(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Important Instructions to examiners:

1) The answers should be examined by key words and not as word-to-word as given in the model answer scheme.
2) The model answer and the answer written by candidate may vary but the examiner may try to assess the
understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more Importance (Not applicable
for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in the figure. The figures
drawn by candidate and model answer may vary. The examiner may give credit for any equivalentfigure drawn. 5)
Credits may be given step wise for numerical problems. In some cases, the assumed constant values may vary and
there may be some difference in the candidate’s answers and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of relevant answer based on
candidate’s understanding.
7) For programming language papers, credit may be given to any other program based on equivalent concept. 8) As
per the policy decision of Maharashtra State Government, teaching in English/Marathi and Bilingual (English +
Marathi) medium is introduced at first year of AICTE diploma Programme from academic year 2021-2022. Hence if
the students write answers in Marathi or bilingual language (English +Marathi), the Examiner shall consider the
same and assess the answer based on matching of concepts with model answer.
Q. Sub Answer Marking
N Q. Scheme
o. N.

1. Attempt any FIVE of the following: 10 M

(a) Define CIA model of Security Basic. 2M

Ans. The CIA triad is a model that guides information security by focusing on three Correct
key principles: confidentiality, integrity, and availability: Definiti
• Confidentiality: Limits access to data and information to authorized on 2M
individuals and systems
• Integrity: Ensures that information is accurate and trustworthy
• Availability: Guarantees that authorized people have reliable access to
information

(b) Enlist the types of Firewalls. 2M

Ans. 1. Packet Filters. ½M

2. Stateful Inspection Firewalls. Each
3. Application Layer Firewalls. type
(Any
4. Next-generation Firewalls.
four
5. Circuit-level Gateways. types)
6. Software Firewalls.
7. Hardware Firewalls.
8. Cloud Firewalls.

(c) Differentiate between Virus & Worm (any two). 2M

 Ans. Virus Worm Any
A virus is a piece of code that Two
A worm is a malicious program Differen
attaches itself to legitimate program. ce 1M
that spread automatically. each

Page 1 of 37
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

Virus modifies the code. Worm does not modify the code.

It does not replicate itself. It replicate itself.

Virus is a destructive in nature. Worm is nondestructive in nature.

Aim of virus is to infect the code Aim of worm is to make

or program stored on computer computer or network unusable.
system.

Virus can infect other files. Worm does not infect other
files but it occupies memory
space by replication.

Virus may need a trigger for Worm does not need any trigger.
execution.

(d) Explain the term Cryptography. 2M

Ans. Cryptography is an ancient art and science of writing in secret message. In areas Correct
like data and telecommunications, cryptography is most important when Explanati
communicating over any un-trusted medium; it includes any network particularly on 2M
the Internet.
Cryptography, not only protects data from alteration, but it can also be used for
authentication of user.
OR
Cryptography is a technique of securing communication by converting plain text
into ciphertext.
It involves various algorithms and protocols to ensure data confidentiality,
integrity, authentication, and non-repudiation.

(e) Define the term Honeypots. 2M

Ans. Honeypots are the innovation in Intrusion Detection technology. Correct

A honeypot is a computer system on the Internet which is specifically set up to Definiti
attract and "trap" people who are attempting to penetrate (attackers) other critical on 2M
systems.
 (f) Enlist two Intrusion Detection System. 2M

Ans. 1. Host Based Intrusion Detection System (HIDS) Any Two

Systems
2. Network Based Intrusion Detection System (NIDS) 1M each
3. Protocol-Based Intrusion Detection System (PIDS)
4. Application Protocol-Based Intrusion Detection System (APIDS)
5. Hybrid Intrusion Detection System

(g) Enlist two Active & Passive attack each. 2M

Page 2 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

Active attacks Any

1. Interruption Two
2. Message Modification Attack Active
3. Fabrication &
4. Man-in-the-Middle (MITM) Attack Passive
5. Denial of Service (DoS) Attack Attacks
6. Distributed Denial of Service (DDoS) Attack 2M (½ M
7. Trojans each)
8. Session Hijacking
9. Phishing
10. SQL Injection
11. Malware Attack
12. Masquerade Attack
13. Password Cracking
14. Spoofing Attacks

Passive attacks
1. Release of message contents
2. Traffic analysis
3. Eavesdropping
4. Password Sniffing,
5. Social Media Profiling
6. Shoulder Surfing
7. Covert Channel Attacks
8. Key logging
9. Network Mapping
10. Sniffing
 2. Attempt any THREE of the following: 12M

(a) Explain criterias for information classification. 4M

Ans. The information classification defines what kind of information is stored on a 1M each
system. Based on that classification, the Information may need additional Criteria
protections in place. Explanati
on
Following are the criteria used to decide classification of information. 1. Value: It
is the common criteria of information classification. When the information is more
valuable for organization then that information should be classified.
2. Age: Age states that the classification of information might be lowered if the
information's value decreases over time. For example - if the documents are
classified and then they are automatically declassified after specific time period. 3.
Useful Life: Useful Life states that if the information has been made out-of-date
due to new information or any other reasons then that information can regularly be
declassified.

Page 3 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

4. Personal Association: The information which is personally associated with

particular individuals or it is addressed by a privacy law then such information
should be classified.

(b) Describe the dumster diving with its prevention mechanism. 4M

 Ans. Dumpster Diving: Definiti
on 2M
Dumpster diving is the process of going through a target's trash in order to find &
little bits of information. In the world of information technology, dumpster diving Preventio
is a technique used to retrieve information that could be used to carry out an n
attack on a computer network. Mechanis
m 2M
Prevention Mechanism:

• Dumpster diving isn't limited to searching through the trash for obvious
treasures like access codes or passwords written down on sticky notes.
Innocent information like a phone list, calendar, or organizational chart can
be used to assist an attacker to gain access to the network.
• To prevent dumpster divers from learning anything valuable from the trash,
experts recommend that the company establish a disposal policy where all
paper, including print-outs, is shredded in a cross-cut shredder before being
recycled, all storage media is erased, and all staff is educated about the
danger of untracked trash.
• Attackers always need a certain amount of information before attack. If the
attacker is in the surrounding area of the target, one common place to find
this information is to go through the target's trash in order to find little bits of
information that could be useful. This process of going through a target's
trash is known as dumpster diving.
• If the attackers are very lucky, and the target's security procedures are very
poor, they may actually find user IDs and passwords. We have studied earlier
that the users sometimes write their password down. When the password is
changed, they discard the paper where the old password was written on
without shredding it and in this way the lucky dumpster diver can get a
valuable clue.
• Even though the attacker is not lucky enough to obtain a password directly,
they can found the name of employee and from that it's not hard to determine
user IDs for attackers.
• From hardware or software manuals, which is purchased by user may also
provide clues as what vulnerabilities exist on the target's computer systems
and networks. Like this by many ways the attacker may gather a variety of
information, which can be useful in a social engineering attack.

Page 4 of 37
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.
(c) Draw and explain Host-Based intrusion detection system. 4M

Ans. Correct
Diagram
2M
&
Explanati
on 2M

Fig: Host-Based intrusion detection system

• A host based IDS check log files, audit trails and network traffic coming into or
leaving specific host.
• HIDS can operate in real time, looking for activity as it arises, or batch mode,
looking for activity on a periodic basis.
• Typically Host based systems are self-contained, but many new commercial
products are designed for reporting to and be managed by a central
system. These systems are also taking local system resources to operate.
• Older version of host-based IDSs was operating in batch mode, looking for
suspicious activity on an hourly or daily basis and typically looked for
particular events in the system's log files.
• In the new version of host-based IDS, processor speed is increased and IDSs
start looking through the log files in real time and the ability to examine the
data traffic the host was generating and receiving is also added.
• Many host-based IDS focus on the log files or audit trails produced by local
operating system. On windows systems, the examined logs are typically
Application, System and Security event logs. On Unix system, the examined
logs are generally message, kernel and error logs.
• Some host based IDSs have the ability to cover specific applications by
examining the logs produced by that specific applications or examining the
traffic from the services themselves like FTP, or web services.
• HIDS is looking for certain activities in the log file are:
Logins at odd hours.
Login authentication failure.

Page 5 of 37
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

Adding new user account.

Modification or access of critical system files.
Modification or removal of binary files.
Starting or stopping processes.
Privilege escalation.
Use of certain programs.

(d) Explain Data Encryption Standard. 4M

Ans. Data Encryption Standard (DES) Correct

Diagram
• The Data Encryption Standard (DES) is the classic among the symmetric block 1M
cipher algorithms. DES was developed in the 1970s as a US-government &
standard for protecting non-classified information and was published as a Explanati
Federal Information Processing Standard. on 3M
• DES encrypts 64 bit clear text blocks under the control of 56 bit keys. Each
key is extended by a parity byte give a 64 bit working key.

Fig: Data Encryption standard

• DES based on two fundamental attributes of cryptography Substitution
Transposition.
• DES consists of 16 steps each of which is called as a round.
• Each round performs the steps of substitution and transposition techniques for
scrambling of the characters.
Steps:
1. 64 bit Plaintext block is handed over to an Initial Permutation (IP)
function. 2. Initial Permutation is performed on Plaintext.
3. IP produces two halves of permuted block.
Left Plaintext (LPT)

Page 6 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

Right Plaintext (RPT)

4. Each LPT and RPT goes through 16 rounds of encryption process, each with
its own key.
5. In the end LPT and RPT are rejoined and Final Permutation (FP) is
performed on the combined block.
6. The result is 64-bit Cipher text.
Initial Permutation (IP) happens only once. IP replaces the first bit of original
Plaintext block with Same original Plaintext block, second bit with the 50 bit
and so on.

3. Attempt any THREE of the following : 12M

(a) Define following terms: 4M

(i) Operating system security
(ii) Hot fix
(iii) Patch
(iv) Service Pack

Ans. (i)Operating system security: The process of ensuring OS availability, 1M for

confidentiality, integrity is known as operating system security. OS security defining
refers to the processes or measures taken to protect the operating system from each term
dangers, including viruses, worms, malware, and remote hacker intrusions.

(ii) Hot fix: A hotfix is like a quick update that fixes a specific big problem in
software. It's not like regular updates which come on a schedule for small
improvements and bug fixes.

(iii) Patch: A software patch is primarily used to address vulnerabilities issues,

errors, or performance concerns in a software application. Patches can also
provide new features, improve compatibility with other software or hardware,
and increase overall security.

(iv) Service Pack: A service pack is a collection of updates and fixes, called
patches for an operating system or a software program. Many of these patches
are often released before a larger service pack, but the service pack allows for
an easy, single installation. An installed service pack also tends to update the
version number for Windows.

(b) Define password selection strategies. 4M

 Ans. Password selection strategies are guidelines or methods designed to help users 1M for
create secure passwords that are resistant to attacks, such as brute force, each
dictionary attacks, or social engineering. correct
strategy
1. User education: (Any 4)
(i). Users can be told the importance of using hard-to-guess passwords and
can be provided with guidelines for selecting strong passwords.
(ii). This user education strategy is unlikely to succeed at most installations,
particularly where there is a large user population or a lot of turnovers.
Many

Page 7 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.
 users will simply ignore the guidelines.
(iii). Others may not be good judges of what is a strong password.
(iv). For example, many users believe that reversing a word or capitalizing
the last letter makes a password un-guessable.

2. Computer-generated passwords:
(i). Passwords are quite random in nature. Computer generated passwords
also have problems.
(ii). If the passwords are quite random in nature, users will not be able to
remember them. Even if the password is pronounceable, the user may have
difficulty remembering it and so be tempted to write it down.
(iii). In general, computer-generated password schemes have a history of
poor acceptance by users.
(iv). FIPS PUB 181 defines one of the best-designed automated password
generators. The standard includes not only a description of the approach but
also a complete listing of the C source code of the algorithm.
(v). The algorithm generates words by forming pronounceable syllables and
concatenating them to form a word. A random number generator produces a
random stream of characters used to construct the syllables and words.

3. Reactive password checking:

(i). A reactive password checking strategy is one in which the system
periodically runs its own password cracker to find guessable passwords. (ii).
The system cancels any passwords that are guessed and notifies the user.
(iii). This tactic has a number of drawbacks. First it is resource intensive, if
the job is done right. Because a determined opponent who is able to steal a
password file can devote full CPU time to the task for hours or even days an
effective reactive password checker is at a distinct disadvantage.
(iv). Furthermore, any existing passwords remain vulnerable until the
reactive password checker finds them.

4. Proactive password checking:

(i). The most promising approach to improved password security is a
proactive password checker.
(ii). In this scheme, a user is allowed to select his/her own password.
However, at the time of selection, the system checks to see if the password is
allowable and if not, rejects it.
(iii).Such checkers are based on the philosophy that with sufficient guidance
from the system, users can select memorable passwords from a fairly large
password space that are not likely to be guessed in a dictionary attack.
(iv).The trick with a proactive password checker is to strike a balance
between user acceptability and strength.
(v). If the system rejects too many passwords, users will complain that it is
too hard to select a password.
(vi).If the system uses some simple algorithm to define what is acceptable,
this provides guidance to password crackers to refine their guessing
technique. In the remainder of this subsection, we look at possible
approaches to proactive password checking.

Page 8 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

OR

The primary strategies for password selection:

1. Random Password Generation

• Use software tools or algorithms to generate truly random passwords. • These
passwords often include a mix of uppercase letters, lowercase letters, numbers, and
special characters.
• Example: d9A$kL7*Xz#

2. Passphrase Selection
• Use a string of unrelated but memorable words or a phrase.
• This approach increases the length of the password while maintaining ease of
memorization.
• Example: HorseBatteryStapleCloud.

3. Character Combination Rules

• Enforce aminimum length and require the use of multiple character types (e.g.,
uppercase, lowercase, numbers, special characters).
• Example: My$3curePa$$.

4. Avoidance of Common Passwords

• Prohibit the use of commonly used passwords like 123456, password, or qwerty. •
Refer to lists like those published by organizations such as "Have I Been Pwned" to
block these passwords.

5. Password Complexity Policies

• Require users to avoid predictable patterns such as sequential numbers, repeated
characters, or easily guessable information (e.g., names, birthdays).
• Example: Instead of John1990, use JoH!n@9_90.

6. Password Management Tools

• Encourage users to rely on password manager software to generate and store
complex passwords.
• Example: Tools like LastPass or Bitwarden help in creating secure, random
passwords.

7. Two-Factor Authentication (2FA) Support

• Complement password strategies by requiring an additional authentication factor,
such as a mobile app, SMS code, or biometric verification.

8. Periodic Password Changes

• Encourage users to update their passwords periodically to mitigate risks from
breaches or leaks.

9. Mnemonic-Based Passwords
• Use a phrase or sentence to derive a password by taking the first letter of each

Page 9 of 37
 (ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

word and incorporating variations.

• Example: From "I love chocolate chip cookies in 2024," create Ilc3Cci@24.

10. Avoiding Personal Information

• Avoid using easily accessible information, such as names, phone numbers, or
addresses, which attackers can obtain.

11. Length Over Complexity

• Prioritize length (e.g., 16+ characters) over excessive complexity for increased
security.
• Example: ThisIsAReallyLongPassword1234.
A combination of these strategies typically offers the best protection, especially
when coupled with awareness of phishing attempts and secure storage of
passwords.

(c) Explain Caesar's Cipher substitute technique with suitable example. 4M

Ans. Caesar's Cipher Substitute Technique: 2M for

Caesar's cipher is one of the simplest and oldest encryption techniques. It is a explanati
substitution cipher where each letter in the plaintext is shifted a fixed number of on &
places down or up the alphabet. 2M for
any
Key Characteristics: suitable
example
1. Substitution Rule: Each letter is replaced by another letter at a fixed distance
in the alphabet.
2. Key: The number of positions the letters are shifted (e.g., 3 places). 3.
Wrap-Around: The alphabet is treated as circular, so shifting past 'Z' continues
from 'A'.

Limitations:
1. Weak Security: Caesar's cipher is vulnerable to brute force attacks since there
are only 25 possible shifts.

2. Frequency Analysis: Attackers can exploit letter frequency patterns to break

the cipher.

Steps in Caesar's Cipher:

1. Choose the Shift (Key):

• Decide how many positions to shift. For example, a shift of 3 means

A → D, B → E, etc.

2. Encrypt the Message:

• Replace each letter in the plaintext with the letter shifted by the key.
Non-alphabetic characters remain unchanged.
 Page 10 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

3. Decrypt the Message:

• Reverse the shift by subtracting the key.

Example:
Given:
• Plaintext: HELLO WORLD

• Key: 3

Encryption Process:
1. Write the alphabet:

Alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Shifted: DEFGHIJKLMNOPQRSTUVWXYZABC
1. Replace each letter in the plaintext:

• H → K, E → H, L → O, L → O, O → R

• Space remains unchanged.

• W → Z, O → R, R → U, L → O, D → G
Encrypted message: KHOOR ZRUOG

Decryption Process:
To decrypt, shift each letter backwards by 3:
• K → H, H → E, O → L, O → L, R → O

• Space remains unchanged.

•Z→ W, R → O, U → R, O → L, G → D

Decrypted message: HELLO WORLD

(d) Explain Email Security in SMTP. 4M

 Ans. • Electronic mail (Email) is the most widely used application on the Internet. Using 2M for
Email, user can send a text messages, pictures, videos and sounds etc. to other Explanati
Internet Users. on &
• Now a day's security for Email messages has become an extremely important 2M for
issue. Correct
• For text Email transmission, the message is considered as two portions - Contents Diagram
and header, similar to postal system.
• Every Email message consists of a number of header lines which are followed by
the actual message contents means a keyword, followed by a colon. Header
keywords are - From, To, Subject and Date.

➢ SMTP (Simple Mail Transfer Protocol):

Page 11 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.
 • Simple Mail Transfer Protocol (SMTP) is a TCP/IP protocol that specifies
how computers exchange electronic mail. It works with Post Office Protocol
(POP).
• SMTP is "request/response" based, which means the email client software at
the sender's end gives the email message to the SMTP server.
• Actually, SMTP server transfers the message to the receiver's SMTP server.
The job of SMTP's mail is to carry the email message between the sender
and the receiver.
• It provides a mail exchange between sender and receiver on the same or
different computers, and it also supports:

1. It can send a single message to one or more recipients.

2. Sending message can include text, voice, video or graphics.
3. It can also send the messages on networks outside the internet.

• SMTP uses TCP port number 25 for his service. Hence, e-mail is delivered
from sender to receiver by having the source machine established a TCP
connection to port 25 of the destination machine.

• Email communication consists of following steps:

1. At the sender's end, an SMTP server takes the message sent by a user's
computer.
2. At the sender's end, the SMTP server at the sender's then transfers the message
to the SMTP server of the receiver.
3. The receiver's computer then drags the email message from SMTP server at the
receiver's end, using other email protocols like Post Office Protocol (POP) or
Internet Mail Access Protocol (IMAP).

Fig.: Email using SMTP Protocol

The SMTP operation follows three phases:

1. Connection Set up:
An SMTP sender will attempt to set up a TCP connection with a target when
it has one or more mail message to deliver to that host.

Page 12 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620
Q. Sub Answer Marking
N Q. Scheme
o. N.

The following sequence occurs during connection setup:

(a) The sender opens a TCP connection with the receiver.

(b) Once the connection is established, the receiver identifies itself with "220
Service Ready".
(c) The sender identifies itself with the HELO command.
(d) The receiver accepts the sender's identification with "250 OK".
(e) If the mail service on the destination is not available, the destination host
returns a "421 Service Not Available" reply in step 2 and the process is
terminated.

2. Mail transfer:
After the connection has been established, the SMTP sender may send one or
more messages to the SMTP receiver.

There are three logical phases to the transfer of a message;

(a) A MAIL command identifies the originator of the message.

(b) One or more RCPT commands identify the recipients of this
message. (c) A DATA command transfers the message text.

3. Connection termination:

The SMTP sender closes the connection in the following manner;

(a) The sender sends a QUIT command and waits for a reply.
(b) Sender initiates TCP close operation for the TCP connection.
(c) The receiver initiates its TCP close after sending is reply to the QUIT command.

4. Attempt any THREE of the following : 12M

(a) Differentiate between Symmetric and Asymmetric key cryptography. 4M

Ans. Sr. Symmetric Key Encryption Asymmetric Key Encryption 1M each

No. (Any 4
correct
1 It only requires a single key It requires two keys, a public difference
for both encryption and key and a private key, one to s)
decryption. encrypt and the other to
decrypt.

2 Also known as Single Key It is also called as public

Cryptography. and private key
cryptography.

3 Less Security. More Security.

4 Simple to implement. Hard to implement as

compared to symmetric key
cryptography.

5 The size of ciphertext is the The size of ciphertext is the

same or smaller than the same or larger than the
 original original

Page 13 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

plaintext. plaintext.

6The encryption process is very

fast. The encryption process is slow. 7It is used when a large
amount of
It is used to transfer small
data needs to be transferred.
amount of data.
It provides confidentiality,
8 It only provides confidentiality.
authenticity, and non
repudiation.

9The length of key used is 128 or

The length of key used is 2048
256 bits
or higher
In symmetric key encryption,
resource utilization is low
In asymmetric key encryption,
10
compared to asymmetric key
resource utilization is high.
encryption.
It is comparatively less efficient

11 It is efficient as it is used for

as it can handle a small amount
handling large amount of data.
of data.
Security is lower as only one key
Security is higher as two keys
12
is used for both encryption and
are used, one for encryption and
decryption purposes.
the other for decryption.
The Mathematical Representation
The Mathematical
is as follows
 Representation is as follows
P = D (K, E(K, P))
P = D(Kd, E (Ke,P))
where K –> encryption and
where Ke –> encryption key
13
decryption key
Kd –> decryption key
P –> plain text
D –> Decryption
D –> Decryption
E(Ke, P) –> Encryption of plain
E(K, P) –> Encryption of plain
text using encryption key Ke. P –
text using K
> plain text

14Examples: 3DES, AES, DES and

Examples: Diffie-Hellman,
RC4
ECC, El Gamal, DSA and RSA

(b) Draw and explain DMZ. 4M

Ans. DMZs (Dematerialized Zone) provide a level of network segmentation that helps 2M for
protect internal corporate networks. These subnetworks restrict remote access to Explanati
internal servers and resources, making it difficult for attackers to access the on &
internal network. This strategy is useful for both individual use and large 2M for
organizations. Businesses place applications and servers that are exposed to the Correct
internet in a DMZ, separating them from the internal network. The DMZ isolates diagram
these resources so, if they are compromised, the attack is unlikely to cause
exposure, damage or loss.

Page 14 of 37
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.
 Fig DMZ network
How does a DMZ work?
DMZs function as a buffer zone between the public internet and the private
network. The DMZ subnet is deployed between two firewalls. All inbound
network packets are then screened using a firewall or other security appliance
before they arrive at the servers hosted in the DMZ. If better-prepared threat
actors pass through the first firewall, they must then gain unauthorized access to
the services in the DMZ before they can do any damage. Those systems are likely
to be hardened against such attacks. Finally, assuming well-resourced threat
actors take over a system hosted in the DMZ; they must still break through the
internal firewall before they can reach sensitive enterprise resources. Determined
attackers can breach even the most secure DMZ architecture. However, a DMZ
under attack will set off alarms, giving security professionals enough warning to
avert a full breach of their organization

(c) Describe cyber crime and cyber laws in detail. 4M

Ans. Cyber Crime: 2M for

• It is a general term that refers to all criminal activities done using the Descripti
medium of computers, internet and the world-wide web. on of
• Cyber Crime refers to those criminal acts which have either been committed Cyber
entirely in cyberspace, such as various forms of bank frauds and identity Crime
thefts or acts that have a physical component and are simply facilitate &
through the internet-based tools. 2M for
• It also called as computer crime and which uses the computer as the tool for Cyber
the further unlawful things, such as committing fraud, trafficking in child Laws
pornography, intellectual property, stealing identities or violating privacy.
• Cybercrimes can also involve criminal activities that are traditional in
nature, such as theft, fraud, forgery, defamation and mischief all of which
are subject to the Indian Penal Code.
• Because of wide use of internet cyber-crime has grown in importance as the
computer has become central to Commerce, entertainment and

Page 15 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620
Q. Sub Answer Marking
N Q. Scheme
o. N.

Government.
• Mostly cyber crime is an attack on data or information about individual,
corporations or governments.
• Generally, the attacks do no take place on a physical body but it will be on
the personal or corporate virtual body that means a set of informational
attributes which define people and institutions etc. on the internet.
• In the digital world any person’s virtual identities are important elements
information’s about individuals can be used in multiple computer data
bases owned by governments and corporations.
• There are other crimes that involve attempts to disrupt the actual workings
of the internet.
o Financial
o Piracy
o Hacking
o Cyber-terrorism
o Online Pornography
o Sabotage
The abuse of computers has also given birth to a gamut of new age crimes
that are addressed by the Information Technology Act, 2000.
We can categorize Cybercrimes in two ways
• The computer as a Target: using a computer to attack other computers.
e.g. Hacking, Virus/Worm attacks, DOS attack etc.
• Computer as a weapon: using a computer to commit real world crimes.
e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds,
Pornography etc.

Cyber laws:

• It is the term used to describe the legal issues related to use of

communications technology.
• Cyber law is the rule which regulates the conduct of the cyber activities and
the security under the cyber space.
• Cyber law is the law related to the cyber space which includes computers,
networks, software, data storage devices, the internet, websites, emails
and electronic devices like cell phones, ATM machines etc.
• It is less of a distinct field of law in the way that property or contract are as
it is an intersection of many legal fields, including intellectual property,
privacy, freedom of expression and jurisdiction.
• In essence, cyber law is an attempt to apply law designed for the physical
world, to human activity on the internet.
Laws made to prevent Cyber Crimes:
• Information Technology Act, 2000
• Amendment in IT Act, 2000, in 2008

• The IT act 2000, is an act that has been made punishable.

• The main objective of this act is to create a environment where Information
Technology can be used safely.

Page 16 of 37
 (ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

• In India, the IT act,2000 as alter by the IT act, 2008 is known as cyber law.
It has a separate chapter entitled offences in which various Cyber Crimes
have been declared as penal offences punishable with imprisonment and
fine.
Cyber law includes laws relating to :
• Cyber Crimes
• Intellectual property
• Data protection and Privacy
• Electronic and Digital Signatures
The following are the details of cyber laws in India:
1. Section 65 – Tampering with computer Source Documents
2. Section 66 - Using password of another person
3. Section 66D - Cheating Using computer resource
4. Section 66E - Publishing private Images of Others
5. Section 66F - Acts of cyber-Terrorism
6. Section 67 - Publishing Child Porn or predating children online
7. Section 69 - Govt.’s Power to block websites
8. Section 43A - Data protection at corporate level
• Law may be formed in two ways: the first way is the legislative body and
the second way is to add new amendments by case laws. The case law is
defined as the law which is made by the current decisions of the cases
which has been taken by courts.
OR

1. Cybercrime against an individual is a type of cybercrime that occurs in

or through the use of the internet. Sexual, ethnic, religious, or other forms
of harassment exist.
2. Cybercrime against an individual’s property includes computer
wreckage, the destruction of other people’s property, the delivery of
destructive programs, trespassing, and unlawful possession of computer
information. 3. Cybercrime against the government, such as cyberterrorism
or plotting against the governmental activities

(d) Write a brief note on Firewall configuration and state its limitations. 4M

Ans. A firewall is a combination of packet filter and application level 2M for

gateway. Based on these, there are three to configurations. Explanati
on &
1. Screened Host firewall, Single-Homed Bastion. ½ M for
2. Screened Host firewall, Dual-Homed Bastion each
3. Screened Subnet Firewall correct
limitation
1. Screened Host firewall, Single-Homed Bastion. (any 4)
• Here, the firewall configuration consists of two parts a pocket filter
router and an application-level gateway.
• A packet filter router will ensure that the incoming traffic is allowed
 Page 17 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.
 only if it is intended for the application gateway, by examining the
destination address field of each incoming IP Packet.
• It will also ensure that the outgoing traffic is allowed only if it is
originated from application-level gateway, by examining the
source address field of every outgoing IP Packet.
• An application-level gateway performs authentication as well as proxy
functions.

Fig. : Single Homed Bastion

2. Screened Host firewall, Dual-Homed Bastion

• In this type of configuration, the direct connections between the
internal Hosts and the packet filter are avoided.
• Here, the packet filter connects only to the application gateway, which
in turn has a separate connection with the internal hosts.
• Hence, if packet Filter is successfully attacked, then only application
gateway is visible to the attacker.

Fig. : Screened Host firewall, Dual-Homed Bastion

3. Screened Subnet Firewall

• This type of configuration offers highest security among the possible

configurations.
• In this type, two packet filters are used, one between the Internet and
application gateway and other in between application gateway and
the Internal network

Page 18 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620
Q. Sub Answer Marking
N Q. Scheme
o. N.

• This configuration achieves 3 levels of security for an attacker to break

into.

Fig. : Screened Subnet Firewall

Limitations:
1. Firewall cannot protect against attacks that bypass the firewall.

2. Firewall does not protect against insider threats like employees innocently
cooperates with an external attacker.

3. Firewall cannot protect against the transfer of virus infected programs or files.

4 It may not be able to protect against viruses and infected files since it may not
be possible to scan all incoming traffic.

OR

Firewall Configuration:
Firewall configuration involves setting up rules and policies to control network
traffic to protect systems from unauthorized access and cyber threats. A firewall
acts as a barrier between trusted internal networks and untrusted external
networks, like the internet. Configuration typically includes:
1. Defining Access Rules: Specifying which traffic is allowed or blocked based
on IP addresses, ports, and protocols.
2. Network Address Translation (NAT): Mapping private IP addresses to public
ones for secure communication.
3. Intrusion Prevention: Monitoring and blocking malicious traffic patterns. 4.
Setting Up Zones: Segregating networks into zones (e.g., internal, DMZ,
external) with specific access rules.
5. Logging and Monitoring: Enabling logs for auditing and troubleshooting
network traffic.

Limitations of Firewall:
1. Cannot Prevent Internal Threats: Firewalls are ineffective against threats
originating within the network.
2. Limited Protection for Encrypted Traffic: Cannot inspect encrypted data

Page 19 of 37
TECHNICAL EDUCATION (Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

_________ Winter-2024 EXAMINATION

MAHARASHTRA STATE BOARD OF
 Model Answer – Only for the Use of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

without additional tools like SSL inspection.

3. Dependence on Configuration: Poorly configured firewalls can become a
vulnerability.
4. Ineffectiveness Against Social Engineering: Firewalls cannot prevent
attacks like phishing or human errors.
5. Resource Intensive: Complex configurations may lead to performance
bottlenecks.
While firewalls are a critical component of network security, they should be part
of a layered defence strategy, including antivirus software, intrusion detection
systems, and user training.

(e) Draw and explain network-based intrusion detection system. 4M

Ans. 2M for
Correct
diagram
&
2M for
Explanati
on

Fig : Network based Intrusion detection System

The above image depicts a Network-Based Intrusion Detection System (NIDS)

and its key components:
1. Router: Directs network traffic and provides the first layer of protection by
routing packets between external and internal networks.
2. Firewall: Filters incoming and outgoing traffic based on predefined rules,
serving as a barrier to unauthorized access.
3. Network Sensors: Deployed strategically to monitor traffic across critical
points in the network. These sensors inspect packet data to identify anomalies or
patterns indicating malicious activity.
4. Management Console: Centralized system where alerts and reports from
sensors are analyse. Administrators use it for decision-making and response
actions.
Functionality:
• Traffic Monitoring: Sensors passively inspect all network traffic for predefined
attack signatures or behaviour anomalies.
• Packet Analysis: Each packet is analysed for malicious payloads or irregular
communication patterns.
• Alerting: Detected threats trigger alerts that are sent to the management console
for review and response.
This system enables detection of threats such as malware, unauthorized access
 Page 20 of 37
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

attempts, or data exfiltration. By being network-focused, it monitors traffic in

real-time without interfering with endpoint operations.

5. Attempt any TWO of the following : 12M

(a) Draw and explain DOS & DDOs attack in detail. 6M

 Ans. 1. DoS Attack: A single computer sends an overwhelming number of requests to Explanati
a target server or network. The server becomes overwhelmed and unable to on of
respond to legitimate user requests. attacks
2M each
&
Correct
diagram
Key Characteristics:
1M each
a) Only one attacking system is involved.
b) Easier to identify and block since all malicious traffic originates from a
single source.
c) Limited in scale compared to DDoS attacks.

Fig: DoS Attack

2. DDoS Attack: Multiple computers, often part of a botnet (a network of

compromised devices), send a massive volume of requests to the target server
simultaneously. This results in overloading the server and causing a service
outage.

Key Characteristics:

a) Involves multiple attack systems (distributed nature).

b) Much harder to detect and mitigate because malicious traffic comes from
various IPs worldwide.
c) Larger scale, leading to a more significant impact.

Feature DoS DDoS

Source of Attack Single device Multiple devices (botnet)

Page 21 of 37
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.
 Scale Limited Large-scale
Complexity Easier to detect and
Harder to defend against
mitigate

Fig: DDoS Attack

(b) Write short note on: 6M

(i) Digital signature
(ii) Steganography

Ans. (i) Digital Signature: 3M for

each sub
A digital signature is a cryptographic technique used to validate the authenticity, point
integrity, and origin of digital data. It serves as a digital equivalent of a
handwritten signature or a stamped seal but is much more re. Digital signatures
are widely used in electronic communications to ensure that the message or
document received has not been tampered with and that it genuinely comes from
the stated sender.

Key Features of Digital Signatures:

1. Authentication: Confirms the identity of the sender, ensuring that the

document or message is from a trusted source.
2. Integrity: Ensures that the data has not been altered during transmission. Any
modification would render the signature invalid.
3. Non-Repudiation: Prevents the sender from denying their involvement in
signing the message or document.

How Digital Signatures Work:

1. The sender generates a hash (a fixed-size string of characters representing the

Page 22 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

data) of the message or document.

2. The hash is then encrypted using the sender’s private key to create the digital
signature.
3. The digital signature is attached to the document and sent to the receiver. 4. The
receiver decrypts the signature using the sender’s public key and compares the
hash to verify authenticity.

Applications:

1. Secure email communication.

2. Digital contracts and agreements.
3. Software distribution to verify authenticity.
4. Block chain transactions.

Advantages:

1. Enhances security in online communications.

2. Reduces fraud by preventing data tampering.
3. Builds trust in digital transactions.

(ii) Steganography:

Steganography is the practice of hiding secret information within

ordinary, non-secret data or media to avoid detection. Unlike
cryptography, which focuses on encrypting information to make it
unreadable without a key, steganography conceals the fact that a message
exists at all. It is often used for secure communication, where the
presence of the hidden information needs to remain undetected.

Key Features of Steganography:

1. Concealment: The primary goal is to hide information in a way that it

is imperceptible to unintended recipients.
2. Carrier Mediums: Information can be hidden in various types of media,
such as:
▪ Images (most common)
▪ Audio files
▪ Video files
▪ Text documents
▪ Network packets
3. Payload: The hidden message (text, image, or other data) is embedded into
the carrier medium without significantly altering its appearance or quality.

Page 23 of 37
 (ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

How Steganography Works:

1. Embedding: 1. Secret information is embedded into the carrier medium

using algorithms.

For example:

▪ In
images, the least significant bit (LSB) of pixel values is altered to
encode data.
▪ In audio, minor changes to frequencies or amplitude are used.
2. Extraction: The recipient uses a predefined key or algorithm to extract
the hidden information.

Applications:

1. Covert Communication: Used for secure information transfer without

attracting attention.
2. Digital Watermarking: Embedding copyright or ownership information into
digital media.
3. Data Protection: Hiding sensitive data in plain sight.

Advantages:

1. Provides an additional layer of security by disguising the presence of secret

data.
2. Easy to combine with cryptographic techniques for enhanced security.

(c) Explain Kerberos with the help of suitable diagram. 6M

Ans. Kerberos is a network authentication protocol designed to provide secure 2M for

communication over an insecure network. It uses a trusted third-party explanati
authentication system (Key Distribution Centre or KDC) and cryptographic on, 2M
tickets to verify users and services. Kerberos was developed at MIT as part of the for
Project Athena initiative in the 1980s and is widely used in enterprise process
environments, particularly in Windows Active Directory and UNIX/Linux &
systems. 2M for
Correct
Components: diagram

1. User/Client: The entity that requests access to a service.

2. Key Distribution Centre (KDC):

a) Authentication Server (AS):

Validates the user and issues a Ticket Granting Ticket (TGT).
 b) Ticket Granting Server (TGS): Issues service tickets based on the TGT.

Page 24 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.
 3. Application Server: The service the user wants to access.

Steps in the Kerberos Authentication Process:

1. Request for Authentication: The client sends a request to the Authentication

Server (AS), typically including the username.
2. Issuance of TGT: The AS authenticates the client (using a shared secret, like a
password) and issues a Ticket Granting Ticket (TGT) encrypted with the
client’s key. The TGT includes an expiration time.
3. Request for Service Ticket: The client sends the TGT to the Ticket Granting
Server (TGS) along with the requested service details.
4. Issuance of Service Ticket: The TGS validates the TGT and issues a Service
Ticket, which includes session keys for communication with the application
server. 5. Access to the Application Server: The client presents the service ticket
to the Application Server, which validates it. Once validated, the client is
granted access to the service.

Key Features:

1. Time-based Tickets: Ensures tickets are valid only for a specific time period,
reducing misuse.
2. Mutual Authentication: Both client and server confirm each other’s identity 3.
Single Sign-On (SSO): Users authenticate once and gain access to multiple
services.
4. Symmetric Cryptography: Kerberos primarily uses symmetric encryption
(e.g., AES or DES) for encrypting tickets and session keys.
5. Mutual Authentication: Both the client and the server verify each other’s
identity, reducing the risk of man-in-the-middle attacks.
6. Replay Attack Protection: Kerberos includes timestamps in its tickets,
ensuring that old or duplicated tickets cannot be reused.
7. Single Sign-On (SSO): Users authenticate once and can access multiple
services within the network without re-entering credentials.

Page 25 of 37
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620
Q. Sub Answer Marking
N Q. Scheme
o. N.

Fig: Kerberos working

6. Attempt any TWO of the following : 12M

(a) Describe following terms w.r.t. biometric: 6M

(i) Finger Print Analysis
(ii) Retina Scan
(iii) Keystroke

Ans. (i) Fingerprint Analysis in Biometrics: 2M for

Fingerprint analysis is a biometric authentication method that uses the unique each sub
patterns of ridges and valleys on a person's finger to identify or verify their point
identity. Since no two individuals (even identical twins) have the same
fingerprint patterns, fingerprint analysis is one of the most reliable and widely
used biometric techniques.

Key Features of Fingerprint Analysis:

1. Uniqueness: Each individual has a unique fingerprint pattern,

including minutiae points (specific ridge characteristics) and overall
ridge flow. 2. Permanence: Fingerprints remain relatively unchanged
throughout an individual's life, making them reliable for long-term
identification.
3. Collectability: Fingerprints are easy to capture using various hardware
like optical, capacitive, or ultrasonic scanners.

How Fingerprint Analysis Works:

1. Fingerprint Acquisition: A scanner or sensor captures the fingerprint

image. Types of sensors:

Page 26 of 37
 (ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

▪ Optical:
Uses light to capture the ridge patterns.
▪ Capacitive: Measures electrical differences in ridge and valley patterns.
▪ Ultrasonic: Uses sound waves to map the fingerprint structure.
2. Feature Extraction: Algorithms extract specific features like:
▪ Minutiae Points: Ridge endings and bifurcations (branching points).
▪ Core and Delta Points: Central points and triangular patterns.
▪ Ridge counts and flow patterns.
3. Template Creation: The extracted features are stored as a
mathematical representation (not as an actual image) to ensure privacy.
4. Matching: The template is compared to stored fingerprint templates in
the database during verification or identification.

Applications:

1. Authentication: Used in smartphones, laptops, and access control systems. 2.

Forensics: Crime scene investigations often use fingerprint analysis to identify
suspects.
3. Attendance and Time Tracking: Widely used in workplaces and schools for
employee and student tracking.
4. Government Identification: Used in systems like Aadhaar (India)
or fingerprint-based passports for identification.

(iii) Retina Scan in Biometrics:

Retina scanning is a biometric technique that uses the unique patterns of blood
vessels in the retina (a thin layer of tissue at the back of the eye) to identify or
verify a person's identity. The retina's intricate vascular patterns are unique to
each individual, even between identical twins, and remain stable over time,
making this method highly accurate and secure.

Key Features of Retina Scan:

1. Uniqueness: The arrangement of blood vessels in the retina is unique to every

person. Even two eyes of the same individual have different patterns. 2.
Permanence: Retinal patterns remain unchanged throughout life unless affected
by diseases such as glaucoma or diabetes.
3. High Accuracy: Retina scanning is one of the most reliable and
precise biometric methods, with a very low false acceptance rate (FAR).

How Retina Scanning Works:

1. Image Capture: The individual looks into a scanner, which emits a

 low-energy infrared light. The light illuminates the retina and highlights the
blood vessels.

Page 27 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.
2. Pattern Detection: The scanner captures the reflected light, mapping the
blood vessel pattern of the retina.
3. Template Generation: The captured image is converted into a digital
template using algorithms that store the unique features.
4. Matching: During authentication, the scanned retina is compared to
pre-stored templates in a database for identity verification.

Applications of Retina Scanning:

1. High-Security Access Control: Used in military facilities, laboratories,

and secure government areas.
2. Healthcare: Retinal scans can also help detect certain medical conditions,
such as diabetes, hypertension, or retinal diseases.
3. Law Enforcement and Forensics: Used for identifying individuals in
criminal investigations.

(iii) Keystroke Dynamics in Biometrics

Keystroke dynamics is a behavioural biometric technique that analyses a

person’s unique typing patterns on a keyboard to identify or authenticate them.
Every individual has a distinct typing rhythm and style, which can be captured
and analysed to enhance security.

Key Features of Keystroke Dynamics:

1. Behavioural Biometric: Unlike physical biometrics (e.g., fingerprints or

retina), keystroke dynamics rely on the unique behaviours and habits of
individuals. 2. Uniqueness: Typing speed, rhythm, and pressure vary
significantly from one person to another, making it a reliable form of
authentication.
3. Non-Intrusive: Keystroke analysis happens passively in the background as
the user types, without requiring any special hardware.

How Keystroke Dynamics Work:

1. Data Collection: The system captures a user’s typing patterns during

regular use or during a pre-defined training phase. Metrics analysed include: ▪
Dwell Time: The time a key is pressed.
▪ Flight Time: The time between releasing one key and pressing the next. ▪
Typing Speed: Overall speed at which the user types.
▪ Error Patterns: How a user handles mistakes (e.g., use of the
backspace key).
2. Template Creation: The system uses the collected data to create a biometric

Page 28 of 37
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

profile or template of the user’s typing patterns.

3. Verification: During authentication, the user’s current typing behaviour is
compared to the stored profile.
4. Machine Learning Models: Advanced systems use AI and machine learning
to continuously improve the accuracy of keystroke dynamics by adapting to
changes in a user's typing style over time.

Applications of Keystroke Dynamics:

1. Authentication: Used in systems where passwords are required; adds a

second layer of verification by analysing how the password is typed.
2. Fraud Detection: Helps detect unauthorized users who may know a
legitimate user's password but cannot mimic their typing pattern.
3. Continuous Monitoring: Used for continuous authentication in workplaces
or secure environments, where the system monitors typing behaviour
throughout a session.

(b) Draw and explain following terms: 6M

(i) Packet Filter Firewall
(ii) Proxy Server

Ans. (i) Packet Filter Firewall: 2 M for

explanati
A Packet Filter Firewall is a type of network security device that controls the on &
flow of data packets in and out of a network based on a set of predefined rules. It 1 M for
operates at the network layer (Layer 3) and sometimes the transport layer Correct
(Layer 4) of the OSI model. It examines packets individually without keeping diagram
(each
track of any established connections.
sub
point)
Key Features:

1. Rules-Based Filtering: It uses rules defined by the network administrator

to allow or block packets. Rules are typically based on:

• Source and destination IP addresses.

• Source and destination port numbers.
• Protocols (e.g., TCP, UDP, ICMP).

2. Stateless Operation: Packet filtering firewalls are typically stateless,

meaning they do not monitor the state of connections (e.g., whether a
connection is established or terminated).
3. Fast and Lightweight: Because it only examines the packet headers and
does not maintain connection states, it is relatively faster and uses fewer
resources compared to more advanced firewalls.

Page 29 of 37
 (ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

4. Limited Context Awareness: It cannot inspect packet contents or

track application-level data (e.g., HTTP requests).

How it Works:

When a packet arrives at the firewall:

1. The packet's header information (IP addresses, port numbers, protocol)

is extracted.
2. The firewall evaluates the packet against its filtering rules. If the packet
matches a rule that allows it, the packet is forwarded to its destination. If the
packet matches a rule that blocks it, the packet is discarded.
3. If no rule matches, the firewall applies a default action (allow or block,
based on its configuration).

Advantages:
1. Simple to implement and configure.
2. Efficient for networks with basic traffic control needs.
3. Can prevent unauthorized access based on IP addresses or port numbers.

Disadvantages:
1. Lacks the ability to inspect deeper packet contents (e.g., payload). 2.
Cannot detect malicious traffic hidden in allowed protocols (e.g., HTTP or
HTTPS).
3. Does not track connection states, leading to potential security gaps.

Example Use Case: A packet filter firewall might block incoming packets
from specific IP addresses (e.g., known malicious sources) or disallow access
to certain ports (e.g., 22 for SSH) to restrict unauthorized access to a server.

Fig: Packet Filter Firewall

(ii) Proxy Server:

 Page 30 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.
 A Proxy Server is an intermediary server that sits between a client (such as a
user’s computer) and the server providing the service (such as a website). The
proxy server makes requests on behalf of the client and then forwards the
response back to the client. It acts as a "gateway" that facilitates or controls
communication between a user and the internet or other network resources.

Key Features:

1. Intermediary Role: A proxy server performs as an intermediary between

the client (user) and the server (website). When a client sends a request to
access a resource, the proxy makes the request to the server, receives the data,
and then sends it back to the client.
2. Network Address Translation (NAT): When using a proxy, the client’s real IP
address is often hidden. The proxy server uses its own IP address for
communication with the outside world, masking the client's identity. 3. Caching:
Proxy servers often cache (store) responses from the server. If the same request is
made again, the proxy can return the cached data without needing to contact the
original server, improving speed and reducing load on the original server.
4. Content Filtering: Proxy servers can be configured to filter content, such
as blocking access to specific websites or content based on keywords, URLs,
or categories.
5. Security: A proxy can enhance security by hiding internal IP addresses, and by
acting as a barrier to malicious traffic, reducing the exposure of a network or
device to the outside world.
6. Access Control: A proxy server can control access to resources, allowing
or blocking traffic based on IP addresses, user credentials, or other criteria.

How it Works:

1. A client (e.g., a user’s web browser) sends a request to access a resource,

such as a webpage.
2. The proxy server intercepts the request and makes the same request to
the destination server (e.g., the website).
3. The destination server responds with the requested resource (e.g., the
webpage). 4. The proxy server forwards the resource back to the client.
5. If the proxy server has cached the resource (and caching is enabled), it
can return the cached content without querying the destination server.

Types of Proxy Servers:

1. Forward Proxy: The most common type, used by clients (e.g., users) to access

Page 31 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620
 Q. Sub Answer Marking
N Q. Scheme
o. N.

external resources. It typically serves for anonymity, content filtering, or

bypassing restrictions.
2. Reverse Proxy: Positioned in front of one or more web servers, it handles
incoming requests and forwards them to the appropriate server in the
back-end. Reverse proxies are often used to load balance traffic, improve
security, and optimize performance.
3. Transparent Proxy: This type does not modify the request or response, and the
client is often unaware of its presence. It is used for monitoring or caching. 4.
Anonymous Proxy: This type of proxy hides the user's IP address from the
destination server, providing some level of anonymity.
5. High Anonymity Proxy: This proxy not only hides the client’s IP address
but also makes it appear as though the client is not using a proxy at all.

Advantages:
1. Privacy and Anonymity: By hiding the client’s IP address, proxies
provide anonymity for users.

2. Improved Performance: Caching frequently requested resources can speed

up access to those resources.

3. Access Control: Proxies can restrict access to certain websites or content,

either for security reasons or to enforce company policies.

4. Security: Proxies can prevent direct access to internal servers,

reducing exposure to attacks.

Disadvantages:
1. Single Point of Failure: If the proxy server goes down, clients may be
unable to access the resources they need.

2. Slower Performance: In some cases, proxy servers can slow down traffic
due to their intermediary role, especially if they are overloaded.

3. Limited Security: While proxies provide some security features, they are not
a substitute for other security measures like firewalls and intrusion detection
systems.

Example Use Case:

Page 32 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
 o. N.

Fig: Proxy Server

(c) Explain following terms of intellectual property right: 6M

(i) Copyright
(ii) Patent
(iii) Trademark

Ans. (i) Copyright: 2 M for

each sub
Copyright is a type of intellectual property right that grants the creator of point
original works exclusive rights to their use and distribution. These works can
include a wide variety of creative outputs such as books, music, films, software,
artwork, and more. Copyright provides the creator with control over how their
work is used, ensuring they are compensated for its use and protecting it from
unauthorized copying or distribution.

Key Features of Copyright:

1. Exclusive Rights: Copyright holders have exclusive rights to reproduce,

distribute, perform, display, and create derivative works based on their original
work.
2. Originality: Copyright applies only to original works of authorship 3.
Automatic Protection: In many jurisdictions (including the United States),
copyright protection is granted automatically when a work is created and fixed in
a tangible medium of expression (e.g., written down, recorded, or otherwise
captured).
4. Duration: Copyright typically lasts for the lifetime of the author plus a set
number of years (e.g., 70 years in many countries).
5. Transferability: Copyright can be transferred or licensed to others. 6. Moral
Rights: In addition to economic rights (like the right to copy or distribute), some
countries also grant moral rights to authors, including the right to

Page 33 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620
Q. Sub Answer Marking
N Q. Scheme
o. N.

attribution and the right to object to derogatory treatment of the

work. Types of Works Protected by Copyright:

• Literary works: Novels, articles, poems, and computer programs.

• Musical works: Compositions, lyrics, and sheet music.
• Dramatic works: Plays, screenplays, and choreography.
• Artistic works: Paintings, sculptures, drawings, and photographs.
• Audio-visual works: Films, TV shows, and videos.
• Sound recordings: Recorded music and other audio recordings.
• Architectural works: Designs and plans for buildings.

How Copyright Works:

1. Creation: A creator develops an original work (e.g., writing a novel,

composing a song).
2. Fixation: The work is fixed in a tangible form (e.g., writing the novel on
paper, recording the song).
3. Rights: The creator automatically gains the rights to use and control the work.
4. Enforcement: The creator can take legal action against unauthorized use of
the work, such as suing for infringement or seeking damages..

(ii) Patent:

A Patent is an intellectual property right granted to an inventor for a new, useful,

and non-obvious invention or process. It provides the inventor with exclusive
rights to prevent others from making, using, selling, or distributing the patented
invention without permission, typically for a limited period (usually 20 years
from the filing date of the patent application).

Key Features of a Patent:

1. Exclusive Rights: The patent holder has the exclusive right to use, make, sell,
or license the invention.
2. Invention: The patent is granted for new inventions or improvements to
existing inventions.
3. Novelty: To qualify for a patent, the invention must be novel, meaning it must
be new and not previously disclosed to the public in any form (e.g., published in
scientific papers, patents, or existing products).
4. Non-Obviousness: The invention must not be obvious to someone skilled in
the relevant field based on existing knowledge or inventions.
5. Utility: The invention must be useful and capable of providing some practical
benefit.

Page 34 of 37
TECHNICAL EDUCATION (Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

_________ Winter-2024 EXAMINATION

MAHARASHTRA STATE BOARD OF
 Model Answer – Only for the Use of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

6. Disclosure Requirement: To obtain a patent, the inventor must publicly

disclose detailed information about the invention, including how it works and
how to make it.
7. Limited Duration: Patents typically last for 20 years from the filing date (in
most countries), after which the invention enters the public domain, and anyone
can use it without permission.

Types of Patents:

1. Utility Patents: These are the most common type and cover new inventions or
functional improvements to existing products or processes. Examples include
machines, tools, software algorithms, or chemical compounds.
2. Design Patents: These protect the aesthetic design of an article or product,
such as the unique visual appearance of a chair or a smartphone. They do not
cover the functionality of the item.
3. Plant Patents: These are granted for new, distinct, and asexually reproduced
varieties of plants (e.g., new strains of flowers or crops).

How a Patent Works:

1. Application: The inventor files a patent application with a national or

international patent office. The application must include detailed descriptions,
drawings (if necessary), and claims outlining the scope of the invention's
protection.
2. Examination: The patent office examines the application to ensure that the
invention meets the requirements of novelty, non-obviousness, and utility. This
may involve a search of prior patents and publications to verify that the invention
is truly new.
3. Granting: If the patent office is satisfied with the application, it grants the
patent and issues a patent certificate, giving the inventor exclusive rights to the
invention.
4. Enforcement: The patent holder can enforce their rights by taking legal action
against others who use the patented invention without permission, such as suing
for patent infringement.

(iii)Trademark:

A Trademark is a form of intellectual property that protects brands, logos,

symbols, names, words, designs, or other identifiers that distinguish goods or
services of one business from those of another. The purpose of a trademark is to
help consumers identify the source of a product or service and to prevent
confusion in the marketplace. Trademarks serve as a symbol of quality,
reputation, and
 Page 35 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

consumer trust.

Key Features of a Trademark:

1. Distinctiveness: For a trademark to be protected, it must be distinctive,

meaning it must be capable of identifying the source of the goods or services. 2.
Source Identification: A trademark is primarily used to identify the source of
goods or services.
3. Exclusive Rights: A trademark owner has the exclusive right to use the mark
in connection with the goods or services for which it is registered.
4. Durability and Duration: Trademarks can potentially last indefinitely as long
as they are actively used in commerce and their registration is properly
maintained (through renewals, etc.).
5. Registration: While trademark rights are automatically acquired through use
in commerce in many countries (common law rights), registering a trademark
with a relevant government office (e.g., the United States Patent and
Trademark Office (USPTO)) provides additional legal benefits, such as
nationwide protection, a public record of ownership, and the right to sue for
infringement in federal court.

Types of Trademarks:

1. Product Marks: Trademarks that identify the source of a specific product,

such as a logo or brand name on a product (e.g., Nike logo on sports shoes). 2.
Service Marks: Similar to product marks, but they apply to services rather than
goods (e.g., FedEx for courier services).
3. Collective Marks: These marks are used by members of a group or
association to indicate membership or affiliation (e.g., the CPA logo for certified
public accountants).
4. Certification Marks: These marks are used to certify the origin, quality, or
characteristics of goods or services (e.g., UL mark for safety certifications on
electrical products).

How a Trademark Works:

1. Creation: A business or individual creates a logo, name, symbol, or slogan

that represents its products or services.
2. Use in Commerce: The mark is used in the marketplace to identify and
distinguish the product or service.
3. Registration: The trademark owner can register the mark with a national or
regional trademark office, such as the USPTO in the U.S. or the European
 Union Intellectual Property Office (EUIPO) for EU-wide protection.

Page 36 of 37
(ISO/IEC - 27001 - 2013 Certified)

Winter-2024 EXAMINATION
_________ Model Answer – Only for the Use
MAHARASHTRA STATE BOARD OF
TECHNICAL EDUCATION (Autonomous)
of RAC Assessors
Subject Name:
Subject Code: Network an Information Security 22620

Q. Sub Answer Marking

N Q. Scheme
o. N.

4. Enforcement: The trademark holder has the right to enforce the trademark by
taking legal action against others who use a confusingly similar mark in a way
that could cause consumer confusion or dilution of the trademark's value.

Page 37 of 37