MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 1/ 26

Important Instructions to examiners:

1) The answers should be examined by key words and not as word-to-word as given in the model
answer scheme.
2) The model answer and the answer written by candidate may vary but the examiner may try to
assess the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more importance
(Not applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in the
figure. The figures drawn by candidate and model answer may vary. The examiner may give
credit for any equivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed constant
values may vary and there may be some difference in the candidate’s answers and model
answer.
6) In case of some questions credit may be given by judgement on part of examiner of relevant
answer based on candidate’s understanding.
7) For programming language papers, credit may be given to any other program based on
equivalent concept.

Q.1.

a) Attempt any Three of the following:

i. Describe the need for computer security.
(1 Mark – for this statement)
(1 Marks each for explanation of following points, example optional)

The need of computer security has been threefold: confidentiality, integrity, and availability—the
“CIA” of security.

1. Confidentiality: the principle of confidentiality specifies that only sender and intended
recipients should be able to access the contents of a message. Confidentiality gets compromised
if an unauthorized person is able to access the contents of a message.

Example of compromising the Confidentiality of a message is shown in fig.

A Secret B

Fig. Loss of confidentiality

Here, the user of a computer A send a message to user of computer B. another user C gets access
to this message, which is not desired and therefore, defeats the purpose of Confidentiality.
This type of attack is also called as interception.

2. Authentication: Authentication helps to establish proof of identities. The Authentication

process ensures that the origin of a message is correctly identified.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 2/ 26

For example, suppose that user C sends a message over the internet to user B. however, the
trouble is that user C had posed as user A when he sent a message to user B. how would user B
know that the message has come from user C, who posing as user A? This concept is shown in
fig. below.
This type of attack is called as fabrication.

A I am B
user A

C
Fig. absence of authentication
3. Integrity: when the contents of the message are changed after the sender sends it, but before it
reaches the intended recipient, we say that the integrity of the message is lost.
For example, here user C tampers with a message originally sent by user A, which is actually
destined for user B. user C somehow manages to access it, change its contents and send the
changed message to user B. user B has no way of knowing that the contents of the message were
changed after user A had sent it. User A also does not know about this change.

This type of attack is called as modification.

Ideal route of message

A B

Actual route of message

Fig. Loss of Integrity

ii. Explain any four the password selection strategies.( 4 marks for 4 points)
The major security problems are because of user is not following established security policies.
- User always chooses a password that is easy to remember but easier passwords are easy to
crack by attacker but when user choose difficult passwords that again it is difficult to remember.
- To make the job of attacker difficult organization encourage their users to use mixture of
upper case & lower character & also include numbers & special symbols in their passwords. This
may make the guessing of password difficult.
Organization also includes additional policies & rules related to password selection.
- In the organization, user may frequently change their passwords.
- Password should not written down on paper & do not kept in purse or wallet because if
attacker get physical access then they will find a password of user somewhere in drover or desk
,inside of desk calendar.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 3/ 26

- Many users have many accounts & password to remember. Selecting different password
for each account, following the guidelines mentioned above for character selection & frequency
of changes, aggravates the problem of remembering the passwords. This results that the users
frequently use the same password for all accounts. If user does this, then one of account is broken,
all other accounts are subsequently under threat. Good password selection & protection is applied
to electronic world also.
OR
There are four basic techniques to reduce guessable passwords:
a) User education: Tell the importance of hard-to-guess passwords to the users and provide
guidelines for selecting strong password.
b) Computer generated password: Computer generated passwords are random in nature so
difficult for user to remember it and may note down somewhere..
c) Reactive password checking: the system periodically runs its own password cracker
program to find out guessable passwords. If the system finds any such password, the system
cancels it and notifies the user.
d) Proactive password checking: It is a most promising approach to improve password
security. In this scheme, a user is allowed to select his own password, if password is allowable
then allow or reject it.

iii. Define the following terms: (each 1Mark)

1. Cryptography
2. Crypt analysis
3. Plain text
4. Cipher text.
1. Cryptography: Cryptography is art & science of achieving security by encoding messages to
make them non-readable.

2. Cryptanalysis: Cryptanalysis is the technique of decoding messages from a non-readable

format without knowing how they were initially converted from readable format to non-readable
format.

3. Plain text: Plain text or clear text significance that can be understood by sender, the recipient
& also by anyone else who gets an access to that message.

4. Cipher Text: When plain text message is codified using any suitable scheme, the resulting
message is called as cipher text.

iv. Describe SYN flooding attack with diagram. (1 marks for diagram, 3 marks for
explanation)

Denial of service (DOS) attacks can exploit a known vulnerability in a specific application or
operating system, or they may attack features (or weaknesses) in specific protocols or services. In
this form of attack, the attacker is attempting to deny authorized users access either to specific
information or to the computer system or network itself.
The purpose of such an attack can be simply to prevent access to the target system, or the attack
can be used in conjunction with other actions in order to gain unauthorized access to a computer
or network.
SYN flooding is an example of a DOS attack that takes advantage of the way TCP/IP networks
were designed to function, and it can be used to illustrate the basic principles of any DOS
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 4/ 26

[Link] flooding utilizes the TCP three-way handshake that is used to establish a connection
between two systems.
In a SYN flooding attack, the attacker sends fake communication requests to the targeted system.
Each of these requests will be answered by the target system, which then waits for the third part of
the handshake. Since the requests are fake the target will wait for responses that will never come,
as shown in Figure .

The target system will drop these connections after a specific time-out period, but if the attacker
sends requests faster than the time-out period eliminates them, the system will quickly be filled
with requests. The number of connections a system can support is finite, so when more requests
come in than can be processed, the system will soon be reserving all its connections for fake
requests. At this point, any further requests are simply dropped (ignored), and legitimate users
who want to connect to the target system will not be able to. Use of the system has thus been
denied to them.

Following are types of DOS:

1. POD (ping-of-death)
2. DDOS (Distributed Denial of Service attack)

b) Attempt any one of the following:

i. Define the term virus and describe the different phases of virus.
(2 –marks for term virus & 1-mark for each phase)
Virus is a program which attaches itself to another program and causes damage to the computer
system or the network. It is loaded onto your computer without your knowledge and runs against
your wishes.
During the lifecycle of virus it goes through the following four phases:
1. Dormant phase: The virus is idle and activated by some event.
2. Propagation phase: It places an identical copy of itself into other programs or into certain
system areas on the disk.
3. Triggering phase: The virus is activated to perform the function for which it was
intended.
4. Execution phase: The function of virus is performed.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 5/ 26

ii. Explain the following terms:

1) Deleted file recovery
2) Formatted partition recovery.
(3 marks for each point)
1) Deleted file recovery:
When we delete a file on the disk having FAT32 or NTFS (new technology file system) file
system, its content is not erased from the disk but only reference to file data in file allocation
Table or master table is marked as deleted. It means that we might be able to recover deleted files
or make it visible for file system again.
Methods of data recovery from deleted file or File /data recovery process:
There are various data/file recovery tools available these tools find & recover recoverable deleted
files from NTFS & FAT.
These tools usually operate as per following process steps:
Step 1: scan the hard drive & build the index of existing & deleted files & directories (folder) on
any logical drive of your computer with supported file formats.
Step 2: Provide control over to the user to select which files to recover and what destination to
recover them to. If you find a deleted file if you remember at least one of the following:
- Full or partial name
- File size
- File creation mode
- File last accessed date.
Step 3: Allows previewing deleted files of certain types without performing recovery.

2) Formatted partition recovery:

Formatting refers to dividing the disk in accordance with certain principles, allowing computer to
store and search files. Formatting disk is to eliminate all files on disk.
There are various formatted partition recovery tool available .Although every tool will have
different GUI & method of recovery. These tools usually operate as per following process steps:
Step1: If you cannot boot the computer, please use data recovery bootable disk.
Step 2: Select the file types you want to recover & volume where the formatted hard drive is. The
tool will automatically scan the selected volume.
Step 3: Then the founded data will be displayed on the screen & you can get a preview of it. Then
select the file or directory that you want to recover & save them to a healthy drive.

Q.2. Attempt any Two of the following:

a) Draw the flow diagram of DES algorithm and explain each step in detail.

The Data Encryption Standard is generally used in the ECB, CBC, or the CFB [Link] is a
block cipher . It encrypts data in blocks of size 64 bits each. That is, 64 bits of plain text goes as
the input to DES, which produces 64 bits of cipher [Link] is based on the two fundamental
attributes of cryptography: substitution and transposition ( 1 mark)
The process diagram as follows (1 mark)
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 6/ 26

Explanation of each step (1mark each=6 marks)

Initial Permutation (IP): It happens only once. It replaces the first bit of the original
plain text block with the 58th bit of the original plain text block, the second bit with the
50th bit of original plain text block and so on. The resulting 64-bits permuted text block is
divided into two half blocks. Each half block consists of 32 bits. The left block called as
LPT and right block called as RPT.16 rounds are performed on these two blocks.

Details of one round in DES

Key Transformation

Expansion Permutation

S-box substitution

P-box Permutation

XOR and swap

Step 1 : key transformation: the initial key is transformed into a 56-bit key by discarding
every 8th bit of initial key. Thus ,for each round , a 56 bit key is available, from this 56-bit
key, a different 48-bit sub key is generated during each round using a process called as
key transformation

Step 2: Expansion permutation: During Expansion permutation the RPT is expanded

from 32 bits to 48 bits. The 32-bit RPT is divided into 8 blocks, with each block
consisting of 4-bits. Each 4-bits block of the previous step is then expanded to a
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 7/ 26

corresponding 6-bit block, per 4-bit block, 2 more bits are added. They are the repeated
1st and 4th bits of the 4-bit block. The 2nd and 3rd bits are written as they were in the
input. The 48 bit key is XORed with the 48-bit RPT and the resulting output is given to
the next step.

Step 3: S-box substitution: It accepts the 48-bits input from the XOR operation involving
the compressed key and expanded RPT and produces 32-bit output using the substitution
techniques. Each of the 8 S-boxes has a 6-bit input and a 4-bit output. The output of each
S-box then combined to form a 32-bit block, which is given to the last stage of a round.

Step 4: P- box permutation: the output of S-box consists of 32-bits. These 32-bits are
permuted using P-box.
Step 5: XOR and Swap: The LPT of the initial 64-bits plain text block is XORed with
the output produced by P box-permutation. It produces new RPT. The old RPT becomes
new LPT, in a process of swapping.

Final Permutation: At the end of 16 rounds, the final permutation is performed. This is
simple transposition. For e.g., the 40th input bit takes the position of 1st output bit and so
on.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 8/ 26

b) Define access control and describe DAC, MAC and RBAC access control model.

(2 marks- definition, 2-marks for each access control)

Access is the ability of a subject to interest with an object. Authentication deals with
verifying the identity of a subject. It is ability to specify, control and limit the access to the
host system or application, which prevents unauthorized use to access or modify data or
resources.
Various access controls are:
- Discretionary Access control (DAC): Restricting access to objects based on the
identity of subjects and or groups to which they belongs to , It is conditional, basically
used by military to control access on system. UNIX based System is common method to
permit user for read/write and execute
- Mandatory Access control (MAC): It is used in environments where different
levels of security are classified. It is much more restrictive. It is sensitivity based
restriction, formal authorization subject to sensitivity. In MAC the owner or User cannot
determine whether access is granted to or not. i.e. Operating system rights. Security
mechanism controls access to all objects and individual cannot change that access.
- Role Based Access Control (RBAC): Each user can be assigned specific access
permission for objects associated with computer or network. Set of roles are defined. Role
in-turn assigns access permissions which are necessary to perform role.

Different User will be granted different permissions to do specific duties as per their
classification.

c) Gives the step for verification of a digital certificate.

Steps for verification of a digital certificate :(1 mark for each step)
Suppose Y receives digitally signed message from X, who he does not know or trust. X
has included his digital certificate with message, which has his public key embedded
within it. Before Y can be sure of the message from X, he has to go through following
steps:
1) Y will see that which CA signed X’s certificate and compares it to the list of CAs he
has configured.
2) If X’s certificate is in the list of trusted CAs, then he will pass X’s certificate through
hashing algorithm which will result in Message digest A.
3) Every certificate has a different encrypted Message digest value embedded within it,
which is a Digital signature. Y takes CA’s public key and decrypts the embedded Digital
signature value which is called decrypted DS value B.
4) If value A & B matches then Y can be assured that this CA have actually created a
certificate.
5) Y needs to be ensured that the issuing CA has not revoked this certificate.
6) Y will compare email address which is inserted by CA in the certificate with the
address that sent this message. If these values are the same he can be assured that the
message came from email address that was provided during registration process of
certificate.
7) Validity of certificate is proven according to start and stop date of the certificate.
8) Y trusts that this certificate is legal and belongs to X.Y could read the message.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 9/ 26

Q.3. Attempt ant Four of the following:

a) Describe overview of Kerberos with diagram.
Kerberos is a network authentication protocol and it is designed to provide strong authentication
for client server applications. It uses secret key cryptography. It is a solution to your network
security problems. It provides the tools of authentication and strong cryptography over the network
to help you secure your information system. (1 mark)
There are four parties involved in the Kerberos protocol (3 marks)
The client workstation
Authentication Server(AS)
Ticket Granting Server(TGS)
The server offering services such as network printing, file sharing.
1) The AS, receives the request from the client and then AS verifies the client. This is done
by just looking into a simple database of the user’s ID.
User ID
client

Authentication
2) Server(AS)
After verification, a time stamp is created. It will put the current time in user session with
an expiry date. Then the encryption key is created. The timestamp tells that after 8 hours the
encryption key is useless.
3) The key is sent back to the client in the form of a ticket-granting ticket (TGT).It is a
simple ticket which is issued by the authentication server(AS) and used for authenticating the
client for future reference.

Ticket granting
Client ticket

Time stamp:8
hours
Authentication Server
(AS)
Then the client submits this TGT to the ticket granting server (TGS), for authentication.

Client

Authentication
Server (AS)

TGT
Timestamp:8
hours

Ticket Granting server

(TGS)
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 10/ 26

4) TGS creates an encrypted key with a time stamp and grants a service ticket to the
client.

Client

Authentication Server
Encrypted (AS)
key

Time stamp:8 hours

Ticket Granting server

(TGS)
5) Then the client decrypts the ticket, intimate the TGS that is done and sends its
own encrypted key to the service server or application.

Client

Authentication Server (AS)

Encrypted key
Time stamp:
8hours

Ticket granting server (TGS)

Service server

The service server decrypts the key send by the client and checks the validity of the time
stamp. If timestamp is valid, the service server contacts the key distribution center to
receive a session which is returned to the client.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 11/ 26

6) The client then decrypts the ticket. If the key is still valid then the communication is
initiated between client and server.

succes
client s Service
server

b) Draw and explain biometric system.

(diagram 1M, explanation 3M)
Stored
templates

Enrollment
Feature Template Matcher
Preprocessing
extractor generator

Sensor
Application
device

Biometric refers study of methods for uniquely recognizing humans based upon one or
more intrinsic physical or behavioral characteristics. Biometric identification is used on
the basis of some unique physical attribute of the user that positively identifies the user.
Example: finger print recognition, retina and face scan technic, voice synthesis and
recognition and so on. Physiological are related to shape of the body. For example finger
print, face recognition, DNA, palm print, iris recognition and so on. Behavioral are related
to the behavior of a person.
For example typing rhythm, gait, signature and voice.
The first time an individual uses a biometric system is called an enrollment. During the
enrollment, biometric information from an individual is stored. In the subsequent uses,
biometric information is detected and compared with the information stored at the time of
enrollment.
1) The first block (sensor) is the interface between the real world and the system; it has
to acquire all the necessary data.
2) The 2nd block performs all the necessary preprocessing.
3) The third block extracts necessary features. This step is an important step as the
correct features need to be extracted in the optimal way.
4) If enrollment is being performed the template is simply stored somewhere (on a card
or within a database or both).if a matching phase is being performed the obtained
template is passed to a matcher that compares it with other existing templates,
estimating the distance between them using any algorithm. The matching program
will analyze the template with the input. This will then be output for any specified use
or purpose.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 12/ 26

c) What are the techniques for transforming plain text to cipher text? Explain
any one in detail.
(Explanation of any one is allowed) (Marks 2) for example.

Transforming plain text to cipher text is the science of encrypting information

scheme is based on algorithms.
Different techniques are: (2 marks)
1. Substitution technique
a) Caesar cipher
b) Modified version of Caesar cipher
c) Mono-alphabetic cipher
d) Vigenere’s cipher
2. Transposition technique
a) Rail fence
b) Route cipher
c) Columnar cipher
3. Steganography
4. Hashing
5. Symmetric and asymmetric cryptography
6. DES (data encryption standard)

Caesar cipher:
It is proposed by Julius Caesar. In cryptography Caesar cipher also known as caesar’s
cipher/code, shift cipher/code.
It is one of the simplest and most widely known encryption techniques.
It is a type of substitution technique in which each letter in the plain text is replaced by a
letter some fixed number of position down the alphabet.
For example, with a shift of 3, A would be replaced by D, B would became E, and so on
as shown in the table below.

Plain
A B C D E F G H I J K L M
text
Cipher
D E F G H I J K L M N O P
text

Plain N O P Q R S T U V W X Y Z
text
Cipher Q R S T U V W X Y Z A B C
text

Using this scheme, the plain text “SECRET” encrypts as

Cipher text “VHFUHW” .
To allow someone to read the cipher text, you tell them that the key is 3
Algorithm to break Caesar cipher:
1. Read each alphabet in the cipher text message, and search for it in the second row of
the table above.
2. When a match in found, replace that alphabet in the cipher text message with the
corresponding alphabet in the same column but the first row of the table. (For
example, if the alphabet cipher text is J, replace it with G).
3. Repeat the process for all alphabets in the cipher text message.
Or
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 13/ 26

Rail Fence Technique algorithm:

1. Write down the plain text message as a sequence of diagonals.
2. Read the plain text written in step1 as a sequence of rows.

The cipher text for the plain text COME HOME as follows:

C M H M

O E O E

Cipher text is CMHMOEOE

d) Describe the working principle of PEM email security.

PEM supports the 3 main cryptographic functions of encryption, nonrepudiation and
message integrity. The steps involved in PEM operation as follows. (1 mark for each
step)

[Link] Conversion Key

Transformation

2. Digital Signature Expansion

Permutation

3. Encryption

4. Base 64 encoding-box substitution

Step 1: canonical conversion: there is a distinct possibility that the sender and the
receiver of an email message use computers that have different architecture and operating
[Link] transforms each email message into an abstract, canonical representation.
This means that regardless of the architecture and the operating system of the sending and
receiving computers, the email travels in a uniform, independent format.

Step 2: Digital signature

Email message Message digest 10101

To:
01010
From: Algorithm (MD2 or MD5)
10…
Subject:

Message Digest

-It starts by creating a MD of email message using an algorithm such as MD2 or MD5.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 14/ 26

- The MD thus created is then encrypted with sender’s private key to form the sender’s
digital signature.
10101
01010 encrypt Digital
10… signature

Sender’s private key

Step 3-encryption:
The original email and the digital signature are encrypted together with a
symmetric key

Email message
To: Symmetric key
From:
Subject: Encrypted
encrypt
+ result
Digital
DES or DES-3 in CBC mode
signature

Step 4: Base- 64 encoding-This process transforms arbitrary binary input into printable
character output. The binary input is processed in blocks of 3 octets or 24 bits. These 24
bits are considered to be made up of 4 sets, each of 6 bits. Each such set of 6 bits is
mapped into an 8-bit output character in this process.

Input bit stream

01010101010101010000110001011111001001…..

Divided into 24-bits

01010101.. 00010101….. 00010101…
blocks

010101 010000 111110

001011 Each 24-bit divided into four 6-bit
blocks

01010110 01000011 11111010 00101100

6-bit block mapped to 8-bit
block
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 15/ 26

e) Describe:
i. Application patches
ii. Upgrades.
i) Application patches (2marks)
As o.s continues to grow and introduce new functions, the potential for problems with
the code grows as well. It is almost impossible for an operating system vendor to test
its product on every possible platform under every possible platform under every
possible circumstance, so functionality and security issues do arise after an o.s. has
been released. Application patches are likely to come in three varieties: hot fixes,
patches and upgrades.
Application patches are supplied from the vendor who sells the application.
Application patches can be provided in many different forms like can be downloaded
directly from the vendor’s web site or FTP site or by CD. Application patches are
probably come in three varieties: hot fixes, patches and upgrades.
ii) Upgrades (2 marks)
These are another popular method of patching applications, and they are likely to be
received with a more positive role than patches. The term upgrade has a positive
implication-you are moving up to a better, more functional and more secure
application. The most vendors will release upgrades for fixes rather than any new or
enhanced functionality.

Q.4.
a) Attempt any Three of the following:
i. Consider a plain text “Computer Security” encrypt it with the help of rail fence
Technique also write the algorithm.
(2 marks for encryption and 2 marks for algorithm)
Rail Fence Technique algorithm:
3. Write down the plain text message as a sequence of diagonals.
4. Read the plain text written in step1 as a sequence of rows.
The cipher text for the plain text Computer security as follows:
C m u e s c r

o p t r e u i y

Cipher text: cmuescroptreuiy

ii. Describe packet filtering router firewall with neat diagram.(2 marks for explanation and
2 marks for diagram)

Internal(private internet
) network
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 16/ 26

Packet filter

Outgoing packets
Outgoing packets Incoming packetspackets
incoming

Receive each packet.

Apply rules.
If no rules, apply default
rules.

A packet filtering router firewall applies a set of rules to each packet and based on
outcome, decides to either forward or discard the packet. Such a firewall
implementation involves a router, which is configured to filter packets going in either
direction i.e. from the local network to the outside world and vice versa.
A packet filter performs the following functions.
1. Receive each packet as it arrives.
2. Pass the packet through a set of rules, based on the contents of the IP and transport
header fields of the packet. If there is a match with one of the set rule, decides whether
to accept or discard the packet based on that rule.
3. If there is no match with any rule, take the default action. It can be discard all packets
or accept all packets.
Advantages: simplicity, transparency to the users, high speed
Disadvantages: difficult to set up packet filtering rules, lack of authentication.

iii. Describe the following w.r.t. cyber laws:

1) IT act 2000
2) IT act 2008
1) IT act 2000(2 marks):
According to Indian cyber laws, Information technology is the important law and it
had passed in Indian parliament in year [Link] act is helpful to encourage business
by use of internet. Due to misuse of internet and increase of cybercrime, the Govt. of
India made an act for safeguarding the internet users.
The main objectives of this act are as follows.
1. To provide legal recognition to the transaction that can be done by electronic way or
by using internet.
2. To provide legal recognition to digital signature used in transaction.
3. To provide facilities like filling of document online relating to admission or
registration.
4. To provide facility to any company that they can store their data in electronic storage.
5. To provide legal recognition for bankers and other companies to keep accounts in
electronic form.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 17/ 26

2) IT act 2008(2 marks):

It is the Information Technology Amendment Act,[Link] act was developed for IT

industries, control e-commerce, to provide e-governance facility and to stop
cybercrime attacks.
Following are the characteristics of IT ACT 2008:
a) This act provide legal recognition for the transaction i.e. Electronic Data
Interchange(EDI) and other electronic communications.
b) This Act also gives facilities for electronic filling of information with the Government
agencies.
c) It is considered necessary to give effect to the said resolution and to promote efficient
delivery of Government services by means of reliable electronic records.

iv. What is secure electronic transaction? Enlist and describe any four components
of SET.
Secure electronic Transaction is an open encryption and security specification that is
designed for protecting credit card transactions on the Internet. It is a set of security
protocols and formats that enable the users to employ the existing credit card payment
infrastructure on the internet in a secure manner.(1 mark)
Components of SET (1 mark)
1) Cardholder
2) Merchant
3) Issuer
4) Acquirer
5) Payment gateway
6) Certification Authority(CA)
Describe any four (1/2 mark for each)
1) Cardholder: A cardholder is an authorized holder of a payment card such as
MasterCard or Visa that has been issued by an Issuer.
2) Merchant: Merchant is a person or an organization that wants to sell goods or services
to cardholders.
3) Issuer: The issuer is a financial institution that provides a payment card to a
cardholder.
4) Acquirer: this is a financial institution that has a relationship with merchants for
processing payment card authorizations and payments. Also provides an assurance that
a particular cardholder account is active and that the purchase amount does not exceed
the credit limits. It provides electronic fund transfer to the merchant account.
5) Payment Gateway: It processes the payment messages on behalf of the merchant. It
connects to the acquirer’s system using a dedicated network line.
6) Certification Authority(CA): This is an authority that is trusted to provide public key
certificates to cardholders, merchant, and Payment Gateway.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 18/ 26

b) Attempt any ONE of the following:

i. Compare Insider and Intruders of four points and describe who is more
dangerous.(4marks for any 4 points)
Intruders Insiders
Intruders are authorized or unauthorized Insiders are authorized users who try to
users who are trying access the system or access system or network for which he is
network. unauthorized.
They are hackers or crackers Insiders are not hackers.
Intruders are illegal users. Insiders are legal users.
Less dangerous than insiders More dangerous than Intruders.

They have to study or to gain knowledge They have a knowledge about the
about the security system security system.
They do not have access to system. They have easy access to the system
because they are authorized users.
Many security mechanisms are used to There is no such mechanism to protect
protect system from Intruders. system from Insiders.

Describe who is more dangerous. (2 marks)

Insiders are more dangerous than intruders because:
i) The insiders have the access and necessary knowledge to cause immediate damage to
an organization.
ii) There is no security mechanism to protect system from Insiders. So they can have all
the access to carry out criminal activity like fraud. They have knowledge of the
security systems and will be better able to avoid detection.

ii. Describe:
1. Man in the middle attack
2. Replay attach with diagrams.
i) Man in the middle attack:(3 marks)
A man in the middle attack occurs when attackers are able to place themselves in the
middle of two other hosts that are communicating in order to view or modify the
traffic. This is done by making sure that all communication going to or from the target
host is routed through the attacker’s host.
Then the attacker is able to observe all traffic before transmitting it and can actually
modify or block traffic. To the target host, communication is occurring normally, since
all expected replies are received.
Communication appears to direct
Host B Host A

Attacker relays messages

to destination
hostCommunication Attacker
actually
send to attacker
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 19/ 26

i) Replay attack with diagram(3 marks)

In replay attack an attacker captures a sequence of events or some data units and
resends them. For example suppose user A wants to transfer some amount to user C’s
bank account. Both users A and C have account with bank B. User A might send an
electronic message to bank B requesting for fund transfer. User C could capture this
message and send a copy of the same to bank B. Bank B would have no idea that this
is an unauthorized message and would treat this as a second and different fund transfer
request from user A. So C would get the benefit of the fund transfer twice.-once
authorized and once through a replay attack.
message
Host A(User A) Host B(Bank)

message
message
Host C(attacker)

Q.5. Attempt any Two of the following:

a) Describe the role of people in security.
Role of people in security (each point 1 Mark, 8 point)
a) Password selection:
1) User should be able to create their own easy to remember passwords, but
should not be easy for someone else to guess or obtain using password cracking
utilities.
2) Password should meet some essential guidelines for [Link] should contain some
special characters etc.
3) It should not consist of dictionary words. Etc.
b) Piggybacking: It is a simple approach of following closely behind a person who
has just used their own access card or PIN to gain physical access. In this way an
attacker can gain access to the facility without knowing the access code.
c) Shoulder surfing: An attacker positions themselves in such a way that he is
able to observe the authorized user entering the correct access code.
d) Dumpster diving: It is the process of going through a target’s trash in order
to find little bits of information.
e) Installing Unauthorized Software/Hardware: because of possible risks, many
organizations do not allow their users to load software or install new hardware
without the information and help of administrators. Organizations also restrict what
an individual do by received e-mails.
f) Access by non-employees: If attacker can get physical access to a facility then
there are many chances of obtaining enough information to enter into computer
systems and networks. Many organizations restrict their employees to wear
identification symbols at work.
g) Security awareness: security awareness program is most effective method to
oppose potential social engineering attacks when organization’s security goals and
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 20/ 26

policies are established. An important element that should concentrate in training is

which information is sensitive for organization and which may be the target of a
social engineering attack.
h) Individual user responsibilities:
i) Lock the door of office or workspace.
ii) Do not leave sensitive information inside your car unprotected.
iii) Secure storage media which contains sensitive information.
iv) Shredding paper containing organizational information before discarding it.(more
points can be added).

b) Describe the components of HIDS with neat diagram. State its advantages and
disadvantages.(2 marks explanation , diagram 2 marks, 2 Advantages, Disadvantages 2
Marks)
Intrusion detection system (IDS):
An intrusion detection system (IDS) monitors network traffic and monitors for
suspicious activity and alerts the system or network administrator. In some cases the IDS
may also respond to anomalous or malicious traffic by taking action such as blocking
the user or source IP address from accessing the network.

1. HIDS
Host Intrusion Detection Systems are run on individual hosts or devices on the
network. A HIDS monitors the inbound and outbound packets from the device
only and will alert the user or administrator when suspicious activity is detected.

HIDS is looking for certain activities in the log file are:

Logins at odd hours
Login authentication failure
Adding new user account
Modification or access of critical system files
Modification or removal of binary files
Starting or stopping processes
Privilege escalation
Use of certain programs

Basic Components HIDS:

1. Traffic collector:
This component collects activity or events from the IDS to examine.
On Host-based IDS, this can be log files, audit logs, or traffic coming to or
leaving a specific system.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 21/ 26

On Network-based IDS, this is typically a mechanism for copying traffic of the

network link.
2. Analysis Engine:
This component examines the collected network traffic & compares it to known
patterns of suspicious or malicious activity stored in the signature database.
The analysis engine act like a brain of the IDS.
3. Signature database:
It is a collection of patterns & definitions of known suspicious or malicious activity.
4. User Interface & Reporting:
This is the component that interfaces with the human element, providing alerts when
suitable & giving the user a means to interact with & operate the IDS.

Advantages:
O.S specific and detailed signatures.
Examine data after it has been decrypted.
Very application specific.
Determine whether or not an alarm may impact that specific.
Disadvantages:
Should a process on every system to watch.
High cost of ownership and maintenance.
Uses local system resources.
If logged locally, could be compromised or disable.

c) What is IP sec? Draw and explain the AH format of IP sec.

IPSec architecture: The overall idea of IPSec is to encrypt and seal the transport and
application layer data during transmission. Also offers integrity protection for the
Internet layer. IPSec layer sits in between the transport and the Internet layers of
conventional TCP/IP protocol stack

Diagram and Theory (2 mark)

IPSec actually consists of two main protocols a) Authentication Header (AH):

b) Encapsulating Security Payload (ESP):

a) Authentication Header (AH) (2 marks)

The AH provides support for data integrity and authentication of IP packets. The
data integrity service ensures that data inside IP packet is not altered during the transit.
The authentication service enables an
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 22/ 26

end user or computer system to authenticate the user or the application at the other end
and decides to accept or reject packets accordingly. This also prevents IP spoofing
attacks. AH is based on MAC protocol, which means that the two communicating parties
must share a secret key in order to use AH.

Diagram

Modes of operation (4 marks)

Both AH and ESP works in two modes:
Tunnel mode:
In tunnel mode, IPsec protects the entire IP datagram. It takes an IP datagram, adds
the IPSec header and trailer and encrypts the whole thing. it then adds new IP header to
this encrypted datagram.

Diagram

2) Transport mode:

Transport mode does not hide the actual source and destination addresses. They are
visible in plain text, while in transit. In the transport mode, IPSec takes the transport
layer payload, adds IPSec header and trailer, encrypts the whole thing and then adds the
IP header. Thus IP header is not encrypted.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 23/ 26

Diagram

Q.6. Attempt any FOUR of the following:

a) State any four different types of problems occur due to installation of unauthorized
software/hardware.(1 mark for each)

1. Installing unauthorized software from internet may create backdoors in your system or
network which can be used to access a system by avoiding normal security mechanism.

2. When we are installing various games from the internet, the problems with such a
download is that users don’t know from where the software originally came and what may
be hidden inside it?

3. Accessing and downloading data from unofficial sites can create virus problem into
your system as well in entire network.

4. Unauthorized hardware device and software product is not capable to protect your
system/network due to lack in security functionality.

b) Describe Caeser’s cipher technique. Write its algorithm with an example.

(Algorithm 2 marks Explanation 2 marks)

Caesar cipher:
It is proposed by Julius Caesar. In cryptography, Caesar cipher also known as Caesar’s
cipher/code, shift cipher/code.
It is one of the simplest and most widely known encryption techniques.
It is a type of substitution technique in which each letter in the plain text is replaced
by a letter some fixed number of position down the alphabet.

For example, with a shift of 3, A would be replaced by D, B would became E, and so on

as shown in the table below.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 24/ 26

Plain
A B C D E F G H I J K L M
text
Cipher
D E F G H I J K L M N O P
text

Plain
N O P Q R S T U V W X Y Z
text

Cipher
Q R S T U V W X Y Z A B C
text

Using this scheme, the plain text “SECRET” encrypts as

Cipher text “VHFUHW” .
To allow someone to read the cipher text, you tell them that the key is 3

Algorithm to break Caesar cipher:

1. Read each alphabet in the cipher text message, and search for it in the second row of
the table above.
2. When a match in found, replace that alphabet in the cipher text message
with the corresponding alphabet in the same column but the first row of the table.
(For example, if the alphabet cipher text is J, replace it with G).
3. Repeat the process for all alphabets in the cipher text message.

c) Describe DMZ with suitable diagram.

(Diagram 1 mark , Explanation 3 marks)

DMZ (Demilitarized Zone)

It is a computer host or small network inserted as a “neutral zone” in a company’s private

network and the outside public network.

It avoids outside users from getting direct access to a company’s data server. A DMZ is an
optional but more secure approach to a firewall. It can effectively acts as a proxy server.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 25/ 26

The typical DMZ configuration has a separate computer or host in network which receives
requests from users within the private network to access a web sites or public network.
Then DMZ host initiates sessions for such requests on the public network but it is not able
to initiate a session back into the private network. It can only forward packets which have
been requested by a host.

The public network’s users who are outside the company can access only the DMZ host.
It can store the company’s web pages which can be served to the outside users. Hence, the
DMZ can’t give access to the other company’s data.

By any way, if an outsider penetrates the DMZ’s security the web pages may get
corrupted but other company’s information can be safe.

d) Describe:
i. Hacking
ii. Cracking
(2 marks for each)
(i) Hacking:
Hacking is one of the most well-known types of computer crime. A hacker is someone who
find out and exploits the weaknesses of s computer systems or networks.
Hacking refers to unauthorized access of another’s computer systems. These intrusions are
often conducted in order to launch malicious programs known as viruses, worms, and Trojan
horses that can shut down hacking an entire computer network.
Hacking is also carried out as a way to talk credit card numbers, intent passwords, and other
personal information.
By accessing commercial database, hackers are able to steal these types of items from
millions of internet users all at once.
There are different types of hackers:
1. White hat
2. Black hat
3. Grey hat
4. Elite hacker
5. Script hacker

(ii) Cracking:
In the cyber world, a cracker is someone who breaks into a computer system or network
without authorization and with the intention of doing damage.
Crackers are used to describe a malicious hacker.
Crackers get into all kinds of mischief like he may destroy files, steal personal information
like credit card numbers or client data, infect the system with a virus, or undertake many
others things that cause harm.
Cracking can be done for profit, maliciously, for some harm to organization or to individuals.
Cracking activity is harmful, costly and unethical.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Winter – 14 EXAMINATION
Subject Code: 17514 Model Answer Page 26/ 26

e) Explain secure socket layer and describe the SSL protocol stack with neat diagram.
(Diagram 1 mark, Explanation of blocks 3 marks)
SSL:
SSL is a commonly used internet protocol for managing the security of a message
transmission between web browser and web server.
SSL is succeeded by transport layer security (TLS) and it is based on SSL.
SSL uses a program layer which is located between internet’s hypertext transfer protocol
(http) and transport control protocol (TCP) layers.
SSL is included as part of both the Microsoft and Netscape browsers and most web server
products.
SSL provides two levels of security services, authentication and confidentiality. SSL is
logically a pipe between web browser and web server.

Fig. SSL protocol stack

1. Handshake protocol:
This protocol allows the server and client to authenticate each other.
Also, it will allow negotiating an encryption and MAC algorithm.
This protocol is used before transmitting any application data. Basically, this protocol contains
a series of messages exchanged by client and server.
The handshake protocol is actually made up of four phases, those are:
I. Establish security capabilities
II. Server authentication and key exchange
III. Client authentication and key exchange
IV. Finish
2. Record protocol:
Record protocol comes into the picture after a successful completion of handshake between
client and server. It provides two services for SSL connection, as follow:
a) Confidentiality: this is achieved by using the secret key that is defined by the handshake
protocol.
b) Integrity: the handshake protocol also defines a shared secret key (MAC) that is used for
assuring the message integrity.
3. Alert protocol: when either the client or the server detects an error, the detecting party
sends an error message to other party.
If the error is fatal, both the parties immediately close the SSL connection. Both the parties
also destroy the session identifiers, secret and keys associated with this connection before it is
terminated.
Other errors, which are not so severe, do not result in the termination of the communication.
Instead, the parties handle the error and continue.
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 1/ 26

Important Instructions to examiners:

1) The answers should be examined by key words and not as word-to-word as given in the model
answer scheme.
2) The model answer and the answer written by candidate may vary but the examiner may try to
assess the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more importance
(Not applicable for subject English and Communication Skills)
4) While assessing figures, examiner may give credit for principal components indicated in the
figure. The figures drawn by candidate and model answer may vary. The examiner may give credit
for any equivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed constant
values may vary and there may be some difference in the candidate‘s answers and model answer.
6) In case of some questions credit may be given by judgment on part of examiner of relevant
answer based on candidate‘s understanding.
7) For programming language papers, credit may be given to any other program based on
equivalent concept.
Q 1. A) Attempt Any Three (12 marks)
a) What is CIA security? Describe in brief.
(1 Mark each Point explanation)Total 4 Marks)
The need of computer security has been threefold: confidentiality, integrity, and
availability—the ―CIA‖ of security. (1 mark for each principle)
1. Confidentiality: the principle of confidentiality specifies that only sender and intended
recipients should be able to access the contents of a message. Confidentiality gets compromised if
an unauthorized person is able to access the contents of a message.
Example of compromising the Confidentiality of a message is shown in fig.

A Secret B

C
Fig. Loss of confidentiality
Here, the user of a computer A send a message to user of computer B. another user C gets access
to this message, which is not desired and therefore, defeats the purpose of Confidentiality.
This type of attack is also called as interception.
2. Authentication: Authentication helps to establish proof of identities. The Authentication
process ensures that the origin of a message is correctly identified.
For example, suppose that user C sends a message over the internet to user B. however, the trouble
is that user C had posed as user A when he sent a message to user B. how would user B know that
the message has come from user C, who posing as user A? This concept is shown in fig. below.
This type of attack is called as fabrication.

A I am B
user A

C
Fig. absence of authentication
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 2/ 26

3. Integrity: when the contents of the message are changed after the sender sends it, but before it
reaches the intended recipient, we say that the integrity of the message is lost.
For example, here user C tampers with a message originally sent by user A, which is actually
destined for user B. user C somehow manages to access it, change its contents and send the
changed message to user B. user B has no way of knowing that the contents of the message were
changed after user A had sent it. User A also does not know about this change.
This type of attack is called as modification.
Ideal route of message
A B

Actual route of message

Fig. Loss of Integrity

b) List any four biometrics methods used for identification. List any four advantages of
biometrics.

Biometric refers study of methods for uniquely recognizing humans based upon one or more
intrinsic physical or behavioral characteristics.
Different methods of Biometrics (any four 2Marks)
1. Finger print recognition
2. Hand print recognition
3. Retina/iris scan technique
4. Face recognition
5. Voice patterns recognition
6. Signature and writing patterns recognition
7. Keystroke dynamics

Advantages of biometrics (any four 2 marks)

i) Biometrics cannot be lost, stolen or forgotten. Barring disease or serious physical injury,
the biometric is consistent and permanent.
ii) It is also secure in that the biometric itself cannot be socially engineered, shared or used
by others.
iii) There is no requirement to remember password or pins, thus eliminating an overhead cost.
iv) Coupled with a smart card, biometrics provides strong security for any credentials on the
smart card.
v) It provides a high degree of confidence in user identity.
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 3/ 26

c) Encryption and Decryption with reference to computer security.

Encryption:
The process of encoding plain text into cipher text message is known as Encryption.

dddee
Plain text Encrypt Cipher text (1 mark)

Decryption:

The reverse process of transforming cipher text message back to plain text message is called
decryption.

(1 mark)
Cipher text Decrypt Plain text

Encryption and Decryption process (2 marks)

In the communication, the computer at sender‘s end usually transforms a plain text into cipher text by
performing encryption by applying encryption algorithm. The encrypted cipher text is then sent to the
receiver over the network. The receiver‘s computer then takes the encrypted message and then perform the
reverse of encryption i.e. decryption by applying decryption algorithm.

sender receiver

Plain text Plain text

Decrypt
Encrypt

Cipher text
Cipher text Internet

d) Explain following terms with respect to security:

i. Intruders (2 marks)
An intruder is a person that enters territory that does not belong to that person. Intruders try
to intrude into the privacy of the network.

Intruders are said to be of three types, as below:

a) Masquerader: A user who does not have the authority to use a computer, but penetrates
into a system to access a legitimate user‘s account is called a masquerader. It is generally
an external user.

b) Misfeasor: There are two possible cases for an internal user to be called as a misfeasor:
i) A legitimate user, who does not have access to some applications, data or resources,
accesses them.
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 4/ 26

ii) A legitimate user, who has access to some applications, data or resources, misuses these
privileges.

c) Clandestine user: An internal or external user who tries to work using the privileges of a
supervisor user to avoid auditing information being captured and recorded is called as a
clandestine user.
ii. Insiders (2marks)
Insiders are authorized users who try to access system or network for which he is
unauthorized. Insiders are legal users. More dangerous than Intruders. They have
knowledge about the security system. They have easy access to the system because they
are authorized users. There is no such mechanism to protect system from Insiders.
Insiders are more dangerous than intruders because:

The insiders have the access and necessary knowledge to cause immediate damage to an
organization. There is no security mechanism to protect system from Insiders. So they can have all
the access to carry out criminal activity like fraud. They have knowledge of the security systems
and will be better able to avoid detection.

Q. 1) B) Attempt Any One (6 Marks)

a) Describe the following attacks (3 marks each)

i) Sniffing:

The group of protocols which make up the TCP/ IP suite was designed to work in a friendly
environment where everybody who was connected to the network used the protocols as they were
designed. The abuse of this friendly assumption is illustrated by network traffic sniffing programs,
is referred to as ‗sniffers‘.

A network ―sniffers‖ is a software or hardware device that is used to observe traffic as it passes
through a network on shared broadcast media. The device can be used to views all traffic or it can
target a specific protocol, service, or even string of characters.

ii)spoofing:

Spoofing is nothing more than making data look like it has come from a different source. This is
possible in TCP/ IP because of the friendly assumption behind the protocol. When the protocols
were developed, it was assumed that individuals who had access to the network layer would be
privileged users who could be trusted. When a packet is sent from one system to another, it
includes not only the destination IP address ant port but the source IP address as well which is one
of the forms of Spoofing.

Example of spoofing: e-mail spoofing, URL spoofing, IP address spoofing.

b) Enlist any four cyber-crimes (2 marks). Describe anyone in detail.(4 marks)

1) Hacking
2) Cracking
3) Theft
4) Malicious software
5) Child soliciting and abuse
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 5/ 26

(Any one explanation is expected)

(i) Hacking:
Hacking is one of the most well-known types of computer crime. A hacker is someone who
find out and exploits the weaknesses of s computer systems or networks.
Hacking refers to unauthorized access of another‘s computer systems. These intrusions are
often conducted in order to launch malicious programs known as viruses, worms, and Trojan
horses that can shut down hacking an entire computer network.
Hacking is also carried out as a way to talk credit card numbers, intent passwords, and other
personal information.
By accessing commercial database, hackers are able to steal these types of items from millions
of internet users all at once.
There are different types of hackers:
1. White hat
2. Black hat
3. Grey hat
4. Elite hacker
5. Script hacker
(ii) Cracking:
In the cyber world, a cracker is someone who breaks into a computer system or network
without authorization and with the intention of doing damage.
Crackers are used to describe a malicious hacker.
Crackers get into all kinds of mischief like he may destroy files, steal personal information
like credit card numbers or client data, infect the system with a virus, or undertake many
others things that cause harm.
Cracking can be done for profit, maliciously, for some harm to organization or to individuals.
Cracking activity is harmful, costly and unethical.

Q.2) Attempt Any Two 16 Marks

a) Explain following attacks (4 marks each)

i) Man in the middle attack.
A man in the middle attack occurs when attackers are able to place themselves in the
middle of two other hosts that are communicating in order to view or modify the traffic.
This is done by making sure that all communication going to or from the target host is
routed through the attacker‘s host.
Then the attacker is able to observe all traffic before transmitting it and can actually modify
or block traffic. To the target host, communication is occurring normally, since all expected
replies are received.
Communication appears to direct
Host B Host A

Attacker relays messages

to destination host
Communication actually Attacker
send to attacker
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 6/ 26

To prevent this attack both sender and receiver must authenticate each other.

ii) Denial Of Service Attack.

Denial of service (DOS) attack scan exploits a known vulnerability in a specific application or
operating system, or they may attack features (or weaknesses) in specific protocols or services. In
this form of attack, the attacker is attempting to deny authorized users access either to specific
information or to the computer system or network itself.
The purpose of such an attack can be simply to prevent access to the target system, or the attack
can be used in conjunction with other actions in order to gain unauthorized access to a computer or
network.
SYN flooding is an example of a DOS attack that takes advantage of the way TCP/IP networks
were designed to function, and it can be used to illustrate the basic principles of any DOS
[Link] flooding utilizes the TCP three-way handshake that is used to establish a connection
between two systems.
In a SYN flooding attack, the attacker sends fake communication requests to the targeted system.
Each of these requests will be answered by the target system, which then waits for the third part of
the handshake. Since the requests are fake the target will wait for responses that will never come,
as shown in Figure .

The target system will drop these connections after a specific time-out period, but if the attacker
sends requests faster than the time-out period eliminates them, the system will quickly be filled
with requests. The number of connections a system can support is finite, so when more requests
come in than can be processed, the system will soon be reserving all its connections for fake
requests. At this point, any further requests are simply dropped (ignored), and legitimate users who
want to connect to the target system will not be able to. Use of the system has thus been denied to
them.

Following are types of DOS:

1. POD (ping-of-death)
2. DDOS (Distributed Denial of Service attack)
These types of attacks are difficult to prevent because the behavior of whole networks needs to be
analyzed, not only the behavior of small piece of code.

b) i) characteristics of good password.(4 marks)

1. Password should be at least eight characters in length.
2. Password should have at least three of the following four elements:
i. One or more upper case letters (A-Z)
ii. One or more lower case letters (a-z)
iii. One or more numerical (0to9)
iv. One or more special character (!, @,#,$,&,:,.,;,?)
3. Password should not consist of dictionary words.
4. Password should not at all be the same as login name.
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 7/ 26

5. Password should not consist of user's first or last name, family members name, birth dates,
pet names, pin and mobile numbers.

ii) Dumpster diving (4 marks)

System attackers need certain amount of information before launching their attack. One common
place to find this information, if the attacker is in the vicinity of target is to go through the target‘s
thrash in order to find little bits of information that could be useful. The process of going through
target‘s thrash is known as ―dumpster diving‖.(2 marks)

The search is carried out in waste paper, electronic waste such as old HDD, floppy and CD media
recycle and trash bins on the systems etc.

If the attacker is lucky, the target has poor security process they may succeed in finding user ID‘s
and passwords. If the password is changed and old password is discarded, lucky dumpster driver
may get valuable clue.(1mark)

To prevent dumpster divers from learning anything valuable from your trash, experts
recommend that your company should establish disposal policy (1 mark)

d) Concept of hashing with the help of diagram. (4 marks) .list advantages (4 marks)

Message
Message

II I
Compare
I
Hash

I H
S

I
S=single security key

A hash is a special function that performs one way encryption meaning that once the
algorithm is processed, there is no feasible way to take the cipher text and retrieve the plain text
that was used to generate it.

The hash code is a function of all bits of the message and provides an error detection
capability. A change in any bit or bits result in a change hash value.
A hash value h is generated by a function H of the form h=H(M)

Where M is variable length message and H(M) is the fix length hash value.
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 8/ 26

The hash value is appended to the message at the source at a time when the message is
assumed or known to be correct.
The receiver authenticates that message by recomputing the hash value.
The message plus concatenated Hash code is encrypted using symmetric encryption.
Sender and receiver share the same secret key. The message must have come from
authorized sender and has not been altered is checked by recomputing and comparing hash
code by receiver.

Advantages (4 points 1 mark each)

It is more efficient to compute a digital signature using a document‘s message digest.

A digest can be made public without revealing the contents of the document from which it
derives.
It is used for digital authentication must have certain properties that make it secure enough
for cryptographic use.
Combining the data message with the secret, and running it through a hash function, a
signature is generated in the form of the hash value. The data message is transmitted along
with the signature. The recipient combines the received message with the secret, generates
a hash value, and checks to make sure it's identical to the signature. The message's
authenticity is thus verified.

Q. 3 Attempt any four: (16 Marks)

a) What is then application of firewall? How it works? Enlist limitations.

(Application – 1 Mark, Working- 2 Marks, Any two Limitation- 1 Mark)

Application:
A firewall is a networking device – hardware, software or a combination of both– whose purpose
is to enforce a security policy across its connection.
Working: Firewalls enforce the establishment security policies. Variety of mechanism includes:
Network Address Translation (NAT)
Basic Packet Filtering
Stateful Packet Filtering
Access Control Lists (ACLs)
Application Layer Proxies.
One of the most basic security function provided by a firewall is Network Address Translation
(NAT). This service allows you to mask significant amounts of information from outside of the
network.
This allows an outside entity to communicate with an entity inside the firewall without truly
knowing its address. Basic Packet Filtering, the most common firewall technique, looking at
packets, their protocols and destinations and checking that information against the security
policy. Telnet and FTP connections may be prohibited from being established to a mail or
database server, but they may be allowed for the respective service servers. This is a fairly
simple method of filtering based on information in each packet header, like IP addresses and
TCP/UDP ports. This will not detect and catch all undesired packet but it is fast and efficient.
Limitations:
1. Firewall do not protect against inside threats.
2. Packet filter firewall does not provide any content based filtering.
3. Protocol tunneling, i.e. sending data from one protocol to another protocol which negates
the purpose of firewall.
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 9/ 26

4. Encrypted traffic cannot be examine and filter.

b) Describe in brief:
i. Piggybacking
ii. Shoulder surfing

(Explanation of Piggybacking- 2 Marks, Explanation of Shoulder surfing- 2 Marks)

Piggy-backing is the simple process of following closely behind a person who has just used their
own access card or PIN to gain physical access to a room or building. An attacker can thus gain
access to the facility without having to know the access code or having to acquire an access
card. Piggybacking, in a wireless communications context, is the unauthorized access of a
wireless LAN. Piggybacking is sometimes referred to as ―Wi-Fi squatting‖. The usual purpose
of piggybacking is simply to gain free network access rather than any malicious intent, but it
can slow down data transfer for legitimate users of the network. Furthermore, a network that is
vulnerable to piggybacking for network access is equally vulnerable when the purpose is data
theft, dissemination of viruses, or some other illicit activity.
Example: Access of wireless internet connection by bringing one's own computer within the
range of another wireless network & using that without explicit permission
Shoulder surfing is a similar procedure in which attackers position themselves in such a way as-
to be-able to observe the authorized user entering the correct access code or data. Both of these
attack techniques can be easily countered by using simple procedures to ensure nobody follows
you too closely or is in a position to observe your actions. Shoulder surfing is using direct
observation techniques, such as looking over someone's shoulder, to get information. Shoulder
surfing is an effective way to get information in crowded places because it's relatively easy to
stand next to someone and watch as they fill out a form, enter a PIN number at an ATM
machine. Shoulder surfing can also be done long-distance with the idea of binoculars or other
vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield
paper work or your keypad from view by using your body or cupping your hand.

c) What is meant by steganography? Describe its importance.

(Meaning – 1 Mark, Importance- 3Marks)
Steganography:
Steganography is the art and science of writing hidden message in such a way that no one, apart
from the sender and intended recipient, suspects the existence of the message.
Steganography works by replacing bits of useless or unused data in regular computer files (such
as graphics, sound, text, html or even floppy disks) with bits of different, invisible information.
This hidden information can be plain text, cipher text or even images.
In modern steganography, data is first encrypted by the usual means and then inserted, using a
special algorithm, into redundant data that is part of a particular file format such as a JPEG
image.
Steganography process :
Cover-media + Hidden data + Stego-key = Stego-medium

Cover media is the file in which we will hide the hidden data, which may also be encrypted using
stego-key. The resultant file is stego-medium. Cover-media can be image or audio file.
Stenography takes cryptography a step further by hiding an encrypted message so that no one
suspects it exists. Ideally, anyone scanning your data will fail to know it contains encrypted
data.
Stenography has a number of drawbacks when compared to encryption. It requires a lot of
overhead to hide a relatively few bits of information.
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 10/ 26

d) With the help of neat diagram describe host based intrusion detection system (HIDS).
(Diagram -2 Marks, Expnation-2 Marks)
Host Intrusion Detection Systems are run on individual hosts or devices on the network. A HIDS
monitors the inbound and outbound packets from the device only and will alert the user or
administrator when suspicious activity is detected. HIDS is looking for certain activities in the
log file are:
Logins at odd hours
Login authentication failure
Adding new user account
Modification or access of critical system files
Modification or removal of binary files
Starting or stopping processes
Privilege escalation
Use of certain programs

Basic Components HIDS:

1. Traffic collector:
This component collects activity or events from the IDS to examine.
On Host-based IDS, this can be log files, audit logs, or traffic coming to or leaving a
specific system.

On Network-based IDS, this is typically a mechanism for copying traffic of the network
link.
2. Analysis Engine:
This component examines the collected network traffic & compares it to known patterns of
suspicious or malicious activity stored in the signature database.
The analysis engine acts like a brain of the IDS.

3. Signature database: It is a collection of patterns & definitions of known suspicious or

malicious activity.
4. User Interface & Reporting: This is the component that interfaces with the human
element, providing alerts when suitable & giving the user a means to interact with & operate
the IDS.
Advantages:
O.S specific and detailed signatures.
Examine data after it has been decrypted.
Very application specific.
Determine whether or not an alarm may impact that specific.
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 11/ 26

Disadvantages:
Should a process on every system to watch.
High cost of ownership and maintenance.
Uses local system resources.
If logged locally, could be compromised or disable.

e) Describe in brief the process of application hardening.

(Explanation – 4 Marks)
Application Hardening: Application hardening- securing an application against local &
Internet-based attacks. In this you can remove the functions or components you do not need,
restrict the access where you can and make sure the application is kept up to date with
patches.
It includes:
1. Application Patches- Application patches are supplied from the vendor who sells
the application. They are probably come in three varieties: hot fixes, patches & up-grades.

Hotfixes: Normally this term is given to small software update designed to address a
particular problem like buffer overflow in an application that exposes the system to attacks.
Patch: This term is generally applied to more formal, larger s/w updates that may address
several or many s/w problems. Patches often contain improvement or additional capabilities
& fixes for known bugs.
Upgrades: Upgrades are another popular method of patching application & they are likely
to be received with a more positive role than patches.
2. Web servers: Web servers are the most common Internet server-side application in
use. These are mainly designed to provide content & functionality to remote users through a
standard web browser.
3. Active directory: Active Directory allows single login access to multiple
applications, data sources and systems and it includes advanced encryption capabilities like
Kerberos and PKI.

Q. 4
A. Attempt any three: 12
a) Describe rail fence technique. Convert “I am student” into cipher text using
rail fence method.

(Algorithm – 2 Marks, Conversion- 2 Marks)

a. In Rail fence cipher, techniques are essentially Transposition Ciphers and generated by
rearrangement of characters in the plaintext. The characters of the plaintext string are arrange
in the form of a rail-fence as follows – let the Plaintext be ―I AM A STUDENT‖
Rail Fence Technique algorithm:
1. Write down the plain text message as a sequence of diagonals.
2. Read the plain text written in step1 as a sequence of rows.
Example: plain text = “I AM A STUDENT “ is converted to cipher text with this help of
Rail Fence Technique with dual slope.

I m s u e t

a a t a n
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 12/ 26

Cipher text = “ IMSUETAATDN”

b) Describe PGP with reference to email security.

Working of PGP: Five steps in PGP (Diagram- 1 Mark, Explanation- 3 marks)

DIG:
[Link] Signature

2. Compression

3. Encryption

4. Enveloping

5. Base-64 Encoding

1. Digital Signature
2. Compression
3. Encryption
4. Enveloping
5. Base-64 Encoding

1. Digital signature: it consists of the creation a message digest of the email message using
SHA-1 algorithm. The resulting MD is then encrypted with the sender‘s private key. The
result is the sender‘s digital signature.
2. Compression: the input message as well as p digital signature are compressed together to
reduce the size of final message that will be transmitted. For this the Lempel-Ziv
algorithm is used.
3. Encryption: The compressed output of step 2 (i.e. the compressed form of the original
email and the digital signature together) are encrypted with a symmetric key.
4. Digital enveloping: the symmetric key used for encryption in step 3 is now encrypted
with the receiver‘s public key. The output of step 3 and 4 together form a digital
envelope.
5. Base -64 encoding: this process transforms arbitrary binary input into printable character
output. The binary input is processed in blocks of 3 octets (24-bits).these 24 bits are
considered to be made up of 4 sets, each of 6 bits. Each such set of 6 bits is mapped into
an 8-bit output character in this process.
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 13/ 26

c) Explain how deleted file can be recovered.

(4 Marks)
Deleted file recovery: When we delete a file on the disk having FAT32 or NTFS (new
technology file system) file system, its content is not erased from the disk but only reference
to file data in file allocation Table or master table is marked as deleted. It means that we
might be able to recover deleted files or make it visible for file system again. Methods of
data recovery from deleted file or File /data recovery process: There are various data/file
recovery tools available these tools find & recover recoverable deleted files from NTFS &
FAT.
These tools usually operate as per following process steps:
Step 1: scan the hard drive & build the index of existing & deleted files & directories
(folder) on any logical drive of your computer with supported file formats.
Step 2: Provide control over to the user to select which files to recover and what destination
to recover them to. If you find a deleted file if you remember at least one of the following:
- Full or partial name
- File size
- File creation mode
- File last accessed date.

Step 3: Allows previewing deleted files of certain types without performing recovery.

d) Explain with neat sketch then working of secure socket layer (SSL).

(Diagram 1 mark, Explanation of blocks 3 marks)

SSL: SSL is a commonly used internet protocol for managing the security of a message
transmission between web browser and web server. SSL is succeeded by transport layer
security (TLS) and it is based on SSL. SSL uses a program layer which is located between
internet‘s hypertext transfer protocol (http) and transport control protocol (TCP) layers. SSL
is included as part of both the Microsoft and Netscape browsers and most web server
products. SSL provides two levels of security services, authentication and confidentiality.
SSL is logically a pipe between web browser and web server.

Fig. SSL protocol stack

1. Handshake protocol: This protocol allows the server and client to authenticate each
other. Also, it will allow negotiating an encryption and MAC algorithm. This protocol is
used before transmitting any application data. Basically, this protocol contains a series of
messages exchanged by client and server.
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 14/ 26

The handshake protocol is actually made up of four phases, those are:

I. Establish security capabilities
II. Server authentication and key exchange
III. Client authentication and key exchange
IV. Finish

2. Record protocol: Record protocol comes into the picture after a successful completion of
handshake between client and server. It provides two services for SSL connection, as follow:
a) Confidentiality: this is achieved by using the secret key that is defined by the handshake
protocol.
b) Integrity: the handshake protocol also defines a shared secret key (MAC) that is used for
assuring the message integrity.
3. Alert protocol: when either the client or the server detects an error, the detecting party
sends an error message to other party. If the error is fatal, both the parties immediately close
the SSL connection. Both the parties also destroy the session identifiers, secret and keys
associated with this connection before it is terminated.
Other errors, which are not so severe, do not result in the termination of the communication.
Instead, the parties handle the error and continue.

B. Attempt any one : 6

a) Enlist different challenges to be faced while considering computer security.

(6 Marks)

Enlist different challenges: It includes different types of threats & attacks.

Threats to security:
1. Viruses & worms
2. Intruders & Insiders
3. Criminal organizations
4. Terrorist & Information security
Different types of attacks:
1. Denial of service attack
2. Man – In – Middle attack
3. Backdoors & Trapdoors
4. Sniffing & Spoofing
5. Encryption attack
6. Replay attack
7. TCP/IP hacking attack
8. Hacking & Cracking
9. Pornography
10. Software piracy
11. Intellectual property
12. Legal system of information technology
13. Mail Bombs
14. Bug Exploits
15. Cyber-crime investigation
[Any Related answer shall be considered]
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 15/ 26

b) With suitable example explain:

i. Logic Bomb attack and
ii. Time Bomb attack

(Each attack- 3 Marks)

i. Logic Bomb attack:
Logic bombs are a type of malicious software that is deliberately installed, generally by an
authorized user. A logic bomb is a piece of code that sits dormant for a period of time until
some event invokes its malicious payload.
An example of a logic bomb might be a program that is set to load & run automatically and
that periodically checks an organization‘s payroll or personal database for a specific
employee. If the employee is not found, the malicious payload executes, deleting vital
corporate files.
Logic bombs are difficult to detect because they are often installed by authorized users & by
administrators.

ii. Time bomb attack:

A time bomb refers to a computer program that has been written so that it will stop
functioning after a predetermined date or time is reached. Time bombs are commonly used in
beta (pre-release) software when the manufacturer of the software does not want the beta
version being used after the final release date.
Example of time bomb software would be Microsoft's Windows Vista Beta 2, which was
programmed to expire on May 31, 2007. The time limits on time bomb software are not
usually as heavily enforced as they are on trial software, since time bomb software does not
usually implement secure clock functions.

Q. 5 Attempt any two: 16

a) Describe the role of individual user while maintaining security. What are then limitations
of following biometric identification method?
i. Hand print
ii. Retina
iii. Voice
iv. Signature

Ans: Role of in individual user in security (each point ½ Mark)

Individual user responsibilities:
i) Lock the door of office or workspace.
ii) Do not leave sensitive information inside your car unprotected.
iii) Secure storage media which contains sensitive information.
iv) Shredding paper containing organizational information before discarding it.

Give proper guidelines for:

a) Password selection:
b) Piggybacking:
c) Shoulder surfing:
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 16/ 26

d) Dumpster diving:
e) Installing Unauthorized Software /Hardware:
f) Access by non-employees:
g) Security awareness:

i. Hand print: Because of cuts in hands and rough work handled by user it may create error while
reading occasionally
ii. Retina: As per change in age and physical conditions and accidents there may be problem in
accessing (Even changing numbers of spectacles, Lenses etc.)
iii. Voice: because health problem illness there is variation in voice even because of weather change
it may cause errors.
iv. Signature: As per mood and temper there is change in signature of user which also creates
problem to access the data.

b)
i. Describe working principle of SMTP.
(2marks diagram, 2 marks explanation of working principle.)

Simple mail Transfer Protocol:

Popular network services in Email.

It is system for sending messages to other computer users based on email.
It is request response based activity.
Also provides email exchange process.
It attempts to provide reliable service but not guarantees to sure recovery from failure.
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 17/ 26

ii. With neat sketch explain then working of Network Based IDS.

Network Based IDS

1. Network-based IDS focuses on network traffic —the bits & bytes traveling along the cables &
wires that interconnect the system.
2. A network IDS should check the network traffic when it passes & it is able to analyze traffic
accordingto protocol type, amount, source, destination, content, traffic already seen etc.
3. Such an analysis must occur quickly, &the IDS must be able to handle traffic at any speed the
network operates on to be effective.
4. Network-based IDSs are generally deployed so that they can monitor traffic in &out of an
organization’s major links like connection to the Internet, remote offices, partner etc.

Network-based IDSs looks for certain activities like:

Denial of service attacks
Port scans or sweeps
Malicious content in the data payload of a packet or packets
Vulnerability scanning
Trojans, viruses, or worms
Tunneling
Brute-force attacks
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 18/ 26

c) Give IP Sec configuration. Describe AH and ESP mode of IPSEC.

(Diagram 1 Mark, 1 Mark Explanation, 1 Mark for AH and ESP

Advantages and Disadvantages -Optional)

Sender Receive

Original Message
Original Message

Application layer
Application layer
data
Transport layer
Transport layer
IPsec layer
IPsec layer
Internet layer
Internet layer
Data linklayer
Data linklayer
Transmission medium

IP sec overview:

It encrypts and seal the transport and application layer data during transmission. It also offers
integrity protection for internet layer.
It sits between transport and internet layer of conventional TCP/IP protocol.
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 19/ 26

1. Secure remote internet access:

Using IPsec make a local call to our internet services provider (ISP) so as to connect to our
organization network in a secure fashion from our house or hotel from there; To access the
corporate network facilities or access remote desktop/servers.
2. Secure branch office connectivity:

Rather than subscribing to an expensive leased line for connecting its branches across cities, an
Organization can setup an IPsec enabled network to securely can‘t al lits branches over
internet.

3. Setup communication with other organization:

Just as IPsec allow connectivity between various branches of an organization, it can also be
used to connect the network of different organization together in a secure & inexpensive
fashion.
Main advantages of IPsec:
IPsec is transparent to end users.
There is no need for an user training key, key issuance or revocation.
When IPsec is configured to work with firewall it becomes the only entry-exit point for
all traffic, making it extra secure.
IPsec works at network layer. Hence no changes are needed to upper layers or router, all
outgoing & incoming traffic gets protected.
IPsec allow travelling staff to have secure access to the corporate network
IPsec allows interconnectivity between branches/offices in a very in expensive manner.

Basic Concept of IPsec Protocol:

IP packet consist two position IP header & actual data IPsec feature are implemented in the
form of additional headers called as extension header to the standard, default IP header.
IPsec offers two main services authentication & confidentially. Each of these requires its
own extension header. Therefore, to support these two main services, IPsec defines two IP
extension header one for authentication & another for confidentiality.
It consists of two main protocols.

IPSEC

Authentication Encapsulating security

Header (AH) Payload(ESP)
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 20/ 26

Authentication header (AH):

Authentication header is an IP Packet (AH) protocol provides authentication, integrity &an

optional anti-reply service. The IPsec AH is a header in an IP packet. The AH is simply
inserted between IP header & any subsequent packet contents no changes are required to
data contents of packet. Security resides completing in content of AH. (2Marks)

Encapsulation Header (ESP):

Used to provide confidentiality, data origin authentication, data integrity,

It is based on symmetric key cryptography technique.

ESP can be used in isolation or it can be combined with AH.

Q. 6 Attempt any four: (16 Marks)

 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 21/ 26

a) Describe role of people in security.

Ans: Role of people in security (each point ½ Mark)

a) Password selection:

1) User should be able to create their own easy to remember passwords, but should
not be easy for someone else to guess or obtain using password cracking utilities.

2) Password should meet some essential guidelines for [Link] should contain some special
characters etc

3) It should not consist of dictionary words. etc

b) Piggybacking: It is a simple approach of following closely behind a person who

has just used their own access card or PIN to gain physical access. In this way an
attacker can gain access to the facility without knowing the access code.

c) Shoulder surfing: An attacker positions themselves in such a way that he is

able to observe the authorized user entering the correct access code.

d) Dumpster diving: It is the process of going through a target‘s trash in order to

find little bits of information.

e) Installing Unauthorized Software/Hardware: because of possible risks, many

organizations do not allow their users to load software or install new hardware without
the information and help of administrators. Organizations also restrict what an
individual do by received e-mails.

f) Access by non-employees: If attacker can get physical access to a facility then there are
many chances of obtaining enough information to enter into computer systems and
networks. Many organizations restrict their employees to wear identification symbols at
work.
g) Security awareness: security awareness program is most effective method to
oppose potential social engineering attacks when organization‘s security goals and
policies are established. An important element that should concentrate in training is
which information is sensitive for organization and which may be the target of a social
engineering attack.

h) Individual user responsibilities:

i) Lock the door of office or workspace.

ii) Do not leave sensitive information inside

your car unprotected. iii) Secure storage media

which contains sensitive information.

iv) Shredding paper containing organizational information before discarding it.(more

points can be added).
b) What is meant by access control Describe in brief:
i. DAC
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 22/ 26

ii. MAC
iii. RBAC

Ans:
(1 Mark for Access control , 1 Mark each for Type of Access Control)
Access is the ability of a subject to interest with an object. Authentication deals with
verifying the identity of a subject. It is ability to specify, control and limit the access to the
host system or application, which prevents unauthorized use to access or modify data or
resources.

It can be represented using Access Control matrix or List:

Process 1 Process 2 File 1 File 2 Printer

Read,
Process 1 Write, --- Read Read Write
Execute

Read,
Process 2 Execute Write, Read Read, Write Write
Execute

Various access controls are:

Discretionary Access control (DAC): Restricting access to objects based on the
identity of subjects and or groups to which they belongs to , It is conditional,
basically used by military to control access on system. UNIX based System is
common method to permit user for read/write and execute
Mandatory Access control (MAC): It is used in environments where different
levels of security are classified. It is much more restrictive. It is sensitivity
based restriction, formal authorization subject to sensitivity. In MAC the owner or
User can not determine whether access is granted to or not. i.e. Operating system
rights. Security mechanism controls access to all objects and individual cannot change
that access.
Role Based Access Control (RBAC): Each user can be assigned specific access
permission for objects associated with computer or network. Set of roles are defined.
Role in-turn assigns access permissions which are necessary to perform role.
Different User will be granted different permissions to do specific duties as per their
classification.

c) Explain Virtual Private Network in brief. Define DMZ.

Ans.: VPN architecture and working (2 marks)

A VPN is a mechanism of employing encryption, authentication, and integrity protection

so that we can use a public network as if it is a private network Suppose an organization
has two networks, Network 1 and Network 2, which are physically apart from each other
and we want to connect them using VPN approach. In such case we set up two firewalls,
Firewall
1 and Firewall [Link] encryption and decryption are performed by firewalls. Network 1
connects to the Internet via a firewall named Firewall 1 and Network 2 connects to the
Internet with its own firewall , Firewall 2.
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 23/ 26

Working
Let us assume that host X on Network 1 wants to send a data packet to host Y on Network 2.

1) Host X creates the packet, inserts its own IP address as the source address and the IP
address of host Y as the destination address.
2) The packet reaches Firewall [Link] 1 now adds new headers to the packet. It changes
the source
IP address of the packet from that of host X to its own address(i.e. IP address of Firewall 1,
F1).
3) It also changes the destination IP address of the packet from that of host Y to the
IP address of Firewall 2,[Link] also performs the packet encryption and authentication,
depending on the settings and sends the modified packet over the Internet
4) The packet reaches to firewall 2 over the Internet, via routers. Firewall 2 discards the
outer header and performs the appropriate decryption. It then takes a look at the plain
text contents of the packet and realizes that the packet is meant for host [Link] delivers the
packet to host Y
Diagram (1 marks)

Definition of Demilitarized Zone (DMZ): It is a computer host or a small network

inserted as a neutral zone between company‘s private network and outside public network. It
prevents direct Access to a server that has company data.

d) Describe data recovery principle and ethnics.

Ans.:( 2 marks Data Recovery 2 marks Ethics)
Data recovery: All computer users need to be aware of backup and recovery procedures to
protect their data. Data Protection can be taken seriously as its important for financial, legal
or personal reasons.
Explanation of following points in short.
Evaluation of Hard drive
Recovering data
Securing the data
Returning of data.

Data Recovery Ethics: It is concerned with security of your data. These are used to think
through different situations.
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 24/ 26

 It is a major part of the society and should be followed in letter and spirit
 There are policies in many organizations that provide guidelines for ethics.
 It is a behavior of the person in relation with the subject.
 There are four primary issues:
Privacy, Accuracy, Property and Access
 Some standards are :
Standard of right and wrong behavior
A gauge of personal integrity
The basis of trust and cooperation in relationships with others.

e) Describe any four components of secure electronic transaction. Give sketch also.

Ans.: Components of SET (3 marks, 1 mark Diagram)

Transactions supported by SET are:

a) Purchase request
b) Payment authorization
c) Payment capture

a) Purchase request:
Before the purchase request exchange begins, the cardholder has completed
browsing, selecting, and ordering. The end of this preliminary phase occurs when
the merchant sends a completed order from to the customer. All of the preceding
occurs without the use of SET. The purchase request exchange consists of four
messages: initiate Request, Initiate Response, and Purchase Response.

In order sent SET messages to the merchant, the cardholder must have a copy of the
certificates of the merchant and the payment gateway. The customer requests the
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 25/ 26

certificates in the Initiate Request message, sent to the merchant. This message
includes the brand of the credit card that the customer is using. The message also
i nc l ud e s an ID assigned to this request/ response pair by the customer and a nonce
used to ensure timeliness.
The cardholder verifies the merchant and gateway certificates by means of their
respective CA signatures and then creates the OI and PI. The transaction ID
assigned by the merchant is placed in both the OI and PI. The OI does not
contain explicit order data such as the n u m b e r a n d p r i c e of items Rather, it
contains an o rd er r e f e r e n c e g e n e r a t e d i n the exchange between merchant
and customer during the shopping phase before the first SET message.
Next, the cardholder prepares the Purchase Request message. For this purpose,
the cardholder generates a one-time symmetric encryption key; K. the message
includes the following:

1. Purchase- related information.

2. Order-Related information.
3. Cardholder certificate

The Purchase Response message includes a response block that acknowledges

the order and references t h e corresponding t r a n s a c t i o n n u m b e r . This block
is signed by the merchant using its private signature key. The block and its
signature are sent to the customer, along with the merchant‘s signature certificate.

b) Payment Authorization
During the processing of an order from a cardholder, the merchant authorizes the
transaction with the payment gateway. The payment authorization e n s u r e s that
the transaction was approved by the issuer. This authorization guarantees that the
merchant will receive payment; the merchant can therefore provide the services or goods to
the customer. The payment authorization exchange consists of two messages:
Authorization Request and Authorization response.
The merchant sends an Authorization Request message to the payment
gateway consisting of

1. Purchase-Related i n f ormati on
2. Authorization-related information .
3. Certificates.

Having obtained authorization from the issuer, the payment gateway returns
an Authorization Response message to the merchant. It includes the following elements:

1. Authorization- related information.

2. Capture token information.
3. Certificate.
With t he authorization from t he gateway, the merchant can provide the
goods or service to the customer.
 MAHARASHTRA STATEBOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

Summer – 15 EXAMINATION
Subject Code: 17514 Model Answer Page 26/ 26

c) Payment Capture

To obtain payment, the merchant engages the payment gateway in a payment

capture transaction, consisting of a capture request and a capture response message.
For the Capture Request message, the merchant generates, signs, and encrypts
a capture request block, which includes the payment amount and the
transaction ID. The message also includes the encrypted capture token received
earlier for this transaction, as well as the merchant‘s signature key and key-exchange
key certificates.
When the payment gateway receives the capture request message, it decrypts
and verifies the capture request block and decrypts and verifies the capture token
block. It then checks for consistency between the c a p t u r e request and capture
token. It then creates a clearing request that is sent to t h e issuer over the
private payment network. This request causes funds to be transferred to the
merchant‘s account.
The gateway then notifies the merchant of payment in a Capture Response message.
The message includes a capture response block that the gateway signs and
encrypts. The message also includes the gat ewa y‘s signature key certificate.
The m e r c h a n t software stores the capture response to be used for reconciliation with
payment received from the acquirer.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 1/31

Important Instructions to examiners:

1) The answers should be examined by key words and not as word-to-word as given in the model
answer scheme.
2) The model answer and the answer written by candidate may vary but the examiner may try to
assess the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more
Importance.
4) While assessing figures, examiner may give credit for principal components indicated in the
figure. The figures drawn by candidate and model answer may vary. The examiner may give
credit for any equivalent figure drawn.
5) In case of some questions credit may be given by judgement on part of examiner of relevant
answer based on candidate‘s understanding.

Q.1) a) Attempt any three of the following: 12

1) Describe security principles based on CIA.
(Meaning of CIA-1M, explanation of each point-1M, example optional)
Ans.
The security principles based on CIA are : confidentiality, integrity, and authentication—the ―CIA‖
of security.

1. Confidentiality: The principle of confidentiality specifies that only sender and

intended recipients should be able to access the contents of a message.
Confidentiality gets compromised if an unauthorized person is able to access the
contents of a message.

Example of compromising the Confidentiality of a message is shown in fig.

A Secret B

Fig. Loss of confidentiality

Here, the user of a computer A send a message to user of computer B. another user C
gets access to this message, which is not desired and therefore, defeats the purpose of
Confidentiality.
This type of attack is also called as interception.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 2/31

2. Authentication: Authentication helps to establish proof of identities. The

Authentication process ensures that the origin of a message is correctly identified.
For example, suppose that user C sends a message over the internet to user B.
however, the trouble is that user C had posed as user A when he sent a message to
user B. how would user B know that the message has come from user C, who posing
as user A? This concept is shown in fig. below.
This type of attack is called as fabrication.

A I am B
user A

Fig. Absence of authentication

3. Integrity: when the contents of the message are changed after the sender sends it,
but before it reaches the intended recipient, we say that the integrity of the message is
lost.
For example, here user C tampers with a message originally sent by user A, which is
actually destined for user B. user C somehow manages to access it, change its
contents and send the changed message to user B. user B has no way of knowing that
the contents of the message were changed after user A had sent it. User A also does
not know about this change.

This type of attack is called as modification.

Ideal route of message B

A

Actual route of message

Fig. Loss of Integrity

 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 3/31
2) Explain piggybacking.
(Explanation -2M, example- 2M)
Ans.
Piggybacking is the simple process of following closely behind a person who has just used
their own access card or PIN to gain physical access to a room or building. An attacker can
thus gain access to the facility without having to know the access code or having to acquire
an access card.
Piggybacking, in a wireless communications context, is the unauthorized access of a
wireless LAN. Piggybacking is sometimes referred to as ―Wi-Fi squatting‖. The usual
purpose of piggybacking is simply to gain free network access rather than any malicious
intent, but it can slow down data transfer for legitimate users of the network. Furthermore,
a network that is vulnerable to piggybacking for network access is equally vulnerable when
the purpose is data theft, dissemination of viruses, or some other illicit activity.

Example: Access of wireless internet connection by bringing one's own computer within
the range of another wireless network & using that without explicit permission.

3) Compare symmetric and asymmetric key cryptography.

(Each comparison point- 1M, any four points)
Ans.
Categories Symmetric key Cryptography Asymmetric key Cryptography
Key used for Same key is used for encryption & One key is used for encryption &
encryption decryption. another different key is used for
/decryption decryption.
Key process Ke=Kd Ke# Kd
Speed of Very fast Slower
encryption/decryption
Size of resulting Usually same as or less than the More than the original clear text
encrypted text original clear text size. size.
Key A big problem No problem at all.
agreement/exchange
Usage Mainly used for encryption and Can be used for encryption and
decryption, cannot be used for decryption as well as for digital
digital signatures. signatures.
Efficiency in usage Symmetric key cryptography is Asymmetric key cryptography
often used for long messages. are more efficient for short
messages.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 4/31
4) Describe terms regarding computer security.
i) Assets ii) Vulnerability
iii) Threats iv) Risk
(1M for each term)
Ans.
i. Assets: Asset is any data, device, or other component of the environment that supports
information-related activities. Assets generally include hardware, software and confidential
information.

ii. Vulnerability: It is a weakness in computer system & network.

iii. Threats: It is a set of things which has potential to loss or harm to computer system & network.

iv. Risk: Risk is probability of threats that may occur because of presence of vulnerability in a
system.

Q.1) b) Attempt any one of the following: 6

1) Explain model of security with block diagram.
(Explanation of each point with diagram- 2M)
Ans.

CIA Model for security:

1. Confidentiality: The principle of confidentiality specifies that only sender and
intended recipients should be able to access the contents of a message.
Confidentiality gets compromised if an unauthorized person is able to access the
contents of a message.
Example of compromising the Confidentiality of a message is shown in fig:

A Secret B

Fig. Loss of confidentiality

Here, the user of a computer A send a message to user of computer B. another user C
gets access to this message, which is not desired and therefore, defeats the purpose of
Confidentiality.
This type of attack is also called as interception.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 5/31
2. Authentication: Authentication helps to establish proof of identities. The
Authentication process ensures that the origin of a message is correctly identified.
For example, suppose that user C sends a message over the internet to user B.
however, the trouble is that user C had posed as user A when he sent a message to
user B. how would user B know that the message has come from user C, who posing
as user A? This concept is shown in fig. below.
This type of attack is called as fabrication.

A I am B
user A

Fig. Absence of authentication

3. Integrity: when the contents of the message are changed after the sender sends it,
but before it reaches the intended recipient, we say that the integrity of the message is
lost.
For example, here user C tampers with a message originally sent by user A, which is
actually destined for user B. user C somehow manages to access it, change its
contents and send the changed message to user B. user B has no way of knowing that
the contents of the message were changed after user A had sent it. User A also does
not know about this change.
This type of attack is called as modification.

Ideal route of message B

A

Actual route of message

Fig. Loss of Integrity

 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 6/31
2) Explain data recovery tools and procedures.
(Explanation of data recovery 4M, procedures-2M)
Ans.
Data recovery: All computer users need to be aware of backup and recovery procedures to
protect their data. Data Protection can be taken seriously as its important for financial, legal
or personal reasons.

These are various formatted partition recovery tool available .Although every tool will have
different GUI & method of recovery.

Steps of data recovery:

Step1: If you cannot boot the computer, please use data recovery bootable disk.
Step 2: Select the file types you want to recover & volume where the formatted hard drive
is. The tool will automatically scan the selected volume.
Step 3: Then the founded data will be displayed on the screen & you can get a preview of
it. Then select the file or directory that you want to recover & save them to a healthy drive.

Data recovery procedures:

 A computer data recovery procedure is an important part for any computer literate
personality that cannot be neglected. Computer professional or computer forensic expert
who uses data recovery should maintain the secrecy and privacy of the client.

 Any action or activity that leads to disclosure of privacy of the client should be avoided.
 The values such as integrity, accuracy & authenticity should be exercised in an ethical
environment. The evidence that is produced before the court should be fairly examined &
analyzed. There should not be any carelessness and ignorance regarding the handling of
evidence. The case evidence should be examined in detail based upon validated principles.

Q.2) Attempt any two of the following: 16

1) Explain any four attacks on computer systems security.
(Explanation of each attack- 2M, any four attacks)
Ans.
Different types of attacks are as follows:
i. Denial-of-service attacks
ii. Backdoors and Trapdoors
iii. Sniffing
iv. Spoofing
v. Spoofing E-mail
vi. Man In middle attack
vii. Replay attacks
viii. TCP/ IP Hijacking
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 7/31
ix. Attacks on Encryption
x. Malware or malicious code such as viruses

1. Denial-of-service attacks can exploit a known vulnerability in a specific application or

o.s, or may attack features in specific protocols or services. In this form attacker is trying
to deny authorized users access either to specific information or to the computer system or
either network. The purpose of such an attack is to simply prevent access to target system
or the attack may be used in conjunction with other action in order to gain unauthorized
access to system or network. SYN flooding attack is one of the examples of this type.

2. Backdoors and Trapdoors: They are the methods used by software developers to
ensure that they could gain access to an application even if something were to happen in
the future to prevent normal access methods. For e.g. A hard coded password that could
be used to gain access to the program in the event that administrator forgot their own
system password. The problem with this sort password (sometimes referred to as
trapdoor) is that since the password is hard coded it cannot be removed. If the attacker
learns about the backdoor, all systems running the software would be vulnerable.

3. Sniffing: A network sniffer is a software or hardware device that is used to observe the
traffic as it passes through the network on shared broadcast media. The device can be
used to view all traffic, all it can target a specific protocol, service or even string of
characters. Normally the network device that connects a computer to a network is
designed to ignore all traffic that is not destined for that computer. Network sniffers
ignore this friendly agreement and observe all traffic on the network whether destined for
that computer or others.

4. Spoofing: It makes the data look like it has come from other source. This is possible in
TCP/IP because of the friendly assumptions behind the protocols. When a packet is sent
from one system to another, it includes not only the destination IP address but the source
IP address. The user is supposed to fill in the source with your own address, but there is
nothing that stops you from filling in another system‘s address.

2) Explain at least four roles of peoples in security.

(Explanation of each role – 2M, any four roles, examples optional)
Ans.
Role of people in security

1. Password selection:
1) User should be able to create their own easy to remember passwords, but should not be
easy for someone else to guess or obtain using password cracking utilities.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 8/31
2) Password should meet some essential guidelines for [Link] should contain some special
characters etc.
3) It should not consist of dictionary words. Etc

2. Piggybacking is the simple process of following closely behind a person who has
just used their own access card or PIN to gain physical access to a room or building.
An attacker can thus gain access to the facility without having to know the access
code or having to acquire an access card.
Piggybacking, in a wireless communications context, is the unauthorized access of a
wireless LAN. Piggybacking is sometimes referred to as ―Wi-Fi squatting‖.
The usual purpose of piggybacking is simply to gain free network access rather than
any malicious intent, but it can slow down data transfer for legitimate users of the
network. Furthermore, a network that is vulnerable to piggybacking for network
access is equally vulnerable when the purpose is data theft, dissemination of viruses,
or some other illicit activity.
Example: Access of wireless internet connection by bringing one's own computer
within the range of another wireless network & using that without explicit
permission.

3. Shoulder surfing is a similar procedure in which attackers position themselves in

such a way as-to be-able to observe the authorized user entering the correct access
code or data.
Both of these attack techniques can be easily countered by using simple procedures
to ensure nobody follows you too closely or is in a position to observe your actions.
Shoulder surfing is using direct observation techniques, such as looking over
someone's shoulder, to get information. Shoulder surfing is an effective way to get
information in crowded places because it's relatively easy to stand next to someone
and watch as they fill out a form, enter a PIN number at an ATM machine. Shoulder
surfing can also be done long-distance with the idea of binoculars or other vision-
enhancing devices.
To prevent shoulder surfing, experts recommend that you shield paper work or your
keypad from view by using your body or cupping your hand.

4. Dumpster diving:-Dumpster is diving is the process of going through a target‘s

trash in order to find little bits of information.
In the world of information technology, dumpster diving is a technique used to
retrieve information that could be used to carry out an attack on a computer network.
The search is carried out in waste paper, electronic waste such as old HDD, floppy
and CD media recycle and trash bins on the systems etc.
To prevent dumpster divers from learning anything valuable from your trash, experts
recommend that your company should establish disposal policy.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 9/31
5. Installing Unauthorized Software/Hardware: because of possible risks, many
organizations do not allow their users to load software or install new hardware without the
information and help of administrators. Organizations also restrict what an individual do by
received e-mails.

6. Access by non-employees: If attacker can get physical access to a facility then there are
many chances of obtaining enough information to enter into computer systems and
networks. Many organizations restrict their employees to wear identification symbols at
work.

7. Security awareness: Security awareness program is most effective method to oppose

potential social engineering attacks when organization‗s security goals and policies are
established. An important element that should concentrate in training is which information
is sensitive for organization and which may be the target of a social engineering attack.

8. Individual user responsibilities:

i) Lock the door of office or workspace.
ii) Do not leave sensitive information inside your car unprotected.
iii) Secure storage media which contains sensitive information.
iv) Shredding paper containing organizational information before discarding it. (More
points can be added).

3) Explain SHA-1 algorithm with diagram.

(Explanation -6M, Diagram- 2M)
**Note: Relevant answer shall be considered
Ans.
SHA-1 is secure hashing algorithm. It is used create message digest or hash value of
original message. SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function .

A hash is a special function that performs one way encryption meaning that once the
algorithm is processed, there is no feasible way to take the cipher text and retrieve the plain
text that was used to generate it.

Algorithm steps:
 Hashing starts with 160-bit seed as hash value.
 A sequence of non-linear operation is carried out on the first message block 512-
bits.
 The sequence is cyclically repeated 80 times and a 160 bit hash value is generated.
 The cyclic sequence is repeated for the second message block of 512 bits.
 The process is continued until all the N message block have been hashed and the
final 160bit hash value is generated.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 10/31

Q.3) Attempt any four of the following: 16

1) Explain the concept of Kerberos.
(1M Concept, 3M –Diagram/ Explanation of Kerberos)
Ans.
Kerberos is a network authentication protocol. This is developed by MIT. It‘s taken from
mythology; Kerberos was a three headed dog who guards gates of Hades. It is secure
method for authentication of request for a service in a computer network. It provides strong
authentication for client/server application by using secret-key cryptography. From
Kerberos allows a user request an encrypted ―Ticket‖ from an Authentication process that
can be used to request a particular service from server. The user password does not have to
pass through the network.

It Consists of:
 User
 Authentication service and
 Ticket granting server
 Service server

Working of Kerberos:
User want to access server, it needs a Kerberos ticket before request.
 Request Authentication from request Authentication server (AS), It creates ―session key-
encryption key ―based on your password, its effectively a Ticket-granting ticket.
 User sends his/her ticket granting ticket to ticket granting server(TGS), it may be
physically same server as Authentication server, Now TGT returns the ticket that can be
sent to the server for the requested service.
 The service rejects the ticket or accepts it to perform service.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 11/31

 Ticket received from TGT is a Time-stamped, It allows user to make additional request
using same ticket within a certain time period without re-authentication. This improves
security as ticket is granted for limited time period.

 Following diagrams optional

a) User ID
Client Authentic
ation
server
(AS)

Authentication service receives the request by client and verifies that the client is indeed
the authentic computer. It‘s valid for time-stamp allotted (i.e. 8 hours).
b)
Ticket-Granting Ticket
(Timestamp 8 hours) Authentic
Client
ation
server
(AS)

c)

Client Authentica
tion server
(AS)

Ticket-Granting Ticket (Timestamp 8 hours)

Ticket
granting
server (TGS)
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 12/31

d)

Authentic
Client
ation
server
(AS)

Encrypted Key Ticket-Granting Ticket

Ticket
(Timestamp 8 hours)
granting
server
(TGS)

e)

Authenticat
ion server
Client (AS)

Ticket
granting
Encrypted Key Ticket-Granting Ticket server
(Timestamp 8 hours) Service
Server

f)

Success Service
Client
Server
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 13/31
2) Describe the process of biometric authentication with neat labelled diagram for finger
print.
(Basic Diagram of biometric authentication 2M, explanation of process 2M)
Ans.

Environment Reference template

Pre-processing Feature Template Matching process

Extraction generation

Sensor (as per Device used for

mechanism) application

Fig. Basic Biometric system

To provide physical security following methods are there.

1) Access controls: Use of physical access controls is same as that of computer &
network access controls to restrict access to unauthorized users. Most common access
control mechanisms are security guard & lock and key combination

2) Biometrics: Biometrics is idea to map measurement s of human physical

characteristics to human uniqueness. The major biometrics forms are:
Handprint, Fingerprint, Retina, Voice/speech, Handwriting/signature, Face

3) Physical Barriers: A physical barrier helps in implementing physical world equivalent of

layered security.

3) Explain use of S-Box in implementation of DES algorithm.

(2M Explanation of S-box Substitution, 2M diagram, steps of DES optional)
Ans.
The Data Encryption Standard is generally used in the ECB, CBC, or the CFB mode.
DES is a block cipher. It encrypts data in blocks of size 64 bits each. That is, 64 bits of
plain text goes as the input to DES, which produces 64 bits of cipher text. DES is based
on the two fundamental attributes of cryptography:
Substitution and transposition
S-box substitution: it accepts the 48-bits input from the XOR operation involving the
compressed key and expanded RPT and produces 32-bit output using the substitution
techniques. Each of the 8 S-boxes has a 6-bit input and a 4-bit output. The output of
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 14/31
each S-box then combined to form a 32-bit block, which is given to the last stage of a
round.

Key Transformation

Expansion Permutation

S-Box Substitution

P Box Permutation

XOR and Swap

Fig. Details of one round in DES

4) Explain working of PGP email security.

(2M Explanation, 2M working)
Ans.
Pretty Good Privacy is a popular program used to encrypt and decrypt email over
the internet. It becomes a standard for e-mail security. It is used to send
encrypted code (digital signature) that lets the receiver verify the sender‘s
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 15/31
identity and takes care that the route of message should not change. PGP can be
used to encrypt files being stored so that they are in unreadable form and not
readable by users or intruders It is available in Low cost and Freeware version. It
is most widely used privacy ensuring program used by individuals as well as
many corporations.
Working of PGP:
1. Authentication: Here sender creates message, SHA-1 used to generate 160
bit hash table of message. The hash code is encrypted using the sender‘s
private key and the result is pretended to the message. Receiver uses senders
public key to decrypt and recover the hash table. Receiver generates new
hash code and is compared with decrypted hash code. If match found then
message is authentic.
2. Confidentiality:
This is Basic service provided by PGP. It provides an encrypted message to
be transmitted or stored locally as file. Sender generates a message and
random 128 bit no. used as a session key only for this message, which is
encrypted. Session key is used to decrypt the message.

5) Explain the steps for hardening applications.

(Explanation 4M)
Ans.
Application Hardening is a security feature designed to avoid/prevent exploitation of
various types of vulnerabilities in software application. It also secures against local
and internet attacks. Vulnerabilities are introduced by programmers who fail to
check the properly the input data entering into the application. If there are
vulnerabilities in application then it can be exploited by an attacker.
Hardening application is fairly similar to hardening operating system- you remove
the functions or components you do not need, restrict access where you can and
make sure that the application is kept up to date with patches & maintain application
patches.

Application hardening has following mechanisms:

a) Process spawning Control: uses fact that in most cases the application does not
need the ability to launch other executable for proper functioning. By taking away
the process spawning ability from the application, hackers will not be able to
perform the process spawning attack.

b) EXE file protection: another method to break into system is to trick the
vulnerable application into modifying or creating executable file protection defense
is based on in most of the cases, the application does not need to create or modify
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 16/31
executable files. Hackers will not be able to perform attacks tampering with
executable files on the system.

c) System tampering protection: Another possibility to break into the system is

to trick the vulnerable application into modifying special sensitive area of the
operating system and taking advantage of those modifications. Those sensitive areas
include Windows registry keys used to control launching of application on system
startup the [Link] and [Link] files… The system tampering protection defense is
based on the fact that in almost all cases normal applications do not need to perform
such operations for their proper function, by preventing applications to modify
special areas of Operating system. Hackers will not be able to attack by tampering
with sensitive special areas of the system.

Application Patches will be helpful in this case like Hotfixes, Patches, and upgrades.

Q.4) a) Attempt any three of the following: 12

1) Explain concept of Hashing with example and properties.
(Explanation 2M, properties of hash function 2M)
Ans.
Hashing:
 Hashing functions are one of the most commonly used encryption methods.
 A hash is a special function that performs one-way encryption, meaning that once
the algorithm is processed, there is no feasible way to take the cipher text and
retrieve the plain text that was used to generate it.
 The hash code is a function of all bits of the message and provides as error
detection capability. A change in any bit or bits results in a change of hash value.
 A hash value h is generated by a function H of the form
h = H(M)
where,
M is variable length message and
H(M) is the fixed length hash value.
 The hash value is appended to the message at the source at a time when the
message is assumed or known to be correct.
 The receiver authenticates that message by re-computing the hash value. Hash
value is not considered to be secret so something is required to protect the hash value.
 The message plus concatenated Hash code is encrypted using symmetric
encryption. Sender and receiver share the same secret key. The message must have
come from authorized sender and has not been altered is checked by recomputing and
comparing hash code by receiver.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 17/31
Hash value should have following properties for message authentication:
1. H can be applied to a block of data of any size.
2. H produces a fixed length output.
3. H(X) is relatively easy to compute for any given x making both hardware and
software implementation practical.
4. For any given value of h , it is computationally infeasible to find x such that
H(X) = h This is referred to as the one way property.
5. For any given block of x, it is computationally infeasible to find y ≠ x with
H(y) = H(x)
6. This is referred to as weak collision resistance.

2) Describe following term:

i) DMZ ii) Internet
iii) Intranet iv) IDS
(1M for each point, explanation in short)
Ans.
i) DMZ (Demilitarized Zone):
It is a Computer host or small network inserted as a neutral zone between a company
private network and public network. It prevents outside users from getting direct
access to a server that has company data. A DMZ is an optional and more secure
approach to a firewall and effectively acts as proxy server. In DMZ a separate
computer or host in network terms receives requests from users within the private
network to provide access to web sites or other companies accessible on the public
network. DMZ host initiates sessions for request on public networks. DMZ host is not
able to initiate a session back into the private network. It only forward packets that
have already been requested. Users of the public network outside the company can
access only the DMZ host.
DMZ may also have the company‘s web pages so these could be served to the outside
world. DMZ provides access to no other company data.
CISCOS are the leading makers of routers those facilitate for setup of DMZ.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 18/31

(Diagram or description (Any one can be considered) 1 Mark)

Computer - 1

Computer - 2

Computer - 3 INTERNET
FIREWALL
DMZ

ii) Internet:
Internet is a network that can be used to transfer email , financial records, files, remote
access etc. from one network to another network.
It is not a single network it is series of interconnected network, that allows protocol to
operate to make possible a data flow across network. WWW (World Wide Web) term
is used with internet. It is based on HTTP (Hypertext Transfer Protocol service) This
can have different actual services and contents, including files, images, audio, video
and even viruses and worms.

iii) Intranet:
Intranet is a private network that is contained within an organization/enterprise. It may
consists of interlinked local area networks also use leased lines in the wide area
network. It includes connections through one or more gateway computers to the
outside Internet. The main purpose is to share company information and computing
resources among employees. It facilitates working in groups and for teleconferences.
Intranet uses TCP/IP, HTTP, and other Internet protocol.
When part of an intranet is made accessible to customer, partners suppliers or outside
the company, then it becomes part of an extranet.

iv) IDS (Intrusion Detection system):

An intrusion detection system (IDS) monitors network traffic and monitors for
suspicious activity and alerts the system or network administrator. In some cases the IDS
may also respond to anomalous or malicious traffic by taking action such as blocking
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 19/31
the user or source IP address from accessing the network.

IDS come in a variety of Flavors and approach the goal of detecting suspicious
traffic in different ways. there are IDS that detect based on comparing traffic patterns
against a ]baseline and looking for anomalies. There are IDS that simply monitor
and alert and there are IDS that perform an action or actions in response to a
detected threat. We‘ll cover each of these briefly.

3) Explain cyber crime.

(Relevant Explanation of cybercrime -4M)
Ans.
Crimes against people are a category of crime that consists of offenses that usually involve
causing or attempting to cause bodily harm or a threat of bodily harm. These actions are
taken without the consent of the individual the crime is committed against, or the victim.
These types of crimes do not have to result in actual harm - the fact that bodily harm could
have resulted and that the victim is put in fear for their safety is sufficient.
i.e. Assault, Domestic Violence, Stalking

Cybercrime is a bigger risk now than ever before due to the sheer number of connected
people and devices. ‗Cybercrime, as it's a bigger risk now than ever before due to the
sheer number of connected people and devices. it is simply a crime that has some kind
of computer or cyber aspect to it. To go into more detail is not as straightforward, as it
takes shape in a variety of different formats.

Cybercrime:
 Cybercrime has now surpassed illegal drug trafficking as a criminal moneymaker
 Somebody‘s identity is stolen every 3 seconds as a result of cybercrime
Without a sophisticated security package, your unprotected PC can become infected
within four minutes of connecting to the Internet.
Criminals committing cybercrime use a number of methods, depending on their skill-
set and their goal. Here are some of the different ways cybercrime can take shape:
 Theft of personal data
 Copyright infringement
 Fraud
 Child pornography
 Cyber stalking
 Bullying
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 20/31
Cybercrime covers a wide range of different attacks, that all deserve their own unique
approach when it comes to improving our computer's safety and protecting ourselves.
The computer or device may be the agent of the crime, the facilitator of the crime, or
the target of the crime. The crime may take place on the computer alone or in addition
to other locations. The broad range of cybercrime can be better understood by dividing
it into two overall categories.

4) Explain working of Handshake protocol in SSL.

(Explanation of Handshake protocol 2M, Listing four phases 2M)
Ans.
The SSL protocol was originally developed by Netscape, to ensure security of data
transported and routed through HTTP, LDAP or POP3 application layers. SSL is designed
to make use of TCP as a communication layer to provide a reliable end-to-end secure and
authenticated connection between two points over a network (for example between the
service client and the server). Netscape Navigator browser provided with SSL-enabled
client software.

SSL protocol stack:

The SSL protocol stack is illustrated in Figure

The SSL Protocol Stack:

Message types are:
Hello request, Client hello, Server hello, Certificate, server key exchange,
Certificate request, Server hello done, Certificate verify, Client-key exchange,
finished.

The handshake protocol:

The handshake protocol constitutes the most complex part of the SSL protocol. It is
used to initiate a session between the server and the client. Within the message of
this protocol, various components such as algorithms and keys used for data
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 21/31
encryption are negotiated. Due to this protocol, it is possible to authenticate the
parties to each other and negotiate appropriate parameters of the session between
them.

It can be divided into 4 phases separated with horizontal broken lines.

 Establish security capabilities
Client hello, then server replies hello
 Server authentication and key exchange
Certificate, Server key exchange, Certificate request, Server hello done
 Client authentication and key exchange
Certificate, client key exchange, Certificate verify
 Finish
Change cipher specification, finished,

Q.4) b) Attempt any one of the following: 6

1) Define attack. Explain steps in attack.
(Definition 2M, Steps 4M)
Ans.
Attack on computer system is either by specifically targeted by attacker, or an opportunistic
target.

Attacks may have having following steps:

Interception: concept of confidentiality, Here an unauthorized party has gained access to a
resource, it can be person, program, or computer based system. i.e. copying of data or
programs, listening to network traffic.
Fabrication: concept of authorization, It involves the creation of illegal objects on a
computer system. i.e. attacker adds fake records to data base.
Modification: Its under Integrity, Here attacker may modify the values in the database.
Interruption: It‘s related to availability, Here Resources become unavailable, Lost or
unusable, i.e. denial of service, problem causing to a hardware device, erasing program, data,
or operating system components.
2) Define virus. Explain atleast 5 types of viruses.
(Definition 1M, Five types of virus with explanation 1M each)
Ans.
Viruses: A program designated to spread from file to file on a single PC , it does not
intentionally try to move to another PC and it must replicate and execute itself. Used as
delivery tool for hacking.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 22/31

Types of viruses:
 Parasitic Viruses: It attaches itself to executable code and replicates itself. Once it
is infected it will find another program to infect.
 Memory resident viruses: lives in memory after its execution it becomes a part of
operating system or application and can manipulate any file that is executed, copied
or moved.
 Non- resident viruses: it executes itself and terminates or destroys after specific
time.
 Boot sector Viruses: It infects boot sector and spread through a system when it is
booted from disk containing virus.
 Overwriting viruses: It overwrites the code with its own code.
 Stealth Virus: This virus hides the modification it has made in the file or boot
record.
 Macro Viruses: These are not executable. It affects Microsoft word like documents,
they can spreads through email.
 Polymorphic viruses: it produces fully operational copies of itself, in an attempt to
avoid signature detection.
 Companion Viruses: creates a program instead of modifying an existing file.
 Email Viruses: Virus gets executed when email attachment is open by recipient.
Virus sends itself to everyone on the mailing list of sender.
 Metamorphic viruses: keeps rewriting itself every time, it may change their
behavior as well as appearance code.

Q.5) Attempt any two of the following: 16

1) Explain what are components of good password and four password selection
strategies.
(Any four components: 1M each, Four Strategies: 1M each)
Ans.
Components of good password:
1. It should be at least eight characters long.
2. It should include uppercase and lowercase letters, numbers, special characters or
punctuation marks.
3. It should not contain dictionary words.
4. It should not contain the user's personal information such as their name, family
member's name, birth date, pet name, phone number or any other detail that can easily
be identified.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 23/31
5. It should not be the same as the user's login name.
6. It should not be the default passwords as supplied by the system vendor such as
password, guest, and admin and so on.

Four Password selection strategies:

1. User education: Users can be told the importance of using hard-to-guess passwords
and can be provided with guidelines for selecting strong passwords. This user
education strategy is unlikely to succeed at most installations, particularly where there
is a large user population or a lot of turn over. Many users will simply ignore the
guidelines. Others may not be good judges of what is a strong password. For
example, many users believe that reversing a word or capitalizing the last letter makes
a password un-guessable.
2. Computer-generated passwords: Passwords are quite random in nature. Computer-
generated passwords also have problems. If the passwords are quite random in nature,
users will not be able to remember them. Even if the password is pronounceable, the
user may have difficulty remembering it and so be tempted to write it down. In
general, computer-generated password schemes have a history of poor acceptance by
users. FIPS PUB 181 defines one of the best-designed automated password
generators. The standard includes not only a description of the approach but also a
complete listing of the C source code of the algorithm. The algorithm generates words
by forming pronounceable syllables and concatenating them to form a word. A
random number generator produces a random stream of characters used to construct
the syllables and words.
3. Reactive password checking: A reactive password checking strategy is one in which
the system periodically runs its own password cracker to find guessable passwords.
The system cancels any passwords that are guessed and notifies the user. This tactic
has a number of drawbacks. First it is resource intensive, if the job is done right.
Because a determined opponent who is able to steal a password file can devote full
CPU time to the task for hours or even days an effective reactive password checker is
at a distinct disadvantage. Furthermore, any existing passwords remain vulnerable
until the reactive password checker finds them.
4. Proactive password checking: The most promising approach to improved password
security is a proactive password checker. In this scheme, a user is allowed to select
his or her own password. However, at the time of selection, the system checks to see
if the password is allowable and if not, rejects it. Such checkers are based on the
philosophy that with sufficient guidance from the system, users can select memorable
passwords from a fairly large password space that are not likely to be guessed in a
dictionary attack. The trick with a proactive password checker is to strike a balance
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 24/31
between user acceptability and strength. If the system rejects too many passwords,
users will complain that it is too hard to select a password. If the system uses some
simple algorithm to define what is acceptable, this provides guidance to password
crackers to refine their guessing technique. In the remainder of this subsection, we
look at possible approaches to proactive password checking.
2) Explain in detail intrusion detection systems.
(IDS: 2M, Diagram: 2M, IDS components: 2M, Types: 2M)
Ans.
An IDS (Intrusion detection system) is process of monitoring the events occurring in
computer system or network & analyzing tem for signs of possible incident which are
threats of computer security. Intrusion detection system (IDS) is a device or software
application that monitors network or system activities for malicious activities or policy
violations and produces reports to a management station. IDS come in a variety of
―flavors‖ and approach the goal of detecting suspicious traffic in different ways.

IDS have following logical components

1) Traffic collection: collects activity as events from IDS to examine. On Host-based IDS,
this can be log files, Audit logs or traffic coming to or leaving a system. On network based
IDS, this is typically a mechanism for copying traffic of network link.
2) Analysis Engine: examines collected network traffic & compares it to known patterns
of suspicious or malicious activity stored in digital signature. The analysis engine act like a
brain of IDS
3) Signature database: a collection of patterns & definitions‟ of known suspicious or
malicious activity.
4) User Interface & Reporting: interfaces with human element, providing alerts when
suitable & giving the user a means to interact with & operate the IDS.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 25/31
IDS are mainly divided into two categories, depending on monitoring activity:

1) Host-based IDS:
2) Network based IDS:

1) Host based IDS looks for certain activities in the log files are:
1. Logins at odd hours
2. Login authentication failure.
3. Adding new user account
4. Modification or access of critical systems files.
5. Modification or removal of binary files
6. Starting or stopping processes.
7. Privilege escalation
8. Use of certain program
2) Network based IDS looks for certain activities like:
1. Denial of service attacks.
2. Port scans or sweeps
3. Malicious contents in the data payload of packet(s)
4. Vulnerability of scanning
5. Trojans, Viruses or worms
6. Tunneling
7. Brute force attacks.

3) Explain need for firewall and explain one of the type of firewall with diagram.
(Explanation of need: 4M, Any one firewall explanation: 4M)
Ans.
A firewall works as a barrier, or a shield, between your PC and cyber space. When you are
connected to the Internet, you are constantly sending and receiving information in small
units called packets. The firewall filters these packets to see if they meet certain criteria set
by a series of rules, and thereafter blocks or allows the data. This way, hackers cannot get
inside and steal information such as bank account numbers and passwords from you.

Capabilities:
1. All traffic from inside to outside and vice versa must pass through the firewall. To
achieve this all access to local network must first be physically blocked and access only via
the firewall should be permitted.
2. As per local security policy traffic should be permitted.
3. The firewall itself must be strong enough so as to render attacks on it useless.

Types of Firewalls
1. Packet Filter
2. Circuit level Gateway
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 26/31
3. Application Gateway
4. Software
5. Hardware
6. Hybrid
7. Stateful multilayer Inspection Firewall

[Link] Filtering Firewall: Packet Filtering Firewalls are normally deployed on the
Routers which connect the Internal Network to Internet. Packet Filtering Firewalls can only
be implemented on the Network Layer of OSI Model. Packet Filtering Firewalls work on

the Basis of Rules defines by Access Control Lists. They check all the Packets and screen
them against the rules defined by the Network Administrator as per the ACLs. If in case,
any packet does not meet the criteria then that packet is dropped and Logs are updated
about this information. Administrators can create their ACLs on the basis Address,
Protocols and Packet attributes.

Advantage:
The Biggest Advantage of Packet Filtering Firewalls is Cost and Lower Resource Usage
and best suited for Smaller Networks.

Disadvantage:
Packet Filtering Firewalls can work only on the Network Layer and these Firewalls do not
support Complex rule based models. And it‘s also Vulnerable to Spoofing in some Cases.

Fig: Packet Filtering Firewall

 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 27/31
Q.6) Attempt any four of the following: 16
1) Enlist any four consequences when the system is accessed by non-employee.
(Any Four Consequences: 1M each)
Ans.
1. Unauthorized disclosure of information: disclosure of confidential, sensitive or
embarrassing information can result in loss of credibility, reputation, market share, and
competitive edge.
2. Disruption of computer services: be unable to access resources when they are needed can
cause a loss of productivity. Disruption of services during critical processing time may be
disastrous.
3. Loss of productivity: misuse of IT resources such as network bandwidth may cause slow
response times, delaying legitimate computer activities that, in time-critical applications
such as stock trading, can be very costly.
4. Use of a computer or its data for unapproved or possibly illegal activities: Someone
gaining access to a bank computer and performing an unauthorized transfer
5. Financial loss: the losses can be directly from the theft of money or indirectly from the
recovery of security incidents such as corruption of information or disruption of services.
6. Legal implications: security or privacy breaches can expose a company to lawsuits from
investors, customers, or the public.
7. Blackmail: intruders can extort money from the company by threatening to exploit the
security breach.
2) Explain rail fence transposition technique.
(Algorithm – 2M, Example- 2M)
Ans.
In Rail fence cipher, techniques are essentially Transposition Ciphers and generated by
rearrangement of characters in the plaintext. The characters of the plain text string are
arranged in the form of a rail-fence as follows.
Let the Plaintext be ― COMPUTER SECURITY

Rail Fence Technique algorithm:

1. Write down the plain text message as a sequence of diagonals.
2. Read the plain text written in Step-1 as a sequence of rows.
Example: plain text = ―COMPUTER SECURITY ―is converted to cipher text with this help
of Rail Fence Technique with dual slope.

Ciphertext: CMUESCRTOPTREUIY
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 28/31
3) Explain AH mode of IP security.
(Diagram: 1M, Explanation of Fields: 3M)
Ans.
Authentication Header (AH) provides authentication, integrity, and anti-replay for the
entire packet (both the IP header and the data payload carried in the packet). It does not
provide confidentiality, which means it does not encrypt the data. The data is readable, but
protected from modification. AH uses the HMAC algorithms described earlier to sign the
packet for [Link] example, Alice on Computer A sends data to Bob on Computer B.
The IP header, the AH header, and the data are protected with integrity. This means Alice
can be certain it was really Bob who sent the data and that the data was unmodified.

Integrity and authentication are provided by the placement of the AH header between the
IP header and the transport (layer 4) protocol header, which is shown as TCP/UDP in the
Figure AH uses an IP protocol ID of 51 to identify itself in the IP header.

Figure: Authentication Header

AH can be used alone or in combination with the Encapsulating Security Payload (ESP)
protocol.

The AH header contains the following fields:

1. Next Header: Identifies the next header that uses the IP protocol ID. For example, the
value might be "6" to indicate TCP.
2. Length: Indicates the length of the AH header.
3. Security Parameters Index (SPI): Used in combination with the destination address and
the security protocol (AH or ESP) to identify the correct security association for the
communication. The receiver uses this value to determine with which security
association this packet is identified.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 29/31
4. Sequence Number Provides anti-replay protection for the SA. It is 32-bit,
incrementally increasing number (starting from 1) that is never allowed to cycle and
that indicates the packet number sent over the security association for the
communication. The receiver checks this field to verify that a packet for a security
association with this number has not been received already. If one has been received,
the packet is rejected.
5. Authentication Data Contains the Integrity Check Value (ICV) that is used to verify
the integrity of the message. The receiver calculates the hash value and checks it
against this value (calculated by the sender) to verify integrity.

4) Explain IT Act 2000 and 2008.

(IT Act 2000: 2M, IT ACT 2008: 2M)
Ans.
Information Technology Act
The Government of India enacted The Information Technology Act with some major
objectives which are as follows –

 To deliver lawful recognition for transactions through electronic data interchange (EDI)
and other means of electronic communication, commonly referred to as electronic
commerce or E-Commerce. The aim was to use replacements of paper-based methods of
communication and storage of information.

 To facilitate electronic filing of documents with the Government agencies and further to
amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books
Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected
therewith or incidental thereto.

The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000. The I.
T. Act got the President‘s assent on June 9, 2000 and it was made effective from October
17, 2000. By adopting this Cyber Legislation, India became the 12th nation in the world to
adopt a Cyber Law regime.

Objectives of the IT Act 2000 are:

1. To grant legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication commonly referred to as
―electronic commerce‖ in place of paper based methods of communication.
2. To give legal recognition to Digital signatures for authentication of any information
or matter this requires authentication under any law.
3. To facilitate electronic filing of documents with Government departments
4. To facilitate electronic storage of data
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 30/31
5. To facilitate and give legal sanction to electronic fund transfers between banks and
financial institutions
6. To give legal recognition for keeping of books of accounts by banker‘s in electronic
form.
7. To amend the Indian Penal Code, the Indian Evidence Act, 1872, the Banker‘s Book
Evidence Act, 1891, and the Reserve Bank of India Act, 1934.

IT ACT 2008:
It is the information Technology Amendment Act, 2008 also known as ITA-2008
It is a considerable addition to the ITA-2000 and is administered by the Indian Computer
Emergency Response Team (CERT-In) in year 2008.
Basically, the act was developed for IT industries, to control e-commerce, to provide e-
governance facility and to stop cybercrime attacks.
The alterations are made to address some issues like the original bill failed to cover, to
accommodate the development of IT and security of e-commerce transactions.
The modification includes.
[Link] of terms like communication device which reflect the current use.
[Link] of electronic signatures and contracts.
[Link] owner of an IP address is responsible for content that are accessed or
distributed through it.
Organizations are responsible for implementation of effective data security practices.

Following are the characteristics of IT ACT 2008:

1. This Act provides legal recognition for the transaction i.e. Electronic Data
Interchange (EDI) and other electronic communications. Electronic commerce is the
alternative to paper based methods of communication to store information.
2. This Act also gives facilities for electronic filling of information with the Government
agencies and further to change the Indian Penal Code-Indian Evidence Act 1872,
Bankers code Evidence Act 1891 and Reserve Bank of India Act, 1934 and for matter
connected therewith or incidental thereto.
3. The General Assembly of the United Nations by resolution A/RES/51/162, dated 30
January 1997 has adopted the model law on Electronic Commerce adopted by the
United Nations Commission on International Trade Law.
4. This recommends that all States give favourable consideration to the above said
model law when they enact or revise their laws, in terms of need for uniformity of the
law applicable to alternative to paper based methods of communication and storage of
information.
5. It is considered necessary to give effect to the said resolution and to promote efficient
delivery of Government services by means of reliable electronic records.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2015 EXAMINATION

Subject Code: 17514 Model Answer Page No: 31/31

5) Explain the function of entities used in SET.

(Four Entities with function: 1M each)
Ans.
Secure Electronic Transaction (SET) is a security technology proposed by Visa and
MasterCard to allow for more secure credit card transaction possibilities than what is
currently available. SET has been waiting in the wings for full implementation and
acceptance as a standard for quite some time. Although SET provides an effective way of
transmitting credit card information, businesses and users do not see it as efficient because
it requires more parties to coordinate their efforts, more software installation and
configuration for each entity involved, and more effort and cost than the widely used SSL
method.
SET is a cryptographic protocol and infrastructure developed to send encrypted credit card
numbers over the Internet. The following entities would be involved with a SET
transaction, which would require each of them to upgrade their software, and possibly their
hardware:
The main entities in SET:

1. Cardholder
2. Merchant
3. Payment Gateway
4. Certificate Authority

The function of the entities is as given below.

 The Cardholder Application, also referred to as a digital wallet, is held by an online

consumer and packages a digital signature and credit card information that ensures his or
her identity and safeguards his or her financial information through a complex encryption
system.
 The Merchant Server component is the verification product held by the merchant to process
the online card payment.
 The Payment Gateway component is held by an acquiring bank or other trusted third party
that accepts and processes the merchant's verification and the customer's payment
information and filters them to their appropriate financial institutions.
 The Certificate Authority component, usually run by a financial institution, is the trusted
agent that issues the digital certificates and is responsible for ensuring that all users of
digital certificates are in fact secure and trustworthy customers.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 1 / 25

Important Instructions to examiners:

1) The answers should be examined by key words and not as word-to-word as given in themodel
answer scheme.
2) The model answer and the answer written by candidate may vary but the examiner may tryto
assess the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more
importance. (Not applicable for subject English and Communication Skills)
4) While assessing figures, examiner may give credit for principal components indicated in
thefigure. The figures drawn by candidate and model answer may vary. The examiner may give
credit for any equivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed
constantvalues may vary and there may be some difference in the candidate‟s answers and
modelanswer.
6) In case of some questions credit may be given by judgment on part of examiner of
relevantanswer based on candidate‟s understanding.
7) For programming language papers, credit may be given to any other program based on
equivalent concept.

Q.1) A) Attempt any three: 12M

i) State the need for computer security.
(1M for each point, any four points)
Ans.
1. For prevention of data theft such as bank account numbers, credit card information,
passwords, work related documents or sheets, etc.
2. To make data remain safe and confidential.
3. To provide confidentiality which ensures that only those individuals should ever be able
to view data they are not entitled to.
4. To provide integrity which ensures that only authorized individuals should ever be able
change or modify information.
5. To provide availability which ensure that the data or system itself is available for use
when authorized user wants it.
6. To provide authentication which deals with the desire to ensure that an authorized
individual.
7. To provide non-repudiation which deals with the ability to verify that message has been
sent and received by an authorized user.

ii) Describe role based access control.

(Relevant explanation - 4M)
Ans.
Role-based access control (RBAC) is a method of regulating access to computer or network
resources based on the roles of individual users within an enterprise. Each user can be
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 2 / 25
assigned specific access permission for objects associated with computer or network. Set of
roles are defined. Role in-turn assigns access permissions which are necessary to perform
role. Different User will be granted different permissions to do specific duties as per their
classification.
RBAC enables users to carry out a wide range of authorized tasks by dynamically
regulating their actions according to flexible functions, relationships & constraints. In
RBAC roles can be easily changed as per need of the enterprise, without having to
individually update the privileges for every user.
In RBAC there are three rules:
1. A person must be assigned a certain role in order to conduct a certain action, called a
transaction.
2. A user needs a role authorization to be allowed to hold that role.
3. Transaction authorization allows the user to perform certain transactions. The transaction
has to be allowed to occur through the role membership. Users won't be able to perform
transaction other than the ones they are authorized for.

iii) Define the following term:

A) Cryptograph B) Cryptology
C) Cryptanalysis D) Cipher text
(Each term 1M)
Ans.
A. Cryptography: Cryptography is art & science of achieving security by encoding messages to
make them non-readable.

B. Cryptology: Cryptology is a combination of cryptography and cryptanalysis.

C. Cryptanalysis: Cryptanalysis is the technique of decoding messages from a non-readable

format without knowing how they were initially converted from readable format to non-
readable format.

D. Cipher Text: When plain text message is codified using any suitable scheme, the
resulting message is called as cipher text.

iv) Define virus and logic bomb.

(Each definition- 2M)
Ans.
Virus: Virus is a program which attaches itself to another program and causes damage to
the computer system or the network. It is loaded onto your computer without your
knowledge and runs against your wishes.

Logic Bomb:Logic bomb is a type of malicious software that is deliberately installed,

generally by an authorized user. A logic bomb is a piece of code that sits dormant for a
period of time until some event invokes its malicious payload.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 3 / 25
Q.1) B) Attempt any one: 6M
i) Describe the following attacks:
A) Sniffing B) Spooting
(Sniffing-3M, Spoofing- 3M)
Ans.
A) Sniffing: This is software or hardware that is used to observe traffic as it passes through
a network on shared broadcast media. It can be used to view all traffic or target specific
protocol, service, or string of characters like logins. Some network sniffers are not just
designed to observe the all traffic but also modify the traffic. Network administrators use
sniffers for monitoring traffic. They can also use for network bandwidth analysis and to
troubleshoot certain problems such as duplicate MAC addresses.

B) Spoofing: Spoofing is nothing more than making data look like it has come from a
different source. This is possible in TCP/ IP because of the friendly assumption behind the
protocol. When the protocols were developed, it was assumed that individuals who had
access to the network layer would be privileged users who could be trusted. When a packet
is sent from one system to another, it includes not only the destination IP address ant port
but the source IP address as well which is one of the forms of Spoofing.

Example of spoofing: e-mail spoofing, URL spoofing, IP address spoofing.

ii) Describe data recovery procedure.

(Relevant explanation- 6M)
Ans.
Data recovery: All computer users need to be aware of backup and recovery procedures to
protect their data. Data Protection can be taken seriously as its important for financial, legal
or personal reasons.

These are various formatted partition recovery tools [Link] tool will have different
GUI & method of recovery.

There are standard ethical procedures that need be followed as described in following steps:
1. Incident identification: - Identifying the incident and the analysis of the case.
2. Preparation of tools, monitoring, techniques, management support and authorization
etc.
3. Decide a clear and well defined approach, strategy to proceed with the case.
4. Collection of the evidence & even duplicating the digital evidence is also an important
part of ethical conduct.
5. The evidence that is collected should be incorporated with the date, time & the place
where it was found. The importance of preservation of the evidence need be prevented.
6. The analysis of the evidence should be carried out in such a way so as to eliminate the
evidence that cannot be produced in the court law.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 4 / 25
7. This step in an ethical behaviour includes the presentation of the evidence in the court
of law.
8. The return of evidence to the owner also forms a part in ethical behaviour.

Q.2) Attempt any two: 16M

a) Describe CIA model for computer security with example.
(CIA- 2M, Explanation of each concept with example- 2M (Three Points))
[Link] Model for security:Confidentiality, Integrity and Authentication i.e. these three
concepts are considered as backbone of security. These concepts represent the fundamental
principles of security.

1. Confidentiality: The principle of confidentiality specifies that only sender and intended
recipients should be able to access the contents of a message. Confidentiality gets
compromised if an unauthorized person is able to access the contents of a message.
Example of compromising the Confidentiality of a message is shown in fig

Fig. Loss of confidentiality

Here, the user of a computer A send a message to user of computer B. another user C gets
access to this message, which is not desired and therefore, defeats the purpose of
Confidentiality.
This type of attack is also called as Interception.

2. Authentication: Authentication helps to establish proof of identities. The Authentication

process ensures that the origin of a message is correctly identified.
For example, suppose that user C sends a message over the internet to user B. however, the
trouble is that user C had posed as user A when he sent a message to user B. how would
user B know that the message has come from user C, who posing as user A? This concept
is shown in fig. below.

This type of attack is called as Fabrication.

 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 5 / 25

Fig. Absence of authentication

3. Integrity: when the contents of the message are changed after the sender sends it, but
before it reaches the intended recipient, we say that the integrity of the message is lost.
For example, here user C tampers with a message originally sent by user A, which is
actually destined for user B. user C somehow manages to access it, change its contents and
send the changed message to user B. user B has no way of knowing that the contents of the
message were changed after user A had sent it. User A also does not know about this
change.
This type of attack is called as Modification.

Fig. Loss of Integrity

b) What is the importance of biometrics in computer security? Describe finger prints

registration and verification process.
(Importance- 4M, Registration &Verification process- 4M)
Ans.
Importance:

1. Biometric refers study of methods for uniquely recognizing humans based upon one or
more intrinsic physical or behavioral characteristics.
2. Biometric identification is used on the basis of some unique physical attribute of the user
that positively identifies the user. Example: finger print recognition, retina and face scan
technique, voice synthesis and recognition and so on.
3. Biometrics cannot be lost, stolen or forgotten. Barring disease or serious physical injury,
the biometric is consistent and permanent.
4. It is also secure in that the biometric itself cannot be socially engineered, shared or used
by others.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 6 / 25
5. There is no requirement to remember password or pins, thus eliminating an overhead
cost.
6. Coupled with a smart card, biometrics provides strong security for any credentials on the
smart card.
7. It provides a high degree of confidence in user identity.

Fingerprint registration & verification process

During registration, first time an individual uses a biometric system is called an enrolment.
During the enrolment, biometric information from an individual is stored. In the
verification process, biometric information is detected and compared with the information
stored at the time of enrolment.

1) The first block (sensor) is the interface between the real world and the system; it has to
acquire all the necessary data.
2) The 2nd block performs all the necessary pre-processing.
3) The third block extracts necessary features. This step is an important step as the correct
features need to be extracted in the optimal way.
4) If enrolment is being performed the template is simply stored somewhere (on a card or
within a database or both).if a matching phase is being performed the obtained template is
passed to a matcher that compares it with other existing templates, estimating the distance
between them using any algorithm. The matching program will analyze the template with
the input. This will then be output for any specified use or purpose.

c) Explain rail fence technique with algorithm. Encrypt “Computer Security

Technology” using rail fence technique.
(Algorithm- 4M, encryption - 4M)
Ans.
In Rail fence cipher, techniques are essentially Transposition Ciphers and generated by
rearrangement of characters in the plaintext. The characters of the plain text string are arranged
in the form of a rail-fence as follows.
Given Plaintextis ― COMPUTER SECURITY TECHNOLOGY
Rail Fence Technique algorithm:
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 7 / 25
1. Write down the plain text message as a sequence of diagonals.
2. Read the plain text written in Step-1 as a sequence of rows.

Example: plain text = ―COMPUTER SECURITY TECHNOLOGY―is converted to cipher

text with this help of Rail Fence Technique with dual slope.

C M U E S C R T T C N L G

O P T R E U I Y E H O O Y

Ciphertext: CMUESCRTTCNLGOPTREUIYEHOOY

Q.3) Attempt any four: 16M

a) Explain VPN with Neat diagram. Enlist different VPN protocols.
(Diagram: 1M, Explanation: 2M, Listing Protocols: 1M (any 2))
Ans:
A VPN or Virtual Private Network is a network connection that enables you to create a
secure connection over the public Internet to private networks at a remote location. With a
VPN, all network traffic (data, voice, and video) goes through a secure virtual tunnel
between the host device (client) and the VPN provider‟s servers, and is encrypted. VPN
technology uses a combination of features such as encryption, tunneling protocols, data
encapsulation, and certified connections to provide you with a secure connection to private
networks and to protect your identity.
VPN connections technically give you all the benefits of a Local Area Network (LAN),
which is similar to that found in many offices but without requiring a hard-wired
[Link] systems use encryption and other security mechanisms to ensure that
only authorized users can access the network and that the data cannot be intercepted.

Figure: VPN

Different VPN protocols are:

 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 8 / 25
1. PPTP (Point-to-Point Tunneling Protocol)
2. L2TP (Layer 2 Tunneling Protocol)
3. IPsec (Internet Protocol Security)
4. SSL (Secure Socket Layer)

b) Describe different Password Selection criteria

(Any 4 Criteria: 1M each)
Ans. There are four basic techniques passwords selection strategies:
a) User education: Tell the importance of hard-to-guess passwords to the users and
provide guidelines for selecting strong password.

b) Computer generated password: Computer generated passwords are random in nature

so difficult for user to remember it and may note down somewhere.

c) Reactive password checking: the system periodically runs its own password cracker
program to find out guessable passwords. If the system finds any such password, the
system cancels it and notifies the user.

d) Proactive password checking: It is a most promising approach to improve password

security. In this scheme, a user is allowed to select his own password, if password is
allowable then allow or reject it.

c) Distinguish between Symmetric and asymmetric key cryptography (four points).

(Any 4 differences: 1M each)
Ans.

Symmetric-key Cryptography Asymmetric-key Cryptography

It only needs one key to encrypt the It needs two different keys- public key and private
message. And both users only need the key. Everyone can see the public key and only the
same key to decode the message person who has private key can decode the
message.
The symmetric-key system only needs one Asymmetric-key is like double encryption. First,
key, in order to crack the message. the user use his private key to encrypt the message,
them he/she public the message with public key;
although everyone can see the message, only the
person with his own private key can decode the
message. So, in order to crack the system, you need
the person‟s private key, or need to know how they
created the private key
Symmetric-key confirms sender‟s identity Asymmetric-key confirms the sender‟s identity by
by knowing who can encrypt the message double the encryption. One person encrypts the
or decode the message; in other words, by message with his private key, and sends that with
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 9 / 25
knowing who has the key public key. And only the person with another
private key can decode the message.
Advantages: Safer (lots of probability), Advantages: Allow letting other people read the
and faster. encrypted message without any risk.
No problem for distributing the key.

Disadvantages: One time transactions, Disadvantages: Big and slow

how to give the key to the other person.
And once other people know the key, you
have to change the key at both sides.
Example: DES Example: Diffie-Hellman Algorithm

d) Describe Host based IDS with its advantages and disadvantages.

(Diagram: 1M, Explanation: 1M, any twoadvantages: 1M, any two disadvantages: 1M)
Ans.

HIDS: Host Intrusion Detection Systems are run on individual hosts or devices on the
network. HIDS monitors the inbound and outbound packets from the device only and will
alert the user or administrator when suspicious activity is detected. HIDS is looking for
certain activities in the log file are:
Logins at odd hours
Login authentication failure
Adding new user account
Modification or access of critical system files
Modification or removal of binary files
Starting or stopping processes
Privilege escalation
Use of certain programs
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 10 / 25

Figure: HIDS
Basic Components HIDS:
1. Traffic collector: This component collects activity or events from the IDS to examine.
In Host-based IDS, this can be log files, audit logs, or traffic coming to or leaving a
specific system.
2. Analysis Engine:This component examines the collected network traffic & compares it
to known patterns of suspicious or malicious activity stored in the signature database. The
analysis engine acts like a brain of IDS.
3. Signature database: It is a collection of patterns & definitions of known suspicious or
malicious activity.
4. User Interface & Reporting: This is the component that interfaces with the human
element, providing alerts when suitable & giving the user a means to interact with &
operate the IDS.

Advantages:
1. Operating System specific and detailed signatures.
2. Examine data after it has been decrypted.
3. Application specific.
4. Determine whether or not an alarm may impact that specific.

Disadvantages:
1. Should have a process on every system to watch.
2. High cost of ownership and maintenance.
3. Uses local system resources.
4. If logged locally, could be compromised or disable.

e) Describe SET with its requirements and participants.

(SET description: 1M, Requirements: 1M, Participants: 2M(any 4))
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 11 / 25
Ans:
Secure Electronic Transaction is an open encryption and security specification that is
designed for protecting credit card transactions on the Internet. It is a set of security
protocols and formats that enable the users to employ the existing credit card payment
infrastructure on the internet in a secure manner.
There are four essential security requirements for Secure electronic Transaction
1. Authentication
2. Encryption
3. Integrity
4. Non-repudiation

Participants/Components of SET
1. Cardholder: A cardholder is an authorized holder of a payment card such as
MasterCard or Visa that has been issued by an Issuer.
2. Merchant: Merchant is a person or an organization that wants to sell goods or services
to cardholders.
3. Issuer: The issuer is a financial institution that provides a payment card to a cardholder.
4. Acquirer: this is a financial institution that has a relationship with merchants for
processing payment card authorizations and payments. Also provides an assurance that a
particular cardholder account is active and that the purchase amount does not exceed the
credit limits. It provides electronic fund transfer to the merchant account.
5. Payment Gateway: It processes the payment messages on behalf of the merchant. It
connects to the acquirer‟s system using a dedicated network line.
6. Certification Authority (CA): This is an authority that is trusted to provide public key
certificates to cardholders, merchant, and Payment Gateway.

Q.4) a) Attempt any three: 12M

i) Explain simple columnar transposition technique with algorithm and example.
(Algorithm-2M, Example: 2M)
Ans:
The columnar transposition cipher is a transposition cipher that follows a simple rule for
mixing up the characters in the plaintext to form the cipher-text. It can be combined with
other ciphers, such as a substitution cipher, the combination of which can be more difficult
to break than either cipher on its own. The cipheruses a columnar transposition to greatly
improve its security.

Algorithm:
1. The message is written out in rows of a fixed length.
2. Read out again column by column according to given order or in random order.
3. According to order write cipher text.

Example
The key for the columnar transposition cipher is a keyword e.g. ORANGE.
The row length that is used is the same as the length of the keyword.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 12 / 25
To encrypt a below plaintext
COMPUTER PROGRAMMING

O R A N G E
C O M P U T
E R P R O G
R A M M I N
G L E X X M

In the above example, the plaintext has been padded so that it neatly fits in a rectangle. This
is known as a regular columnar transposition. An irregular columnar transposition leaves
these characters blank, though this makes decryption slightly more difficult. The columns
are now reordered such that the letters in the key word are ordered alphabetically.

5 6 1 4 3 2
O R A N G E
C O M P U T
E R P R O G
R A M M I N
G L E X X M
The Encrypted text or Cipher text is:

MPMET GNMUO IXPRM XCERG ORAL (Written in blocks of Five)

ii) Describe IP security architecture.

(Diagram: 2M, Explanation: 2M)
Ans:
IPsec architecture: IPsec is to encrypt and seal the transport and application layer data
during transmission. Also offers integrity protection for the Internet layer. IPSec layer sits
in between the transport and the Internet layers of conventional TCP/IP protocol stack.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 13 / 25

IPSec actually consists of two main protocols

a) Authentication Header (AH):
b) Encapsulating Security Payload (ESP):

a) Authentication Header (AH): The AH provides support for data integrity and
authentication of IP packets. The data integrity service ensures that data inside IP
packet is not altered during the transit. The authentication service enables an end user
or computer system to authenticate the user or the application at the other end and
decides to accept or reject packets accordingly. This also prevents IP spoofing attacks.
AH is based on MAC protocol, which means that the two communicating parties must
share a secret key in order to use AH.
b) Encapsulating Security Payload (ESP): ESP is a member of the IPsec protocol suite.
In IPsec it provides origin authenticity, integrity and confidentiality protection
of packets. ESP also supports encryption-only and authentication-only configurations,
but using encryption without authentication is strongly discouraged because it is
insecure.

Modes of operation: Both AH and ESP works in two modes:

1. Tunnel mode: In tunnel mode, IPsec protects the entire IP datagram. It takes an IP
datagram, adds the IPSec header and trailer and encrypts the whole thing. It then adds
new IP header to this encrypted datagram.
2. Transport mode: Transport mode does not hide the actual source and destination
addresses. They are visible in plain text, while in transit. In the transport mode, IPSec
takes the transport layer payload, adds IPSec header and trailer, encrypts the whole
thing and then adds the IP header. Thus IP header is not encrypted.

iii) Define cyber crime. List different types of cyber crimes.

(Define: 2M, Types: 2M (any 4))
Ans.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 14 / 25
Cybercrime is defined as a crime in which a computer is the object of the crime (hacking,
phishing, spamming) or is used as a tool to commit an offense (child pornography, hate
crimes). Cybercriminals may use computer technology to access personal information,
business trade secrets, or use the Internet for exploitive or malicious purposes. Criminals
can also use computers for communication and document or data storage. Criminals who
perform these illegal activities are often referred to as hackers.
Cybercrime may also be referred to as computer crime.
Types of Cybercrimes are
1. Hacking
2. Cracking
3. Theft
4. Malicious software
5. Child soliciting and abuse
iv) What is Software piracy?
(Any Relevant Description: 4M)
Ans:
Software piracy is the illegal copying, distribution, or use of software. It is such a profitable
"business" that it has caught the attention of organized crime groups in a number of
countries. Software piracy causes significant lost revenue for publishers, which in turn
results in higher prices for the [Link] piracy applies mainly to full-function
commercial software. The time-limited or function-restricted versions of commercial
software called shareware are less likely to be pirated since they are freely available.
Similarly, freeware, a type of software that is copyrighted but freely distributed at no
charge.

Types of software piracy include:

Soft-lifting: Borrowing and installing a copy of a software application from a colleague.
Client-server overuse: Installing more copies of the software than you have licenses for.
Hard-disk loading: Installing and selling unauthorized copies of software on refurbished
or new computers.
Counterfeiting: Duplicating and selling copyrighted programs.
Online piracy: Typically involves downloading illegal software from peer-to-peer
network, Internet auction or blog. (In the past, the only place to download software was
from a bulletin board system and these were limited to local areas because of long
distance charges while online.)

Q.4) b) Attempt any one: 6M

i) Explain DOS and DDOS with neat diagram.
(Explanation: 2M Each, Diagram: 1M Each)
Ans.
Denial Of Service Attack: Denial of service (DOS) attack scan exploits a known
vulnerability in a specific application or operating system, or they may attack features (or
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 15 / 25
weaknesses) in specific protocols or services. In this form of attack, the attacker is
attempting to deny authorized users access either to specific information or to the computer
system or network itself. The purpose of such an attack can be simply to prevent access to
the target system, or the attack can be used in conjunction with other actions in order to
gain unauthorized access to a computer or network. SYN flooding is an example of a DOS
attack that takes advantage of the way TCP/IP networks were designed to function, and it
can be used to illustrate the basic principles of any DOS attack. SYN flooding utilizes the
TCP three-way handshake that is used to establish a connection between two systems. In a

SYN flooding attack, the attacker sends fake communication requests to the targeted
system. Each of these requests will be answered by the target system, which then waits for
the third part of the handshake. Since the requests are fake the target will wait for responses
that will never come, as shown in Figure.

Fig: DOS Attack

The target system will drop these connections after a specific time-out period, but if the
attacker sends requests faster than the time-out period eliminates them, the system will
quickly be filled with requests. The number of connections a system can support is finite,
so when more requests come in than can be processed, the system will soon be reserving all
its connections for fake requests. At this point, any further requests are simply dropped
(ignored), and legitimate users who want to connect to the target system will not be able to.
Use of the system has thus been denied to them.

Distributed denial-of-service (DDoS): DDoS is the attack where source is more than one,
often thousands of, unique IP addresses. It is analogous to a group of people crowding the
entry door or gate to a shop or business, and not letting legitimate parties enter into the
shop or business, disrupting normal [Link] is a type of DOS attack where
multiple compromised systems, which are often infected with a Trojan, are used to target a
single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist
of both the end targeted system and all systems maliciously used and controlled by the
hacker in the distributed attack.
A Denial of Service (DoS) attack is different from a DDoS attack. The DoS attack typically
uses one computer and one Internet connection to flood a targeted system or resource. The
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 16 / 25
DDoS attack uses multiple computers and Internet connections to flood the targeted
resource. DDoS attacks are often global attacks, distributed via botnets.
Types of DDoS Attacks:
Traffic attacks: Traffic flooding attacks send a huge volume of TCP, UDP and ICPM
packets to the target. Legitimate requests get lost and these attacks may be accompanied by
malware exploitation.
Bandwidth attacks: This DDoS attack overloads the target with massive amounts of
junk data. This results in a loss of network bandwidth and equipment resources and can
lead to a complete denial of service.
Application attacks: Application-layer data messages can deplete resources in the
application layer, leaving the target's system services unavailable.
Stacheldraht is a piece of software written by Random for Linux and Solarissystems
which acts as a distributed denial of service (DDoS) agent. This tool detects and
automatically enables source address [Link] uses a number of different DoS
attacks, including UDP flood, ICMP flood, TCP SYN flood andSmurf attack.

Fig: DDOS Attack

ii) Explain worm and virus. Differentiate between worm and virus.
(Explanation of Worm & Virus: 2M Each, Any 2 Differences: 2M)
Ans.
Worm: A worm is similar to a virus by design and is considered to be a sub-class of a
virus. Worms spread from computer to computer, but unlike a virus, it has the capability to
travel without any human action. A worm takes advantage of file or information transport
features on your system, which is what allows it to travel unaided.

The biggest danger with a worm is its capability to replicate itself on your system, so rather
than your computer sending out a single worm, it could send out hundreds or thousands of
copies of itself, creating a huge devastating effect. One example would be for a worm to
send a copy of itself to everyone listed in your e-mail address book. Then, the worm
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 17 / 25
replicates and sends itself out to everyone listed in each of the receiver's address book, and
the manifest continues on down the line.

Due to the copying nature of a worm and its capability to travel across networks the end
result in most cases is that the worm consumes too much system
memory (or network bandwidth), causing Web servers, network servers and individual
computers to stop responding. In recent worm attacks such as the much-talked-about
Blaster Worm, the worm has been designed to tunnel into your system and allow malicious
users to control your computer remotely.
Virus:A computer virus attaches itself to a program or file enabling it to spread from one
computer to another, leaving infections as it travels. Like a human virus, a computer virus
can range in severity: some may cause only mildly annoying effects while others can
damage your hardware, software or files. Almost all viruses are attached to anexecutable
file, which means the virus may exist on your computer but it actually cannot infect your
computer unless you run or open the malicious program.
It is important to note that a virus cannot be spread without a human action, (such as
running an infected program) to keep it going. Because a virus is spread by human action
people will unknowingly continue the spread of a computer virus by sharing infecting files
or sending emails with viruses as attachments in the email.

Virus Worm
The virus is the program code that attaches The worm is code that replicate itself in order
itself to application program and when to consume resources to bring it down.
application program run it runs along with it.
It inserts itself into a file or executable It exploits a weakness in an application or
program. operating system by replicating itself.
It has to rely on users transferring infected It can use a network to replicate itself to other
files/programs to other computer systems. computer systems without user intervention.
Yes, it deletes or modifies files. Sometimes a Usually not. Worms usually only monopolize
virus also changes the location of files. the CPU and memory.
Virus is slower than worm. Worm is faster than virus
E.g. Macro virus, Directory virus, Stealth E.g. Code red
Virus

Q.5) Attempt any two: 16M

a) Explain individual user responsibilities in computer security.
(Eachpoint 1M, any 8 points)
Ans. Individual user responsibilities in computer security are:
a) Lock the door of office or workspace.
b) Do not leave sensitive information inside your car unprotected.
c) Secure storage media in a secure storage device which contains sensitive information.
d) Shredding paper containing organizational information before discarding it.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 18 / 25
e) Do not expose sensitive information to individuals that do not have an authorized need to
know it.
f) Do not discuss sensitive information with family members.
g) Be alert to, and do not allow, piggybacking, shoulder surfing or access without the proper
identifications.
h) Establish different procedures to implement good password security practice that
employees should follow.

b) What is PGP? How PGP is used for email security?

(Explanation of PGP2M, Diagram 2M, Working 4M)
Ans.
PGP is Pretty Good Privacy. It is a popular program used to encrypt and decrypt email
over the internet. It becomes a standard for e-mail security. It is used to send encrypted
code (digital signature) that lets the receiver verify the sender„s identity and takes care that
the route of message should not change. PGP can be used to encrypt files being stored so
that they are in unreadable form and not readable by users or intruders It is available in
Low cost and Freeware version. It is most widely used privacy ensuring program used by
individuals as well as many corporations.

How PGP works

[Link] Signature

2. Compression

3. Encryption

4. Enveloping

5. Base-64 Encoding

There are five steps as shown in fig.

1. Digital Signature
2. Compression
3. Encryption
4. Enveloping
5. Base-64 Encoding
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 19 / 25
1. Digital signature: it consists of the creation a message digest of the email message
using SHA-1 algorithm. The resulting MD is then encrypted with the sender‟s private
key. The result is the sender‟s digital signature.
2. Compression: the input message as well as p digital signature are compressed together
to reduce the size of final message that will be transmitted. For this the Lempel-Ziv
algorithm is used.
3. Encryption: The compressed output of step 2 (i.e. the compressed form of the original
email and the digital signature together) are encrypted with a symmetric key.
4. Digital enveloping: the symmetric key used for encryption in step 3 is now encrypted
with the receiver‟s public key. The output of step 3 and 4 together form a digital
envelope.
5. Base -64 encoding: this process transforms arbitrary binary input into printable
character output. The binary input is processed in blocks of 3 octets (24-bits).these 24
bits are considered to be made up of 4 sets, each of 6 bits. Each such set of 6 bits is
mapped into an 8-bit output character in this process.

c) Explain characteristics, working, design principle and limitation of firewall.

(Characteristics 1M, Diagram 1M, working 2M, design principle 2M and Limitation of
firewall 2M)
Ans.
Characteristics:
1. All traffic from inside to outside must pass through the firewall (physically blocking all
access to the local network except via the firewall)
2. Only authorized traffic (defined by the local security police) will be allowed to pass
3. The firewall itself is immune to penetration (use of trusted system with a secure
operating system)

Design Principal:
A firewall is a networking device – hardware, software or a combination of both–
whose purpose is to enforce a security policy across its connection. It is much like a
wall that has a window: the wall serves to keep things out, except those permitted
through the window.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 20 / 25
Working:Firewalls enforce the establishment security policies. Variety of
mechanism includes:
Packet filtering router
Circuit level gateways
Application Gateways/ Proxy Server.
Network Address Translation (NAT)

One of the most basic security function provided by a firewall is Network Address
Translation (NAT). This service allows you to mask significant amounts of information
from outside of the network. This allows an outside entity to communicate with an entity
inside the firewall without truly knowing its address.
Basic Packet Filtering, the most common firewall technique, looking at packets, their
protocols and destinations and checking that information against the security policy.
Telnet and FTP connections may be prohibited from being established to a mail or
database server, but they may be allowed for the respective service servers.
This is a fairly simple method of filtering based on information in each packet header,
like IP addresses and TCP/UDP ports. This will not detect and catch all undesired packet
but it is fast and efficient.
A firewall can either be software-based or hardware-based and is used to help keep a
network secure. Its primary objective is to control the incoming and outgoing traffic of
network by analyzing the data packets and determining whether it should be allowed
through or not, based on a predetermined rule set. A network's firewall builds a brigade
between an internal network that is assumed to be secure and trusted, and another
network, usually an external (inter)network, such as the Internet, that is not assumed to be
secure and trusted.
Many personal computer operating systems include software-based firewalls to protect
against threats from the public Internet. Many routers that pass data between networks
contain firewall components and, conversely, many firewalls can perform basic routing
functions.

Limitations:
1. Firewall do not protect against inside threats.
2. Packet filter firewall does not provide any content based filtering.
3. Protocol tunneling, i.e. sending data from one protocol to another protocol which
negates the purpose of firewall.
4. Encrypted traffic cannot be examine and filter.

Q.6) Attempt any four: 16M

a) Describe dumpster diving with its prevention mechanism.
(Concept 3M, Prevention mechanism 1M)
Ans.
Dumpster diving: It is the process of going through a target‟s trash in order to find
little bits of information System attackers need certain amount of information before
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 21 / 25
launching their attack. One common place to find this information, if the attacker is in the
vicinity of target is to go through the target‟s thrash in order to find little bits of
information that could be useful. The process of going through target‟s thrash is known as
“dumpster diving”.

The search is carried out in waste paper, electronic waste such as old HDD, floppy and
CD media recycle and trash bins on the systems etc.
If the attacker is lucky, the target has poor security process they may succeed in finding
user ID‟s and passwords. If the password is changed and old password is discarded, lucky
dumpster driver may get valuable clue.

To prevent dumpster divers from learning anything valuable from your trash, experts
recommend that your company should establish disposal policy.

b) Explain the term steganography with example.

(Term – 1M, Concept- 2M, Example 1M)
Ans..
Steganography: Steganography is the art and science of writing hidden message in such a
way that no one, apart from the sender and intended recipient, suspects the existence of the
message. Steganography works by replacing bits of useless or unused data in regular
computer files (such as graphics, sound, text, html or even floppy disks) with bits of
different, invisible information. This hidden information can be plain text, cipher text or
even images. In modern steganography, data is first encrypted by the usual means and then
inserted, using a special algorithm, into redundant data that is part of a particular file format
such as a JPEG image.
Steganography process :
Cover-media + Hidden data + Stego-key = Stego-medium
Cover media is the file in which we will hide the hidden data, which may also be encrypted
using stego-key. The resultant file is stego-medium. Cover-media can be image or audio
file.
Stenography takes cryptography a step further by hiding an encrypted message so that no
one suspects it exists. Ideally, anyone scanning your data will fail to know it contains
encrypted data.
Stenography has a number of drawbacks when compared to encryption. It requires a lot of
overhead to hide a relatively few bits of information.
i.e. One can hide text, data, image, sound, and video, behind image.

c) Describe the concept of Kerberos.

(Explanation with Diagrams of different steps 4M)
Ans.
Kerberos is a network authentication protocol. It is designed to provide strong
authentication for client/server applications by using secret-key cryptography.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 22 / 25
Kerberos was created by MIT as a solution for network security problems and it is freely
available from MIT, under copyright permission.

How Kerberos does works?

Kerberos operates by encrypting data with a symmetric key. A symmetric key is a type of
authentication where both the client and server agree to use a single encryption/decryption
key for sending and receiving data.
When working with the encryption key, the details are actually sent to a key distribution
center (KDC), instead of sending the details directly between each computer.
The entire process takes a total of eight steps, as shown below.
1. The authentication service, or AS, receivers the request by the client and verifies that the
client is indeed the computer it claims to be. This is usually just a simple database lookup
of the user‟s ID.

User Id

client
Authentication server (AS)
2. Upon verification, a timestamp is crated. This puts the current time in a user session,
along with an expiration date. The default expiration date of a timestamp is 8 hours. The
encryption key is then created. The timestamp ensures that when 8 hours is up, the
encryption key is useless. (This is used to make sure a hacker doesn‟t intercept the data,
and try to crack the key. Almost all keys are able to be cracked, but it will take a lot
longer than 8 hours to do so)

Ticket granting ticket

Time stamp: 8 hrs.

Client
Authentication server (AS)

3. The key is sent back to the client in the form of a ticket-granting ticket, or TGT. This is
a simple ticket that is issued by the authentication service. It is used for authentication
the client for future reference.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 23 / 25

4. The client submits the ticket-granting ticket to the ticket-granting server, or TGS, to get
authenticated.

5. The TGS creates an encrypted key with a timestamp, and grants the client a service
ticket.

6. The client decrypts the ticket, tells the TGS it has done so, and then sends its own
encrypted key to the service.

.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 24 / 25

7. The service decrypts the key, and makes sure the timestamp is still valid. If it is, the
service contacts the key distribution center to receive a session that is returned to the
client.

8. The client decrypts the ticket. If the keys are still valid, communication is initiated
between client and server.

d) Describe IT Act 2008

(Any four features of IT Act 2008- 2M, any four amendments-2M )
Ans.
It is introduced with many additional features of IT Act 2000:
They have amplified the existing provisions or introduced new provisions.
Electronics signature introduced
Important definitions added
Legally validated electronic documents reemphasized.
Critique on power of controller under the IT Act 2008
The role of adjudicating officer under the IT Act 2008.
Composition of CAT (Cyber Appellate Tribunal)
New cybercrimes as offences under amended Act
Power of Block unlawful websites should be exercised with caution.
Section 69B added to confer power to collect, monitor traffic data
Significance of the term Critical Information Infrastructure
Important Clarifications on the Act‟s application and effect
The combination effect of section 88 and 77B
Combined effect of section 78 and 80.

Features of I.T. Amendment Act 2008:

Focusing on data privacy
Focusing on information security.
Defining cyber café.
Making digital signature technology neutral.
Defining reasonable security practices to be followed by corporate.
Redefining the role of intermediaries.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2016 EXAMINATION

Subject Code: 17514 Model Answer Page No: 25 / 25
Recognizing the role of Indian computer Emergency Response Team.
Inclusion of some additional cybercrimes like child pornography and cyber
terrorism.
Authorizing an Inspector to investigate cyber offences.

e) What is TLS? What are two layers of TLS?

(Explanation-2M, Layers-2M)
Ans.
The Transport Layer security (TLS) protocol provides communications privacy over
internet. The protocol allows client-server applications to communicate in a way that is
designed to prevent eavesdropping, tampering or message forgery. The primary goal of the
TLS protocol is to provide privacy in data integrity between two communicating
applications.

The protocol is composed of two layers:

TLS Record Protocol provides connection security with some encryption method such as
the Data Encryption Standard (DES). The TLS Record Protocol can also be used without
encryption. The

TLS Handshake Protocol allows the server and client to authenticate each other and to
negotiate an encryption algorithm and cryptographic keys before data is exchanged.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
Important Instructions to examiners:
1) The answers should be examined by key words and not as word-to-word as given in the model answer
scheme.
2) The model answer and the answer written by candidate may vary but the examiner may try to assess the
understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more Importance (Not
applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in the figure. The
figures drawn by candidate and model answer may vary. The examiner may give credit for any equivalent
figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed constant values may
vary and there may be some difference in the candidate‟s answers and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of relevant answer based
on candidate‟s understanding.
7) For programming language papers, credit may be given to any other program based on equivalent concept.

Q. Sub Answer Marking

No Q. Scheme
. N.

1. a) Attempt any three. 12

a) Describe the basic principles of computer security. 4M

Ans: The need of computer security has been threefold: confidentiality, integrity, and (1 mark for
availability the “CIA” of security. Confidentiality, Integrity, Availability, Availability, each
Authentication, Other elements are Authorization, Non-repudiation, Access control and element)
accountability.
1. Confidentiality: The goal of confidentiality is to ensure that only those individuals who
have the authority can view a piece of information, the principle of confidentiality specifies
that only sender and intended recipients should be able to access the contents of a
message. Confidentiality gets compromised if an unauthorized person is able to access the
contents of a message.
Example of compromising the Confidentiality of a message is shown in fig.

Fig. Loss of confidentiality

Here, the user of a computer A send a message to user of computer B. another user C
gets access to this message, which is not desired and therefore, defeats the purpose of
Confidentiality.
This type of attack is also called as interception.
2. Authentication: Authentication helps to establish proof of identities. The
Page 1 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
Authentication process ensures that the origin of a message is correctly identified.
Authentication deals with the desire to ensure that an individual is who they claim to be.
For example, suppose that user C sends a message over the internet to user B.
however, the trouble is that user C had posed as user A when he sent a message to user B.
how would user B know that the message has come from user C, who posing as user A?
This concept is shown in fig. below.
This type of attack is called as fabrication.

Fig. absence of authentication

3. Integrity: Integrity is a related concept but deals with the generation and modification
of data. Only authorized individuals should ever be able to create or change (or delete)
information. When the contents of the message are changed after the sender sends it, but
before it reaches the intended recipient, we say that the integrity of the message is lost.
For example, here user C tampers with a message originally sent by user A, which is
actually destined for user B. user C somehow manages to access it, change its contents
and send the changed message to user B. user B has no way of knowing that the contents
of the message were changed after user A had sent it. User A also does not know about
this change.
This type of attack is called as modification.

Fig. Loss of Integrity

4. Availability: The goal of availability s to ensure that the data, or the system itself, is
available for use when the authorized user wants it.

b) List types of attacks. Explain backdoors and trapdoors attack. 4M

Ans: Attack is any attempt to expose, destroy alter, modify sizable, steal or gain unauthorized (List: 2 mark
access or use of an asset. It is kind of malicious activity that attempts to collect disrupt, and 1 mark
deny degrade, or destroy information system resources or information. each for
explanation
Types of attacks are: of backdoor
 Passive attacks and trap

Page 2 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
 Active attacks door attacks)
 Denial of service attacks
 Backdoor attacks
 Trapdoor attacks
 Sniffing/spoofing attacks
 Man-in-the middle attacks
Backdoor Attacks:

 It is secret entry point into program that allows user to gain access without going
through the usual security access procedures.
 It is used legitimately in debugging and testing
 It also refers to the entry and placement of a program or utility into a network that
creates a backdoor entry for attackers.
 This may allow a certain user ID to log on without password a program or gain of
administrative services.
 It becomes threat when programmers use them to gain unauthorized access.
 There are several backdoor programs and tools used by hackers in terms of
automated tools
Trapdoor Attacks:
 A trap door is an entrance in an system which circumvents the normal safety
measures.
 It is secret entry point into a program that allows someone who is aware of gaining
access using procedure other that security procedure.
 It might be hidden program which makes the protection system ineffective.
 This entry can be deliberately in traduced by the developer to maintain system in
case of disaster management.
 Trapdoor programs can be installed through malware using internet.

c) Describe piggy backing and shoulder surfing. 4M

Ans: (2 marks
Piggybacking: It is the simple process of following closely behind a person who has just each for
used their own access card or PIN to gain physical access to a room or building. An attacker piggybacks
can thus gain access to the facility without having to know the access code or having to & shoulder
acquire an access card. i.e.: Access of wireless internet connection by bringing one's own surfing)
computer within range of another wireless connection & using that without explicit
permission , it means when an authorized person allows (intentionally or unintentionally)
others to pass through a secure door. Piggybacking on Internet access is the practice of
establishing a wireless Internet connection by using another subscriber's
wireless Internet access service without the subscriber‟s explicit permission or knowledge.
It is a legally and ethically controversial practice, with laws that vary by jurisdiction
around the world. While completely outlawed or regulated in some places, it is permitted in
others. The process of sending data along with the acknowledgment is called
piggybacking. Piggybacking is distinct from war driving, which involves only the
logging or mapping of the existence of access points. It is the simple tactic of following
closely behind a person who has just used their own access card or PIN to gain physical
access to a room or building. An attacker can thus gain access to the facility without having
Page 3 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
to know the access code or having to acquire an access card .Piggybacking, in a wireless
communications context, is the unauthorized access of a wireless LAN. Piggybacking is
sometimes referred to as "Wi-Fi squatting." The usual purpose of piggybacking is simply to
gain free network access rather than any malicious intent, but it can slow down data transfer
for legitimate users of the network.

Shoulder surfing is a similar procedure in which attackers position themselves in such

away as -to be-able to observe the authorized user entering the correct access code.
Shoulder surfing is an effective way to get information in crowded places because it's
relatively easy to stand next to someone and watch as they fill out a form, enter a PIN
number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing
can also be done long distance with the aid of binoculars or other vision-enhancing devices.
To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad
from view by using your body or cupping your hand. Both of these attack techniques can be
easily countered by using simple procedures to ensure nobody follows you too closely or is
in a position to observe your actions. Shoulder surfing is using direct observation
techniques, such as looking over someone's shoulder, to get information.
d) Explain the terms: Cryptography, cryptanalysis and Cryptology. 4M

Ans: 1. Cryptography: Cryptography is art & science of achieving security by encoding (1 mark for
messages to make them non-readable. explanation
each term
Readable Cryptography Unreadable and 1 mark
message system message for diagram
drawn)

2. Cryptanalysis: Cryptanalysis is the technique of decoding messages from a non-

readable format without knowing how they were initially converted from readable format to
non-readable format.
Unreadable Cryptanalysis Readable
message message

3. Cryptology: It is originated from the Greek logos, means hidden words. This technique
is used in cryptography for generating secured information.

b) Attempt any one. 6

a) Describe Model for security with the help of diagram. 6M

Ans: ( Diagram 2
marks and
explanation
4 marks)

Page 4 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________

OR

A message is to be transferred from one use to another user in secret form using this
security system it can be two or more parties accessing information via Internet.

OR

Sender & receiver are principals of transaction and must cooperate for exchange to take
place.
Model shows four basic tasks:
1. Design algorithm in such a way that an opponent cannot defeat its purpose. This
algorithm is used for security related information.
2. Generate secret information that can be used with algorithm.
3. Develop method for distributing and sharing of secret information.
4. Specify a protocol which can be used by two principals that make use of security
algorithm and secret information to achieve a security service. An information channel is
established by defining a route through Internet from source to destination with the help of
communication protocol like TCP/IP or using normal PC to PC communication through
any media. Techniques for providing security have following components:-
 A security related transformation on information to be sent.
 This information shared by two principals should be secret.
 A trusted party is required to achieve secure transmission.
 This is responsible for distributing secret information between two principals.

b) Explain IT Act, 2000 and IT Act, 2008. 6M

Page 5 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
Ans: 1) IT Act 2000: According to Indian cyber laws, Information technology is the important (3 marks each
law and it had passed in Indian parliament in year [Link] act is helpful to encourage for IT Act
business by use of internet. Due to misuse of internet and increase of cybercrime, the Govt. 2000 ,and IT
of India made an act for safeguarding the internet users. Act 2008)
The main objectives of this act are as follows.
1. To provide legal recognition to the transaction that can be done by electronic way or by
using internet.
2. To provide legal recognition to digital signature used in transaction.
3. To provide facilities like filling of document online relating to admission or registration.
4. To provide facility to any company that they can store their data in electronic storage.
5. To provide legal recognition for bankers and other companies to keep accounts in
electronic form.
It is introduced with many additional features of IT Act 2000: They have amplified the
existing provisions or introduced new provisions. (OPTIONAL)

 Electronics signature introduced

 Important definitions added
 Legally validated electronic documents reemphasized.
 Critique on power of controller under the IT Act 2008
 The role of adjudicating officer under the IT Act 2008.
 Composition of CAT (Cyber Appellate Tribunal)
 New cybercrimes as offences under amended Act
 Power of Block unlawful websites should be exercised with caution.
 Section 69B added to confer power to collect, monitor traffic data
 Significance of the term Critical Information Infrastructure
 Important Clarifications on the Act‟s application and effect
 The combination effect of section 88 and 77B
 Combined effect of section 78 and 80.
This helps to effective enforce cyber law in India.

IT acts 2008: It is the Information Technology Amendment Act, [Link] act was
developed for IT industries, control e-commerce, to provide e-governance facility and to
stop cybercrime attacks.
Following are the characteristics of IT ACT 2008: This act provides legal recognition
for the transaction i.e. Electronic Data Interchange (EDI) and other electronic
communications. This Act also gives facilities for electronic filling of information with the
Government agencies. It is considered necessary to give effect to the said resolution and to
promote efficient delivery of Government services by means of reliable electronic records.

State characteristics of IT Act 2008.

Different Fraudulent situations: (OPTIONAL)

 Tampering with any computer source code use for a computer, computer programmer
computer system or computer network.
 Hacking with computer system
 Sending offensive or false information through computer or a communicative device.
Page 6 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
 Receiving or retaining stolen computer resource or communication device.
 Capturing transmitting or publishing the image of a private area of any person without
consent.
 Punishment for Cyber terrorism.
 Publishing transmitting information which is obscene in electronic form.
 Publishing and transmission of containing sexually explicit act or conduct.
 Penalty for mis-representation.: imprisonment for a term which may extend to two years
or with fine up to Rs. 1 lakh or with both.
 Penalty for breach of confidentiality and privacy
 Punishment for disclosure of information in breach of contract.
 Punishment for publishing digital signature certificate false in certain particulars.
 Publication for fraudulent purpose.

Features of I.T. Amendment Act 2008: (Optional)

 Focusing on data privacy

 Focusing on information security.
 Defining cyber café.
 Making digital signature technology neutral.
 Defining reasonable security practices to be followed by corporate.
 Redefining the role of intermediaries.
 Recognizing the role of Indian computer Emergency Response Team.
 Inclusion of some additional cybercrimes like child pornography and cyber
terrorism.
 Authorizing an Inspector to investigate cyber offences.

2. Attempt any two. 16

a) Explain threat to security in detail w.r.t virus, worms, intruders, insiders. 8M

Ans: Threats create vulnerabilities in computer system or (2 marks for

network. Following are threats to security. each threat)
1. Virus & worms
2. Intruders
3. Insiders
4. Criminal organization
5. Terrorists
6. Information warfare
7. Avenues of attack
8. Steps in attack
Virus: Computer Virus attach itself to a program or file enabling it to spread from one
computer to another , leaving infection as it travels from PC to PC or over network. It
copies itself into previously uninfected programs or files, and executes over other source of
attack. It can cause the loss or alteration of program or data and can compromise
confidentiality. It is almost attached with executable files,
Steps are:
Page 7 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
 Virus program is launched.
 Virus code is loaded into destination.
 Virus delivers itself destructive payload.
 Virus copies itself to another program.
Characteristics are: hard to detect, not easily destroyable, spreads infection widely, easy to
create, machine and operating system independent.

Worms:
 Worms are malicious programs that spread them automatically.
 Spread from computer to computer, without any human action intervention.
 It propagate autonomously, they are spread by exploiting vulnerabilities in
computer system.
 Worm is designed to copy itself from PC to PC via networks or internet.
 They spread much faster than viruses.
 Its effects are localized its damage to the computer network by causing increased
bandwidth.
 Worms consists of attack mechanism, payload and target selection

Intruders :
 Extremely patient as time consuming More dangerous than outsiders
 Outsiders Insiders
 Keep trying attacks till success As they have the access and knowledge to cause
immediate damage to organization
 Individual or a small group of attackers They can be more in numbers who are
 Next level of this group is script writers, i.e. Elite hackers are of three types:
Masquerader, Misfeasor, Clandestine user is misuse of access given by insiders
directly or indirectly access the organization.
 They may give remote access to the Organization
 Intruders are authorized or unauthorized users who are trying access the system or
network.
 They are hackers or crackers
 Intruders are illegal users.
 Less dangerous than insiders They have to study or to gain knowledge about the
security system
 They do not have access to system.
 Many security mechanisms are used to protect system from Intruders.
Insiders:
 More dangerous than outsiders As they have the access and knowledge to cause
immediate damage to organization
 They can be more in numbers who are directly or indirectly access the organization.
 They may give remote access to the organization.
 Insiders are authorized users who try to access system or network for which he is
unauthorized.
 Insiders are not hackers.
 Insiders are legal users.

Page 8 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
 More dangerous than Intruders.
 They have knowledge about the security system.
 They have easy access to the system because they are authorized users.
 There is no such mechanism to protect system from Insiders.

Insiders are more dangerous than intruders because:

i) The insiders have the access and necessary knowledge to cause immediate damage to an
organization.
ii) There is no security mechanism to protect system from Insiders. So they can have all the
access to carry out criminal activity like fraud. They have knowledge of the security
systems and will be better able to avoid detection.

b) What is access control? Explain DAC, MAC and RBAC access control model. 8M

Ans: Access is the ability of a subject to interest with an object. Authentication deals with (2 marks for
verifying the identity of a subject. It is ability to specify, control and limit the access to the description
host system or application, which prevents unauthorized use to access or modify data or and 2 mark
each for three
resources.
types of
control
including
table)

Various access controls are:

 Discretionary Access control (DAC): Restricting access to objects based on the
identity of subjects and or groups to which they belongs to, it is conditional,
basically used by military to control access on system. UNIX based System is
common method to permit user for read/write and execute
 Mandatory Access control (MAC): It is used in environments where different
levels of security are classified. It is much more restrictive. It is sensitivity based
restriction, formal authorization subject to sensitivity. In MAC the owner or User
cannot determine whether access is granted to or not. i.e. Operating system rights.
Security mechanism controls access to all objects and individual cannot change that
access.
 Role Based Access Control (RBAC): Each user can be assigned specific access

Page 9 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
permission for objects associated with computer or network. Set of roles are defined.
Role in-turn assigns access permissions which are necessary to perform role.
 Different User will be granted different permissions to do specific duties as per their
classification.

c) Explain transposition technique. Convert plain text to cipher text using rail Fence 8M
technique “COMPUTER SECURITY”.

Ans: (2 marks for

C M U E S C R T definition, 2
marks for
O P T R E U I Y Step 1, 2
marks for
TYPES OF TRANSPOSITION SYSTEMS:
conversion
Nature of Transposition: Transposition systems are fundamentally different from and 2 marks
substitution systems. In substitution systems, plaintext values are replaced with other for cipher
values. In transposition systems, plaintext values are rearranged without otherwise text.)
changing them. All the plaintext characters that were present before encipherment are still
present after encipherment. Only the order of the text changes. Most transposition systems
rearrange text by single letters. It is possible to rearrange complete words or groups of
letters rather than single letters, but these approaches are not very secure and have little
practical value. Larger groups than single letters preserve too much recognizable plaintext.
a) Some transposition systems go through a single transposition process. These are
called single transposition. Others go through two distinctly separate transposition
processes. These are called double transposition.
b) Most transposition systems use a geometric process. Plaintext is written into a
geometric figure, most commonly a rectangle or square, and extracted from the
geometric figure by a different path than the way it was entered. When the geometric
figure is a rectangle or square, and the plaintext is entered by rows and extracted by
columns, it is called columnar transposition. When some route other than rows and
columns is used, it is called route transposition.

Rail Fence Technique: It is one of the easiest transposition techniques to create cipher
text. When plain text message is codified using any suitable scheme, the resulting message
is called Cipher text or Cipher.
Steps are:

Plain text = COMPUTER SECURITY

1. Write down Plain text as sequence of diagonal.

Read Plain text written in Step 1 as sequence of rows.

As ,
CMUESCRT,
Followed with
O P T R E U IY
Page 10 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
Then concatenate these two sequences of text as one to create following

Cipher text: CMUESCRTOPTREUIY

Following details will be OPTIONAL.

Some other examples of rail fence techniques

(1) The rail-fence cipher is inscribed by zigzag pattern and extracted by rows.

(2)The triangular pattern is inscribed by rows and extracted by columns.

3. Attempt any four. 16

a) Explain use of Biometrics in computer Security. List various Biometrics used for 4M
computer security.

Ans: Use of biometric system in computer Security: Biometric is a science & technology of (Use of
measuring & statically analyzing biological data. The purpose of biometrics is to uniquely biometric
identify or verify an individual through the characteristics of the human body. Biometric system in
technology must first gather information into a computer database, for example, a database
computer
of fingerprints. The computer will compare the fingerprints in the database to any new
sample and recognize when there is a match. The matches can be used for both Security: 2
identification and verification purposes. marks, listing
of any four
Enrollment: A biometrics system searches the database for a match to the newly captured biometric
sample, and grants access if it is found. Using a fingerprint as part of the login process to a
security
computer is an example of this mode.
Verification: A biometrics system searches the database for a match to the newly captured system:2
sample, and authenticates an individual's claimed identity from his or her previously marks)
enrolled pattern. Biometrics uses characteristics that can be physical such hand shape, a
fingerprint, facial characteristics, voice, or DNA. Biometrics can also use characteristics
Page 11 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
that are learned or acquired, behavioral traits such our signature, they way we speak or use
a computer.
Strongest & highly reliable authentication method which involves the creation of users
sample of authentication & store it on high end server.
During actual authentication user is required to provide same sample of authentication
Both are matched up to certain degree
Biometric helps to prove WHO ARE YOU.
At very important places like BARC, ISRO you are supposed to prove your identity
biometric system is the answer.
List of various biometrics used for computer security:
1. Finger print
2. Hand print
3. Iris scan
4. Face recognition
5. DNA recognition
6. Voice pattern
7. Signature recognition
8. Keystrokes
b) Distinguish between substitution cipher and transportation cipher. 4M

Ans: (Each point

carries 1
Substitution cipher Transposition cipher mark )
Simple letter substitution Letter substitution along with permutation

Guessing key is easy Bit difficult to find a key

Less security more security

Example Caesar Cipher Rail fence technique / columnar technique

c) List types of firewall. Explain packet filter with diagrams. 4M

Ans: List of types of firewall: (Listing of

types of
 Packet filter as a firewall firewall: 1
 Circuit level gateway firewall mark,
 Application level gateway firewall Explanation
 Proxy server as a firewall of packet
Explanation : As per the diagram given below Firewall will act according to the table filter as a
given for example source IP [Link] is the IP address of a network , all the packets firewall: 2
which are coming from this network will be blocked by the firewall in this way it is acting marks
as a firewall. ,diagram of

Page 12 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
Table also having port 80, IP Address [Link] & port 23 firewall will act in the similar packet filter
fashion. Port 23 is for Telnet remote login in this case firewall won‟t allow to login onto as a firewall:
this server 1 mark)
IP Address [Link] is the IP address of individual Host, all the packet having this IP
address as a destination Address will be denied.
Port 80 no HTTP request allowed by firewall.
Diagram of packet filter as a firewall:

Packet Filtering

d) What is IP security? Describe authentication header mode of IP security. 4M

Ans: The IPSec Authentication Header (AH) protocol allows the recipient of a datagram to verify (IP security:
its authenticity. It is implemented as a header added to an IP datagram that contains 1 mark ,
an integrity check value computed based on the values of the fields in the datagram. This Diagram:
value can be used by the recipient to ensure that the data has not been changed in transit. 1mark ,
The Authentication Header does not encrypt data and thus does not ensure the privacy of Explanation:
transmissions. Authentication Header (AH) is a member of the IPSec protocol suite. AH 2 marks)
guarantees connectionless integrity and data origin authentication of IP packets. Further, it
can optionally protect against replay attacks by using the sliding window technique and
discarding old packets.

e) Explain the architecture of secure socket layer. 4M

Ans: Architecture of SSL: Diagram: (Explanation:

2 marks,
Diagram:2

Page 13 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
marks)

• SSL developed for NETSCAPE NAVIGATOR

• Provides secure & authenticated communication between BROWSER & SERVER
• SSL provide transport layer security (TLS)
• SSL provide either server only authentication or client server authentication
In server only authentication client receives the server certificate, verify it & generate KEY
& encrypt it with server‟s public key
• Client sends this encrypted secret Key to the server
• Server decrypt it with his private key & use the client generated key to encrypt the
message to be sent to the client
In SERVER / CLIENT authentication client sends it‟s certificate along with secret Key so
client can be authenticated
• SSL consists of following protocols:
• SSL Handshake Protocol
• SSL Change Cipher Spec Protocol
• SSL Alert Protocol
• SSL Record Protocol
• SSL Handshake Protocol:
• Used to initiate session between client & server
• Authenticate both parties to each other
Algorithm & key used for encryption are negotiated
• SSL Change Cipher Spec Protocol:
• Used to choose cryptographic key between client & server
• Key exchange method
• Encryption algorithm used
Functions used to obtain MAC value

4. a) Attempt any three. 12

a) Define Caesar cipher. Write its algorithm and convert “COMPUTER SECURITY” 4M
using Caesar cipher.

Page 14 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
Ans: Caesar Cipher: In cryptography, a Caesar cipher, also known as Caesar's cipher, (definition: 1
the shift cipher, Caesar's code or Caesar shift, is one of the simplest and most widely mark.,
known encryption techniques. It is a type of substitution cipher in which each letter in Algorithm 2
the plaintext is replaced by a letter some fixed number of positions down the alphabet. For marks,
example, with a left shift of 3, D would be replaced by A, E would become B, and so on. Conversion 1
The method is named after Julius Caesar, who used it in his private correspondence. mark)
Plain Text : Computer Security
CIPHER TEXT: FRPSXWHU VHFXULWB
Algorithm:
1. Write all the Alpha bit from A TO Z
2. Give The Numbering As 1 To 26
3. Replace 1st With Fourth Alpha Bit That Is A With D
4. Write the cipher text

b) Draw and explain virtual private network. 4M

Ans: VPN Diagram: (Diagram of

VPN :2
marks ,
Explanation:
2 marks)

Explanation: private network created virtually between two branch networks of same
company across the world. Instead of using dedicated leased line to the internetwork of
company public lines can be used called as VPN. In the diagram two firewalls are acting as
an intermediate between user X & user Y. If the user x is sending the message to user .If
the user X is sending the message to user Y message first comes to firewall 1 which uses its
own address to send this message to user Y thus over the network the packet send from user
X is protected & it‟s IP address is protected like private network .In VPN the Tunnel
technology is used to have communication between two branches of same company by
wrapping the packet on another packet thus protecting network like private network.

c) Describe pornography and software piracy related to cybercrime. 4M

Page 15 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
Ans: PORNOGRAPHY: Is the depiction of erotic behavior (as in pictures or writing) (Pornograph:
intended to cause sexual excitement material (as books or a photograph) that 2 marks,
depicts erotic behavior and is intended to cause sexual excitement the depiction of software
acts in a sensational manner so as to arouse a quick intense emotional reaction.
piracy:2
Pictures. movies and writing about sex is called pornography (or porn).
Pornography is a picture. movies and writing that is created to make people get marks)
sexually excited.

SOFTWARE PIRACY: The unauthorized copying of software. Most

retail programs are licensed for use at just one computer site or for use by only one user at
any time. By buying the software, you become a licensed user rather than an owner
(see EULA). You are allowed to make copies of the program for backup purposes, but it is
against the law to give copies to friends and colleagues. Software piracy is all but
impossible to stop, although software companies are launching more and more lawsuits
against major infectors. Originally, software companies tried to stop software piracy
by protecting their software. This strategy failed, however, because it was inconvenient for
users and was not 100 percent foolproof. Most software now requires some sort of
registration, which may discourage would-be pirates, but doesn't really stop software
piracy.

d) Explain what application hardening is. 4M

Ans: Application Hardening : In computing, hardening is usually the process of securing a (Application
system by reducing its surface of vulnerability, which is larger when a system performs Hardening
more functions; in principle a single-function system is more secure than a multipurpose (Each point
one. Reducing available ways of attack typically includes changing default passwords, the carries 1
removal of unnecessary software, unnecessary usernames or logins, and the disabling or mark)
removal of unnecessary services. Application hardening specifically involves updating the
application up to date.

Don‟t keep open your application always

Use hot fix & patches whenever required
Take license copy of application always
Don‟t down load an application from internet site which is not registered
Don‟t share admin key to anybody
b) Attempt any one. 6

a) With neat sketches explain the following: 6M

(i). SYN Flood Attack
(ii). Main-in-the middle attack

Page 16 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
Ans: Diagram: (SYN flood
Attack:
diagram 1
mark,
explanation 2
marks)

A SYN flood is a form of denial-of-service attack in which an attacker sends a succession

of SYN requests to a target's system in an attempt to consume enough server resources to
make the system unresponsive to legitimate traffic
Normally when a client attempts to start a TCP connection to a server, the client and server
exchange a series of messages which normally runs like this:

1. The client requests a connection by sending a SYN (synchronize) message to the server.
2. The server acknowledges this request by sending SYN-ACK back to the client.
3. The client responds with an ACK, and the connection is established.
This is called the TCP three-way handshake, and is the foundation for every connection
established using the TCP protocol.
A SYN flood attack works by not responding to the server with the expected ACK code.
The malicious client can either simply not send the expected ACK, or by spoofing the
source IP address in the SYN, causing the server to send the SYN-ACK to a falsified IP
address - which will not send an ACK because it "knows" that it never sent a SYN.
The server will wait for the acknowledgement for some time, as simple network congestion
could also be the cause of the missing ACK. However, in an attack, the half-open
connections created by the malicious client bind resources on the server and may eventually
exceed the resources available on the server. At that point, the server cannot connect to any
clients, whether legitimate or otherwise. This effectively denies service to legitimate
clients. Some systems may also malfunction or crash when other operating system
functions are starved of resources in this way.

ii) Man in the middle attack :

Page 17 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________

In cryptography and computer security, a man-in-the-middle attack (often

abbreviated MitM, MiM attack, MitMA or the same using all capital letters) is an attack
where the attacker secretly relays and possibly alters the communication between two
parties who believe they are directly communicating with each other. A man-in-the-middle
attack can be used against many cryptographic protocols.[1] One example of man-in-the-
middle attacks is active eavesdropping, in which the attacker makes independent
connections with the victims and relays messages between them to make them believe they
are talking directly to each other over a private connection, when in fact the entire
conversation is controlled by the attacker. The attacker must be able to intercept all relevant
messages passing between the two victims and inject new ones

b) Describe packet sniffing and packet spoofing attacks. 6M

Ans: packet sniffing: A packet analyzer also known as a network analyzer, protocol (Packet
analyzer or packet sniffer, for particular types of networks, an Ethernet sniffer or wireless sniffing: 3
sniffer) is a computer program or piece of computer hardware that can intercept and log marks packet
traffic that passes over a digital network or part of a network. As data streams flow across spoofing: 3
the network, the sniffer captures each packet. marks)
Packet sniffer specifically viewing the contents of the packet & can intimated to third
required party. Like tender of a company can obtain just by viewing the info of other
companies tender info & can adjusted the value as per requirement.
Packet Spoofing: In the context of network security, a spoofing attack is a situation in
which one person or program successfully masquerades as another by falsifying data,
thereby gaining an illegitimate advantage spoofing involves packet can be captured , data
can be modified as per the requirement of third party and may sent to recipients. Following
are the types of spoofing
IP Address spoofing
GPS spoofing
Caller id spoofing
Mail spoofing
Third party may use any spoofing technique as per requirement & may get

5. Attempt any two. 16

Page 18 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
a) Explain the role of people with respect to password selection in detail. 8M

Ans: Four Password selection strategies are: (2 marks list:

1. User education: 1.5 marks:
(i). Users can be told the importance of using hard-to-guess passwords and can be explanation
provided with guidelines for selecting strong passwords.
of each
(ii). This user education strategy is unlikely to succeed at most installations, particularly
where there is a large user population or a lot of turnover. Many users will simply strategy)
ignore the guidelines.
(iii). Others may not be good judges of what is a strong password.
(iv). For example, many users believe that reversing a word or capitalizing the last letter
makes a password un-guessable.
2. Computer-generated passwords:
(i). Passwords are quite random in nature. Computer generated passwords also have
problems.
(ii). If the passwords are quite random in nature, users will not be able to remember them.
Even if the password is pronounceable, the user may have difficulty remembering it and
so be tempted to write it down.
(iii). In general, computer-generated password schemes have a history of poor
acceptance by users.
(iv). FIPS PUB 181 defines one of the best-designed automated password generators.
The standard includes not only a description of the approach but also a complete listing
of the C source code of the algorithm.
(v). The algorithm generates words by forming pronounceable syllables and
concatenating them to form a word. A random number generator produces a random
stream of characters used to construct the syllables and words.
3. Reactive password checking:
(i). A reactive password checking strategy is one in which the system periodically runs its
own password cracker to find guessable passwords.
(ii). The system cancels any passwords that are guessed and notifies the user.
(iii). This tactic has a number of drawbacks. First it is resource intensive, if the job is done
right. Because a determined opponent who is able to steal a password file can devote
full CPU time to the task for hours or even days an effective reactive password checker
is at a distinct disadvantage.
(iv). Furthermore, any existing passwords remain vulnerable until the reactive password
checker finds them.
4. Proactive password checking:
(i). The most promising approach to improved password security is a proactive password
checker.
(ii). In this scheme, a user is allowed to select his/her own password. However, at the time
of selection, the system checks to see if the password is allowable and if not, rejects it.
(iii). Such checkers are based on the philosophy that with sufficient guidance from the
system, users can select memorable passwords from a fairly large password space that
are not likely to be guessed in a dictionary attack.
(iv). The trick with a proactive password checker is to strike a balance between user
acceptability and strength.
(v). If the system rejects too many passwords, users will complain that it is too hard to select
a password.
Page 19 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
(vi). If the system uses some simple algorithm to define what is acceptable, this provides
guidance to password crackers to refine their guessing technique. In the remainder of
this subsection, we look at possible approaches to proactive password checking.

b) What is security topology? Describe security zone in detail. 8M

Ans: Security topology: A security topology is the arrangement of hardware devices on a (2 marks
network with respect to internal security requirements and needs for public access. Definition:
OR 1 mark
Security topology is a local map that depicts the interconnectivity between security
Listing
devices and security domains that host these networks.
zones: 1.5
Security Zone: Security zones are the building blocks for policies; they are logical marks
entities to which one or more interfaces are bound. Security zones provide a means of explanation
distinguishing groups of hosts (user systems and other hosts, such as servers) and their of each
resources from one another in order to apply different security measures to them. zone)

Types of security zone:

i. Internet Zone:
 This zone contains websites.
 These sites are not on your computer or on your local intranet.
 It is not a single network but it is a series of interconnected networks.
 It is used to transfer email, files, financial records etc from one network to another.
 Since everyone has access to this network, so it is difficult to impose security
policies, so it is considered to be un-trusted system.
 www (World Wide Web) is frequently used with internet.
ii. Intranet Zone:
 It is a private network and is restricted within an organization (LAN).
 It consists of connections through one or more gateway computers to the outside
world i.e. Internet.
 Purpose of Intranet is to share information and computing resources between the
employees of a company.
 It provides facility to work in groups and for telecommunication.
 It uses Internet protocol like TCP/IP, HTTP etc.
iii. Trusted Sites:
 This zone contains websites that you trust are safe.
 When you add websites to trusted site zone you believe that files you download or
that you run from the websites will not damage the computer or data.
iv. Restricted Sites:
 This zone contains websites which are not trusted.
 When anyone adds a website to this zone, he believes that the files that are
downloaded or that run from this website may damage the computer or data.

c) What is Kerberos? Explain with diagram different servers involved in Kerberos. 8M

Ans: 1. Kerberos is a network authentication protocol. It is designed to provide strong (2 marks

Page 20 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
authentication for client/server applications by using secret-key cryptography. Kerberos
2. It uses secret key cryptography. Explanatio
3. It is a solution to network security problems. n: 6 marks
4. It provides tools for authentication and strong cryptography over the network to
working
help you secure your information system
5. There are 4 parties involved in Kerberos protocol with
 User diagram)
 Authentication service (AS)
 Ticket granting server (TGS)
 Service server
Working of Kerberos:
1. The authentication service, or AS, receivers the request by the client and verifies
that the client is indeed the computer it claims to be. This is usually just a simple database
lookup of the user‟s ID.

2. Upon verification, a timestamp is created. This puts the current time in a user
session, along with an expiration date. The default expiration date of a timestamp is 8
hours. The encryption key is then created. The timestamp ensures that when 8 hours is up,
the encryption key is useless.
3. The key is sent back to the client in the form of a ticket-granting ticket, or TGT.
This is a simple ticket that is issued by the authentication service. It is used for
authentication the client for future reference.

4. The client submits the ticket-granting ticket to the ticket-granting server, or TGS, to
get authenticated.

5. The TGS creates an encrypted key with a timestamp, and grants the client a service
ticket.
Page 21 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________

6. The client decrypts the ticket, tells the TGS it has done so, and then sends its own
encrypted key to the service.

7. The service decrypts the key, and makes sure the timestamp is still valid. If it is, the
service contacts the key distribution center to receive a session that is returned to the
client.

8. The client decrypts the ticket. If the keys are still valid, communication is initiated
between client and server.

6. Attempt any four. 16

a) Describe security awareness in security. 4M

Ans: 1. Security awareness program is most effective method to oppose potential social (1 mark for
engineering attacks when organization‟s security goals and policies are established. each
2. An important element that should concentrate in training is which information is relevant
sensitive for organization and which may be the target of a social engineering attack.
point)
3. Companies implement tools and procedures to protect against these threats and to
comply with law and regulations.
4. Establishing and maintaining information-security awareness through a security
awareness program is vital to an organization‟s progress and success. A robust and
properly implemented security awareness program assists the organization with the
education, monitoring, and ongoing maintenance of security awareness within the
organization.
Page 22 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
5. Security awareness should be conducted as an on-going program to ensure that
training and knowledge is not just delivered as an annual activity, rather it is used to
maintain a high level of security awareness on a daily basis.

b) Distinguish between symmetric and asymmetric cryptography (any 4 points). 4M

Ans: Categories Symmetric key Asymmetric key (Each

Cryptography Cryptography comparison
Key used for encryption Same key is used for One key is used for point:
/decryption encryption & decryption. encryption & another 1mark , any
different key is used for
four points)
decryption.
Key process Ke=Kd Ke# Kd
Speed of Very fast Slower
encryption/decryption
Size of resulting encrypted Usually same as or less than More than the original clear
text the original clear text size. text size.
Key agreement/exchange A big problem No problem at all.

Usage Mainly used for encryption Can be used for encryption

and decryption, cannot be and decryption as well as
used for digital signatures. for digital signatures.
Efficiency in usage Symmetric key Asymmetric key
cryptography is often used cryptography is more
for long messages. efficient for short messages.
c) Explain e-mail security techniques (protocols). 4M

Ans: (i). SMTP- Simple Mail Transfer Protocol. (2 marks for

any two
(i). It is a popular network services in Email communication.
protocol and
(ii). It is system for sending messages to other computer users based on email.
(iii). It is request response based activity. its
(iv). It also provides email exchange process. explanation)
(v). It attempts to provide reliable service but not guarantees to sure recovery from
failure.

Page 23 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
(ii). PEM- Privacy Enhanced Mail.
(i). Privacy-Enhanced Mail (PEM) is an Internet standard that provides for secure
exchange of electronic mail.
(ii). PEM employs a range of cryptographic techniques to allow for
(iii). Confidentiality
(iv). Non - repudiation
(v). Message integrity
(vi). The confidentiality feature allows a message to be kept secret from people to whom
the message was not addressed.
(vii). The Non - repudiation allows a user to verify that the PEM message that they have
received is truly from the person who claims to have sent it.
(viii). The message integrity aspects allow the user to ensure that a message hasn't been
modified during transport from the sender.

(iii). PGP- Pretty Good Privacy: Pretty Good Privacy is a popular program used to
encrypt and decrypt email over the internet.
(i). It becomes a standard for e-mail security.
(ii). It is used to send encrypted code (digital signature) that lets the receiver verify the
sender„s identity and takes care that the route of message should not change.
(iii). PGP can be used to encrypt files being stored so that they are in unreadable form and
not readable by users or intruders.
(iv). It is available in Low cost and Freeware version.
(v). It is most widely used privacy ensuring program used by individuals as well as many
corporations.
(iv). S/MIME – Secure Multipurpose Internet Mail Extension:
(i). The traditional email system using SMTP protocol are text based which means that a
person can compose text message using an editor and them sends it over Internet to
the recipient, but multimedia files or documents in various arbitrary format cannot be
sent using this protocol.
(ii). To cater these needs the Multipurpose Internet Mail Extensions (MIME) system
extends the basic email system by permitting users to send the binary files using basic
email system.
(iii). And when basic MIME system is enhanced to provide security features, it is called as
Secure Multipurpose Internet Mail Extensions.
(iv). S/MIME provides security for digital signature and encryption of email message.

d) What is intrusion detection system? Explain host based IDS. 4M

Ans: Intrusion detection system (IDS): An intrusion detection system (IDS) monitors network (1 mark
traffic and monitors for suspicious activity and alerts the system or network administrator. IDS: 2
In some cases the IDS may also respond to anomalous or malicious traffic by taking action marks,
Page 24 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
such as blocking the user or source IP address from accessing the network. HIDS
explanation:
HIDS Host Intrusion Detection Systems: 1 mark
(i). They are run on individual hosts or devices on the network.
diagram)
(ii). A HIDS monitors the inbound and outbound packets from the device only and will
alert the user or administrator when suspicious activity is detected.
(iii). HIDS is looking for certain activities in the log file are:
 Logins at odd hours
 Login authentication failure
 Adding new user account
 Modification or access of critical system files
 Modification or removal of binary files
 Starting or stopping processes
 Privilege escalation
 Use of certain programs

(i). Basic Components HIDS:

 Traffic collector:
This component collects activity or events from the IDS to examine. On Host-based IDS,
this can be log files, audit logs, or traffic coming to or leaving a specific system
 Analysis Engine:
This component examines the collected network traffic & compares it to known patterns of
suspicious or malicious activity stored in the signature database. The analysis engine acts
like a brain of the IDS.
 Signature database:
It is a collection of patterns & definitions of known suspicious or malicious activity.
 User Interface & Reporting:
This is the component that interfaces with the human element, providing alerts & giving
the user a means to interact with & operate the IDS.

e) List and explain the key participants in secure electronic transaction. 4M

Ans: Secure electronic Transaction is an open encryption and security specification that is (1 mark:
designed for protecting credit card transactions on the Internet. It is a set of security list, 3 marks
protocols and formats that enable the users to employ the existing credit card payment for any
infrastructure on the internet in a secure manner. Three

Page 25 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
WINTER– 16 EXAMINATION
Model Answer Subject Code:
17514
______________________________________________________________________________________________
Components
)

Components of SET:
1. Cardholder
2. Merchant
3. Issuer
4. Acquirer
5. Payment gateway
6. Certification Authority(CA)
1. Cardholder: A cardholder is an authorized holder of a payment card such as
MasterCard or Visa that has been issued by an Issuer.
2. Merchant: Merchant is a person or an organization that wants to sell goods or
services to cardholders.
3. Issuer: The issuer is a financial institution that provides a payment card to a
cardholder.
4. Acquirer: this is a financial institution that has a relationship with merchants for
processing payment card authorizations and payments. Also provides an assurance that a
particular cardholder account is active and that the purchase amount does not exceed the
credit limits. It provides electronic fund transfer to the merchant account.
5. Payment Gateway: It processes the payment messages on behalf of the merchant.
It connects to the acquirer‟s system using a dedicated network line.
6. Certification Authority (CA): This is an authority that is trusted to provide public
key certificates to cardholders, merchant, and Payment Gateway.

Page 26 of 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
Important Instructions to examiners:
1) The answers should be examined by key words and not as word-to-word as given in the model answer
scheme.
2) The model answer and the answer written by candidate may vary but the examiner may try to assess the
understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more Importance (Not
applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in the figure. The
figures drawn by candidate and model answer may vary. The examiner may give credit for any equivalent
figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed constant values
may vary and there may be some difference in the candidate’s answers and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of relevant answer
based on candidate’s understanding.
7) For programming language papers, credit may be given to any other program based on equivalent
concept.

Q. Sub Answer Marking

No. Q. N. Scheme

1. (A) Attempt any THREE of the following: 12Marks

(a) Describe CIA Security model. 4M

Ans: CIA Model for security: (CIA: 2

Confidentiality, Integrity and Authentication i.e. these three concepts are considered as marks,
backbone of security. These concepts represent the fundamental principles of security. Explanation
of Each
1. Confidentiality: Concept
 The principle of confidentiality specifies that only sender and intended recipients with
Example:2
should be able to access the contents of a message.
marks )
 Confidentiality gets compromised if an unauthorized person is able to access the
contents of a message.
 Example of compromising the Confidentiality of a message is shown in fig

 Here, the user of a computer A send a message to user of computer B. another user C
gets access to this message, which is not desired and therefore, defeats the purpose

Page | 1
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
of Confidentiality.

 This type of attack is also called as Interception.

2. Authentication:
 Authentication helps to establish proof of identities.
 The Authentication process ensures that the origin of a message is correctly
identified.
 For example, suppose that user C sends a message over the internet to user B.
however, the trouble is that user C had posed as user A when he sent a message to
user B. how would user B know that the message has come from user C, who posing
as user A?
 This concept is shown in fig. below. This type of attack is called as Fabrication.

3. Integrity:
 When the contents of the message are changed after the sender sends it, but before it
reaches the intended recipient, we say that the integrity of the message is lost.
 For example, here user C tampers with a message originally sent by user A, which is
actually destined for user B. user C somehow manages to access it, change its
contents and send the changed message to user B. user B has no way of knowing that
the contents of the message were changed after user A had sent it. User A also does
not know about this change.
 This type of attack is called as Modification.

Page | 2
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
(b) What is shoulder surfing? How it can be prevented? 4M

Ans:  Shoulder surfing is a similar procedure in which attackers position themselves in (Explanatio
such a way as-to be-able to observe the authorized user entering the correct access n: 3 marks,
code or data. Prevention:
 Both of these attack techniques can be easily countered by using simple procedures 1 mark)
to ensure nobody follows you too closely or is in a position to observe your actions.
 Shoulder surfing is using direct observation techniques, such as looking over
someone's shoulder, to get information.
 Shoulder surfing is an effective way to get information in crowded places because
it's relatively easy to stand next to someone and watch as they fill out a form, enter a
PIN number at an ATM machine.
 Shoulder surfing can also be done long-distance with the idea of binoculars or other
vision-enhancing devices.
 To prevent shoulder surfing:

Experts recommend that you shield paper work or your keypad from view by using
your body or cupping your hand.

(c) Describe symmetric and asymmetric key cryptography. 4M

Ans: Symmetric-Key Cryptography: (Symmetric

key: 2
 Symmetric-key cryptography uses a single key for both encryption and decryption.
marks,
 Encryption and decryption algorithm are inverse of each other. Asymmetric
key: 2
Example: marks)
To create the cipher text from the plain text John uses an encryption algorithm and a
key. To create the plain text from cipher text, Bob uses the decryption algorithm and the
same key.

Asymmetric-Key cryptography:
 It is also called public key cryptography.
 In public key cryptography two keys: a private key and a public key is used.
 Encryption is done through the public key and decryption through private key.
 Receiver creates both the keys and is responsible for distributing its public key to the
communication community.
 Example: The sender (say John) uses the public key to encrypt the plain text into
cipher text and the receiver (say Bob) uses his private key to decrypt the cipher text.
Page | 3
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
(d) What is a Virus? Describe various phases of virus. 4M

Ans: Virus is a program which attaches itself to another program and causes damage to the (Definition
computer system or the network. It is loaded onto your computer without your of Virus: 1
knowledge and runs against your wishes. mark
,Listing
During the lifecycle of virus it goes through the following four phases:
phases of
Virus: 1
 Dormant phase: The virus is idle and activated by some event. mark,
 Propagation phase: It places an identical copy of itself into other programs or into Explanation
certain system areas on the disk. of Phases: 2
 Triggering phase: The virus is activated to perform the function for which it was marks)
intended.
 Execution phase: The function of virus is performed

(B) Attempt any ONE of the following: 6Marks

(a) Describe with the neat diagram model for security. 6M

Ans: ( Diagram:
2 marks,
Explanation
: 4 marks)

OR

Page | 4
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514

A message is to be transferred from one use to another user in secret form using this
security system it can be two or more parties accessing information via Internet.

Sender & receiver are principals of transaction and must cooperate for exchange to
take place.
Model shows four basic tasks:
1. Design algorithm in such a way that an opponent cannot defeat its purpose. This
algorithm is used for security related information.
2. Generate secret information that can be used with algorithm.
3. Develop method for distributing and sharing of secret information.
4. Specify a protocol which can be used by two principals that make use of security
algorithm and secret information to achieve a security service. An information
channel is established by defining a route through Internet from source to destination
with the help of communication protocol like TCP/IP or using normal PC to PC
communication through any media.
Techniques for providing security have following components:-
 A security related transformation on information to be sent.
 This information shared by two principals should be secret.
 A trusted party is required to achieve secure transmission.
 This is responsible for distributing secret information between two principals.

OR
(2 mark for each point)
Model for security:
1. Confidentiality:
 The principle of confidentiality specifies that only sender and intended recipients
should be able to access the contents of a message.
 Confidentiality gets compromised if an unauthorized person is able to access the
contents of a message.

Page | 5
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
 Example of compromising the Confidentiality of a message is shown in fig:

 Here, the user of a computer A send a message to user of computer B. another user C
gets access to this message, which is not desired and therefore, defeats the purpose
of Confidentiality.
 This type of attack is also called as interception.

2. Authentication:
 Authentication helps to establish proof of identities.
 The Authentication process ensures that the origin of a message is correctly
identified.
 For example, suppose that user C sends a message over the internet to user B.
however, the trouble is that user C had posed as user A when he sent a message to
user B. how would user B know that the message has come from user C, who posing
as user A?
 This concept is shown in fig. below.
 This type of attack is called as fabrication.

3. Integrity:
 When the contents of the message are changed after the sender sends it, but before it
reaches the intended recipient, we say that the integrity of the message is lost.
 For example, here user C tampers with a message originally sent by user A, which is

Page | 6
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
actually destined for user B. user C somehow manages to access it, change its
contents and send the changed message to user B. user B has no way of knowing that
the contents of the message were changed after user A had sent it. User A also does
not know about this change.
 This type of attack is called as modification.

(b) Describe the process of formatted partition recovery. 6M

Ans: Formatted partition recovery: (Explanation

: 2 marks,
 Formatting refers to dividing the disk in accordance with certain principles, allowing
Steps: 4
computer to store and search files. marks)
 Formatting disk is to eliminate all files on disk.
 There are various formatted partition recovery tool available.
 Although every tool will have different GUI & method of recovery.
 These tools usually operate as per following process steps:
Step1: If you cannot boot the computer, please use data recovery bootable disk.
Step 2: Select the file types you want to recover & volume where the formatted hard
drive is. The tool will automatically scan the selected volume.
Step 3: Then the founded data will be displayed on the screen & you can get a preview
of it. Then select the file or directory that you want to recover & save them to a healthy
drive.

2. Attempt any TWO of the following: 16Marks

(a) Describe the following term: 8M

i) Sniffing

ii) Spoofing

Page | 7
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
iii) Man-in-the middle

iv) TCP/IP Hijack

Ans: i) Sniffing: (2 marks for

Each)
 This is software or hardware that is used to observe traffic as it passes through a
network on shared broadcast media.
 It can be used to view all traffic or target specific protocol, service, or string of
characters like logins.
 Some network sniffers are not just designed to observe the all traffic but also modify
the traffic.
 Network administrators use sniffers for monitoring traffic.
 They can also use for network bandwidth analysis and to troubleshoot certain
problems such as duplicate MAC addresses.
ii) Spoofing:
 Spoofing is nothing more than making data look like it has come from a different
source.
 This is possible in TCP/ IP because of the friendly assumption behind the protocol.
When the protocols were developed, it was assumed that individuals who had access
to the network layer would be privileged users who could be trusted.
 When a packet is sent from one system to another, it includes not only the
destination IP address ant port but the source IP address as well which is one of the
forms of Spoofing.
 Example of spoofing: e-mail spoofing, URL spoofing, IP address spoofing.
iii) Man-in-the middle:

 A man in the middle attack occurs when attackers are able to place themselves in the
middle of two other hosts that are communicating in order to view or modify the
traffic.
 This is done by making sure that all communication going to or from the target host
is routed through the attacker‘s host.
 Then the attacker is able to observe all traffic before transmitting it and can actually
modify or block traffic.
 To the target host, communication is occurring normally, since all expected replies
are received.
 To prevent this attack both sender and receiver must authenticate each other.

Page | 8
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514

iv) TCP/IP Hijack:

 TCP/IP Hijacking is when an authorized user gains access to a genuine network

connection of another user.
 It is done in order to bypass the password authentication which is normally the start
of a session.
 In theory, a TCP/IP connection is established as shown below

 To hijack this connection, there are two possibilities −

 Find the seq which is a number that increases by 1, but there is no chance to predict
it.
 The second possibility is to use the Man-in-the-Middle attack which, in simple
words, is a type of network sniffing. For sniffing, we use tools
like Wireshark or Ethercap.
 Example:
 An attacker monitors the data transmission over a network and discovers the IP’s of
two devices that participate in a connection.
 When the hacker discovers the IP of one of the users, he can put down the
connection of the other user by DoS attack and then resume communication by
spoofing the IP of the disconnected user.

Page | 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
(b) Describe Biometric security mechanism with suitable diagram. 8M

Ans: (Diagram: 2
mark,
Explanation:
4 marks,
Example: 2
mark)

 Biometric refers study of methods for uniquely recognizing humans based upon one
or more intrinsic physical or behavioral characteristics.
 Biometric identification is used on the basis of some unique physical attribute of the
user that positively identifies the user.
 Example: finger print recognition, retina and face scan technic, voice synthesis and
recognition and so on.
 Physiological are related to shape of the body.
 For example finger print, face recognition, DNA, palm print, iris recognition and so
on.
 Behavioral are related to the behavior of a person.
 For example typing rhythm, gait, signature and voice.
 The first time an individual uses a biometric system is called an enrollment.
 During the enrollment, biometric information from an individual is stored.
 In the subsequent uses, biometric information is detected and compared with the
information stored at the time of enrollment.
1. Preprocessing
2. Sensor
3. Feature extractor
4. Template generator
5. Matcher
6. Stored templates
7. Application device
8. Enrollment

Page | 10
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
Step 1): The first block (sensor) is the interface between the real world and the system;
it has to acquire all the necessary data.
Step 2):The 2nd block performs all the necessary preprocessing.
Step 3) The third block extracts necessary features. This step is an important step as the
correct features need to be extracted in the optimal way.
Step 4) If enrollment is being performed the template is simply stored somewhere (on a
card or within a database or both).if a matching phase is being performed the obtained
template is passed to a matcher that compares it with other existing templates,
estimating the distance between them using any algorithm. The matching program will
analyze the template with the input. This will then be output for any specified use or
purpose.

 List of various biometrics used for computer

security:
 Finger print
 Hand print
 Iris scan
 Face recognition
 DNA recognition
 Voice pattern
 Signature recognition
 Keystrokes

 Example:
Fingerprint registration & verification process
During registration, first time an individual uses a biometric system is called an
enrolment. During the enrolment, biometric information from an individual is stored. In
the verification process, biometric information is detected and compared with the
information stored at the time of enrolment.

(c) Describe DES Algorithm with suitable diagram. 8M

Ans: The Data Encryption Standard is generally used in the ECB, CBC, or the CFB mode. (Definition:
DES is a block cipher. It encrypts data in blocks of size 64 bits each. That is, 64 bits of 1 mark ;
plain text goes as the input to DES, which produces 64 bits of cipher text .DES is
Diagram:
based on the two fundamental attributes of cryptography: substitution and
1m; process
transposition. The process diagram as follows.
Diagram: 1
mark, for
each step: 1

Page | 11
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
mark)

Initial Permutation (IP): It happens only once. It replaces the first bit of the original
plain text block with the 58th bit of the original plain text block, the second bit with the
50th bit of original plain text block and so on. The resulting 64-bits permuted text block
is divided into two half blocks. Each half block consists of 32 bits. The left block called
as LPT and right block called as RPT.16 rounds are performed on these two blocks.
Details of one round in DES

Step 1 : key transformation: the initial key is transformed into a 56-bit key by
discarding every 8th bit of initial key. Thus ,for each round , a 56 bit key is available,
from this 56-bit key, a different 48-bit sub key is generated during each round using a
process called as key transformation
Expansion Permutation
Key Transformation

Page | 12
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
S-box substitution
XOR and swap
P-box Permutation
Step 2: Expansion permutation: During Expansion permutation the RPT is expanded
from 32 bits to 48 bits. The 32-bit RPT is divided into 8 blocks, with each block
consisting of 4-bits. Each 4-bits block of the previous step is then expanded to a
corresponding 6-bit block, per 4-bit block, 2 more bits are added. They are the repeated
1st and 4th bits of the 4-bit block. The 2nd and 3rd bits are written as they were in the
input. The 48 bit key is XORed with the 48-bit RPT and the resulting output is given to
the next step.
Step 3: S-box substitution: It accepts the 48-bits input from the XOR operation
involving the compressed key and expanded RPT and produces 32-bit output using the
substitution techniques. Each of the 8 S-boxes has a 6-bit input and a 4-bit output. The
output of each S-box then combined to form a 32-bit block, which is given to the last
stage of a round.

Step 4: P- box permutation: the output of S-box consists of 32-bits. These 32-bits are
permuted using P-box.
Step 5: XOR and Swap: The LPT of the initial 64-bits plain text block is XORed with
the output produced by P box-permutation. It produces new RPT. The old RPT
becomes new LPT, in a process of swapping.

Page | 13
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514

Final Permutation: At the end of 16 rounds, the final permutation is performed. This is
simple transposition. For e.g., the 40th input bit takes the position of 1st output bit and
so on.
3. Attempt any FOUR of the following: 16Marks

(a) Describe DMZ with suitable diagram. 4M

Ans: It is a computer host or a small network inserted as a neutral zone between company’s (Relevant
private network and outside public network. It prevents direct Access to a server that has Diagram: 2
company data. marks, 1
mark per
point)

 It avoids outside users from getting direct access to a company’s data server. A DMZ
is an optional but more secure approach to a firewall. It can effectively acts as a

Page | 14
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
proxy server.
 The typical DMZ configuration has a separate computer or host in network which
receives requests from users within the private network to access a web sites or
public network.
 Then DMZ host initiates sessions for such requests on the public network but it is
not able to initiate a session back into the private network. It can only forward
packets which have been requested by a host.
 The public network’s users who are outside the company can access only the DMZ
host.
 It can store the company’s web pages which can be served to the outside users.
Hence, the DMZ can’t give access to the other company’s data.
 By any way, if an outsider penetrates the DMZ’s security the web pages may get
corrupted but other company’s information can be safe.

(b) State the importance of security awareness. How it can be achieved? 4M

Ans: Security awareness program is most effective method to oppose potential social (Importance:
engineering attacks when organization’s security goals and policies are established. An 2 marks,
important element that should concentrate in training is which information is sensitive Relevant
for organization and which may be the target of a social engineering attack
point for
 An unaware user is as dangerous to the system as the attacker.
acquiring
 An active security awareness program is most effective method to oppose potential
social engineering attacks. security:
 User should be able to create their own easy to remember passwords, but should not 1mark)
be easy for someone else to guess or obtain using password cracking utilities.
 Password should meet some essential guidelines for e.g. password should contain
some special characters etc.
 It should not consist of dictionary words.
 An approach of following closely behind a person who has just used their own
access card or PIN to gain physical access. In this way an attacker can gain access to
the facility without knowing the access code.
 An attacker positions themselves in such a way that he is able to observe the
authorized user entering the correct access code.
 Because of possible risks, many organizations do not allow their users to load
software or install new hardware without the information and help of administrators.
Organizations also restrict what an individual do by received e-mails.
 An attacker can get physical access to a facility then there are many chances of
obtaining enough information to enter into computer systems and networks. Many
organizations restrict their employees to wear identification symbols at work.

Page | 15
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
(c) What is steganography? What are its applications? 4M

Ans:  Steganography is a technique that facilitates hiding of message that is to keep secret (Explanation
inside other message. : 2 marks
,Applications
 Steganography is the art and science of writing hidden message in such a way that no : 2 mark,
one, apart from the sender and intended recipient, suspects the existence of the
Any 2
message.
 Steganography works by replacing bits of useless or unused data in regular computer applications
files (such as graphics, sound, text, html or even floppy disks) with bits of different, expected )
invisible information. This hidden information can be plain text, cipher text or even
images.
 In modern steganography, data is first encrypted by the usual means and then
inserted, using a special algorithm, into redundant data that is part of a particular file
format such as a JPEG image.
 Steganography process :
 Cover-media + Hidden data + Stego-key = Stego-medium
 Cover media is the file in which we will hide the hidden data, which may also be
encrypted using stego-key. The resultant file is stego-medium. Cover-media can be
image or audio file.
 Stenography takes cryptography a step further by hiding an encrypted message so
that no one suspects it exists. Ideally, anyone scanning your data will fail to know it
contains encrypted data.
 Applications :
1. Confidential communication and secret data storing
2. Protection of data alteration
3. Access control system for digital content distribution
4. Media Database systems

(d) Describe IP based VLAN in detail. 4M

Ans: A Virtual Local Area Network (VLAN) is a logical network allowing systems on (Explanation
different physical networks to interact as if they were connected to the same physical : 3 marks,
network. Diagram: 1
IP Subnet VLANs
mark)

In this type of VLAN, all the incoming traffic will be divided according to the IP subnet
address of each source/destination. This will provide great flexibility in network because
Page | 16
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
the users can move computers from one location to another location and can remain in
the same VLAN. The disadvantage of VLAN is that it needs additional processing for
the layer 3 header and therefore it adds more latency than the other VLAN segments.

(e) Describe SET participants. 4M

Ans: For secure electronic transaction SET participant are there. (Each
1) Cardholders- cardholder is an authorized holder of payment card like Master card, participants:
visa that has been issued by an issuer. 1 mark ,
2) Merchant- A merchant is a person or organization that has goods or services to sell
Any 4
to cardholder.
3) Issuer- This is financial institution like bank. participants
4) Acquirer- This is a financial institution that establishes account with merchant & expected )
process payment card authorization & payment.
5) Payment Gateway- This is a function operated by acquire.
6) The payment gateway process between SET & existing bankcard payment networks
.For authorization & payment function.
7) The merchant exchanges SET messages with payment gateway over internet.
8) Certificate Authority- This is an entity that is trusted to issue public key for
cardholder, merchant & payment gateways.

4. (A) Attempt any THREE: 12Marks

(a) Convert plain text into cipher text by using simple columnas technique of the 4M
following sentence:
‘ALL IS WELL FOR YOUR EXAM’

Ans: ALL IS WELL FOR YOUR EXAM (4 marks for

Correct step
The columnar transposition cipher is a transposition cipher that follows a simple rule for
)
Mixing up the characters in the plaintext to form the cipher-text. It can be combined

Page | 17
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
with other ciphers, such as a substitution cipher, the combination of which can be more
difficult to break than either cipher on its own. The cipher uses a columnar transposition
to greatly improve its security.
Algorithm:
1. The message is written out in rows of a fixed length.
2. Read out again column by column according to given order or in random order.
3. According to order write cipher text.
Example
The key for the columnar transposition cipher is a keyword e.g. MANGO
The row length that is used is the same as the length of the keyword.

To encrypt a below plaintext

ALL IS WELL FOR YOUR EXAM

4 5 3 2 1

M A N G O

A L L I S

W E L L F

O R Y O U

R E X A M

The Encrypted text or Cipher text is:

SFUM ILOA LLYX AWOR LERE

Page | 18
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
(b) Describe IPsec configuration. 4M

Ans: (Diagram: 2
marks ,
Explanation:
2 marks )

IP sec overview:
It encrypts and seal the transport and application layer data during transmission. It also
offers integrity protection for internet layer. It sits between transport and internet layer
of conventional TCP/IP protocol

1. Secure remote internet access:

Using IPsec make a local call to our internet services provider (ISP) so as to connect to
organization network in a secure fashion from our house or hotel from there; to access
the corporate network facilities or access remote desktop/servers.
2. Secure branch office connectivity:
Rather than subscribing to an expensive leased line for connecting its branches across
cities, an organization can setup an IPsec enabled network for security.
3. Setup communication with other organization:
Just as IPsec allow connectivity between various branches of an organization, it can also
be used to connect the network of different organization together in a secure &
inexpensive fashion.
Basic Concept of IPsec Protocol:
IP packet consist two position IP header & actual data IPsec feature are implemented in
the form of additional headers called as extension header to the standard, default IP
header. IPsec offers two main services authentication & confidentially. Each of these
requires its own extension header. Therefore, to support these two main services, IPsec
defines two IP extension header one for authentication & another for confidentiality.
Page | 19
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514

It consists of two main protocols

Authentication header (AH): Authentication header is an IP Packet (AH) protocol

provides authentication, integrity &an optional anti-reply service. The IPsec AH is a
header in an IP packet. The AH is simply inserted between IP header & any subsequent
packet contents no changes are required to data contents of packet. Security resides
completing in content of AH.

Encapsulation Header (ESP): Used to provide confidentiality, data origin

authentication, data integrity. It is based on symmetric key cryptography technique. ESP
can be used in isolation or it can be combined with AH.

Page | 20
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514

(c) Describe the process of cyber crime investigation. 4M

Ans:  Cybercrime investigation is done to determine the nature of crime and collect (Each step: 1
evidence e.g. hardware, software related with the crime. mark, Any
 This is used to stop a crime in progress, report crime which was done in the past. four steps
 Relevant IT training is necessary for Cybercrime investigation. expected)
 First step of investigation team is to secure computers, networks & components that
are connected with crime.
 Investigators may clone the system to explore it. They can take a detailed audit of a
computer
 Interviews: Investigators arrange interviews with victims, witness.
 Surveillance: Investigators checks the digital activities, monitors all elements of
suspect.
 Forensics: Mining a computer for all related information to detect potential
evidence.
 Undercover: Steps to uncover to trap criminals using fake online identities.
 Obtain a search warrant and seize the victims equipment
 Identify the victim's configuration.
 Acquire the evidence carefully.

(d) What is an application hardening? How it can be achieved? 4M

Ans: Application Hardening: It is to secure an application against local & (Definition: 2

Internet-based attacks. In this the functions or components are removed which are not marks, steps:
needed, 2 marks, Any
Restrict the access where you can and make sure the application is kept up to date with
two steps
patches.
It includes: expected)
1. Application Patches- Application patches are supplied from the vendor who sells the
application. They are probably come in three varieties: hot fixes, patches & up-grades.
Hotfixes: Normally this term is given to small software update designed to address a
particular problem like buffer overflow in an application that exposes the system to
attacks.
Patch: This term is generally applied to more formal, larger s/w updates that may
address several or many s/w problems. Patches often contain improvement or additional
capabilities & fixes for known bugs.
Upgrades: Upgrades are another popular method of patching application & they are
likely to be received with a more positive role than patches.

2. Web servers: Web servers are the most common Internet server-side application in
use. These are mainly designed to provide content & functionality to remote users
through a standard web browser.
Page | 21
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514

3. Active directory: Active Directory allows single login access to multiple

Applications, data sources and systems and it includes advanced encryption capabilities
like Kerberos and PKI.

(B) Attempt any ONE of the following: 6Marks

(a) What is Risk? How it can be analyzed? List various assets. 6M

Ans:  A computer security risk is any event or action that could cause a loss or damage to (Definition: 2
computer hardware, software, data, or information. marks,
Analyzing: 2
 Some breaches to computer security are accidental, but some are planned. Any marks,
illegal act involving a computer is generally referred to as a computer crime. Assets: 2
marks)
 Cybercrime refers to online or Internet-based illegal acts.

 Some of the more common computer security risks include Computer viruses,
Unauthorized access and use of computer systems ,Hardware theft and software
theft, Information theft and information privacy, System failure

 When performing risk analysis it is important to weigh how much to spend

protecting each asset against the cost of losing the asset.

 It is also important to take into account the chance of each loss occurring.

 If a hacker makes a copy of all a company's credit card numbers it does not cost
them anything directly but the loss in fine and reputation can be enormous.

An asset is any data, device, or other component of the environment that supports
information-related activities.

Assets generally include

 hardware (e.g. servers and switches),
 software (e.g. mission critical applications and support systems)
 Confidential information.

Assets should be protected from unauthorized access, use, alteration, destruction, and/or
theft, resulting in loss to the organization.

Page | 22
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
(b) State the types of attacks and describe Active and Passive attack with at least one 6M
example each.

Ans: Passive Attack: (Explanation

A passive attack monitors unencrypted traffic and looks for clear-text passwords and Each types: 2
sensitive information that can be used in other types of attacks. marks,
Passive attacks include
Example
 traffic analysis,
Each types:1
 release of message contents
 monitoring of unprotected communications, mark)
 decrypting weakly encrypted traffic,
 Capturing authentication information such as passwords.

Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions.
 The goal of the opponent is to obtain information that is being transmitted.
 The release of message contents is easily understood. A telephone conversation, an
electronic mail message, and a transferred file may contain sensitive or confidential
information. We would like to prevent an opponent from learning the contents of
these transmissions.
 A second type of passive attack, traffic analysis.
 Suppose that we had a way of masking the contents of messages or other
information traffic so that opponents, even if they captured the message, could not
extract the information from the message. The common technique for masking
contents is encryption. If we had encryption protection in place, an opponent might
still be able to observe the pattern of these messages. The opponent could determine
the location and identity of communicating hosts and could observe the frequency
and length of messages being exchanged. This information might be useful in
guessing the nature of the communication that was taking place.

 Passive attacks are very difficult to detect because they do not involve any alteration
of the data.
 Typically, the message traffic is not sent and received in an apparently normal
fashion and the sender nor receiver is aware that a third party has read the messages
or observed the traffic pattern.
 However, it is feasible to prevent the success of these attacks, usually by means of
encryption. Thus, the emphasis in dealing with passive attacks is on prevention
rather than detection.

Active Attack:
 In an active attack, the attacker tries to bypass or break into secured systems.
 This can be done through stealth, viruses, worms, or Trojan horses.
 Active attacks include attempts to circumvent or break protection features, to
introduce malicious code, and to steal or modify information.
 These attacks are mounted against a network backbone, exploit information in
transit, electronically penetrate an enclave, or attack an authorized remote user
Page | 23
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
during an attempt to connect to an enclave.
 Active attacks result in the disclosure or dissemination of data files, DoS, or
modification of data.

Active attacks can be divided into four categories:

 masquerade,
 replay,
 modification of messages,
 Denial of Service(DoS)

 A masquerade takes place when one entity pretends to be a different entity. A

masquerade attack usually includes one of the other forms of active attack.

 In replay attack, authentication sequences can be captured and replayed after a valid
authentication sequence has taken place, thus enabling an authorized entity with few
privileges to obtain extra privileges by impersonating an entity that has those
privileges.

 Replay involves the passive capture of a data unit and its subsequent retransmission
to produce an unauthorized effect.

 Modification of messages simply means that some portion of a legitimate message is

altered, or that messages are delayed or reordered, to produce an unauthorized effect.
For example, a message meaning "Allow Ajay to read confidential accounts" is
modified to mean "Allow Vijay to read confidential accounts."

5. Attempt any TWO of the following: 16Marks

(a) What is a password? Describe various policies for password selection. 8M

Ans: Password: Password is a secret word or expression used by authorized persons to prove (Password:
their right to access, information, etc. 4 marks,
Four
Components of good password: selection
1. It should be at least eight characters long. Policies: 1
2. It should include uppercase and lowercase letters, numbers, special characters or marks each)
punctuation marks.
3. It should not contain dictionary words.
4. It should not contain the user's personal information such as their name, family
member's name, birth date, pet name, phone number or any other detail that can
easily be identified.
5. It should not be the same as the user's login name.

Page | 24
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
6. It should not be the default passwords as supplied by the system vendor such as
password, guest, and admin and so on.

Policies for Password selection:

1. User education: Users can be told the importance of using hard-to-guess passwords and
can be provided with guidelines for selecting strong passwords. This user education
strategy is unlikely to succeed at most installations, particularly where there is a large
user population or a lot of turn over. Many users will simply ignore the guidelines.
Others may not be good judges of what is a strong password. For example, many users
believe that reversing a word or capitalizing the last letter makes a password un-
guessable.
2. Computer-generated passwords: Passwords are quite random in nature. Computer-
generated passwords also have problems. If the passwords are quite random in nature,
users will not be able to remember them. Even if the password is pronounceable, the
user may have difficulty remembering it and so be tempted to write it down. In general,
computer-generated password schemes have a history of poor acceptance by users.
FIPS PUB 181 defines one of the best-designed automated password generators. The
standard includes not only a description of the approach but also a complete listing of
the C source code of the algorithm. The algorithm generates words by forming
pronounceable syllables and concatenating them to form a word. A random number
generator produces a random stream of characters used to construct the syllables and
words.
3. Reactive password checking: A reactive password checking strategy is one in which
the system periodically runs its own password cracker to find guessable passwords. The
system cancels any passwords that are guessed and notifies the user. This tactic has a
number of drawbacks. First it is resource intensive, if the job is done right. Because a
determined opponent who is able to steal a password file can devote full CPU time to
the task for hours or even days an effective reactive password checker is at a distinct
disadvantage. Furthermore, any existing passwords remain vulnerable until the reactive
password checker finds them.
4. Proactive password checking: The most promising approach to improved password
security is a proactive password checker. In this scheme, a user is allowed to select his
or her password. However, at the time of selection, the system checks to see if the
password is allowable and if not, rejects it. Such checkers are based on the philosophy
that with sufficient guidance from the system, users can select memorable passwords
from a fairly large password space that are not likely to be guessed in a dictionary
attack. The trick with a proactive password checker is to strike a balance between user
acceptability and strength. If the system rejects too many passwords, users will
complain that it is too hard to select a password. If the system uses some simple
Page | 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
algorithm to define what is acceptable, this provides guidance to password crackers to
refine their guessing technique. In the remainder of this subsection, we look at possible
approaches to proactive password checking.
(b) Describe with suitable diagram Intrusion Detection System. 8M

Ans: An IDS (Intrusion detection system) is intrusion detection system is process of (IDS: 2
monitoring the events occurring in computer system or network & analyzing tem for marks,
signs of possible incident which are threats of computer security. Intrusion detection Diagram: 2
system (IDS) is a device or software application that monitors network or system marks, IDS
activities for malicious activities or policy violations and produces reports to a components
management station. IDS come in a variety of “flavors” and approach the goal of : 2 marks,
detecting suspicious traffic in different ways. Types: 2
marks)

IDS have following logical components

1. Traffic collection: collects activity as events from IDS to examine. On Host-based
IDS, this can be log files, Audit logs or traffic coming to or leaving a system. On
network based IDS, this is typically a mechanism for copying traffic of network link
2. Analysis Engine: examines collected network traffic & compares it to known
patterns of suspicious or malicious activity stored in digital signature. The analysis
engine act like a brain of IDS
3. Signature database: a collection of patterns & definitions‟ of known suspicious or
malicious activity.
4. User Interface & Reporting: interfaces with human element, providing alerts when
suitable & giving the user a means to interact with & operate the IDS.

IDS are mainly divided into two categories, depending on monitoring activity:
1) Host-based IDS: Host based IDS looks for certain activities in the log files are:
1. Logins at odd hours
2. Login authentication failure.
Page | 26
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
3. Adding new user account
4. Modification or access of critical systems files.
5. Modification or removal of binary files
6. Starting or stopping processes.
7. Privilege escalation
8. Use of certain program

2) Network based IDS: Network based IDS looks for certain activities like:

1. Denial of service attacks.

2. Port scans or sweeps
3. Malicious contents in the data payload of packet(s)
4. Vulnerability of scanning
5. Trojans, Viruses or worms
6. Tunneling
7. Brute force attacks.
(c) Describe ‘Kerberos’ protocol with suitable diagram. 8M

Ans: Kerberos: (Explanation

Kerberos is a network authentication protocol. It is designed to provide strong :3 marks,
authentication for client/server applications by using secret-key cryptography. Diagram: 1
It uses secret key cryptography. mark, Each
step: ½
It is a solution to network security problems.
mark)
It provides tools for authentication and strong cryptography over the network to help
you secure your information system
There are 4 parties involved in Kerberos protocol
i) User
ii) Authentication service (AS)
iii) Ticket granting server (TGS)
iv) Service server

Working of Kerberos:
1. The authentication service, or AS, receivers the request by the client and verifies that
the client is indeed the computer it claims to be. This is usually just a simple
database lookup of the user’s ID.

Page | 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
2. Upon verification, a timestamp is created. This puts the current time in a user
session, along with an expiration date. The default expiration date of a timestamp is
8 hours. The encryption key is then created. The timestamp ensures that when 8
hours is up, the encryption key is useless.

3. The key is sent back to the client in the form of a ticket-granting ticket, or TGT. This
is a simple ticket that is issued by the authentication service. It is used for
authentication the client for future reference.

4. The client submits the ticket-granting ticket to the ticket-granting server, or TGS, to
get authenticated.

5. The TGS creates an encrypted key with a timestamp, and grants the client a service
ticket.

Page | 28
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
6. The client decrypts the ticket, tells the TGS it has done so, and then sends its own
encrypted key to the service.

7. The service decrypts the key, and makes sure the timestamp is still valid. If it is, the
service contacts the key distribution center to receive a session that is returned to the
client.

8. The client decrypts the ticket. If the keys are still valid, communication is initiated
between client and server.

6. Attempt any FOUR of the following: 16Marks

(a) What is piggybacking? How it can be prevented? 4M

Ans: Piggybacking: It is the simple process of following closely behind a person who has (Piggybacki
just used their own access card or PIN to gain physical access to a room or building. An ng: 2
attacker can thus gain access to the facility without having to know the access code or marks,
having to acquire an access card. i.e. Access of wireless internet connection by Prevention:
bringing one's own computer within range of another wireless connection & using that 2 marks)
without explicit permission, it means when an authorized person allows (intentionally
or unintentionally) others to pass through a secure door. Piggybacking on Internet
access is the practice of establishing a wireless Internet connection by using another
subscriber's wireless Internet access service without the subscriber’s explicit permission

Page | 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
or knowledge. It is the simple tactic of following closely behind a person who has just
used their own access card or PIN to gain physical access to a room or building. An
attacker can thus gain access to the facility without having to know the access code or
having to acquire an access card. Piggybacking is sometimes referred to as "Wi-Fi
squatting." The usual purpose of piggybacking is simply to gain free network access
rather than any malicious intent, but it can slow down data transfer for legitimate users
of the network.
Prevention:
1. Piggybacking can be prevented by ensuring that encryption is enabled in router by
using Wireless Encryption Protocol (WEP) or Wireless Protected Access (WPA) or
WPA2.
2. Using a strong password for encryption key, consisting of at least 14 characters and
mixing letters and numbers.

(b) What is One Time Pad (OTP) security mechanism? 4M

Ans: One time pad Security Mechanism: One time pad (Vernam Cipher) is the encryption (Explanation
mechanism in which the encryption-key has at least the same length as the plaintext and : 2 marks,
consists of truly random numbers. Each letter of the plaintext is mixed with one element Example: 2
marks)
from the OTP. This results in a cipher-text that has no relation with the plaintext when
the key is unknown. At the receiving end, the same OTP is used to retrieve the original
plaintext
Steps for One time pad :
1. The key should be as long as the message
2. Key and plain text calculated modulo 26
3. There should only be 2 copies of the key (1 for sender and 1 for receiver)
Example: Suppose Alice wishes to send the message "HELLO" to Bob In OTP assign
each letter a numerical value: e.g. "A" is 0, "B" is 1, and so on. Here, we combine the
key and the message using modular addition. The numerical values of corresponding
message and key letters are added together, modulo 26. If key is "XMCKL" and the
message is "HELLO", then the encrypted text will be “EQNVZ”

Page | 30
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514

Fig: One time pad

(c) Describe PGP with suitable diagram. 4M

Ans: PGP is Pretty Good Privacy. It is a popular program used to encrypt and decrypt email (Diagram: 2
over the internet. It becomes a standard for e-mail security. It is used to send encrypted marks,
code (digital signature) that lets the receiver verify the sender’s identity and takes care Description:
that the route of message should not change. PGP can be used to encrypt files being 2 marks)
stored so that they are in unreadable form and not readable by users or intruders It is
available in Low cost and Freeware version. It is most widely used privacy ensuring
program used by individuals as well as many corporations.

Fig. PGP
There are five steps as shown in fig.
1. Digital signature: it consists of the creation a message digest of the email message
using SHA-1 algorithm. The resulting MD is then encrypted with the sender’s private
key. The result is the sender’s digital signature.
2. Compression: the input message as well as p digital signature are compressed

Page | 31
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
MODEL ANSWER
SUMMER– 17 EXAMINATION
Subject Title: Computer Security Subject Code: 17514
together to reduce the size of final message that will be transmitted. For this the Lempel-
Ziv algorithm is used.
3. Encryption: The compressed output of step 2 (i.e. the compressed form of the
original email and the digital signature together) are encrypted with a symmetric key.
4. Digital enveloping: the symmetric key used for encryption in step 3 is now encrypted
with the receiver’s public key. The output of step 3 and 4 together form a digital
envelope.
5. Base-64 encoding: this process transforms arbitrary binary input into printable
character output. The binary input is processed in blocks of 3 octets (24-bits).these 24
bits are considered to be made up of 4 sets, each of 6 bits. Each such set of 6 bits is
mapped into an 8-bit output character in this process.
(d) What is pornography? 4M

Ans: PORNOGRAPHY: The depiction of nudity or erotic behavior, in writing, pictures, (Explanation
video, or otherwise, with the intent to cause sexual excitement. Is the depiction of erotic : 4 marks)
behavior (as in pictures or writing) intended to cause sexual excitement material (as
books or a photograph) that depicts erotic behavior and is intended to cause sexual
excitement the depiction of acts in a sensational manner so as to arouse a quick intense
emotional reaction? Pornography is defined as imagery, in addition to various forms of
media, that depicts actions presumed to be overtly sexual and erotic in nature. In a legal
spectrum, Pornography can be defined as sexually-explicit material that is displayed or
viewed with the intention of the provision of sexual gratification.
(e) What is SSL/TLS? 4M

Ans: Transport Layer Security (TLS) and Secure Sockets Layer (SSL), both referred to as (Explanation
"SSL" are cryptographic protocols that provide communications security over a network. : 4 marks)
The Transport Layer security (TLS) protocol provides communications privacy over
internet. The protocol allows client-server applications to communicate in a way that is
designed to prevent eavesdropping, tampering or message forgery. The primary goal of
the TLS protocol is to provide privacy in data integrity between two communicating
applications.
The protocol is composed of two layers:
1. TLS Record Protocol provides connection security with some encryption method
such as the Data Encryption Standard (DES). The TLS Record Protocol can also be
used without encryption.
2. The TLS Handshake Protocol allows the server and client to authenticate each other
and to negotiate an encryption algorithm and cryptographic keys before data is
exchanged.

Page | 32
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
WINTER– 17 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
Important Instructions to examiners:
1) The answers should be examined by key words and not as word-to-word as given in the model answer
scheme.
2) The model answer and the answer written by candidate may vary but the examiner may try to assess the
understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more Importance (Not
applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in the figure. The
figures drawn by candidate and model answer may vary. The examiner may give credit for any equivalent
figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed constant values
may vary and there may be some difference in the candidate’s answers and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of relevant answer
based on candidate’s understanding.
7) For programming language papers, credit may be given to any other program based on equivalent
concept.

Q. Sub Answer Marking

No Q. N. Scheme
.

1. (a) Attempt any THREE : 12 Marks

(i) State the need of Computer Security. 4M

Ans: The need of computer security has been threefold: confidentiality, integrity, and (1 mark for
availability the “CIA” of security. Confidentiality, Integrity, Availability, Availability, each point
; Diagram
Authentication, Other elements are Authorization, Non-repudiation, Access control and
optional)
accountability.

1. Confidentiality: The goal of confidentiality is to ensure that only those individuals

who have the authority can view a piece of information, the principle of confidentiality
specifies that only sender and intended recipients should be able to access the
contents of a message. Confidentiality gets compromised if an unauthorized person is
able to access the contents of a message.

Example of compromising the Confidentiality of a message is shown in fig.

Fig. Loss of
confidentiality

Page 1 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
Here, the user of a computer A sends a message to user of computer B. another
user C gets access to this message, which is not desired and therefore, defeats the
purpose of Confidentiality.
This type of attack is also called as interception.

2. Authentication: Authentication h e l p s t o e s t a b l i s h proof of identities.

Authentication process ensures that the origin of a message is correctly identified.
Authentication deals with the desire to ensure that an individual is who they claim to
be.
For example, suppose that user C sends a message over the internet to user B.
however, the trouble is that user C had posed as user A when he sent a message to user
B. how would user B know that the message has come from user C, who posing as
user A? This concept is shown in fig. below.

This type of attack is called as fabrication.

Fig. absence of authentication

3. Integrity: Integrity is a related concept but deals with the generation and
modification of data. Only authorized individuals should ever be able to create or
change (or delete) information. When the contents of the message are changed after the
sender sends it, but before it reaches the intended recipient, we say that the integrity of
the message is lost.

For example, here user C tampers with a message originally sent by user A, which is
actually destined for user B. user C somehow manages to access it, change its
contents and send the changed message to user B. user B has no way of knowing that
the contents of the message were changed after user A had sent it. User A also does
not know about this change.

This type of attack is called as modification.

Page 2 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________

Fig. Loss of Integrity

4. Availability: The goal of availability s to ensure that the data, or the system
itself, is available for use when the authorized user wants it.

(ii) List types of attacks. Explain back doors and trap doors attacks 4M

Ans: Types of attacks are: (List: 2

Marks,
1. Passive attacks
Explanatio
2. Active attacks
n of
3. Denial of service attacks
Backdoor
4. Backdoor attacks
and
5. Trapdoor attacks
Trapdoor
6. Sniffing/spoofing attacks
attacks: 1
7. Man-in-the middle attacks
Mark
\
each)
Backdoor Attacks: It is secret entry point into program that allows user to gain access
without going through the usual security access procedures. It is used legitimately in
debugging and testing. It also refers to the entry and placement of a program or utility into
a network that creates a backdoor entry for attackers. This may allow a certain user ID to
log on without password a program or gain of administrative services. It becomes threat
when programmers use them to gain unauthorized access. There are several backdoor
programs and tools used by hackers in terms of automated tools

Trapdoor Attacks: A trap door is an entrance in a system which circumvents the normal
safety measures. It is secret entry point into a program that allows someone who is aware
of gaining access using procedure other that security procedure. It might be hidden
program which makes the protection system ineffective. This entry can be deliberately in
traduced by the developer to maintain system in case of disaster management. Trapdoor
programs can be installed through malware using internet.

(iii) Compare symmetric and asymmetric key cryptography. 4M

Page 3 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
Ans: (Each
comparison
Categories Symmetric key Asymmetric key point:
1mark , any
Key used for encryption Cryptography
Same key is used for Cryptography
One key is used for four points)
/decryption encryption & decryption. encryption & another
different key is used for
decryption.
Key process Ke=Kd (Same) Ke# Kd (not same)
Speed of encryption/ Very fast Slower
decryption
Size of resulting encrypted Usually same as or less than More than the original clear
text agreement/exchange
Key thebig
A original clear text size.
problem textproblem
No size. at all.

Usage Mainly used for encryption Can be used for encryption

and decryption, cannot be and decryption as well as
used for digital signatures. for digital signatures.
Efficiency in usage Symmetric key Asymmetric key
cryptography is often used cryptography is more
for long messages. efficient for short messages.

(iv) Explain the terms: Cryptography, Cryptanalysis and Cryptology. 4M

Ans: 1. Cryptography: Cryptography is art & science of achieving security by encoding (1mark for
messages to make them non-readable. explanatio
n each
term and 1
mark for
diagram
drawn)

2. Cryptanalysis: Cryptanalysis is the technique of decoding messages from a non-

readable format without knowing how they were initially converted from readable
format to non-readable format.

3. Cryptology: it is the art and science of transforming the intelligent data into
unintelligent data and unintelligent data back to intelligent data.
Cryptology = Cryptography + Cryptanalysis

(b) Attempt any ONE : 6 Marks

(i) Describe the following attacks: 6M

Page 4 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
(A) Sniffing
(B) Spoofing

Ans: a) Sniffing : (Sniffing : 3

1. This is software or hardware that is used to observe traffic as it passes through a marks,
network on shared broadcast media. Spoofing: 3
2. It can be used to view all traffic or target specific protocol, service, or string of marks)
characters like logins.
3. Some network sniffers are not just designed to observe the all traffic but also modify
the traffic.
4. Network administrators use sniffers for monitoring traffic.
5. They can also use for network bandwidth analysis and to troubleshoot certain problems
such as duplicate MAC addresses.

b) Spoofing:
1. Spoofing is nothing more than making data look like it has come from a different
source.
2. This is possible in TCP/ IP because of the friendly assumption behind the protocol.
When the protocols were developed, it was assumed that individuals who had access to
the network layer would be privileged users who could be trusted.
3. When a packet is sent from one system to another, it includes not only the destination IP
address ant port but the source IP address as well which is one of the forms of Spoofing.
4. Example of spoofing: e-mail spoofing, URL spoofing, IP address spoofing.

(ii) Explain data recovery tools and data recovery procedures. 6M

Ans: Data recovery: All computer users need to be aware of backup and recovery procedures (Explanatio
to protect their data. Data Protection can be taken seriously as its important for financial, n of Data
legal or personal reasons. recovery : 4
marks,
These are various formatted partition recovery tool available .Although every tool will
Procedure :
have different GUI & method of recovery. 2 marks)
Steps of data recovery:
Step1: If you cannot boot the computer, please use data recovery bootable disk.
Step 2: Select the file types you want to recover & volume where the formatted hard
drive is. The tool will automatically scan the selected volume.
Step 3: Then the founded data will be displayed on the screen & you can get a preview
of it. Then select the file or directory that you want to recover & save them to a healthy
drive.
Data recovery procedures:
A computer data recovery procedure is an important part for any computer literate
personality that cannot be neglected. Computer professional or computer forensic
expert who uses data recovery should maintain the secrecy and privacy of the client. Any
action or activity that leads to disclosure of privacy of the client should be avoided. The
values such as integrity, accuracy & authenticity should be exercised in an ethical
environment. The evidence that is produced before the court should be fairly examined &
analyzed. There should not be any carelessness and ignorance regarding the handling of

Page 5 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
evidence. The case evidence should be examined in detail based upon validated principles.

2. Attempt any TWO of the following: 16 Marks

(a) Explain any four attacks on Computer System Security. 8M

Ans: Different types of attacks are as follows: (Explanati

on of Any
1) Denial-of-service attacks four
2) Backdoors and Trapdoors Attacks: 2
3) Sniffing marks
4) Spoofing each)
5) Man In middle attack
6) Replay attack
7) TCP/ IP Hijacking.
8) Malware or malicious code such as viruses

1. Denial of Service Attack. Denial of service (DOS) attack scan exploits a known
vulnerability in a specific application or operating system, or they may attack features (or
weaknesses) in specific protocols or services. In this form of attack, the attacker is
attempting to deny authorized users access either to specific information or to the
computer system or network itself. The purpose of such an attack can be simply to
prevent access to the target system, or the attack can be used in conjunction with other
actions in order to gain unauthorized access to a computer or network. SYN flooding is
an example of a DOS attack that takes advantage of the way TCP/IP networks were
designed to function, and it can be used to illustrate the basic principles of any DOS
attack. SYN flooding utilizes the TCP three-way handshake that is used to establish a
connection between two systems. In a SYN flooding attack, the attacker sends fake
communication requests to the targeted system. Each of these requests will be answered
by the target system, which then waits for the third part of the handshake. Since the
requests are fake the target will wait for responses that will never come.

2. Backdoors and Trapdoors: They are the methods used by software developers to
ensure that they could gain access to an application even if something were to happen
in the future to prevent normal access methods. For e.g. A hard coded password that
could be used to gain access to the program in the event that administrator forgot their
own system password. The problem with this sort of password (sometimes referred to
as trapdoor) is that since the password is hard coded it cannot be removed. If the
attacker learns about the backdoor, all systems running the software would be
vulnerable.

3. Sniffing: A network sniffer is a software or hardware device that is used to observe the
traffic as it passes through the network on shared broadcast media. The device can
be used to view all traffic, all it can target a specific protocol, service or even string of
characters. Normally the network device that connects a computer to a network

Page 6 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
is designed to ignore all traffic that is not destined for that computer. Network
sniffers ignore this friendly agreement and observe all traffic on the network whether
destined for that computer or others.

4. Spoofing: It makes the data look like it has come from other source. This is possible in
TCP/IP because of the friendly assumptions behind the protocols. When a packet is
sent from one system to another, it includes not only the destination IP address but the
source IP address. The user is supposed to fill in the source with your own address, but
there is nothing that stops you from filling in another system‘s address.

5. Man in the middle attack. A man in the middle attack occurs when attackers are able
to place themselves in the middle of two other hosts that are communicating in order to
view or modify the traffic. This is done by making sure that all communication going to
or from the target host is routed through the attacker‘s host. Then the attacker is able to
observe all traffic before transmitting it and can actually modify or block traffic. To the
target host, communication is occurring normally, since all expected replies are received.

6. Replay Attack: In replay attack an attacker captures a sequence of events or some data
units and resends them. For example suppose user A wants to transfer some amount to
user C’s bank account. Both users A and C have account with bank B. User A might
send an electronic message to bank B requesting for fund transfer. User C could capture
this message and send a copy of the same to bank B. Bank B would have no idea that this
is an unauthorized message and would treat this as a second and different fund transfer
request from user A. So C would get the benefit of the fund transfer twice once
authorized and once through a replay attack.

(b) What is the importance of biometrics in Computer security? Describe finger prints 8M
registration and verification process.

Ans: Importance of Biometrics: Biometric refers study of methods for uniquely recognizing (Diagram: 2
humans based upon one or more intrinsic physical or behavioral characteristics. mark,
Importance
1. Biometric identification is used on the basis of some unique physical attribute of the : 4 marks,
user that positively identifies the user. Example: finger print recognition, retina and face Fingerprint
scan technic, voice synthesis and recognition and so on. registration
&
2. Physiological are related to shape of the body.
verification
3. For example finger print, face recognition, DNA, palm print, iris recognition and so on. process: 2
4. Behavioural are related to the behaviour of a person. mark)
5. For example typing rhythm, gait, signature and voice.
6. The first time an individual uses a biometric system is called an enrolment.
7. During the enrolment, biometric information from an individual is stored.
8. In the subsequent uses, biometric information is detected and compared with the
information stored at the time of enrolment.

Page 7 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________

Different methods of Biometrics

1. Finger print recognition
2. Hand print recognition
3. Retina/Iris scan technique
4. Face recognition
5. Voice patterns recognition
6. Signature and writing patterns recognition
7. Keystroke dynamics

Fingerprint registration & verification process: During registration, first time an

individual uses a biometric system is called an enrolment. During the enrolment, biometric
information from an individual is stored. In the verification process, biometric information
is detected and compared with the information stored at the time of enrolment.

(c) Explain transposition technique. Convert plain text to Cipher text using Rail Fence 8M
technique “COMPUTER ENGINEERING”.

Ans: Transposition Technique: Transposition systems are fundamentally different from (4 mark
substitution systems. In substitution systems, plaintext values are replaced with other for
Explanatio
values. In transposition systems, plaintext values are rearranged without otherwise
n, 2 marks
changing them. All the plaintext characters that were present before encipherment are still for Step 1,
present after encipherment. Only the order of the text changes. Most transposition 2 marks
systems rearrange text by single letters. It is possible to rearrange complete words or for cipher
groups of letters rather than single letters, but these approaches are not very secure and text.)
have little practical value. Larger groups than single letters preserve too much
recognizable plaintext.
a) Some transposition systems go through a single transposition process. These are
called single transposition. Others go through two distinctly separate transposition
processes. These are called double transposition.
b) Most transposition systems use a geometric process. Plaintext is written into a
geometric figure, most commonly a rectangle or square, and extracted from the
geometric figure by a different path than the way it was entered. When the geometric
figure is a rectangle or square, and the plaintext is entered by rows and extracted by
columns, it is called columnar transposition. When some route other than rows and
Page 8 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
columns is used, it is called route transposition.
Rail Fence Technique: It is one of the easiest transposition techniques to create
cipher text. When plain text message is codified using any suitable scheme, the resulting
message is called Cipher text or Cipher.
Steps are: Plain text = COMPUTER ENGINEERING

Step 1: Write down Plain text as sequence of diagonal.

Read Plain text written in Step 1 as sequence of rows. As,

C M U E E G N E I G
O P T R N I E R N

Then concatenate these two sequences of text as one to create following

Cipher Text: CMUEEGNEIGOPTRNIERN

OR

The rail-fence cipher is inscribed by zigzag pattern and extracted by rows.

C U E N I
O P T R N I E R N
M E G E G

Cipher Text: CUENIOPTRNIERNMEGEG

3. Attempt any FOUR: 16 Marks

(a) Explain the concept of Kerberos. 4M

Ans: Kerberos is a network authentication protocol. It is designed to provide strong (Explanatio

authentication for client/server applications by using secret-key cryptography. n with
Kerberos was created by MIT as a solution for network security problems and it is freely Diagrams
available from MIT, under copyright permission. of different
How Kerberos does works? Kerberos operates by encrypting data with a symmetric key. steps: 4
A symmetric key is a type of authentication where both the client and server agree to use a
marks)
single encryption/decryption key for sending and receiving data. When working with the
encryption key, the details are actually sent to a key distribution center (KDC), instead of
sending the details directly between each computer.
The entire process takes a total of eight steps, as shown below.
1. The authentication service, or AS, receivers the request by the client and verifies that the
Client is indeed the computer it claims to be. This is usually just a simple database lookup
of the user’s ID.

Page 9 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________

2. Upon verification, a timestamp is crated. This puts the current time in a user session,
along with an expiration date. The default expiration date of a timestamp is 8 hours. The
encryption key is then created. The timestamp ensures that when 8 hours is up, the
encryption key is useless. (This is used to make sure a hacker doesn’t intercept the data,
and try to crack the key. Almost all keys are able to be cracked, but it will take a lot longer
than 8 hours to do so)

3. The key is sent back to the client in the form of a ticket-granting ticket, or TGT. This is
a simple ticket that is issued by the authentication service. It is used for authentication the
client for future reference.

4. The client submits the ticket-granting ticket to the ticket-granting server, or TGS, to get
authenticated.

5. The TGS creates an encrypted key with a timestamp, and grants the client a service
ticket.

Page 10 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________

6. The client decrypts the ticket, tells the TGS it has done so, and then sends its own
encrypted key to the service.

7. The service decrypts the key, and makes sure the timestamp is still valid. If it is, the
service contacts the key distribution center to receive a session that is returned to the client.

8. The client decrypts the ticket. If the keys are still valid, communication is initiated
between client and server.

(b) Describe different password selection criteria. 4M

Ans: Password selection criteria : ( Four

1. User education: Users can be told the importance of using hard-to-guess passwords and criteria: 1
can be provided with guidelines for selecting strong passwords. This user education mark Each)
strategy is unlikely to succeed at most installations, particularly where there is a large user

Page 11 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
population or a lot of turn over. Many users will simply ignore the guidelines. Others may
not be good judges of what is a strong password. For example, many users believe that
reversing a word or capitalizing the last letter makes a password un-guessable.
2. Computer-generated passwords: Passwords are quite random in nature. Computer-
generated passwords also have problems. If the passwords are quite random in nature,
users will not be able to remember them. Even if the password is pronounceable, the user
may have difficulty remembering it and so be tempted to write it down. In general,
computer-generated password schemes have a history of poor acceptance by users. FIPS
PUB 181 defines one of the best-designed automated password generators. The standard
includes not only a description of the approach but also a complete listing of the C source
code of the algorithm. The algorithm generates words by forming pronounceable syllables
and concatenating them to form a word. A random number generator produces a random
stream of characters used to construct the syllables and words.
3. Reactive password checking: A reactive password checking strategy is one in which
the system periodically runs its own password cracker to find guessable passwords. The
system cancels any passwords that are guessed and notifies the user. This tactic has a
number of drawbacks. First it is resource intensive, if the job is done right. Because a
determined opponent who is able to steal a password file can devote full CPU time to the
task for hours or even days an effective reactive password checker is at a distinct
disadvantage. Furthermore, any existing passwords remain vulnerable until the reactive
password checker finds them.
4. Proactive password checking: The most promising approach to improved password
security is a proactive password checker. In this scheme, a user is allowed to select his or
her password. However, at the time of selection, the system checks to see if the password
is allowable and if not, rejects it. Such checkers are based on the philosophy that with
sufficient guidance from the system, users can select memorable passwords from a fairly
large password space that are not likely to be guessed in a dictionary attack. The trick with
a proactive password checker is to strike a balance between user acceptability and strength.
If the system rejects too many passwords, users will complain that it is too hard to select a
password. If the system uses some simple algorithm to define what is acceptable, this
provides guidance to password crackers to refine their guessing technique. In the
remainder of this subsection, we look at possible approaches to proactive password
checking.

(c) List types of firewall. Explain packet filter with diagrams. 4M

Ans: List of types of firewall: (Listing of

 Packet filter as a firewall types of
 Circuit level gateway firewall firewall: 1
 Application level gateway firewall mark,
 Proxy server as a firewall Explanatio
n of packet
Explanation : As per the diagram given below Firewall will act according to the table filter as a
given for example source IP [Link] is the IP address of a network , all the packets firewall: 2
which are coming from this network will be blocked by the firewall in this way it is acting marks
as a firewall. Table also having port 80, IP Address [Link] & port 23 firewall will act ,diagram of
in the similar fashion. Port 23 is for Telnet remote login in this case firewall won’t allow to packet
login onto this server. IP Address [Link] is the IP address of individual Host, all the filter as a
packet having this IP address as a destination Address will be denied. firewall: 1
Port 80 no HTTP request allowed by firewall. mark)
Page 12 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
Diagram of packet filter as a firewall.

Packet Filtering

(d) Describe host based IDS with its advantages and disadvantages. 4M

Ans: Host Intrusion Detection Systems: (Diagram:

(i). They are run on individual hosts or devices on the network. 1 mark,
(ii). A HIDS monitors the inbound and outbound packets from the device only and will Explanatio
alert the user or administrator when suspicious activity is detected.
n: 1 mark ,
(iii). HIDS is looking for certain activities in the log file are:
any two
 Logins at odd hours
 Login authentication failure advantages:
 Adding new user account 1 mark ,
 Modification or access of critical system files any two
 Modification or removal of binary files disadvantag
 Starting or stopping processes es: 1 mark)
 Privilege escalation
 Use of certain programs

(i). Basic Components HIDS:

 Traffic collector:
This component collects activity or events from the IDS to examine. On Host-based IDS,
this can be log files, audit logs, or traffic coming to or leaving a specific system
 Analysis Engine:
This component examines the collected network traffic & compares it to known patterns of
suspicious or malicious activity stored in the signature database. The analysis engine acts
like a brain of the IDS.

Page 13 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
 Signature database:
It is a collection of patterns & definitions of known suspicious or malicious activity.
 User Interface & Reporting:
This is the component that interfaces with the human element, providing alerts & giving
the user a means to interact with & operate the IDS.
Advantages:
1. Operating System specific and detailed signatures.
2. Examine data after it has been decrypted.
3. Application specific.
4. Determine whether or not an alarm may impact that specific.

Disadvantages:
1. Should have a process on every system to watch.
2. High cost of ownership and maintenance.
3. Uses local system resources.
4. If logged locally, could be compromised or disable.

(e) Explain the steps for hardening applications. 4M

Ans: Application Hardening is a security feature designed to avoid/prevent exploitation of (Any

various types of vulnerabilities in software application. It also secures against local and relevant
internet attacks. Vulnerabilities are introduced by programmers who fail to check the explanation
properly the input data entering into the application. If there are vulnerabilities in : 4 marks)
application then it can be exploited by an attacker.
Hardening application is fairly similar to hardening operating system- you remove the
functions or components you do not need, restrict access where you can and make sure that
the application is kept up to date with patches & maintain application patches.

Application hardening has following mechanisms:

a) Process spawning Control: uses fact that in most cases the application does not need
the ability to launch other executable for proper functioning. By taking away the process
spawning ability from the application, hackers will not be able to perform the process
spawning attack.

b) EXE file protection: another method to break into system is to trick the vulnerable
application into modifying or creating executable file protection defense is based on in
most of the cases, the application does not need to create or modify executable files.
Hackers will not be able to perform attacks tampering with executable files on the system.

c) System tampering protection: Another possibility to break into the system is to trick
the vulnerable application into modifying special sensitive area of the operating system
and taking advantage of those modifications. Those sensitive areas include Windows
registry keys used to control launching of application on system startup the [Link] and
[Link] files… The system tampering protection defense is based on the fact that in almost
all cases normal applications do not need to perform such operations for their proper
function, by preventing applications to modify special areas of Operating system. Hackers
will not be able to attack by tampering with sensitive special areas of the system.
Application Patches will be helpful in this case like Hotfixes, Patches, and upgrades.

Page 14 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
4. (a) Attempt any THREE of the following: 12 Marks

(i) Explain simple columnar transposition technique with algorithm and example. 4M

Ans: The columnar transposition cipher is a transposition cipher that follows a simple rule for (Explanati
mixing up the characters in the plaintext to form the cipher-text. It can be combined with on: 1
other ciphers, such as a substitution cipher, the combination of which can be more difficult mark,
to break than either cipher on its own. The cipher uses a columnar transposition to greatly
Algorithm:
improve its security.
1 mark,
Algorithm: Example: 2
1. The message is written out in rows of a fixed length. marks )
2. Read out again column by column according to given order or in random order.
3. According to order write cipher text.

Example:
The key for the columnar transposition cipher is a keyword e.g. ORANGE. The row length
that is used is the same as the length of the keyword.
To encrypt a below plaintext COMPUTER PROGRAMMING

In the above example, the plaintext has been padded so that it neatly fits in a rectangle.
This is known as a regular columnar transposition. An irregular columnar transposition
leaves these characters blank, though this makes decryption slightly more difficult. The
columns are now reordered such that the letters in the key word are ordered alphabetically.

The Encrypted text or Cipher text is: MPMET GNMUO IXPRM XCERG ORAL (Written
in blocks of Five)

Page 15 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
(ii) Draw and explain virtual private network. 4M

Ans: (Diagram
of VPN :2
marks ,
Explanatio
n: 2 marks)

Fig: VPN

Explanation: private network created virtually between two branch networks of same
company across the world. Instead of using dedicated leased line to the internetwork of
company public lines can be used called as VPN. In the diagram two firewalls are acting as
an intermediate between user X & user Y. If the user x is sending the message to user .If
the user X is sending the message to user Y message first comes to firewall 1 which uses
its own address to send this message to user Y thus over the network the packet send from
user X is protected & it‟s IP address is protected like private network .In VPN the Tunnel
technology is used to have communication between two branches of same company by
wrapping the packet on another packet thus protecting network like private network.

(iii) Explain Cyber Crime. 4M

Ans: Crimes against people are a category of crime that consists of offenses that usually involve (Relevant
causing or attempting to cause bodily harm or a threat of bodily harm. These actions are Explanatio
taken without the consent of the individual the crime is committed against, or the victim. n of Cyber
These types of crimes do not have to result in actual harm - the fact that bodily harm could Crime: 4
have resulted and that the victim is put in fear for their safety is sufficient. i.e. Assault, marks)
Domestic Violence, Stalking
Cybercrime is a bigger risk now than ever before due to the sheer number of connected
people and devices. Cybercrime, as it's a bigger risk now than ever before due to the sheer
number of connected people and devices. It is simply a crime that has some kind of
computer or cyber aspect to it. To go into more detail is not as straightforward, as it takes
shape in a variety of different formats.
Cybercrime:
 Cybercrime has now surpassed illegal drug trafficking as a criminal money maker
 Somebody‘s identity is stolen every 3 seconds as a result of cybercrime
 Without a sophisticated security package, your unprotected PC can become infected
within four minutes of connecting to the Internet.

Page 16 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
Criminals committing cybercrime use a number of methods, depending on their skill-set
and their goal. Here are some of the different ways cybercrime can take shape:
Theft of personal data
 Copyright infringement
 Fraud
 Child pornography
 Cyber stalking
 Bullying
Cybercrime covers a wide range of different attacks, that all deserve their own unique
approach when it comes to improving our computer's safety and protecting ourselves. The
computer or device may be the agent of the crime, the facilitator of the crime, or the target
of the crime. The crime may take place on the computer alone or in addition to other
locations. The broad range of cybercrime can be better understood by dividing it into two
overall categories.
(iv) What is software piracy? 4M

Ans: Software piracy is the illegal copying, distribution, or use of software. It is such a (Any
profitable "business" that it has caught the attention of organized crime groups in a number Relevant
of countries. Software piracy causes significant lost revenue for publishers, which in turn Descriptio
results in higher prices for the consumer. Software piracy applies mainly to full-function n: 4
commercial software. The time-limited or function-restricted versions of commercial marks)
software called shareware are less likely to be pirated since they are freely available.
Similarly, freeware, a type of software that is copyrighted but freely distributed at no
charge.

Types of software piracy include:

 Soft-lifting: Borrowing and installing a copy of a software application from a
colleague.
 Client-server overuse: Installing more copies of the software than you have licenses
for.
 Hard-disk loading: Installing and selling unauthorized copies of software on
refurbished or new computers.
 Counterfeiting: Duplicating and selling copyrighted programs.
 Online piracy: Typically involves downloading illegal software from peer-to-peer
network, Internet auction or blog. (In the past, the only place to download software was
from a bulletin board system and these were limited to local areas because of long
distance charges while online.)

(b) Attempt any ONE: 6 Marks

(i) Explain DOS and DDOS with neat diagram. 6M

Ans: Denial Of Service Attack: Denial of service (DOS) attack scan exploits a known
vulnerability in a specific application or operating system, or they may attack features (or (Explanatio
weaknesses) in specific protocols or services. In this form of attack, the attacker is n of DOS &
DDOS : 2
attempting to deny authorized users access either to specific information or to the computer
marks
system or network itself. The purpose of such an attack can be simply to prevent access to Each,
the target system, or the attack can be used in conjunction with other actions in order to Diagram: 1

Page 17 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
gain unauthorized access to a computer or network. SYN flooding is an example of a DOS mark Each)
attack that takes advantage of the way TCP/IP networks were designed to function, and it
can be used to illustrate the basic principles of any DOS attack. SYN flooding utilizes the
TCP three-way handshake that is used to establish a connection between two systems. In a
SYN flooding attack, the attacker sends fake communication requests to the targeted
system. Each of these requests will be answered by the target system, which then waits for
the third part of the handshake. Since the requests are fake the target will wait for
responses that will never come, as shown in Figure.

Fig: DOS Attack

The target system will drop these connections after a specific time-out period, but if the
attacker sends requests faster than the time-out period eliminates them, the system will
quickly be filled with requests. The number of connections a system can support is finite,
so when more requests come in than can be processed, the system will soon be reserving
all its connections for fake requests. At this point, any further requests are simply dropped
(ignored), and legitimate users who want to connect to the target system will not be able to.
Use of the system has thus been denied to them.
Distributed Denial-Of-Service (DDoS): DDoS is the attack where source is more than
one, often thousands of, unique IP addresses. It is analogous to a group of people crowding
the entry door or gate to a shop or business, and not letting legitimate parties enter into the
shop or business, disrupting normal operations. DDoS is a type of DOS attack where
multiple compromised systems, which are often infected with a Trojan, are used to target a
single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist
of both the end targeted system and all systems maliciously used and controlled by the
hacker in the distributed attack.
A Denial of Service (DoS) attack is different from a DDoS attack. The DoS attack
typically uses one computer and one Internet connection to flood a targeted system or
resource. The DDoS attack uses multiple computers and Internet connections to flood the
targeted resource. DDoS attacks are often global attacks, distributed via botnets.
Types of DDoS Attacks:
 Traffic attacks: Traffic flooding attacks send a huge volume of TCP, UDP and ICPM
packets to the target. Legitimate requests get lost and these attacks may be
accompanied by malware exploitation.
 Bandwidth attacks: This DDoS attack overloads the target with massive amounts of
junk data. This results in a loss of network bandwidth and equipment resources and can
lead to a complete denial of service.
 Application attacks: Application-layer data messages can deplete resources in the
application layer, leaving the target's system services unavailable.

Stacheldraht is a piece of software written by Random for Linux and Solaris systems
Page 18 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
which acts as a distributed denial of service (DDoS) agent. This tool detects and
automatically enables source address forgery. Stacheldraht uses a number of different DoS
attacks, including UDP flood, ICMP flood, TCP SYN flood and Smurf attack.

Fig: DDOS Attack

(ii) Define virus. Explain at least 5 types of viruses. 6M

Ans: Viruses: A program designated to spread from file to file on a single PC, it does not (Definition:
intentionally try to move to another PC and it must replicate and execute itself. Used as 1 mark,
delivery tool for hacking. Five types
of virus
Types of viruses:
with
 Parasitic Viruses: It attaches itself to executable code and replicates itself. Once it is
explanation
infected it will find another program to infect.
: 1 mark
 Memory resident viruses: lives in memory after its execution it becomes a part of
each)
operating system or application and can manipulate any file that is executed, copied or
moved.
 Non- resident viruses: it executes itself and terminates or destroys after specific time.
 Boot sector Viruses: It infects boot sector and spread through a system when it is
booted from disk containing virus.
 Overwriting viruses: It overwrites the code with its own code.
 Stealth Virus: This virus hides the modification it has made in the file or boot record.
 Macro Viruses: These are not executable. It affects Microsoft word like documents,
they can spreads through email.
 Polymorphic viruses: it produces fully operational copies of itself, in an attempt to
avoid signature detection.
 Companion Viruses: creates a program instead of modifying an existing file.
 Email Viruses: Virus gets executed when email attachment is open by recipient. Virus
sends itself to everyone on the mailing list of sender.
 Metamorphic viruses: keeps rewriting itself every time, it may change their behavior
as well as appearance code.

Page 19 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
5. Attempt any TWO : 16 Marks
(a) Explain individual user responsibilities in Computer Security. 8M
Ans: Individual user responsibilities in computer security are: (Each
point: 1
1. Lock the door of office or workspace.
mark, any
2. Do not leave sensitive information inside your car unprotected.
3. Secure storage media in a secure storage device which contains sensitive information. 8 points)
4. Shredding paper containing organizational information before discarding it.
5. Do not expose sensitive information to individuals that do not have an authorized need
to know it.
6. Do not discuss sensitive information with family members.
7. Be alert to, and do not allow, piggybacking, shoulder surfing or access without the
proper identifications.
8. Establish different procedures to implement good password security practice that
employees should follow.
Give proper guidelines for:
(a) Password selection
(b) Piggybacking
(c) Shoulder surfing
(d) Dumpster diving
(e) Installing Unauthorized Software /Hardware
(f) Access by non-employees
(g) Security awareness
(b) What is Security topology? Describe Security zone in detail. 8M
Ans: Security topology: A security topology is the arrangement of hardware devices on a (Security
network with respect to internal security requirements and needs for public access. Topology:
OR 1 mark,
Security topology is a local map that depicts the interconnectivity between security devices security
and security domains that host these networks. zone: 1
mark,
Security Zone: Security zones are the building blocks for policies; they are logical Listing
entities to which one or more interfaces are bound. Security zones provide a means of types of
distinguishing groups of hosts (user systems and other hosts, such as servers) and their security
resources from one another in order to apply different security measures to them. zones: 2
Marks,
Explanati
Types of security zone: on of four
i. Internet Zone: zones: 1
mark
 This zone contains websites. each)
 These sites are not on your computer or on your local intranet.
 It is not a single network but it is a series of interconnected networks.
 It is used to transfer email, files, financial records etc. from one network to another.
 Since everyone has access to this network, so it is difficult to impose security policies,
so it is considered to be un-trusted system.

Page 20 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
 www (World Wide Web) is frequently used with internet.

ii. Intranet Zone:

 It is a private network and is restricted within an organization (LAN).

 It consists of connections through one or more gateway computers to the outside world
i.e. Internet.
 Purpose of Intranet is to share information and computing resources between the
employees of a company.
 It provides facility to work in groups and for telecommunication.
 It uses Internet protocol like TCP/IP, HTTP etc.

iii. Trusted Sites:

 This zone contains websites that you trust are safe.

 When you add websites to trusted site zone you believe that files you download or that
you run from the websites will not damage the computer or data.

iv. iv. Restricted Sites:

 This zone contains websites which are not trusted.

 When anyone adds a website to this zone, he believes that the files that are downloaded
or that run from this website may damage the computer or data.

(c) Explain need for firewall and explain one of the type of firewall with diagram. 8M

Ans: Need for Firewall: (Explanatio

n of need: 4
1. A firewall works as a barrier, or a shield, between your PC and cyber space. marks, Any
one firewall
2. When you are connected to the Internet, you are constantly sending and receiving explanation
information in small units called packets. : 4 marks)

3. The firewall filters these packets to see if they meet certain criteria set by a series of
rules, and thereafter blocks or allows the data.

4. This way, hackers cannot get inside and steal information such as bank account
numbers and passwords from you.

Capabilities:

 All traffic from inside to outside and vice versa must pass through the firewall.

 To achieve this all access to local network must first be physically blocked and access
only via the firewall should be permitted.

 As per local security policy traffic should be permitted.

Page 21 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
 The firewall itself must be strong enough so as to render attacks on it useless.

Types of Firewalls

a. Packet Filter Firewall

b. Circuit level Gateway Firewall
c. Application Gateway Firewall
d. Stateful multilayer Inspection Firewall
e. Software
f. Hardware
g. Hybrid

1. Packet Filter Firewall: A packet filtering router firewall applies a set of rules to
each packet and based on outcome, decides to either forward or discard the packet.
Such a firewall implementation involves a router, which is configured to filter packets
going in either direction i.e. from the local network to the outside world and vice versa.
Packet filter performs the following functions.

a. Receive each packet as it arrives.

b. Pass the packet through a set of rules, based on the contents of the IP and
transport header fields of the packet. If there is a match with one of the set rule,
decides whether to accept or discard the packet based on that rule.

c. If there is no match with any rule, take the default action. It can be discard all
packets or accept all packets.

Advantages: simplicity, transparency to the users, high speed

Disadvantages: difficult to set up packet filtering rules, lack of authentication.

Packet Filtering Firewall

Page 22 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________

2. Circuit level gateway Firewalls:

The circuit level gateway firewalls work at the session layer of the OSI model. They
monitor TCP handshaking between the packets to determine if a requested session is
legitimate. And the information passed through a circuit level gateway, to the internet,
appears to have come from the circuit level gateway. So, there is no way for a remote
computer or a host to determine the internal private ip addresses of an organization, for
example. This technique is also called Network Address Translation where the private IP
addresses originating from the different clients inside the network are all mapped to the
public IP address available through the internet service provider and then sent to the
outside world (Internet). This way, the packets are tagged with only the Public IP address
(Firewall level) and the internal private IP addresses are not exposed to potential intruders.

3. Application level gateway Firewalls:

Application level firewalls decide whether to drop a packet or send them through based on
Page 23 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________

the application information (available in the packet). They do this by setting up various
proxies on a single firewall for different applications. Both the client and the server
connect to these proxies instead of connecting directly to each other. So, any suspicious
data or connections are dropped by these proxies. Application level firewalls ensure
protocol conformance. For example, attacks over http that violates the protocol policies
like sending Non-ASCII data in the header fields or overly long string along with Non-
ASCII characters in the host field would be dropped because they have been tampered
with, by the intruders.

6. Attempt any FOUR: 16 Marks

(a) Describe dumpster diving with its prevention mechanism. 4M

Ans: Dumpster diving: (Concept 3
1. It is the process of going through a target’s trash in order to find little bits of marks,
information System attackers need certain amount of information before launching Prevention
their attack. mechanism
2. One common place to find this information, if the attacker is in the vicinity of target is 1 mark)
to go through the target’s thrash in order to find little bits of information that could be
useful.
3. The process of going through target’s thrash is known as “dumpster diving”.
4. The search is carried out in waste paper, electronic waste such as old HDD, floppy and
CD media recycle and trash bins on the systems etc.
5. If the attacker is lucky, the target has poor security process they may succeed in finding
user ID‟s and passwords.
6. If the password is changed and old password is discarded, lucky dumpster driver may
get valuable clue.

Prevention Mechanism: To prevent dumpster divers from learning anything valuable

from your trash, experts recommend that your company should establish disposal
policy.
Page 24 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
(b) Explain the term stenography with example. 4M

Ans: {{**Note: Considering question as Steganography instead of Stenography**}} (Term:1

Steganography: mark,
 Steganography is the art and science of writing hidden message in such a way that no Concept: 3
one, apart from the sender and intended recipient, suspects the existence of the marks)
message.
 Steganography works by replacing bits of useless or unused data in regular computer
files (such as graphics, sound, text, html or even floppy disks) with bits of different,
invisible information.
 This hidden information can be plain text, cipher text or even images. In modern
steganography, data is first encrypted by the usual means and then inserted, using a
special algorithm, into redundant data that is part of a particular file format such as a
JPEG image.
Steganography process : Cover-media + Hidden data + Stego-key = Stego-medium
 Cover media is the file in which we will hide the hidden data, which may also be
encrypted using stego-key.
 The resultant file is stego-medium.
 Cover-media can be image or audio file. Stenography takes cryptography a step further
by hiding an encrypted message so that no one suspects it exists.
 Ideally, anyone scanning your data will fail to know it contains encrypted data.
Stenography has a number of drawbacks when compared to encryption.
 It requires a lot of overhead to hide a relatively few bits of information. i.e. One can
hide text, data, image, sound, and video, behind image.

(c) Explain e-mail security techniques (protocols). 4M

Page 25 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
Ans: A. SMTP- Simple Mail Transfer Protocol. (Listing: 1
mark: any
1. It is a popular network services in Email communication.
two
2. It is system for sending messages to other computer users based on email.
3. It is request response based activity. protocols:
4. It also provides email exchange process. 1.5 marks)
5. It attempts to provide reliable service but not guarantees to sure recovery from failure.

B. PEM- Privacy Enhanced Mail.

1. Privacy-Enhanced Mail (PEM) is an Internet standard that provides for secure

exchange of electronic mail.

2. PEM employs a range of cryptographic techniques to allow for

 Confidentiality
 Non - repudiation
 Message integrity
 The confidentiality feature allows a message to be kept secret from people to whom the
message was not addressed.

 The Non - repudiation allows a user to verify that the PEM message that they have
received is truly from the person who claims to have sent it.

 The message integrity aspects allow the user to ensure that a message hasn't been
modified during transport from the sender.

C. PGP- Pretty Good Privacy

 Pretty Good Privacy is a popular program used to encrypt and decrypt email over the
internet.

 It becomes a standard for e-mail security.

 It is used to send encrypted code (digital signature) that lets the receiver verify the
sender‘s identity and takes care that the route of message should not change.

Page 26 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
 PGP can be used to encrypt files being stored so that they are in unreadable form and
not readable by users or intruders.

 It is available in Low cost and Freeware version.

 It is most widely used privacy ensuring program used by individuals as well as many
corporations.

D. S/MIME – Secure Multipurpose Internet Mail Extension

 The traditional email system using SMTP protocol are text based which means that a
person can compose text message using an editor and them sends it over Internet to the
recipient, but multimedia files or documents in various arbitrary format cannot be sent
using this protocol.

 To cater these needs the Multipurpose Internet Mail Extensions (MIME) system
extends the basic email system by permitting users to send the binary files using basic
email system.

 And when basic MIME system is enhanced to provide security features, it is called as
Secure Multipurpose Internet Mail Extensions.

 S/MIME provides security for digital signature and encryption of email message.

(d) What is intrusion detection system? Explain host based IDS. 4M

Ans: Intrusion detection system (IDS):

An intrusion detection system (IDS) monitors network traffic and monitors for suspicious (IDS:1mark,
activity and alerts the system or network administrator. In some cases the IDS may also Explanati
respond to anomalous or malicious traffic by taking action such as blocking the user or on of
source IP address from accessing the network. HIDS: 2
marks,
HIDS Host Intrusion Detection Systems Diagram:
i. They are run on individual hosts or devices on the network. 1 mark)

ii. A HIDS monitors the inbound and outbound packets from the device only and will
alert the user or administrator when suspicious activity is detected.

iii. HIDS is looking for certain activities in the log file are:

 Logins at odd hours

 Login authentication failure

 Adding new user account

Page 27 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
 Modification or access of critical system files

 Modification or removal of binary files

 Starting or stopping processes

 Privilege escalation

 Use of certain programs

Basic Components HIDS:

 Traffic collector:

This component collects activity or events from the IDS to examine.

On Host-based IDS, this can be log files, audit logs, or traffic coming to or leaving a
specific system
 Analysis Engine:

This component examines the collected network traffic & compares it to known patterns of
suspicious or malicious activity stored in the signature database.
The analysis engine acts like a brain of the IDS.
 Signature database:

It is a collection of patterns & definitions of known suspicious or malicious activity.

 User Interface & Reporting:

This is the component that interfaces with the human element, providing alerts & giving
the user a means to interact with & operate the IDS.

(e) What is TLS? What are two layers of TLS? 4M

Page 28 of 29
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
___________________________________________________________________________________________________________________
Ans: The Transport Layer security (TLS) protocol provides communications privacy over (Explanation
internet. The protocol allows client-server applications to communicate in a way that is : 2 marks,
designed to prevent eavesdropping, tampering or message forgery. The primary goal of the Layers: 1
TLS protocol is to provide privacy in data integrity between two communicating mark each)
applications.
The protocol is composed of two layers:
1. TLS Record Protocol provides connection security with some encryption method such
as the Data Encryption Standard (DES). The TLS Record Protocol can also be used
without encryption. The

2. TLS Handshake Protocol allows the server and client to authenticate each other and to
negotiate an encryption algorithm and cryptographic keys before data is exchanged.

Page 29 of 29
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
WINTER– 18 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code:
17514
Important Instructions to examiners:
1) The answers should be examined by key words and not as word-to-word as given in the model answer
scheme.
2) The model answer and the answer written by candidate may vary but the examiner may try to assess the
understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more Importance (Not
applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in the figure. The
figures drawn by candidate and model answer may vary. The examiner may give credit for any equivalent
figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed constant values may
vary and there may be some difference in the candidate’s answers and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of relevant answer based
on candidate’s understanding.
7) For programming language papers, credit may be given to any other program based on equivalent concept.

Q. Sub Answer Marking

No. Q. N. Scheme

1 A Attempt any THREE : 12 M

a Define computer security. Explain the need of computer security. 4M

Ans Computer Security: Computer Security is the protection of computing systems Definition
and the data that they store or access. :1 mark,
Need of computer Security: Need: Any
1. For prevention of data theft such as bank account numbers, credit card three
information, passwords, work related documents or sheets, etc. points:1
2. To make data remain safe and confidential. mark each
3. To provide confidentiality which ensures that only those individuals should OR
ever be able to view data they are not entitled to.
4. To provide integrity which ensures that only authorized individuals should CIA Model
ever be able change or modify information. Explanation
5. To provide availability which ensure that the data or system itself is n: 3 marks
available for use when authorized user wants it.
6. To provide authentication which deals with the desire to ensure that an
authorized individual.
7. To provide non-repudiation which deals with the ability to verify that
message has been sent and received by an authorized user.
OR

1. Confidentiality: The principle of confidentiality specifies that only sender and

intended recipients should be able to access the contents of a message.
Confidentiality gets compromised if an unauthorized person is able to access the
contents of a message. Example of compromising the Confidentiality of a message
is shown in fig: Here, the user of a computer A send a message to user of computer
Page 1 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
B. another user C gets access to this message, which is not desired and therefore,
defeats the purpose of Confidentiality. This type of attack is also called as
interception.

Fig. Loss of confidentiality

2. Integrity: when the contents of the message are changed after the sender
sends it, but before it reaches the intended recipient, we say that the integrity of
the message is lost. For example, here user C tampers with a message originally
sent by user A, which is actually destined for user B. user C somehow manages
to access it, change its contents and send the changed message to user B. user B
has no way of knowing that the contents of the message were changed after user
A had sent it. User A also does not know about this change. This type of attack is
called as modification.

Fig. Loss of Integrity

3. Authentication: Authentication helps to establish proof of identities. The
Authentication process ensures that the origin of a message is correctly
identified. For example, suppose that user C sends a message over the internet
to user B. however, the trouble is that user C had posed as user A when he sent
a message to user B. how would user B know that the message has come from
user C, who posing as user A? This concept is shown in fig. below. This type of
attack is called as fabrication.

Fig. absence of authentication

4. Availability: The goal of availability s to ensure that the data, or the
system itself, is available for use when the authorized user wants it.

Page 2 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
b Describe piggy backing & shoulder surfing. 4M

Ans Piggy backing: Piggyback

• It is the simple process of following closely behind a person who has just ing: 2
used their own access card or PIN to gain physical access to a room or marks,
Shoulder
building.
surfing: 2
• An attacker can thus gain access to the facility without having to know the marks
access code or having to acquire an access card. i.e.: Access of wireless
internet connection by bringing one's own computer within range of another (Relevant
wireless connection & using that without explicit permission , it means when answer
covering
an authorized person allows (intentionally or unintentionally) others to pass
given
through a secure door. points)
• Piggybacking on Internet access is the practice of establishing a wireless
Internet connection by using another subscriber's wireless Internet access
service without the subscriber’s explicit permission or knowledge.
• It is a legally and ethically controversial practice, with laws that vary by
jurisdiction around the world. While completely outlawed or regulated in
some places, it is permitted in others. The process of sending data along with
the acknowledgment is called piggybacking. Piggybacking is distinct from
war driving, which involves only the logging or mapping of the existence of
access points.
• It is the simple tactic of following closely behind a person who has just used
their own access card or PIN to gain physical access to a room or building.
• An attacker can thus gain access to the facility without having to know the
access code or having to acquire an access [Link], in a wireless
communications context, is the unauthorized access of a wireless LAN.
Piggybacking is sometimes referred to as "Wi-Fi squatting."
• The usual purpose of piggybacking is simply to gain free network access
rather than any malicious intent, but it can slow down data transfer for
legitimate users of the network.
Shoulder Surfing: Shoulder Surfing is a similar procedure in which attackers
position themselves in such a way as to- be-able to observe the authorized
user entering the correct access code.
• Shoulder surfing is an effective way to get information in crowded places
because it's relatively easy to stand next to someone and watch as they fill out
a form, enter a PIN number at an ATM machine, or use a calling card at a
public pay phone. Shoulder surfing can also be done long distance with the
aid of binoculars or other vision-enhancing devices.
• To prevent shoulder surfing, experts recommend that you shield paperwork or
your keypad from view by using your body or cupping your hand.
• Both of these attack techniques can be easily countered by using simple
procedures to ensure nobody follows you too closely or is in a position to
observe your actions.
• Shoulder surfing is using direct observation techniques, such as looking over
Page 3 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
someone's shoulder, to get information.
c Consider plain text “Network Security”, encrypt it with help of Rail Fence 4M
technique, also write the algorithm.
Ans Rail Fence Technique: It is one of the easiest transposition techniques to create 2 marks for
cipher text. When plain text message is codified using any suitable scheme, the Step marks
resulting message is called Cipher text or Cipher. for cipher
text,
Steps are: Plain text = NETWORK SECURITY
Step 1: Write down Plain text as sequence of diagonal. Read Plain text written in 2 marks for
Step 1 as sequence of rows. As, algorithm

Then concatenate these two sequences of text as one to create following

Cipher Text: NTOKEUIYEWRSCRT

Steps for rail-fence cipher are as follow:

1. Write down the plain text message as a sequence of diagonals.

2. Read the plain text written in step 1, row wise.
3. Let’s see example of rail-fence cipher. Suppose plain text is NETWORK
SECURITY if we perform rail-fence cipher operation on this text it will
be coded as NTOKEUIYEWRSCRT.
4. It involves writing plain text in a diagonal sequence and then reading it
row by row to produce cipher text.

d State any four limitations of firewall. 4M

Ans Firewalls weakness / limitations 1 Mark each

(for any 4
1. Firewalls cannot protect against what has been authorized points
2. It cannot stop social engineering attacks or an unauthorized user
intentionally using their access for unwanted purposes
3. Firewalls cannot fix poor administrative practices or poorly designed
security policies
4. It cannot stop attacks if the traffic does not pass through them
5. They are only as effective as the rules they are configured to enforce.
6. firewall can't protect you against malicious insiders
7. A firewall can't protect you against connections that don't go through it.
8. A firewall can't protect against completely new threats.
9. A firewall can't fully protect against viruses.
10. A firewall can't set itself up correctly.
11. Firewalls don't deal with the real problem.

B Attempt any ONE : 6M

Page 4 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
a What is dumpster diving? State preventative measures to avoid Dumpster 6M
diving.

Ans Dumpster diving: Concept 2

1. It is the process of going through a target’s trash in order to find little bits of marks,
information System attackers need certain amount of information before Prevention
mechanism
launching their attack.
4 mark
2. One common place to find this information, if the attacker is in the vicinity of
target is to go through the target’s thrash in order to find little bits of
information that could be useful.
3. The process of going through target’s thrash is known as “dumpster diving”.
4. The search is carried out in waste paper, electronic waste such as old
HDD, floppy and CD media recycle and trash bins on the systems etc.
5. If the attacker is lucky, the target has poor security process they may succeed
in finding user ID‟s and passwords.
6. If the password is changed and old password is discarded, lucky dumpster
driver may get valuable clue.
Prevention Mechanism:
• To prevent dumpster divers from learning anything valuable from your trash,
experts recommend that your company should establish disposal policy.
• Shred personal documents and credit card offers before throwing them away,
and wipe hard drives clean before you get rid of computers or smartphones.
b How formatted partition can be recovered? 6M

Ans Formatted partition recovery: Explanation

 Formatting refers to dividing the disk in accordance with certain principles, : 2 marks,
allowing computer to store and search files. Steps: 4
marks
 Formatting disk is to eliminate all files on disk.
 There are various formatted partition recovery tool available.
 Although every tool will have different GUI & method of recovery.
 These tools usually operate as per following process steps:
Step1: If you cannot boot the computer, please use data recovery bootable disk.
Step 2: Select the file types you want to recover & volume where the formatted
hard drive is. The tool will automatically scan the selected volume.
Step 3: Then the founded data will be displayed on the screen & you can get a
preview of it. Then select the file or directory that you want to recover
& save them to a healthy drive.
2 Attempt any TWO : 16 M

a Define the term virus. Describe the different phases of virus with suitable 8M
example.

Ans A virus is a program that can "infect" other programs by modifying them and Definition
inserting a copy of itself into the program. This copy can then go to infect other of Virus: 2
programs. Just like its biological counterpart, a computer virus carries in its mark
,Listing
instructional code the recipe for making perfect copies of itself. A virus attaches
Page 5 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
itself to another program and then executes secretly when the host program is run. phases of
During it lifetime a typical virus goes through the following stages: Virus:
2mark,
Explanation
of Phases: 4
marks

Diagram is
Optional.

 Dormant phase: The virus is idle. The virus will eventually be activated by
some event, such as a date, the presence of another program or file, or the
capacity of the disk exceeding some limit. Not all viruses have this stage.
 Propagation phase: The virus places a copy of itself into other programs or
into certain system areas on the disk. The copy may not be identical to the
propagating version; viruses often morph to evade detection. Each infected
program will now contain a clone of the virus, which will itself enter a
propagation phase.
 Triggering phase: The virus is activated to perform the function for which it
was intended. As with the dormant phase, the triggering phase can be caused
by a variety of system events, including a count of the number of times that
this copy of the virus has made copies of itself.
 Execution phase: The function is performed. The function may be harmless,
such as a message on the screen, or damaging, such as the destruction of
programs and data files.
b What is DES algorithm? Explain each step in detail with the help of diagram. 8M

Ans The Data Encryption Standard is generally used in the ECB, CBC, or the CFB Definition:
mode. DES is a block cipher. It encrypts data in blocks of size 64 bits each. That 1 mark ;
is, 64 bits of plain text goes as the input to DES, which produces 64 bits of cipher Diagram:
1m; process
text .DES is based on the two fundamental attributes of cryptography: substitution
Diagram: 1
and transposition. The process diagram as follows:
mark, for
each step:
1marks

Page 6 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________

Initial Permutation (IP): It happens only once. It replaces the first bit of the
original plain text block with the 58th bit of the original plain text block, the
second bit with the 50th bit of original plain text block and so on. The
resulting 64-bits permuted text block is divided into two half blocks. Each half
block consists of 32 bits. The left block called as LPT and right block called as
RPT.16 rounds are performed on these two blocks. Details of one round in
DES

Step 1 : Key Transformation: The initial key is transformed into a 56-bit key
by discarding every 8th bit of initial key. Thus ,for each round , a 56 bit key is
available, from this 56-bit key, a different 48-bit sub key is generated during
each round using a process called as key transformation Expansion
Permutation Key Transformation S-box substitution XOR and swap P-box
Permutation

Step 2: Expansion Permutation: During Expansion permutation the RPT is

Page 7 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
expanded from 32 bits to 48 bits. The 32-bit RPT is divided into 8 blocks, with
each block consisting of 4-bits. Each 4-bits block of the previous step is then
expanded to a corresponding 6-bit block, per 4-bit block, 2 more bits are
added. They are the repeated 1st and 4th bits of the 4-bit block. The 2nd and
3rd bits are written as they were in the input. The 48 bit key is XORed with
the 48-bit RPT and the resulting output is given to the next step.
Step 3: S-box Substitution: It accepts the 48-bits input from the XOR
operation involving the compressed key and expanded RPT and produces 32-
bit output using the substitution techniques. Each of the 8 S-boxes has a 6-bit
input and a 4-bit output. The output of each S-box then combined to form a
32-bit block, which is given to the last stage of a round

Step 4: P- box Permutation: The output of S-box consists of 32-bits. These

32-bits are permuted using P-box. Step 5: XOR and Swap: The LPT of the
initial 64-bits plain text block is XORed with the output produced by P box-
permutation. It produces new RPT. The old RPT becomes new LPT, in a
process of swapping.

Page 8 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
Final Permutation: At the end of 16 rounds, the final permutation is performed.
This is simple transposition. For e.g., the 40th input bit takes the position of 1st
output bit and so on.
c Describe the components of NIDS with neat diagram. State its advantages & 8M
disadvantages.

Ans Network-based Intrusion Detection Systems: Diagram: 2

marks,

IDS
components
:2 marks,

Advantades:
2 marks,
Disadvantag
es:2 marks

1. Traffic collection: Collects activity as events from IDS to examine. On

Host-based IDS, this can be log files, Audit logs or traffic coming to or
leaving a system. On network based IDS, this is typically a mechanism for
copying traffic of network link.
2. Analysis Engine: Examines collected network traffic & compares it to
known patterns of suspicious or malicious activity stored in digital
signature. The analysis engine act like a brain of IDS.
3. Signature database: A collection of patterns & definitions‟ of known
suspicious or malicious activity.
4. User Interface & Reporting: interfaces with human element, providing
alerts when suitable & giving the user a means to interact with & operate the
IDS.
Advantages of Network-based Intrusion Detection Systems
• The deployment of network-based IDSs is usually easy with minimal effort.
• Network-based IDSs can be made very secure and is often invisible to most
attackers.
• They can monitor a heterogeneous set of hosts and operating systems
simultaneously, due to the fact that standard network protocols (e.g. TCP,
UDP and IP) are supported and used by most major operating systems.

Disadvantages of Network-based Intrusion Detection Systems

• Network-based IDSs cannot analyse encrypted information. This problem is
increasing as more organizations and attackers use virtual private networks,
which normally utilize encrypted information.
• The processing load in a large or busy network may cause significant
difficulties to the analysis engine part of the IDS. This condition (high

Page 9 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
processing load) can seriously limit an IDS’s ability to detect attacks when
the network load is above a specific amount of network traffic. Although
some vendors have adopted hardware-based solutions for IDSs, to increase
the speed of their processing capability (and the cost of implementation), the
limitation still remains.
• The need to analyse packets as fast as possible, force developers to detect
fewer attacks. Thus, the detection effectiveness is often compromised for the
sake of cost effectiveness.
3 Attempt any FOUR : 16 M

a Differentiate between virus and worm. 4M

Ans 1 Mark each

for any 4
Virus Worm points
The virus is the program code that The worm is code that replicate
attaches itself to application program itself in order to consume resources
and when application program run it to bring it down.
runs along with it.
It inserts itself into a file or It exploits a weakness in an
executable program. application or operating system by
replicating itself.
It has to rely on users transferring It can use a network to replicate
infected files/programs to other itself to other computer systems
computer systems. without user intervention.
Yes, it deletes or modifies files. Usually not. Worms usually only
Sometimes a virus also changes the monopolize the CPU and memory.
location of files.
Virus may need a trigger for Worm does not need any trigger.
execution.
Virus is slower than worm. Worm is faster than virus
Damage is mostly caused to local It harms the network and consumes
machine. network bandwidth.
E.g. Macro virus, Directory virus, E.g. Code red
Stealth Virus
b Enlist types of Biometrics. Explain any one Biometrics type in detail. 4M

Ans Biometric refers study of methods for uniquely recognizing humans based upon 1 mark-
one or more intrinsic physical or behavioural characteristics. Listing; 1.5
Different types of Biometrics (any two 1 Mark) marks-
diagram;
1. Finger print recognition
1.5 marks-
2. Hand print recognition
explanation
3. Retina/iris scan technique
4. Face recognition
5. Voice patterns recognition
6. Signature and writing patterns recognition
7. Keystroke dynamics
Page 10 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________

Fingerprint registration & verification process

1. During registration, first time an individual uses a biometric system is
called an enrolment.
2. During the enrolment, biometric information from an individual is stored.
3. In the verification process, biometric information is detected and compared
with the information stored at the time of enrolment.
4. The first block (sensor) is the interface between the real world and the
system; it has to acquire all the necessary data.
5. The 2nd block performs all the necessary pre-processing.
6. The third block extracts necessary features. This step is an important step
as the correct features need to be extracted in the optimal way.
7. If enrolment is being performed the template is simply stored somewhere
(on a card or within a database or both).if a matching phase is being
performed the obtained template is passed to a matcher that compares it
with other existing templates, estimating the distance between them using
any algorithm. The matching program will analyse the template with the
input. This will then be output for any specified use or purpose.
c Define the following terms: 4M
i)Cryptography ii) Cryptanalysis
iii) Cryptology iv) Steganography
Ans i) Cryptography- 1 Mark each
Cryptography is the art or science comprising the principles and methods of for relevant
transforming an intelligible message into one that is unintelligible. definitions

INTELLIGIBLE UNINTELLIGIBLE
DATA CRYPTOGRAPHY DATA

ii) Cryptanalysis-
Cryptanalysis is the art or science comprising the principles and methods of
transforming an unintelligible message back into an intelligible message
without the knowledge of key.

Page 11 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________

UNINTELLIGIBLE DATA CRYPTANALYSIS INTELLIGIBLE DATA

iii) Cryptology-
Cryptology is the art or science comprising the principles and methods of
transforming an intelligible message into one that is unintelligible and
unintelligible message back to intelligible one.

CRYPTOGRAPHY + CRYPTANALYSIS = CRYPTOLOGY

iv) Steganography-
Steganography is the art and science of writing hidden message in such a way
that no one apart from sender and intended recipient suspects the existence of
the message.
d Explain IPSec security with help of diagram. 4M

Ans IPsec architecture: IPsec is to encrypt and seal the transport and application 2 Marks-
layer data during transmission. Also offers integrity protection for the Internet Diagram; 2
layer. IPSec layer sits in between the transport and the Internet layers of Marks-
explanation
conventional TCP/IP protocol stack.

IPSec actually consists of two main protocols

a) Authentication Header (AH):
b) Encapsulating Security Payload (ESP):
a) Authentication Header (AH): The AH provides support for data integrity
and authentication of IP packets. The data integrity service ensures that data
inside IP packet is not altered during the transit. The authentication service
enables an end user or computer system to authenticate the user or the
application at the other end and decides to accept or reject packets accordingly.
This also prevents IP spoofing attacks. AH is based on MAC protocol, which
means that the two communicating parties must share a secret key in order to
Page 12 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
use AH.
b) Encapsulating Security Payload (ESP): ESP is a member of the IPsec
protocol suite. In IPsec it provides origin authenticity, integrity and
confidentiality protection of packets. ESP also supports encryption-only and
authentication-only configurations, but using encryption without authentication
is strongly discouraged because it is insecure.

Modes of operation: Both AH and ESP works in two modes:

1. Tunnel mode: In tunnel mode, IPsec protects the entire IP datagram. It
takes an IP datagram, adds the IPSec header and trailer and encrypts the whole
thing. It then adds new IP header to this encrypted datagram.
2. Transport mode: Transport mode does not hide the actual source and
destination addresses. They are visible in plain text, while in transit. In the
transport mode, IPSec takes the transport layer payload, adds IPSec header and
trailer, encrypted datagram.
e What is Secure Electronic Transaction? Enlist and describe any four 4M
components of SET.

Ans Secure electronic Transaction is an open encryption and security 1 Mark-

specification that is designed for protecting credit card transactions on the What is
Internet. It is a set of security protocols and formats that enable the users to SET; 1
employ the existing credit card payment infrastructure on the internet in a Mark-
secure manner.(1 mark) enlisting
any 4
components
; 2 Marks-
Explanation
of any four
components

Components of SET (1 mark)

1) Cardholder
2) Merchant
3) Issuer
4) Acquirer
5) Payment gateway
6) Certification Authority(CA)

Page 13 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________

Describe any four (1/2 mark for any 4 component)

1) Cardholder: A cardholder is an authorized holder of a payment card such
as MasterCard or Visa that has been issued by an Issuer.
2) Merchant: Merchant is a person or an organization that wants to sell goods
or services to cardholders.
3) Issuer: The issuer is a financial institution that provides a payment card to a
cardholder.
4) Acquirer: this is a financial institution that has a relationship with
merchants for processing payment card authorizations and payments. Also
provides an assurance that a particular cardholder account is active and that
the purchase amount does not exceed the credit limits. It provides electronic
fund transfer to the merchant account.
5) Payment Gateway: It processes the payment messages on behalf of the
merchant. It connects to the acquirer’s system using a dedicated network
line.
6) Certification Authority (CA): This is an authority that is trusted to provide
public key certificates to cardholders, merchant, and Payment Gateway.
4 A Attempt any THREE : 12 M

a Explain active attack and passive attack with suitable example. 4M

Ans Active Attack: 1 Mark-

1. In an active attack, the attacker tries to bypass or break into secured systems. active attack
2. This can be done through stealth, viruses, worms, or Trojan horses. explanation;
3. Active attacks include attempts to circumvent or break protection features, 1 Mark-
to introduce malicious code, and to steal or modify information. active attack
4. These attacks are mounted against a network backbone, exploit information example; 1
in transit, electronically penetrate an enclave, or attack an authorized remote Mark-
user during an attempt to connect to an enclave. passive
5. Active attacks result in the disclosure or dissemination of data files, DoS, or attack
modification of data. explanation;
6. Active attacks can be divided into four categories: 1 Mark-
a. Masquerade passive
A masquerade takes place when one entity pretends to be a different entity. A attack
masquerade attack usually includes one of the other forms of active attack. example
b. Replay
In replay attack, authentication sequences can be captured and replayed after a
valid authentication sequence has taken place, thus enabling an authorized
entity with few privileges to obtain extra privileges by impersonating an
entity that has those privileges.  Replay involves the passive capture of a
data unit and its subsequent retransmission to produce an unauthorized
effect.
c. Modification of messages
Modification of messages simply means that some portion of a legitimate
message is altered, or that messages are delayed or reordered, to produce an
unauthorized effect. For example, a message meaning "Allow Ajay to read
confidential accounts" is modified to mean "Allow Vijay to read
Page 14 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
confidential accounts.

d. Denial of Service(DoS)
Denial of service (DOS) attack scan exploits a known vulnerability in a
specific application or operating system, or they may attack features (or
weaknesses) in specific protocols or services. In this form of attack, the
attacker is attempting to deny authorized users access either to specific
information or to the computer system or network itself.
Passive Attack:
1. A passive attack monitors unencrypted traffic and looks for clear-text
passwords and sensitive information that can be used in other types of
attacks.
2. Passive attacks include
a. traffic analysis,
b. release of message contents
c. monitoring of unprotected communications,
d. decrypting weakly encrypted traffic,
e. Capturing authentication information such as passwords.
3. Passive attacks are in the nature of eavesdropping on, or monitoring of,
transmissions.
4. The goal of the opponent is to obtain information that is being transmitted.
5. The release of message contents is easily understood. A telephone
conversation, an electronic mail message, and a transferred file may
contain sensitive or confidential information. We would like to prevent an
opponent from learning the contents of these transmissions.
6. A second type of passive attack, traffic analysis.
7. Suppose that we had a way of masking the contents of messages or other
information traffic so that opponents, even if they captured the message,
could not extract the information from the message. The common
technique for masking contents is encryption. If we had encryption
protection in place, an opponent might still be able to observe the pattern of
these messages. The opponent could determine the location and identity of
communicating hosts and could observe the frequency and length of
messages being exchanged. This information might be useful in guessing
the nature of the communication that was taking place.
8. Passive attacks are very difficult to detect because they do not involve any
alteration of the data.
9. Typically, the message traffic is not sent and received in an apparently
normal fashion and the sender nor receiver is aware that a third party has
read the messages or observed the traffic pattern.
10. However, it is feasible to prevent the success of these attacks, usually by
means of encryption. Thus, the emphasis in dealing with passive attacks is
on prevention rather than detection.

Page 15 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
b State any four drawbacks of Retina scan Biometrics. 4M
Ans 1. Very intrusive. 1 Mark each
2. It has the stigma of consumer's thinking it is potentially harmful to the eye. for any 4
3. Comparisons of template records can take upwards of 10 seconds, relevant
depending on the size of the database. points
4. Very expensive.
5. eye disease may pose problem
6. not friendly, may cause discomfort to the user
7. It is obscured by eyelashes, lenses and reflections, which create a problem,
more often than not.
8. Iris is partially blocked by eyelids which are difficult to control by
individuals due to frequent blinking.
c What is cyber-crime? Describe hacking and cracking related to cybercrime. 4M

Ans Cybercrime 1 Mark-

Cybercrime is defined as a crime in which a computer is the object of the crime What is
(hacking, phishing, spamming) or is used as a tool to commit an offense (child cybercrime;
pornography, hate crimes). Cybercriminals may use computer technology to 1.5 Marks-
access personal information, business trade secrets, or use the Internet for Hacking;
exploitive or malicious purposes. Criminals can also use computers for 1.5 Marks-
communication and document or data storage. Criminals who perform these Cracking
illegal activities are often referred to as hackers. Cybercrime may also be
referred to as computer crime. Types of Cybercrimes are
1. Hacking
2. Cracking
3. Theft
4. Malicious software
5. Child soliciting and abuse
Hacking:
Hacking is one of the most well-known types of computer crime. A hacker is
someone who find out and exploits the weaknesses of s computer systems or
networks. Hacking refers to unauthorized access of another’s computer
systems. These intrusions are often conducted in order to launch malicious
programs known as viruses, worms, and Trojan horses that can shut down
hacking an entire computer network. Hacking is also carried out as a way to
talk credit card numbers, intent passwords, and other personal information. By
accessing commercial database, hackers are able to steal these types of items
from millions of internet users all at once. There are different types of hackers:
1. White hat
2. Black hat
3. Grey hat
4. Elite hacker
5. Script hacker
Cracking:
In the cyber world, a cracker is someone who breaks into a computer system
or network without authorization and with the intention of doing damage.
Crackers are used to describe a malicious hacker. Crackers get into all kinds of
mischief like he may destroy files, steal personal information like credit card

Page 16 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
numbers or client data, infect the system with a virus, or undertake many others
things that cause harm. Cracking can be done for profit, maliciously, for some
harm to organization or to individuals. Cracking activity is harmful, costly and
unethical.

d Describe any TWO terms : 4M

Application Patches ii) Hotfix iii) Upgrades

Ans i) Application patches: 2 Marks

As O.S continues to grow and introduce new functions, the potential for each for any
problems with the code grows as well. It is almost impossible for an operating two terms
system vendor to test its product on every possible platform under every
possible platform under every possible circumstance, so functionality and
security issues do arise after an O.S has been released. Application patches are
likely to come in three varieties: hot fixes, patches and upgrades. Application
patches are supplied from the vendor who sells the application. Application
patches can be provided in many different forms like can be downloaded
directly from the vendor’s web site or FTP site or by CD. Application patches
are probably come in three varieties: hot fixes, patches and upgrades.
i) Hotfixes:
Normally this term is given to small software update designed to address a
particular problem like buffer overflow in an application that exposes the
system to attacks.
iii) Upgrades:
The term upgrade has a positive implication-you are moving up to a better,
more functional and more secure application. The most vendors will release
upgrades for fixes rather than any new or enhanced functionality.
B Attempt any ONE : 6M

a Describe Digital Signature mechanism with neat diagram. 6M

Ans A digital signature or digital signature scheme is a mathematical scheme 3 Marks-

for demonstrating the authenticity of a digital message or document. A valid Diagram; 3
digital signature gives a recipient reason to believe that the message was Marks-
Explanation
created by a known sender, and that it was not altered in transit. Digital
signatures are commonly used for software distribution, financial transactions,
and in other cases where it is important to detect forgery or tampering.

Page 17 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________

 A digital signature scheme typically consists of three algorithms

 A key generation algorithm that selects a private key uniformly at
random from a set of possible private keys. The algorithm outputs the private
key and a corresponding public key.
 A signing algorithm that, given a message and a private key, produces a
signature.
 A signature verifying algorithm that, given a message, public key and a
signature, either accepts or rejects the message's claim to authenticity.
Digital Signature
1. A digital signature performs the same function as its physical counterpart,
the sender “marks” the message so that the recipients can verify that the
message really came from the sender.
2. The process of digitally signing a message starts with the creation of a
unique identify for the message. The unique identifier can be created using
a mathematical technique called Hashing.
3. A hash function uses a mathematical algorithm to convert the message into
a short fixed-length of bits, often referred to as a “hash value” or “message
digest” that uniquely represents the message used to create it.
4. The hash value is specific to the contents of the message. Thus any change
to the message contents will change the hash value that would be generated
by the hash function.
5. Next, the hash value is encrypted using the sender’s private key. Finally,
the message is sent along with the encrypted hash value.
6. On receiving the message and the encrypted hash value, the recipient can
only decrypt the hash value using the sender’s public key.
7. This confirms that the message came from the sender and no one else, as
long as the sender’s private key remains secure. The message can be
Page 18 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
rehashed and compared with the decrypted hash value-if the values do not
match, then the message has been altered since it was same.
b List types of firewall. Explain packet filter with diagram. 6M

Ans List of types of firewall: Listing of

 Packet filter as a firewall types of
 Hardware Firewall firewall: 2
mark,
 Software Firewall Explanation
 Circuit level gateway firewall of packet
 Application level gateway firewall filter as a
 Proxy server as a firewall firewall: 2
Packet Filtering Firewall marks
,diagram of
 A firewall works as a barrier, or a shield, between your PC and cyber packet filter
space. as a
 When you are connected to the Internet, you are constantly sending and firewall: 2
receiving information in small units called packets. mark
 The firewall filters these packets to see if they meet certain criteria set by a
series of rules, and thereafter blocks or allows the data.
 This way, hackers cannot get inside and steal information such as bank
account numbers and passwords from you.

Page 19 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
Working:-
1. A packet filtering router firewall applies a set of rules to each packet and
based on outcome, decides to either forward or discard the packet. Such a
firewall implementation involves a router, which is configured to filter
packets going in either direction i.e. from the local network to the outside
world and vice versa.
2. A packet filter performs the following functions.
a. Receive each packet as it arrives.
b. Pass the packet through a set of rules, based on the contents of the IP
and transport header fields of the packet. If there is a match with one
of the set rule, decides whether to accept or discard the packet based
on that rule.
c. If there is no match with any rule, take the default action. It can be
discard all packets or accept all packets.
3. Advantages: simplicity, transparency to the users, high speed
4. Disadvantages: difficult to set up packet filtering rules, lack of
authentication.

5 Attempt any TWO : 16 M

a Describe the following terms: 8M

i) Intruders
ii) Insiders
iii) Sniffing
iv) Spoofing
Ans i) Intruders: 2 M for
each term
 Keep trying attacks till success As they have the access and knowledge to correct
cause immediate damage to organization. explanation
 Individual or a small group of attackers, they can be more in numbers.

 Next level of this group is script writers, i.e. Elite hackers are of three types:
Masquerader, Misfeasor, Clandestine user is misuse of access given by insiders
directly or indirectly access the organization.
 They may give remote access to the Organization Intruders are authorized or
unauthorized users who are trying access the system or network.
 They are hackers or crackers
 Intruders are illegal users.
 Less dangerous than insiders
 They have to study or to gain knowledge about the security system
 They do not have access to system.
 Many security mechanisms are used to protect system from Intruders

ii)Insiders:

 More dangerous than outsiders As they have the access and knowledge to
Page 20 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
cause
 immediate damage to organization
 They can be more in numbers who are directly or indirectly access the
organization.
 They may give remote access to the organization.
 Insiders are authorized users who try to access system or network for which
he is unauthorized.
 Insiders are not hackers.
 Insiders are legal users

iii) Sniffing:

 This is software or hardware that is used to observe traffic as it passes

through a network on shared broadcast media.
 It can be used to view all traffic or target specific protocol, service, or string
of characters like logins.
 Some network sniffers are not just designed to observe the all traffic but also
modify the traffic.
 Network administrators use sniffers for monitoring traffic.
 They can also use for network bandwidth analysis and to troubleshoot certain
Problems such as duplicate MAC addresses.

iv) Spoofing:
 Spoofing is nothing more than making data look like it has come from a
different source.
 This is possible in TCP/ IP because of the friendly assumption behind the
protocol. When the protocols were developed, it was assumed that
individuals who had access to the network layer would be privileged users
who could be trusted.
 When a packet is sent from one system to another, it includes not only the
destination IP address ant port but the source IP address as well which is one
of the forms of Spoofing.
 Example of spoofing email spoofing, URL spoofing, IP address spoofing.
b What is access control? Describe following access control: 8M
i) DAC
ii) MAC
iii) RBAC
Ans Access control is to specify, control and limit the access to the host system or Access
application, which prevents unauthorized use to access or modify data or control
resources. Definition:
Discretionary Access control (DAC): Restricting access to objects based on the 2M ,Each
identity of subjects and or groups to which they belongs to, it is conditional, access
basically used by military to control access on system. UNIX based System is control
common method to permit user for read/write and execute description:
Mandatory Access control (MAC): It is used in environments where different 2M
levels of security are classified. It is much more restrictive. It is sensitivity based
restriction, formal authorization subject to sensitivity. In MAC the owner or User
cannot determine whether access is granted to or not. I.e. Operating system rights.
Security mechanism controls access to all objects and individual cannot change
Page 21 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
that access.
Role Based Access Control (RBAC): Each user can be assigned specific access
permission for objects associated with computer or network. Set of roles Role in
turn assigns access permissions which are necessary to perform role. Different
User will be granted different permissions to do specific duties as per their
classification.
c Explain the Kerberos with help of suitable diagram. 8M

Ans Kerberos is a network authentication protocol. It is designed to provide strong Diagram:

authentication for client/server applications by using secret key cryptography. 2M,
Kerberos was created by MIT as a solution for network security problems and it is Kerberos
freely available from MIT, under copyright permission. Description
in detail:
6M
Any one
answer
given below
can be
considered

2 marks
diagrams

4 marks
Explanation
of correct
steps.

KERBEROS operates by encrypting data with a symmetric key. A symmetric key

is a type of authentication where both the client and server agree to use a single
encryption/decryption key for sending and receiving data. When working with the
encryption key, the details are actually sent to a key distribution center (KDC),
instead of sending the details directly between each computer.
The entire process takes a total of eight steps, as shown below.
1. The authentication service, or AS, receivers the request by the client and
verifies that the Client is indeed the computer it claims to be. This is usually
just a simple database lookup of the user’s ID
2. Upon verification, a timestamp is crated. This puts the current time in a user
session, along with an expiration date. The default expiration date of a
timestamp is 8 hours. The encryption key is then created. The timestamp
ensures that when 8 hours is up, the encryption key is useless. (This is used
to make sure a hacker doesn’t intercept the data, and try to crack the key.
Almost all keys are able to be cracked, but it will take a lot longer than 8
hours to do so)
3. The key is sent back to the client in the form of a ticket granting ticket, or
TGT. This is a simple ticket that is issued by the authentication service. It is
used for authentication the client for future reference.
4. The client submits the ticket granting ticket to the ticket granting server, or
Page 22 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
TGS, to get authenticated.
5. The TGS creates an encrypted key with a timestamp, and grants the client a
service ticket.
6. The client decrypts the ticket, tells the TGS it has done so, and then sends its
own encrypted key to the service.
7. The service decrypts the key, and makes sure the timestamp is still valid. If it
is, the service contacts the key distribution center to receive a session that is
returned to the client.
8. The client decrypts the ticket. If the keys are still valid, communication is
initiated between client and server.
OR
KERBEROS operates by encrypting data with a symmetric key. A symmetric key
is a type of authentication where both the client and server agree to use a single
encryption/decryption key for sending and receiving data.
When working with the encryption key, the details are actually sent to a key
distribution center (KDC), instead of sending the details directly between each
computer.

The entire process takes a total of eight steps, as shown below.

1. The authentication service, or AS, receivers the request by the client and
verifies that the client is indeed the computer it claims to be. This is usually
just a simple database lookup of the user’s ID.

Client User Id Authentication server

(AS)

2. Upon verification, a timestamp is crated. This puts the current time in a

user session, along with an expiration date. The default expiration date of a
timestamp is 8 hours. The encryption key is then created. The timestamp
ensures that when 8 hours is up, the encryption key is useless. (This is used
to make sure a hacker doesn’t intercept the data, and try to crack the key.
Almost all keys are able to be cracked, but it will take a lot longer than 8
hours to do so)

Authentication server
Client Ticket granting ticket (AS)

Time stamp: 8 hrs.

3. The key is sent back to the client in the form of a ticket-granting ticket, or
TGT. This is a simple ticket that is issued by the authentication service. It is
used for authentication the client for future reference.
4. The client submits the ticket-granting ticket to the ticket-granting server,
or TGS, to get authenticated.

Page 23 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________

Client Authentication
server (AS)

Ticket Granting
Server (TGS)

Service server

TGT Ticket Time stamp: 8 hrs.

5. The TGS creates an encrypted key with a timestamp, and grants the client
a service ticket.

Client Authentication server

(AS)

Ticket Granting
Server (TGS)

Encrypted key Service server

Time stamp: 8 hrs.

6. The client decrypts the ticket, tells the TGS it has done so, and then sends
its own encrypted key to the service.

Page 24 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________

Authentication server
Client
(AS)

Ticket Granting Server

(TGS)
.

Service server

7. The service decrypts the key, and makes sure the timestamp is still valid.
If it is, the service contacts the key distribution center to receive a session
that is returned to the client.
Client Service Server

Success

8. The client decrypts the ticket. If the keys are still valid, communication is
initiated between client and server.
6 Attempt any FOUR : 16 M

a Explain Man-In-Middle attack with help of diagram. 4M

Ans Man-In-Middle attack Diagram:

2M,
A man in the middle attack occurs when attackers are able to place themselves in Description:
the middle of two other hosts that are communicating in order to view or modify 2M
the traffic. This is done by making sure that all communication going to or from
the target host is routed through the attacker‘s host. Then the attacker is able to
observe all traffic before transmitting it and can actually modify or block traffic.
To the target host, communication is occurring normally, since all expected replies
are received.

b State any four advantages of Biometrics. 4M

Page 25 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
Ans Identification accuracy Any 4
Since every individual on the planet possesses unique physiological features that advantages
can’t be easily swapped, shared, or stolen, biometric identification has the 4M, any
potential to accurately identify someone without a shadow of a doubt nearly 100% other
of the time. Occasionally, the ability to accurately identify someone can be suitable
affected by environmental, age, or skin integrity issues, but with a multimodal advantage
biometric identification system you can eliminate those factors. Multiple biometric also carries
attributes can identify someone with 100% certainty every time you scan them. mark
Difficult to forge
Biometric attributes are almost impossible to forge or duplicate. Even if you
manage to forge a biometric attribute such as a fingerprint, modern biometric
devices with liveness detection have the capability to identify a fake from the
original.
Establishes accountability
Implementation of a biometric identification solution creates a concrete activity
audit trail to help establish accountability. Each and every action or transaction
will be recorded and clearly documented by the individual associated with it which
reduces the possibility of system misuse and fraud.
Adds convenience
Biometric technology makes individual identification convenient without the need
to carry around ID cards or remember complicated passwords. Due to the fact that
passwords can be forgotten or easily guessed and the fact that ID cards can be
damaged, swapped, or shared, biometrics are more convenient because individual
physiological attributes are always with you.
Biometrics reduces administrative costs
Modern biometric identification management systems are comprised of hardware
and software that are simple to install and easy to use. This reduces the need for
intense training and ongoing management costs.
Scalable
As your business develops and grows, it’s important to have systems in place that
can scale with the growth of your business. Biometric security systems are flexible
and easily scalable. Whether you want to secure more areas of your facility or just
add more data for additional employees, biometric security systems will grow
alongside your business for ease and security.
Profitable
The return on investment (ROI) on a biometric security system is very high. For
one, it’s much more effective at avoiding fraud than most security systems,
protecting your business from potentially catastrophic breaches.
c What is PGP? How PGP is used for email security? 4M

Ans PGP is Pretty Good Privacy. It is a popular program used to encrypt and decrypt PGP
email over the internet. It becomes a standard for email security. It is used to send Definition:
encrypted code (digital signature) that lets the receiver verify the sender’s identity 2M, Steps
and takes care that the route of message should not change. PGP can be used to in PGP for
encrypt files being stored so that they are in unreadable form and not readable by email
users or intruders It is available in Low cost and Freeware version. It is most security:
widely used privacy ensuring program used by individuals as well as many 2M
corporations.

Page 26 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________

There are five steps as shown below:

1. Digital signature: it consists of the creation a message digest of the email
message using SHA-1 algorithm. The resulting MD is then encrypted with
the sender’s private key. The result is the sender’s digital signature.
2. Compression: The input message as well as p digital signature are
compressed together to reduce the size of final message that will be
transmitted. For this the Lempel -Ziv algorithm is used.
3. Encryption: The compressed output of step 2 (i.e. the compressed form of
the original email and the digital signature together) are encrypted with a
symmetric key.
4. Digital enveloping: the symmetric key used for encryption in step 3 is now
encrypted with the receiver’s public key. The output of step 3 and 4
together form a digital envelope.
5. Base -64 encoding: this process transforms arbitrary binary input into
printable character output. The binary input is processed in blocks of 3
octets (24-bits).these 24 bits are considered to be made up of 4 sets, each
of 6 bits. Each such set of 6 bits is mapped into an 8-bit output character in
this process.
d Describe the following terms w.r.t cyber laws: 4M
i) IT Act, 2000
ii) IT Act, 2008
Ans (i) IT act 2000 Each IT Act
Description:
In May 2000, both the houses of the Indian Parliament passed the Information 2M
Technology Bill. The Bill received the assent of the President in August 2000 and
came to be known as the Information Technology Act, 2000. Cyber laws are
contained in the IT Act, 2000.

This Act aims to provide the legal infrastructure for e-commerce in India. And the
cyber laws have a major impact for e-businesses and the new economy in India.
So, it is important to understand what the various perspectives of the IT Act 2000
are and what it offers.

The Information Technology Act, 2000 also aims to provide for the legal
framework so that legal sanctity is accorded to all electronic records and other
activities carried out by electronic means. The Act states that unless otherwise
agreed, an acceptance of contract may be expressed by electronic means of
communication and the same shall have legal validity and enforceability.

Page 27 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
Some highlights of the Act are listed below:

The Act specifically stipulates that any subscriber may authenticate an electronic
record by affixing his digital signature. It further states that any person can verify
an electronic record by use of a public key of the subscriber.

The Act details about Electronic Governance and provides inter alia amongst
others that where any law provides that information or any other matter shall be in
writing or in the typewritten or printed form, then, notwithstanding anything
contained in such law, such requirement shall be deemed to have been satisfied if
such information or matter is rendered or made available in an electronic form;
and accessible so as to be usable for a subsequent reference and details the legal
recognition of Digital Signatures.

The Act gives a scheme for Regulation of Certifying Authorities. The Act
envisages a Controller of Certifying Authorities who shall perform the function of
exercising supervision over the activities of the Certifying Authorities as also
laying down standards and conditions governing the Certifying Authorities as also
specifying the various forms and content of Digital Signature Certificates.

The Act recognizes the need for recognizing foreign Certifying Authorities and it
further details the various provisions for the issue of license to issue Digital
signature Certificates.
The Act also provides for the constitution of the Cyber Regulations Advisory
Committee, which shall advice the government as regards any rules, or for any
other purpose connected with the said act.

The said Act also proposes to amend the Indian Penal Code, 1860, the Indian
Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank
of India Act, 1934 to make them in tune with the provisions of the IT Act.

OR
IT act 2000

According to Indian cyber laws, Information technology is the important law and
it had passed in Indian parliament in year [Link] act is helpful to encourage
business by use of internet. Due to misuse of internet and increase of cybercrime,
the Govt. of India made an act for safeguarding the internet users.
The main objectives of this act are as follows.
1. To provide legal recognition to the transaction that can be done by
electronic way or by using internet.
2. To provide legal recognition to digital signature used in transaction.
3. To provide facilities like filling of document online relating to admission or
registration.
4. To provide facility to any company that they can store their data in
electronic storage.
5. To provide legal recognition for bankers and other companies to keep
accounts in electronic form.

Page 28 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________

(i) IT act 2008

IT acts 2008: It is the Information Technology Amendment Act, [Link] act was
developed for IT industries, control e-commerce, to provide e-governance facility
and to stop cybercrime attacks.

Following are the characteristics of IT ACT 2008: This act provides legal
recognition or the transaction i.e. Electronic Data Interchange (EDI) and other
electronic communications. This Act also gives facilities for electronic filling of
information with the Government agencies. It is considered necessary to give
effect to the said resolution and to promote efficient delivery of Government
services by means of reliable electronic records

Features of I.T. Amendment Act 2008:

•Focusing on data privacy
•Focusing on information security.
•Defining cyber café.
•Making digital signature technology neutral.
•Defining reasonable security practices to be followed by corporate.
•Redefining the role of intermediaries.
•Recognizing the role of Indian computer Emergency Response Team.
•Inclusion of some additional cybercrimes like child pornography and cyber
terrorism.
•Authorizing an Inspector to investigate cyber offences.
e Explain architecture of secure sockets layer (SSL) with help of diagram. 4M

Ans Definition -Secure Sockets Layer (SSL) Secure Sockets Layer (SSL) is a standard Diagram:
protocol used for the secure transmission of documents over a network. Developed 2M,
by Netscape, SSL technology creates a secure link between a Web server and Explanation
browser to ensure private and integral data transmission. SSL uses Transport : 2M
Control Protocol (TCP) for communication.

Architecture of secure socket layer (SSL)

Working:
In SSL, the word socket refers to the mechanism of transferring data between a
client and server over a network.
When using SSL for secure Internet transactions, a Web server needs an SSL
certificate to establish a secure SSL connection. SSL encrypts network connection

Page 29 of 30
 MAHARAS HTRA S TATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(IS O/IEC - 27001 - 2013 Certified)
__________________________________________________________________________________________________
segments above the transport layer, which is a network connection component
above the program layer.
SSL follows an asymmetric cryptographic mechanism, in which a Web browser
creates a public key and a private (secret) key. The public key is placed in a data
file known as a certificate signing request (CSR). The private key is issued to the
recipient only.
The objectives of SSL are:
 Data integrity: Data is protected from tampering.
 Data privacy: Data privacy is ensured through a series of protocols,
including the SSL Record Protocol, SSL Handshake Protocol, SSL Change
Cipher Spec Protocol and SSL Alert Protocol.
 Client-server authentication: The SSL protocol uses standard cryptographic
techniques to authenticate the client and server.
SSL is the predecessor of Transport Layer Security (TLS), which is a
cryptographic protocol for secure Internet data transmission.

Page 30 of 30
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

Important Instructions to examiners:

1) The answers should be examined by key words and not as word-to-word as given in the
model answer scheme.
2) The model answer and the answer written by candidate may vary but the examiner may try
to assess the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more
Importance (Not applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in the
figure. The figures drawn by candidate and model answer may vary. The examiner may
give credit for any equivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed
constant values may vary and there may be some differen
and model answer.
In case of some questions credit may be given by judgement on part of examiner of

7) For programming language papers, credit may be given to any other program based on
equivalent concept.

Q. Sub Answer Marking

No. Q. N. Scheme
1 A Attempt any THREE : 12 M
a Explain the term Intruders and Insiders. 4M
Ans Intruders Intruders:
2 M,
Keep trying attacks till success as they have the access and Insiders:
knowledge to cause immediate damage to organization. 2M
Individual or a small group of attackers, they can be more OR
in numbers. Answer
Next level of this group is script writers, i.e. Elite hackers with
are of three types: Relevant
Masquerader, Misfeasor, Clandestine user is misuse of Contents
access given by insiders directly or indirectly access the
organization.
They may give remote access to the Organization Intruders
are authorized or unauthorized users who are trying access
the system or network.
They are hackers or crackers
Intruders are illegal users.
Less dangerous than insiders
They have to study or to gain knowledge about the security
system
They do not have access to system.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

Many security mechanisms are used to protect system from

Intruders

Insiders

More dangerous than outsiders As they have the access and

knowledge to cause
immediate damage to organization
They can be more in numbers who are directly or indirectly
access the organization.
They may give remote access to the organization.
Insiders are authorized users who try to access system or
network for which he
is unauthorized.
Insiders are not hackers.
Insiders are legal users

b Explain piggybacking and Shoulder surfing 4M

Ans Piggy backing: Piggyback

ing
has just used their own access card or PIN to gain physical access explanatio
to a room or building. n: 2M,
to Shoulder
know the access code or having to acquire an access card. i.e.: surfing
Access of wireless internet connection by bringing one's own explanatio
computer within range of another wireless connection & using that n: 2M
without explicit permission , it means when an authorized person OR
allows (intentionally or unintentionally) others to pass through a Answer
secure door. with
Relevant
wireless Internet connection by using another subscriber's wireless Contents
Internet access service without the su
or knowledge.

vary by jurisdiction around the world. While completely outlawed

or regulated in some places, it is permitted in others. The process
of sending data along with the acknowledgment is called
piggybacking.
Piggybacking is distinct from war driving, which involves only the
logging or mapping of the existence of access points.

has just used their own access card or PIN to gain physical access
to a room or building.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

know the access code or having to acquire an access card.

unauthorized access of a wireless LAN. Piggybacking is

sometimes referred to as "Wi-Fi squatting."

access rather than any malicious intent, but it can slow down data
transfer for legitimate users of the network.
Shoulder Surfing:

position themselves in such a way as to- be-able to observe the

authorized user entering the correct access code.

crowded places because it's relatively easy to stand next to

someone and watch as they fill out a form, enter a PIN number at
an ATM machine, or use a calling card at a public pay phone.
Shoulder surfing can also be done long distance with the aid of
binoculars or other vision-enhancing devices.

paperwork or your keypad from view by using your body or

cupping your hand.

simple procedures to ensure nobody follows you too closely or is

in a position to observe your actions.

looking over someone's shoulder, to get information.

c Explain the terms: 4M
(i)Gryptography (ii) Gryptanalysis (iii) Gryptology (iv) Cipher
text.

Ans (i)Cryptography: Cryptography is art & science of achieving each

security by encoding messages to make them non-readable. correct
definition
(ii)Cryptanalysis: Cryptanalysis is the technique of decoding 1M
messages from a non-readable format without knowing how they OR
were initially converted from readable format to non-readable Answer
format. with
Relevant
(iii)Cryptology: It is the art and science of transforming the Contents
intelligent data into unintelligent data and unintelligent data back
to intelligent data.
Cryptology = Cryptography + Cryptanalysis

(iv)Cipher text: It is an encrypted text. When plain text is

converted using encryption, this encrypted text is called as cipher
text.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

d Define virus and logic bomb 4M

Ans Virus: Virus
Virus is a program which attaches itself to another program and definition:
causes damage to the computer system or the network. It is loaded 2M and
onto your computer without your knowledge and runs against your Logic
wishes. Types of viruses: bomb
Parasitic Viruses Memory resident viruses Non-resident definition:
viruses Boot sector Viruses Overwriting viruses Stealth Virus 2M
Macro Viruses OR
Answer
Logic bomb: with
A logic bomb is a piece of code intentionally inserted into a Relevant
software system that will set off a malicious function when Contents
specified conditions are met. For example, a programmer may hide
a piece of code that starts deleting files (such as a salary database
trigger), should they ever be terminated from the company.
Software that is inherently malicious, such as viruses and worms,
often contain logic bombs that execute a certain payload at a pre-
defined time or when some other condition is met. This technique
can be used by a virus or worm to gain momentum and spread
before being noticed. Some viruses attack their host systems on
specific dates.

B Attempt any ONE : 6M

a Explain the terms :(i) Assets (ii) Vulnerability (iii) Risks 6M
Ans (i)Assets: Assets:
Asset is any data, device, or other component of the environment 2M
that supports information-related activities. Assets generally Vulnerabil
include hardware, software and confidential information. ity: 2M
Risks: 2M
(ii)Vulnerability: OR
It is a weakness in computer system & network. The term Answer
"vulnerability" refers to the security flaws in a system that allows with
an attack to be successful. Vulnerability testing should be Relevant
performed on an on-going basis by the parties responsible for Contents
resolving such vulnerabilities, and helps to provide data used to
identify unexpected dangers to security that need to be addressed.
Such vulnerabilities are not particular to technology they can
also apply to social factors such as individual authentication and
authorization policies. Testing for vulnerabilities is useful for
maintaining on-going security, allowing the people responsible for
the security of one's resources to respond effectively to new
dangers as they arise. It is also invaluable for policy and
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

technology development, and as part of a technology selection

process.

(iii)Risks:
A measure of the extent to which an entity is threatened by a
potential circumstance or event, and typically a function of: [Link]
adverse impacts that would arise if the circumstance or event
occurs; and [Link] likelihood of occurrence.

b Explain following terms of Intellectual property: 6M

(i)Copyright (ii) Patent (iii) Trademark.
Ans (i) Copyright: Copyright:
Copyright is a form of IPR concerned with protecting works of 2 M,
human intellect. The domain of copyright is literary and artistic Patent:
works, might that be writings, musicals and works of fine arts, 2M,
such as paintings and sculptures, as well as technology-based Trademark
works such as computer programs and electronic databases. :2M
OR
(ii)Patent: Answer
Patent is an exclusive right granted by law to an inventor or with
assignee to prevent others from commercially benefiting from Relevant
his/her patented invention without permission, for a limited period Contents
of time in exchange for detailed public disclosure of patented
invention.

(iii) Trademark:
A trademark is a sign that individualizes the goods or services of a
given enterprise and distinguishes them from those of competitors.
To fall under law protection, a trademark must be distinctive, and
not deceptive, illegal or immoral.

2 Attempt any TWO : 16 M

a Explain man-in-middle and TCP/IP Hacking attacks. 8M

Ans Man-in-middle attack: Man-in-

A man in the middle attack occurs when attackers are able to place middle
themselves in the middle of two other hosts that are explanatio
communicating in order to view or modify the traffic. This is done n: 2M
by making sure that all communication going to or from the target diagram:
2M ,
to observe all traffic before transmitting it and can actually modify TCP/IP
or block traffic. To the target host, communication is occurring Hacking
normally, since all expected replies are received. attacks:
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

4M
any 2
attacks
OR
Answer
with
Relevant
Contents

TCP/IP Hacking attacks:

IP Address Spoofing
Source and destination address contained in the IP header are
the only information needed for routing the packet. Anyone who
has access to the IP layer rce
address and then masquerade it as from another host in the
network. The IP address
spoofing is based upon maliciously creating TCP/IP packets
IP address as source address so as to either
conceal own identity or impersonate the identity of the user of
the spoofed IP address being used the packets are routed by the
router to the destination.
Upon receipt the recipient uses the IP address of the source
to reply to the packet. Since the source address is spoofed, the
recipient will reply to the spoofed address and not to the original
sender who had deliberately changed his IP address in the original
packet. Since the address has been changed intentionally it will
be difficult to trace back
to the attacker. Using this concept the following types of attacks
are normally carried out.

Denial of Services Attacks (DoS)

Using the above trick the attacker can send a large number of
packets to the victim . As he will not receive any packet from the
victim, all the replies will be directed towards the spoofed IP
addresses and causes the victim to go out of services. Using DoS
an attacker can disrupt the normal functioning of the network
and carry out the following attacks:-
Storage Consumption Attacks The attacker tries to consume
all the available local storage space on the target machine to
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

slowly bring it to a grinding halt. A simple trick of sending emails

with very large attachments can be used for launching this type of
DoS. Multiple large
DVD VOB files and uncompressed JPEG or BMP (bitmap)
images of very high resolution are common file types used to
accomplish such attacks.

Subnet Mask Corruption Attacks The attacker may

send a message which causes the target machine to reset its
subnet m subnet routing.

Connection Resources Consumption Attacks

By sending very large numbers of erroneous requests for TCP
session establishment an attacker can consume all of
available connection resources thereby resulting in the target
being unable to service any new authentic connection
requests.

Buffer Overflow Attacks A buffer overflow attack occurs

when a process receives much more data than expected and if it
has no programmed routine to deal with this excessive amount
of data, it may act in unexpected ways that an attacker can
exploit. There are numerous variations and forms of buffer
overflow attack that have been formulated over the years, with
the most

Ping of Death Attacks - The Ping of Death attack is also

referred to
initiates using network utility PING
of Internet Control Message he
target with an illegally modified and very large IP datagram.
This will result in overfilling of the target syst ing
the target to reboot or hang. PING can be configured to send the
IP datagram packets in bursts or as a continual stream. In
the case of a continual stream the target will be immediately under
attack once it reboots and will thus hang or reboot continually until
something is done to stop

SYN Attacks - A SYN attack occurs when anattacker exploits

the use of the buffer space during the Transmission Control
Protocol (TCP) session initialization- three-way handshake. The
receiving machine (usually a server) can maintain multiple
concurrent conversations all -
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

Smurf Attacks Here a combination of IP address Spoofing

and ICMP flooding are used to saturate a target network with
traffic so that the normal traffic is disrupted thereby causing a
Denial of Service (DoS) attack. Smurf attacks consist of the
source site, the bounce site and the target site. First the attacker
selects a bounce site (usually a very large network). The attacker
then modifies a PING packet so that it contains the address of the
target site as the PING

b Explain access control policies. 8M

Ans Access control is to specify, control and limit the access to the Access
host system or application, which prevents unauthorized use to control
access or modify data or resources. Definition:
2M, Each
Discretionary Access control (DAC): access
Restricting access to objects based on the identity of subjects and control
or groups to which they belongs to, it is conditional, policy
Basically used by military to control access on system. UNIX descriptio
based System is common method to permit user for read/write and n: 2M
execute OR
Answer
Mandatory Access control (MAC): with
It is used in environments where different levels of security are Relevant
classified. It is much more restrictive. It is sensitivity based Contents
restriction, formal authorization subject to sensitivity. In MAC the
owner or User cannot determine whether access is granted to or
not. i.e. Operating system rights. Security mechanism controls
access to all objects and individual cannot change
that access.

Role Based Access Control (RBAC):

Each user can be assigned specific access permission for objects
associated with computer or network. Set of roles Role in turn
assigns access permissions which are necessary to perform role.
Different User will be granted different permissions to do specific
duties as per their classification.

c Explain the rail fence techniques and simple columnar 8M

transposition technique. Solve the following example using rail
SECURITY IS

Ans Rail Fence Technique: Explanatio

 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

It is one of the easiest transposition techniques to create n of rail

cipher text. When plain text message is codified using any suitable fence
scheme, the resulting message is called Cipher text or Cipher. techniques
Steps are: Plain text = Hello World :3M ,
Assume No. of rows (rails)=3 Explanatio
Step 1:Write down Plain text as sequence of diagonal. Read Plain n of
text written in simple
columnar
transpositi
on
techniques
:3M

Solving
Step 1 as sequence of rows. As, Then concatenate these two example
sequences of text as one to create following using rail
fence
Cipher Text: technique:
Horel ollWd 2M
OR
simple columnar transposition techniques: Answer
The columnar transposition cipher is a transposition cipher that with
follows a simple rule for mixing up the characters in the plaintext Relevant
to form the cipher -text. It can be combined with other ciphers, Contents
such as a substitution cipher, the combination of which can be
more difficult
to break than either cipher on its own. The cipher uses a columnar
transposition to greatly improve its security.
Algorithm:
1. The message is written out in rows of a fixed length.
2. Read out again column by column according to given order or
in random order.
3. According to order write cipher text.
Example:
The key for the columnar transposition cipher is a keyword e.g.
LEAVES. The row length that is used is the same as the length of
the keyword. To encrypt a below plaintext COMPUTER
PROGRAMMING

1 2 3 4 5
C O M P U
T E R P R
O G R A M
M I N G X
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

L(4) E(2) A(1) V(5) E(3)

P O C U M
P E T R R
A G O M R
G I M X N

In the above example, the plaintext has been padded so that it

neatly fits in a rectangle. This is known as a regular columnar
transposition. An irregular columnar transposition leaves these
characters blank, though this makes decryption slightly more
difficult. The columns are now reordered such that the letters in
the key word are ordered alphabetically.

The Encrypted text or Cipher text is: PPAG OEGI CTOM URMX
MRRN

Solve the following example using rail fence technique.

Assume no .of rows(rails):04

C E R I A

O T R U I S M T N

M U S C T I P R

P E Y O

Cipher text: CERIA OTRUISMTN MUSCTIPRT PEYO

3 Attempt any FOUR : 16 M

a List types of firewall. Explain packet filter with diagram. 4M
Ans Types of firewall List1M
Packet filtering firewalls Explanatio
Circuit level gateways n 2M
Application gateways Diagram1
Stateful multilayer inspection firewall M

Packet filtering firewall: OR

 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

Packet filtering firewalls are functioning at the IP packet Answer

level. Packet filtering firewalls filters packets based on with
addresses and port number. Relevant
These firewalls work at the network layer of OSI model, or Contents
IP layer of TCP/IP. They are usually part of a router. A
router is a device that receives packets from one network
and forwards them to another network. In a packet filtering
firewall, each packet is compared to a set of criteria before
it is forwarded. Depending on the packet and the criteria,
the firewall can drop the packet, forward it or send a
message to the originator. Rules can include source and
destination IP addresses, source and destination port
number and type of the protocol embedded in that packet.
These firewalls often contain an ACL (Access Control
List) to restrict who gains access to which computers and
networks.

b Explain fingerprint and retina pattern in biometric. 4M

Ans Fingerprint: Explanatio
The fingerprints of the user are matched with the database n of
and matching is carried out using complex image fingerprint
processing algorithms. The user is authenticated, if match -2m
of satisfactory is level is obtained. Explanatio
The analysis of fingerprints for matching purposes n of
generally requires the comparison of several features of the retina-2m
print pattern. These include patterns, which are aggregate OR
characteristics of ridges, and minutia points, which are Answer
unique features found within the patterns. It is also with
necessary to know the structure and properties of human Relevant
skin in order to successfully employ some of the imaging Contents
technologies.
Fingerprint patterns:
The three basic patterns of fingerprint ridges are the arch,
loop, and whorl.
An arch is a pattern where the ridges enter from one side of
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

the finger, rise in the center forming an arc, and then exit
the other side of the finger.
The loop is a pattern where the ridges enter from one side
of a finger, form a curve, and tend to exit from the same
side they enter.
In the whorl pattern, ridges form circularly around a central
point on the finger.

The Arch Pattern The Loop Pattern The Whorl Pattern

Retina pattern:
A retinal scan is very difficult to fake because no
technology exists that allows the forgery of a human retina,
and the retina of a deceased person decays too fast to be
used to fraudulently bypass a retinal scan.
A retinal scan is a biometric technique that uses the unique
patterns on a person's retina to identify them. The human
retina is a thin tissue composed of neural cells that is
located in the posterior portion of the eye. Because of the
complex structure of the capillaries that supply the retina
with blood, each person's retina is unique.
A biometric identifier known as a retinal scan is used to map the
unique patterns of a person's retina. The blood vessels within the
retina absorb light more readily than the surrounding tissue and are
easily identified with appropriate lighting. A retinal scan is
performed by casting an unperceived beam of low-energy infrared

eyepiece. This beam of light traces a standardized path on the

retina. Because retinal blood vessels are more absorbent of this
light than the rest of the eye, the amount of reflection varies during
the scan. The pattern of variations is converted to computer code
and stored in a database.
c Explain steganography technique. 4M
Ans Steganography: Term
Steganography is the art and science of writing hidden 1M,
message in such a way that no one, apart from the sender Concept-
and intended recipient, suspects the existence of the 2M,
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

message. Example
Steganography works by replacing bits of useless or 1M
unused data in regular computer files (such as graphics, OR
sound, text, html or even floppy disks) with bits of Answer
different, invisible information. with
This hidden information can be plain text, cipher text or Relevant
even images. Contents
In modern steganography, data is first encrypted by the
usual means and then inserted, using a special algorithm,
into redundant data that is part of a particular file format
such as a JPEG image.
Steganography process:

Cover-media + Hidden data + Stego-key = Stego-medium

Cover media is the file in which we will hide the hidden data,
which may also be encrypted using stego-key. The resultant file is
stego-medium. Cover-media can be image or audio file.
Stenography takes cryptography a step further by hiding an
encrypted message so that no one suspects it exists. Ideally,
anyone scanning your data will fail to know it contains encrypted
data. Stenography has a number of drawbacks when compared to
encryption. It requires a lot of overhead to hide a relatively few
bits of information. I.e. One can hide text, data, image, sound, and
video, behind image.
d Explain working principle of SMTP. 4M
Ans Simple Mail Transfer Protocol, a protocol for sending e- Explanatio
mail messages between servers. Most e-mail systems that n-2m
send mail over the Internet use SMTP to send messages Diagram-
from one server to another; the messages can then be 2m
retrieved with an e-mail client using either POP or IMAP. OR
In addition, SMTP is generally used to send messages from Answer
a mail client to a mail server. This is why you need to with
specify both the POP or IMAP server and the SMTP server Relevant
when you configure your e-mail application. Contents
SMTP usually is implemented to operate over Internet port
25. An alternative to SMTP that is widely used in Europe
is X.400. Many mail servers now support Extended Simple
Mail Transfer Protocol (ESMTP), which allows
multimedia files to be delivered as e-mail.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

A message (Notes or SMTP-based) is created on the

The user sends the message via the Domino 6 server.

Lotus Domino executes a TCP/IP DNS (Domain Name
System) resolution and finds the target server.

delivered to the recipient.

e Explain web security threats. 4M
Ans The main types of threats to web systems are listed below: Explanatio
Physical: Physical threats include loss or damage to equipment n-4m
through fire, smoke, water & other fire suppressants, dust, theft OR
and physical impact. Physical impact may be due to collision or Answer
the result of malicious or accidental damage by people. Power loss with
will affect the ability for servers and network equipment to operate Relevant
depending upon the type of back-up power available and how Contents
robust it is.
Malfunction: Both equipment and software malfunction threats
can impact upon the operations of a website or web application.
Malfunction of software is usually due to poor development
practices where security has not been built into the software
development life cycle.
Malware: Malware, or malicious software, comes in many guises.
Web servers are popular targets to aid distribution of such code
and sites which have vulnerabilities that allow this are popular
targets.
Spoofing: Spoofing where a computer assumes the identity of
another and masquerading where a user pretends to be another,
usually with higher privileges, can be used to attack web systems
to poison data deny service or damage systems.
Scanning: Scanning of web systems are usually part of network or
application fingerprinting prior to an attack, but also include brute
force and dictionary attacks on username, passwords and
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

encryption keys.
Eavesdropping: Monitoring of data (on the network, or on user's
screens) may be used to uncover passwords or other sensitive data.

4 A Attempt any THREE : 12 M

a Explain the concept of hacking. 4M
Ans Hacking is one of the most well-known types of computer Explnation
crime. -4m
A hacker is someone who find out and exploits the OR
weaknesses of computer systems or networks. Answer
with
computer systems. Relevant
These intrusions are often conducted in order to launch Contents
malicious programs known as viruses, worms, and Trojan
horses that can shut down hacking an entire computer
network.
Hacking is also carried out as a way to talk credit card
numbers, intent passwords, and other personal information.
By accessing commercial database, hackers are able to
steal these types of items from millions of internet users all
at once.
There are different types of hackers:
1. White hat
2. Black hat
3. Grey hat
4. Elite hacker
5. Script hacker
b Explain the working of VPN. 4M
Ans A Virtual Private Network (VPN) is a network that uses a public Explanatio
telecommunication infrastructure, such as the Internet, to provide n-2m
remote offices or individual users with secure access to their Diagram-
2m
voice, and video) goes through a secure virtual tunnel between the OR
Answer
encrypted. VPN technology uses a combination of features such as with
encryption, tunneling protocols, data encapsulation, and certified Relevant
connections to provide you with a secure connection to private Contents
networks and to protect your identity.
VPN connections technically give you all the benefits of a Local
Area Network (LAN), which is similar to that found in many
offices but without requiring a hard-wired connection. These
systems use encryption and other security mechanisms to ensure
that only authorized users can access the network and that the data
cannot be intercepted.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

c Explain data recovery procedure. 4M

Ans Data recovery: All computer users need to be aware of backup Explnation
and recovery procedures to protect their data. Data Protection can -2m
be taken seriously as its important for financial, legal or personal Procedure-
reasons. 2m
These are various formatted partition recovery tool available. OR
Although every tool will have different GUI & method of Answer
recovery. with
Steps of data recovery: Relevant
Step1: If you cannot boot the computer, please use data Contents
recovery bootable disk.
Step 2: Select the file types you want to recover & volume
where the formatted hard drive is. The tool will
automatically scan the selected volume.
Step 3: Then the founded data will be displayed on the
screen & you can get a preview of it. Then select the file or
directory that you want to recover & save them to a healthy
drive.
Data recovery procedures:
A computer data recovery procedure is an important part for any
computer literate personality that cannot be neglected. Computer
professional or computer forensic expert who uses data recovery
should maintain the secrecy and privacy of the client. Any action
or activity that leads to disclosure of privacy of the client should
be avoided. The values such as integrity, accuracy & authenticity
should be exercised in an ethical environment. The evidence that is
produced before the court should be fairly examined & analyzed.
There should not be any carelessness and ignorance regarding the
handling of evidence. The case evidence should be examined in
detail based upon validated principles.
d Explain secure socket layer. 4M
Ans SSL is a commonly used internet protocol for managing Explnation
the security of a message transmission between web -2m
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

browser and web server. Diagram-

SSL is succeeded by transport layer security (TLS) and it is 2m
based on SSL. OR
SSL uses a program layer which is located between Answer
with
control protocol (TCP) layers. Relevant
SSL is included as part of both the Microsoft and Netscape Contents
browsers and most web server products.
SSL provides two levels of security services,
authentication and confidentiality.
SSL is logically a pipe between web browser and web
server.

B Attempt any ONE : 6M

a Explain CIA model for security. 6M
Ans Confidentiality, Integrity and Authentication i.e. these three 2M for
concepts are considered as backbone of security. These concepts each
represent the fundamental principles of security. concept of
C,I and A
Confidentiality: OR
The principle of confidentiality specifies that only sender Answer
and intended recipients should be able to access the with
contents of a message. Relevant
Confidentiality gets compromised if an unauthorized Contents
person is able to access the contents of a message.
Example of compromising the Confidentiality of a message
is shown in fig
Here, the user of a computer A send a message to user of
computer B. another user C gets access to this message,
which is not desired and therefore, defeats the purpose of
confidentiality.
This type of attack is also called as Interception.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

Fig. Loss of confidentiality

Authentication:
Authentication helps to establish proof of identities.
The Authentication process ensures that the origin of a
message is correctly identified.
For example, suppose that user C sends a message over the
internet to user B. however, the trouble is that user C had
posed as user A when he sent a message to user B. how
would user B know that the message has come from user
C, who posing as user A?
This concept is shown in fig. below. This type of attack is
called as Fabrication.

Fig. Absence of Authetication

Integrity:
When the contents of the message are changed after the
sender sends it, but before it reaches the intended recipient,
we say that the integrity of the message is lost.
For example, here user C tampers with a message
originally sent by user A, which is actually destined for
user B. user C somehow manages to access it, change its
contents and send the changed message to user B. user B
has no way of knowing that the contents of the message
were changed after user A had sent it. User A also does not
know about this change.
This type of attack is called as Modification
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

b Explain sniffing and spoofing attacks. 6M

Ans Sniffing: This is software or hardware that is used to observe Sniffing-
traffic as it passes through a network on shared broadcast media. It 3M
can be used to view all traffic or target specific protocol, service, Spoofing-
or string of characters like logins. Some network sniffers are not 3M
just designed to observe the all traffic but also modify the traffic. OR
Network administrators use sniffers for monitoring traffic. They Answer
can also use for network bandwidth analysis and to troubleshoot with
certain problems such as duplicate MAC addresses. Relevant
Contents
Spoofing: Spoofing is nothing more than making data look like it
has come from a different source. This is possible in TCP/ IP
because of the friendly assumption behind the protocol. When the
protocols were developed, it was assumed that individuals who
had access to the network layer would be privileged users who
could be trusted. When a packet is sent from one system to
another, it includes not only the destination IP address ant port but
the source IP address as well which is one of the forms of
Spoofing.
Example of spoofing:
e-mail spoofing
URL spoofing
IP address spoofing.

5 Attempt any TWO : 16 M

a Explain role of people in security. 8M
Ans Role of People in Security: 8 Points
Each 1 M
Lock the door to your office or workspace. OR
Do not leave sensitive information inside your car Answer
unprotected. with
Secure storage media containing sensitive information in Relevant
a secure storage device. Contents
Shred paper containing organizational information before
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

discarding it.
Do not divulge sensitive information to individuals
(including other employees) who do not have an
authorized need to know it.
Do not discuss sensitive information with family
members. (The most common violation of this rule occurs
in regard to HR information, as employees, especially
supervisors, may complain to their spouse about other
employees or problems that are occurring at work.)
Protect laptops that contain sensitive or important
organization information wherever the laptop may be

information is encrypted on the laptop so that, should the

equipment be lost or stolen, the information remains safe.)
Be aware of who is around you when discussing sensitive
corporate information. Does everybody within earshot
have the need to hear this information?
Enforce corporate access control procedures. Be alert to,
and do not allow, piggybacking, shoulder surfing, or
access without the proper credentials.
Be aware of the correct procedures to report suspected or
actual violations of security policies.

Follow procedures established to enforce good password security

practices. Passwords are such a critical element that they are
frequently the ultimate target of a social engineering attack.
Though such password procedures may seem too oppressive or
strict, they are often the best line of defense.
b Explain proxy server and application level gateway. 8M
Ans Proxy server is an intermediary server between client and the 4 M for
internet. each
explanatio
Proxy servers offers the following basic functionalities: n
OR
Firewall and network data filtering.
Answer
Network connection sharing
with
Data caching Purpose of Proxy Servers Following are the
Relevant
reasons to use proxy servers.
Contents
Monitoring and Filtering
Improving performance
Translation
Accessing services anonymously
Security
1. Monitoring and Filtering
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

oxy servers allow us to do several kind of filtering such as:

2. Filtering encrypted data

cache which was saved when previous request was made by the
client.

3. Translation

source content or substituting

from the global users is routed to the Source website through

Translation proxy.

4. Accessing services anonymously

anonymizing proxy server and thus does not receive information

about the end user
5. Security

protects from spam and the hacker attacks.

 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

Application level Gateway

A firewall that filters information at the application level blocks all

IP traffic between the private network and the Internet. No IP
packets from the clients or servers of the private network are
allowed to enter or leave the Internet.
Instead, this type of firewall operates according to what is referred
to as the proxy principle. This means that internal clients set up
connections to the firewall and communicate with a proxy server.
If the firewall decides that the internal client should be allowed to
communicate, it sets up a connection with the external server and
performs the operation on behalf of the client. This method solves
many of the security problems associated with IP.
Each proxy server uses a particular application protocol, such as
http-proxy or ftp-proxy. The proxy firewall uses a combination of
different proxy servers which allows many different applications
to be handled.
In addition to providing the best security, the proxy firewall can be
used to fetch and store information from the Internet in a cache
memory. The proxy firewall can achieve short response and
download times because it "understands" the application programs
and can see which URLs are most in demand.
Like a circuit level gateway, an application level gateway
intercepts incoming and outgoing packets, acts as a proxy for
applications, providing information exchange across the gateway.
It also functions as a proxy server, preventing any direct
connection between a trusted server or client and an untrusted
host. The proxies that an application level gateway runs often
differ in two important ways from the circuit level gateway:
The proxies are application specific
The proxies examine the entire packet and can filter packets at the
application layer of the OSI model.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

Unlike the circuit gateway, the application level gateway accepts

only packets generated by services. They are designed to copy,
forward and filter. For example, only an HTTP proxy can copy,
forward and filter HTTP traffic. If a network relies only on an
application level gateway, incoming and outgoing packets cannot
access services for which there is no proxy. For example, if an
application level gateway ran ITP and HTTP proxies, only packets
generated by these services could pass through the firewall. All
other services would be blocked.
The application level gateway runs proxies that examine and filter
individual packets, rather than simply copying them and recklessly
forwarding them across the gateway. Application specific proxies
check each packet that passes through the gateway, verifying the
contents of the packet up through the application layer (layer 7) of
the OSI model. These proxies can filter on particular information
or specific individual commands in the application protocols the
proxies are designed to copy, forward and
As an example, an application level proxy is able to block FTP put
commands while permitting FTP get commands.
Current technology application level gateways are often referred to
as strong application proxies. A strong application proxy extends
the level of security afforded by the application level gateway.
Instead of copying the entire datagram on behalf of the user, a
strong application proxy actually creates a brand /I new empty
datagram inside the firewall. Only those commands and data found
acceptable to the strong application proxy are copied from the
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

original datagram outside the firewall to the new datagram inside

the firewall. Then, and only then, is this new datagram forwarded
to the protected server behind the firewall. By employing this
methodology the strong application proxy can mitigate the risk of
an entire class of covert channel attacks.
An application level gateway fitters information at a higher OSI
layer than the common static or
dynamic packet filter, and most automatically create any necessary
packet filtering rules, usually making them easier to configure then
traditional packet filters.
Benefits
Better logging handling of traffic (because all data between the
client and the server is routed through the application proxy it is
able to both control the session and provide detailed logging; This
ability to log and control all incoming and outgoing traffic is one
of the main advantages of application level gateway
State aware of services (FTP, XII, etc.)
Packet air gap like architecture, i.e. breaks direct connection to
server behind firewall eliminating
the risk of an entire class of covert channel attacks
Strong application proxy that inspects protocol header lengths can
eliminate an entire class of
buffer overrun attacks
Highest level of security.
Weaknesses
A poor implementation that relies on the underlying as Inetd
daemon will suffer from a severe limitation to the number of
allowed connections in today's demanding high simultaneous
session environment.
Complex setup of application firewall needs more and detailed
attentions to the applications that use the gateway.
c Explain VLAN in detail. 8M
Ans A virtual local area network (VLAN) is a logical group of 4 marks
workstations, servers and network devices that appear to be on the for
same LAN despite their geographical distribution. A VLAN explanatio
allows a network of computers and users to communicate in a n 4 marks
simulated environment as if they exist in a single LAN and are for
sharing a single broadcast and multicast domain. VLANs are advantage
implemented to achieve scalability, security and ease of network s and
management and can quickly adapt to changes in network disadvanta
requirements and relocation of workstations and server nodes. ges
Higher-end switches allow the functionality and implementation of OR
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

VLANs. The purpose of implementing a VLAN is to improve the Answer

performance of a network or apply appropriate security features. with
VLAN (Virtual Local Network) is a logically separate IP subnet Relevant
work which allows multiple IP networks and subnets to exist on Contents
the same-switched network.
VLAN is a logical broadcast domain that can span multiple
physical LAN segments. It is a modern way administrators
configure switches into virtual local-area networks (VLANs) to
improve network performance by separating large Layer 2
broadcast domains into smaller ones.
By using VLAN, a network administrator will be able to group
together stations by logical function, or by applications, without
regard to physical location of the users.
Each VLAN functions as a separate LAN and spans one or
more switches. This allows host devices to behave as if they were
on the same network segment.
For traffic to move between VLANs, a layer 3 device (router) is
required.
VLAN has three major functions:
i. Limits the size of broadcast domains
[Link] network performance
ii. Provides a level of security

How VLAN works.

use this real-world scenario;
Think about a small organization with different offices or
departments, all in one building. Some years later, the organization
expands and now spans across three buildings. The original
network is still the same, but offices and departments computers
are spread out across three buildings.
The HR offices remain on the same floor and other
are on the other floors and buildings.
However, the network administrator wants to ensure that all the
office computers share the same security features and bandwidth
controls.
Creating a large LAN and wiring each department together will
constitute a huge task and definitely be easy when it comes
to managing the network.
This where VLAN switching comes in, it will be easier to group
offices and departments with the resources they use regardless of
their location, and certainly easier to manage their specific security
and bandwidth needs.
Opting for a switched VLAN allows the network administrator to
create groups of logically networked devices that act as if they are
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

on their own independent network (VLAN), even if they share a

common infrastructure with other VLANs.
When you configure a VLAN, you can name it to describe the
primary role of the users for that VLAN.

The key benefits of implementing VLANs include:

Allowing network administrators to apply additional

security to network communication
Making expansion and relocation of a network or a
network device easier
Providing flexibility because administrators are able to
configure in a centralized environment while the devices
might be located in different geographical locations
Decreasing the latency and traffic load on the network and
the network devices, offering increased performance

VLANs also have some disadvantages and limitations as listed

below:

High risk of virus issues because one infected system may

spread a virus through the whole logical network
Equipment limitations in very large networks because
additional routers might be needed to control the workload
More effective at controlling latency than a WAN, but less
efficient than a LAN.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

6 Attempt any FOUR : 16 M

a Describe different Password selection criteria. 4M

Ans Password selection criteria: Marks

each for
1. User education: Users can be told the importance of using any 4
hard-to-guess passwords and can be provided with points
guidelines for selecting strong passwords. This user
education strategy is unlikely to succeed at most OR
installations, particularly where there is a large user Answer
population or a lot of turn over. Many users will simply with
ignore the guidelines. Others may not be good judges of Relevant
what is a strong password. For example, many users Contents
believe that reversing a word or capitalizing the last letter
makes a password un-guessable.
2. Computer-generated passwords: Passwords are quite
random in nature. Computer generated passwords also
have problems. If the passwords are quite random in
nature, users will not be able to remember them. Even if
the password is pronounceable, the user may have
difficulty remembering it and so be tempted to write it
down. In general, computer-generated password schemes
have a history of poor acceptance by users. FIPS PUB 181
defines one of the best-designed automated password
generators. The standard includes not only a description of
the approach but also a complete listing of the C source
code of the algorithm. The algorithm generates words by
forming pronounceable syllables and concatenating them
to form a word. A random number generator produces a
random stream of characters used to construct the syllables
and words.
3. Reactive password checking: A reactive password
checking strategy is one in which the system periodically
runs its own password cracker to find guessable passwords.
The system cancels any passwords that are guessed and
notifies the user. This tactic has a number of drawbacks.
First it is resource intensive, if the job is done right.
Because a determined opponent who is able to steal a
password file can devote full CPU time to the task for
hours or even days an effective reactive password checker
is at a distinct disadvantage. Furthermore, any existing
passwords remain vulnerable until the reactive password
checker finds them.
4. Proactive password checking: The most promising
approach to improved password security is a proactive
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

password checker. In this scheme, a user is allowed to

select his or her password. However, at the time of
selection, the system checks to see if the password is
allowable and if not, rejects it. Such checkers are based on
the philosophy that with sufficient guidance from the
system, users can select memorable passwords from a
fairly large password space that are not likely to be guessed
in a dictionary attack. The trick with a proactive password
checker is to strike a balance between user acceptability
and strength. If the system rejects too many passwords,
users will complain that it is too hard to select a password.
If the system uses some simple algorithm to define what is
acceptable, this provides guidance to password crackers to
refine their guessing technique. In the remainder of this
subsection, we look at possible approaches to proactive
password checking.
b Explai 4M

Ans Caesar Cipher Explanatio

It is a mono-alphabetic cipher wherein each letter of the plaintext n : 2 M,
is substituted by another letter to form the cipher text. It is a Example:
simplest form of substitution cipher scheme. 2M
OR
This cryptosystem is generally referred to as the Shift Cipher. Answer
The concept is to replace each alphabet by another alphabet with
Relevant
For this type of scheme, both sender and receiver agree on a Contents

is between 0 and 25 becomes the key of encryption.

Process of Shift Cipher

In order to encrypt a plaintext letter, the sender positions
the sliding ruler underneath the first set of plaintext letters
and slides it to LEFT by the number of positions of the
secret shift.
The plaintext letter is then encrypted to the ciphertext
letter on the sliding ruler underneath. The result of this
process is depicted in the following illustration for an
agreed shift of three positions. In this case, the plaintext

Here is the ciphertext alphabet for a Shift o

 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

On receiving the cipher text, the receiver who also knows

the secret shift, positions his sliding ruler underneath the
cipher text alphabet and slides it to RIGHT by the agreed
shift number, 3 in this case.
He then replaces the cipher text letter by the plaintext
letter on the sliding ruler underneath. Hence the cipher
text
a message encoded with a Shift of 3, generate the
-

Security Value
Caesar Cipher is not a secure cryptosystem because there are
only 26 possible keys to try out. An attacker can carry out an
exhaustive key search with available limited computing
resources.
For example, here's the Caesar Cipher encryption of a full
message, using a left shift of 3.

P l ai nt e x t:

THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG

C ip her t ex t :

QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD

c Explain working principle of PGP. 4M

Ans PGP is Pretty Good Privacy. It is a popular program used to PGP

encrypt and decrypt email over the internet. It becomes a standard Definition:
for email security. It is used to send encrypted code (digital 2M, Steps
in PGP:
takes care that the route of message should not change. PGP can 2M
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

be used to encrypt files being stored so that they are in unreadable OR

form and not readable by users or intruders It is available in Low Answer
cost and Freeware version. It is most widely used privacy ensuring with
program used by individuals as well as many corporations. Relevant
Contents

There are five steps as shown below:

1. Digital signature: it consists of the creation a message digest of
the email message using SHA-1 algorithm. The resulting MD is
then encrypted with

2. Compression: The input message as well as p digital signature

are compressed together to reduce the size of final message that
will be transmitted. For this the Lempel -Ziv algorithm is used.
3. Encryption: The compressed output of step 2 (i.e. the
compressed form of the original email and the digital signature
together) are encrypted with a symmetric key.
4. Digital enveloping: the symmetric key used for encryption in
step 3 is now key. The output
of step 3 and 4 together form a digital envelope.
5. Base -64 encoding: this process transforms arbitrary binary
input into printable character output. The binary input is processed
in blocks of 3 octets (24-bits).these 24 bits are considered to be
made up of 4 sets, each of 6 bits. Each such set of 6 bits is mapped
into an 8-bit output character in this process.

d Explain formatted partition recovery. 4M

Ans Formatted partition recovery: Explanatio
Formatting refers to dividing the disk in accordance with n:2
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

certain principles, allowing computer to store and search files. marks,

Formatting disk is to eliminate all files on disk. Steps: 4
There are various formatted partition recovery tool available. marks
Although every tool will have different GUI & method of OR
recovery. Answer
These tools usually operate as per following process steps: with
Step1: If you cannot boot the computer, please use data recovery Relevant
bootable disk. Contents

Step 2: Select the file types you want to recover & volume where
the formatted hard drive is. The tool will automatically scan the
selected volume.
Step 3: Then the founded data will be displayed on the screen &
you can get a preview of it. Then select the file or directory that
you want to recover & save them to a healthy drive.
e Explain Secure Electronic Transaction. 4M
Ans Secure Electronic Transaction is an open encryption and 1 Mark-
security specification that is designed for protecting credit card What is
transactions on the Internet. It is a set of security protocols and SET;
formats that enable the users to employ the existing credit card 1Mark
payment infrastructure on the internet in a secure manner. Enlisting
any 4
componen
ts; 2
Marks-
Explanatio
n
of any
four
componen
ts
OR
Answer
with
Relevant
Contents

Components of SET:
1) Cardholder
2) Merchant
3) Issuer
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

4) Acquirer
5) Payment gateway
6) Certification Authority(CA)
1) Cardholder: A cardholder is an authorized holder of a payment
card such as MasterCard or Visa that has been issued by an Issuer.
2) Merchant: Merchant is a person or an organization that wants
to sell goods or services to cardholders.
3) Issuer: The issuer is a financial institution that provides a
payment card to a cardholder.
4) Acquirer: This is a financial institution that has a relationship
with merchants for processing payment card authorizations and
payments. Also provides an assurance that a particular cardholder
account is active and that the purchase amount does not exceed the
credit limits. It provides electronic fund transfer to the merchant
account.

5) Payment Gateway: It processes the payment messages on

behalf of the merchant. It connects to the acqu
dedicated network line.
6) Certification Authority (CA): This is an authority that is
trusted to provide public key certificates to cardholders, merchant,
and Payment Gateway.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

WINTER– 19 EXAMINATION
Subject Name: Computer Security Model Answer Subject Code: 17514
Important Instructions to examiners:
1) The answers should be examined by key words and not as word-to-word as given in
the model answer scheme.
2) The model answer and the answer written by candidate may vary but the examiner
may try to assess the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more
Importance (Not applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components
indicated in the figure. The figures drawn by candidate and model answer may vary.
The examiner may give credit for any equivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed
constant values may vary and there may be some difference in the candidate’s
answers and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of
relevant answer based on candidate’s understanding.
7) For programming language papers, credit may be given to any other program based
on equivalent concept.

Q. Sub Answer Marking

No. Q. Scheme
N.
1. Attempt any Three of the following: 12M
a Define Virus. Describe different phases of virus. 4M
Ans Virus is a program which attaches itself to another program and causes damage 2M for
to the computer system or the network. It is loaded onto your computer without definition, 2M
your knowledge and runs against your wishes. Types of viruses: for
explanation of
 Parasitic Viruses types
 Memory resident viruses
 Non-resident viruses
 Boot sector Viruses
 Overwriting viruses
 Stealth Virus
 Macro Viruses

Different phases of viruses are:

 Dormant phase: The virus is idle. The virus will eventually be activated by
some event, such as a date, the presence of another program or file, or the
capacity of the disk exceeding some limit. Not all viruses have this stage.
 Propagation phase: The virus places a copy of itself into other programs
or into certain system areas on the disk. The copy may not be identical to
the propagating version; viruses often morph to evade detection. Each

1|2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

infected program will now contain a clone of the virus, which will itself
enter a propagation phase.
 Triggering phase: The virus is activated to perform the function for which
it was intended. As with the dormant phase, the triggering phase can be
caused by a variety of system events, including a count of the number of
times that this copy of the virus has made copies of itself.
 Execution phase: The function is performed. The function may be
harmless, such as a message on the screen, or damaging, such as the
destruction of programs and data files.
b Describe components of good password. 4M
Ans Components of good password are: 4M for
1. It should be at least eight characters long. correct
2. It should include uppercase and lowercase letters, numbers, special characters explanation
or punctuation marks.
3. It should not contain dictionary words.
4. It should not contain the user's personal information such as their name,
family member's name, birth date, pet name, phone number or any other detail
that can easily be identified.
5. It should not be the same as the user's login name.
6. It should not be the default passwords as supplied by the system vendor such
as password, guest, and admin and so on.
c Consider plain text “Welcome to Computer World”, encrypt with help of Rail 4M
fence technique, and also write the algorithm.
Ans Plain text “Welcome to Computer World” 2M for
problem
Assuming number of rails as 3 solving, 2M
for algorithm

Cipher text is: Wooprl ecmtCmueWrd leoto

Algorithm for rail-fence cipher is as follow:
1. Write down the plain text message as a sequence of diagonals.
2. Read the plain text written in step 1, row wise.
3. Let’s see example of rail-fence cipher. Suppose plain text is Welcome to
Compute World, if we perform rail-fence cipher operation on this text it will be
coded as Wooprl ecmtCmueWrd leoto.
4. It involves writing plain text in a diagonal sequence and then reading it row
by row to produce cipher text.
d List and explain any four techniques used by firewall to control access
and enforce security policy.

2|2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

Ans Techniques used by firewall are: 2M for

listing, 2M
1) Service control for
2) Direction control explanation
3) User control
4) Behavior control
1) Service control: This control determines the types of internet services that
can be accessed, inbound or outbound. Firewall may filter traffic on the basis
of IP address, protocol or TCP port number. It may provide proxy software that
receives and interprets each service request before passing it on. It may host the
server software itself such as a web or mail service.
For Example: Incoming HTTP Requests – Rejected unless they are directed to
an official web server host.

2) Direction control: This control regulates the direction in which particular

service request may be initiated and allowed to flow through firewall.

3) User control: A User control manages or authorizes admission to a service

according to which entity is trying to access that specified service .This feature
is applied to users inside the firewall perimeter (Internal Users). It may also be
applied to incoming traffic from external users. But it requires some form of
secure authentication technology.

4) Behavior control: Controls how particular services are used. For example:
The firewall may filter email to eliminate spam or it may enable external access
to only a portion of the information on a Local web server. Filtering of email
spam attacks – may require examination of Sender’s email address in message
headers and message contents.
1. (B) Attempt any ONE of the following: 6M
a Explain spoofing attack with example. State different ways of spoofing.
Ans  Spoofing is the act of disguising a communication from an unknown source 2M for
as being from a known, trusted source. explanation
 Spoofing can apply to emails, phone calls, and websites, or can be more of spoofing
technical, such as a computer spoofing an IP address, Address Resolution attack, 4M
Protocol (ARP), or Domain Name System (DNS) server. for stating
 Spoofing can be used to gain access to a target’s personal information, types
spread malware through infected links or attachments, bypass network
access controls, or redistribute traffic to conduct a denial-of-service attack.
 Spoofing is often the way a bad actor gains access in order to execute a
larger cyber-attack such as an advanced persistent threat or a man-in-the-
middle attack.

For example: By using corporate logos, or other specific graphics, criminals

can disguise emails to make it look like they’ve come from a trusted source.

3|2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

Different ways of spoofing are:

Email Spoofing: Email spoofing occurs when an attacker uses an email
message to trick a recipient into thinking it came from a known and/or trusted
source. These emails may include links to malicious websites or attachments
infected with malware, or they may use social engineering to convince the
recipient to freely disclose sensitive information.

Caller ID Spoofing: With caller ID spoofing, attackers can make it appear as

if their phone calls are coming from a specific number either one that is known
and/or trusted to the recipient, or one that indicates a specific geographic
location. Attackers can then use social engineering often posing as someone
from a bank or customer support to convince their targets to, over the phone,
provide sensitive information such as passwords, account information, social
security numbers, and more.
Website Spoofing: Website spoofing refers to when a website is designed to
mimic an existing site known and/or trusted by the user. Attackers use these
sites to gain login and other personal information from users.

IP Spoofing: Attackers may use IP (Internet Protocol) spoofing to disguise a

computer IP address, thereby hiding the identity of the sender or impersonating
another computer system. One purpose of IP address spoofing is to gain access
to a networks that authenticate users based on IP addresses.

ARP Spoofing: Address Resolution Protocol (ARP) is a protocol that resolves

IP addresses to Media Access Control (MAC) addresses for transmitting data.
ARP spoofing is used to link an attacker’s MAC to a legitimate network IP
address so the attacker can receive data meant for the owner associated with
that IP address. ARP spoofing is commonly used to steal or modify data but can
also be used in denial-of-service and man-in-the-middle attacks or in session
hijacking.
DNS Server Spoofing: DNS (Domain Name System) servers resolve URLs
and email addresses to corresponding IP addresses. DNS spoofing allows
attackers to divert traffic to a different IP address, leading victims to sites that
spread malware.
b Explain in brief IT Act 2000 and IT Act 2008.
Ans IT Act 2000: 3M for IT
In May 2000, both the houses of the Indian Parliament passed the Information Act 2000,
Technology Bill. The Bill received the assent of the President in August 2000 and came 3M for IT
to be known as the Information Technology Act, 2000. Cyber laws are contained in the Act 2008
IT Act, 2000.
This Act aims to provide the legal infrastructure for e-commerce in India. And the
cyber laws have a major impact for e-businesses and the new economy in India. So, it

4|2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

is important to understand what the various perspectives of the IT Act 2000 are and
what it offers. The Information Technology Act, 2000 also aims to provide for the legal
framework so that legal sanctity is accorded to all electronic records and other activities
carried out by electronic means.
The Act states that unless otherwise agreed, an acceptance of contract may be
expressed by electronic means of communication and the same shall have legal validity
and enforceability. Some highlights of the Act are listed below: The Act specifically
stipulates that any subscriber may authenticate an electronic record by affixing his
digital signature. It further states that any person can verify an electronic record by use
of a public key of the subscriber.
The Act details about Electronic Governance and provides inter alia amongst others
that where any law provides that information or any other matter shall be in writing or
in the typewritten or printed form, then, notwithstanding anything contained in such
law, such requirement shall be deemed to have been satisfied if such information or
matter is rendered or made available in an electronic form; and accessible so as to be
usable for a subsequent reference and details the legal recognition of Digital
Signatures. The Act gives a scheme for Regulation of Certifying Authorities.
The Act envisages a Controller of Certifying Authorities who shall perform the
function of exercising supervision over the activities of the Certifying Authorities as
also laying down standards and conditions governing the Certifying Authorities as also
specifying the various forms and content of Digital Signature Certificates. The Act
recognizes the need for recognizing foreign Certifying Authorities and it further details
the various provisions for the issue of license to issue Digital signature Certificates.
The Act also provides for the constitution of the Cyber Regulations Advisory
Committee, which shall advice the government as regards any rules, or for any other
purpose connected with the said act.
The said Act also proposes to amend the Indian Penal Code, 1860, the Indian Evidence
Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act,
1934 to make them in tune with the provisions of the IT Act.
IT Act 2008:
IT acts 2008: It is the Information Technology Amendment Act, [Link] act was
developed for IT industries, control e-commerce, to provide e-governance facility and
to stop cybercrime attacks.
Following are the characteristics of IT ACT 2008: This act provides legal recognition
or the transaction i.e. Electronic Data Interchange (EDI) and other electronic
communications. This Act also gives facilities for electronic filling of information with
the Government agencies. It is considered necessary to give effect to the said resolution
and to promote efficient delivery of Government services by means of reliable
electronic records.
Features of I.T. Amendment Act 2008:
•Focusing on data privacy
•Focusing on information security.
•Defining cyber café.

5|2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

•Making digital signature technology neutral.

•Defining reasonable security practices to be followed by corporate.
•Redefining the role of intermediaries.
•Recognizing the role of Indian computer Emergency Response Team.
•Inclusion of some additional cybercrimes like child pornography and cyber terrorism.
•Authorizing an Inspector to investigate cyber offences.

2. Attempt any Two of the following: 16M

a List different types of attack. Describe any two in brief. 8M
Ans Types of attacks are: 2M for
listing, 6M
1. Passive attacks for
2. Active attacks explanation
3. Denial of service attacks
4. Backdoor attacks
5. Trapdoor attacks
6. Man-in-the middle attacks
Passive Attacks: A Passive attack attempts to learn or make use of information
from the system but does not affect system resources. Passive Attacks are in the
nature of eavesdropping on or monitoring of transmission.
Active Attacks: An Active attack attempts to alter system resources or effect
their operations. Active attack involves some modification of the data stream or
creation of false statement.
Denial of service Attacks: A Denial-of-Service (DoS) attack is an attack
meant to shut down a machine or network, making it inaccessible to its
intended users. DoS attacks accomplish this by flooding the target with
traffic, or sending it information that triggers a crash. In both instances, the
DoS attack deprives legitimate users (i.e. employees, members, or account
holders) of the service or resource they expected.
Backdoor Attacks: It is secret entry point into program that allows user to gain
access without going through the usual security access procedures. It is used
legitimately in debugging and testing. It also refers to the entry and placement
of a program or utility into a network that creates a backdoor entry for attackers.
This may allow a certain user ID to log on without password a program or gain
of administrative services. It becomes threat when programmers use them to
gain unauthorized access. There are several backdoor programs and tools used
by hackers in terms of automated tools.
Trapdoor Attacks: A trap door is an entrance in a system which circumvents
the normal safety measures. It is secret entry point into a program that allows
someone who is aware of gaining access using procedure other that security
procedure. It might be hidden program which makes the protection system
ineffective. This entry can be deliberately in traduced by the developer to
maintain system in case of disaster management. Trapdoor programs can be
installed through malware using internet.

6|2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

Man in Middle Attacks: A man-in-the-middle attack is a type of cyber-attack

where a malicious actor inserts him/herself into a conversation between two
parties, impersonates both parties and gains access to information that the two
parties were trying to send to each other. A man-in-the-middle attack allows a
malicious actor to intercept, send and receive data meant for someone else, or
not meant to be sent at all, without either outside party knowing until it is too
late.
b Explain DES algorithm? Explain each step in detail with help of diagram.
Ans The Data Encryption Standard is generally used in the ECB, CBC, or the CFB 2M for
mode. DES is a block cipher. It encrypts data in blocks of size 64 bits each. That explanation
is, 64 bits of plain text goes as the input to DES, which produces 64 bits of of DES, 4M
cipher text .DES is based on the two fundamental attributes of cryptography: for steps, 2M
substitution and transposition. The process diagram as follows: for diagram

Initial Permutation (IP): It happens only once. It replaces the first bit of the
original plain text block with the 58th bit of the original plain text block, the
second bit with the 50th bit of original plain text block and so on. The resulting
64-bits permuted text block is divided into two half blocks. Each half block
consists of 32 bits. The left block called as LPT and right block called as RPT.16
rounds are performed on these two blocks. Details of one round in DES.

7|2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

Step 1: Key Transformation: The initial key is transformed into a 56-bit key
by discarding every 8th bit of initial key. Thus ,for each round , a 56 bit key is
available, from this 56-bit key, a different 48-bit sub key is generated during
each round using a process called as key transformation Expansion Permutation
Key Transformation S-box substitution XOR and swap P-box Permutation.

Step 2: Expansion Permutation: During Expansion permutation the RPT is

expanded from 32 bits to 48 bits. The 32-bit RPT is divided into 8 blocks, with
each block consisting of 4-bits. Each 4-bits block of the previous step is then
expanded to a corresponding 6-bit block, per 4-bit block, 2 more bits are added.
They are the repeated 1st and 4th bits of the 4-bit block. The 2nd and 3rd bits
are written as they were in the input. The 48 bit key is XORed with the 48-bit
RPT and the resulting output is given to the next step.
Step 3: S-box Substitution: It accepts the 48-bits input from the XOR
operation involving the compressed key and expanded RPT and produces 32-
bit output using the substitution techniques. Each of the 8 S-boxes has a 6-bit
input and a 4-bit output. The output of each S-box then combined to form a 32-
bit block, which is given to the last stage of a round.

8|2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

Step 4: P- box Permutation: The output of S-box consists of 32-bits. These

32-bits are permuted using P-box. Step 5: XOR and Swap: The LPT of the initial
64-bits plain text block is XORed with the output produced by P box
permutation. It produces new RPT. The old RPT becomes new LPT, in a
process of swapping.

Final Permutation: At the end of 16 rounds, the final permutation is

performed. This is simple transposition. For e.g., the 40th input bit takes the
position of 1st output bit and so on.
c Describe IDS and its two types. 8M
Ans An Intrusion Detection System (IDS) monitors network traffic and monitors for 4M for
suspicious activity and alerts the system or network administrator. In some explanation
cases the IDS may also respond to anomalous or malicious traffic by taking of IDS, 4M
action such as blocking the user or source IP address from accessing the for
network. explanation
of types

9|2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

IDS have following logical components:

1. Traffic collection: It collects activity as events from IDS to examine. On
Host-based IDS, this can be log files, Audit logs or traffic coming to or leaving
a system. On network based IDS, this is typically a mechanism for copying
traffic of network link.
2. Analysis Engine: It examines collected network traffic & compares it to
known patterns of suspicious or malicious activity stored in digital signature.
The analysis engine act like a brain of IDS.
3. Signature database: A collection of patterns & definitions‟ of known
suspicious or malicious activity.
4. User Interface & Reporting: Interfaces with human element, providing
alerts when suitable & giving the user a means to interact with & operate the
IDS.
IDS are mainly divided into two categories, depending on monitoring activity:
1) Host-based IDS: Host based IDS looks for certain activities in the log files
are:
1. Logins at odd hours
2. Login authentication failure
3. Adding new user account
4. Modification or access of critical systems files.
5. Modification or removal of binary files
6. Starting or stopping processes
7. Privilege escalation
8. Use of certain program

2) Network based IDS: Network based IDS looks for certain activities like:
1. Denial of service attacks.
2. Port scans or sweeps
3. Malicious contents in the data payload of packet(s)
4. Vulnerability of scanning
5. Trojans, Viruses or worms
6. Tunneling
7. Brute force attacks.

10 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

3. Attempt any Three of the following: 16M

a Compare Intruders and Insiders 4M
Ans 1M each for
Intruders Insiders one point
Keep trying attacks till success as Insiders are authorized users who
they have the access and try to access system or network for
knowledge to cause immediate which he is unauthorized.
damage to organization
Individual or a small group of They can be more in numbers who
attackers, they can be more in are directly or indirectly access the
numbers. organization.
They are hackers or crackers Insiders are not hackers.
Intruders are illegal users. Insiders are legal users
Less dangerous than insiders More dangerous than outsiders As
they have the access and
knowledge to cause immediate
damage to organization
They do not have access to system. They may give remote access to
the organization.
b Explain password selection strategies 4M
Ans There are four basic techniques passwords selection strategies: 4Meach for
any 4 points
a) User education: Tell the importance of hard-to-guess passwords to the users OR Answer
and provide guidelines for selecting strong password. with
b) Computer generated password: Computer generated passwords are Relevant
random in nature so difficult for user to remember it and may note down Contents
somewhere.
c) Reactive password checking: the system periodically runs its own
password cracker program to find out guessable passwords. If the system finds
any such password, the system cancels it and notifies the user.
d) Proactive password checking: It is a most promising approach to improve
password security. In this scheme, a user is allowed to select his own password,
if password is allowable then allow or reject it.
c Define the following terms: 4M
i)Cryptography
ii)Cryptanalysis
iii)Cryptology
iv)Steganography

11 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

Ans i) Cryptography: Cryptography is the art or science comprising the 1 M each for
principles and methods of transforming an intelligible message into relevant
one that is unintelligible. definitions

ii) Cryptanalysis: Cryptanalysis is the art or science comprising the

principles and methods of transforming an unintelligible message
back into an intelligible message without the knowledge of key.

iii) Cryptology: Cryptology is the art or science comprising the

principles and methods of transforming an intelligible message into
one that is unintelligible and unintelligible message back to
intelligible one.

iv) Steganography: Steganography is the art and science of writing

hidden message in such a way that no one apart from sender and
intended recipient suspects the existence of the message.
d Explain the role of PGP in Email security. 4M

Ans PGP is Pretty Good Privacy. It is a popular program used to encrypt and PGP
decrypt email over the internet. It becomes a standard for email security. It is Definition:
used to send encrypted code (digital signature) that lets the receiver verify the 2M, Steps in
sender’s identity and takes care that the route of message should not change. PGP for
PGP can be used to encrypt files being stored so that they are in unreadable email
form and not readable by users or intruders It is available in Low cost and security: 2M
Freeware version. It is most widely used privacy ensuring program used by
individuals as well as many corporations.

There are five steps as shown below:

12 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

1. Digital signature: it consists of the creation a message digest of the email

message using SHA-1 algorithm. The resulting MD is then encrypted with the
sender’s private key. The result is the sender’s digital signature.

2. Compression: The input message as well as p digital signature are

compressed together to reduce the size of final message that will be transmitted.
For this the Lempel -Ziv algorithm is used.

3. Encryption: The compressed output of step 2 (i.e. the compressed form of

the original email and the digital signature together) are encrypted with a
symmetric key.

4. Digital enveloping: the symmetric key used for encryption in step 3 is now
encrypted with the receiver’s public key. The output of step 3 and 4 together
form a digital envelope.

5. Base -64 encoding: this process transforms arbitrary binary input into
printable character output. The binary input is processed in blocks of 3 octets
(24-bits).these 24 bits are considered to be made up of 4 sets, each of 6 bits.
Each such set of 6 bits is mapped into an 8-bit output character in this process.
e Describe SSL protocol.
Ans Definition -Secure Sockets Layer (SSL) Secure Sockets Layer (SSL) is a
standard protocol used for the secure transmission of documents over a network.
Developed by Netscape, SSL technology creates a secure link between a Web
server and browser to ensure private and integral data transmission. SSL uses
Transport Control Protocol (TCP) for communication. Architecture of secure
socket layer (SSL)

Working:
In SSL, the word socket refers to the mechanism of transferring data between
a client and server over a network. When using SSL for secure Internet
transactions, a Web server needs an SSL certificate to establish a secure SSL
connection.
SSL encrypts network connection segments above the transport layer, which is
a network connection component above the program layer.

13 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

SSL follows an asymmetric cryptographic mechanism, in which a Web browser

creates a public key and a private (secret) key.
The public key is placed in a data file known as a certificate signing request
(CSR). The private key is issued to the recipient only.
The objectives of SSL are:

 Data integrity: Data is protected from tampering.

 Data privacy: Data privacy is ensured through a series of protocols, including

the SSL Record Protocol, SSL Handshake Protocol, SSL Change Cipher Spec
Protocol and SSL Alert Protocol.

 Client-server authentication: The SSL protocol uses standard

cryptographic techniques to authenticate the client and server. SSL is the
predecessor of Transport Layer Security (TLS), which is a cryptographic
protocol for secure Internet data transmission

4. (A) Attempt any Three of the following: 12M

a Explain DOS attack with neat labelled diagram. 4M

Ans A denial-of-service (DoS) is any type of attack where the attackers (hackers) 2M
attempt to prevent legitimate users from accessing the service. In a DoS explanation
attack, the attacker usually sends excessive messages asking the network or 2 M diagram
server to authenticate requests that have invalid return addresses. The network
or server will not be able to find the return address of the attacker when
sending the authentication approval, causing the server to wait before closing
the connection. When the server closes the connection, the attacker sends
more authentication messages with invalid return addresses. Hence, the
process of authentication and server wait will begin again, keeping the
network or server busy

14 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

b Enlist types of Biometric. Explain any one type in detail. 4M

Ans Biometric refers study of methods for uniquely recognizing humans based upon
one or more intrinsic physical or behavioral characteristics.
Different types of Biometrics (any two 1 Mark)
1M
1. Finger print recognition Listing; 1.5
M
2. Hand print recognition
diagram; 1.5
3. Retina/iris scan technique M
explanation
4. Face recognition
5. Voice patterns recognition
6. Signature and writing patterns recognition
7. Keystroke dynamics:

Fingerprint registration & verification process:

1. During registration, first time an individual uses a biometric system is called
an enrollment.

2. During the enrollment, biometric information from an individual is stored.

3. In the verification process, biometric information is detected and compared
with the information stored at the time of enrolment.
4. The first block (sensor) is the interface between the real world and the system;
it has to acquire all the necessary data.
5. The 2nd block performs all the necessary pre-processing
. 6. The third block extracts necessary features. This step is an important step as
the correct features need to be extracted in the optimal way.
7. If enrollment is being performed the template is simply stored somewhere
(on a card or within a database or both).
8. If a matching phase is being performed the obtained template is passed to a
matcher that compares it with other existing templates, estimating the distance
between them using any algorithm.
9. The matching program will analyze the template with the input. This will
then be output for any specified use or purpose.

15 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

c Describe cybercrime? Describe hacking & cracking related to cybercrime. 4M

Ans Cybercrime : 1M
What is
Cybercrime is defined as a crime in which a computer is the object of the crime cybercrime;
(hacking, phishing, spamming) or is used as a tool to commit an offense (child 1.5 M
pornography, hate crimes). Cybercriminals may use computer technology to Hacking;
access personal information, business trade secrets, or use the Internet for 1.5 M
exploitive or malicious purposes. Criminals can also use computers for Cracking
communication and document or data storage. Criminals who perform these
illegal activities are often referred to as hackers. Cybercrime may also be
referred to as computer crime.

Types of Cybercrimes are

1. Hacking
2. Cracking
3. Theft

4. Malicious software
5. Child soliciting and abuse Hacking:
Hacking is one of the most well-known types of computer crime. A hacker is
someone who find out and exploits the weaknesses of s computer systems or
networks. Hacking refers to unauthorized access of another’s computer
systems. These intrusions are often conducted in order to launch malicious
programs known as viruses, worms, and Trojan horses that can shut down
hacking an entire computer network. Hacking is also carried out as a way to talk
credit card numbers, intent passwords, and other personal information. By

16 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

accessing commercial database, hackers are able to steal these types of items
from millions of internet users all at once.
There are different types of hackers:
1. White hat
2. Black hat
3. Grey hat
4. Elite hacker
5. Script hacker
Cracking: In the cyber world, a cracker is someone who breaks into a computer
system or network without authorization and with the intention of doing
damage. Crackers are used to describe a malicious hacker. Crackers get into all
kinds of mischief like he may destroy files, steal personal information like credit
card numbers or client data, infect the system with a virus, or undertake many
others things that cause harm. Cracking can be done for profit, maliciously, for
some harm to organization or to individuals. Cracking activity is harmful, costly
and unethical.
d List & explain the key participants in Secure Electronic Transaction 4M
(SET).
Ans For secure electronic transaction SET participant are there. 1M
listing any 4
1) Cardholders- cardholder is an authorized holder of payment card like components ;
Master card, visa that has been issued by an issuer. 2M
2) Merchant- A merchant is a person or organization that has goods or services Explanation
to sell to cardholder of any four
components
3) Issuer- This is financial institution like bank.
4) Acquirer- This is a financial institution that establishes account with
merchant & process payment card authorization & payment.
5) Payment Gateway- This is a function operated by acquire. The payment
gateway process between SET & existing bankcard payment networks .For
authorization & payment function.
7) The merchant exchanges SET messages with payment gateway over
internet.
8) Certificate Authority- This is an entity that is trusted to issue public key
for cardholder, merchant & payment gateways.

17 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

4 (B) Attempt any ONE of the following: 6M

a Describe digital signature mechanism with neat diagram.
Ans Digital Signature: Any suitable
Diagram:
1. Digital signature is a strong method of authentication in an electronic form. 4M,
2. It includes message authentication code (MAC), hash value of a message and Explanation:
digital pen pad devices. It also includes cryptographically based signature 4M
protocols.
3. Digital Signature is used for authentication of the message and the sender to
verify the integrity of the message.
4. Digital Signature may be in the form of text, symbol, image or audio.
5. In today‘s world of electronic transaction, digital signature plays a major
role in authentication. For example, one can fill his income tax return online
using his digital signature, which avoids the use of paper and makes the process
faster.
6. Asymmetric key encryption techniques and public key infrastructure are
used in digital signature.
7. Digital signature algorithms are divided into two parts.
a. Signing part It allows the sender to create his digital signature.
b. Verification part It is used by the receiver for verifying the signature after
receiving the message.

18 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

Generation and Verification of digital signature:

Procedure:
1. Message digest is used to generate the signature. The message digest (MD)
is calculated from the plaintext or message.
2. The message digest is encrypted using user‘s private key.
3. Then, the sender sends this encrypted message digest with the plaintext or
message to the receiver.
4. The receiver calculates the message digest from the plain text or message he
received.
5. Receiver decrypts the encrypted message digest using the sender‘s public
key. If both the MDs are not same then the plaintext or message is modified
after signing.
b Explain VPN with diagram.
Ans A Virtual Private Network (VPN) is a network that uses a public Explanation-
telecommunication infrastructure, such as the Internet, to provide remote 2M
offices or individual users with secure access to their organization’s network. Diagram2M
With a VPN,all network traffic (data,voice,and videos ) goes through virtual OR Answer
tunnel between the host device(client) and the VPN provider server’s and is with
[Link] technology uses a combination of features such as encryption, Relevant
tunneling protocols, data encapsulation, and certified connections to provide Contents
you with a secure connection to private networks and to protect your identity.

19 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

VPN connections technically give you all the benefits of a Local Area Network
(LAN), which is similar to that found in many offices but without requiring a
hard-wired connection. These systems use encryption and other security
mechanisms to ensure that only authorized users can access the network and
that the data cannot be intercepted.

5. Attempt any Three of the following: 12M

a Describe access control, availability, authentication, authorization related
to physical security.
Ans Access Control: - Access is the ability of a subject to interest with an object. 2 M each for
Authentication deals with verifying the identity of a subject. It is ability to 4 criteria
specify, control and limit the access to the host system or application, which
prevents unauthorized use to access or modify data or resources.
It can be represented using Access Control matrix or List:

Availability
The goal of availability s to ensure that the data, or the system itself, is
available for use when the authorized user wants it.
Authentication
Authentication helps to establish proof of identities. The
Authentication process ensures that the origin of a message is correctly
identified. For example, suppose that user C sends a message over the
internet to user B. however, the trouble is that user C had posed as user

20 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

A when he sent a message to user B. how would user B know that the
message has come from user C, who posing as user A? This concept is
shown in fig. below.

Authorization
Authorization is a security mechanism used to determine user/client
privileges or access levels related to system resources, including
computer programs, files, services, data and application features.
Authorization is normally preceded by authentication for user
identity verification. System administrators (SA) are typically
assigned permission levels covering all system and user resources.
During authorization, a system verifies an authenticated user's
access rules and either grants or refuses resource access.
b Explain DAC and MAC with principles and policies.
Ans DAC: - In Discretionary access control (DAC), each system object (file or data 4 M- DAC
object) has an owner, and each initial object owner is the subject that causes its explanation;
creation. Thus, an object's access policy is determined by its owner. 4 M- MAC
explanation
A typical example of DAC is Unix file mode, which defines the read, write and
execute permissions in each of the three bits for each user, group and others.
DAC attributes include:

 User may transfer object ownership to another user(s).

 User may determine the access type of other users.
 After several attempts, authorization failures restrict user access.
 Unauthorized users are blind to object characteristics, such as file size,
file name and directory path.
 Object access is determined during access control list (ACL)
authorization and based on user identification and/or group
membership.

MAC: -Mandatory Access Control (MAC) is is a set of security policies

constrained according to system classification, configuration and
authentication. MAC policy management and settings are established in one

21 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

secure network and limited to system [Link] defines and ensures

a centralized enforcement of confidential security policy parameters.

For best practices, MAC policy decisions are based on network configuration.
In contrast, certain operating systems (OS) enable limited Discretionary Access
Control (DAC).
MAC advantages and disadvantages depend on organizational
requirements, as follows:

 MAC provides tighter security because only a system administrator may

access or alter controls.
 MAC policies reduce security errors.
 MAC enforced operating systems (OS) delineate and label incoming
application data, which creates a specialized external application access
control policy.

c Explain the Kerberos with the help of suitable diagram.

Ans Kerberos is a network authentication protocol. 4 M-
 It is designed to provide strong authentication for client/server Kerberos
applications by using secret-key cryptography. explanation;
 Kerberos was created by MIT as a solution for network security 4 M-
problems and it is freely available from MIT, under copyright Kerberos
permission. Diagram
How Kerberos does works?
 Kerberos operates by encrypting data with a symmetric key.
 A symmetric key is a type of authentication where both the
client and server agree to use a
 Single encryption/decryption key for sending and receiving
data.
 When working with the encryption key, the details are
actually sent to a key distribution center (KDC), instead of
sending the details directly between each computer.
The entire process takes a total of eight steps, as shown below.
1. The authentication service, or AS, receivers the request by the
client and verifies that the Client is indeed the computer it
claims to be. This is usually just a simple database lookup of the
user’s ID.

22 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

2. Upon verification, a timestamp is crated. This puts the current time

in a user session, along with an expiration date. The default expiration
date of a timestamp is 8 hours. The encryption key is then created.
The timestamp ensures that when 8 hours is up, the encryption key is
useless. (This is used to make sure a hacker doesn’t intercept the data,
and try to crack the key. Almost all keys are able to be cracked, but
it will take a lot longer than 8 hours to do so)

3. The key is sent back to the client in the form of a ticket-granting

ticket, or TGT. This is a simple ticket that is issued by the
authentication service. It is used for authentication the client for
future reference.

4. The client submits the ticket-granting ticket to the ticket-granting

server, or TGS, to get authenticated.

23 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

5. The TGS creates an encrypted key with a timestamp, and grants the client a
service ticket

The client decrypts the ticket, tells the TGS it has done so, and then
sends its own encrypted key to the service.

7. The service decrypts the key, and makes sure the timestamp is still
valid. If it is, the service contacts the key distribution center to receive
a session that is returned to the client.

8. The client decrypts the ticket. If the keys are still valid,
communication is initiated between client and server.

24 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

6. Attempt any Three of the following: 16M

a Explain different models of access control. 4M
Ans Access control is to specify, control and limit the access to the host system or 1 M-
application, which prevents unauthorized use to access or modify data or explanation
resources. of access
Discretionary Access control (DAC): Restricting access to objects based on control; 1 M-
the identity of subjects and or groups to which they belong to, it is conditional, each for
basically used by military to control access on system. UNIX based System is explanation
common method to permit user for read/write and execute of DAC,
Mandatory Access control (MAC): It is used in environments where different MAC and
levels of security are classified. It is much more restrictive. It is sensitivity based RBAC
restriction, formal authorization subject to sensitivity. In MAC the owner or
User cannot determine whether access is granted to or not. I.e. Operating system
rights. that access.
Role Based Access Control (RBAC): Each user can be assigned specific
access permission for objects associated with computer or network. Set of roles
Role in turn assigns access permissions which are necessary to perform role.
Different User will be granted different permissions to do specific duties as per
their classification
b Describe piggybacking and shoulder surfing. 4M
Ans • Piggy backing: 2 M each for
• It is the simple process of following closely behind a person who has piggybacking
just used their own access card or PIN to gain physical access to a room and shoulder
or building. surfing
explanation
• An attacker can thus gain access to the facility without having to know
the access code or having to acquire an access card. i.e.: Access of
wireless internet connection by bringing one's own computer within
range of another wireless connection & using that without explicit
permission, it means when an authorized person allows (intentionally or
unintentionally) others to pass through a secure door.

• Piggybacking on Internet access is the practice of establishing a wireless

Internet connection by using another subscriber's wireless Internet
access service without the subscriber’s explicit permission or
knowledge.

• It is a legally and ethically controversial practice, with laws that vary by

jurisdiction around the world. While completely outlawed or regulated
in some places, it is permitted in others. The process of sending data
along with the acknowledgment is called piggybacking. Piggybacking
is distinct from war driving, which involves only the logging or mapping
of the existence of access points.

25 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

• It is the simple tactic of following closely behind a person who has just
used their own access card or PIN to gain physical access to a room or
building.

• An attacker can thus gain access to the facility without having to know
the access code or having to acquire an access card.

• Piggybacking, in a wireless communications context, is the
unauthorized access of a wireless LAN. Piggybacking is sometimes
referred to as "Wi-Fi squatting." The usual purpose of piggybacking is
simply to gain free network access rather than any malicious intent, but
it can slow down data transfer for legitimate users of the network.
• Shoulder Surfing:
• Shoulder surfing is a similar procedure in which attackers position
themselves in such a way as to- be-able to observe the authorized user
entering the correct access code.
• Shoulder surfing is an effective way to get information in crowded
places because it's relatively easy to stand next to someone and watch
as they fill out a form, enter a PIN number at an ATM machine, or use
a calling card at a public pay phone. Shoulder surfing can also be done
long distance with the aid of binoculars or other vision-enhancing
devices.
• To prevent shoulder surfing, experts recommend that you shield
paperwork or your keypad from view by using your body or cupping
your hand.

• Both of these attack techniques can be easily countered by using simple

procedures to ensure nobody follows you too closely or is in a position
to observe your actions.

• Shoulder surfing is using direct observation techniques, such as looking

over someone's shoulder, to get information.

c Describe the working principle of firewall. 4M

Ans Working: Firewalls enforce the establishment security policies. Variety of 4 M:- any
mechanism includes: relevant
Network Address Translation (NAT) explanation
Basic Packet Filtering for working
Stateful Packet Filtering of firewall
Access Control Lists (ACLs)
Application Layer Proxies.
• One of the most basic security function provided by a firewall is Network
Address Translation (NAT).

26 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

•This service allows you to mask significant amounts of information from

outside of the network.
• This allows an outside entity to communicate with an entity inside the
firewall without truly knowing its address.
• Basic Packet Filtering, the most common firewall technique, looking at
packets, their protocols and destinations and checking that information
against the security policy.
• Telnet and FTP connections may be prohibited from being established to a
mail or database server, but they may be allowed for the respective service
servers.
• This is a fairly simple method of filtering based on information in each
packet header, like IP addresses and TCP/UDP ports. This will not detect
and catch all undesired packet but it is fast and efficient.
d List and explain different types of hackers. 4M
Ans There are different types of hackers: 1 M- listing ;
1. White hat 3 M for
2. Black hat explaining
3. Grey hat any 3 types
4. Elite hacker of hacker
5. Script kiddie hacker

1) Black Hat Hacker

 Black-hat Hackers are also known as an Unethical Hacker or a

Security Cracker.
 These people hack the system illegally to steal money or to
achieve their own illegal goals.
 They find banks or other companies with weak security and steal
money or credit card information.
 They can also modify or destroy the data as well. Black hat
hacking is illegal.

2) White Hat Hacker

 White hat Hackers are also known as Ethical Hackers or a Penetration

Tester. White hat hackers are the good guys of the hacker world.
 These people use the same technique used by the black hat hackers.
 They also hack the system, but they can only hack the system that they
have permission to hack in order to test the security of the system.
 They focus on security and protecting IT system. White hat hacking is
legal.

3) Gray Hat Hacker

27 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

 Gray hat Hackers Are Hybrid between Black Hat Hackers and
White hat hackers.
 They can hack any system even if they don't have permission to
test the security of the system but they will never steal money or
damage the system.
 In most cases, they tell the administrator of that system.
 But they are also illegal because they test the security of the
system that they do not have permission to test.
 Grey hat hacking is sometimes acted legally and sometimes not.

4) Elite Hacker
 Elite hackers avoid deliberately destroying information or
otherwise damaging the computer systems they have exploited.
5) Script Kiddie
 A script kiddie, or “skiddie,” is someone who lacks
programming knowledge and uses existing software to launch
an attack.

 Often a script kiddie will use these programs without even

knowing how they work or what they do.

 For example, imagine a child gets their first computer. The child
watches a movie about hacking and then downloads a copy of
Kali Linux. They begin playing with the various programs while
searching for online tutorials. At first, they may be perceived as
nothing more than an internet troll or noob, due to their lack of
experience and quickness to brag and boast. Sometimes they will
even resort to cyberstalking or bullying. However, this may
simply be a cover for other more nefarious activity.

e Explain four threats to web security. 4M

Ans The main types of threats to web systems are listed below: Explanations
Physical: -4M for any
 Physical threats include loss or damage to equipment through 4 threat OR
fire, smoke, water & other fire suppressants, dust, theft and Answer with
physical impact. Relevant
 Physical impact may be due to collision or the result of malicious Contents
or accidental damage by people.
 Power loss will affect the ability for servers and network
equipment to operate depending upon the type of back-up power
available and how robust it is.

28 | 2 9
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)

Malfunction:
 Both equipment and software malfunction threats can impact
upon the operations of a website or web application.
 Malfunction of software is usually due to poor development
practices where security has not been built into the software
development life cycle.

1) Malware:
 Malware, or malicious software, comes in many guises.
 Web servers are popular targets to aid distribution of such code
and sites which have vulnerabilities that allow this are popular
targets.

2) Spoofing:
 Spoofing where a computer assumes the identity of another and
masquerading where a user pretends to be another, usually with
higher privileges, can be used to attack web systems to poison
data deny service or damage systems.
3) Scanning:
 Scanning of web systems are usually part of network or
application fingerprinting prior to an attack, but also include
brute force and dictionary attacks on username, passwords and
encryption keys.
4) Eavesdropping:
 Monitoring of data (on the network, or on user's screens) may be
used to uncover passwords or other sensitive data.

29 | 2 9
 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Important Instructions to examiners:

1) The answers should be examined by key words and not as word-to-word as given in the model answer
scheme.
2) The model answer and the answer written by candidate may vary but the examiner may try to assess
the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more Importance (Not
applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in the figure.
The figures drawn by candidate and model answer may vary. The examiner may give credit for any
equivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed constant values
may vary and there may be some difference in the candidate‟s answers and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of relevant answer
based on candidate‟s understanding.
7) For programming language papers, credit may be given to any other program based on equivalent
concept.
8) As per the policy decision of Maharashtra State Government, teaching in English/Marathi and
Bilingual (English + Marathi) medium is introduced at first year of AICTE diploma Programme from
academic year 2021-2022. Hence if the students in first year (first and second semesters) write
answers in Marathi or bilingual language (English +Marathi), the Examiner shall consider the same
and assess the answer based on matching of concepts with model answer.

Q.N Sub Answer Marking

o Q.N. Scheme
1. Attempt any FIVE of the following: 10
a) Define following terms: 2M
i) Confidentiality
ii) Accountability
Ans i) Confidentiality: The principle of confidentiality specifies that only 1M for
sender and intended recipients should be able to access the contents of each
a message. Confidentiality gets compromised if an unauthorized person definition
is able to access the contents of a message.
OR
The goal of confidentiality is to ensure that only those individuals who
have the authority can view a piece of information, the principle of
confidentiality specifies that only sender and intended recipients
should be able to access the contents of a message. Confidentiality gets
compromised if an unauthorized person is able to access the contents
of a message.
ii) Accountability: The principle of accountability specifies that every
individual who works with an information system should have specific

Page 1 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

responsibilities for information assurance.

The tasks for which a individual is responsible are part of the overall
information security plan and can be readily measurable by a person
who has managerial responsibility for information assurance.
One example would be a policy statement that all employees must
avoid installing outside software on a company-owned information
infrastructure.
OR
The security goal that generates the requirement for actions of an entity
to be traced uniquely to that entity.
b) Explain the terms: 2M
i) Shoulder surfing
ii) Piggybacking
Ans. i) Shoulder surfing: It is using direct observation techniques, such as 1M for
looking over someone's shoulder, to get information. Shoulder surfing each
is a similar procedure in which attackers position themselves in such a explanation
way as to- be-able to observe the authorized user entering the correct
access code.
• Shoulder surfing is an effective way to get information in crowded
places because it's relatively easy to stand next to someone and watch
as they fill out a form, enter a PIN number at an ATM machine, or use
a calling card at a public pay phone. Shoulder surfing can also be done
long distance with the aid of binoculars or other vision-enhancing
devices.

ii) Piggybacking : Piggybacking on Internet access is the practice of

establishing a wireless Internet connection by using another
subscriber's wireless Internet access service without the subscriber‟s
explicit permission or knowledge.
OR
Access of wireless internet connection by bringing one's own computer
within range of another wireless connection & using that without
explicit permission , it means when an authorized person allows
(intentionally or unintentionally) others to pass through a secure door.
OR
An attacker can thus gain access to the facility without having to know
the access code or having to acquire an access card. It is the simple
tactic of following closely behind a person who has just used their own
access card or PIN to gain physical access to a room or building.

Page 2 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

c) Define term cryptography. 2M

Ans. Cryptography is art & science of achieving security by encoding 2M for
messages to make them non-readable. definition,
diagram is
optional

d) Classify following cyber crimes: 2M

i) Cyber stalking
ii) Email harassment 1M for
Ans. i) Cyber stalking : Cyber Stalking means following some ones each
activity over internet. This can be done with the help of many protocols explanation
available such as e- mail, chat rooms, user net groups.
OR
Cyber stalking :Cyberstalking/ Harassment refers to the use of the
internet and other technologies to harass or stalk another person online,
and is potentially a crime in the India under IT act-2000.
This online harassment, which is an extension of cyberbullying and in-
person stalking, can take the form of e-mails, text messages, social
media posts, and more and is often methodical, deliberate, and
persistent.

ii) Email harassment : Email harassment is usually understood to be

a form of stalking in which one or more people send consistent,
unwanted, and often threatening electronic messages to someone else
OR
Email harassment : Cybercrime against individual
e) Differentiate between viruses & worms (any two) 2M
Ans. S. N Worms Virus 1M for
1. The worm is code that The virus is the program code each
replicate itself in order to that attaches itself to difference,
consume resources to application program and when any two can
bring it down. application program run it be
runs along with it considered
2. It exploits a weakness in It inserts itself into a file or
an application or operating executable program.
system by replicating itself

Page 3 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

3 It can use a network to It has to rely on users

replicate itself to other transferring infected
computer systems without files/programs to other
user intervention. computer systems.
4 Usually not. Worms Yes, it deletes or modifies
usually only monopolize files. Sometimes a virus also
the CPU and memory. changes the location of files.
5 Worm is faster than virus Virus is slower than worm.
6 E.g. Code red E.g. Macro virus, Directory
virus, Stealth Virus
f) Define firewall. Enlist types of firewalls. 2M
Ans. Definition Firewall: A firewall is a network security device that 1M for
monitors incoming and outgoing network traffic and permits or blocks definition
data packets based on a set of security rules. Its purpose is to establish 1M for
a barrier between your internal network and incoming traffic from listing any
external sources (such as the internet) in order to block malicious two types
traffic like viruses and hackers.
Types of Firewall :
1 .Packet Filter
2. Circuit level Gateway
3. Application Gateway
4. Software
5. Hardware
6. Hybrid
7. Stateful multilayer Inspection Firewall

g) Define AH & ESP with respect to IP security. 2M

Ans. Authentication header (AH): 1M each,
1. The AH provides support for data integrity and authentication of any one
IP packets. The data integrity service ensures that data inside IP point also
packet is not altered during the transit. can be
2. The authentication service enables an end user or computer system considered
to authenticate the user or the application at the other end and decides
to accept or reject packets accordingly
Encapsulation Header (ESP):
1. Used to provide confidentiality, data origin authentication, data
integrity.

2. It is based on symmetric key cryptography technique.

Page 4 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

3. ESP can be used in isolation or it can be combined with AH.

2. Attempt any THREE of the following: 12

a) Define following terms: 4M
i) Operating System Security
ii) Hot fix
iii) Patch
iv) Service pack
Ans. i) Operating System Security: The OS must protect itself from 1M for
security breaches, such as runaway processes ( denial of service ), each
memory-access violations, stack overflow violations, the launching of definition
programs with excessive privileges, and many others.
ii)Hot Fix : Normally this term is given to small software update
designed to address a particular problem like buffer overflow in an
application that exposes the system to attacks.
iii) Patch: This term is generally applied to more formal, larger s/w
updates that may address several or many s/w problems. Patches often
contain improvement or additional capabilities & fixes for known
bugs.
iv) Service Pack : service pack is a collection of updates and fixes,
called patches, for an operating system or a software program. Many of
these patches are often released before a larger service pack, but the
service pack allows for an easy, single installation.
OR
A service pack (SP) is an update, often combining previously released
updates, that helps make Windows more reliable. Service packs can
include security and performance improvements and support for new
types of hardware.
b) Explain the mechanism of fingerprint & voice pattern in 4M
Biometrics. 2M for
Ans. each
explanation
, diagram is
optional

Page 5 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Fingerprint registration & verification mechanism

1. During registration, first time an individual uses a biometric system
is called an enrollment.
2. During the enrollment, biometric information from an individual is
stored.
3. In the verification process, biometric information is detected and
compared with the information stored at the time of enrolment.
4. The first block (sensor) is the interface between the real world and
the system; it has to acquire all the necessary data.
5. The 2nd block performs all the necessary pre-processing.
6. The third block extracts necessary features. This step is an important
step as the correct features need to be extracted in the optimal way.
7. If enrollment is being performed the template is simply stored
somewhere (on a card or within a database or both).
8. If a matching phase is being performed the obtained template is
passed to a matcher that compares it with other existing templates,
estimating the distance between them using any algorithm.
9. The matching program will analyze the template with the input. This
will then be output for any specified use or purpose.
Voice pattern :
1. Biometric Voice Recognition is the use of the human voice to
uniquely identify biological characteristics to authenticate an
individual unlike passwords or tokens that require physical input.
2. Voice biometric recognition works by inputting the voice of the
individual whose identity has to be stored in the system. This input
is kept as a print for authentication. The input print is made with
software that can split the voice statement into multiple frequencies
3. A voice biometrics tool collects a user‟s voice template.

Page 6 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

it only checks who is speaking and what is speaking (Who you are and
what you speak)
c) Differentiate between symmetric and asymmetric key 4M
cryptography. 1M for
Ans. each valid
point, any
four points
can be
considered

d) Write & explain DES algorithm 4M

Ans.
2M for
diagram

2M for
explanation

Initial Permutation (IP): It happens only once. It replaces the first bit
of the original plain text block with the 58th bit of the original plain
text block, the second bit with the 50th bit of original plain text block
and so on. The resulting 64-bits permuted text block is divided into
two half blocks. Each half block consists of 32 bits. The left block
called as LPT and right block called as RPT.16 rounds are performed
on these two blocks. Details of one round in DES

Page 7 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Step 1 : key transformation: the initial key is transformed into a 56-

bit key by discarding every 8th bit of initial key. Thus ,for each round ,
a 56 bit key is available, from this 56-bit key, a different 48-bit sub key
is generated during each round using a process called as key
transformation Expansion Permutation Key Transformation
S-box substitution
XOR and swap
P-box Permutation

Step 2: Expansion permutation: During Expansion permutation the

RPT is expanded from 32 bits to 48 bits. The 32-bit RPT is divided
into 8 blocks, with each block consisting of 4-bits. Each 4-bits block of
the previous step is then expanded to a corresponding 6-bit block, per
4-bit block, 2 more bits are added. They are the repeated 1st and 4th
bits of the 4-bit block. The 2nd and 3rd bits are written as they were in
the input. The 48 bit key is XOR ed with the 48-bit RPT and the
resulting output is given to the next step.
Step 3: S-box substitution: It accepts the 48-bits input from the XOR
operation involving the compressed key and expanded RPT and
produces 32-bit output using the substitution techniques. Each of the 8
S-boxes has a 6-bit input and a 4-bit output. The output of each S-box
then combined to form a 32-bit block, which is given to the last stage
of a round
Step 4: P- box permutation: the output of S-box consists of 32-bits.
These 32-bits are permuted using P-box. Step
5: XOR and Swap: The LPT of the initial 64-bits plain text block is
XORed with the output produced by P box-permutation. It produces

Page 8 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

new RPT. The old RPT becomes new LPT, in a process of swapping.

Final Permutation: At the end of 16 rounds, the final permutation is

performed. This is simple transposition. For e.g., the 40th input bit
takes the position of 1st output bit and so on.

3. Attempt any THREE of the following: 12

a) Describe the features of DAC access control policy. 4M
Ans. DAC (discretionary access control) policy utilizes user identification 1M for
procedures to identify and restrict object access .It restricts access to explanation
objects based on the identity of subjects and or groups to which they , 3M for
belongs to. The owner of information or any resource is able to change features
its permissions at his discretion .Data Owners can transfer ownership
of information to other users .Data Owners can determine the type of
access given to other users (read, write etc.)

Features of DAC policy are as follows :-

Flexible –In DAC policy owner of information or resource can change
its permission.

Page 9 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Backup - Discretionary access control allows organizations to

backup security policies and data to ensure effective access points.

Usability - Discretionary access control is easy to use. Data Owners

can transfer ownership of information to other users easily.

b) Consider plain text “COMPUTER ENGINEERING” and convert 4M

given plain text into cipher text using „Caesar Cipher‟ with shift of
position three- write down steps in encryption.
Ans. Caesar cipher technique is proposed by Julius Caesar. It is one of the 2M for
simplest and most widely known encryption techniques. It is a type of explanation
substitution technique in which each letter in the plain text is replaced 2M for
by a letter some fixed number of position down the alphabet. The problem
Caesar cipher involves replacing each letter of the alphabet with the solution
letter three places further down the alphabet. For example, with a shift
of 3, A would be replaced by D, B would became E, and so on as
shown in the table below

PLAIN TEXT -COMPUTER ENGINEERING

CIPHER TEXT–FRPSXWHU HQJLQHHULQJ

c) Differentiate between host-based & network based IDS 4M

Ans. SN Host Based Ids Network Based Ids 1M for
1 Examines activity on an Examines activity on the each valid
individual system, such as a network itself point, any
mail server, web server, or four points
individual PC. can be
2 It is concerned only with an It has visibility only into the considered
individual system and traffic crossing the network
usually has no visibility into link it is monitoring and
the activity on the network typically has no idea of
or systems around it what is happening on
individual systems.

Page 10 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

3 HIDS is looking for certain NIDSs look for certain

activities that typify hos- activities that typify hostile
tile actions or misuse, such actions or misuse, such as
as the following: the following:
 Logins at odd hours  Denial-of-service
 Login authentication attacks
failures  Port scans or sweeps
 Additions of new user  Malicious content in the
accounts data payload of a packet
 Modification or access or packets
of critical system files  Vulnerability scanning
 Trojans, viruses, or
worms
 Tunneling
 Brute-force attacks
4

5 It is host dependent It is host independent

6 It has low false positive rate It has high false positive
rate
7 It senses local attack. It senses network attack
8 It slow down the host that It slow down the network
have IDS client installed that have IDS client
installed
d) Define access control and explain authentication mechanism for 4M
access control.
Ans. Access Control – 2M for
Access is the ability of a subject to interest with an object. Access
Authentication deals with verifying the identity of a subject. It is control
ability to specify, control and limit the access to the host system or
application, which prevents unauthorized use to modify data or

Page 11 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

resources. Access control is to specify, control and limit the access to 2M for
the host system or application, which prevents unauthorized use to authenticati
access or modify data or resources. on
Authentication -
Authentication helps to establish proof of identities. The
Authentication process ensures that the origin of a message is correctly
identified. For example, suppose that user C sends a message over the
internet to user B. however, the trouble is that user C had posed as user
A when he sent a message to user B. how would user B know that the
message has come from user C, who posing as user A? This concept is
shown in fig. below. This type of attack is called as fabrication
Authentication is the process of determining identity of a user or other
entity. It is performed during log on process where user has to submit

His / her username and password.

There are three methods used in it.
1. Something you know - User knows user id and password.
2. Something you have - Valid user has lock and key.
3. Something about you - User‟s unique identity like fingerprints,
DNA etc.

4. Attempt any THREE of the following: 12

a) Enlist substitution techniques & explain any one. 4M
Ans. Substitution Techniques:- In substitution technique letters of plain text 1M for list,
are replaced by the other letters or by numbers or by symbols. 2M for
Substitution techniques are as follows:- explanation
a) Caesar cipher 1M for
b) Modified version of Caesar cipher example
c) Mono-alphabetic cipher
d) Vigener„s cipher

Page 12 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Caesar cipher:
It is proposed by Julius Caesar. In cryptography Caesar cipher also
known as Caesar cipher/code, shift cipher/code. It is one of the
simplest and most widely known encryption techniques. It is a type of
substitution technique in which each letter in the plain text is replaced
by a letter some fixed number of position
down the alphabet. For example, with a shift of 3, A would be replaced
by D, B would became E, and so on as shown in the table below.

Using this scheme, the plain text “SECRET” encrypts as Cipher text
“VHFUHW”. To allow someone to read the cipher text, you tell them
that the key is 3
For S:= (p+k)mod26
= (18 + 3) mod 26
= 21
=V
To allow someone to read the cipher text, you tell them that the key is3
Algorithm to break Caesar cipher:
1. Read each alphabet in the cipher text message, and search for it in
the second row of the table above.
2. When a match in found, replace that alphabet in the cipher text
message with the corresponding alphabet in the same column but the
first row of the table. (For example, if the alphabet cipher text is J,
replace it with G).
3. Repeat the process for all alphabets in the cipher text message.
b) Explain DMZ 4M
Ans. DMZ (Demilitarized Zone):- 1M for
 It is a computer host or small network inserted as a “neutral diagram
zone” in a company‟s private network and the outside public network. 2M for
It avoids outside users from getting direct access to a company‟s data explanation
server. A DMZ is an optional but more secure approach to a firewall. It 1M for

Page 13 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

can effectively acts as a proxy server. example

 The typical DMZ configuration has a separate computer or host
in network which receives requests from users within the private
network to access a web sites or public network. Then DMZ host
initiates sessions for such requests on the public network but it is not
able to initiate a session back into the private network. It can only
forward packets which have been requested by a host.

Advantage: The main benefit of a DMZ is to provide an internal

network with an additional security layer by restricting access to
sensitive data and servers. A DMZ enables website visitors to obtain
certain services while providing a buffer between them and the
organization's private network.

c) Differentiate between firewall & IDS 4M

Ans. S. N Firewall IDS 1M for
1 Firewall is hardware or An intrusion detection system each
software that stands (IDS) is a device or software correct
between a local network application that monitors a point
and the Internet and filters traffic for malicious activity or Any four
traffic that might be policy violations and sends points
harmful based on alert on detection.
predetermined rules.
2 Firewall does not inspect IDS inspects overall network
content of permitted traffic
traffic

Page 14 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

3 A firewall can block an An IDS can only report an

unauthorized access to intrusion .It cannot block it.
network
4 Firewalls Block traffic IDS gives Alerts/alarms on
based on rules the detection of anomaly
5 It filters traffic based on It detects real time traffic and
IP address and port looks for traffic patterns or
numbers signatures of attack and them
generates alerts
d) Explain Email security in SMTP. 4M
Ans. Email Security Email is emerging as one of the most valuable services 1M for
on the internet today. Most of the internet systems use SMTP as a diagram
method to transfer mail from one user to another. SMTP is a push 3M for
protocol and is used to send the mail whereas POP (post office explanation
protocol) or IMAP (internet message access protocol) are used to
retrieve those mails at the receiver„s side.
1. SMTP (simple mail transfer protocol)
2. PEM (Privacy Enhance Mail)
3. PGP (Pretty Good Privacy)
SMTP (Simple Mail Transfer Protocol)
Simple Mail Transfer Protocol, a protocol for sending email messages
between servers. Most e-mail systems that send mail over the Internet
use SMTP to send messages from one server to another; the messages
can then be retrieved with an e-mail client using either POP or IMAP.
In addition, SMTP is generally used to send messages from a mail
client to a mail server. This is why you need to specify both the POP or
IMAP server and the SMTP server when you configure your e-mail
application. SMTP usually is implemented to operate over Internet port
25. An alternative to SMTP that is widely used in Europe is X.400.
Many mail servers now support Extended Simple Mail Transfer
Protocol (ESMTP), which allows multimedia files to be delivered as e-
mail.

Page 15 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

The basic phases of an email communication consists of the following

steps :-
1. At sender„s end an SMTP server takes the message sent by uses
computer
2. The SMTP server at the sender„s end then transfer the message to
the SMTP server of the receiver.
3. The receiver„s computer then pulls the email message from the
SMTP server at the receiver„s end, using the other mail protocol such
as Post Office Protocol (POP) or IMAP (Internet mail access protocol )

e) Explain digital signature in Cryptography. 4M

Ans. Digital Signature: 1Mfor
1. Digital signature is a strong method of authentication in an diagram
electronic form. 3M for
2. It includes message authentication code (MAC), hash value of a explanation
message and digital pen pad devices. It also includes cryptographically
based signature protocols.
3. Digital Signature is used for authentication of the message and the
sender to verify the integrity of the message.
4. Digital Signature may be in the form of text, symbol, image or
audio.
5. In today‟s world of electronic transaction, digital signature plays a
major role in authentication. For example, one can fill his income tax
return online using his digital signature, which avoids the use of paper
and makes the process faster.
6. Asymmetric key encryption techniques and public key infrastructure
are used in digital signature.
7. Digital signature algorithms are divided into two parts-
a. Signing part: It allows the sender to create his digital signature.
b. Verification part: It is used by the receiver for verifying the
signature after receiving the message.
Generation and Verification of digital signatures:
Working:
1. Message digest is used to generate the signature. The message digest
(MD) is calculated from the plaintext or message.
2. The message digest is encrypted using user‟s private key.
3. Then, the sender sends this encrypted message digest with the
plaintext or message to the receiver.

Page 16 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

4. The receiver calculates the message digest from the plain text or
message he received.
5. Receiver decrypts the encrypted message digest using the sender‟s
public key. If both the MDs are not same then the plaintext or message
is modified after signing.

Advantages of Digital Signatures

 Speed: Businesses no longer have to wait for paper documents to
be sent by courier. Contracts are easily written, completed, and
signed by all concerned parties in a little amount of time no matter
how far the parties are geographically.
 Costs: Using postal or courier services for paper documents is
much more expensive compared to using digital signatures on
electronic documents.
 Security: The use of digital signatures and electronic documents
reduces risks of documents being intercepted, read, destroyed, or
altered while in transit.
 Authenticity: An electronic document signed with a digital
signature can stand up in court just as well as any other signed
paper document.
 Non-Repudiation: Signing an electronic document digitally
identifies you as the signatory and that cannot be later denied.
 Time-Stamp: By time-stamping your digital signatures, you will
clearly know when the document was signed

Page 17 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

5. a) Attempt any TWO of the following 12

Define Information. Explain the basic principle of information 6M
Ans. security.
Information is organized or classified data, which has some
meaningful values for the receiver. Information is the processed data
on which knowledge, decisions and actions are based.
For the decision to be meaningful, the processed data must qualify for 2M for
the following characteristics definition
 Timely − Information should be available when required. 1M for
 Accuracy − Information should be accurate. diagram
 Completeness − Information should be complete. 3M for
principles
Basic Principles of information security explanation

Fig CIA Triad of information security

1. Confidentiality: The goal of confidentiality is to ensure that only
those individuals who have the authority can view a piece of
information, the principle of confidentiality specifies that only
sender and intended recipients should be able to access the contents
of a message. Confidentiality gets compromised if an unauthorized
person is able to access the contents of a message.
2. Authentication helps to establish proof of identities. Authentication
process ensures that the origin of a message is correctly identified.
Authentication deals with the desire to ensure that an individual is
who they claim to be.
3. Integrity: Integrity is a related concept but deals with the generation
and modification of data. Only authorized individuals should ever be
able to create or change (or delete) information. When the contents
of the message are changed after the sender sends it, but before it
reaches the intended recipient, we say that the integrity of the
message is lost.

Page 18 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

b) Define & explain. 6M

i) Circuit Gateway
ii) Honey Pots
iii) Application Gateway
Ans. i) Circuit level gateway does not permit an end-to-end TCP 2M for
connection; rather, the gateway sets up two TCP connections, one each
between itself and a TCP user on an inner host and one between itself definition
and a TCP user on an outer host. Once the two connections are and
established, the gateway typically relays TCP segments from one explanation
connection to the other without examining the contents. The security
function consists of determining which connections will be allowed. A
typical use of Circuit level gateways is a situation in which the system
administrator trusts the internal users. The gateway can be configured
to support application level or proxy service on inbound connections
and circuit level functions for outbound connections.

ii) Honey Pots

A relatively recent innovation in intrusion detection technology is the

honey pot. Honey pots are decoy systems that are designed to lure a
potential attacker away from critical systems. Honey pots are designed
to:
 divert an attacker from accessing critical systems
 collect information about the attacker's activity
It encourages the attacker to stay on the system long enough for
administrators to respond. These systems are filled with fabricated
information designed to appear valuable but that a legitimate user of
the system wouldn‟t access. Thus, any access to the honey pot is
suspect.

Page 19 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

iii) Application Gateway

An Application level gateway, also called a proxy server, acts as a

relay of application level traffic. The user contacts the gateway using a
TCP/IP application, such as Telnet or FTP, and the gateway asks the
user for the name of the remote host to be accessed. When the user
responds and provides a valid user ID and authentication information,
the gateway contacts the application on the remote host and relays TCP
segments containing the application data between the two endpoints.
Application level gateways tend to be more secure than packet filters.
It is easy to log and audit all incoming traffic at the application level. A
prime disadvantage is the additional processing overhead on each
connection.

c) Explain the working of Kerberos 6M

Ans Kerberos is a network authentication protocol. It is designed to provide 6M for
strong authentication for client/server applications by using secret-key relevant
cryptography. steps

Page 20 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

The entire process takes a total of eight steps, as shown below.

1. The authentication service, or AS, receivers the request by the client
and verifies that the Client is indeed the computer it claims to be. This
is usually just a simple database lookup of the user‟s ID.

2. Upon verification, a timestamp is crated. This puts the current time

in a user session, along with an expiration date. The default expiration
date of a timestamp is 8 hours. The encryption key is then created. The
timestamp ensures that when 8 hours is up, the encryption key is
useless. (This is used to make sure a hacker doesn‟t intercept the data,
and try to crack the key. Almost all keys are able to be cracked, but it
will take a lot longer than 8 hours to do so).

3. The key is sent back to the client in the form of a ticket-granting

ticket, or TGT. This is a simple ticket that is issued by the
authentication service. It is used for authentication the client for future
reference.

4. The client submits the ticket-granting ticket to the ticket-granting

server, or TGS, to get authenticated.

Page 21 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

5. The TGS creates an encrypted key with a timestamp, and grants the
client a service ticket.

6. The client decrypts the ticket, tells the TGS it has done so, and then
sends its own encrypted key to the service server.

7. The service server decrypts the key, and makes sure the timestamp is
still valid. If it is, the
service contacts the key distribution center to receive a session that is
returned to the client.
8. The client decrypts the ticket. If the keys are still valid,
communication is initiated between client and server.

Page 22 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

6. Attempt any TWO of the following: 12

a) Explain DOS with neat diagram. 6M
Ans. Denial Of Service Attack: Denial of service (DOS) attack scan exploits 2M for
a known vulnerability in a specific application or operating system, or diagram
they may attack features (or weaknesses) in specific protocols or 4M for
services. In this form of attack, the attacker is attempting to deny explanation
authorized users access either to specific information or to the
computer system or network itself. The purpose of such an attack can
be simply to prevent access to the target system, or the attack can be
used in conjunction with other actions in order to gain unauthorized
access to a computer or network. SYN flooding is an example of a
DOS attack that takes advantage of the way TCP/IP networks were
designed to function, and it can be used to illustrate the basic principles
of any DOS attack. SYN flooding utilizes the TCP three-way
handshake that is used to establish a connection between two systems.
In a SYN flooding attack, the attacker sends fake communication
requests to the targeted system. Each of these requests will be
answered by the target system, which then waits for the third part of
the handshake. Since the requests are fake the target will wait for
responses that will never come, as shown in Figure.

The target system will drop these connections after a specific time-out
period, but if the attacker sends requests faster than the time-out period
eliminates them, the system will quickly be filled with requests. The
number of connections a system can support is finite, so when more
requests come in than can be processed, the system will soon be
reserving all its connections for fake requests. At this point, any further
requests are simply dropped (ignored), and legitimate users who want
to connect to the target system will not be able to. Use of the system
has thus been denied to them.

Page 23 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

b) Explain Public Key Infrastructure with example. 6M

Ans. A public key infrastructure (PKI) is a set of roles, policies, 3M
hardware, software and procedures needed to create, manage, Explanatio
distribute, use, store and revoke digital certificates and manage public- n
key encryption. The purpose of a PKI is to facilitate the secure 1M
electronic transfer of information for a range of network activities such diagram
as e-commerce, internet banking and confidential email. 2M for
PKI is the governing body behind issuing digital certificates. It helps to example
protect confidential data and gives unique identities to users and
systems. Thus, it ensures security in communications.
The public key infrastructure uses a pair of keys: the public key and the
private key to achieve security. The public keys are prone to attacks
and thus an intact infrastructure is needed to maintain them.
PKI identifies a public key along with its purpose. It usually consists of
the following components:

 A digital certificate also called a public key certificate

 Private Key tokens
 Registration authority
 Certification authority
 CMS or Certification management system

Working on a PKI:
PKI and Encryption: The root of PKI involves the use of
cryptography and encryption techniques. Both symmetric and
asymmetric encryption uses a public key. There is always a risk of
MITM (Man in the middle). This issue is resolved by a PKI using
digital certificates. It gives identities to keys in order to make the
verification of owners easy and accurate.
Public Key Certificate or Digital Certificate: Digital certificates are
issued to people and electronic systems to uniquely identify them in the
digital world.
 The Certification Authority (CA) stores the public key of a user
along with other information about the client in the digital
certificate. The information is signed and a digital signature is also
included in the certificate.
 The affirmation for the public key then thus be retrieved by
validating the signature using the public key of the Certification
Authority.

Page 24 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Certifying Authorities: A CA issues and verifies certificates. This

authority makes sure that the information in a certificate is real and
correct and it also digitally signs the certificate. A CA or Certifying
Authority performs these basic roles:

 Generates the key pairs – This key pair generated by the CA can be
either independent or in collaboration with the client.
 Issuing of the digital certificates – When the client successfully
provides the right details about his identity, the CA issues a
certificate to the client. Then CA further signs this certificate
digitally so that no changes can be made to the information.
 Publishing of certificates – The CA publishes the certificates so
that the users can find them. They can do this by either publishing
them in an electronic telephone directory or by sending them out to
other people.
 Verification of certificate – CA gives a public key that helps in
verifying if the access attempt is authorized or not.
 Revocation – In case of suspicious behavior of a client or loss of
trust in them, the CA has the power to revoke the digital
certificate.

The most popular usage example of PKI (Public Key Infrastructure) is

the HTTPS (Hypertext Transfer Protocol Secure) protocol. HTTPS is a
combination of the HTTP (Hypertext Transfer Protocol) and SSL/TLS
(Secure Sockets Layer/Transport Layer Security) protocols to provide
encrypted communication and secure identification of a Web server.

In HTTPS, the Web server's PKI certificate is used by the browser for
two purposes:

Page 25 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

 Validate the identity of the Web server by verify the CA's digital
signature in the certificate.
 Encrypt a secret key to be securely delivered to the Web server. The
secret key will be used to encrypt actual data to be exchanged between
the browser and the Web server.

Other examples of PKI (Public Key Infrastructure) are:

 Digital signature - The sender of a digital message uses his/her private

key to generate a digital signature attached to the message. The
receiver uses the sender's certificate to verify the digital signature to
ensure the message was sent by the claimed sender.
 Encryption of documents - The sender of a digital message uses the
receiver's certificate to encrypt the message to protect the
confidentiality of the message. Only the receiver who can use his/her
private key decrypt the message.
 Digital identification - User's certificate is stored in a smart card to be
used to verify card holder's identities.
 (CONSIDER ANY ONE EXAMPLE)

c) Explain Policies, configuration & limitations of firewall. 6M

Ans. Policies of firewall:
a) All traffic from inside to outside and vice versa must pass through the 1M for
firewall. To achieve this all access to local network must first be policies
physically blocked and access only via the firewall should be 1M for
permitted. As per local security policy traffic should be permitted. listing
b) The firewall itself must be strong enough so as to render attacks on it configurati
useless. on
2M for
Configuration of firewall configurati
There are 3 common firewall configurations. on, any one
1. Screened host firewall, single-homed bastion configuration can be
2. Screened host firewall, dual homed bastion configuration explained
3. Screened subnet firewall configuration 2M for
limitation,
1. Screened host firewall, single-homed bastion configuration any two
points
In this type of configuration a firewall consists of following parts
i)A packet filtering router
(ii)An application gateway.

Page 26 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

The main purpose of this type is as follows:Packet filter is used to

ensure that incoming data is allowed only if it is destined for
application gateway, by verifying the destination address field of
incoming IP packet. It also performs the same task on outing data by
checking the source address field of outgoing IP packet.
Application gateway is used to perform authentication and proxy
function. Here Internal users are connected to both application gateway
as well as to packet filters therefore if packet filter is successfully
attacked then the whole Internal Network is opened to the attacker

Fig single homed bastion configuration

2. Screened host firewall, dual homed bastion configuration

To overcome the disadvantage of a screened host firewall, single
homed bastion configuration, another configuration is available known
as screened host firewall, Dual homed bastion. n this, direct
connections between internal hosts and packet filter are avoided. As it
provide connection between packet filter and application gateway,
which has separate connection with the internal hosts. Now if the
packet filter is successfully attacked. Only application gateway is
visible to attacker. It will provide security to internal hosts.

Fig dual homed bastion configuration

Page 27 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 lOMoARcPSD|34413430

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

3. Screened subnet firewall configuration

It provides the highest security among all firewall configurations. It is
improved version over all the available scheme of firewall
configuration. It uses two packet filters, one between the internet and
application gateway and another between the application gateway and
the internal network. Thus this configuration achieves 3 levels of
security for an attacker to break into.

Fig Screened subnet firewall configuration

Limitations: (one mark)

1. Firewall do not protect against inside threats.
2. Packet filter firewall does not provide any content based filtering.
3. Protocol tunneling, i.e. sending data from one protocol to another
protocol which negates the purpose of firewall.
4. Encrypted traffic cannot be examine and filter.

Page 28 / 28

Downloaded by Gauri Bhosale (arpitashakya539@[Link])

 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
Important Instructions to examiners:
1) The answers should be examined by key words and not as word-to-word as given in the
model answer scheme.
2) The model answer and the answer written by candidate may vary but the examiner may
try to assess the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more
Importance (Not applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in
the figure. The figures drawn by candidate and model answer may vary. The examiner
may give credit for anyequivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed
constant values may vary and there may be some difference in the candidate’s answers
and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of
relevant answer based on candidate’s understanding.
7) For programming language papers, credit may be given to any other program based on
equivalent concept.
8) As per the policy decision of Maharashtra State Government, teaching in English/Marathi
and Bilingual (English + Marathi) medium is introduced at first year of AICTE diploma
Programme from academic year 2021-2022. Hence if the students in first year (first and
second semesters) write answers in Marathi or bilingual language (English +Marathi), the
Examiner shall consider the same and assess the answer based on matching of concepts
with model answer.

Q. Sub Answer Marking

No Q.N. Scheme
1. Attempt any FIVE of the following: 10
a) Define computer security and state it’s need 2M
Ans. Definition
Computer Security refers to techniques for ensuring that data stored 1M
in a computer cannot be read or compromised by any individuals
without authorization.

Need of computer Security:

1. For prevention of data theft such as bank account numbers, credit Any one
need 1M
card information, passwords, work related documents or sheets, etc.
2. To make data remain safe and confidential.
3. To provide confidentiality which ensures that only those
individuals should ever be able to view data they are not entitled to.

Page 1 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

4. To provide integrity which ensures that only authorized individuals

should ever be able change or modify information.
5. To provide availability which ensure that the data or system itself
is available for use when authorized user wants it.
6. To provide authentication which deals with the desire to ensure
that an authorized individual.
OR
The need of computer security has been threefold: confidentiality,
integrity, and authentication—the “CIA” of security.
1. Confidentiality: the principle of confidentiality specifies that
only sender and intended recipients should be able to access the
contents of a message. Confidentiality gets compromised if an
unauthorized person is able to access the contents of a message.
2. Integrity: when the contents of the message are changed after the
sender sends it, but before it reaches the intended recipient, we
say that the integrity of the message is lost.
3. Authentication: Authentication helps to establish proof of
identities. The Authentication process ensures that the origin of a
message is correctly identified.

b) Explain shoulder surfing attack. 2M

Ans. Shoulder surfing a similar procedure in which attackers position
themselves in such a way as to- be-able to observe the authorized user Relevant
explanation
entering the correct access code. 2M
Shoulder surfing is an effective way to get information in crowded
places because it's relatively easy to stand next to someone and watch
as they fill out a form, enter a PIN number at an ATM machine, or
use a calling card at a public pay phone. Shoulder surfing can also be
done long distance with the aid of binoculars or other vision-
enhancing devices.
Shoulder surfing is using direct observation techniques, such as
looking over someone's shoulder, to get information.

Page 2 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

c) Explain the term cryptography. 2M

Ans. Cryptography: Cryptography is the art and science of achieving Correct
explanation
security by encoding messages to make them non-readable. 1M

Diagram
1M

d) State the meaning of hacking. 2M

Ans. Hacking in simple terms means an illegal intrusion into a computer Correct
system and/or network. Government websites are the hot target of the explanation
2M
hackers due to the press coverage, it receives. Hackers enjoy the
media coverage.
OR
Hacking is the act of identifying and then exploiting weaknesses in a
computer system or network, usually to gain unauthorized access to
personal or organizational data. Hacking is not always a malicious
activity, but the term has mostly negative connotations due to its
association with cybercrime.
e) Describe sniffing attack. 2M
Ans. This is software or hardware that is used to observe traffic as it passes Correct
explanation
through a network on shared broadcast media. It can be used to view 2M
all traffic or target specific protocol, service, or string of characters
like logins. Some network sniffers are not just designed to observe
the all traffic but also modify the traffic. Network administrators use
sniffers for monitoring traffic. They can also use for network
bandwidth analysis and to troubleshoot certain problems such as
duplicate MAC addresses.
f) Explain need for firewall. 2M
Ans.  A firewall is a network security device that monitors incoming Any two
needs 2M
and outgoing network traffic and permits or blocks data packets
based on a set of security rules.
 Its purpose is to establish a barrier between your internal network
and incoming traffic from external sources (such as the internet)
in order to block malicious traffic like viruses and hackers.
 Firewalls can be an effective means of protecting a local system
or network of systems from network-based security threats while
at the same time affording access to the outside world via wide
area networks and the Internet.

Page 3 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

g) Explain use of PCI DSS 2M

Ans. The Payment Card Industry Data Security Standard (PCI DSS) is a Correct
set of security standards designed to ensure that all companies that explanation
2M
accept process, store or transmit credit card information maintain a
secure [Link] DSS is the global data security standard that
any business of any size must adhere to in order to accept payment
cards, and to store, process, and/or transmit cardholder data. It
presents common sense steps that mirror best security practices.
2. Attempt any THREE of the following: 12
a) Define Risk. Describe qualitative and quantitative risk analysis. 4M
Ans. Risk: A computer security risk is any event or action that could cause Definition
1M
a loss or damage to computer hardware, software, data, or
information OR Risk is probability of threats that may occur because Explanation
of presence of vulnerability in a system. of
qualitative
Quantitative Risk Analysis: A Process of assigning a numeric value and
quantitative
to the probability of loss based on known risks, on financial values of risk analysis
the assets and on probability of threats. It is used to determine 3M
potential direct and indirect costs to the company based on values
assigned to company assets and their exposure to risk. Assets can be
rated as the cost of replacing an asset, the cost of lost productivity, or
the cost of diminished brand reputation. In this 100% quantitative risk
analysis is not possible.

Qualitative Risk Analysis: A collaborative process of assigning

relative values to assets, assessing their risk exposure and estimating
the cost of controlling the risk. It utilizes relative measures and
approximate costs rather than precise valuation and cost
determination. Assets can be rated based on criticality - very
important, important, not-important etc. Vulnerabilities can be rated
based on how it is fixed - fixed soon, should be fixed, fix if suitable
etc. Threats can be rated based on scale of likely - likely, unlikely,
very likely etc. In this 100% qualitative risk analysis is feasible.
b) Explain working of biometric access control with any type of 4M
example. Diagram
Ans. Biometric refers study of methods for uniquely recognizing humans 1M
based upon one or more intrinsic physical or behavioral Explanation
characteristics. Biometric identification is used on the basis of some 3M
unique physical attribute of the user that positively identifies the user.

Page 4 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
Example: finger print recognition, retina and face scan technique,
voice synthesis and recognition and so on. Different types of
Biometrics
1. Finger print recognition
2. Hand print recognition
3. Retina/iris scan technique
4. Face recognition
5. Voice patterns recognition
6. Signature and writing patterns recognition
7. Keystroke dynamics

Fig. block diagram of biometric system

Finger print recognition
Above figure shows the block diagram of biometric system.
Fingerprint registration & verification process
1. During registration, first time an individual uses a biometric
system is called an enrollment.
2. During the enrollment, biometric information from an individual is
stored.
3. In the verification process, biometric information is detected and
compared with the information stored at the time of enrolment.
4. The first block (sensor) is the interface between the real world and
the system; it has to acquire all the necessary data.
5. The 2nd block performs all the necessary pre-processing
6. The third block extracts necessary features. This step is an
important step as the correct features need to be extracted in the
optimal way.
7. If enrollment is being performed the template is simply stored
somewhere (on a card or within a database or both).
8. If a matching phase is being performed the obtained template is

Page 5 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
passed to a matcher that compares it with other existing templates,
estimating the distance between them using any algorithm.
9. The matching program will analyze the template with the input.
This will then be output for any specified use or purpose.

Limitations:-
1) Using the fingerprint scanner does not take into consideration
when a person physically changes
2) The cost of computer hardware and software programs can be
expensive
3) Using the fingerprint scanner can lead to false rejections and false
acceptance.
4) It can make mistakes with the dryness or dirty of the finger„s skin,
as well as with the age (is not appropriate with children, because the
size of their fingerprint changes quickly.
c) Explain Caesar’s cipher substitute technique with suitable 4M
example.
Ans. Caesar cipher technique is proposed by Julius Caesar. It is one of the Explanation
simplest and most widely known encryption techniques. It is a type of 2M
substitution technique in which each letter in the plain text is replaced Example
by a letter some fixed number of position down the alphabet. The 2M
Caesar cipher involves replacing each letter of the alphabet with the
letter three places further down the alphabet. For example, with a
shift of 3, A would be replaced by D, B would became E, and so on
as shown in the table below

Example
PLAIN TEXT - COMPUTER ENGINEERING
Convert each alphabet in the plain text, using the table, the cipher text
can be written as
CIPHER TEXT – FRPSXWHU HQJLQHHULQJ
Algorithm to break Caesar cipher:

Page 6 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
1. Read each alphabet in the cipher text message, and search for it in
the second row of the table above.
2. When a match in found, replace that alphabet in the cipher text
message with the corresponding alphabet in the same column but the
first row of the table. (For example, if the alphabet cipher text is J,
replace it with G).
3. Repeat the process for all alphabets in the cipher text message.
d) Describe DES algorithm with suitable example. 4M
Ans. Data Encryption Standard is symmetric block cipher which takes
input of 64-bit plain text along with 64-bit key and process it, to Diagram
1M
generate the 64-bit cipher text.
The diagram below illustrates the working of DES. Explanation
in short 3M

DES Encryption:-
Step 1: In the first step the 64-bit plain text undergoes initial
permutation which rearranges the bits to produce two 32-bit permuted
block which is called left plain text (LPT 32-bit) and right plain text
(RPT 32-bit).
Step 2: Now, 16 rounds of DES encryption will be performed on this
LPT and RPT with a 56-bit key.
Step 3: After the 16th round the 32-bit LPT and 32-bit RPT are
integrated which forms a 64-bit block again and then the final
permutation is applied to this 64-bit block, to obtain the 64-bit cipher
text.
Rounds in Data Encryption Standard
Each round of DES performs the same function. So, below are the
steps of the function performed in each round of DES algorithm:

Page 7 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

1. Key Transformation: -In DES initial key size is 64-bit which is

reduced to the 56-bit key. This is done by discarding every 8th bit
from the 64-bit key. So, for each round of DES, this 56-bit key is
used. In the key transformation step, this 56-bit is transformed to the
48-bit key.

2. Expansion Permutation: -In the first step of encryption, during

the initial permutation of DES, the 64-bit plain text is permuted and
we have 32-bit LPT and 32-bit RPT. Now, the expansion permutation
is performed on the 32-bit RPT which transforms it from 32-bit to 48-
bit. The 32-bit LPT is untouched during the process.

3. S-box Substitution:-The input to S-box is 48-bit resultant block of

expansion permutation. In S-box substitution, the input 48-bit block
is transformed to 32-bit block

4. P-box Permutation:- The 32-bit output obtained from s-box

substitution is provided as an input to P-box. Here, the 32-bit input is
simply permuted and send to the next step.

5. XOR and Swap:-In this step, the 32-bit LPT of the initial 64-bit
plain text is XOR with the output of P-box permutation. The result of
the XOR is the new RPT for next round and the old RPT is swapped
with LPT.
DES Decryption:-
The same Data Encryption Standard algorithm used for encrypting
the plain text is also used to decrypting the cipher text. But the
algorithm is reversed, such as the initial and final permutation events
are reversed. Even the sequence of the sub keys applied in 16 rounds
of DES is also reversed.
3. Attempt any THREE of the following: 12
a) Explain the term Authorization and Authentication with respect 4M
to security. Explanation
Ans. Authorization: It is a process of verifying that the known person has of each term
2M
the authority to perform certain operation. It cannot occur without
authentication. It is nothing but granting permissions and rights to
individual so that he can use these rights to access computer resources
or information.

Page 8 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
Authentication. Authentication is the process of determining identity
of a user or other entity. It is performed during log on process where
user has to submit his/her username and password. There are three
methods used in it. 1. Something you know User knows user id and
password. 2. Something you have Valid user has lock and key. 3.
Something about you User‟s unique identity like fingerprints, DNA
etc.
b) Write an algorithm for simple columnar transposition technique 4M
and explain with example.
Ans. Simple columnar transposition technique: Algorithm
1M
Algorithm:
1. The message is written out in rows of a fixed length. Any
2. Read out again column by column according to given order or in relevant
example 3M
random order.
3. According to order write cipher text.
Example
The key for the columnar transposition cipher is a keyword e.g.,
ORANGE. The row length that is used is the same as the length of
the keyword.
To encrypt a below plaintext: COMPUTER PROGRAMMING

In the above example, the plaintext has been padded so that it neatly
fits in a rectangle. This is known as a regular columnar transposition.
An irregular columnar transposition leaves these characters blank,
though this makes decryption slightly more difficult. The columns are
now reordered such that the letters in the key word are ordered
alphabetically.

Page 9 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

The Encrypted text or Cipher text is:

MPMETGNMUOIXPRXCERGORAL
c) Describe DMZ with suitable example. 4M
Ans. DMZ (Demilitarized Zone): It is a computer host or small network Description
2M
inserted as a “neutral zone” in a company‟s private network and the
outside public network. It avoids outside users from getting direct Diagram
access to a company‟s data server. A DMZ is an optional but more 1M
secure approach to a firewall. It can effectively acts as a proxy server. Any one
The typical DMZ configuration has a separate computer or host in Example
network which receives requests from users within the private 1M

network to access a web sites or public network. Then DMZ host

initiates sessions for such requests on the public network but it is not
able to initiate a session back into the private network. It can only
forward packets which have been requested by a host. The public
network‟s users who are outside the company can access only the
DMZ host. It can store the company‟s web pages which can be served
to the outside users. Hence, the DMZ can‟t give access to the other
company‟s data. By any way, if an outsider penetrates the DMZ‟s
security the web pages may get corrupted but other company‟s
information can be safe.

Page 10 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

Examples:
1) Web servers
It‟s possible for web servers communicating with internal database
servers to be deployed in a DMZ. This makes internal databases more
secure, as these are the repositories responsible for storing sensitive
information. Web servers can connect with the internal database
server directly or through application firewalls, even though the DMZ
continues to provide protection.

2) DNS servers
A DNS server stores a database of public IP addresses and their
associated hostnames. It usually resolves or converts those names to
IP addresses when applicable. DNS servers use specialized software
and communicate with one another using dedicated protocols. Placing
a DNS server within the DMZ prevents external DNS requests from
gaining access to the internal network. Installing a second DNS
server on the internal network can also serve as additional security.

3)Proxy servers
A proxy server is often paired with a firewall. Other computers use it
to view Web pages. When another computer requests a Web page, the
proxy server retrieves it and delivers it to the appropriate requesting

Page 11 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

machine. Proxy servers establish connections on behalf of clients,

shielding them from direct communication with a server. They also
isolate internal networks from external networks and save bandwidth
by caching web content.

d) Write short note on DAC and MAC 4M

Ans. Discretionary Access control (DAC): Explanation
of each term
Restricting access to objects based on the identity of subjects and or 2M
groups to which they belong to, it is conditional, basically used by
military to control access on system. UNIX based System is common
method to permit user for read/write and execute

Mandatory Access control (MAC):

It is used in environments where different levels of security are
classified. It is much more restrictive. It is sensitivity-based
restriction, formal authorization subject to sensitivity. In MAC the
owner or User cannot determine whether access is granted to or not.
i.e. Operating system rights. Security mechanism controls access to
all objects and individual cannot change that access.
4. Attempt any THREE of the following: 12
a) Write a short note on stegnography. 4M
Ans. Steganography is the art and science of writing hidden message in
such a way that no one, apart from the sender and intended recipient, Explanation
of technique
suspects the existence of the message. 2M
Steganography works by replacing bits of useless or unused data in Any
regular computer files (such as graphics, sound, text, html or even relevant
floppy disks) with bits of different, invisible information. diagram 2M

This hidden information can be plain text, cipher text or even images. OR
In modern steganography, data is first encrypted by the usual means Advantage
and then inserted, using a special algorithm, into redundant data that 1M
is part of a particular file format such as a JPEG image. Disadvantag
e 1M

Page 12 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

Steganography process:
Cover-media + Hidden data + Stego-key = Stego-medium
Cover media is the file in which we will hide the hidden data, which
may also be encrypted using stego-key. The resultant file is stego-
medium. Cover-media can be image or audio file.
Advantages:
1. With the help of steganography we can hide secret message within
graphics image.
2. In modern Steganography, data is encrypted first and then inserted
using special algorithm so that no one suspects its existence.
Drawbacks:
1. It requires lot of overhead to hide a relatively few bits of
information.
2. Once the system is discovered, it becomes virtually worthless.
b) Explain honey pots. 4M
Ans. Honeypots are designed to purposely engage and deceive hackers and
identify malicious activities performed over the Internet. The Explanation
2M
honeypots are designed to do the following:
Any
1. Divert the attention of potential attacker. relevant
diagram 2M
2. Collect information about the intruder‟s action.
3. Provide encouragement to the attacker so as to stay for some time,
allowing the administrations to detect this and swiftly act on this.

Page 13 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

Honeypots are designed for 2 important goals

1. Make them look-like full real-life systems.
2. Do not allow legitimate users to know about or access them.

c) Explain Host based IDS. 4M

Ans. (Host Intrusion Detection System (HIDS) Explanation
Host intrusion detection systems (HIDS) run on independent hosts or 2M
Relevant
devices on the network. A HIDS monitors the incoming and outgoing diagram 2M
packets from the device only and will alert the administrator if
suspicious or malicious activity is detected. It takes a snapshot of
existing system files and compares it with the previous snapshot. If
the analytical system files were edited or deleted, an alert is sent to
the administrator to investigate. Anexample of HIDS usage can be
seen on mission critical machines, which are not expected to change
their layout.

Basic Components HIDS:

 Traffic collector:
This component collects activity or events from the IDS to examine.
On Host-based IDS, this can be log files, audit logs, or traffic coming
to or leaving a specific system

Page 14 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

 Analysis Engine:
This component examines the collected network traffic & compares it
to known patterns of suspicious or malicious activity stored in the
signature database. The analysis engine acts like a brain of the IDS.
 Signature database:
It is a collection of patterns & definitions of known suspicious or
malicious activity.
 User Interface & Reporting:
This is the component that interfaces with the human element,
providing alerts & giving the user a means to interact with & operate
the IDS.
d) Describe working principle of SMTP. 4M
Ans. 1. Composition of Mail: A user sends an e-mail by composing an Working
principle
electronic mail message using a Mail User Agent (MUA). Mail User explanation
Agent is a program which is used to send and receive mail. The 2M
message contains two parts: body and header. The body is the main
part of the message while the header includes information such as the Suitable
sender and recipient address. The header also includes descriptive diagram 2M
information such as the subject of the message. In this case, the
message body is like a letter and header is like an envelope that
contains the recipient's address.

2. Submission of Mail: After composing an email, the mail client

then submits the completed e-mail to the SMTP server by using
SMTP on TCP port 25.

3. Delivery of Mail: E-mail addresses contain two parts: username of

the recipient and domain name. For example, vivek@[Link],
where "vivek" is the username of the recipient and "[Link]" is the
domain name.
If the domain name of the recipient's email address is different from
the sender's domain name, then MSA will send the mail to the Mail
Transfer Agent (MTA). To relay the email, the MTA will find the
target domain. It checks the MX record from Domain Name System
to obtain the target domain. The MX record contains the domain
name and IP address of the recipient's domain. Once the record is
located, MTA connects to the exchange server to relay the message.

Page 15 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
4. Receipt and Processing of Mail: Once the incoming message is
received, the exchange server delivers it to the incoming server (Mail
Delivery Agent) which stores the e-mail where it waits for the user to
retrieve it.

5. Access and Retrieval of Mail: The stored email in MDA can be

retrieved by using MUA (Mail User Agent). MUA can be accessed
by using login and password.

e) Explain creation and verification of digital signature. 4M

Ans. Working of digital signature Generation and Verification: Working
2M
1. Key Generation: Digital signature are electronic signatures, which
assures that the message was sent by a particular sender. While Relevant
diagram 2M
performing digital transactions authenticity and integrity should be
assured, otherwise the data can be altered or someone can also act as
if he was the sender and expect a reply.

2. Signature Verification: Verifier receives Digital Signature along

with the data. It then uses Verification algorithm to process on the
digital signature and the public key (verification key) and generates
some value. It also applies the same hash function on the received
data and generates a hash value. Then the hash value and the output
of the verification algorithm are compared. If they both are equal,
then the digital signature is valid else it is invalid.

Page 16 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

5. Attempt any TWO of the following: 12

a) Explain any three criteria for classification of information. 6M
Ans. i) Useful life Any three
criteria 2M
A data is labeled „more useful‟ when the information is available each
ready for making changes as and when required. Data might need to
be changed from time to time, and when the „change‟ access is
available, it is valuable data.
ii) Value of data
This is probably the most essential and standard criteria for
information classification. There is some confidential and valuable
information of every organization, the loss of which could lead to
great losses for the organization while creating organizational issues.
Therefore, this data needs to be duly classified and protected.
iii) Personal association
It is important to classify information or data associated with
particular individuals or addressed by privacy law.
iv) Age
The value of information often declines with time. Therefore, if the
given data or information comes under such a category, the data
classification gets lowered.

Page 17 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

b) List types of firewall and explain any one of them. 6M

Ans. (Note: Firewalls available in market can also be considered)
List four
List of firewall: types 2M
1. Packet filter as a firewall
2. Circuit level gateway firewall Diagram
3. Application level gateway firewall with
4. Proxy server as a firewall explanation
of any one
5. Stateful multilayer Inspection Firewall 4M
.
1. Packet filter as a firewall : As per the diagram given below
Firewall will act according to the table given for example source IP
[Link] is the IP address of a network , all the packets which are
coming from this network will be blocked by the firewall in this way
it is acting as a firewall. Table also having port 80, IP Address
[Link] & port 23 firewall will act in the similar fashion. Port 23
is for Telnet remote login in this case firewall won‟t allow to login
onto this server. IP Address [Link] is the IP address of
individual Host, all the packet having this IP address as a destination
Address will be denied. Port 80 no HTTP request allowed by firewall

2. Circuit level gateway Firewalls: The circuit level gateway

firewalls work at the session layer of the OSI model. They monitor
TCP handshaking between the packets to determine if a requested
session is legitimate. And the information passed through a circuit
level gateway, to the internet, appears to have come from the circuit
level gateway. So, there is no way for a remote computer or a host to
determine the internal private ip addresses of an organization, for
example. This technique is also called Network Address Translation
where the private IP addresses originating from the different clients
inside the network are all mapped to the public IP address available

Page 18 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

through the internet service provider and then sent to the outside
world (Internet). This way, the packets are tagged with only the
Public IP address (Firewall level) and the internal private IP
addresses are not exposed to potential intruders

3. Application level gateway Firewalls: Application level firewalls

decide whether to drop a packet or send them through based on the
application information (available in the packet). They do this by
setting up various proxies on a single firewall for different
applications. Both the client and the server connect to these proxies
instead of connecting directly to each other. So, any suspicious data
or connections are dropped by these proxies. Application level
firewalls ensure protocol conformance. For example, attacks over http
that violates the protocol policies like sending Non-ASCII data in the
header fields or overly long string along with NonASCII characters in
the host field would be dropped because they have been tampered
with, by the intruders.

Page 19 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

4. Stateful multilayer Inspection Firewall (SMLI)

The stateful multi-layer inspection (SMLI) firewall uses a
sophisticated form of packet-filtering that examines all seven layers
of the Open System Interconnection (OSI) model. Each packet is
examined and compared against known states of friendly packets.
While screening router firewalls only examine the packet header,
SMLI firewalls examine the entire packet including the data. SMLI is
a mechanism that uses a sophisticated form of packet-filtering,
examining all major layers of the OSI model. In other words, this
type of filter examines packets on the network, transmission, and
application levels, comparing them to known trusted packets. SMLI
checks the entire packet and only allows it to pass through each layer
individually. Such firewalls inspect packets to assess the state of
communication in order to ensure that all facilitated communication
only takes place with trusted sources. To be more specific, an SMLI
firewall is not necessarily a single firewall implementation. Rather, it
is a series of firewalls that work in concert to secure traffic at
different levels of the OSI model. It may be a composition of a
stateless packet filter, a stateful firewall, as well as an application-
level proxy. SMLI.

Page 20 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

c) Explain IP sec security with help of diagram. 6M

Ans.
Diagram
2M

Explanation
4M

It encrypts and seal the transport and application layer data during
transmission. It also offers integrity protection for internet layer. It
sits between transport and internet layer of conventional TCP/IP
protocol 1. Secure remote internet access: Using IPsec make a local
call to our internet services provider (ISP) so as to connect to
organization network in a secure fashion from our house or hotel
from there; to access the corporate network facilities or access remote
desktop/servers. 2. Secure branch office connectivity: Rather than
subscribing to an expensive leased line for connecting its branches
across cities, an organization can setup an IPsec enabled network for
security. 3. Setup communication with other organization: Just as
IPsec allow connectivity between various branches of an
organization, it can also be used to connect the network of different
organization together in a secure & inexpensive fashion. Basic
Concept of IPsec Protocol: IP packet consist two position IP header &
actual data IPsec feature are implemented in the form of additional
headers called as extension header to the standard, default IP header.
IPsec offers two main services authentication & confidentially. Each
of these requires its own extension header. Therefore, to support these
two main services, IPsec defines two IP extension header one for
authentication & another for confidentiality.

Page 21 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

It consists of two main protocols

Authentication header (AH): Authentication header is an IP Packet
(AH) protocol provides authentication, integrity &an optional anti-
reply service. The IPsec AH is a header in an IP packet. The AH is
simply inserted between IP header & any subsequent packet contents
no changes are required to data contents of packet. Security resides
completing in content of AH.
Encapsulation Header (ESP): Used to provide confidentiality, data
origin authentication, data integrity. It is based on symmetric key
cryptography technique. ESP can be used in isolation or it can be
combined with AH.

Fig: AP and ESP

6. Attempt any TWO of the following: 12
a) Define virus and describe the phases of virus. 6M
Ans. Definition: Virus is a program which attaches itself to another Definition
2M
program and causes damage to the computer system or the network. It
is loaded onto your computer without your knowledge and runs Phases 4M
against your wishes.
During the lifecycle of virus it goes through the following four
phases:
1. Dormant phase: The virus is idle and activated by some event.
2. Propagation phase: It places an identical copy of itself into other
programs or into certain system areas on the disk.
3. Triggering phase: The virus is activated to perform the function
for which it was intended.
4. Execution phase: The function of virus is performed

Page 22 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

b) Explain Kerberos with help of suitable diagram. 6M

Ans. Kerberos: Kerberos is a network authentication protocol. It is
designed to provide strong authentication for client/server Step by step
applications by using secret-key cryptography. It uses secret key explanation
with
cryptography. It is a solution to network security problems. It suitable
provides tools for authentication and strong cryptography over the diagram 6M
network to help you secure your information system There are 4
parties involved in Kerberos protocol
i) User
ii) Authentication service (AS)
iii) Ticket granting server (TGS)
iv) Service server
Working of Kerberos:
1. The authentication service, or AS, receivers the request by the
client and verifies that the client is indeed the computer it claims to
be. This is usually just a simple database lookup of the user‟s ID.

2. Upon verification, a timestamp is created. This puts the current

time in a user session, along with an expiration date. The default
expiration date of a timestamp is 8 hours. The encryption key is then
created. The timestamp ensures that when 8 hours is up, the
encryption key is useless.
3. The key is sent back to the client in the form of a ticket-granting
ticket, or TGT. This is a simple ticket that is issued by the
authentication service. It is used for authentication the client for
future reference.

Page 23 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

4. The client submits the ticket-granting ticket to the ticket-granting

server, or TGS, to get authenticated.

5. The TGS creates an encrypted key with a timestamp, and grants the
client a service ticket.

6. The client decrypts the ticket, tells the TGS it has done so, and then
sends its own encrypted key to the service.

Page 24 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

7. The service decrypts the key, and makes sure the timestamp is still
valid. If it is, the service contacts the key distribution center to
receive a session that is returned to the client.

8. The client decrypts the ticket. If the keys are still valid,
communication is initiated between client and server.
c) Write a brief note on firewall configuration 6M
Ans. A firewall is combination of packet filter and application level Diagram
2M
getway , Base on these there are three types of configurations
Explanation
4M

1. Screened Host firewall, Single-Homed Bastion

a) Here , the firewall configuration consist of two parts a packet
filter router and application level gateway
b) A packet filter router will insure that the income traffic will
allowded only if it is intended for the application gatway, by
examining the dstination address field of each incomming IP
Packet

Page 25 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
c) It will also insure that outgoing traffic is allowded only if it is
originated from appliocation level gateway, by examining the
source address field of every outgoing IP packet.
d) An application level gateway perfors authentication as well as
proxy function

Fig: Single Homed Bastion

Advantages: It improve security of network by performing checks at
both levels- thet is packet and application level.
It provide flexibility fexibility to the network administrator to define
more secure policies.
Disadvantages : Internal users are connected to the application
gateway as well as packet filter router , So if any how packet filter is
attacked , then the whole internal network is exposed to the attacker.
1. Screened Host Firewall , Dule Homed Bastion: In this type of
Configuration the direct connection between internal host and packet
filter are avoided.
Here the packet filter connection only to the application gateway,
which is turned as separate connection with the internal host.
Hence, Packet filter is successfully attacked, and then only
application gateway is visible to the attacker.

Fig: Dule Homed Bastion

Page 26 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

3 Screened Subnet Firewall

This type of configuration offer highest security among the possible
configurations
In this type two packet filters are used , one between internet and
application gateway and other in between application gateway and
internal network
This configuration achieve 3 level of security of an attacker to break
into

Fig: Screened Subnet Firewall

Page 27 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

Important Instructions to examiners:

1) The answers should be examined by key words and not as word-to-word as given in the
model answer scheme.
2) The model answer and the answer written by candidate may vary but the examiner may
try to assess the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more
Importance (Not applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in
the figure. The figures drawn by candidate and model answer may vary. The examiner
may give credit for anyequivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed
constant values may vary and there may be some difference in the candidate’s answers
and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of
relevant answer based on candidate’s understanding.
7) For programming language papers, credit may be given to any other program based on
equivalent concept.
8) As per the policy decision of Maharashtra State Government, teaching in English/Marathi
and Bilingual (English + Marathi) medium is introduced at first year of AICTE diploma
Programme from academic year 2021-2022. Hence if the students in first year (first and
second semesters) write answers in Marathi or bilingual language (English +Marathi), the
Examiner shall consider the same and assess the answer based on matching of concepts
with model answer.
Q. Sub Answer Marking
No Q.N. Scheme
1. Attempt any FIVE of the following 10M
a) Compare virus and logic bomb (any two points) 2M
Ans. virus Logic bomb Any two
Virus is a program which A logic bomb is a set of points 1M
each
attaches itself to another instructions in a program
program and causes damage carrying a malicious payload
to the computer system or the that can attack an operating
network. It is loaded onto system, program, or network.
your computer without your It only goes off after certain
knowledge and runs against conditions are met. A simple
your wishes example of these conditions
is a specific date or time.
Characteristic of a virus is, Characteristic of a logic
How it spread. bomb is, how it's triggered.

Page 1 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

b) Identify any four user responsibility in computer security. 2M

Ans. i) Do not share passwords, OTP etc to anyone. Any four
ii) Do not leave sensitive information unprotected. points
1/2M each
iii) Secure storage media which contains sensitive information.
iv) Shredding paper containing organizational information before
discarding it.

c) Define following terms 2M

(i) Cryptography
(ii) Cryptology. Definition
Ans. Cryptography: Cryptography is the art and science of achieving of
Each term
security by encoding messages to make them non-readable. 1M

Cryptology: It is the art and science of transforming the intelligent

data into unintelligent data and unintelligent data back to intelligent
data.
Cryptology = Cryptography + Cryptanalysis

d) Construct digital signature using cryptool. 2M

Ans. Step 1: Open Cryptool application. Correct
Step 2: Open the file and enter message to create digital signature. steps 2M

Step 3: Select menu Digital signature -> Sign Document

Step 4: Select any Hash function and choose private key.
Step 5: Enter PIN number and Click on Sign button to generate
digital signature.
e) List any two types of active and passive attacks 2M
Ans. Active Attack: Any two
 Masquerade active
attacks
 Replay 1M,
 Message Modification
 Denial-Of-Service Any two
passive
attacks 1M
Passive Attack:
 Eavesdropping
 Traffic Analysis

Page 2 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

f) State any two policies of the firewall 2M

Ans.  Service control: Determines the types of Internet services that can
Any two
be accessed, inbound or outbound. The firewall may filter traffic policies 2M
on the basis of IP address, protocol, or port number; may provide
proxy software that receives and interprets each service request
before passing it on; or may host the server software itself, such as
a Web or mail service.
 Direction control: Determines the direction in which particular
service requests may be initiated and allowed to flow through the
firewall.
 User control: Controls access to a service according to which user
is attempting to access it. This feature is typically applied to users
inside the firewall perimeter (local users).
 Behavior control: Controls how particular services are used. For
example, the firewall may filter e-mail to eliminate spam, or it may
enable external access to only a portion of the information on a
local Web server.

g) List any types of cybercrimes 2M

Ans. Types of cyber crime :- Any four
1. Hacking types 1/2M
2. Digital Forgery each
3. Cyber Stalking / Harassment
4. Cyber Pornography
5. Identity Theft and Fraud
6. Cyber Terrorism
7. Cyber Defamation
2. Attempt any THREE of the following: 12M
a) Describe CIA model with suitable diagram. 4M
Ans. 1. Confidentiality: the principle of confidentiality specifies that only
Explanatio
sender and intended recipients should be able to access the contents n with
of a message. Confidentiality gets compromised if an unauthorized diagram
4M
person is able to access the contents of a message. Example of
compromising the Confidentiality of a message is shown in fig.

Page 3 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

Fig. Loss of confidentiality

Here, the user of a computer A send a message to user of computer B.
another user C gets access to this message, which is not desired and
therefore, defeats the purpose of Confidentiality. This type of attack
is also called as interception

2. Authentication: Authentication helps to establish proof of

identities. The Authentication process ensures that the origin of a
message is correctly identified. For example, suppose that user C
sends a message over the internet to user B. however, the trouble is
that user C had posed as user A when he sent a message to user B.
how would user B know that the message has come from user C, who
posing as user A? This concept is shown in fig. below. This type of
attack is called as fabrication.

Fig. absence of authentication

3. Integrity: when the contents of the message are changed after the
sender sends it, but before it reaches the intended recipient, we say
that the integrity of the message is lost. For example, here user C
tampers with a message originally sent by user A, which is actually
destined for user B. user C somehow manages to access it, change its
contents and send the changed message to user B. user B has no way
of knowing that the contents of the message were changed after user
A had sent it. User A also does not know about this change. This type
of attack is called as modification.

Page 4 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

Fig. Loss of Integrity

b) Define the following with suitable example 4M

i) DAC
Definition
ii) MAC with
i) DAC: DAC (discretionary access control) policy utilizes user example of
Ans. identification procedures to identify and restrict object access .It DAC 2M
restricts access to objects based on the identity of subjects and or
groups to which they belongs to. The owner of information or any
resource is able to change its permissions at his discretion .Data
Owners can transfer ownership of information to other users .Data
Owners can determine the type of access given to other users (read,
write etc.)
Features of DAC policy are as follows :-
Flexible –In DAC policy owner of information or resource can
change its permission.
Backup - Discretionary access control allows organizations to
backup security policies and data to ensure effective access points.
Usability - Discretionary access control is easy to use. Data Owners
can transfer ownership of information to other users easily.
Definition
ii) MAC :It is used in environments where different levels of security with
are classified. It is much more restrictive. It is sensitivity based example of
MAC 2M
restriction, formal authorization subject to sensitivity. In MAC the
owner or User cannot determine whether access is granted to or not.
i.e. Operating system rights. Security mechanism controls access to
all objects and individual cannot change that access.

Page 5 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

c) Differentiate between symmetric and asymmetric key 4M

cryptography (any four points)
Ans. Any four
points 1M
each

d) Explain Steganography with suitable example. 4M

Ans. Steganography: Steganography is the art and science of writing
hidden message in such a way that no one apart from sender and Correct
explanatio
intended recipient suspects the existence of the message. n with
Steganography works by replacing bits of useless or unused data in suitable
example
regular computer files (such as graphics, sound, text, html or even
4M
floppy disks) with bits of different, invisible information. This hidden
information can be plain text, cipher text or even images. In modern
steganography, data is first encrypted by the usual means and then
inserted, using a special algorithm, into redundant data that is part of
a particular file format such as a JPEG image.
Steganography process:
Cover-media + Hidden data + Stego-key = Stego-medium

Fig : Steganography

Page 6 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

Cover media is the file in which we will hide the hidden data, which
may also be encrypted using stego-key. The resultant file is stego-
medium. Cover-media can be image or audio file. Stenography takes
cryptography a step further by hiding an encrypted message so that
no one suspects it exists. Ideally, anyone scanning your data will fail
to know it contains encrypted data. Stenography has a number of
drawbacks when compared to encryption. It requires a lot of overhead
to hide a relatively few bits of information. I.e. One can hide text,
data, image, sound, and video, behind image.

Applications :
1. Confidential communication and secret data storing
2. Protection of data alteration
3. Access control system for digital content distribution
4. Media Database systems

3. Attempt any THREE of the following 12M

a) Describe piggy backing and shoulder surfing 4M
Ans. Piggybacking: It is the simple process of following closely behind a
Descriptio
person who has just used their own access card or PIN to gain n of piggy
physical access to a room or building. An attacker can thus gain backing
access to the facility without having to know the access code or 2M
having to acquire an access card. i.e. Access of wireless internet
connection by bringing one's own computer within range of another
wireless connection & using that without explicit permission, it
means when an authorized person allows (intentionally or
unintentionally) others to pass through a secure door. Piggybacking
on Internet access is the practice of establishing a wireless Internet
connection by using another subscriber's wireless Internet access
service without the subscriber’s explicit permission or knowledge.
Piggybacking is sometimes referred to as "Wi-Fi squatting." The
usual purpose of piggybacking is simply to gain free network access
rather than any malicious intent, but it can slow down data transfer
for legitimate users of the network.

Page 7 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

Shoulder surfing: Shoulder surfing a similar procedure in which

Descriptio
attackers position themselves in such a way as to- be-able to observe n of
the authorized user entering the correct access code. Shoulder surfing shoulder
is an effective way to get information in crowded places because it's surfing
2M
relatively easy to stand next to someone and watch as they fill out a
form, enter a PIN number at an ATM machine, or use a calling card
at a public pay phone. Shoulder surfing can also be done long
distance with the aid of binoculars or other vision enhancing devices.
Shoulder surfing is using direct observation techniques, such as
looking over someone's shoulder, to get information.

b) Convert plain text into cipher text by using single columnar 4M

technique of the following sentence:
―Maharashtra State board of Technical Education‖ 2M for
plain text
Ans. 1 2 3 4 5 table
M A H A R
2M for
A S T R A cipher text
S T A T E
B O A R D
O F T E C
H N I C A
L E D U C
A T I O N

PLAIN TEXT:
MAHARASTRA STATE BOARD OF TECHNICAL EDUCATION
LET ORDER BE:4,5,3,2,1

CIPHER
TEXT:ARTRECUORAEDCACNHTAATIDIASTOFNETMASBOH
LA

Note: Any relevant order shall be considered.

Page 8 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

c) State any four difference between Firewall and Intrusion 4M

Detection System
Ans.

Any four
differences
1M each

d) Describe any four password selection criteria. 4M

Ans. Password: Password is a secret word or expression used by Any four
criteria’s
authorized persons to prove their right to access, information, etc. 1M each
Components of good password:
1. It should be at least eight characters long.
2. It should include uppercase and lowercase letters, numbers, special
characters or punctuation marks.
3. It should not contain dictionary words.
4. It should not contain the user's personal information such as their
name, family member's name, birth date, pet name, phone number or
any other detail that can easily be identified.
5. It should not be the same as the user's login name.
6. It should not be the default passwords as supplied by the system
vendor such as password, guest, and admin and so on.

Page 9 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

4. Attempt any THREE of the following 12M

a) Convert the given plain text, encrypt it with the help of Caesor‟s 4M
cipher technique.
“Network and Information Security”. 2M for
plain text
Ans. table

2M for
Caesor’s
cipher
technique

PLAIN TEXT: NETWORK AND INFORMATION SECURITY

CIPHER TEXT:QHWZRUNDQGLQIRUPDWLRQVHFXULWB
b) Demonstrate configuration of Firewall setting windows operating 4M
system.
Ans. Correct
A firewall is a device which monitors and filters all the incoming and explanatio
outgoing network traffic and prevents unauthorized access to/within n 4M
the network. The firewall is the most important line of defense in
maintaining the security of the network and the application. Every
firewall has a set of rules predefined to allow type of data within the
network; accordingly, it allows or denies the incoming traffic within
the network.

Configuring firewalls on Windows 10

Since Windows is widely used at personal level, this article has been
written specifically for configuring firewalls on Windows.
These are the steps for opening any specific port on the Windows 10
firewall:
1) Search ―firewall‖ and click on Windows Defender Firewall, as
shown below:

Page 10 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

2) Click on Inbound Rules, as shown.

3) Click on New Rule, select port and click Next as shown:

Page 11 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

4) Enter a specific port number. In this case, it’s 443. Click Next.

Page 12 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

5) Allow or block the connection as needed.

6) Name the rule and description as needed.

7) The same steps need to be followed for allowing outbound

connection. In step 1, instead of selecting Inbound Rules, select
Outbound Rules and follow the same steps as above.
That’s easy it is to configure to allow or deny any connection for a
particular port on Windows 10.

Page 13 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

-
Subject: Network and Information Security Subject Code:
22620

c) Describe DMZ with suitable diagram. 4M

Ans. DMZ (Demilitarized Zone): It is a computer host or small network
inserted as a ―neutral zone‖ in a company‟s private network and the Explanatio
outside public network. It avoids outside users from getting direct n 2M
access to a company‟s data server. A DMZ is an optional but more
secure approach to a firewall. It can effectively acts as a proxy server.
Diagram
The typical DMZ configuration has a separate computer or host in 2M
network which receives requests from users within the private
network to access a web sites or public network. Then DMZ host
initiates sessions for such requests on the public network but it is not
able to initiate a session back into the private network. It can only
forward packets which have been requested by a host. The public
network‟s users who are outside the company can access only the
DMZ host. It can store the company‟s web pages which can be
served to the outside users. Hence, the DMZ can‟t give access to the
other company‟s data. By any way, if an outsider penetrates the
DMZ‟s security the web pages may get corrupted but other
company‟s information can be safe.

d) Describe PGP with suitable diagram. 4M

Ans. PGP is Pretty Good Privacy. It is a popular program used to encrypt
and decrypt email over the internet. It becomes a standard for email Explanatio
n 2M
security. It is used to send encrypted code (digital signature) that lets
the receiver verify the sender’s identity and takes care that the route
of message should not change. PGP can be used to encrypt files being
stored so that they are in unreadable form and not readable by users
or intruders It is available in Low cost and Freeware version. It is
Page 14 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

most widely used privacy ensuring program used by individuals

as well as many corporations.

Diagram
2M

There are five steps as shown below:

1. Digital signature: it consists of the creation a message digest of the
email message using SHA-1 algorithm. The resulting MD is then
encrypted with the sender’s private key. The result is the sender’s
digital signature.
2. Compression: The input message as well as p digital signature are
compressed together to reduce the size of final message that will be
transmitted. For this the Lempel -Ziv algorithm is used.
3. Encryption: The compressed output of step 2 (i.e. the compressed
form of the original email and the digital signature together) are
encrypted with a symmetric key.
4. Digital enveloping: the symmetric key used for encryption in step 3
is now encrypted with the receiver’s public key. The output of step 3
and 4 together form a digital envelope.
5. Base -64 encoding: this process transforms arbitrary binary input
into printable character output. The binary input is processed in
blocks of 3 octets (24-bits).these 24 bits are considered to be made up
of 4 sets, each of 6 bits. Each such set of 6 bits is mapped into an 8-
bit output character in this process.

e) Find the output of initial permutation box when the input is given 4M
in hexadecimal as
0 x 0003 0000 0000 0001

Page 15 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code: 22620

Ans.
0 0 0 3 Hexadecimal
0000 0000 0000 0011 Binary
Correct
0 0 0 0 Hexadecimal output 4M
0000 0000 0000 0000 Binary

0 0 0 0 Hexadecimal
0000 0000 0000 0000 Binary

0 0 0 1 Hexadecimal
0000 0000 0000 0001 Binary
Input

1 2 3 4 5 6
1 0 0 0 0 0 0
2 0 0 0 0 0 0
3 0 0 0 0 0 0
4 0 0 0 0 0 0
5 0 0 0 0 0 0
6 0 0 0 0 0 0
7 0 0 0 0 0 0
8 0 0 0 0 0 0

Permutation table

1 2 3 4 5 6
1 58 50 42 34 26 18
2 60 52 44 36 28 20
3 62 54 46 38 30 22
4 64 56 48 40 32 24
5 57 49 41 33 25 17
6 59 51 43 35 27 19
7 61 53 45 37 29 21
8 63 55 47 39 31 23

Page 16 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

Output

1 2 3 4 5 6
1 0 0 0 0 0 0
2 0 0 0 0 0 0
3 0 0 0 0 0 0
4 1 0 0 0 0 0
5 0 0 0 0 0 0
6 0 0 0 0 0 0
7 0 0 0 0 0 0
8 0 0 0 0 0 0

Hexadecimal
0000 0082 0000 0002
Note: Any other relevant logic shall be considered.
5. Attempt any TWO of the following 12M
a) Describe the following terms 6M
i) Asset
ii) Vulnerability
iii) Risks
Ans. i) Asset: Asset is any data, device, or other component of the
environment that supports information-related activities. Assets
Descriptio
generally include hardware, software and confidential information. n of each
term 2M
ii) Vulnerability: It is a weakness in computer system & network.
The term "vulnerability" refers to the security flaws in a system that
allows an attack to be successful. Vulnerability testing should be
performed on an on-going basis by the parties responsible for
resolving such vulnerabilities, and helps to provide data used to
identify unexpected dangers to security that need to be addressed.
Such vulnerabilities are not particular to technology — they can also
apply to social factors such as individual authentication and
authorization policies.

iii) Risks: Risk is probability of threats that may occur because of

presence of vulnerability in a system.

Page 17 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

OR
Risk is any event or action that could cause a loss or damage to
computer hardware, software, data, or information.
b) Describe network base IDS with suitable diagram 6M
Ans.

Diagram
2M

1. Network-based IDS focuses on network traffic —the bits & bytes

Explanatio
traveling along the cables & wires that interconnect the system. n 4M
2. A network IDS should check the network traffic when it passes &
it is able to analyse traffic according to protocol type, amount, source,
destination, content, traffic already seen etc.
3. Such an analysis must occur quickly, &the IDS must be able to
handle traffic at any speed the network operates on to be effective.
4. Network-based IDSs are generally deployed so that they can
monitor traffic in &out of an organization’s major links like
connection to the Internet, remote offices, partner etc.
Network-based IDSs looks for certain activities like:
 Denial of service attacks
 Port scans or sweeps
 Malicious content in the data payload of a packet or packets
 Vulnerability scanning Trojans, viruses, or worms
 Tunneling
 Brute-force attacks
OR
1. Traffic collector: This component collects activity or events from
the IDS to examine. On Host-based IDS, this can be log files, audit
logs, or traffic coming to or leaving a specific system. On Network-
based IDS, this is typically a mechanism for copying traffic of the
network link.

Page 18 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

2. Analysis Engine: This component examines the collected network

traffic & compares it to known patterns of suspicious or malicious
activity stored in the signature database. The analysis engine acts like
a brain of the IDS.
3. Signature database: It is a collection of patterns & definitions of
known suspicious or malicious activity.
4. User Interface & Reporting: This is the component that interfaces
with the human element, providing alerts when suitable & giving the
user a means to interact with & operate the IDS.
Advantages:
 O.S specific and detailed signatures.
 Examine data after it has been decrypted.
 Very application specific.
 Determine whether or not an alarm may impact that specific.
Disadvantages:
 Should a process on every system to watch.
 High cost of ownership and maintenance.
 Uses local system resources.
 If logged locally, could be compromised or disable.
c) Describe COBIT framework with neat diagram 6M
Ans.
Diagram
2M

COBIT stands for ―Control Objectives for Information and related Explanatio
Technology‖, it is a framework that was developed by ISACA n 4M
(Information System Audit and Control Association). It is a set of
guidance material for IT governance to manage their requirements,
technical issues, and business risks.

Page 19 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

COBIT connects IT initiatives with business requirements, monitors

and improves IT management practices, and ensures quality control
and reliability of information systems in an organization.
 Plan and Organize: This domain addresses direction to solutions,
Information architecture, managing IT investments, assess the
risks, quality, and project.
 Acquire and Implement: This domain acquires and maintains
application software and technology infrastructure, develops as
well as maintains procedures and manages changes, implements
desired solutions and passes them to be turned into services.
 Deliver and Support: This domain defines and manages service
levels, ensures the security of the system, educates or trains, and
advises users. It receives solutions and makes them usable for end
users.
 Monitor and Evaluate: This domain monitors the process, assesses
internal control capability, finds independent assurance, and
provides independent audit.
Principle of COBIT:
 Providing service of delivering information that an organization
requires.
 Undesired events will be prevented, detected, and corrected.
 Managing and controlling IT resources using a structured set of
processes.
Fulfilling client’s requirements.
Note: Any other relevant framework shall be considered

6. Attempt any TWO of the following 12M

a) Describe any three phases of virus with suitable example 6M
Ans. Definition: Virus is a program which attaches itself to another
program and causes damage to the computer system or the network. It Any three
Phases 3M
is loaded onto your computer without your knowledge and runs
against your wishes. Suitable
During the lifecycle of virus it goes through the following four example
phases: 3M

Page 20 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

1. Dormant phase: The virus is idle and activated by some event.

2. Propagation phase: It places an identical copy of itself into
other programs or into certain system areas on the disk.
3. Triggering phase: The virus is activated to perform the function
for which it was intended.
4. Execution phase: The function of virus is performed

Note: Any other relevant example shall be considered

b) Describe „ Kerberos‟ protocol with suitable diagram 6M
Ans. Kerberos: Kerberos is a network authentication protocol. It is
designed to provide strong authentication for client/server
applications by using secret-key cryptography. It uses secret key Descriptio
cryptography. It is a solution to network security problems. It n with
provides tools for authentication and strong cryptography over the suitable
network to help you secure your information system There are 4 diagram of
parties involved in Kerberos protocol Authentica
tion service
i) User (AS)
ii) Authentication service (AS) 3M
iii) Ticket granting server (TGS)
iv) Service server
Working of Kerberos: Descriptio
n with
1. The authentication service, or AS, receivers the request by the suitable
client and verifies that the client is indeed the computer it claims to diagram of
be. This is usually just a simple database lookup of the user’s ID. Ticket
granting
server
(TGS)
3M

Page 21 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

2. Upon verification, a timestamp is created. This puts the current

time in a user session, along with an expiration date. The default
expiration date of a timestamp is 8 hours. The encryption key is then
created. The timestamp ensures that when 8 hours is up, the
encryption key is useless.
3. The key is sent back to the client in the form of a ticket-granting
ticket, or TGT. This is a simple ticket that is issued by the
authentication service. It is used for authentication the client for
future reference.

1. The client submits the ticket-granting ticket to the ticket-granting

server, or TGS, to get authenticated.
2. The TGS creates an encrypted key with a timestamp, and grants the
client a service ticket.

3. The client decrypts the ticket, tells the TGS it has done so, and
then sends its own encrypted key to the service.

Page 22 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

4. The service decrypts the key, and makes sure the timestamp is still
valid. If it is, the service contacts the key distribution center to
receive a session that is returned to the client.

5. The client decrypts the ticket. If the keys are still valid,
communication is initiated between client and server.
c) Write a brief note on firewall configuration 6M
i) Packet filter as a firewall
ii) Application level gateway firewall
iii) Circuit level gateway firewall Explanatio
n with
Ans. 1. Packet filter as a firewall : As per the diagram given below diagram
Firewall will act according to the table given for example source IP 2M
[Link] is the IP address of a network , all the packets which are each
coming from this network will be blocked by the firewall in this way
it is acting as a firewall. Table also having port 80, IP Address
[Link] & port 23 firewall will act in the similar fashion. Port 23
is for Telnet remote login in this case firewall won’t allow to login
onto this server. IP Address [Link] is the IP address of
individual Host, all the packet having this IP address as a destination
Address will be denied. Port 80 no HTTP request allowed by firewall

Page 23 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

2. Application level gateway Firewalls: Application level firewalls

decide whether to drop a packet or send them through based on the
application information (available in the packet). They do this by
setting up various proxies on a single firewall for different
applications. Both the client and the server connect to these proxies
instead of connecting directly to each other. So, any suspicious data
or connections are dropped by these proxies. Application level
firewalls ensure protocol conformance. For example, attacks over http
that violates the protocol policies like sending Non-ASCII data in the
header fields or overly long string along with Non ASCII characters
in the host field would be dropped because they have been tampered
with, by the intruders.

Page 24 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

3. Circuit level gateway Firewalls: The circuit level gateway firewalls

work at the session layer of the OSI model. They monitor TCP handshaking
between the packets to determine if a requested session is legitimate. And
the information passed through a circuit level gateway, to the internet,
appears to have come from the circuit level gateway. So, there is no way for
a remote computer or a host to determine the internal private ip addresses of
an organization, for example. This technique is also called Network Address
Translation where the private IP addresses originating from the different
clients inside the network are all mapped to the public IP address available
through the internet service provider and then sent to the outside world
(Internet). This way, the packets are tagged with only the Public IP address
(Firewall level) and the internal private IP addresses are not exposed to
potential intruders

Page 25 / 25