Scribd
Upload
37 views10 pages

Firewall and Network Security Concepts

Uploaded by

try.vik.gemini
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
37 views10 pages

Firewall and Network Security Concepts

Uploaded by

try.vik.gemini
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Assignment mark Questions

Question 1: Multiple Choices (MCQ)

[Link] of the following is a primary goal of network security?

a) Increasing network speed

b) Reducing hardware costs

c) Protecting data integrity and confidentiality (Correct) ✔️

d) Enhancing user convenience

[Link] does VPN stand for in the context of network security?

a) Virtual Private Network (Correct) ✔️

b) Very Private Network

c) Visual Processing Node

d) Vital Protocol Network

[Link] is the purpose of a firewall in network security?

a) Encrypting data transmission

b) Blocking unauthorized access (Correct) ✔️

c) Boosting network performance

d) Expanding network coverage

[Link] protocol is commonly used for secure communication over a computer network?

a) HTTP

b) FTP

c) HTTPS (Correct) ✔️

d) UDP

[Link] the context of network security, what does the term "phishing" refer to?

a) Manipulating hardware components

b) Sending malicious emails to deceive individuals (Correct) ✔️


c) Enhancing network speed

d) Configuring firewalls

[Link] of the following statements is true regarding a firewall?

A. Firewalls operate at the application layer of the OSI model.

B. Stateful inspection firewalls keep track of the state of active connections. (Correct) ✔️

C. Firewalls are primarily used for data backup.

D. Network Address Translation (NAT) is a type of intrusion detection system.

[Link] of the following is NOT a characteristic of a secure firewall?

a) Stateful inspection

b) Packet filtering

c) Encryption of all transmitted data (Correct) ✔️

d) Proxy services

8.A sender S sends a message m to receiver R, which is digitally signed by S with its private key. In
this scenario, one or more of the following security violations can take place.

I. S can launch a birthday attack to replace m with a fraudulent message.

II. A third party attacker can launch a birthday attack to replace m with a fraudulent message.

III. R can launch a birthday attack to replace m with a fraudulent message.

Which of the following are possible security violations?

a) I and II (Correct) ✔️
b) I and III
c) II and IV
d) III ,II and I

[Link] the RSA public key cryptosystem, the private and public keys are (e, n) and (d, n)
respectively, where n = p*q and p and q are large primes. Besides, n is public and p
and q are private. Let M be an integer such that 0 < M < n and f(n) = (p- 1)(q-1). Now
consider the following equations.

I. M’= Me mod n
M = (M’)d mod n
II. ed ≡ 1 mod n

III. ed ≡ 1 mod f(n)

IV. M’= Me mod f(n)


M = (M’)d mod f(n)

Which of the above equations correctly represent RSA cryptosystem?


a) b) I and II
c) d) I and III (Correct) ✔️
e) f) II and IV
g) h) III and IV

10.A sender is employing public key cryptography to send a secret message to a receiver. Which one of t
a) Sender encrypts using receiver’s public key (Correct) ✔️
b) Sender encrypts using his own public key
c) Receiver decrypts using sender’s public key
d) Receiver decrypts using his own public key

[Link] the following two statements:


i. A hash function (these are often used for computing digital signatures) is an injective
function.
ii. encryption technique such as DES performs a permutation on the elements of its input
alphabet.
Which one of the following options is valid for the above two statements?
a) Both are false
b) Statement (i) is true and the other is false
c) Statement (ii) is true and the other is false
d) Both are true
e) Pta nehi (Correct) ✔️
[Link] of the following are used to generate a message digest by the network security
protocols?
(P) RSA
(Q) SHA-1
(R) DES
(S) MD5

a) P and R only
b) Q and R only
c) Q and S only (Correct) ✔️
d) R and S only
[Link] that everyone in a group of N people wants to communicate secretly with
the N–1 others using symmetric key cryptographic system. The communication between
any two persons should not be decodable by the others in the group. The number of
keys required in the system as a whole to satisfy the confidentiality requirement is
a) 2N
b) N(N – 1)
c) N(N – 1)/2 (Correct) ✔️
d) (N – 1)2
[Link] minimum positive integer p such that 3p modulo 17 = 1 is
a) 5
b) 8
c) 12
d) 16 (Correct) ✔️
[Link] is a heavily used operation in public key cryptography. Which of the
following options is the tightest upper bound on the number of multiplications required
to compute bn mod m,0≤b,n≤m ?

a) O(logn) (Correct) ✔️
b) O(√n)
c) O(n/logn)
d) O(n)
16.MD5 is a widely used hash function for producing hash value of
a) 64 bits
b) 128 bits (Correct) ✔️
c) 512 bits
d) 1024 bits

[Link] is the primary purpose of a Key Distribution Center (KDC) in Kerberos?

A) Data encryption

B) User authentication (Correct) ✔️

C) Network monitoring

D) Firewall management

[Link] public-key cryptography, which key is used for encryption?

A) Public key (Correct) ✔️

B) Private key

C) Symmetric key

D) Session key

[Link] of the following protocols is used for securing email communication?

a) SSL

b) TLS (Correct) ✔️

c) SHTTP

d) SET
Fill in the Blanks

[Link] is a cryptographic protocol designed to provide secure communication over a computer


network.

2. A firewall is a security mechanism that monitors and controls incoming and outgoing network traffic
based on predetermined security rules.

3. In the context of network security, the acronym IDS stands for Intrusion Detection System.

4. Intrusion Detection Systems (IDS) can be categorized into two types: Signature based and Anomaly
based.

[Link] a Virtual Private Network (VPN), tunneling protocol is used to create a secure and encrypted
connection over the Internet.

6. Security handshake protocols aim to establish a secure communication channel by exchanging


cryptographic keys between parties.

7. Simulation is often used to test the strength and effectiveness of cryptographic techniques in
various scenarios.

8. In the context of network security, SSL/TLS is a cryptographic protocol designed to provide


communication security over a computer network.
(True/False):

1. A Virtual Private Network (VPN) provides a secure communication channel over an untrusted
network such as the internet. - True

2. In a Denial of Service (DoS) attack, the attacker aims to gain unauthorized access to sensitive
information. - False

3. Single Sign-On (SSO) allows a user to log in once and gain access to multiple systems without re-
authenticating. – True

4. A digital certificate binds a public key to an individual, device, or service, providing a means of
verifying identities in a secure manner. – True
Question: Short Answer Type

1 What is the difference between symmetric and asymmetric key cryptography?

2. Define the term "packet filtering" in the context of firewall security.

3. Explain the concept of a Man-in-the-Middle (MitM) attack. Provide an example scenario and discuss
how it can be mitigated.

4. Explain the concept of Intrusion Detection Systems (IDS) and provide an example of how they
enhance network security.

5. If a bit error occurs in plain text block b1, how far does the error propagate in CBC mode of DES?

6. Provide an overview of symmetric key algorithms. What are the key types and modes used in these
algorithms?

7. Give the structure of AES. Explain how Encryption/Decryption is done in AES

8. Use Vigenere Cipher with key HEALTH to encrypt the message “Life is full of surprises”

9. Justify the statement-“Message encryption by itself can provide a measure of authentication”

10. Explain the usage of digital signature algorithm (DSA) to perform signing and verifying operations.

11. If you have a message with 60 characters and you use a transposition cipher with a key of 5, how
many different ways can the message be rearranged?

12. . Briefly explain the concept of biometric-based authentication and provide an example.

13. Explain the concept of a security token and how it enhances authentication in network security.

14.(a) Give the structure of AES. Explain how Encryption/Decryption is done in AES.

(b) Justify the statement-“Message encryption by itself can provide a measure of authentication

15. (a)Explain the architecture and security features of Kerberos for user authentication. Include an
analysis of how Kerberos mitigates common security threats:

(b) Describe various types of biometric authentication methods and discuss their effectiveness
and potential vulnerabilities in network security
Question: Long Answer Type

1. Explain the concept of a Virtual Private Network (VPN) and its applications in enhancing
network security. Discuss the key components of a VPN.
2. Discuss the importance of regular security audits in maintaining network security. Explain the
steps involved in conducting a network security audit and provide examples of potential
vulnerabilities that could be identified.
3. Describe the principles of the Defense-in-Depth strategy in network security. Provide
examples of multiple layers of defense mechanisms.
4. Users A and B use the Diffie Hellman key exchange technique, a common
prime q=11 and a primitive root alpha=7.
(i) If user A has private key XA=[Link] is A’s public key YA?
(ii) If user B has private key XB=6 What is B’s public key YB?
(iii) What is the shared secret key? Also write the algorithm.

5. Describe the steps in finding the message digest using SHA-512 algorithm. What is the order
of finding two messages having the same message digest?
6. Suppose that everyone in a group of N people wants to communicate secretly with the N - 1
others using symmetric key cryptographic system. The communication between any two
persons should not be decodable by the others in the group. How many number of keys
required in the system as a whole to satisfy the confidentiality
7. In asymmetric key cryptography, RSA commonly uses key lengths of 1024, 2048, or 4096 bits.
If you are using a 2048-bit RSA key, how many possible keys are there?
8. Discuss the potential pitfalls in security handshakes during the authentication process.
Provide examples and suggest measures to mitigate these pitfalls.
9. Compare and contrast certificate-based authentication and password-based authentication.
Highlight the strengths and weaknesses of each method.
10. Compare and contrast the cryptographic mechanisms employed in Secure Socket Layer (SSL)
and Transport Layer Security (TLS) protocols, highlighting their respective strengths and
vulnerabilities in ensuring secure communication over the internet.
11. A.) If you have a message with 60 characters and you use a transposition cipher with a key of
5, how many different ways can the message be rearranged?

B.) Suppose that everyone in a group of N people wants to communicate secretly with the N -
1 others using symmetric key cryptographic system. The communication between any two
persons should not be decodable by the others in the group. How many number of keys
required in the system as a whole to satisfy the confidentiality.

12. Users A and B use the Diffie Hellman key exchange technique, a common prime q=11 and a
primitive
root alpha=7. 5[CO4] [L2]
a) If user A has private key XA=[Link] is A’s public key YA?
b) If user B has private key XB=6 What is B’s public key YB?
c) What is the shared secret key? Also write the algorithm.

Common questions

Powered by AI

Biometric authentication methods can be vulnerable to issues such as spoofing, where fingerprint or facial recognition data can be replicated and used for unauthorized access. Other weaknesses include privacy concerns and potential false negatives/positives affecting user access. These vulnerabilities could lead to unauthorized access or denial of legitimate access, impacting overall network security if not adequately addressed .

A Virtual Private Network (VPN) enhances network security by creating a secure and encrypted connection over the internet. It provides a secure communication channel over untrusted networks, like the internet, ensuring privacy and anonymity. The key components of a VPN include tunneling protocols for secure communication, encryption mechanisms for data confidentiality, and authentication methods to verify user identities .

A Key Distribution Center (KDC) in Kerberos plays the critical role of authenticating users and distributing session keys for encrypted communication. It enhances security by acting as a trusted third party that manages secret key exchanges, reducing the risk of password exposure during transmission. The KDC issues tickets that allow secure access to resources without repeatedly sending sensitive information across the network .

The Defense-in-Depth strategy involves deploying multiple layers of security controls to protect an organization's assets, ensuring that if one layer fails, others will compensate. Examples include using firewalls for unauthorized access blocking, intrusion detection systems (IDS) for monitoring suspicious activities, and encryption for securing data in transit. Each layer provides a specific function, creating a holistic approach to security that reduces the risk of a single point of failure compromising the entire network .

In the RSA cryptosystem, a message M is encrypted using a public key (e, n) as M' = M^e mod n, and it is decrypted using a private key (d, n) as M = (M')^d mod n. The equations that correctly represent this process include using the property ed ≡ 1 mod φ(n), where φ(n) = (p-1)(q-1) and n = p*q, indicating that the product of exponents e and d is congruent to 1 modulo φ(n).

A network security audit involves systematically reviewing an organization's network infrastructure to identify security vulnerabilities, compliance with security policies, and potential threats. The audit process typically includes identifying assets, assessing risks, reviewing security policies, and performing vulnerability scans. Regular audits ensure ongoing security improvements and compliance with regulations. Potential vulnerabilities uncovered may include outdated software, misconfigured firewalls, and weak passwords, all of which could expose the network to breaches and attacks .

SSL and TLS protocols ensure secure communication by encrypting data transmitted over networks, providing confidentiality and integrity. TLS is the successor to SSL with enhanced security features. SSL/TLS establish a secure connection through a handshake process, using asymmetric encryption for key exchange and symmetric encryption for data transfer. Vulnerabilities include potential for man-in-the-middle attacks if neglected in version upgrades or misconfigurations. TLS addresses many SSL vulnerabilities with stronger algorithms and improved encryption processes .

The primary goals of network security are to protect data integrity and confidentiality. Data integrity ensures that information is not altered by unauthorized parties, maintaining its accuracy and reliability. Confidentiality safeguards against unauthorized access, ensuring that sensitive information is only accessible to authorized users. These goals are critical as they prevent data breaches and unauthorized access that could compromise sensitive information and disrupt services .

Symmetric key cryptography uses a single key for both encryption and decryption, requiring secure key distribution among parties. Asymmetric key cryptography uses a pair of keys, a public key for encryption and a private key for decryption, eliminating the need for key sharing. Symmetric methods are generally faster and suitable for large data volumes, while asymmetric cryptography provides secure key exchange and digital signatures .

A firewall improves network security by monitoring and controlling incoming and outgoing traffic based on predefined security rules, helping to block unauthorized access and potential threats. However, firewalls have limitations, such as being unable to prevent attacks from within the network or detect anomalies threatening systems. Firewalls need to be part of a multi-layered security strategy to provide comprehensive protection against sophisticated threats .

You might also like