very important role in the cloud computing technology, normally in the cloud
computing, users share the data present in the clouds like application etc., but actually with the help of
virtualization users shares the Infrastructure.
The main usage of Virtualization Technology is to provide the applications with the standard versions to
their cloud users, suppose if the next version of that application is released, then cloud provider has to
provide the latest version to their cloud users and practically it is possible because it is more expensive.
To overcome this problem we use basically virtualization technology, By using virtualization, all severs
and the software application which are required by other cloud providers are maintained by the third
party people, and the cloud providers has to pay the money on monthly or annual.
What is grid computing? Explain the key points of grid computing. Explain different types of
grid computing with example. (M) 2+7+6
What Is Grid Computing?
Grid computing is a distributed architecture of multiple computers connected by networks to accomplish a joint
task. These tasks are compute-intensive and difficult for a single machine to handle. Several machines on a
network collaborate under a common protocol and work as a single virtual supercomputer to get complex tasks
done. This offers powerful virtualization by creating a single system image that grants users and applications
seamless access to IT capabilities.
A typical grid computing network consists of three machine types:
Control node/server: A control node is a server or a group of servers that administers the entire network and
maintains the record for resources in a network pool.
Provider/grid node: A provider or grid node is a computer that contributes its resources to the network resource
pool.
User: A user refers to the computer that uses the resources on the network to complete the task.
Grid computing operates by running specialized software on every computer involved in the grid network. The
software coordinates and manages all the tasks of the grid. Fundamentally, the software segregates the main task
into subtasks and assigns the subtasks to each computer. This allows all the computers to work simultaneously on
their respective subtasks. Upon completion of the subtasks, the outputs of all computers are aggregated to
complete the larger main task.
The software allows computers to communicate and share information on the portion of the subtasks being
carried out. As a result, the computers can consolidate and deliver a combined output for the assigned main task.
Grid computing can be viewed as a subset of distributed computing, where a virtual supercomputer integrates the
resources of several independent computers that are distributed across geographies. Computers participating in a
grid contribute resources such as processing power, network bandwidth, and storage capacity to perform
operations requiring high computational power. The overall grid architecture looks like a single computing entity.
In grid computing, each computing task is broken into small fragments and distributed across computing nodes for
efficient execution. Each fragment is processed in parallel, and, as a result, a complex task is accomplished in less
time. Let’s consider this equation:
X = (4 x 7) + (3 x 9) + (2 x 5)
Typically, on a desktop computer, the steps needed here to calculate the value of X may look like this:
Step 1: X = 28 + (3 x 9) + (2 x 5)
Step 2: X = 28 + 27 + (2 x 5)
Step 3: X = 28 + 27 + 10
Step 4: X = 65
However, in a grid computing setup, the steps are different as three processors or computers calculate different
pieces of the equation separately and combine them later. The steps look like this:
Step 1: X = 28 + 27 + 10
Step 2: X = 65
As seen above, grid computing combines the involved steps due to the multiplicity of available resources. This
implies fewer steps and shorter timeframes.
Grid computing is enabled via an open set of standards and protocols such as open grid services architecture
(OGSA) that allow communication across heterogeneous systems and environments that are geographically
dispersed. With grid computing, organizations can pool resources and computing for high-weighted tasks or share
them across networks to allow collaboration. Enterprises can thus optimize computing and resources perfectly
irrespective of their locations.
Key Components of Grid Computing

A grid computing environment consists of a set of primary grid components. As grid designs and their expected
usage vary, specific components may or may not always be a part of the grid network. These components can be
combined to form a hybrid component in specific scenarios. Although the combination of elements may differ
depending on use cases, understanding their roles can help you while developing grid-enabled applications.
1. User interface
Today, users are well-versed with web portals. They provide a single interface that allows users to view a wide
variety of information. Similarly, a grid portal offers an interface that enables users to launch applications with
resources provided by the grid.
The interface has a portal style to help users query and execute various functions on the grid effectively. A grid
user views a single, large virtual computer offering computing resources, similar to an internet user who views a
unified instance of content on the web.
2. Security
Security is one of the major concerns for grid computing environments. Security mechanisms can include
authentication, authorization, data encryption, and others. Grid security infrastructure (GSI) is an important
ingredient here. It outlines specifications that establish secret and tamper-proof communication between software
entities operating in a grid network.
It includes OpenSSL implementation and provides a single sign-on mechanism for users to perform actions within
the grid. It offers robust security by providing authentication and authorization mechanisms for system protection.
3. Scheduler
On identifying the resources, the next step is to schedule the tasks to run on them. A scheduler may not be needed
if standalone tasks are to be executed that do not showcase interdependencies. However, if you want to run
specific tasks concurrently that require inter-process communication, the job scheduler would suffice to
coordinate the execution of different subtasks.
Moreover, schedulers of different levels operate in a grid environment. For example, a cluster may represent an
independent resource with its own scheduler to manage the nodes it contains. Hence, a high-level scheduler may
sometimes be required to accomplish the task done on the cluster, while the cluster employs its own separate
scheduler to handle work on its individual nodes.
4. Data management
Data management is crucial for grid environments. A secure and reliable mechanism to move or make any data or
application module accessible to various nodes within the grid is necessary. Consider the Globus toolkit — an
open-source toolkit for grid computing.
It offers a data management component called grid access to secondary storage (GASS). It includes GridFTP built
on the standard FTP protocol and utilizes GSI for user authentication and authorization. After authentication, the
user can move files using the GridFTP facility without going through the login process at every node.
5. Workload & resource management

The workload & resource component enables the actual launch of a job on a particular resource, checks its status,
and retrieves the results when the job is complete. Say a user wants to execute an application on the grid. In that
case, the application should be aware of the available resources on the grid to take up the workload.
So, it interacts with the workload manager to determine the resource availability and updates the status
accordingly. This helps in efficient workload and resource management for various nodes on the grid.
Types of Grid Computing With Examples
Grid computing is divided into several types based on its uses and the task at hand. Let’s understand the types of
grid computing with some examples.
1. Computational grid computing
Computational grids account for the largest share of grid computing usage across industries today, and the trend is
expected to stay the same over the years to come. A computational grid comes into the picture when you have a
task taking longer to execute than expected. In this case, the main task is split into multiple subtasks, and each
subtask is executed in parallel on a separate node. Upon completion, the results of the subtasks are combined to
get the main task’s result. By splitting the task, the end result is achieved O(n) times faster (where ‘n’ denotes the
number of subtasks) than when a single machine executes the task.
Computational grids find application in several real-life scenarios. For example, a computational grid can speed up
the business report generation for a company with an online marketplace. As time is an important factor for
customers, the company can use computational grids to generate reports within seconds rather than minutes.
Such grids result in substantial performance improvement compared to traditional systems.
2. Data grid computing

Data grids refer to grids that split data onto multiple computers. Like computational grids where computations are
split, data grids enable placing data onto a network of computers or storage. However, the grid virtually treats
them as one despite the splitting. Data grid computing allows several users to simultaneously access, change, or
transfer distributed data.
For instance, a data grid can be used as a large data store where each website stores its own data on the grid.
Here, the grid enables coordinated data sharing across all grid users. Such a grid allows collaboration along with
increased knowledge transfer between grid users.
3. Collaborative grid computing

Collaborative grid computing solves problems by offering seamless collaboration. This type of computing uses
various technologies that support work between individuals. As individual workers can readily access each other’s
work and critical information on time, it improves overall workforce productivity and creativity, which benefits
organizations massively.
It overcomes geographical barriers and adds capabilities that enhance work experience by allowing remote
individuals to work together. For example, with a collaborative grid, all users can access and simultaneously work
on text-based documents, graphics, design files, and other work-related products.
4. Manuscript grid computing

Manuscript grid computing comes in handy when managing large volumes of image and text blocks. This grid type
allows the continuous accumulation of image and text blocks while it processes and performs operations on
previous block batches. It is a simple grid computing framework where vast volumes of text or manuscripts and
images are processed in parallel.
5. Modular grid computing

Modular grid computing relates to disaggregating computing resources in a system or chassis, where resources can
include storage, GPUs, memory, and networking. IT teams can then combine the required assets and computing
resources to support specific apps or services.
Fundamentally, in a modular grid, a set of resources is combined with software for distinct applications. For
example, CPU and GPU drives may reside in a server rack chassis. They can be interconnected with an auxiliary
high-speed and low-latency fabric to create a server configuration that is optimized for a particular application.
When applications are created, a set of computing resources and services are defined to support them.
Subsequently, when the applications expire, computing support is withdrawn, and resources are set free, making
them available for other apps. Practically, original equipment manufacturers (OEMs) play a key role in modular grid
computing as their cooperation is critical in creating modular grids that are application-specific.
What Is Dual Homed Gateway?
A dual homed gateway is a system that has two or more network interfaces, each of which is connected to a
different network. In firewall configurations, a dual homed gateway usually acts to block or filter some or all of the
traffic trying to pass between the networks.
What Is Bastion Host?
A system that has been hardened to resist attack, and which is installed on a network in such a way that it is
expected to potentially come under attack. Bastion hosts are often components of firewalls, or may be ``outside''
web servers or public access systems. Generally, a bastion host is running some form of general purpose operating
system (e.g., Unix, VMS, NT, etc.) rather than a ROM-based or firmware operating system.
What Is Tunneling Router?
A router or system capable of routing traffic by encrypting it and encapsulating it for transmission across an
untrusted network, for eventual de-encapsulation and decryption.
Explain how NAT works with example. Explain VPN architecture. (E) 8+7
Digital Signature.
Notes are already given. You can also check on Atul Kahate’s Cryptography and network
security.
SECURITY POLICIES
To know that an operating system maintains the security we expect, we must be able to state its security policy. A
security policy is a statement of the security we expect the system to enforce. An operating system (or any other
piece of a trusted system) can be trusted only in relation to its security policy; that is, to the security needs the
system is expected to satisfy.
Military Security Policy
Military security policy is based on protecting classified information. Each piece Of information is ranked at a
particular sensitivity level, such as unclassified, restricted, confidential, secret, or top secret. The ranks or levels
form a hierarchy, and they reflect an increasing order of sensitivity.
Commercial Security Policies
Commercial enterprises have significant security concerns. They worry that industrial espionage will reveal
information to competitors about new products under development. Likewise, corporations are often eager to
protect information about the details of corporate finance. So even though the commercial world is usually less
rigidly and less hierarchically structured than the military world, we still find many of the same concepts in
commercial security policies. For example, a large organization, such as a corporation or a university, may be
divided into groups or departments, each responsible for a number of disjoint projects. There may also be some
corporate-level responsibilities, such as accounting and personnel activities. Data items at any level may have
different degrees of sensitivity, such as public, proprietary, or internal; here, the names may vary among
organizations, and no universal hierarchy applies.
MODELS OF SECURITY
In security and elsewhere, models are often used to describe, study, or analyze a particular
situation or relationship. McLean gives a good overview of models for security. In particular,
security models are used to
We assume that some access control policy dictates whether a given user can access a
particular object. We also assume that this policy is established outside any model. That is, a
policy decision determines whether a specific user should have access to a specific object;
the model is only a mechanism that enforces that policy. Thus, we begin studying models by
considering simple ways to control access by one user.
Multilevel Security
Ideally, we want to build a model to represent a range of sensitivities and to reflect the need
to separate subjects rigorously from objects to which they should not have access. For
instance, consider an election and the sensitivity of data involved in the voting process.
The names of the candidates are probably not sensitive. If the results have not yet been
released, the name of the winner is somewhat sensitive. If one candidate received an embarrassingly
low number of votes, the vote count may be more sensitive. Finally, the way a particular
individual voted is extremely sensitive. Users can also be ranked by the degree of sensitivity
of information to which they can have access. For obvious reasons, the military has
developed extensive procedures for securing information.
A generalization of the military model of information security has also been adopted as a
model of data security within an operating system. Bell and La Padula [BEL73] were first to
describe the properties of the military model in mathematical notation, and Denning
firstformalized the structure of this model. In 2005, Bell [BEL05] returned to the original
model to highlight its contribution to computer security. He observed that the model
demonstrated the need to understand security requirements before beginning system design,
build security into not onto the system, develop a security toolbox, and design the system to
protect itself. The generalized model is called the lattice model of security because its
elements form a mathematical structure called a lattice. In this section, we describe the
military example and then use it to explain the lattice model.
Lattice Model of Access Security
The military security model is representative of a more general scheme, called a lattice.
The dominance relation defined in the military model is the relation for the lattice. The
relations transitive and anti-symmetric. The largest element of the lattice is the classification
<topsecret; all compartments>, and the smallest element is <unclassified; no
compartments>;these two elements respectively dominate and are dominated by all elements.
Therefore, the military model is a lattice.
Many other structures are lattices. For example, we noted earlier that a commercial
Security policy may contain data sensitivities such as public, proprietary, and internal, with the
natural ordering that public data are less sensitive than proprietary, which are less sensitive
than internal. These three levels also form a lattice.
Many other structures are lattices. For example, we noted earlier that a commercial security
policy may contain data sensitivities such as public, proprietary, and internal, with the
natural ordering that public data are less sensitive than proprietary, which are less sensitive
than internal. These three levels also form a lattice.
Security specialists have chosen to base security systems on a lattice because it naturally
represents increasing degrees. A security system designed to implement lattice models can be
used in a military environment. However, it can also be used in commercial environments
with different labels for the degrees of sensitivity. Thus, lattice representation of sensitivity
levels applies to many computing situations.
BellLaPadula Confidentiality Model
The Bell and La Padula model [BEL73] is a formal description of the allowable paths of
information flow in a secure system. The model's goal is to identify allowable
communication when maintaining secrecy is important. The model has been used to define
security requirements for systems concurrently handling data at different sensitivity levels.
This model is a formalization of the military security policy and was central to the U.S.
Department of Defense's evaluation criteria, described later in this chapter.
We are interested in secure information flows because they describe acceptable connections
between subjects and objects of different levels of sensitivity. One purpose for security-
level analysis is to enable us to construct systems that can perform concurrent computation on
data at two different sensitivity levels. For example, we may want to use one machine for top-secret and
confidential data at the same time. The programs processing top-secret data would
be prevented from leaking top-secret data to the confidential data, and the confidential users
would be prevented from accessing the top-secret data. Thus, the BellLaPadula model is
useful as the basis for the design of systems that handle data of multiple sensitivities.
To understand how the BellLaPadula model works, consider a security system with the
following properties. The system covers a set of subjects S and a set of objects O. Each
subject s in S and each object o in O has a fixed security class C(s) and C(o) (denoting
clearance and classification level). The security classes are ordered by a relation . (Note:
The classes may form a lattice, even though the BellLaPadula model can apply to even less
restricted cases.)
Two properties characterize the secure flow of information.
Simple Security Property. A subject s may have read access to an object o only if C(o)=< C
(s).
In the military model, this property says that the security class (clearance) of someone
receiving a piece of information must be at least as high as the class (classification) of the
information.
*-Property (called the "star property"). A subject s who has read access to an object o may
have write access to an object p only if C(o) =<C(p).
In the military model, this property says that the contents of a sensitive object can be written
only to objects at least as high.
In the military model, one interpretation of the *-property is that a person obtaining
information at one level may pass that information along only to people at levels no lower
than the level of the information. The *-property prevents write-down, which occurs when a
subject with access to high-level data transfers that data by writing it to a low-level object.
Literally, the *-property requires that a person receiving information at one level not talk with
people cleared at levels lower than the level of the informationnot even about the weathera
This example points out that this property is stronger than necessary to ensure security; the
same is also true in computing systems. The BellLaPadula model is extremely conservative:
It ensures security even at the expense of usability or other properties.
Biba Integrity Model
The BellLaPadula model applies only to secrecy of information: The model identifies paths
that could lead to inappropriate disclosure of information. However, the integrity of data is
important, too. Biba constructed a model for preventing inappropriate modification of data.
The Biba model is the counterpart (sometimes called the dual) of the BellLaPadula model.
Bibadefines "integrity levels," which are analogous to the sensitivity levels of the
BellLaPadulamodel. Subjects and objects are ordered by an integrity classification scheme,
denoted I(s) and I(o). The properties are
Simple Integrity Property. Subject s can modify (have write access to) object o only if I(s)
>=I(o)
Integrity *-Property. If subject s has read access to object o with integrity level I(o), s can
havewrite access to object p only if I(o) >=I(p).

IS Sem

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

IS Sem

Enviado por

Direitos autorais:

Formatos disponíveis

1. What is spoofing and sniffing?

Types of Sniffing Attacks-Active Sniffing & Passive Sniffing

Different Types of Spoofing Attacks

DNS Server Spoofing

Man-in-the-Middle (MitM) attack

Text Message Spoofing

4. How SQL injection works? (M)

5. Write the RSA algorithm? (H)

 Select two large prime numbers, p and q.

Encryption/Decryption using RSA:

Use p = 17, q = 11, and n = p*q = 17 × 11 = 187.

φ(n) = (p - 1)(q - 1) = 16 × 10 = 160

PU = {7, 187} is the public key

PR = {23, 187} is the private key

Difference between DOS and DDOS attacks:

 Decrypting traffic based on tricking access points (active attack)

3. What is the purpose of Information security? Describe 3 objectives of Information

Protocol attacks- It consumes actual server resources, and is measured in a packet.

9. File Inclusion attacks

10. Man in the middle attacks

In the below image, we can see the process of passive attacks.

What is ARP Spoofing (ARP Poisoning)

Prerequisite - Network Topologies

Difference between Star and Mesh Topology:

Star Topology Mesh Topology

Working of Optical Fiber

Types of Optical Fiber

Trojan Horse and Spyware

Examples of Malicious Code Attacks

 Trojan Horse – Emotet – appears as applications a user would benefit from

7 Types of Cyber Security Threats

 Block access to key network components (ransomware)

4. Man in the Middle

1.Explain how NAT works with example?

Describe different types of attacks on packet filtering firewall?

5 Firewall Threats and Vulnerabilities to Look Out For

How is circuit gateway different from application gateway?

Circuit level Gateway

• It relays TCP connections .

. Describe the action of packet of firewall with diagram?

4 types of packet filtering

There are four primary types of packet filtering:

1. Static packet filtering firewall

2. Dynamic packet filtering firewall

3. Stateless packet filtering firewall

Benefits of packet filtering firewalls

There are many benefits to using packet filtering firewalls including:

Types of Network Firewall :

2. Stateful Inspection Firewalls –

3. Application Layer Firewalls –

1. The Destination addresses, Source addresses, and Ports.

1. It consists of security functions that determine which connections have to be allowed.

Network Address Translation (NAT) working –

A VPN connection is shown in the figure below −

VPN connections are used in two important ways −

The types of VPNs are as follows −

7 Types of Computing Platform

Key Cloud Computing Grid Computing

Difference between Hardware and Software firewall:

Hardware Firewall do not operate on

Configuration of hardware firewall is

It is required to install the device between the

It is more expensive than a software