Assignment No.
Subject :- Network & Information Security (NIS)
Q.1) Define Computer Security. Why is Computer Security needed ?
→
Computer Security is the protection of computer systems, networks
and data from unauthorized access, misuse, damage or theft.
* Why Computer Security Needed in NIS :-
1. To protect Confidential and Sensitive data.
2. To prevent Cyber attacks like hacking and malware.
3. To ensure data integrity and Accuracy.
4. To maintain Confidentially of information.
Q.2) What is Information Security ? State its importance ?
→
Information Security is the process of protecting information from
unauthorized Access, use, disclosure, modification or destruction,
whether the information is in digital or physical form.
* Importance of Information Security :-
1. Protect Confidential and Sensitive information.
2. Prevents data theft and cyber Attacks.
3. Ensure Accuracy and integrity of data.
4. Maintains privacy of users.
Q.3) What is Passive attacks ?
→
A Passive attack is a Security attack in which an attacker secretly
observes or monitors a System or Network to collect information
without changing the data.
1. The attackers only listens or monitors the Communication.
2. No data is modified, deleted or damaged.
3. Difficult to detect because system works normally.
4. Affects Confidentiality of information.
* Examples :-
1. Eavesdropping.
1
� 2. Traffic Analysis.
Q.4) What is Virus and Worms ?
→
* Virus :-
A Computer Virus is a malicious program that Attaches itself to a
legitimate file or program and Spreads when the infected file is executed.
1. Requires a host file or program to Spread.
2. Activates when the infected file is opened.
3. Can damage files, Slow System, or Corrupt data.
4. Spread through USB, email Attachments or downloads.
* Worms :-
A Computer worm is a malicious program that can Replicate itself and
Spread automatically over a network without attaching to any file.
1. Does not need a host file or user Action.
2. Spread automatically through networks.
3. Consumes System and networks Resources.
4. Can Cause network Slowdown or Crashes.
Q.5) Explain the basics Security principle - (CIA) Confidentiality,
Integrity, Authentication.
→
1) Confidentiality :-
Confidentiality ensures that information is Accessible only to
authorized users and not disclosed to unauthorized persons.
1. Protect Sensitive & private data.
2. Prevent unauthorized Access.
3. Ensures data privacy.
2) Integrity :-
Integrity ensures that data is Accurate, Complete, and not altered
without authorization.
1. Prevents unauthorized modification of data.
2. Detects accidental or intentional changes.
3) Authentication :-
Authentication is the process of verifying the identity of a user
2
� or system before granting access.
1. Ensures only authorized users can access the system.
2. Uses passwords, biometrics, or OTP for verification.
Q.6) Explain any four types of malwares.
→
1) Virus :-
A virus is a malicious program that attaches itself to a file or program
and Spreads when the infected file is executed. It Can damage or Corrupt data.
2) Worm :-
A Worm is a Self-Replicating malware that Spreads automatically through
networks without user Action and Consumes System or network Resources.
3) Trojan Horse :-
A Trojan horse is a malicious program that appears as legitimate Software
but Secretly performs harmful actions like data theft or system damage.
4) Ransomware :-
Ransomware is malicious software that encrypts the victim's data and
demands payment (ransom) to restore access to the data.
Q.7) Differentiate between DAC, MAC and RBAC.
→
* DAC (Discretionary Access Control) :-
- Access is Controlled by the owner of the resources.
- Owner Can grant or revoke Permissions.
- Based on user identity. Flexible but less Secure.
* MAC (Mandatory Access Control) :-
- Access is Controlled by the System or administration.
- Based on Security levels.
- Users Cannot Change the Permissions. Highly Secure but less flexible.
* RBAC (Role-Based Access Control) :-
- Access is based on user roles.
- Permissions are assigned to roles, Not individuals.
Q.8) What is Cryptography ? Explain its types.
→
3
� Cryptography is the science of securing information by converting it
into unreadable format using encryption so only authorized users can read it.
Types of Cryptography :-
1. Symmetric Key Cryptography :- Same key used for encryption and
decryption. Example :- AES, DES.
2. Asymmetric Key Cryptography :- Two different keys (public & private).
Example :- RSA.
3. Hash Functions :- Converts data into fixed-size hash value.
One-way, cannot be reversed. Example :- MD5, SHA.
Q.9) What is Firewall ? Explain its types.
→
A Firewall is a network security device or software that monitors and
controls incoming and outgoing network traffic based on security rules.
Types of Firewall :-
1. Packet Filtering Firewall :- Checks packets based on IP, port, protocol.
2. Stateful Inspection Firewall :- Tracks the state of network connections.
3. Application Layer Firewall :- Filters traffic at application level.
4. Next Generation Firewall (NGFW) :- Combines traditional firewall
with advanced features like intrusion detection.
Q.10) What is Intrusion Detection System (IDS) ?
→
An Intrusion Detection System (IDS) is a security tool that monitors
network or system activities for malicious activities or policy violations
and alerts the administrator.
Types of IDS :-
1. Network-Based IDS (NIDS) :- Monitors network traffic for suspicious activity.
2. Host-Based IDS (HIDS) :- Monitors activities on a specific host or computer.
Q.11) What is Digital Signature ? Explain its uses.
→
A Digital Signature is an electronic verification method that uses
cryptographic techniques to verify the authenticity and integrity of
a digital document or message.
4
� Uses of Digital Signature :-
1. Verifies the identity of the sender.
2. Ensures the document has not been tampered with.
3. Provides non-repudiation (sender cannot deny sending).
4. Used in emails, software distribution, and legal documents.
Q.12) What is VPN (Virtual Private Network) ?
→
A VPN is a technology that creates a secure, encrypted connection over
the internet between a user and a network, protecting data from interception.
Advantages of VPN :-
1. Provides secure and encrypted communication.
2. Hides user's IP address and location.
3. Allows safe access to public Wi-Fi networks.
4. Enables remote access to organizational networks.
Q.13) What is Social Engineering ? Give examples.
→
Social Engineering is a technique used by attackers to manipulate
or trick individuals into revealing confidential information or
performing actions that compromise security.
Examples of Social Engineering :-
1. Phishing :- Sending fake emails to steal login credentials.
2. Pretexting :- Creating a fabricated scenario to extract information.
3. Baiting :- Luring victims with something attractive like free software.
4. Tailgating :- Physically following an authorized person into
a restricted area.
Q.14) What is Ethical Hacking ? Explain its phases.
→
Ethical Hacking is the authorized practice of bypassing system security
to identify potential vulnerabilities. It is also known as Penetration Testing.
Phases of Ethical Hacking :-
1. Reconnaissance :- Gathering information about the target system.
2. Scanning :- Identifying open ports and vulnerabilities.
5
�3. Gaining Access :- Exploiting vulnerabilities to enter the system.
4. Maintaining Access :- Keeping access to gather more information.
5. Covering Tracks :- Removing evidence of the hack.