UNIT - 1

INTRODUCTION
(Computer System Security)
What is • Computer security basically is the
protection of computer systems and
Computer information from harm, theft, and
Security and unauthorized use. It is the process of
preventing and detecting
What to unauthorized use of your computer
Learn ? system.
1. Information security is securing information from unauthorized access,
modification & deletion
• Application Security is securing an application by building security features to
prevent from Cyber Threats such as SQL injection, DoS attacks, data breaches and
etc.
• Computer Security means securing a standalone machine by keeping it updated
and patched
• Network Security is by securing both the software and hardware technologies
2. Cybersecurity is defined as protecting computer systems, which communicate
over the computer networks
• It’s important to understand the distinction between these words, though there
isn’t necessarily a clear consensus on the meanings and the degree to which they
overlap or are interchangeable.
3. Computer security can be defined as controls that are put in place to
provide confidentiality, integrity, and availability for all components of
computer systems. Let’s elaborate the definition.
• Components of computer system
• The components of a computer system that needs to be protected
are:
• Hardware, the physical part of the computer, like the system memory
and disk drive
• Firmware, permanent software that is etched into a hardware
device’s nonvolatile memory and is mostly invisible to the user
• Software, the programming that offers services, like operating system,
word processor, internet browser to the user
The CIA Triad

• Computer security is mainly

concerned with three main areas:
• Confidentiality : Only authorized users can
access the data resources and information .

• Integrity : Only authorized users should be

able to modify the data when needed .

• Availability : Data should be available

to user when needed .

• Authentication : Communication wiyh the

authorized.
 • A security threat is a threat that
has the potential to harm
Computer computer systems and
Security organizations. The cause could be
physical, such as a computer
threats containing sensitive information
being stolen. It’s also possible that
the cause isn’t physical, such as a
viral attack.
Type
• 1. Physical Threats: A physical danger to computer systems is a
potential cause of an occurrence/event that could result in data loss
or physical damage. It can be classified as:
• Internal: Short circuit, fire, non-stable supply of power, hardware
failure due to excess humidity, etc. cause it.
• External: Disasters such as floods, earthquakes, landscapes, etc.
cause it.
• Human: Destroying of infrastructure and/or hardware, thefts,
disruption, and unintentional/intentional errors are among the
threats.
• 2. Non-physical threats: A non-physical threat is a potential source of an incident that could result in:
• Hampering of the business operations that depend on computer systems.
• Sensitive – data or information loss
• Keeping track of other’s computer system activities illegally.
• Hacking id & passwords of the users, etc.
• The non-physical threads can be commonly caused by:
• (i) Malware: Malware (“malicious software”) is a type of computer program that infiltrates and damages systems without
the users’ knowledge. Malware tries to go unnoticed by either hiding or not letting the user know about its presence on
the system. You may notice that your system is processing at a slower rate than usual.
• (ii) Virus: It is a program that replicates itself and infects your computer’s files and programs, rendering them inoperable.
It is a type of malware that spreads by inserting a copy of itself into and becoming part of another program. It spreads
with the help of software or documents. They are embedded with software and documents and then transferred from
one computer to another using the network, a disk, file sharing, or infected e-mail. They usually appear as an executable
file.
• (iii) Spyware: Spyware is a type of computer program that tracks, records, and reports a user’s activity (offline and online)
without their permission for the purpose of profit or data theft. Spyware can be acquired from a variety of sources,
including websites, instant chats, and emails. A user may also unwittingly obtain spyware by adopting a software
program’s End User License Agreement.
Adware is a sort of spyware that is primarily utilized by advertising. When you go online, it keeps track of your web
browsing patterns in order to compile data on the types of websites you visit.
• (iv) Worms: Computer worms are similar to viruses in that they replicate themselves and can inflict similar
damage. Unlike viruses, which spread by infecting a host file, worms are freestanding programs that do not
require a host program or human assistance to proliferate. Worms don’t change programs; instead, they
replicate themselves over and over. They just eat resources to make the system down.
• (v) Trojan: A Trojan horse is malicious software that is disguised as a useful host program. When the host
program is run, the Trojan performs a harmful/unwanted action. A Trojan horse, often known as a Trojan, is
malicious malware or software that appears to be legal yet has the ability to take control of your computer. A
Trojan is a computer program that is designed to disrupt, steal, or otherwise harm your data or network.
• (vi) Denial Of Service Attacks: A Denial of Service attack is one in which an attacker tries to prohibit legitimate
users from obtaining information or services. An attacker tries to make a system or network resource
unavailable to its intended users in this attack. The web servers of large organizations such as banking,
commerce, trading organizations, etc. are the victims.
• (vii) Phishing: Phishing is a type of attack that is frequently used to obtain sensitive information from users,
such as login credentials and credit card details. They deceive users into giving critical information, such as
bank and credit card information, or access to personal accounts, by sending spam, malicious Web sites, email
messages, and instant chats.
• (viii) Key-Loggers: Keyloggers can monitor a user’s computer activity in real-time. Keylogger is a program that
runs in the background and records every keystroke made by a user, then sends the data to a hacker with the
intent of stealing passwords and financial information.
 • A cyber attack is any attempt to gain
unauthorized access to a computer,
computing system or computer network
with the intent to cause damage. Cyber
Sample attacks aim to disable, disrupt, destroy or
control computer systems or to alter, block,
Attacks delete, manipulate or steal the data held
within these systems.
1. Web Based attacks.
2. System Based attacks.
 • Web-based attacks are an
attractive method by which threat
actors can delude victims using
1. Web Based web systems and services as the
threat vector.
attacks.
• Cross-site scripting (XSS). That involves an attacker uploading a piece of malicious script code
onto your website that can then be used to steal data or perform other kinds of mischief.
Although this strategy is relatively unsophisticated, it remains quite common and can do
significant damage.
• SQL Injection (SQLI). This happens when a hacker submits destructive code into an input form. If
your systems fail to clean this information, it can be submitted into the database, changing,
deleting, or revealing data to the attacker.
• Path traversal. Also resulting from improper protection of data that has been inputted, these
webserver attacks involve injecting patterns into the webserver hierarchy that allow bad actors to
obtain user credentials, databases, configuration files, and other information stored on hard
drives.
• Local File Inclusion. This relatively uncommon attack technique involves forcing the web
application to execute a file located elsewhere on the system.
• Distributed Denial of Service (DDoS) attacks. Such destructive events happen when an attacker
bombards the server with requests. In many cases, hackers use a network of compromised
computers or bots to mount this offensive. Such actions paralyze your server and prevent
legitimate visitors from gaining access to your services.
 • It is a self-replicating malicious
computer program that replicates
2. System by inserting copies of itself into
other computer programs when
Based executed. It can also execute
attacks. instructions that cause harm to the
system.
• 1. Virus
• It is a type of malicious software program that spread throughout the computer
files without the knowledge of a user. It is a self-replicating malicious computer
program that replicates by inserting copies of itself into other computer programs
when executed. It can also execute instructions that cause harm to the system.
• 2. Worm
• It is a type of malware whose primary function is to replicate itself to spread to
uninfected computers. It works same as the computer virus. Worms often
originate from email attachments that appear to be from trusted senders.
• 3. Trojan horse
• It is a malicious program that occurs unexpected changes to computer setting and
unusual activity, even when the computer should be idle. It misleads the user of
its true intent. It appears to be a normal application but when opened/executed
some malicious code will run in the background.
• 4. Backdoors
• It is a method that bypasses the normal authentication process. A
developer may create a backdoor so that an application or operating
system can be accessed for troubleshooting or other purposes.
• 5. Bots
• A bot (short for "robot") is an automated process that interacts with
other network services. Some bots program run automatically, while
others only execute commands when they receive specific input.
Common examples of bots program are the crawler, chatroom bots,
and malicious bots.
 • Vulnerability is a cyber-security term that
refers to a flaw in a system that can leave it
The open to attack.Vulnerable consumers fail to
Marketplace understand their preferences and/or lack
the knowledge, skills, or freedom to act on
For them.The aim is to significantly replace trial
Vulnerabilities and error with a robust understanding of
markets, markets habitually governed by
social virtues.
Error 404 Hacking Digital India Part 1 Chase

• 1. In error 404 hacking digital India part 1 chase , the cyber crime and cyber attacks hack
the information of users like bank detail and personal information
• 2. It is real time incident . In this , attacker or hacker creates an attractive video so that
victim gets attracted and plays that video into system .
• 3. When we clicked on video to play then at the time of buffering , hacker can know our
current location and GPS history but also have complete access to our contacts , text
messages , Facebook , Whatsapp and most importantly our bank details , including our
CVV number
• 4. Hackers are creating a kind Trojan file , and android apk files . The apk files that will be
distributed all over the internet . Those who download this file will be hacked easily

• 5. Potential cyber attacks that is most common in error 404 hacking :

• A ).Web Application attacks :
• .i.) A web application is a client - server computer program which uses web browsers and web technology to
allow its visitors to store and retrieve data to / from the database over the internet .
• ii ). If there is flaw in the web application , it allows the attacker to manipulate data using SQL injection
attack .

• B. ). Network security attacks :

• i ).Network security attacks are unauthorized actions against private , corporate or governmental IT assets in
order to destroy them modify them or steal sensitive data .
• ii ). As more enterprises invite employees to access data from mobile devices , networks become vulnerable
to data theft or total destruction of the data or network .

• C). Mobile security attacks :

• I ). Mobile security , or mobile device security , has become increasingly important in mobile computing .
• ii). The security of personal and business information now stored on smartphones .
• iii ). More and more users and businesses use smartphones to communicate , but also to plan and organize
their users ' work and also private life .
 • Control-flow hijacking attacks allow an
attacker to subvert a value that is loaded
into the program counter of a running
program, typically redirecting execution to
Control his own injected code.
Hijacking
• Buffer overflow attacks.
• Integer overflow attacks.
• Format string attacks.
• What is Buffer Overflow

• Buffers are memory storage regions that temporarily hold data while it is being
transferred from one location to another. A buffer overflow (or buffer overrun)
occurs when the volume of data exceeds the storage capacity of the memory buffer.
As a result, the program attempting to write the data to the buffer overwrites
adjacent memory locations.
• For example, a buffer for log-in credentials may be designed to expect username
and password inputs of 8 bytes, so if a transaction involves an input of 10 bytes
(that is, 2 bytes more than expected), the program may write the excess data past
the buffer boundary.
• Buffer overflow attacks.

• Attackers exploit buffer overflow issues

by overwriting the memory of an
application. This changes the execution
path of the program, triggering a
response that damages files or exposes
private information. For example, an
attacker may introduce extra code,
sending new instructions to the
application to gain access to IT systems.
Types of Buffer Overflow Attacks

Stack-based buffer Heap-based attacks are

overflows are more harder to carry out and
common, and leverage stack involve flooding the memory
memory that only exists space allocated for a program
during the execution time of beyond memory used for
a function. current runtime operations.
 •Integer overflow attacks.

• If a program performs a calculation and the true answer is larger than the
available space, it may result in an integer overflow. These integer overflows
can cause the program to use incorrect numbers and respond in unintended
ways, which can then be exploited by attackers.
• For example, if an integer data type allows integers up to two bytes or 16 bits
in length (or an unsigned number up to decimal 65,535), and two integers are
to be added together that will exceed the value of 65,535, the result will be
integer overflow.
• How can integer overflows be avoided?

• Avoidance. By allocating variables with data types that are large enough to
contain all values that may possibly be computed and stored in them, it is
always possible to avoid overflow.
• Format string attacks.

• The Format String exploit occurs when the submitted data of an input
string is evaluated as a command by the application. In this way, the
attacker could execute code, read the stack, or cause a segmentation
fault in the running application, causing new behaviors that could
compromise the security or the stability of the system.
•Format string Vulnerability.

A format string vulnerability is a bug where user input is passed as the format
argument to printf, scanf, or another function in that family.
The format argument has many different specifies which could allow an attacker
to leak data if they control the format argument to printf. Since printf and
similar are variadic functions, they will continue popping data off of the stack
according to the format.
For example, if we can make the format argument "%x.%x.%x.%x", printf will
pop off four stack values and print them in hexadecimal, potentially leaking
sensitive information.
 • In order to prevent data loss, prevent
data theft,minimize employee
downtime, and maximize IT
productivity, businesses need an
Defense Against additional line of preventative
Controle defense that can block attacks that
Hijacking Platform antivirus doesn’t – before any harm is
- Runtime Defense done.An emerging category of
software known as Runtime Malware
Defense offers a promising solution
that works by detecting and blocking
malware and exploits at runtime
 • Explain briefly computer security and components
of computer system.
• Explain CIA traits.
• Explain problems related to computer security.
• Discuss various attacks in computer security.
• Discuss error 404 hacking in India part one chase.
Important • Explain control hijacking.
Question • Briefly describe buffer overflow attack.
• What is sample attack. Explain SQL injection attack
and its prevention.
• Discuss session fixation attack.
• Discuss denial of service attack.
 Thankyou
Made By – AKTU WALA ( Satyam Sahu )
Confidentiality Policies
UNIT - 2
 • A confidentiality policy is a security policy dealing
only with confidentiality.
• Confidentiality is one of the factors of privacy, an
issue recognized in the laws of many government
entities.
• It put constraint on what information can legally be
obtained from individuals. Also it place constraints
Confidentiality on the disclosure and use of that information.
Policies • Unauthorized disclosure can result in penalties that
include jail or fines.
• Confidentiality policies place no trust in objects.
• The policy statement dictates whether that object
can be disclosed. It says nothing about whether the
object should be believed
Goal
• To maintain an outline for the
management and administration of
network.
• To protect an organisation's computing
resources
• To eliminate legal liabilities arising from
workers or third parties.
• To prevent wastage of company's
computing resources
• To prevent unauthorised modifications of
the data .
Discretionary Access Control (DAC)

• Discretionary access control (DAC) is a type of security access

Control that grants or restricts object access via an access policy
determined by an object's owner group and/or subjects.
• DAC mechanism controls are defined by user identification with
supplied credentials during authentication, such as username and
password.
• In DAC, each system object has an owner, and each initial object
Owner is the subject that causes its creation.
• DACs are discretionary because the subject (owner) can transfer
authenticated objects or information access to other users. In other
words, the owner determines object access privileges.
 Mandatory Access Control (MAC).
1. Mandatory Access Control (MAC) is a type of access control by which the
operating system constraints the ability of a subject to access or perform
some sort of operation on an object.
2. MAC criteria are defined by the system administrator, strictly enforced by the
operating system (OS) or security kernel, and are unable to be altered by end
users.
3. Mandatory access control works by assigning a classification label to each file
system object. Classifications include confidential, secret and top secret.
4. Each user and device on the system is assigned a similar classification and
clearance level.
5. When a person or device tries to access a specific resource, the OS or security
kernel will check the entity's credentials to determine whether access will be
granted.
 Advantages of Discretionary Access Control (DAC):
a. Intuitive
b. Easy to implement
Disadvantages of Discretionary Access Control (DAC) :

The a. Inherent vulnerability

b. Maintenance of ACL (Access Control List) of capability
advantage and lists
c. Maintenance of Grant/Revoke.
disadvantages Advantages of Mandatory Access Control (MAC):
of DAC and a. Ensure a high degree of protection; prevent any illegal
flow of information.
MAC ? b. Suitable for military and high security types of
applications.
Disadvantages of Mandatory Access Control (MAC) :
a. Require strict classification of subjects and objects
b. Applicable to few environments.
 1. The confinement principle is the principle of preventing
a server from leaking information that the user of the
service considers confidential.
2. The confinement principle deals with preventing a
process from taking disallowed actions.
3. Consider a client/server situation: the client sends a data
request to the server; the server uses the data, performs
some function, and sends the results (data) back to
Confinement the client.

principle 4. In confinement principle, access control affects the

function of the server in two ways:
• a. Goal of service provider : The server must ensure that
the resources it accesses on behalf of the client include
only those resources that the client is authorized to
access.
• b. Goal of the service user: The server must ensure that it
does not reveal the client's data to any other entity which
is not authorized to see the client's data.
Error 404 digital hacking in India part 2 chase
• In error 404 digital hacking in India part 2 chase experts discuss about some attack related to cyber attack
and the attacker can control the overall system if proper security is not provided to the system.
• Israel's power grid hit by a big hack attack. It is one of the worst cyber attacks ever.
• In 2014 a hydropower plant in upstate New York got hacked.
• Iran's infrastructure including its main nuclear power plant is being targeted by a new and dangerous
powerful cyber worm.
• Bangladesh best group hacked into nearly 20,000 Indian website including the Indian Border Security
Force.
• First virus that could crash power grid or destroy pipeline is available online for anyone to download and
tinker with.
• India's biggest data breach when the SBI debit card branch happens. When this happened bank where
initially in a state of denial but subsequently they had to own up cyber security breach that took place in
Indian history.
Rootkit
• A rootkit is a computer program designed to provide continued
privileged access to a computer while actively hiding its presence.
• Rootkit is a collection of tools that enabled administrator-level access
to a computer or network.
• Root refers to the Admin account on Unix and Linux systems, and kit
refers to the software components that implement the tools
• Rootkits are generally associated with malware such as Trojans, worms
viruses that conceal their existence and actions from users and other
system processes.
• A rootkit allows us to maintain command and control overa computer
without the computer user/owner knowing about it.
• Purpose of rootkits:
• The purpose of a rootkit is for a malware to give its owner, a
(often) permanent, hidden remote access to our computer.
• To avoid detection, they tamper with the system to conceal the
presence of the malware (for example, hide files) and its activities (for
example running processes).
• Examples of rootkits:
• NT Rootkit: One of the first malicious rootkits targeted at Windows
OS.
• Hacker Defender: This early Trojan altered/augmented the OS at a
very low level of functions calls. Machiavelli: The first rootkit targeting
Mac OSX. This rootkit creates hidden system calls and kernel threads.
Greek wiretapping: This rootkit targeted Ericsson's AXE PBX.
Types

1. Application rootkits:
• Application rootkits replace legitimate files with infected rootkit files on our computer.
• These rootkits infect stand ard programs like Microsoft Office, Notepad, or Paint.
• Attackers can get access to our computer every time we run those programs.
• Antivirus programs can easily detect them since they both operate on the application layer.
2. Kernel rootkits:
• Attackers use these rootkits to change the functionality of an operating system by inserting malicious code into
it.
• This gives them the opportunity to easily steal personal information.
3. Bootloader rootkits
• The bootloader mechanism is responsible for loading the operating system on a computer.
• These rootkits replace the original bootloader with an infected one. This means that bootloader rootkits are
active even before the operating system is fully loaded.
4. Hardware and firmware rootkits:
• This kind of rootkit can get access to a computer's BIOS system or hard drives as well as routers, memory
chips, and network cards.
5. Virtualized rootkits
• Virtualized rootkits take advantage of virtual machines in order to control operating systems.
• These rootkits create a virtual machine before the operating system loads, and then simply take over
control of our computer.
• Virtualized rootkits operate at a higher level than operating systems, which makes them almost
undetectable.
• How can we prevent rootkits ?
1. Avoid opening suspicious emails.
2. Avoid downloading cracked software.
3. Install software updates:
4. Anti-malware software prevents varieties of malware.
Detour used in Unix user ids and process ids.
• 1 Detour is defined as few words about Unix user IDs and IDs associated with
Unix processes.
• 2. Every user in Unix like operating system is identified by different integer
number, this unique number is called as UserID.
• 3.There are three types of UID defined for a process, which can be dynamically
changed as per the privilege of task.
• The three different types of UIDs defined are
• Real UserID: It is account of owner of this process. It defines which files that this
process has access to.
• Effective UserlD : It is normally same as real User ID, but sometimes it is changed
to enable a non-privileged user to accese files that can only be accessed by root
• Saved UserID: It is used when a process is running with elevated privileges
(generally root) needs to do some under-privileged work, this can be achieved by
temporarily switching to non-privileged account.
Intrusion Detection System (IDS) ?
• An Intrusion Detection System (IDS) is a system that monitors network traffic for
suspicious activity and issues alerts when such activity is discovered. It is a
software application that scans a network or a system for the harmful activity or
policy breaching. Any malicious venture or violation is normally reported either to
an administrator or collected centrally using a security information and event
management (SIEM) system. A SIEM system integrates outputs from multiple
sources and uses alarm filtering techniques to differentiate malicious activity
from false alarms.
• Although intrusion detection systems monitor networks for potentially malicious
activity, they are also disposed to false alarms
Security Hard
• Today in computers and on the internet attack is easier than
defense There are many reasons for this, but the most important is
the complexity of these systems.
• Complexity is the worst enemy of security. The more complex a
system is, the less secure it is
• A hacker typically targets the "attack surface" of a system. The
attack surface of a system contains all the possible points that a
hacker might target.
• A complex system means a large attack surface, and that means a
huge advantage for the hacker.
Access control list
• An access-control list is a list of permissions attached to an object.
• An ACL specifies which users or system processes are granted access to
objects, as well as what operations are allowed on given objects.
• Each entry in a typical ACL specifies a subject and an operation.
Access control technology includes:
1. Access Technology Architectures
2. Communications technologies
3. Authentication technologies
4. Infrastructure technologies
Software Fault Isolation (SFI)
• Goal and solution
• Software Fault Isolation (SFD is an alternative for unsafe languages, example C, where memory safety
is not granted but needs to be enforced at runtime by program instrumentatioon.
• SFI is a program transformation which confines a software component to a memory sandbox. This is
done by pre-fixing every memory access with a carefully designed code sequence which efficiently
ensures that the memory access occurs within the sandbox.
• SFI approach:
• Traditionally, the SFI transformation is performed at the binary level and is followed by an a
posteriori verification by a trusted SFI verifier.
• Because the verifier can assume that the code has undergone the SFI transformation, it can be kept
simple, thereby reducing both verification time and the Trusted Computing Base.
• This approach is a simple instance of Proof Carrying Code where the complier is untrusted and the
binary verifier is either trusted or verified.
• Traditional SFI is well suited for executing binary code from an untrusted origin.
VM Based Isolation
• A VM is an isolated environment with access to a subset of physical resources of
the computer system.
• Each VM appears to be running on the bare hardware, giving the appearance of
multiple instances of the same computer, though all are supported by a single
physical system.
• A process VM is a virtual platform created for an individual process and
destroyed once the process terminates.
• Virtually all operating systems provide a process VM for each one of the
applications running, but the more interesting process VMs are those which
support binaries compiled on a different instruction set.
• A system VM supports an OS together with many user processes. When the VM
runs under the control of a normal OS and provides a platform- independent
host for a single application we have an application VM, for example, Java
Virtual Machine (JVM).
• Made By : - AKTU WALA ( Satyam Sahu )
Secure Architecture Principles
Isolation And Leas

UNIT - 3
Made By :- AKTU WALA ( Satyam Sahu )
 W(CC-Sem-3 & 4)
5-2
Internet Infrastructure

PART-1
Internet Infrastructure, Basic

5
UNIT
Internet Infrastructure
Questions-Answers
Long Answer Type and Medium Answer
Security Problems.

Type Questions

One 5.1.Define internet

internet infrastructures ?
infrastructure. What are different

CONTENTS Answer
1. Internet infrastructure is the physical hardware, transmission
Part-1 : Internet Infrastructure, . . .
.5-2W to 5-4W
* * * * * * * * * * * * * * *

and software used to interconnect computers and users on the media.

Basic Security Problems
Internet.
2. Internet infrastructure is responsible for hosting, storing, processing,
and serving the information that makes up websites,
Part-2 Routing Protocols. **** .5-4W to 5-7W
content.
applications, and
Part-3 : DNS Revisited, Summary ********* ...5-7W to 5-12W
***** Different internet infrastructure
of Weakness 1. Dial-up Internet Access:
Internet Security
a Using amodemconnected to our PC, users connect to the Internet
Part-4: *********...6-12W to 5-17W
Link Layer Connectivity... when the computer dials phone number (which is provided by
a
ISP) and connects to the network.
our

and TCP/P Connectivity,

Packet Filtering Firewall, b. Dial-up is an analog connection because data is sent over an analog.
Intrusion Detection public-switched telephone network.
C. The modem converts received analog data to digital and vice versa.
2 Integrated Services DigitalNetwork (ISDN): Integrated services
digital network (ISDN)is an international communieations standard for
normal
sending voice, video, and data over digital telephone lines or

telephone wires.
3 Broadband ISDN (B-ISDN): transfers data
a. Broadband ISDN is similar in function to ISDN but it
over fiber optic telephone lines, not
normal telephone wires.
Networking) is the physical transport
b. SONET (Synchronous Optical
backbone of B-ISDN.
implemented.
C. Broadband ISDN has not been widely
to as an
DSL is frequently referred
Digital Subscriber Line (DSL): 2-wire copper telephone
uses existing
connection because it
always on" so service is delivered
simultaneously
une connected to the premise
with wired telephone service.
5-1 W(CCSem3 &4)
 54 W(CCSem-3 &4)
5-3 W(CC-Sem-3 &4)
Computer System Security Internet Infrastructure
Tt also contains a
C. structure to
the advantages
and disadvantages of in TCPD
CPIP distant networks if required. facilitate the routing of
Que 52 Explain
Since most of the other 'TCP/IP datagrams to

model. addressing scheme is of vitalprotocols

TP use IP,
understanding the
importance to understand
Anewer a
Data encapsulation and TCP/IP.
A s the TCP/LP formatting/ packaging:
of TCPAP model
are:
Advantages
model that can be eftectively deployed
network layer protocol, IP
transport layer protocols UDP and TCP. accepts data from the
1. It is an industry-standard in
practical networking problems. h I t then encapsulates this data into
IP
an
2 It allows cross-platform communications among heterogeneous format prior
to transmission. datagram using a special
networks. 3 Fragmentation and reassembly
3. It is an open protocol suite. aIP datagrams are passed down to the data link
4. It is a scalable, client-server architecture. This allows networks to be on the local network. layer for transmission
added without disrupting the current services. b. However, the maximum frame size of each
5. It assigns an IP address to each computer on the network, thus makine network using IP may be different. physical/data link
each device to be identifiable over the network. C. For this reason, IP includes the
ability fragment IP datagrams
into pieces so that they can each be
to
Disadvantages ofthe TCP/IP model are: carried on the local network.
d. The receiving device uses the
1. It is not generic in nature. So, it fails to represent any
protocol stack whole IP datagram again. reassembly function to recreate the
other than the TCP/DP suite. For example, it cannot describe the
Bluetooth
connection.
2. It does not
protocols. So,
ely separate the concepts of services,
it is not suitable to describe new
interfaces, and PART-2
networks.
technologies in newv Routing Protocols.
3. It does not distinguish between the data
link and the physical
which has very different functionalities. The layers,
concern with the transmission of
data link layer should Questions-Answers
frames. On the other hand, the
layer should lay down the physical characteristics of physical Long Answer Type and Medium Answer Type Questions
It was originally
transmission.
designed
not optimized for small
and implemented for wide area
networks. It is
networks like LAN (Local Area Network) and
PAN (Personal Area
Network). Que 5.4.Define routing protocols.
Que 53. Give a short summary of IP
protocol functions. AnsweT
Arouting protocol specifies how routers communicate with each other,
AKTU 2019-20, Marks 10
Answer cistributing
two nodes
information that enables them to select routes between any
on a
computer network.
Following are the functions 2.
Routers perform the traffic directing functions on the Internet, data
1. Addressing: of internet protocols
packets are forwarded through the networks of the internet from router
O router until
In order
to perform the job of they reach their destination computer.
where to deliver delivering datagrams, IP must know
them to. For this uting algorithms determine the specific choice of route. Each router
for host addressing. to it directly.
b.
reason, IP includes a
mechano sm
4.
4Saprior knowledge only of networks attached
Since IP
operates over a routing protocol shares this information first among
immediate
allow unique addressing internetworks, its system is nedt gnbours, and then throughout the network. This way, routers gain
ofdevices across arbitrarily largedesignee knowledge of the topology of the network.
nerwo
Computer System Security
5-5 W(CC-Sem-3 &4) G6WCC-Sem-3 &4)

protocols to dynamically adjust to chas

changing Internet Infrastructure
5. The ability of routing and computers.
Enhanced Interior Gateway
conditions such as
disabled data lines 6.
a. Ehanced Routing Protocol (EIGRP):
Interior Gateway
the types of routing
protocols ? advanced distance rector Routing Protocol
Que6.6. What are
routing that is used in a (EIGRP) is an
forautomating routingdecisions and computer network
Answer
T
b. orks on network layer configuration.
protocol number 88. protocol of OSI model and uses
ofrouting protocols
are:
Various types the
Protocols (RIP): mediate System-to-I.
1. Routing Information
RIP is dynamic routing protocol which uses hop count as a routino
6. Interm
Intermediate
Intermediate
System (IS-IS):
a.
metric to find best path between the source and destination System-to-lntermediate System (IS-IS) is
1sed by network
devices to
determine the best
a
protocol
network. network route for data
through. packet switched
b. RIP (Routing Information Protocol) is a forceful protocol type used h It is an interior gateway
in local network and wide area network. protocol designed for use within
area
administrative network. an

RIP is categorized as an interior gateway protocol within the use of

distance vector algorithm. Que 5.6.Discuss the advantages and
d It prevents routing loops by implementing a limit on the number of
disadvantages of different
routing protocols.
hops allowed in the path.
2 Interior Gateway Routing Protocol (IGRP): Answer
a It is distance vector Interior Gateway Routing Protocol (IGRP). Advantages of RIP:
b It is used by router to exchange routing data within an independent 1. Easy to configure and use.
system. 2. Supported by all routers.
Interior gateway routing protocol created in part to defeat the
confines of RIP in large networks.
3. Support load balancing.
It maintains Disadvantages of RIP
multiple metrics for each route as well as reliability,
delay load, and bandwidth. 1 Limited to a hop count of 15 i.e., it can transmit packet through 15
rout.'rs only.
. It measured in classful
routing protocol, but it is less popular because 2.
of wasteful of IP address
space. Does not support a Variable-Length Subnet Mask (VLSM), which means
3. Open Shortest Path first (OSPF): that itsends routing updates based only on a fixed-length subnet mask
(PLSM) or routes that fall on classful boundaries.
Open Shortest Path First (OSPF) is an active routing protocol used 3.
in internet protocol. Converges slowly, especially on large networks.
4. Does not have knowledge of the bandwidth of a link.
It is a link state routing protocol and inclludes into the group ot
5.
interior gateway protocol Does not support multiple paths for the same route.
It operates inside a 6. the entire routing
outing updates can require significant bandwidth,
as
distinct autonomous system.
It is used in the table is sent when a link's status
changes
network of big business companies. T.
Exterior Gateway Protocol (EGP): Prone to routing loops.
a ne absolute routing protocol for internet is exterior Advantages of IGRP:
protocol. gatewa 1. Easy to contigure and use.
EGP (Exterior and load ofa link as its
metric.
Gateway Protocol) is a protocol for
2.
Ss the delay, bandwidth, reliability,
routing table information between
two
exchanging S I1akes it very aceurate in selecting the proper route,
C.
The Exterior Gateway Protocol (EGP) is neighbour gateway hose
path vector protocol. unlike and
distance vector a Disndvantages of 1GRP: must be from Cisco Systenms.
1 s n o t an Internet standard; all routers
Converges slowly, slower than RIP
 Computer System Security 5-7 W (CC-Sem-3 -8 W CC-Sem-3 & 4)
&4)
3. In tack, the
this attack, Internet Infrastruetu
3. Does not support VLSM.
same-origin
client-side scripts are policy
ture
4. Prone to routing loops.
that served the script.
ly allowed to preventa this from
Advantage of EIGRP
access content
on happening,
the wame host
Comparing omain names i h

umvents thisessential part of enforcing this

1. It provides very quick convergence and a loop-free network. an
DNS rebinding circum
2 It supports different version of IP. Name System (DNS). protection by policy, so
misusing the Domain
3 It requires less CPU than OSPF. 5. This attack
can be used to
breach
4 It requires little bandwidth for routing updates. victim's web browser to
access
a
private network by
attackercomputers at private IP addreses and
return the results to the causing
the
5. It supports VLSM.
Tt can also be
Disadvantages of EIGRP: 6.
employed to use the victim machine for
istributed denial-of-service
1. It is not an Internet standard; all routers must be from Cisco
Systems. attacks, other or spamming,
malicious activities.
Advantages of OSPF: Que 5.8. How DNS
rebinding work ?
1. It converges quickly, compared to a distance vector protocol.
2. Its routing update packets are small, as the entire Answer
routing table is not
sent. DNS rebinding works as:
3. It is not prone to routing loops. 1. The attacker registers a domain (such
4 It scales very well to large networks. to a DNS
as
that is under the
server attacker.com) and delegates it
attacker's control.
5. It supports VLSM. 2. The server is configured to respond with a very short
(TTL) record, preventing the DNS Time-To-Live
Disadvantages of OSPF: the victim browses to the malicious response
from being cached. When
1. More complex to configure and understand than
domain,
first responds with the IP address of a
the attacker's DNS server
a distance vector server hosting the malicious
protocol. client-side code.
3. For instance, they could point the victim's browser to a website that
contains malicious JavaScript or Flash
PART-3 on the victim's
seripts that are intended to execute
DNS Revisited, Summary of Weakness of Internet Security. computer
4. The malicious client-side code makes additional accesses to the
domain name (such as attacker.com).
original
5.
Questions-Answers These are permitted by the same-origin policy. However, when the

victim's browser runs the seript it makes a new DNS request for the
Long Answer Type and Medium Answer Type Questions domain, and the attacker replies with a new IP address.
0 Por instance, they could reply with an internal IP address or the IP
address ofa target somewhere else on the Internet.
Que 5.7. What do you mean by DNS ? Explain DNS rebinding
attack. u e 5.9. Discuss the features of DNS rebinding attack.

Answer Answer
DNS: Refer Q. 4.38, Page 4-28W, Unit-4. Features of DNS rebinding attacks
DNS rebinding attack : address
the DNS name and IP
ustom DNS server that allows rebinding victim machine's address.
1. DNS rebinding is a form of computer attack. O the attacker's web to the target
server
users

2. In this 2.
pages and
JavaScript code to targeted
attack, malicious web
a TTTP server serves HTML
script that attacks machines page causes visitors to run a de
client-si and to
manage the attacks.
elsewhere on the network.
 Computer System Security 5-9 WCC-Sem-3 &4) G-10 W(CC-Sem-3 &4)

from grabbing the home r Internet Infrastruructure

Several sample attack payloads, ranging a ge
3.
of a target application to performing
remote code execution. Thee Que 1Explain key management
payloads can be easily adapted to perform
n e w and custom
attacks protocol.
Answer
. Supports concurrent users
Provides several DNS rebinding strategies, including sequential mappina 1. cement
protocol refers to the
5.
from the attacker to the target IP address and random mapping. eneration, storage, insStallation, collection of processes used for
minimize the impact of IDS interfering with
the attack. fenosition,
and transcription,
control ot keys that are
used in recording, change,
A number of technical controls to maximize the reliability and speed of
2
s essential for secure ongoing operation cryptography.
attacks 3. Th various functions of key management of any cryptosystem.
protocol are
Disabling HTTP keep alive, caching, DNS prefetching. a. Generation: This process involves the selection of
Aggressive DNS response TTLs.
used for encrypting and a key that is
b. decrypting the messages.
7. Ability to allocate HTTP servers at startup or dynamically thereafter: b. Distribution: This process involves all the efforts made
the key from the point where it is in carrying
d A convenience fea 1re to avoid restarting singularity to listen on a
to be used. generated to the point where itis
different HTTP port.
b. To lay the ground work to attack vulnerable ports discovered after C. Installation: This process involves getting the key into the storage
of the device or the process that needs to
a scan.
use this key.
d Storage: This process involves maintaining the confidentiality of
Que 5.10. How can we prevent DNS rebinding attack? stored or installed keys while preserving the integrity of the storage
mechanism.

Answer e Change: This process involves ending with the use of the key and
starting with the use of another key.
1. DNS rebinding attacks can be prevented by validating the Host HTTP
header on the server-side to only allow a set of whitelisted values. Control: This process refers to the ability to implement
influence over the content and use of the key.
adirecting
set of
2. For services listening on the loopback interface, this whitelisted
host values should only contain localhost and all reserved numeric
Que 5.12. What are the advantages and disadvantages of key
addresses for the loopback interface, including 127.0.0.1 1anagement protocol ?
3 For instance, let's say that a service is listening on address 127.0.0.1,
TCP port 3000. Then, the service should check that all HTTPrequest
Host header values strictly contain "127.0.0.1 :3000" and/or localhost :
Answer
3000". Advantages: stored.
4. If the host header contains anything else, then the request should be
In key management protocol, less than N - 1 keys are

2. It is scalable.
denied.
5. Depending on the application deployment model, we may have to Disadvantages: clearly define any process
and does not
whitelist other or additional addresses such as 127.0.0.2, another reserved 1 ttorlacks authentication process

numeric address for the loopback interface. revoking or refreshing keys.

form of data
any
6. For services exposed on the network (and for any services in general, 2 process prevents
The dynamic handshaking
authentication should be required to prevent unauthorized access. aBgregation.
7. operations.
Filtering DNS responses containing private, link-local or loopback No upport for collaborative neighbours
common key with
all of its
addresse8, both for IPv4 and IPv6, should not be relied upon as a prima" 4. to have
is guaranteed
defense mechanism ode nodes are unreacnabie ional
against DNS rebinding attacks. nere is a chance that
some
a u t h e n t i c a t i o n
and opera'

8. Singularity can bypass some filters in certain conditions, sucn a 5. Fails to sati sty security
requirement

responding with a localhost record when targeting an application v the requirement accessibility.
Google Chrome browser
 Computer System Security 5-11 W(CC-Sem-3 &4) 1 2 W(CC-Sem-3&4

Que 5.13. What are the security and operational requirements for IPSec tunnel mode, the
Internet Infrastructure
2.
In
original
Authentication Header (AH) or
IP
Datagram is encapsulated
key management protocol ?
Encapsulating Security
header and additional IP header
an with an
Protocol (ESP)
Answer 3.
Gtie
The traffich between the two VPN
us
(in aa new IP
datagram),Gateways
gateways (in
Security with appears to be from the
and operational requirements for key management
protocol: (in case of ESP)
inside IPSec the original IP datagramtwois
1. Confidentiality: Nodes should not reveal data to any
unintended
packet.
recipients.
2
PART-4
Integrity : Data should not be changed between transmissions due to Laver Connectivily and TCPIIP
Firewall, Intrusion Connectivity,
environment or malicious activity.
3 Data freshness : Old data should not be useu as
Detection. Packet Filtering
new
4. Authentication : Data used in decision making process should originate
from correct source.
5. Robustness : When some nodes are
Questions-Answers
compromised, the entire network Long Answer 1ype and Medium Answer
should not be compromised. Type Questions
6. Self-organization: Nodes should be flexible
enough to be self
organizing (autonomous) and self-healing (failure tolerant).
Que 5.15. Discuss link layer connection in TCP/IP model.
7 Availability : Network should not fail frequently.
8 Time
synchronization:Protocols should not be manipulated to produce
incorrect data.
Answer
1. The link layer in the TCP/IP model is
9. Secure localization:Nodes should be able to
a
descriptive field
networking
accurately and securely protocols that operate only on the local network segment (link) thata
acquire location information. host is connected to. Such protocol packets are not routed w other
10. Accessibility: Intermediate nodes should be able to
networks.
perform data
aggregation by combining data from different nodes. 2. The link layer includes the protocols that define comnunication between
local (on-link) network nodes which fulfill the purpose of maintaining
Que 5.14. Write a short note on VPN and tunnel mode. link states between the local nodes, such as the local network
upolug
and that usually use protocols that are based on the framing of packets
Answer specific to the link ty pes.
3. The
Virtual Private Network (VPN)D core protocols specified by the Internet Engineering Task Porce
(ARP), the
1. A Virtual Private Network
(VPN) is ETF) in this layer are the Address Resolution Protocol
a
technology that creates a safe and everse Address Resolution Protocol (RARP), and the Neighbour
encrypted connection over a less network, such as the internet.
secure
2. It is
Discovery Protocol (NDP).
a
way to extend a private network the
using a public network such as T h e ink layer of the TCP/IP model is often compared direcetly with
internet. the pen
COmbination of the data link layer and the physical layer in
3. The name only stack. Although they are
suggests that it is Virtual private network i.e., user can ystems Interconnection (OSI) protocol are
be the part of local of prools, they
network sitting at a remote location. to some degree in technical coverage
4. gruent
makes use
It of tunneling not identical.
protocols to establish a secure connection. 5. should be avoided,
iecause the
Tunnel mode: strict comparisons is
e r a , direct or criterion and in general
1. In IPSec tunnel principal design
g in TCP/IP is
not a
mode, the original IP
payload) is encapsulated within anotherpacket (IP header and the Data Considered to be harmful
packet. firewal.
e 5.16. Write short note on
 CC-Sem-3 &4)
-14
Computer System Security 5-13 W (CC-Sem-3
&4) ateless in Internet Infrastructure
Being nature, they are not
cols. well suited to
Answer application layer
ayer
1. A single choke point that keeps unauthorized
Que
18. Write short note on telnet.
firewall defines
out of the
a
rs
protected network, prohibits potentially vulnerable servica
from entering or the network, and provides
leaving Answer
protection from
various kinds of IP spoofing and routing attacks.
Telnet is a user
ommand and an
2. The use of a single choke point simplifies security management because accessing remote computers. underlying TCP/IP protocol fo
security capabilities are consolidated on a single system or set of systems ough Telnet, an
3. A firewall provides a location for . ministrator or another user can
monitoring
Audits and alarms can be implemented on thesecurity-related events. else's computer remotely. access someone
firewall system.
4. A firewall is a convenient 3. With Telnet, we log on a
as regular user with whatever
platform for several Internet functions that may have been granted
are not security related. These include a
network address
to the
specific application and privileges we
data on that
translator. computer.
which maps local addresses to Internet
addresses, and a network At the Telnet client, a character that is
management function that audits or logs Internet usage. typed on the keyboard is not
5. A firewall can serve as the
platform for IPSec. Using the tunnel
displayed on the monitor, but, instead, is encoded
and transmitted to a remote Telnet server. as an ASCI character
capability, the firewall can be used to implement virtual mode
networks. private . At the server, the ASCII character is
interpreted as if a user had typed
the character on the keyboard of the remote
machine.
Que 5.17, What is packet filtering firewall ? Explain its results in any output, this output is encoded as (ASCII) If the keystroke
text and sent to
and disadvantage.
advantage the Telnet client, which displays it on its
monitor.
6. The output can be just the (echo
Answer of the) typed character or it can be the
output of a command that was executed at the remote Telnet server.
Packet filtering firewall:
Packet filtering firewall is a Que 5.19. Explain briefly fragmentation at network layer.
technique used to control network access by
monitoring outgoing and incoming packets.
2. Answer
Packet filtering firewall allows
packet to pass or halt based on the source
and destination Internet Protocol
(IP) address, protocols and ports. Lragmentation
is
is done bythe network layer when the maximum size of
than maximum size of data that be held frame
Advantages: datagram greater
L.e., it's Maximum Transmission Unit (MTU).
can a

1 They are
simple, since a single rule is
allow or deny the packet.
enough to indicate whether to 2The network layer divides the datagram received from transport layer
into fragmentsso that data flow is not disrupted.
2. They transparent to the users i.e., the users need not know
are
the 3, tis done by network layer at the destination side and is usually done at
existence of packet filters.
3.
routers.
They operate at a fast speed as
compared to other techniques. Source side does not require fragmentation due to segmentaton
4 The client
computers need not at datagram data limit and
be
implementing packet-filtering firewalls. configured specially while ransport layer i.e., the transport layer looks that
rame data limit and does segmentation in such way
a resulting
5. They protecet the IP addresses of ata can easily fit ina frame without the need of fragmentation.
internal hosts from the outside
Disadvantages: network with the identification (16
bits) field in IP
celver identifies the frameframe has same identification
number.
1 They are unable to inspect the der. Each fragment of a offset
thus, cannot restrict access to application layer data in the packets a d Receiver identifies of frames using
the fragment
2. It is
FTP services.
(13 bits) field in IP
sequence
i
difficult task to set up the
a
header header introduced
3. They lack support for packet-filtering rules correctly An overhead at networklayer is present due
to extra
authentication and have alert due
no
mechanisms due to fragmentation.
 5-15 W (CC-Sem-3 5-16 W(CC-Sem-3 &4)
Computer System Security
&4)
Internet Infrastructure
9ue5.20. Write short note on proxy firewall. Answer

appro roaches for intrusi

Answer Two
detection
1 Proxy firewalls are the most secure types of firewalls, as they can mit
Statistical anomaly d
detection In thisare:
:
which applications our network can support.
legitimate users

bytwo ways:
evaluated over some time category, the behaviour of
2. The enhanced security of a proxy firewall is because interval. It can be
do not pass through a proxy. Instead the
information packets a. Threshold detection: achieved
proxy acts as an intermediary
computers make a connection to the prOxy which then initiates a
neu
L In
threshold detection, thresholds
network connection based on the request. group, and the total are defined for all
numbers of events
3. This prevents direct connections and packet transfer the user are measured that are users as a
sides of the firewall, which makes it harder for
between either against these threshold attributed to
intruders to discoverT i. The number of events is values.
where the location of the network is from
packet is most ikely to assumed to round upto a number
information. occur, and if
4. Afirewall proxy provides internet access to
computers on a network number, then intrusion is said tothe event count exceeds that
this
is mostly deployed to but have occurred.
provide safety or security by controlling the b. Profile-based detection:
information going in and out of the network.
5. Firewall proxy servers filter, cache, log, and control
In profile-based detection,
and then matched with profiles for all users are created,
from a client to keep the network secure and requests coming available statistical data to find
free of intruders any unwanted action
viruses. and has been out if
A user profile
performed.
contains several
Que 5.21.Write short note on intrusion detection. in a single parameters. Therefore, change
parameter is not a sign of alert.
2 Rule-based detection: In this category, certain rules are
Answer the actions performed by the users. It is applied on
classified into two types
1.
Intrusion detection refers to the a. Anomaly-based detection
process of identifying attempts to
penetrate a system and gain unauthorized access. i In anomaly-based detection, the
2. An intrusion detection usage patterns of users are
system is a collected, and certain rules are applied to check any deviation
unwanted attempts at accessing ofsoftware/hardware designed to detect from the previous usage
target application or system. patterns.
3. If an intrusion is detected
and ejected from the
quickly enough, the intruder can be identified . The collected patterns are defined by the set of rules that
system before any damage is done or any data are includes past behaviour patterns of users, programs, privileges,
compromised. time-slots, terminals, ete.
4 Even if the detection is not
sooner that the intrusion is
sufficiently time to
preempt the intruder, the i. The current behaviour patterns of the user are matched with
more quickly
detected, the less the amount of damage and the defined set of rules to check whether there is any deviation
recovery can be achieved. in the patterns.
. An effective
intrusion detection system can serve as a . Penetration identification:
intrusions. barrier to
maintained
6. Intrusion detection enables the In penetration identification, an expert system is
collection of information about intrusion that looks for any unwanted attempts.
techniques that
can be used to
used to identify the
facility strengthen the intrusion prevention This system also contains rules
that are
known
that can exploit
Suspicious behaviour and penetrations
ae 5.29 Briefly describe weaknesses.
approaches for intrusion detection.
domain name system and explain what is DNS
W h a t is
cache poisoning? AKTU 2019-20, Marks10
 5-17 W(cC-Sem-3 &41
Computer System Security

Answer
Domain name system: and decentralizod
is a hierarchical
Domain Name System (DNS) resources connectel
1. The services, or
other d
computers,
naming system for network.
to the Internet or a private
names assigned to each
information with domain
2. It associates various
entities.
of the participating of websites with their
resolves the names

3. The domain n a m e system eficiency and even security in the

addresses adding
underlying IP
process.
on DNS t
other internet activities depend
Web browsing and most connect users to remote
information necessary to
quickly provide the
hosts.
the internet in a hierarchy of
5. DNS mapping is distributed throughout
authority.
into a web browser, a server
6. For example, if we type www.google.com
corresponding IP address,
name to the
behind the scenes will map that
to 172.217.24.228.
something similar in structure
also known as 'DNS spoofing,
DNS cache poisoning: DNS cache poisoning
in which corrupt domain name
is a form of computer security hacking
the DNS resolver's cache causing the name
system data is introduced into
server to return an incorrect
result record. For example, an IP addre8s.
 2 Marks Questions
SQ-18 W (CC-Sem-3 &4)

5 UNIT
Internet Infrastructure
(2 Marks Questions)

5.1. What is internet infrastructure ?

Ans Internet infrastructure is a collective term for all hardware and
Software systems that constitute essential components in the
operation of the Internet.

5.2. What are the components of network infrastructure?

Ans Network infrastructure includes

1. Network hardware
2. Network software
3. Network services

5.3. What is routing?

Ans Routing is the process of selectingapath for traffic in a networkor
between or across multiple networks. Routing is performed in many
types of networks, including circuit-switched networks, such as
the Public Switched Telephone Network (PSTN), and computer
networks, such as the Internet.

5.4. What are the impacts of attack on router?

Ans Impacts of attacks on routers are:
1. Traffic redirection
2. Traffic sent to a routing black hole
3. Router denial-of-service (DoS)
4. Unauthorized route prefix origination

5.5. What are the main functions of link layer ?

An Main functions of link layer are:
1. It handles problems that occur as a result of bit transmission errors.
2. It ensures data flows at a pace that does not overwhelm sending
and receiving devices.
3. It permits the transmission of data to upper layer, the network
layer, where it is addressed and routed.
5.6. What do you understand by TCP/IP?
Computer System Security (2 Marks) SQ-19 W(CC-Sem-3&4)

Ans Transmission Control Protocol/lnternet. Protocol (TCP/IP) 1s the

languagea computer uses to access the internet. It consists or a
suite of protocols
designed to establish a network of networks
providea host with nccess to the
internet.
5.7. What is firewall ?
Ans Firewall 18 a network device that isolates
network from larger outside organization's internal
software, or combined system that
network/Internet.
It be can hardware,
to or from internal network. prevents unauthorized access

5,8. What are various types

of firewall?
Ans. Types of firewall are
1. Packet filtering
2. Stateful packet
filtering
3. Application level gateways
5.9. What is packet filtering ?
Ans Packet filtering firewall is
access
a
technique
by monitoring outgoing and incoming
used to control network
packets.
5.10. What is application level
gateway ?
Ans Application level gateway is a firewall which is
capableto understand
application level protocols. This requires the firewall
of
inspecting
certain specifie application protocols.

5.11. Write disadvantages of packet filtering.

Ans. Disadvantages of
packet filtering are:
1. The packetfiltering rules tend to be hard to configure. We need a
lot of expertise and proper strategy to configure it right.
2. Once it is configured, it is difficult to comprehensively test and
verify whether it is working correctly or not.
3. It is a stateless machine. It does not remember the state of the
previous packet. Stateless packet filters are vulnerable to attacks.

5.12. Write advantages of packet filtering.

As The main advantage of the packet filtering:
1. Astrategically placed packet filtering firewall can protect the entire
network.
2. Packet filtering is available in routers.

5.13. What are intrusion detection models?

An Intrusion detection model are:
1. Misuse detection model
2. Anomaly detection model
 2 Marks Questions
SQ-20 W(CC-Sem-3& 4)
5.14. What are the difference between HTTPs, SSL and TLS?

AKTU 2019-20, Marks02

AnE

S.No. HTTPs SSL TLS

1 It is hypertext | It is secure socket It is transport layer
transfer protocol| layer. security.
with secure.

2 It is secure and The SSL versions TLS is more secure

reliable. are less secure. than SSL.
3. It uses port number It uses port number It uses port number
443 by default. 25. 465.

5.15. Give three benefits of IPsec. AKTU 2019-20, Marks 02

wwww

Ans Benefits of IPsec:

1. Reduced key negotiation overhead and
simplified maintenance by
supporting the Internet Key Exchange (IKE) protocol.
2. Good compatibility.
3. Encryption on
per-packet rather than per-flow basis.