*, MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

L |= (Autonomous)
ia al (ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

I tant Inst . P x
1) The answers should be examined by key words and not as word-to-word as given in the
model answer scheme.
2) The model answer and the answer written by candidate may vary but the examiner may
try to assess the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more
Importance (Not applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in
the figure. The figures drawn by candidate and model answer may vary. The examiner
may give credit for anyequivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed
constant values may vary and there may be some difference in the candidate’s answers
and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of
relevant answer based on candidate's understanding.
7) For programming language papers, credit may be given to any other program based on
equivalent concept.
8) As per the policy decision of Maharashtra State Government, teaching in English/Marathi
and Bilingual! (English + Marathi) medium is introduced at first year of AICTE diploma
Programme from academic year 2021-2022. Hence if the students in first year (first and
second semesters) write answers in Marathi or bilingual language (English +Marathi), the
Examiner shall consider the same and assess the answer based on matching of concepts
with model answer.

Q. Sub Answer Marking

No} Q.N. Scheme
1. Attempt any FIVE of the following: 10
a) | Define computer security and state it’s need 2M
Ans. | Computer Security refers to techniques for ensuring that data stored Dein
in a computer cannot be read or compromised by any individuals
without authorization.

Need of computer Security:

1. For prevention of data theft such as bank account numbers, credit toil
card information, passwords, work related documents or sheets, etc.
2. To make data remain safe and confidential.
3. To provide confidentiality which ensures that only those
individuals should ever be able to view data they are not entitled to.

Page 1/27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code{ 22620

4. To provide integrity which ensures that only authorized individuals
should ever be able change or modify information.
5. To provide availability which ensure that the data or system itself
is available for use when authorized user wants it.
6. To provide authentication which deals with the desire to ensure
that an authorized individual.
OR
The need of computer security has been threefold: confidentiality,
integrity, and authentication—the “CIA” of security.
1. Confidentiality: the principle of confidentiality specifies that
only sender and intended recipients should be able to access the
contents of a message. Confidentiality gets compromised if an
unauthorized person is able to access the contents of a message.
2. Integrity: when the contents of the message are changed after the
sender sends it, but before it reaches the intended recipient, we
say that the integrity of the message is lost.
3. Authentication: Authentication helps to establish proof of
identities. The Authentication process ensures that the origin of a
message is correctly identified.

b) Explain shoulder surfing attack. 2M

Ans. Shoulder surfing a similar procedure in which attackers position
themselves in such a way as to- be-able to observe the authorized user Relevant
explanation
entering the correct access code. 2M
Shoulder surfing is an effective way to get information in crowded
places because it's relatively easy to stand next to someone and watch
as they fill out a form, enter a PIN number at an ATM machine, or
use a calling card at a public pay phone. Shoulder surfing can also be
done long distance with the aid of binoculars or other vision-
enhancing devices.
Shoulder surfing is using direct observation techniques, such as
looking over someone's shoulder, to get information.

Page 2/27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
A Le (Autonomous)
aia caal (ISO/IEC - 27001 - 2005 Certified)
WINTER — 2022 EXAMINATION
MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

c) Explain the term cryptography. 2M

Ans. | Cryptography: Cryptography is the art and science of achieving] ©”e<t
security by encoding messages to make them non-readable. &P gaaton

INTELUGIBLE | UNINTELUGIBLE
DATA CRYPTOGRAPHY T—9) yr Dioggpan
d) State the meaning of hacking. 2M
Ans. | Hacking in simple terms means an illegal intrusion into a computer} Correct
system and/or network. Government websites are the hot target of the | &!anation
hackers due to the press coverage, it receives, Hackers enjoy the 2M
media coverage.
OR
Hacking is the act of identifying and then exploiting weaknesses in a
computer system or network, usually to gain unauthorized access to
personal or organizational data. Hacking is not always a malicious
activity, but the term has mostly negative connotations due to its
association with cybercrime.
e) Describe sniffing attack. 2M
Ans. | This is software or hardware that is used to observe traffic as it passes | _ Co/7ect
through a network on shared broadcast media. It can be used to view aman
all traffic or target specific protocol, service, or string of characters
like logins. Some network sniffers are not just designed to observe
the all traffic but also modify the traffic. Network administrators use
sniffers for monitoring traffic. They can also use for network
bandwidth analysis and to troubleshoot certain problems such as
duplicate MAC addresses.
f) Explain need for firewall. 2M
Ans. | A firewall is a network security device that monitors incoming | 4” ‘©
and outgoing network traffic and permits or blocks data packets ness aM
based on a set of security rules.
e [ts purpose is to establish a barrier between your internal network
and incoming traffic from external sources (such as the internet)
in order to block malicious traffic like viruses and hackers.
e Firewalls can be an effective means of protecting a local system
or network of systems from network-based security threats while
at the same time affording access to the outside world via wide
area networks and the Internet.

Page 3/27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code 22620
g) Explain use of PCI DSS 2M
Ans. | The Payment Card Industry Data Security Standard (PCI DSS) is a} ?'"ect
set of security standards designed to ensure that all companies that carried
accept process, store or transmit credit card information maintain a
secure environment.PCI DSS is the global data security standard that
any business of any size must adhere to in order to accept payment
cards, and to store, process, and/or transmit cardholder data. It
presents common sense steps that mirror best security practices.
2. Attempt any THREE of the following: 12
a) | Define Risk. Describe qualitative and quantitative risk analysis. 4M
Ans. | Risk: A computer security risk is any event or action that could cause | Pefinition
a loss or damage to computer hardware, software, data, or Mt
information OR Risk is probability of threats that may occur because | ¢ ynjanation
of presence of vulnerability in a system.
qualitative
Quantitative Risk Analysis: A Process of assigning a numeric value and
to the probability of loss based on known risks, on financial values of ad otro
the assets and on probability of threats. It is used to determine 3M
potential direct and indirect costs to the company based on values
assigned to company assets and their exposure to risk. Assets can be
rated as the cost of replacing an asset, the cost of lost productivity, or
the cost of diminished brand reputation. In this 100% quantitative risk
analysis is not possible.

Qualitative Risk Analysis: A collaborative process of assigning

relative values to assets, assessing their risk exposure and estimating
the cost of controlling the risk. It utilizes relative measures and
approximate costs rather than precise valuation and _ cost
determination. Assets can be rated based on criticality - very
important, important, not-important etc. Vulnerabilities can be rated
based on how it is fixed - fixed soon, should be fixed, fix if suitable
etc. Threats can be rated based on scale of likely - likely, unlikely,
very likely etc. In this 100% qualitative risk anal ysis is feasible.
b) Explain working of biometric access control with any type of 4M
example. Diagram
Ans. | Biometric refers study of methods for uniquely recognizing humans 1M
based upon one or more intrinsic physical or behavioral Explanation
characteristics. Biometric identification is used on the basis of some 3M
unique physical attribute of the user that positively identifies the user.

Page 4/27
 jo Tey,

ri ——e MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

ac 2 (Autonomous)
li aal (ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

Example: finger print recognition, retina and face scan technique,

voice synthesis and recognition and so on. Different types of
Biometrics
1. Finger print recognition
2. Hand print recognition
3. Retina/iris scan technique
4. Face recognition
5. Voice patterns recognition
6. Signature and writing patterns recognition
7. Keystroke dynamics

Enviionment =Felecence teenplate

Preprocessing a = mS ug, Matching process

Fig. block diagram of biometric system

Finger print recognition
Above figure shows the block diagram of biometric system.
Fingerprint registration & verification process
1. During registration, first time an individual uses a biometric
system is called an enrollment.
2. During the enrollment, biometric information from an individual is
stored.
3. In the verification process, biometric information is detected and
compared with the information stored at the time of enrolment.
4. The first block (sensor) is the interface between the real world and
the system: it has to acquire all the necessary data.
5. The 2nd block performs all the necessary pre-processing
6. The third block extracts necessary features. This step is an
important step as the correct features need to be extracted in the
optimal way.
7. If enrollment is being performed the template is simply stored
somewhere (on a card or within a database or both).
8. If a matching phase is being performed the obtained template is

Page 5/27
 aT Te MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
a i (Autonomous)
aaa (ISO/IEC - 27001 - 2005 Certified)
WINTER — 2022 EXAMINATION
MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

passed to a matcher that compares it with other existing templates,

estimating the distance between them using any algorithm.
9, The matching program will analyze the template with the input.
This will then be output for any specified use or purpose.

Limitations:-
1) Using the fingerprint scanner does not take into consideration
when a person physically changes
2) The cost of computer hardware and software programs can be
expensive
3) Using the fingerprint scanner can lead to false rejections and false
acceptance.
4) It can make mistakes with the dryness or dirty of the fingers skin,
as well as with the age (is not appropriate with children, because the
size of their fingerprint changes quickly.
c) Explain Caesar’s cipher substitute technique with suitable 4M
example.
Ans. | Caesar cipher technique is proposed by Julius Caesar. It is one of the | Explanation
simplest and most widely known encryption techniques. It is a type of 2M
substitution technique in which each letter in the plain text is replaced | —_-
223 xanple
by a letter some fixed number of position down the alphabet. The 2M
Caesar cipher involves replacing each letter of the alphabet with the
letter three places further down the alphabet. For example, with a
shift of 3, A would be replaced by D, B would became E, and so on
as shown in the table below

Pian }
heat A B c;] Dy E
Cipher
text D E F G E I 7/E|LIMI N| Oo] F

Plain | N o |F R |S T jv |¥ Wiix /¥Y |z

o

wrt

CphriQ |k |S |r |u |v |w Ix |¥ |z |A |B \c
ext

Example
PLAIN TEXT - COMPUTER ENGINEERING
Convert each alphabet in the plain text, using the table, the cipher text
can be written as
CIPHER TEXT —- FRPSXWHU HQJLQHHULQJ
Algorithm to break Caesar cipher:

Page 6/27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

1. Read each alphabet in the cipher text message, and search for it in
the second row of the table above.
2. When a match in found, replace that alphabet in the cipher text
message with the corresponding alphabet in the same column but the
first row of the table. (For example, if the alphabet cipher text is J,
replace it with G).
3. Repeat the process for all alphabets in the cipher text message.
d) Describe DES algorithm with suitable example. 4M
Ans. Data Encryption Standard is symmetric block cipher which takes
input of 64-bit plain text along with 64-bit key and process it, to Diagram
IM
generate the 64-bit cipher text.
The diagram below illustrates the working of DES. Explanation
in short 3M
| Pee lest
i ote ]

[ew Sermunenn ]

[ pt uP

Kevo—>[_ehowe bY, ] tRene |< am

|
q
| trew Perréako

| oher leat {bes

DES Encryption:-
Step 1: In the first step the 64-bit plain text undergoes initial
permutation which rearranges the bits to produce two 32-bit permuted
block which is called left plain text (LPT 32-bit) and right plain text
(RPT 32-bit).
Step 2: Now, 16 rounds of DES encryption will be performed on this
LPT and RPT with a 56-bit key.
Step 3: After the 16th round the 32-bit LPT and 32-bit RPT are
integrated which forms a 64-bit block again and then the final
permutation is applied to this 64-bit block, to obtain the 64-bit cipher
text.
Rounds in Data Encryption Standard
Each round of DES performs the same function. So, below are the
steps of the function performed in each round of DES algorithm:

Page 7/27
 re
-” #4,
z 3
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
a1 | ans - (Autonomous)
“*, a

(ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code{__22620

1. Key Transformation: -In DES initial key size is 64-bit which is

reduced to the 56-bit key. This is done by discarding every 8th bit
from the 64-bit key. So, for each round of DES, this 56-bit key is
used. In the key transformation step, this 56-bit is transformed to the
48-bit key.

2. Expansion Permutation: -In the first step of encryption, during

the initial permutation of DES, the 64-bit plain text is permuted and
we have 32-bit LPT and 32-bit RPT. Now, the expansion permutation
is performed on the 32-bit RPT which transforms it from 32-bit to 48-
bit. The 32-bit LPT is untouched during the process.

3. S-box Substitution:-The input to S-box is 48-bit resultant block of

expansion permutation. In S-box substitution, the input 48-bit block
is transformed to 32-bit block

4. P-box Permutation:- The 32-bit output obtained from s-box

substitution is provided as an input to P-box. Here, the 32-bit input is
simply permuted and send to the next step.

5. XOR and Swap:-lIn this step, the 32-bit LPT of the initial 64-bit
plain text is XOR with the output of P-box permutation. The result of
the XOR is the new RPT for next round and the old RPT is swapped
with LPT.
DES Decryption:-
The same Data Encryption Standard algorithm used for encrypting
the plain text is also used to decrypting the cipher text. But the
algorithm is reversed, such as the initial and final permutation events
are reversed. Even the sequence of the sub keys applied in 16 rounds
of DES is also reversed.
Attempt any THREE of the following: 12
a) Explain the term Authorization and Authentication with respect 4M
to security. Explanation
Ans. Authorization: It is a process of verifying that the known person has of each term
2M
the authority to perform certain operation. It cannot occur without
authentication, It is nothing but granting permissions and rights to
individual so that he can use these rights to access computer resources
or information.

Page 8/27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

Authentication. Authentication is the process of determining identity

of a user or other entity. It is performed during log on process where
user has to submit his/her username and password. There are three
methods used in it. 1. Something you know User knows user id and
password. 2. Something you have Valid user has lock and key. 3.
Something about you User’s unique identity like fingerprints, DNA
ete.
b) Write an algorithm for simple columnar transposition technique 4M
and explain with example.
Ans. Simple columnar transposition technique: Algorithm
1M
Algorithm:
1. The message is written out in rows of a fixed length. Any
2. Read out again column by column according to given order or in relevant
example 3M
random order.
3. According to order write cipher text.
Example
The key for the columnar transposition cipher is a keyword e.g.,
ORANGE. The row length that is used is the same as the length of
the keyword.
To encrypt a below plaintext! COMPUTER PROGRAMMING

oO|;|R|A N G |E
cio t|MIiP U T
EIR |P R oO |G
Ri|A |M[IM [I N
G | L E x x M

In the above example, the plaintext has been padded so that it neatly
fits in a rectangle. This is known as a regular columnar transposition.
An irregular columnar transposition leaves these characters blank,
though this makes decryption slightly more difficult. The columns are
now reordered such that the letters in the key word are ordered
alphabetically.

Page 9/27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code 22620

Ss|6 |1 |4 [3 |2
o|R|AIN|IGIE
c;}OoO|M/[P U {T
E|R|P RZ 1|O |.G
RIA IM{M|{I N
G/L E x |X |M

The Encrypted text or Cipher text is:

MPMETGNMUOIXPRXCERGORAL
c) Describe DMZ with suitable example. 4M
Ans. DMZ (Demilitarized Zone): It is a computer host or small network Description
2M
inserted as a “neutral zone” in a company’s private network and the
outside public network. It avoids outside users from getting direct Diagram
access to a company’s data server. A DMZ is an optional but more 1M

secure approach to a firewall. It can effectively acts as a proxy server. Any one
The typical DMZ configuration has a separate computer or host in Exarrple
iM
network which receives requests from users within the private
network to access a web sites or public network. Then DMZ host
initiates sessions for such requests on the public network but it is not
able to initiate a session back into the private network. It can only
forward packets which have been requested by a host. The public
network’s users who are outside the company can access only the
DMZ host. It can store the company’s web pages which can be served
to the outside users. Hence, the DMZ can’t give access to the other
company’s data. By any way, if an outsider penetrates the DMZ’s
security the web pages may get corrupted but other company’s
information can be safe.

Page 10/27
 a ae,
— -, MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
al | |e (Autonomous)
aaa (ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

Examples:
1) Web servers
It’s possible for web servers communicating with internal database
servers to be deployed in a DMZ. This makes internal databases more
secure, as these are the repositories responsible for storing sensitive
information. Web servers can connect with the internal database
server directly or through application firewalls, even though the DMZ
continues to provide protection.

2) DNS servers
A DNS server stores a database of public IP addresses and their
associated hostnames. It usually resolves or converts those names to
IP addresses when applicable. DNS servers use specialized software
and communicate with one another using dedicated protocols. Placing
a DNS server within the DMZ prevents external DNS requests from
gaining access to the internal network. Installing a second DNS
server on the internal network can also serve as additional security.

3)Proxy servers
A proxy server is often paired with a firewall. Other computers use it
to view Web pages. When another computer requests a Web page, the
proxy server retrieves it and delivers it to the appropriate requesting

Page 11/27
 ”
=
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
aa ?
3

ae HH
5 (Autonomous)
“*, ee,

i)
orm ee nil
(ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

machine. Proxy servers establish connections on behalf of clients,

shielding them from direct communication with a server. They also
isolate internal networks from external networks and save bandwidth
by caching web content.

d) Write short note on DAC and MAC 4M

Ans. | Discretionary Access control (DAC): Explanation
Restricting access to objects based on the identity of subjects and or Feng ern
groups to which they belong to, it is conditional, basically used by
military to control access on system. UNIX based System is common
method to permit user for read/write and execute

Mandatory Access control (MAC):

It is used in environments where different levels of security are
classified. It is much more restrictive. It is sensitivity-based
restriction, formal authorization subject to sensitivity. In MAC the
owner or User cannot determine whether access is granted to or not.
ic. Operating system rights. Security mechanism controls access to
all objects and individual cannot change that access.
4. Attempt any THREE of the following: 12
a) Write a short note on stegnography. 4M
Ans. | Steganography is the art and science of writing hidden message in
such a way that no one, apart from the sender and intended recipient, tail
suspects the existence of the message. OM a
Steganography works by replacing bits of useless or unused data in Any
regular computer files (such as graphics, sound, text, html or even| — relevant
floppy disks) with bits of different, invisible information. diagram M
This hidden information can be plain text, cipher text or even images. OR
In modern steganography, data is first encrypted by the usual means Advantage
and then inserted, using a special algorithm, into redundant data that 1M
is part of a particular file format such as a JPEG image. aia

Page 12 / 27
 =—, MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
a
(ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

actin Sepety

Cae sage inypo-epe

— asaat —i aie

1
mene
b
tnemanee
ee ae

Steganography process:
Cover-media + Hidden data + Stego-key = Stego-medium
Cover media is the file in which we will hide the hidden data, which
may also be encrypted using stego-key. The resultant file is stego-
medium. Cover-media can be image or audio file.
Advantages:
1. With the help of steganography we can hide secret message within
graphics image.
2. In modern Steganography, data is encrypted first and then inserted
using special algorithm so that no one suspects its existence.
Drawbacks:
1. It requires lot of overhead to hide a relatively few bits of
information.
2. Once the system is discovered, it becomes virtually worthless.
b) Explain honey pots. 4M
Ans. Honeypots are designed to purposely engage and deceive hackers and
identify malicious activities performed over the Internet. The Explanation
2M
honeypots are designed to do the following:
Any
1. Divert the attention of potential attacker. relevant
diagram2M
2. Collect information about the intruder’s action.

3. Provide encouragement to the attacker so as to stay for some time,

allowing the administrations to detect this and swiftly act on this.

Page 13 / 27
 oe, io Feey, Ye
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
z 3
+
Ta, -
= (Autonomous)
"eg 7 ll
(ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

Honeypots are designed for 2 important goals

1. Make them look-like full real-life systems.
2. Do not allow legitimate users to know about or access them.
wes

Fl

< ia !
ROVER HONEY HeEWALL

Pot

c) Explain Host based IDS. 4M

Ans. | (Host Intrusion Detection System (HIDS) Explanation
Host intrusion detection systems (HIDS) run on independent hosts or 2M
devices on the network. A HIDS monitors the incoming and outgoing Semen
packets from the device only and will alert the administrator if
suspicious or malicious activity is detected. It takes a snapshot of
existing system files and compares it with the previous snapshot. If
the analytical system files were edited or deleted, an alert is sent to
the administrator to investigate. Anexample of HIDS usage can be
seen on mission critical machines, which are not expected to change
their layout.

Basic Components HIDS:

* Traffic collector:
This component collects activity or events from the IDS to examine.
On Host-based IDS, this can be log files, audit logs, or traffic coming
to or leaving a specific system

Page 14/27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

* Analysis Engine:
This component examines the collected network traffic & compares it
to known patterns of suspicious or malicious activity stored in the
signature database. The analysis engine acts like a brain of the IDS.
* Signature database:
It is a collection of patterns & definitions of known suspicious or
malicious activity.
* User Interface & Reporting:
This is the component that interfaces with the human element,
providing alerts & giving the user a means to interact with & operate
the IDS.
d) Describe working principle of SMTP. 4M
Ans. 1. Composition of Mail: A user sends an e-mail by composing an Working
prindple
electronic mail message using a Mail User Agent (MUA). Mail User explanation
Agent is a program which is used to send and receive mail. The 2M
message contains two parts: body and header. The body is the main
part of the message while the header includes information such as the Suitable
sender and recipient address. The header also includes descriptive diagram 2M
information such as the subject of the message. In this case, the
message body is like a letter and header is like an envelope that
contains the recipient's address.

2. Submission of Mail: After composing an email, the mail client

then submits the completed e-mail to the SMTP server by using
SMTP on TCP port 25.

3. Delivery of Mail: E-mail addresses contain two parts: username of

the recipient and domain name. For example, vivek(@gmail.com,
where "vivek" is the username of the recipient and "gmail.com" is the
domain name.
If the domain name of the recipient's email address is different from
the sender's domain name, then MSA will send the mail to the Mail
Transfer Agent (MTA). To relay the email, the MTA will find the
target domain. It checks the MX record from Domain Name System
to obtain the target domain. The MX record contains the domain
name and IP address of the recipient's domain. Once the record is
located, MTA connects to the exchange server to relay the message.

Page 15/27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

4. Receipt and Processing of Mail: Once the incoming message is

received, the exchange server delivers it to the incoming server (Mail
Delivery Agent) which stores the e-mail where it waits for the user to
retrieve it,

5. Access and Retrieval of Mail: The stored email in MDA can be

retrieved by using MUA (Mail User Agent). MUA can be accessed
by using login and password.

e) Explain creation and verification of digital signature. 4M

Ans. Working of digital signature Generation and Verification: Working

1. Key Generation: Digital signature are electronic signatures, which

assures that the message was sent by a particular sender. While
performing digital transactions authenticity and integrity should be
assured, otherwise the data can be altered or someone can also act as
if he was the sender and expect a reply.

2. Signature Verification: Verifier receives Digital Signature along

with the data. It then uses Verification algorithm to process on the
digital signature and the public key (verification key) and generates
some value. It also applies the same hash function on the received
data and generates a hash value. Then the hash value and the output
of the verification algorithm are compared. If they both are equal,
then the digital signature is valid else it is invalid.

Page 16 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

Decryphian Verification of digital

Mevsage Sgeut | Message digest | receiver

Attempt any TWO of the following: 12

a) Explain any three criteria for classification of information. 6M
Ans. i) Useful life Any three
critaia2M
A data is labeled ‘more useful’ when the information is available each
ready for making changes as and when required. Data might need to
be changed from time to time, and when the ‘change’ access is
available, it is valuable data.
ii) Value of data
This is probably the most essential and standard criteria for
information classification. There is some confidential and valuable
information of every organization, the loss of which could lead to
great losses for the organization while creating organizational issues.
Therefore, this data needs to be duly classified and protected.
iii) Personal association
It is important to classify information or data associated with
particular individuals or addressed by privacy law.
iv) Age
The value of information often declines with time. Therefore, if the
given data or information comes under such a category, the data
classification gets lowered.

Page 17 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
saianeal (ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code 22620

b) List types of firewall and explain any one of them. 6M

Ans. | (Note Firewadls avalaHle in market can also be cansi dered)

List of firewall: acy

1. Packet filter as a firewall
2. Circuit level gateway firewall Diagram
3. Application level gateway firewall with
4. Proxy server as a firewall explanation
5. Stateful multilayer Inspection Firewall Taryn

1. Packet filter as a firewall : As per the diagram given below

Firewall will act according to the table given for example source IP
150.150,0.0 is the IP address of a network , all the packets which are
coming from this network will be blocked by the firewall in this way
it is acting as a firewall. Table also having port 80, IP Address
200.75.10.8 & port 23 firewall will act in the similar fashion. Port 23
is for Telnet remote login in this case firewall won't allow to login
onto this server. IP Address 200.75.10.8 is the IP address of
individual Host, all the packet having this IP address as a destination
Address will be denied. Port 80 no HTTP request allowed by firewall

Packet Filtering

2. Circuit level gateway Firewalls: The circuit level gateway

firewalls work at the session layer of the OSI model. They monitor
TCP handshaking between the packets to determine if a requested
session is legitimate. And the information passed through a circuit
level gateway, to the internet, appears to have come from the circuit
level gateway. So, there is no way for a remote computer or a host to
determine the internal private ip addresses of an organization, for
example. This technique is also called Network Address Translation
where the private IP addresses originating from the different clients
inside the network are all mapped to the public IP address available

Page 18 / 27
 wa MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
a. |= (Autonomous)
Pence (ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Codej__22620

through the internet service provider and then sent to the outside
world (Internet). This way. the packets are tagged with only the
Public IP address (Firewall level) and the internal private IP
addresses are not exposed to potential intruders
( heeled
eetheied

femide
comrection |
Needle bot

(eo) Cheentt-level partes

3. Application level gateway Firewalls: Application level firewalls

decide whether to drop a packet or send them through based on the
application information (available in the packet). They do this by
setting up various proxies on a single firewall for different
applications. Both the client and the server connect to these proxies
instead of connecting directly to each other. So, any suspicious data
or connections are dropped by these proxies. Application level
firewalls ensure protocol conformance. For example, attacks over http
that violates the protocol policies like sending Non-ASCII data in the
header fields or overly long string along with NonASCII characters in
the host field would be dropped because they have been tampered
with, by the intruders.

Y= network
Applicatios level gateway firewall

Page 19 / 27
 ”

la, MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

ALTE (Autonomous)
. “me . (ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Codej__22620

4. Stateful multilayer Inspection Firewall (SMLI)

The stateful multi-layer inspection (SMLI) firewall uses a
sophisticated form of packet-filtering that examines all seven layers
of the Open System Interconnection (OSI) model. Each packet is
examined and compared against known states of friendly packets.
While screening router firewalls only examine the packet header,
SMLI firewalls examine the entire packet including the data. SMLI is
a mechanism that uses a sophisticated form of packet-filtering,
examining all major layers of the OS] model. In other words, this
type of filter examines packets on the network, transmission, and
application levels, comparing them to known trusted packets. SMLI
checks the entire packet and only allows it to pass through each layer
individually. Such firewalls inspect packets to assess the state of
communication in order to ensure that all facilitated communication
only takes place with trusted sources. To be more specific, an SMLI
firewall is not necessarily a single firewall implementation. Rather, it
is a series of firewalls that work in concert to secure traffic at
different levels of the OSI model. It may be a composition of a
stateless packet filter, a stateful firewall, as well as an application-
level proxy. SMLI.

Page 20 / 27
 a<<
s
MAHARASHTRA STATE BOARD OF TECHNICAL
(Autonomous)
EDUCATION

(ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

c) Explain IP sec security with help of diagram. 6M

Diagram
[ 2M
TT =
Explanation
a] gles aM
Applicaton Layer
gol ations Linger

a ~Tranuport layer
Re unpre ———

—__— Incesne! layer

Cama #
It encrypts and seal the transport and application layer data during
transmission. It also offers integrity protection for internet layer. It
sits between transport and internet layer of conventional TCP/IP
protocol 1. Secure remote internet access: Using IPsec make a local
call to our internet services provider (ISP) so as to connect to
organization network in a secure fashion from our house or hotel
from there; to access the corporate network facilities or access remote
desktop/servers. 2. Secure branch office connectivity: Rather than
subscribing to an expensive leased line for connecting its branches
across cities, an organization can setup an IPsec enabled network for
security. 3. Setup communication with other organization: Just as
IPsec allow connectivity between various branches of an
organization, it can also be used to connect the network of different
organization together in a secure & inexpensive fashion. Basic
Concept of IPsec Protocol: IP packet consist two position IP header &
actual data [Psec feature are implemented in the form of additional
headers called as extension header to the standard, default IP header.
IPsec offers two main services authentication & confidentially. Each
of these requires its own extension header. Therefore, to support these
two main services, IPsec defines two IP extension header one for
authentication & another for confidentiality.

Page 21/27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

It consists of two main protocols

Authentication header (AH): Authentication header is an IP Packet
(AH) protocol provides authentication, integrity &an optional anti-
reply service. The [Psec AH is a header in an IP packet. The AH is
simply inserted between IP header & any subsequent packet contents
no changes are required to data contents of packet. Security resides
completing in content of AH.
Encapsulation Header (ESP): Used to provide confidentiality, data
origin authentication, data integrity. It is based on symmetric key
cryptography technique. ESP can be used in isolation or it can be
combined with AH.
Protecting a datagam wit Authontcaton Meader

| heacer | TCPYUDP header | Upper layer payload |

' $ i; whe
¥ +. ~~

iP header [woos | TCPUDP header | Upper layer pa yioad *

Protecting a datagram win Encapsulated Security Payload

[ reader | TCPUDP hoader | Urper layer payload |

a .
IP heater TCPUDP heacder | Upper
layer paytoad

@ Piste | Encypia
Fig: AP and ESP
Attempt any TWO of the following: 12
a) Define virus and describe the phases of virus. 6M
Ans. Definition: Virus is a program which attaches itself to another Definition
2M
program and causes damage to the computer system or the network. It
is loaded onto your computer without your knowledge and runs Phases 4M
against your wishes.
During the lifecycle of virus it goes through the following four
phases:
1. Dormant phase: The virus is idle and activated by some event.
2. Propagation phase: [t places an identical copy of itself into other
programs or into certain system areas on the disk.
3. Triggering phase: The virus is activated to perform the function
for which it was intended.
4. Execution phase: The function of virus is performed

Page 22 / 27
 ~~
al e MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
hice (ISO/IEC - 27001 - 2005 Certified)
WINTER — 2022 EXAMINATION
MODEL ANSWER
Subject: Network & Information Security Subject Code 22620
b) Explain Kerberos with help of suitable diagram. 6M
Ans. | Kerberos: Kerberos is a network authentication protocol. It is
designed to provide strong authentication for client/server | Stepby step
applications by using secret-key cryptography. It uses secret key ope
cryptography. It is a solution to network security problems. It} _ 4).
provides tools for authentication and strong cryptography over the} gaeran6
network to help you secure your information system There are 4
parties involved in Kerberos protocol
i) User
ii) Authentication service (AS)
iii) Ticket granting server (TGS)
iv) Service server
Working of Kerberos:
1. The authentication service, or AS, receivers the request by the
client and verifies that the client is indeed the computer it claims to
be. This is usually just a simple database lookup of the user’s ID.

User Id

——
—|
client
Authentication server (AS)

2. Upon verification, a timestamp is created. This puts the current

time in a user session, along with an expiration date. The default
expiration date of a timestamp is 8 hours. The encryption key is then
created. The timestamp ensures that when 8 hours is up, the
encryption key is useless.
3. The key is sent back to the client in the form of a ticket-granting
ticket, or TGT. This is a simple ticket that is issued by the
authentication service. It is used for authentication the client for
future reference.

Page 23 / 27
 oe Fae
re,
*S——~ MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
: Us
(Autonomous)
ane (ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

Ticket granting ticket

Time stamp: 8 hrs.
et

Cc)
Chent
Authentication server (AS)

4. The client submits the ticket-granting ticket to the ticket-granting

server, or TGS, to get authenticated.

Om
cent
Authenticaten server (AS)

TGT Ticket -
Tene stare Ehrs 2 —

Ticket Ceaming Server (TOS)

5. The TGS creates an encrypted key with a timestamp, and grants the
client a service ticket.

Ss
[|__| —
il
Amthonicsbos sores (AS)

Eacrypted key Ss a
‘Tien starep: © bes se

Ticket Granting Server (NGS)

6. The client decrypts the ticket, tells the TGS it has done so, and then
sends its own encrypted key to the service.

Page 24/27
 “+ MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
; $ (Autonomous)
Perasseet (ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

cliem i Authenticanon servet (AS)

Eacrypted key
Tene ttamp Shr
Ticket Granting Server (TGS)

Service terver

7. The service decrypts the key, and makes sure the timestamp is still
valid. If it is, the service contacts the key distribution center to
receive a session that is returned to the client.

Service server

8. The client decrypts the ticket. If the keys are still valid,
communication 1s initiated between client and server.
c) Write a brief note on firewall configuration 6M
Ans. | A firewall is combination of packet filter and application level an
getway , Base on these there are three types of configurations
Explanation
Firewall Configurations: 4M
]
|
Sorsened Hos! firewall, Gesveres Host frase, } Screered
Singie-+tomed Bastion QuarHorned Bastion ‘Subnet Firewall

1. Screened Host firewall, Single-Homed Bastion

a) Here , the firewall configuration consist of two parts a packet
filter router and application level gateway
b) A packet filter router will insure that the income traffic will
allowded only if it is intended for the application gatway, by
examining the dstination address field of each incomming IP
Packet

Page 25/27
 oa * MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
a bs (Autonomous)
i (ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

c) It will also insure that outgoing traffic is allowded only if it is

originated from appliocation level gateway, by examining the
source address field of every outgoing IP packet.
d) An application level gateway perfors authentication as well as
proxy function

Eelsi
Ld
|
|

Fig: Single Homed Bastion

Advantages: It improve security of network by performing checks at
both levels- thet is packet and application level.
It provide flexibility fexibility to the network administrator to define
more secure policies.
Disadvantages : Internal users are connected to the application
gateway as well as packet filter router , So if any how packet filter is
attacked . then the whole internal network is exposed to the attacker.
1. Screened Host Firewall , Dule Homed Bastion: In this type of
Configuration the direct connection between internal host and packet
filter are avoided.
Here the packet filter connection only to the application gateway,
which is turned as separate connection with the internal host.
Hence, Packet filter is successfully attacked, and then only
application gateway is visible to the attacker.

#| ——
ga, Ele
Fig: Dule Homed Bastion

Page 26 / 27
 Jae MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
a | | |= (Autonomous)
al (ISO/IEC - 27001 - 2005 Certified)

WINTER — 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code 22620

3 Screened Subnet Firewall

This type of configuration offer highest security among the possible
configurations
In this type two packet filters are used , one between internet and
application gateway and other in between application gateway and
internal network
This configuration achieve 3 level of security of an attacker to break
into

i
_——s some ‘uae 4aoe

:
sg |@f2\e=—
|| Packet finer
TELNET +
i

; ee U
Fig: Screened Subnet Firewall

Page 27/27