Cryptography and Network Security

SVS COLLEGE OF ENGINEERING AND DEPARTMENT OF computer science and engineering TWO MARKSUnit-II & III1. What is Cryptology?The study of secure communications, which encompasses both cryptography and cryptanalysis.

2. Define Cryptography.The branch of cryptology dealing with the design of algorithms for encryption anddecryption, intended to ensure the secrecy and/or authenticity of messages. Cryptography means Secret writing.Definition:A cryptosystem is a 5 tuple (E, D, M, K, and C)M-> set of plain text.C-> set of Enciphering functions.K->set of Keys.D : C*k -> M set of deciphering functions.

3. Define Cryptanalysis .The branch of cryptology dealing with the breaking of a cipher to recover information, orforging encrypted information that will be accepted as authentic.4. What is Plain text ?An original message is known as the plaintext(Readable format)5. What is Cipher Text:coded message is called the Cipher Text.(Unreadable format)6. What is Key?A sequence of symbols that controls the operation of a cryptographic transformation. A key is normally a string of bits used by a cryptographic algorithm to transform plain text into cipher text or vice versa. The key should be the only part of the algorithm that it is necessary to keep secret.7. What is Symmetric Cryptography?Symmetric cryptography uses a single private key to both encrypt and decrypt data.Examples: AES/Rijndael ,Blowfish,CAST5,DES,IDEA,RC2,RC4,RC6,Serpent,Triple DES,Two fish8. What is Asymmetric Cryptography?Asymmetric cryptography or public-key cryptography is cryptography in which a pair of keys is used to encrypt and decrypt a message .The keys used are public and private key.Examples: RSA,DSA,PGP9. Define Stream cipher.Processes the input stream continuously and producing one element at a time.Example: caeser cipher.

10. Define Block cipher.

Processes the input one block of elements at a time producing an output block foreach input block.Example: DES.

11. What is Passive attack?

Monitoring the message during transmission.Eg: Interception

12.What is Active attack:

Modification of data stream or creation of false data stream.E.g.: Fabrication, Modification, and Interruption

13. List the different Types of Ciphers. Shift Ciphers. Affine Ciphers Vigenere Cipher Substitution Ciphers Sherlock Holmes Playfair and ADFGX Ciphers Block ciphers One-Time pads14. Write short notes Congruence.Let a,b,n be integers with n0. We say that a b(mod n)

If a-b is a multiple of n.

15. Write short notes Chinese Remainder Theorem:

Suppose gcd(m,n)=1.Given integers a and b, there exists exactly one solution x(mod mn) tothe simultaneous congruence x a(mod n) , x b(mod n).

16. Write short notes Modular Exponentiation:

Modular exponentition is of the form xa (mod n).

17. Write short notes Fermats Little Theorem:If p is aprime and p does not divide a, then

ap-1 1 (mod p)

18.Write short notes Eulers Theorem:

If gcd(a,n)=1, then

a(n) 1(mod n)

19. Define integrity and nonrepudiation? Integrity: Service that ensures that only authorized person able to modify the message. Nonrepudiation: This service helps to prove that the person who denies the transaction is true or false.

20. Define confidentiality and authentication Confidentiality: It means how to maintain the secrecy of message. It ensures that the information in acomputer system and transmitted information are accessible only for reading by authorized person. Authentication: It helps to prove that the source entity only has involved the transaction. 21. Define security attack, security mechanism and security services.Security attack: any action that compromises the security of information ownedby an organization.Security mechanism: a mechanism that is designed to detect, prevent or recoverfrom a security attack.Security services: a service that enhances the security of the data processingsystems and the information transfers of an organization.

22. Mention the different types of security services. Authentication Confidentiality Data integrity Non repudiation Access control Availability23. What is Brute force attack?Trying out all the possible keys on a piece of cipher text until anintelligible translation to plain text is obtained.24.Mention the various types of cryptanalytic attack. Known plaintext Cipher text only Chosen plaintext Chosen Cipher text25. Define the two basic building blocks of encryption techniques. Substitution technique it is one in which the letters of the plaintext are replaced by other letters or by numbers or symbols. Transposition technique it is one which performs some sort of permutation on the plaintext letters.

26. Mention few mono-alphabetic and poly-alphabetic ciphers.Mono-alphabetic ciphers: - playfair cipher, hill cipher, Caesar cipher Poly-alphabetic ciphers: - vigenere cipher, one time pad cipher

27.What is steganography? Mention few techniques in it.

28. Mention the functions involved in simplified DES. Initial permutation A complex function F with a key k1 Switching A complex function F K with a key k2 Inverse permutation k29. What is Avalanche effect ?

A characteristic of an encryption algorithm in which a small change in the plaintext or key gives rise to a large change in the cipher text.30. List the evaluation criteria defined by NIST for AES?The evaluation criteria for AES is as follows: 1.Security 2. Cost 3.Algorithm and implementation characteristics

31. List the step involved in single Round of AES.1.Substitute byte transformation 2. Shift rows transformation3.Mixcolumns transformation 4.Add Round Key transformation

32. Define Substitute byte transformation and Shift rows transformation.

Substitute byte transformation, called SubBytes, is a simple table lookup. AES defines a16 x 16 matrix of byte values, called an S-box that contains a permutation of all possible 2568-bit values. Each individual byte of State is mapped into a new byte in the following way: The leftmost 4 bits of the byte are used as a row value and the rightmost 4 bits are used as acolumn value. These row and column values serve as indexes into the S-box to select a unique 8-bit output value. Shift row transformation, called Shift Rows, the first row of State is not altered. For thesecond row, a 1-byte circular left shift is performed. For the third row, a 2-byte circular leftshift is performed. For the fourth row, a 3-byte circular left shift is performed.

33. Define Mixcolumns transformation & Add Round Key transformation.

Mix column transformation, called MixColumns, operates on each column individually.Each byte of a column is mapped into a new value that is a function of all four bytes in that column. Add round key transformation, called AddRoundKey, the 128 bits of State are bitwiseXORed with the 128 bits of the round key.The operation is viewed as a column wise operation between the 4 bytes of a State column and one word of the round key; it can also be viewed asa byte-level operation.

34. What is Primality Test?A primality test is an algorithm for determining whether an input number is prime or not.

35. List the types of Primality Testing.

1. Fermat Primality Test.

2. Miller-Rabin Primality Test.

3. Solovay-strassen Primality Test.

36. What is Factoring ?

Factoring is the decomposition of an object into a product of other objects, or factors,which when multiplied together give the original.37. Define RC4.RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security. RC4 is usedin the SSL/TLS (Secure Sockets Layer/Transport Layer Security) standards that have beendefined for communication between Web browsers and servers. It is also used in the WEP(Wired Equivalent Privacy) protocol and the newer WiFi Protected Access (WPA) protocol that are part of the IEEE 802.11 wireless LAN standard.38. Define RSA.RSA (which stands for Rivest, Shamir and Adleman who first publicly described it) is an algorithm for public-key cryptography. It is the first algorithm known to be suitable for signing as well as encryption, and was one of the first great advances in public keycryptography.

39. List Four possible approaches to attack the RSA Algorithm.1. Brute Force

2. Mathematical Attacks

3. Timing attacks

4. Chosen Cipher text attacks

40. What is Triple Encryption? How many keys are used in triple encryption?

Triple Encryption is a technique in which encryption algorithm is performed three timesusing three keys.

41. What is the meet in the middle attack?

This is the cryptanalytic attack that attempts to find the value in each of the range and domain of the composition of two functions such that the forward mapping ofone through the first function is the same as the inverse image of the other through the secondfunction-quite literally meeting in the middle of the composed function.

42. Define Differential Cryptanalysis. A technique in which chosen plaintext with particular XOR difference patterns areencrypted. This difference pattern of the resulting ciphertext provide information that can beused to determine the encryption key.

43. List the Block cipher Modes of operation.

1. Electronic Codebook (ECB)2. Cipher Block Chaining (CBC)3. Cipher Feedback (CFB) 4. Output Feedback (OFB) 5. Counter (CTR)

44. List the description and application Electronic Codebook.Each block of 64 plaintext bits is encoded independently using the same key.

Application:Secure transmission of single values (e.g., an encryption key)

45. List the description and application Cipher Block Chaining (CBC)

The input to the encryption algorithm is the XOR of the next 64 bits of plaintext and thepreceding 64 bits of ciphertext.

Application:

General-purpose block-oriented transmissionAuthentication

46. List the description and application Cipher Feedback (CFB)

Input is processed j bits at a time. Preceding ciphertext is used as input to the encryptionalgorithm to produce pseudorandom output, which is XORed with plaintext to produce nextunit of ciphertext.Application:General-purpose stream-oriented transmissionAuthentication

47. List the description and application Output Feedback (OFB)

Similar to CFB, except that the input to the encryption algorithm is the preceding DES output.Application:Stream-oriented transmission over noisy channel (e.g., satellite communication)48. List the Advantages of counter mode:

*Hardware Efficiency*Software Efficiency*Preprocessing *Random Access * Provable Security *Simplicity.49. List out the applications of the public key cryptosystems. Encryption / decryptionDigital signature Key exchange50. Define Eulers totient function (used in RSA algorithm).It is the number of positive integers that are less than n and relativelyprime to n.Where n is the product of two prime numbers (p & q)It is represented as F(n) and it is expressed as F(n) = F(pq) = (p-1)(q-1).

51. What are the various approaches to attacks the RSA algorithm?Brute force attackMathematical attacksTiming attacks52. List out the different techniques of distributing the public key.Public announcementPublicly available directoryPublic key authorityPublic key certificate53.Why do we need Diffie Hellman algorithm?

It is used for exchanging the secret keys between the sender and thereceiver. It allows two users to exchange a key securely.

54. What are the attacks that can be performed in the networks? Disclosure Traffic analysis Masquerade Content modification Sequence modification Timing modification Source repudiation Destination repudiation55. Define Hash Function.

A function that maps a variable-length data block or message into a fixed-length valuecalled a hash code. The function is designed in such a way that, when protected, it provides an authenticator to the data or message. Also referred to as a message digest (or) Hash code.

56. List the Hash Algorithms.

SHA(Secure Hash Algorithm) MD5(Message Digest Version5)

57. Write Short notes on MD5.

The MD5 Message-Digest Algorithm is a widely used cryptographic hash function thatproduces a 128-bit (16-byte) hash value. MD5 has been employed in a wide variety of securityapplications, and is also commonly used to check data integrity. MD5 was designed by RonRivest in 1991 to replace an earlier hash function, MD4. An MD5 hash is typically expressed as a 32-digit hexadecimal number.58.Write Short notes on SHA(Secure Hash Algorithm).

The Secure Hash Algorithm is one of a number of cryptographic hash functionspublished by the National Institute of Standards and Technology (NIST) as a U.S. FederalInformation Processing Standard (FIPS).

59. What is Digital Signature?A digital signature is an authentication mechanism that enables the creator of a messageto attach a code that acts as a signature. The signature is formed by taking the hash of themessage and encrypting the message with the creator's private key. The signature guaranteesthe source and integrity of the message.60. List the Digital Signature Algorithms.

RSA ElGamal DSA 61. List the Processes involved in Digital Signature. Signing Process Verification Process

62.. What are the properties a digital signature should have? It must verify the author and the data and time of signature.It must authenticate the contents at the time of signature. It must be verifiable by third parties to resolve disputes.

63. What is Birthday attack ?This cryptanalytic attack attempts to find two values in the domain of a function that map to the same value in its range.

64. What is Discrete Logarithms?

Discrete logarithms are fundamental to a number of public-key algorithms, including Diffie-Hellman key exchange and the digital signature algorithm.

65. List the approaches of Computing Discrete Logarithms. Pohlig Hellman Algorithm Baby-step Giant-step Index calculus algorithm

66. What is one way function?

One way function is one that map the domain into a range such that everyfunction value has a unique inverse with a condition that the calculation of the function is easywhere as the calculations of the inverse is infeasible.

67. What is the purpose of using Diffie-Hellman Key Exchange?

The purpose of the algorithm is to enable two users to securely exchange a key that can then be used for subsequent encryption of messages.

68.User A and B exchange the key using Diffie-Hellman algorithm. Assume =5 q=11XA=2 XB=3. Find the value of YA,YB and k?Soln:YA= XA mod q= 25 mod 11= 3YB = XB mod q= 125 mod 11= 4 K = ( YA) XB mod q= 27 mod 11 = 5 K = ( YB) XA mod q= 16 mod 11 = 5

69.Define ElGamal Public Key Cryptosystem.

ElGamal Public Key Cryptosystem is an asymmetric key encryption for public key cryptography based on Diffie-Hellman Key Exchange.

70. Difference between MD5 and SHA-1.

Point of Discussion MD5 SHA-11.Message digest length 128 160 in bits2.Speed Faster(64 iterations) Slower(80 iterations) 3.Attack to try and find Requires 264 operations Requires 280 operations two messages producing to break in. to break in.the same message digest

71. What is the primitive root of a number?

We can define a primitive root of a number p as one whose powers generate all the integers from 1 to p-1. That is p,if a is a primitive root of the prime number p then thenumbers.

72. Using ElGamal Scheme, let = 5, p =11, XA= 2. Find the value of YA? = 5, p =11, XA= 2

YA = XAmod p

= 52 mod 11

73. What are the requirements of the hash function?

H can be applied to a block of data of any size.H produces a fixed length output.H(x) is relatively easy to compute for any given x, making both hardware and softwareimplementations practical.

74. Define the classes of message authentication function.

Message encryption: The entire cipher text would be used for authentication. Message Authentication Code: It is a function of message and secret key producea fixed length value. Hash function: Some function that map a message of any length to fixed length whichserves as authentication.

75. Mention the various ways of producing an authenticator.Message encryptionMessage Authentication Code (MAC)Hash function76. Differentiate Message Authentication Code and Hash function.In MAC, a public function of the message and a secret key are used to produce a fixed length authenticator.A hash function accepts a variable size message as input and produces afixed size output (hash code) which is similar to MAC. But hash code does not use a key.

77. Define one way property, weak collision resistance and strong collisionresistance of hash function.For any given value h, it is computationally infeasible to find x such thatH(x) = h one way property.For any given block x, it is computationally infeasible to find y x withH(y) = H(x) weak collision resistance.It is computationally infeasible to find any pair (x, y) such that H(x) =H(y) strong collision property.

76. Define Kerberos.Kerberos is a centralized authentication server whose function is toauthenticate users to servers and servers to users.77. Determine the gcd(24140,16762) using Euclids algorithm.Soln:We know, gcd (a,b)=gcd(b,a mod b)gcd(24140,16762)=gcd(16762,7378)gcd(7378,2006)=gcd(2006,1360)gcd(1360,646)=gcd(646,68)gcd(68,34)=34gcd(24140,16762) = 34.78.Perform encryption and decryption using RSA alg. For the following.P=7; q=11; e=17; M=8.Soln:n=pqn=7*11=77(n)=(p-1) (q-1)=6*10 = 60e=17d =27C= Me mod nC = 817 mod 77= 57M = Cd mod n= 5727 mod 77= 8

79. User A & B exchange the key using Diff ie Hellman alg. Assume=5 q=11 XA=2 XB=3. Find YA, YB, K.Soln:YA = XA mod q=52 mod 11= 3YB = XB mod q= 53 mod 11= 4KA = YBXA mod q= 42 mod 11= 5KB = YAXB mod q= 33 mod 11= 5UNIT V

1.What is Kerberos?

Kerberos is an authentication service developed as a part of project Athena atMIT.Kerberos provide a centralized authentication server whose functions is to authenticate servers.

2.What 4 requirements were defined by Kerberos? SecureReliableTransparentScalable3. Mention the limitations of version 4 of Kerberos.a. Environmental shortcomingsi. Encryption system dependenceii. Internet protocol dependenceiii. Message byte orderingiv. Ticket lifetimev. Inter realm authenticationb. Technical deficienciesi. double encryptionii. propagating block chaining encryptioniii. session keysiv. password attacks4. Mention the services provided by the Pretty Good Privacy (PGP).a. Authenticationb. Confidentialityc. Compressiond. E-mail compatibilitye. Segmentation and reassembly5. Signature is generated before compression in PGP. Why?There are two reasons behind it.It is preferable to sign an uncompressed message so that one can storeonly the uncompressed message together with the signature for futureverification. If one signed a compressed document, then it would benecessary either to store a compressed version of the message for laterverification or to recompress the message when verification is required.Even if one were willing to generate dynamically a recompressed messagefor verification, PGPs compression algorithm presents a difficulty. Thealgorithm is not determine

6. How E-mail compatibility is performed?Radix-64 is the technique which is used for E-mail compatibility. InRadix-64, each group of 3 octets of binary data is mapped into 4 ASCIIcharacters.

7. What is the need of public key ring and private key ring?Public key ring is one of the data structures which is used to store thepublic keys of the other participantsPrivate Key ring is a data structure which is used to store the public andthe private keys of the owner alone.8. Define the terms: connection and sessioni. A connection is a transport that provides a suitable type of service.Every connection is associated with one session.ii. A session is an association between a client and a server. Onesession may have multiple connections.

9. What is the use of the change cipher spec protocol?i. This protocol consists of a single message which consists of a single byte with a value 1. The sole purpose of this message is tocause the pending state to be copied into the current state, which

updates the cipher suite (cryptographic algorithm) to be used onthe connection.

10. Mention the phases of the Handshake protocol.a. Phase 1 establish security capabilitiesb. Phase 2 server authentication and key exchangec. Phase 3 client authentication and key exchanged. Phase 4 finish

11.Define X.509 Authentication Service.

X.509 is part of the X.500 series. X.509 define a directory service. X.509 is based onthe use of public-key cryptography and digital signatures. X.509 defines a framework for theprovision of authentication services by the X.500 directory to its users. For example, theX.509 certificate format is used in S/MIME, IP Security , and SSL/TLS and SET .

12..Define Public-Key Infrastructure.Public-key infrastructure (PKI) as the set of hardware, software, people, policies, andprocedures needed to create, manage, store, distribute, and revoke digital certificates based onasymmetric cryptography.

13..Define PGP.Pretty Good Privacy is an open-source freely available software package for e-mailsecurity. It provides authentication through the use of digital signature; confidentiality throughthe use of symmetric block encryption; compression using the ZIP algorithm; e-mailcompatibility using the radix-64 encoding scheme; and segmentation and reassembly toaccommodate long e-mails.14..Define S/MIME

Secure/Multipurpose Internet Mail Extension is an Internet standard approach to e-mailsecurity that incorporates the same functionality as PGP.

15.. Write short notes on IP Security.

IPSec provides the capability to secure communications across a LAN, across privateand public WANs, and across the Internet.

16.. Write short notes on Web Security:

Secure socket layer (SSL) provides security services between TCP and applications that useTCP. The Internet standard version is called transport layer service (TLS).

17.. Write short notes on Secure Electronic Transaction .What are the features of SET?

Secure Electronic Transaction (SET) is an open encryption and security specificationdesigned to protect credit card transactions on the Internet.

Confidentiality of information Integrity of data Cardholder account authentication Merchant authentication 18.. Write short notes on Transport Layer Security(TLS) ?

Transport Layer Security is defined as a Proposed Internet Standard in RFC 2246. RFC2246 is very similar to SSLv3. The TLS Record Format is the same as that of the SSL RecordFormat, and the fields in the header have the same meanings. The one difference is in versionnumber.

19..What are the function areas of IP security?

AuthenticationConfidentialityKey management.20.Differentiate Transport and Tunnel mode in IPsec?

Transport mode Tunnel Mode1. Provide the protection for 1. Provide the protection for entire IPupper layer protocol between two Packet. hosts.

2. ESP in this mode encrypts and 2. ESP in this mode encryptoptionally authenticates IP authenticate Payload but not IP Header. the entire IP packet.

3. AH in this mode authenticate 3. AH in this mode authenticate thethe IP Payload and selected entire IP Packet plus selected portion portion of IP Header. of outer IP Header.

21.What is dual signature? What it is purpose?The purpose of the dual signature is to link two messages that intended fortwo different recipients. To avoid misplacement of orders.

22. What does you mean by Reply Attack? A replay attack is one in which an attacker obtains a copy of an authenticated packet and later transmits it to the intended destination. Each time a packet is send the sequence number is incremented in the counter by the sender.

23.Name any cryptographic keys used in PGP? One-time session conventional keys. Public keys. Private keys. Pass phrase based conventional keys.24.Define Certification authority.

The issuer of certificates and certificate revocation lists (CRLs). It may also support avariety of administrative functions, although these are often delegated to one or moreRegistration Authorities.25.List the Applications of IPSec.

Secure branch office connectivity over the Internet Secure remote access over the Internet Establishing extranet and intranet connectivity with partners Enhancing electronic commerce security26.What are the headers fields define in MIME?

MIME version. Content type. Content transfer encoding. Content id. Content description.27.Define Intruder

An individual who gains, or attempts to gain, unauthorized access to a computer system or to gain unauthorized privileges on that system.

28.List Classes of Intruders. Masquerader Misfeasor Clandestine user

29.Write short notes on Intrusion detection system

A set of automated tools designed to detect unauthorized access to a host system.

30.Write short notes on Malicious software. Malicious software is software that is intentionally included or inserted in a system for aharmful purpose.

31.Write short notes on Virus.

A virus is a piece of software that can "infect" other programs by modifying them; themodification includes a copy of the virus program, which can then go on to infect otherprograms.

32.Write short notes on Worm.

A worm is a program that can replicate itself and send copies from computer to computer across network connections.

33.Define Statistical anomaly detection.

Involves the collection of data relating to the behavior of legitimate users over a periodof time. Then statistical tests are applied to observed behavior to determine with a high level of confidence whether that behavior is not legitimate user behavior.

34.Define Threshold detection.This approach involves defining thresholds, independent of user, for the frequency of occurrence of various events.

35.Define Profile based.A profile of the activity of each user is developed and used to detect changes in the behavior of individual accounts.

36.Define Rule-based detection.Involves an attempt to define a set of rules that can be used to decide that a given behavior is that of an intruder.

37.Define Anomaly detection.Rules are developed to detect deviation from previous usage patterns.

38.Define Penetration identification.An expert system approach that searches for suspicious behavior.

39.Define Honeypot .

A decoy system designed to lure a potential attacker away from critical systems. A form of intrusion detection.

40.What is Zombie?

A program that secretly takes over another Internet-attached computer and then uses thatcomputer to launch attacks that are difficult to trace to the zombie's creator.

41.What is Denial of Service?

A denial of service (DoS) attack is an attempt to prevent legitimate users of a service from using that service.

42.Define Firewall.A firewall is a device or set of devices designed to permit or deny network transmissionsbased upon a set of rules and is frequently used to protect networks from unauthorized access.43.List the types of Firewall:1.Packet Filtering Router2.Application-Level Gateway3.Circuit-Level Gateway44.List the Firewall Configuration.1. Screened host Firewall System(single homed bastion system)2. Screened host Firewall System(Dual homed bastion system)3. Screened Subnet Firewall System

45.What is Trusted System?

A trusted system is a computer and operating system that can be verified to implement agiven security policy. Typically, the focus of a trusted system is access control.

46.List the types of Viruses:

parasitic virus memory-resident virus boot sector virus stealth virus polymorphic virus metamorphic virus.47. Define firewall.i. Firewall is the in which protects the premises network from internet based attacks and to provide a single choke point where security and audit can be imposed48. What are the design goals of the firewall.a. All traffic from inside to outside, and vice versa, must pass through thefirewall.b. Only authorized traffic, as defined by the local security policy, will beallowed to pass.c. It is immune to penetration.

49. List out the limitations of the firewall.a. It cannot protect against attacks that bypass the firewall.b. The firewall does not protect against internal threats.c. It cannot protect against the transfer of virus infected programs or files.

50. What are the types of firewall?a. Packet filtering firewallb. Application level gatewayc. Circuit level gateway

51. Define Basiton host.i. A Basiton host is a system identified by the firewall administratoras a critical strong point in the network security.52. List out the firewall configurations.

a. Screened host firewall, single homed bastionb. Screened host firewall, dual homed bastionc. Screened subnet firewall53. Define the two rules for multi-level security.a. No read up a subject can only read on object of less or equal securitylevel. This is referred to as simple security property.b. No write down a subject can only write into an object of greater or equalsecurity level. This is referred to as * property.

54. Define Torjan horse attack.i. The Torjan horse attack begins with a hostile user, named X, gain legitimate access into the system and installs both the torjan horse program and a private file to be used in the attack as a back packet. X gives read / write permission to itself and gives Y(authorized user) write-only permission. X now indicates Y to invoke torjan horse program, by advertising it as a useful utility. When the program detects that it is being executed by Y, it reads the sensitive character string from Ys file and copies it into Xs back pocket file.

55. What are firewalls?

A firewall is any device that prevents a specific type of information from moving between theuntrusted network outside and the trusted network inside

The firewall may be:

a separate computer system a service running on an existing router or server a separate network containing a number of supporting devices56. Explain different generations of firewalls.

First Generation - packet filtering firewalls Second Generation-application-level firewall or proxy server Third Generation- Stateful inspection firewalls Fourth Generation-dynamic packet filtering firewall Fifth Generation- kernel proxy

57. What is the advantage of Second Generation firewalls?

The primary disadvantage of application-level firewalls is that they are designed for aspecific protocol and cannot easily be reconfigured to protect against attacks on protocols forwhich they are not designed.

58What is the drawback of packet-filtering router?

The drawback of packet-filtering router includes a lack of auditing and strong authentication.59) What are Screened-Host Firewall Systems

Screened-Host firewall system allows the router to pre-screen packets to minimize thenetwork traffic and load on the internal proxy.

60) What is the use of an Application proxy?

An Application proxy examines an application layer protocol, such as HTTP, andperforms the proxy services

61What are Screened-Subnet Firewalls?

Consists of two or more internal bastion-hosts, behind a packet-filtering router, with each hostprotecting the trusted network

The first general model consists of two filtering routers, with one or more dual-homed bastion-host between them

The second general model involves the connection from the outside or untrusted network

62)What are the factors to be considered while selecting a right firewall?

What type of firewall technology offers the right balance of protection features and costfor the needs of the organization?

What features are included in the base price? What features are available at extra cost?Are all cost factors known?

How easy is it to set up and configure the firewall? How accessible are staff technicianswith the mastery to do it well?

Can the candidate firewall adapt to the growing network in the target organization?

63)What are Sock Servers?

The SOCKS system is a proprietary circuit-level proxy server that places special SOCKS client-side agents on each workstation.63) What are intrusion detection systems(IDS)?

IDSs work like burglar alarms

IDSs require complex configurations to provide the level of detection andresponse desired

An IDS operates as either network-based, when the technology is focused onprotecting network information assets, or host-based, when the technology isfocused on protecting server or host information assets

IDSs use one of two detection methods, signature-based or statisticalanomaly-based

64) What are different types of IDSs?

a) Network-based IDS

b) Host-based IDS

c) Application-based IDS

d) Signature-based IDS

e) Statistical Anomaly-Based IDS

65) Define NIDS

A network-based IDS(NIDS) resides on a computer or an appliance connected to a segment of an organizations network and monitors traffic on that network segment,looking for indications of ongoing or successful attacks.

66).What is Application-based IDS?

A refinement of Host-based IDs is the application-based IDS(AppIDS). The application basedIDs examines an application for abnormal incidents. It looks for anomalous occurrences such asusers exceeding their authorization,invalid file executions etc.67).What is Signature-based IDS?

A signature-based IDS(also called Knowledge-based IDs) examines data traffic in search ofpatterns that match known signatures that is,preconfigured ,predetermined attack patterns.

68).What are Honey Pots?

Honey pots are decoy systems designed to lure potential attackers away from critical systems andencourage attacks against the themselves. These systems are created for the sole purpose ofdeceiving potential attackers. In Industry they are known as decoys,lures,and fly-traps.

69) What are Honey Nets?

When a collection of honey pots connects several honey pot systems on a subnet,it may be calleda honey net. 70)What is Public Key Infrastructure (PKI)?

PKI or Public Key Infrastructure

Public Key Infrastructure is the entire set of hardware, software, and cryptosystemsnecessary to implement public key encryption

PKI systems are based on public-key cryptosystems and include digital certificatesand certificate authorities (CAs) and can:

Issue digital certificates

Issue crypto keys

71).How E-mail systems are secured?

Encryption cryptosystems have been adapted to inject some degree of security into e-mail:

S/MIME builds on the Multipurpose Internet Mail Extensions (MIME) encoding formatby adding encryption and authentication

Privacy Enhanced Mail (PEM) was proposed by the Internet Engineering Task Force(IETF) as a standard to function with the public key cryptosystems

PEM uses 3DES symmetric key encryption and RSA for key exchanges and digitalsignatures

Pretty Good Privacy (PGP) was developed by Phil Zimmerman and uses the IDEACipher along with RSA for key exchange