Cryptography and Network Security

SVS COLLEGE OF ENGINEERING AND

DEPARTMENT OF computer science and engineering
TWO MARKS
Unit-II & III
1. What is Cryptology?
The study of secure communications, which encompasses both cryptography and
cryptanalysis.

2. Define Cryptography.
The branch of cryptology dealing with the design of algorithms for encryption and
decryption, intended to ensure the secrecy and/or authenticity of messages.
Cryptography means Secret writing.
Definition:
A cryptosystem is a 5 tuple (E, D, M, K, and C)M-> set of plain text.C-> set of Enciphering functions.K->set
of Keys.D : C*k -> M set of deciphering functions.

3. Define Cryptanalysis .
The branch of cryptology dealing with the breaking of a cipher to recover information, or
forging encrypted information that will be accepted as authentic.
4. What is Plain text ?
An original message is known as the plaintext(Readable format)
5. What is Cipher Text:
coded message is called the Cipher Text.(Unreadable format)
6. What is Key?A sequence of symbols that controls the operation of a cryptographic
transformation. A key is normally a string of bits used by a cryptographic algorithm to
transform plain text into cipher text or vice versa. The key should be the only part of the
algorithm that it is necessary to keep secret.
7. What is Symmetric Cryptography?
Symmetric cryptography uses a single private key to both encrypt and decrypt data.
Examples:
AES/Rijndael ,Blowfish,CAST5,DES,IDEA,RC2,RC4,RC6,Serpent,Triple DES,Two fish
8. What is Asymmetric Cryptography?Asymmetric cryptography or public-key
cryptography is cryptography in which a pair of keys is used to encrypt and decrypt a message
.The keys used are public and private key.
Examples: RSA,DSA,PGP
9. Define Stream cipher.
Processes the input stream continuously and producing one element at a time.
Example: caeser cipher.

10. Define Block cipher.

Processes the input one block of elements at a time producing an output block for
each input block.
Example: DES.

11. What is Passive attack?

Monitoring the message during transmission.
Eg: Interception

12.What is Active attack:

Modification of data stream or creation of false data stream.
E.g.: Fabrication, Modification, and Interruption

13. List the different Types of Ciphers.
Shift Ciphers.
Affine Ciphers
Vigenere Cipher
Substitution Ciphers
Sherlock Holmes
Playfair and ADFGX Ciphers
Block ciphers
One-Time pads
14. Write short notes Congruence.
Let a,b,n be integers with n0. We say that a b(mod n)

If a-b is a multiple of n.

15. Write short notes Chinese Remainder Theorem:

Suppose gcd(m,n)=1.Given integers a and b, there exists exactly one solution x(mod mn) to
the simultaneous congruence x a(mod n) , x b(mod n).

16. Write short notes Modular Exponentiation:

Modular exponentition is of the form x
a
(mod n).

17. Write short notes Fermats Little Theorem:
If p is aprime and p does not divide a, then

a
p-1
1 (mod p)

18.Write short notes Eulers Theorem:

If gcd(a,n)=1, then

a
(n)
1(mod n)

19. Define integrity and nonrepudiation?
Integrity:
Service that ensures that only authorized person able to modify the message.
Nonrepudiation:
This service helps to prove that the person who denies the transaction is true or false.

20. Define confidentiality and authentication
Confidentiality:
It means how to maintain the secrecy of message. It ensures that the information in a
computer system and transmitted information are accessible only for reading by
authorized person.
Authentication:
It helps to prove that the source entity only has involved the transaction.
21. Define security attack, security mechanism and security services.
Security attack: any action that compromises the security of information
ownedby an organization.
Security mechanism: a mechanism that is designed to detect, prevent or
recoverfrom a security attack.
Security services: a service that enhances the security of the data
processingsystems and the information transfers of an organization.

22. Mention the different types of security services.
Authentication
Confidentiality
Data integrity
Non repudiation
Access control
Availability
23. What is Brute force attack?
Trying out all the possible keys on a piece of cipher text until an
intelligible translation to plain text is obtained.
24.Mention the various types of cryptanalytic attack.
Known plaintext
Cipher text only
Chosen plaintext
Chosen Cipher text
25. Define the two basic building blocks of encryption techniques.
Substitution technique it is one in which the letters of
the plaintext are replaced by other letters or by numbers
or symbols.
Transposition technique it is one which performs some
sort of permutation on the plaintext letters.

26. Mention few mono-alphabetic and poly-alphabetic ciphers.
Mono-alphabetic ciphers: - playfair cipher, hill cipher, Caesar
cipher Poly-alphabetic ciphers: - vigenere cipher, one time pad cipher

27.What is steganography? Mention few techniques in it.



28. Mention the functions involved in simplified DES.
Initial permutation
A complex function F with a key k1
Switching
A complex function F K with a key k2
Inverse permutation k
29. What is Avalanche effect ?

A characteristic of an encryption algorithm in which a small change in the plaintext or key
gives rise to a large change in the cipher text.
30. List the evaluation criteria defined by NIST for AES?
The evaluation criteria for AES is as follows:
1.Security
2. Cost
3.Algorithm and implementation characteristics

31. List the step involved in single Round of AES.
1.Substitute byte transformation
2. Shift rows transformation
3.Mixcolumns transformation
4.Add Round Key transformation


32. Define Substitute byte transformation and Shift rows transformation.

Substitute byte transformation, called SubBytes, is a simple table lookup. AES defines a
16 x 16 matrix of byte values, called an S-box that contains a permutation of all possible 256
8-bit values. Each individual byte of State is mapped into a new byte in the following way:
The leftmost 4 bits of the byte are used as a row value and the rightmost 4 bits are used as a
column value. These row and column values serve as indexes into the S-box to select a unique
8-bit output value.
Shift row transformation, called Shift Rows, the first row of State is not altered. For the
second row, a 1-byte circular left shift is performed. For the third row, a 2-byte circular left
shift is performed. For the fourth row, a 3-byte circular left shift is performed.

33. Define Mixcolumns transformation & Add Round Key transformation.

Mix column transformation, called MixColumns, operates on each column individually.
Each byte of a column is mapped into a new value that is a function of all four bytes in that
column.
Add round key transformation, called AddRoundKey, the 128 bits of State are bitwise
XORed with the 128 bits of the round key.The operation is viewed as a column wise operation
between the 4 bytes of a State column and one word of the round key; it can also be viewed as
a byte-level operation.

34. What is Primality Test?
A primality test is an algorithm for determining whether an input number is prime or not.

35. List the types of Primality Testing.

1. Fermat Primality Test.

2. Miller-Rabin Primality Test.

3. Solovay-strassen Primality Test.

36. What is Factoring ?

Factoring is the decomposition of an object into a product of other objects, or factors,
which when multiplied together give the original.
37. Define RC4.
RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security. RC4 is used
in the SSL/TLS (Secure Sockets Layer/Transport Layer Security) standards that have been
defined for communication between Web browsers and servers. It is also used in the WEP
(Wired Equivalent Privacy) protocol and the newer WiFi Protected Access (WPA) protocol
that are part of the IEEE 802.11 wireless LAN standard.
38. Define RSA.
RSA (which stands for Rivest, Shamir and Adleman who first publicly described it) is
an algorithm for public-key cryptography. It is the first algorithm known to be suitable for
signing as well as encryption, and was one of the first great advances in public key
cryptography.

39. List Four possible approaches to attack the RSA Algorithm.
1. Brute Force

2. Mathematical Attacks

3. Timing attacks

4. Chosen Cipher text attacks

40. What is Triple Encryption? How many keys are used in triple encryption?

Triple Encryption is a technique in which encryption algorithm is performed three times
using three keys.

41. What is the meet in the middle attack?

This is the cryptanalytic attack that attempts to find the value in each of
the range and domain of the composition of two functions such that the forward mapping of
one through the first function is the same as the inverse image of the other through the second
function-quite literally meeting in the middle of the composed function.

42. Define Differential Cryptanalysis.
A technique in which chosen plaintext with particular XOR difference patterns are
encrypted. This difference pattern of the resulting ciphertext provide information that can be
used to determine the encryption key.

43. List the Block cipher Modes of operation.

1. Electronic Codebook (ECB)
2. Cipher Block Chaining (CBC)
3. Cipher Feedback (CFB)
4. Output Feedback (OFB)
5. Counter (CTR)

44. List the description and application Electronic Codebook.
Each block of 64 plaintext bits is encoded independently using the same key.

Application:
Secure transmission of single values (e.g., an encryption key)

45. List the description and application Cipher Block Chaining (CBC)

The input to the encryption algorithm is the XOR of the next 64 bits of plaintext and the
preceding 64 bits of ciphertext.

Application:

General-purpose block-oriented transmission
Authentication

46. List the description and application Cipher Feedback (CFB)

Input is processed j bits at a time. Preceding ciphertext is used as input to the encryption
algorithm to produce pseudorandom output, which is XORed with plaintext to produce next
unit of ciphertext.
Application:
General-purpose stream-oriented transmission
Authentication

47. List the description and application Output Feedback (OFB)

Similar to CFB, except that the input to the encryption algorithm is the preceding DES
output.Application:
Stream-oriented transmission over noisy channel (e.g., satellite communication)
48. List the Advantages of counter mode:

*Hardware Efficiency
*Software Efficiency
*Preprocessing
*Random Access
* Provable Security
*Simplicity.
49. List out the applications of the public key cryptosystems.
Encryption / decryption
Digital signature
Key exchange
50. Define Eulers totient function (used in RSA algorithm).
It is the number of positive integers that are less than n and relatively
prime to n.
Where n is the product of two prime numbers (p & q)
It is represented as F(n) and it is expressed as F(n) = F(pq) = (p-1)(q-1).

51. What are the various approaches to attacks the RSA algorithm?
Brute force attack
Mathematical attacks
Timing attacks
52. List out the different techniques of distributing the public key.
Public announcement
Publicly available directory
Public key authority
Public key certificate
53.Why do we need Diffie Hellman algorithm?

It is used for exchanging the secret keys between the sender and the
receiver. It allows two users to exchange a key securely.

54. What are the attacks that can be performed in the networks?
Disclosure
Traffic analysis
Masquerade
Content modification
Sequence modification
Timing modification
Source repudiation
Destination repudiation
55. Define Hash Function.

A function that maps a variable-length data block or message into a fixed-length value
called a hash code. The function is designed in such a way that, when protected, it provides an
authenticator to the data or message. Also referred to as a message digest (or) Hash code.

56. List the Hash Algorithms.

SHA(Secure Hash Algorithm)
MD5(Message Digest Version5)

57. Write Short notes on MD5.

The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that
produces a 128-bit (16-byte) hash value. MD5 has been employed in a wide variety of security
applications, and is also commonly used to check data integrity. MD5 was designed by Ron
Rivest in 1991 to replace an earlier hash function, MD4. An MD5 hash is typically expressed
as a 32-digit hexadecimal number.
58.Write Short notes on SHA(Secure Hash Algorithm).

The Secure Hash Algorithm is one of a number of cryptographic hash functions
published by the National Institute of Standards and Technology (NIST) as a U.S. Federal
Information Processing Standard (FIPS).

59. What is Digital Signature?
A digital signature is an authentication mechanism that enables the creator of a message
to attach a code that acts as a signature. The signature is formed by taking the hash of the
message and encrypting the message with the creator's private key. The signature guarantees
the source and integrity of the message.
60. List the Digital Signature Algorithms.

RSA
ElGamal
DSA
61. List the Processes involved in Digital Signature.
Signing Process
Verification Process

62.. What are the properties a digital signature should have?
It must verify the author and the data and time of signature.
It must authenticate the contents at the time of signature.
It must be verifiable by third parties to resolve disputes.

63. What is Birthday attack ?
This cryptanalytic attack attempts to find two values in the domain of a function that
map to the same value in its range.

64. What is Discrete Logarithms?

Discrete logarithms are fundamental to a number of public-key algorithms, including
Diffie-Hellman key exchange and the digital signature algorithm.

65. List the approaches of Computing Discrete Logarithms.
Pohlig Hellman Algorithm
Baby-step Giant-step
Index calculus algorithm

66. What is one way function?

One way function is one that map the domain into a range such that every
function value has a unique inverse with a condition that the calculation of the function is easy
where as the calculations of the inverse is infeasible.

67. What is the purpose of using Diffie-Hellman Key Exchange?

The purpose of the algorithm is to enable two users to securely exchange a key that can
then be used for subsequent encryption of messages.

68.User A and B exchange the key using Diffie-Hellman algorithm. Assume =5 q=11
XA=2 XB=3. Find the value of YA,YB and k?
Soln:
YA= XA mod q= 25 mod 11
= 3
YB = XB mod q= 125 mod 11
= 4
K = ( YA) XB mod q= 27 mod 11
= 5
K = ( YB) XA mod q= 16 mod 11
= 5

69.Define ElGamal Public Key Cryptosystem.

ElGamal Public Key Cryptosystem is an asymmetric key encryption for public key
cryptography based on Diffie-Hellman Key Exchange.

70. Difference between MD5 and SHA-1.

Point of Discussion MD5 SHA-1
1.Message digest length 128 160
in bits
2.Speed Faster(64 iterations) Slower(80 iterations)
3.Attack to try and find Requires 2
64
operations Requires 2
80
operations
two messages producing to break in. to break in.
the same message digest


71. What is the primitive root of a number?

We can define a primitive root of a number p as one whose powers generate all the
integers from 1 to p-1. That is p,if a is a primitive root of the prime number p then the
numbers.

72. Using ElGamal Scheme, let = 5, p =11, XA= 2. Find the value of YA?
= 5, p =11, XA= 2

YA =
XA
mod p

= 52 mod 11

73. What are the requirements of the hash function?

H can be applied to a block of data of any size.
H produces a fixed length output.
H(x) is relatively easy to compute for any given x, making both hardware and software
implementations practical.

74. Define the classes of message authentication function.

Message encryption: The entire cipher text would be used for authentication.
Message Authentication Code: It is a function of message and secret key produce
a fixed length value.
Hash function: Some function that map a message of any length to fixed length which
serves as authentication.

75. Mention the various ways of producing an authenticator.
Message encryption
Message Authentication Code (MAC)
Hash function
76. Differentiate Message Authentication Code and Hash function.
In MAC, a public function of the message and a secret key are used to produce a
fixed length authenticator.
A hash function accepts a variable size message as input and produces a
fixed size output (hash code) which is similar to MAC. But hash code does not use
a key.

77. Define one way property, weak collision resistance and strong collision
resistance of hash function.
For any given value h, it is computationally infeasible to find x such that
H(x) = h one way property.
For any given block x, it is computationally infeasible to find y x
with
H(y) = H(x) weak collision resistance.It is computationally
infeasible to find any pair (x, y) such that H(x) =
H(y) strong collision property.

76. Define Kerberos.
Kerberos is a centralized authentication server whose function is to
authenticate users to servers and servers to users.
77. Determine the gcd(24140,16762) using Euclids algorithm.
Soln:
We know, gcd (a,b)=gcd(b,a mod b)
gcd(24140,16762)=gcd(16762,7378)
gcd(7378,2006)=gcd(2006,1360)gcd(1360,646)=gcd(646,68)
gcd(68,34)=34
gcd(24140,16762) = 34.
78.Perform encryption and decryption using RSA alg. For the
following.
P=7; q=11; e=17; M=8.
Soln:
n=pq
n=7*11=77
(n)=(p-1) (q-1)
=6*10 = 60
e=17
d =27
C= Me mod n
C = 817 mod 77
= 57
M = Cd mod n
= 5727 mod 77
= 8

79. User A & B exchange the key using Diff ie Hellman alg.
Assume
=5 q=11 XA=2 XB=3. Find YA, YB, K.
Soln:
YA = XA mod q
=52 mod 11
= 3
YB = XB mod q
= 53 mod 11
= 4
KA = YBXA mod q
= 42 mod 11
= 5
KB = YAXB mod q
= 33 mod 11
= 5
UNIT V

1.What is Kerberos?

Kerberos is an authentication service developed as a part of project Athena at
MIT.Kerberos provide a centralized authentication server whose functions is to
authenticate servers.

2.What 4 requirements were defined by Kerberos?
Secure
Reliable
Transparent
Scalable
3. Mention the limitations of version 4 of Kerberos.
a. Environmental shortcomings
i. Encryption system dependence
ii. Internet protocol dependence
iii. Message byte ordering
iv. Ticket lifetime
v. Inter realm authentication
b. Technical deficiencies
i. double encryption
ii. propagating block chaining encryption
iii. session keys
iv. password attacks
4. Mention the services provided by the Pretty Good Privacy (PGP).
a. Authentication
b. Confidentiality
c. Compression
d. E-mail compatibility
e. Segmentation and reassembly
5. Signature is generated before compression in PGP. Why?
There are two reasons behind it.
It is preferable to sign an uncompressed message so that one can
store
only the uncompressed message together with the signature for future
verification. If one signed a compressed document, then it would be
necessary either to store a compressed version of the message for later
verification or to recompress the message when verification is
required.
Even if one were willing to generate dynamically a recompressed message
for verification, PGPs compression algorithm presents a difficulty. The
algorithm is not determine

6. How E-mail compatibility is performed?
Radix-64 is the technique which is used for E-mail compatibility. In
Radix-64, each group of 3 octets of binary data is mapped into 4
ASCII
characters.

7. What is the need of public key ring and private key ring?
Public key ring is one of the data structures which is used to store the
public keys of the other participants
Private Key ring is a data structure which is used to store the public
and
the private keys of the owner alone.
8. Define the terms: connection and session
i. A connection is a transport that provides a suitable type of service.
Every connection is associated with one session.
ii. A session is an association between a client and a server. Onesession
may have multiple connections.

9. What is the use of the change cipher spec protocol?
i. This protocol consists of a single message which consists of a
single byte with a value 1. The sole purpose of this message is to
cause the pending state to be copied into the current state, which


updates the cipher suite (cryptographic algorithm) to be used
on
the connection.

10. Mention the phases of the Handshake protocol.
a. Phase 1 establish security capabilities
b. Phase 2 server authentication and key exchange
c. Phase 3 client authentication and key exchange
d. Phase 4 finish


11.Define X.509 Authentication Service.

X.509 is part of the X.500 series. X.509 define a directory service. X.509 is based on
the use of public-key cryptography and digital signatures. X.509 defines a framework for the
provision of authentication services by the X.500 directory to its users. For example, the
X.509 certificate format is used in S/MIME, IP Security , and SSL/TLS and SET .

12..Define Public-Key Infrastructure.
Public-key infrastructure (PKI) as the set of hardware, software, people, policies, and
procedures needed to create, manage, store, distribute, and revoke digital certificates based on
asymmetric cryptography.

13..Define PGP.
Pretty Good Privacy is an open-source freely available software package for e-mail
security. It provides authentication through the use of digital signature; confidentiality through
the use of symmetric block encryption; compression using the ZIP algorithm; e-mail
compatibility using the radix-64 encoding scheme; and segmentation and reassembly to
accommodate long e-mails.
14..Define S/MIME

Secure/Multipurpose Internet Mail Extension is an Internet standard approach to e-mail
security that incorporates the same functionality as PGP.

15.. Write short notes on IP Security.

IPSec provides the capability to secure communications across a LAN, across private
and public WANs, and across the Internet.

16.. Write short notes on Web Security:

Secure socket layer (SSL) provides security services between TCP and applications that use
TCP. The Internet standard version is called transport layer service (TLS).

17.. Write short notes on Secure Electronic Transaction .What are the features of SET?

Secure Electronic Transaction (SET) is an open encryption and security specification
designed to protect credit card transactions on the Internet.

Confidentiality of information
Integrity of data
Cardholder account authentication
Merchant authentication
18.. Write short notes on Transport Layer Security(TLS) ?

Transport Layer Security is defined as a Proposed Internet Standard in RFC 2246. RFC
2246 is very similar to SSLv3. The TLS Record Format is the same as that of the SSL Record
Format, and the fields in the header have the same meanings. The one difference is in version
number.

19..What are the function areas of IP security?

Authentication
Confidentiality
Key management.
20.Differentiate Transport and Tunnel mode in IPsec?

Transport mode Tunnel Mode
1. Provide the protection for 1. Provide the protection for entire IP
upper layer protocol between two Packet.
hosts.

2. ESP in this mode encrypts and 2. ESP in this mode encrypt
optionally authenticates IP authenticate
Payload but not IP Header. the entire IP packet.

3. AH in this mode authenticate 3. AH in this mode authenticate the
the IP Payload and selected entire IP Packet plus selected portion
portion of IP Header. of outer IP Header.


21.What is dual signature? What it is purpose?
The purpose of the dual signature is to link two messages that intended for
two different recipients. To avoid misplacement of orders.

22. What does you mean by Reply Attack?
A replay attack is one in which an attacker obtains a copy of an
authenticated packet and later transmits it to the intended destination.
Each time a packet is send the sequence number is incremented in
the counter by the sender.

23.Name any cryptographic keys used in PGP?
One-time session conventional keys.
Public keys.
Private keys.
Pass phrase based conventional keys.
24.Define Certification authority.

The issuer of certificates and certificate revocation lists (CRLs). It may also support a
variety of administrative functions, although these are often delegated to one or more
Registration Authorities.
25.List the Applications of IPSec.

Secure branch office connectivity over the Internet
Secure remote access over the Internet
Establishing extranet and intranet connectivity with partners
Enhancing electronic commerce security
26.What are the headers fields define in MIME?

MIME version.
Content type.
Content transfer encoding.
Content id.
Content description.
27.Define Intruder

An individual who gains, or attempts to gain, unauthorized access to a computer system
or to gain unauthorized privileges on that system.

28.List Classes of Intruders.
Masquerader
Misfeasor
Clandestine user

29.Write short notes on Intrusion detection system

A set of automated tools designed to detect unauthorized access to a host system.

30.Write short notes on Malicious software.
Malicious software is software that is intentionally included or inserted in a system for a
harmful purpose.

31.Write short notes on Virus.

A virus is a piece of software that can "infect" other programs by modifying them; the
modification includes a copy of the virus program, which can then go on to infect other
programs.

32.Write short notes on Worm.

A worm is a program that can replicate itself and send copies from computer to
computer across network connections.

33.Define Statistical anomaly detection.

Involves the collection of data relating to the behavior of legitimate users over a period
of time. Then statistical tests are applied to observed behavior to determine with a high level
of confidence whether that behavior is not legitimate user behavior.



34.Define Threshold detection.
This approach involves defining thresholds, independent of user, for the frequency of
occurrence of various events.

35.Define Profile based.
A profile of the activity of each user is developed and used to detect changes in the
behavior of individual accounts.

36.Define Rule-based detection.
Involves an attempt to define a set of rules that can be used to decide that a given
behavior is that of an intruder.

37.Define Anomaly detection.
Rules are developed to detect deviation from previous usage patterns.

38.Define Penetration identification.
An expert system approach that searches for suspicious behavior.

39.Define Honeypot .

A decoy system designed to lure a potential attacker away from critical systems. A form of
intrusion detection.

40.What is Zombie?

A program that secretly takes over another Internet-attached computer and then uses that
computer to launch attacks that are difficult to trace to the zombie's creator.

41.What is Denial of Service?

A denial of service (DoS) attack is an attempt to prevent legitimate users of a service from
using that service.

42.Define Firewall.
A firewall is a device or set of devices designed to permit or deny network transmissions
based upon a set of rules and is frequently used to protect networks from unauthorized access.
43.List the types of Firewall:
1.Packet Filtering Router
2.Application-Level Gateway
3.Circuit-Level Gateway
44.List the Firewall Configuration.
1. Screened host Firewall System(single homed bastion system)
2. Screened host Firewall System(Dual homed bastion system)
3. Screened Subnet Firewall System

45.What is Trusted System?

A trusted system is a computer and operating system that can be verified to implement a
given security policy. Typically, the focus of a trusted system is access control.

46.List the types of Viruses:

parasitic virus
memory-resident virus
boot sector virus
stealth virus
polymorphic virus
metamorphic virus.
47. Define firewall.
i. Firewall is the in which protects the premises network from internet based attacks
and to provide a single choke point where security and audit can be imposed
48. What are the design goals of the firewall.
a. All traffic from inside to outside, and vice versa, must pass through the
firewall.
b. Only authorized traffic, as defined by the local security policy, will be
allowed to pass.
c. It is immune to penetration.

49. List out the limitations of the firewall.
a. It cannot protect against attacks that bypass the firewall.
b. The firewall does not protect against internal threats.
c. It cannot protect against the transfer of virus infected programs or files.

50. What are the types of firewall?
a. Packet filtering firewall
b. Application level gateway
c. Circuit level gateway

51. Define Basiton host.
i. A Basiton host is a system identified by the firewall administrator
as a critical strong point in the network security.
52. List out the firewall configurations.

a. Screened host firewall, single homed bastion
b. Screened host firewall, dual homed bastion
c. Screened subnet firewall
53. Define the two rules for multi-level security.
a. No read up a subject can only read on object of less or equal security
level. This is referred to as simple security property.
b. No write down a subject can only write into an object of greater or equal
security level. This is referred to as * property.

54. Define Torjan horse attack.
i. The Torjan horse attack begins with a hostile user, named X, gain legitimate access
into the system and installs both the torjan horse program and a private file to be used
in the attack as a back packet. X gives read / write permission to itself and gives Y
(authorized user) write-only permission. X now indicates Y to invoke torjan horse
program, by advertising it as a useful utility. When the program detects that it is being
executed by Y, it reads the sensitive character string from Ys file and copies it into
Xs back pocket file.

55. What are firewalls?

A firewall is any device that prevents a specific type of information from moving between the
untrusted network outside and the trusted network inside

The firewall may be:

a separate computer system
a service running on an existing router or server
a separate network containing a number of supporting devices
56. Explain different generations of firewalls.

First Generation - packet filtering firewalls
Second Generation-application-level firewall or proxy server
Third Generation- Stateful inspection firewalls
Fourth Generation-dynamic packet filtering firewall
Fifth Generation- kernel proxy

57. What is the advantage of Second Generation firewalls?

The primary disadvantage of application-level firewalls is that they are designed for a
specific protocol and cannot easily be reconfigured to protect against attacks on protocols for
which they are not designed.

58What is the drawback of packet-filtering router?

The drawback of packet-filtering router includes a lack of auditing and strong
authentication.
59) What are Screened-Host Firewall Systems

Screened-Host firewall system allows the router to pre-screen packets to minimize the
network traffic and load on the internal proxy.

60) What is the use of an Application proxy?

An Application proxy examines an application layer protocol, such as HTTP, and
performs the proxy services

61What are Screened-Subnet Firewalls?

Consists of two or more internal bastion-hosts, behind a packet-filtering router, with each host
protecting the trusted network

The first general model consists of two filtering routers, with one or more dual-homed bastion-
host between them

The second general model involves the connection from the outside or untrusted network

62)What are the factors to be considered while selecting a right firewall?

What type of firewall technology offers the right balance of protection features and cost
for the needs of the organization?

What features are included in the base price? What features are available at extra cost?
Are all cost factors known?

How easy is it to set up and configure the firewall? How accessible are staff technicians
with the mastery to do it well?

Can the candidate firewall adapt to the growing network in the target organization?

63)What are Sock Servers?

The SOCKS system is a proprietary circuit-level proxy server that places special SOCKS client-
side agents on each workstation.
63) What are intrusion detection systems(IDS)?

IDSs work like burglar alarms

IDSs require complex configurations to provide the level of detection and
response desired

An IDS operates as either network-based, when the technology is focused on
protecting network information assets, or host-based, when the technology is
focused on protecting server or host information assets

IDSs use one of two detection methods, signature-based or statistical
anomaly-based

64) What are different types of IDSs?

a) Network-based IDS

b) Host-based IDS

c) Application-based IDS

d) Signature-based IDS

e) Statistical Anomaly-Based IDS

65) Define NIDS

A network-based IDS(NIDS) resides on a computer or an appliance connected to a segment of an
organizations network and monitors traffic on that network segment,looking for indications of
ongoing or successful attacks.

66).What is Application-based IDS?

A refinement of Host-based IDs is the application-based IDS(AppIDS). The application based
IDs examines an application for abnormal incidents. It looks for anomalous occurrences such as
users exceeding their authorization,invalid file executions etc.
67).What is Signature-based IDS?

A signature-based IDS(also called Knowledge-based IDs) examines data traffic in search of
patterns that match known signatures that is,preconfigured ,predetermined attack patterns.

68).What are Honey Pots?

Honey pots are decoy systems designed to lure potential attackers away from critical systems and
encourage attacks against the themselves. These systems are created for the sole purpose of
deceiving potential attackers. In Industry they are known as decoys,lures,and fly-traps.

69) What are Honey Nets?

When a collection of honey pots connects several honey pot systems on a subnet,it may be called
a honey net.
70)What is Public Key Infrastructure (PKI)?

PKI or Public Key Infrastructure

Public Key Infrastructure is the entire set of hardware, software, and cryptosystems
necessary to implement public key encryption

PKI systems are based on public-key cryptosystems and include digital certificates
and certificate authorities (CAs) and can:

Issue digital certificates

Issue crypto keys


71).How E-mail systems are secured?


Encryption cryptosystems have been adapted to inject some degree of security into e-
mail:

S/MIME builds on the Multipurpose Internet Mail Extensions (MIME) encoding format
by adding encryption and authentication

Privacy Enhanced Mail (PEM) was proposed by the Internet Engineering Task Force
(IETF) as a standard to function with the public key cryptosystems

PEM uses 3DES symmetric key encryption and RSA for key exchanges and digital
signatures

Pretty Good Privacy (PGP) was developed by Phil Zimmerman and uses the IDEA
Cipher along with RSA for key exchange