lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Important Instructions to examiners:

1) The answers should be examined by key words and not as word-to-word as given in the model answer
scheme.
2) The model answer and the answer written by candidate may vary but the examiner may try to assess
the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more Importance (Not
applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in the figure.
The figures drawn by candidate and model answer may vary. The examiner may give credit for any
equivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed constant values
may vary and there may be some difference in the candidate‟s answers and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of relevant answer
based on candidate‟s understanding.
7) For programming language papers, credit may be given to any other program based on equivalent
concept.
8) As per the policy decision of Maharashtra State Government, teaching in English/Marathi and
Bilingual (English + Marathi) medium is introduced at first year of AICTE diploma Programme from
academic year 2021-2022. Hence if the students in first year (first and second semesters) write
answers in Marathi or bilingual language (English +Marathi), the Examiner shall consider the same
and assess the answer based on matching of concepts with model answer.

Q.N Sub Answer Marking

o Q.N. Scheme
1. Attempt any FIVE of the following: 10
a) Define following terms: 2M
i) Confidentiality
ii) Accountability
Ans i) Confidentiality: The principle of confidentiality specifies that only 1M for
sender and intended recipients should be able to access the contents of each
a message. Confidentiality gets compromised if an unauthorized person definition
is able to access the contents of a message.
OR
The goal of confidentiality is to ensure that only those individuals who
have the authority can view a piece of information, the principle of
confidentiality specifies that only sender and intended recipients
should be able to access the contents of a message. Confidentiality gets
compromised if an unauthorized person is able to access the contents
of a message.
ii) Accountability: The principle of accountability specifies that every
individual who works with an information system should have specific

Page 1 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

responsibilities for information assurance.

The tasks for which a individual is responsible are part of the overall
information security plan and can be readily measurable by a person
who has managerial responsibility for information assurance.
One example would be a policy statement that all employees must
avoid installing outside software on a company-owned information
infrastructure.
OR
The security goal that generates the requirement for actions of an entity
to be traced uniquely to that entity.
b) Explain the terms: 2M
i) Shoulder surfing
ii) Piggybacking
Ans. i) Shoulder surfing: It is using direct observation techniques, such as 1M for
looking over someone's shoulder, to get information. Shoulder surfing each
is a similar procedure in which attackers position themselves in such a explanation
way as to- be-able to observe the authorized user entering the correct
access code.
• Shoulder surfing is an effective way to get information in crowded
places because it's relatively easy to stand next to someone and watch
as they fill out a form, enter a PIN number at an ATM machine, or use
a calling card at a public pay phone. Shoulder surfing can also be done
long distance with the aid of binoculars or other vision-enhancing
devices.

ii) Piggybacking : Piggybacking on Internet access is the practice of

establishing a wireless Internet connection by using another
subscriber's wireless Internet access service without the subscriber‟s
explicit permission or knowledge.
OR
Access of wireless internet connection by bringing one's own computer
within range of another wireless connection & using that without
explicit permission , it means when an authorized person allows
(intentionally or unintentionally) others to pass through a secure door.
OR
An attacker can thus gain access to the facility without having to know
the access code or having to acquire an access card. It is the simple
tactic of following closely behind a person who has just used their own
access card or PIN to gain physical access to a room or building.

Page 2 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

c) Define term cryptography. 2M

Ans. Cryptography is art & science of achieving security by encoding 2M for
messages to make them non-readable. definition,
diagram is
optional

d) Classify following cyber crimes: 2M

i) Cyber stalking
ii) Email harassment 1M for
Ans. i) Cyber stalking : Cyber Stalking means following some ones each
activity over internet. This can be done with the help of many protocols explanation
available such as e- mail, chat rooms, user net groups.
OR
Cyber stalking :Cyberstalking/ Harassment refers to the use of the
internet and other technologies to harass or stalk another person online,
and is potentially a crime in the India under IT act-2000.
This online harassment, which is an extension of cyberbullying and in-
person stalking, can take the form of e-mails, text messages, social
media posts, and more and is often methodical, deliberate, and
persistent.

ii) Email harassment : Email harassment is usually understood to be

a form of stalking in which one or more people send consistent,
unwanted, and often threatening electronic messages to someone else
OR
Email harassment : Cybercrime against individual
e) Differentiate between viruses & worms (any two) 2M
Ans. S. N Worms Virus 1M for
1. The worm is code that The virus is the program code each
replicate itself in order to that attaches itself to difference,
consume resources to application program and when any two can
bring it down. application program run it be
runs along with it considered
2. It exploits a weakness in It inserts itself into a file or
an application or operating executable program.
system by replicating itself

Page 3 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

3 It can use a network to It has to rely on users

replicate itself to other transferring infected
computer systems without files/programs to other
user intervention. computer systems.
4 Usually not. Worms Yes, it deletes or modifies
usually only monopolize files. Sometimes a virus also
the CPU and memory. changes the location of files.
5 Worm is faster than virus Virus is slower than worm.
6 E.g. Code red E.g. Macro virus, Directory
virus, Stealth Virus
f) Define firewall. Enlist types of firewalls. 2M
Ans. Definition Firewall: A firewall is a network security device that 1M for
monitors incoming and outgoing network traffic and permits or blocks definition
data packets based on a set of security rules. Its purpose is to establish 1M for
a barrier between your internal network and incoming traffic from listing any
external sources (such as the internet) in order to block malicious two types
traffic like viruses and hackers.
Types of Firewall :
1 .Packet Filter
2. Circuit level Gateway
3. Application Gateway
4. Software
5. Hardware
6. Hybrid
7. Stateful multilayer Inspection Firewall

g) Define AH & ESP with respect to IP security. 2M

Ans. Authentication header (AH): 1M each,
1. The AH provides support for data integrity and authentication of any one
IP packets. The data integrity service ensures that data inside IP point also
packet is not altered during the transit. can be
2. The authentication service enables an end user or computer system considered
to authenticate the user or the application at the other end and decides
to accept or reject packets accordingly
Encapsulation Header (ESP):
1. Used to provide confidentiality, data origin authentication, data
integrity.

2. It is based on symmetric key cryptography technique.

Page 4 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

3. ESP can be used in isolation or it can be combined with AH.

2. Attempt any THREE of the following: 12

a) Define following terms: 4M
i) Operating System Security
ii) Hot fix
iii) Patch
iv) Service pack
Ans. i) Operating System Security: The OS must protect itself from 1M for
security breaches, such as runaway processes ( denial of service ), each
memory-access violations, stack overflow violations, the launching of definition
programs with excessive privileges, and many others.
ii)Hot Fix : Normally this term is given to small software update
designed to address a particular problem like buffer overflow in an
application that exposes the system to attacks.
iii) Patch: This term is generally applied to more formal, larger s/w
updates that may address several or many s/w problems. Patches often
contain improvement or additional capabilities & fixes for known
bugs.
iv) Service Pack : service pack is a collection of updates and fixes,
called patches, for an operating system or a software program. Many of
these patches are often released before a larger service pack, but the
service pack allows for an easy, single installation.
OR
A service pack (SP) is an update, often combining previously released
updates, that helps make Windows more reliable. Service packs can
include security and performance improvements and support for new
types of hardware.
b) Explain the mechanism of fingerprint & voice pattern in 4M
Biometrics. 2M for
Ans. each
explanation
, diagram is
optional

Page 5 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Fingerprint registration & verification mechanism

1. During registration, first time an individual uses a biometric system
is called an enrollment.
2. During the enrollment, biometric information from an individual is
stored.
3. In the verification process, biometric information is detected and
compared with the information stored at the time of enrolment.
4. The first block (sensor) is the interface between the real world and
the system; it has to acquire all the necessary data.
5. The 2nd block performs all the necessary pre-processing.
6. The third block extracts necessary features. This step is an important
step as the correct features need to be extracted in the optimal way.
7. If enrollment is being performed the template is simply stored
somewhere (on a card or within a database or both).
8. If a matching phase is being performed the obtained template is
passed to a matcher that compares it with other existing templates,
estimating the distance between them using any algorithm.
9. The matching program will analyze the template with the input. This
will then be output for any specified use or purpose.
Voice pattern :
1. Biometric Voice Recognition is the use of the human voice to
uniquely identify biological characteristics to authenticate an
individual unlike passwords or tokens that require physical input.
2. Voice biometric recognition works by inputting the voice of the
individual whose identity has to be stored in the system. This input
is kept as a print for authentication. The input print is made with
software that can split the voice statement into multiple frequencies
3. A voice biometrics tool collects a user‟s voice template.

Page 6 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

it only checks who is speaking and what is speaking (Who you are and
what you speak)
c) Differentiate between symmetric and asymmetric key 4M
cryptography. 1M for
Ans. each valid
point, any
four points
can be
considered

d) Write & explain DES algorithm 4M

Ans.
2M for
diagram

2M for
explanation

Initial Permutation (IP): It happens only once. It replaces the first bit
of the original plain text block with the 58th bit of the original plain
text block, the second bit with the 50th bit of original plain text block
and so on. The resulting 64-bits permuted text block is divided into
two half blocks. Each half block consists of 32 bits. The left block
called as LPT and right block called as RPT.16 rounds are performed
on these two blocks. Details of one round in DES

Page 7 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Step 1 : key transformation: the initial key is transformed into a 56-

bit key by discarding every 8th bit of initial key. Thus ,for each round ,
a 56 bit key is available, from this 56-bit key, a different 48-bit sub key
is generated during each round using a process called as key
transformation Expansion Permutation Key Transformation
S-box substitution
XOR and swap
P-box Permutation

Step 2: Expansion permutation: During Expansion permutation the

RPT is expanded from 32 bits to 48 bits. The 32-bit RPT is divided
into 8 blocks, with each block consisting of 4-bits. Each 4-bits block of
the previous step is then expanded to a corresponding 6-bit block, per
4-bit block, 2 more bits are added. They are the repeated 1st and 4th
bits of the 4-bit block. The 2nd and 3rd bits are written as they were in
the input. The 48 bit key is XOR ed with the 48-bit RPT and the
resulting output is given to the next step.
Step 3: S-box substitution: It accepts the 48-bits input from the XOR
operation involving the compressed key and expanded RPT and
produces 32-bit output using the substitution techniques. Each of the 8
S-boxes has a 6-bit input and a 4-bit output. The output of each S-box
then combined to form a 32-bit block, which is given to the last stage
of a round
Step 4: P- box permutation: the output of S-box consists of 32-bits.
These 32-bits are permuted using P-box. Step
5: XOR and Swap: The LPT of the initial 64-bits plain text block is
XORed with the output produced by P box-permutation. It produces

Page 8 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

new RPT. The old RPT becomes new LPT, in a process of swapping.

Final Permutation: At the end of 16 rounds, the final permutation is

performed. This is simple transposition. For e.g., the 40th input bit
takes the position of 1st output bit and so on.

3. Attempt any THREE of the following: 12

a) Describe the features of DAC access control policy. 4M
Ans. DAC (discretionary access control) policy utilizes user identification 1M for
procedures to identify and restrict object access .It restricts access to explanation
objects based on the identity of subjects and or groups to which they , 3M for
belongs to. The owner of information or any resource is able to change features
its permissions at his discretion .Data Owners can transfer ownership
of information to other users .Data Owners can determine the type of
access given to other users (read, write etc.)

Features of DAC policy are as follows :-

Flexible –In DAC policy owner of information or resource can change
its permission.

Page 9 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Backup - Discretionary access control allows organizations to

backup security policies and data to ensure effective access points.

Usability - Discretionary access control is easy to use. Data Owners

can transfer ownership of information to other users easily.

b) Consider plain text “COMPUTER ENGINEERING” and convert 4M

given plain text into cipher text using „Caesar Cipher‟ with shift of
position three- write down steps in encryption.
Ans. Caesar cipher technique is proposed by Julius Caesar. It is one of the 2M for
simplest and most widely known encryption techniques. It is a type of explanation
substitution technique in which each letter in the plain text is replaced 2M for
by a letter some fixed number of position down the alphabet. The problem
Caesar cipher involves replacing each letter of the alphabet with the solution
letter three places further down the alphabet. For example, with a shift
of 3, A would be replaced by D, B would became E, and so on as
shown in the table below

PLAIN TEXT -COMPUTER ENGINEERING

CIPHER TEXT–FRPSXWHU HQJLQHHULQJ

c) Differentiate between host-based & network based IDS 4M

Ans. SN Host Based Ids Network Based Ids 1M for
1 Examines activity on an Examines activity on the each valid
individual system, such as a network itself point, any
mail server, web server, or four points
individual PC. can be
2 It is concerned only with an It has visibility only into the considered
individual system and traffic crossing the network
usually has no visibility into link it is monitoring and
the activity on the network typically has no idea of
or systems around it what is happening on
individual systems.

Page 10 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

3 HIDS is looking for certain NIDSs look for certain

activities that typify hos- activities that typify hostile
tile actions or misuse, such actions or misuse, such as
as the following: the following:
 Logins at odd hours  Denial-of-service
 Login authentication attacks
failures  Port scans or sweeps
 Additions of new user  Malicious content in the
accounts data payload of a packet
 Modification or access or packets
of critical system files  Vulnerability scanning
 Trojans, viruses, or
worms
 Tunneling
 Brute-force attacks
4

5 It is host dependent It is host independent

6 It has low false positive rate It has high false positive
rate
7 It senses local attack. It senses network attack
8 It slow down the host that It slow down the network
have IDS client installed that have IDS client
installed
d) Define access control and explain authentication mechanism for 4M
access control.
Ans. Access Control – 2M for
Access is the ability of a subject to interest with an object. Access
Authentication deals with verifying the identity of a subject. It is control
ability to specify, control and limit the access to the host system or
application, which prevents unauthorized use to modify data or

Page 11 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

resources. Access control is to specify, control and limit the access to 2M for
the host system or application, which prevents unauthorized use to authenticati
access or modify data or resources. on
Authentication -
Authentication helps to establish proof of identities. The
Authentication process ensures that the origin of a message is correctly
identified. For example, suppose that user C sends a message over the
internet to user B. however, the trouble is that user C had posed as user
A when he sent a message to user B. how would user B know that the
message has come from user C, who posing as user A? This concept is
shown in fig. below. This type of attack is called as fabrication
Authentication is the process of determining identity of a user or other
entity. It is performed during log on process where user has to submit

His / her username and password.

There are three methods used in it.
1. Something you know - User knows user id and password.
2. Something you have - Valid user has lock and key.
3. Something about you - User‟s unique identity like fingerprints,
DNA etc.

4. Attempt any THREE of the following: 12

a) Enlist substitution techniques & explain any one. 4M
Ans. Substitution Techniques:- In substitution technique letters of plain text 1M for list,
are replaced by the other letters or by numbers or by symbols. 2M for
Substitution techniques are as follows:- explanation
a) Caesar cipher 1M for
b) Modified version of Caesar cipher example
c) Mono-alphabetic cipher
d) Vigener„s cipher

Page 12 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Caesar cipher:
It is proposed by Julius Caesar. In cryptography Caesar cipher also
known as Caesar cipher/code, shift cipher/code. It is one of the
simplest and most widely known encryption techniques. It is a type of
substitution technique in which each letter in the plain text is replaced
by a letter some fixed number of position
down the alphabet. For example, with a shift of 3, A would be replaced
by D, B would became E, and so on as shown in the table below.

Using this scheme, the plain text “SECRET” encrypts as Cipher text
“VHFUHW”. To allow someone to read the cipher text, you tell them
that the key is 3
For S:= (p+k)mod26
= (18 + 3) mod 26
= 21
=V
To allow someone to read the cipher text, you tell them that the key is3
Algorithm to break Caesar cipher:
1. Read each alphabet in the cipher text message, and search for it in
the second row of the table above.
2. When a match in found, replace that alphabet in the cipher text
message with the corresponding alphabet in the same column but the
first row of the table. (For example, if the alphabet cipher text is J,
replace it with G).
3. Repeat the process for all alphabets in the cipher text message.
b) Explain DMZ 4M
Ans. DMZ (Demilitarized Zone):- 1M for
 It is a computer host or small network inserted as a “neutral diagram
zone” in a company‟s private network and the outside public network. 2M for
It avoids outside users from getting direct access to a company‟s data explanation
server. A DMZ is an optional but more secure approach to a firewall. It 1M for

Page 13 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

can effectively acts as a proxy server. example

 The typical DMZ configuration has a separate computer or host
in network which receives requests from users within the private
network to access a web sites or public network. Then DMZ host
initiates sessions for such requests on the public network but it is not
able to initiate a session back into the private network. It can only
forward packets which have been requested by a host.

Advantage: The main benefit of a DMZ is to provide an internal

network with an additional security layer by restricting access to
sensitive data and servers. A DMZ enables website visitors to obtain
certain services while providing a buffer between them and the
organization's private network.

c) Differentiate between firewall & IDS 4M

Ans. S. N Firewall IDS 1M for
1 Firewall is hardware or An intrusion detection system each
software that stands (IDS) is a device or software correct
between a local network application that monitors a point
and the Internet and filters traffic for malicious activity or Any four
traffic that might be policy violations and sends points
harmful based on alert on detection.
predetermined rules.
2 Firewall does not inspect IDS inspects overall network
content of permitted traffic
traffic

Page 14 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

3 A firewall can block an An IDS can only report an

unauthorized access to intrusion .It cannot block it.
network
4 Firewalls Block traffic IDS gives Alerts/alarms on
based on rules the detection of anomaly
5 It filters traffic based on It detects real time traffic and
IP address and port looks for traffic patterns or
numbers signatures of attack and them
generates alerts
d) Explain Email security in SMTP. 4M
Ans. Email Security Email is emerging as one of the most valuable services 1M for
on the internet today. Most of the internet systems use SMTP as a diagram
method to transfer mail from one user to another. SMTP is a push 3M for
protocol and is used to send the mail whereas POP (post office explanation
protocol) or IMAP (internet message access protocol) are used to
retrieve those mails at the receiver„s side.
1. SMTP (simple mail transfer protocol)
2. PEM (Privacy Enhance Mail)
3. PGP (Pretty Good Privacy)
SMTP (Simple Mail Transfer Protocol)
Simple Mail Transfer Protocol, a protocol for sending email messages
between servers. Most e-mail systems that send mail over the Internet
use SMTP to send messages from one server to another; the messages
can then be retrieved with an e-mail client using either POP or IMAP.
In addition, SMTP is generally used to send messages from a mail
client to a mail server. This is why you need to specify both the POP or
IMAP server and the SMTP server when you configure your e-mail
application. SMTP usually is implemented to operate over Internet port
25. An alternative to SMTP that is widely used in Europe is X.400.
Many mail servers now support Extended Simple Mail Transfer
Protocol (ESMTP), which allows multimedia files to be delivered as e-
mail.

Page 15 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

The basic phases of an email communication consists of the following

steps :-
1. At sender„s end an SMTP server takes the message sent by uses
computer
2. The SMTP server at the sender„s end then transfer the message to
the SMTP server of the receiver.
3. The receiver„s computer then pulls the email message from the
SMTP server at the receiver„s end, using the other mail protocol such
as Post Office Protocol (POP) or IMAP (Internet mail access protocol )

e) Explain digital signature in Cryptography. 4M

Ans. Digital Signature: 1Mfor
1. Digital signature is a strong method of authentication in an diagram
electronic form. 3M for
2. It includes message authentication code (MAC), hash value of a explanation
message and digital pen pad devices. It also includes cryptographically
based signature protocols.
3. Digital Signature is used for authentication of the message and the
sender to verify the integrity of the message.
4. Digital Signature may be in the form of text, symbol, image or
audio.
5. In today‟s world of electronic transaction, digital signature plays a
major role in authentication. For example, one can fill his income tax
return online using his digital signature, which avoids the use of paper
and makes the process faster.
6. Asymmetric key encryption techniques and public key infrastructure
are used in digital signature.
7. Digital signature algorithms are divided into two parts-
a. Signing part: It allows the sender to create his digital signature.
b. Verification part: It is used by the receiver for verifying the
signature after receiving the message.
Generation and Verification of digital signatures:
Working:
1. Message digest is used to generate the signature. The message digest
(MD) is calculated from the plaintext or message.
2. The message digest is encrypted using user‟s private key.
3. Then, the sender sends this encrypted message digest with the
plaintext or message to the receiver.

Page 16 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

4. The receiver calculates the message digest from the plain text or
message he received.
5. Receiver decrypts the encrypted message digest using the sender‟s
public key. If both the MDs are not same then the plaintext or message
is modified after signing.

Advantages of Digital Signatures

 Speed: Businesses no longer have to wait for paper documents to
be sent by courier. Contracts are easily written, completed, and
signed by all concerned parties in a little amount of time no matter
how far the parties are geographically.
 Costs: Using postal or courier services for paper documents is
much more expensive compared to using digital signatures on
electronic documents.
 Security: The use of digital signatures and electronic documents
reduces risks of documents being intercepted, read, destroyed, or
altered while in transit.
 Authenticity: An electronic document signed with a digital
signature can stand up in court just as well as any other signed
paper document.
 Non-Repudiation: Signing an electronic document digitally
identifies you as the signatory and that cannot be later denied.
 Time-Stamp: By time-stamping your digital signatures, you will
clearly know when the document was signed

Page 17 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

5. a) Attempt any TWO of the following 12

Define Information. Explain the basic principle of information 6M
Ans. security.
Information is organized or classified data, which has some
meaningful values for the receiver. Information is the processed data
on which knowledge, decisions and actions are based.
For the decision to be meaningful, the processed data must qualify for 2M for
the following characteristics definition
 Timely − Information should be available when required. 1M for
 Accuracy − Information should be accurate. diagram
 Completeness − Information should be complete. 3M for
principles
Basic Principles of information security explanation

Fig CIA Triad of information security

1. Confidentiality: The goal of confidentiality is to ensure that only
those individuals who have the authority can view a piece of
information, the principle of confidentiality specifies that only
sender and intended recipients should be able to access the contents
of a message. Confidentiality gets compromised if an unauthorized
person is able to access the contents of a message.
2. Authentication helps to establish proof of identities. Authentication
process ensures that the origin of a message is correctly identified.
Authentication deals with the desire to ensure that an individual is
who they claim to be.
3. Integrity: Integrity is a related concept but deals with the generation
and modification of data. Only authorized individuals should ever be
able to create or change (or delete) information. When the contents
of the message are changed after the sender sends it, but before it
reaches the intended recipient, we say that the integrity of the
message is lost.

Page 18 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

b) Define & explain. 6M

i) Circuit Gateway
ii) Honey Pots
iii) Application Gateway
Ans. i) Circuit level gateway does not permit an end-to-end TCP 2M for
connection; rather, the gateway sets up two TCP connections, one each
between itself and a TCP user on an inner host and one between itself definition
and a TCP user on an outer host. Once the two connections are and
established, the gateway typically relays TCP segments from one explanation
connection to the other without examining the contents. The security
function consists of determining which connections will be allowed. A
typical use of Circuit level gateways is a situation in which the system
administrator trusts the internal users. The gateway can be configured
to support application level or proxy service on inbound connections
and circuit level functions for outbound connections.

ii) Honey Pots

A relatively recent innovation in intrusion detection technology is the

honey pot. Honey pots are decoy systems that are designed to lure a
potential attacker away from critical systems. Honey pots are designed
to:
 divert an attacker from accessing critical systems
 collect information about the attacker's activity
It encourages the attacker to stay on the system long enough for
administrators to respond. These systems are filled with fabricated
information designed to appear valuable but that a legitimate user of
the system wouldn‟t access. Thus, any access to the honey pot is
suspect.

Page 19 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

iii) Application Gateway

An Application level gateway, also called a proxy server, acts as a

relay of application level traffic. The user contacts the gateway using a
TCP/IP application, such as Telnet or FTP, and the gateway asks the
user for the name of the remote host to be accessed. When the user
responds and provides a valid user ID and authentication information,
the gateway contacts the application on the remote host and relays TCP
segments containing the application data between the two endpoints.
Application level gateways tend to be more secure than packet filters.
It is easy to log and audit all incoming traffic at the application level. A
prime disadvantage is the additional processing overhead on each
connection.

c) Explain the working of Kerberos 6M

Ans Kerberos is a network authentication protocol. It is designed to provide 6M for
strong authentication for client/server applications by using secret-key relevant
cryptography. steps

Page 20 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

The entire process takes a total of eight steps, as shown below.

1. The authentication service, or AS, receivers the request by the client
and verifies that the Client is indeed the computer it claims to be. This
is usually just a simple database lookup of the user‟s ID.

2. Upon verification, a timestamp is crated. This puts the current time

in a user session, along with an expiration date. The default expiration
date of a timestamp is 8 hours. The encryption key is then created. The
timestamp ensures that when 8 hours is up, the encryption key is
useless. (This is used to make sure a hacker doesn‟t intercept the data,
and try to crack the key. Almost all keys are able to be cracked, but it
will take a lot longer than 8 hours to do so).

3. The key is sent back to the client in the form of a ticket-granting

ticket, or TGT. This is a simple ticket that is issued by the
authentication service. It is used for authentication the client for future
reference.

4. The client submits the ticket-granting ticket to the ticket-granting

server, or TGS, to get authenticated.

Page 21 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

5. The TGS creates an encrypted key with a timestamp, and grants the
client a service ticket.

6. The client decrypts the ticket, tells the TGS it has done so, and then
sends its own encrypted key to the service server.

7. The service server decrypts the key, and makes sure the timestamp is
still valid. If it is, the
service contacts the key distribution center to receive a session that is
returned to the client.
8. The client decrypts the ticket. If the keys are still valid,
communication is initiated between client and server.

Page 22 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

6. Attempt any TWO of the following: 12

a) Explain DOS with neat diagram. 6M
Ans. Denial Of Service Attack: Denial of service (DOS) attack scan exploits 2M for
a known vulnerability in a specific application or operating system, or diagram
they may attack features (or weaknesses) in specific protocols or 4M for
services. In this form of attack, the attacker is attempting to deny explanation
authorized users access either to specific information or to the
computer system or network itself. The purpose of such an attack can
be simply to prevent access to the target system, or the attack can be
used in conjunction with other actions in order to gain unauthorized
access to a computer or network. SYN flooding is an example of a
DOS attack that takes advantage of the way TCP/IP networks were
designed to function, and it can be used to illustrate the basic principles
of any DOS attack. SYN flooding utilizes the TCP three-way
handshake that is used to establish a connection between two systems.
In a SYN flooding attack, the attacker sends fake communication
requests to the targeted system. Each of these requests will be
answered by the target system, which then waits for the third part of
the handshake. Since the requests are fake the target will wait for
responses that will never come, as shown in Figure.

The target system will drop these connections after a specific time-out
period, but if the attacker sends requests faster than the time-out period
eliminates them, the system will quickly be filled with requests. The
number of connections a system can support is finite, so when more
requests come in than can be processed, the system will soon be
reserving all its connections for fake requests. At this point, any further
requests are simply dropped (ignored), and legitimate users who want
to connect to the target system will not be able to. Use of the system
has thus been denied to them.

Page 23 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

b) Explain Public Key Infrastructure with example. 6M

Ans. A public key infrastructure (PKI) is a set of roles, policies, 3M
hardware, software and procedures needed to create, manage, Explanatio
distribute, use, store and revoke digital certificates and manage public- n
key encryption. The purpose of a PKI is to facilitate the secure 1M
electronic transfer of information for a range of network activities such diagram
as e-commerce, internet banking and confidential email. 2M for
PKI is the governing body behind issuing digital certificates. It helps to example
protect confidential data and gives unique identities to users and
systems. Thus, it ensures security in communications.
The public key infrastructure uses a pair of keys: the public key and the
private key to achieve security. The public keys are prone to attacks
and thus an intact infrastructure is needed to maintain them.
PKI identifies a public key along with its purpose. It usually consists of
the following components:

 A digital certificate also called a public key certificate

 Private Key tokens
 Registration authority
 Certification authority
 CMS or Certification management system

Working on a PKI:
PKI and Encryption: The root of PKI involves the use of
cryptography and encryption techniques. Both symmetric and
asymmetric encryption uses a public key. There is always a risk of
MITM (Man in the middle). This issue is resolved by a PKI using
digital certificates. It gives identities to keys in order to make the
verification of owners easy and accurate.
Public Key Certificate or Digital Certificate: Digital certificates are
issued to people and electronic systems to uniquely identify them in the
digital world.
 The Certification Authority (CA) stores the public key of a user
along with other information about the client in the digital
certificate. The information is signed and a digital signature is also
included in the certificate.
 The affirmation for the public key then thus be retrieved by
validating the signature using the public key of the Certification
Authority.

Page 24 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Certifying Authorities: A CA issues and verifies certificates. This

authority makes sure that the information in a certificate is real and
correct and it also digitally signs the certificate. A CA or Certifying
Authority performs these basic roles:

 Generates the key pairs – This key pair generated by the CA can be
either independent or in collaboration with the client.
 Issuing of the digital certificates – When the client successfully
provides the right details about his identity, the CA issues a
certificate to the client. Then CA further signs this certificate
digitally so that no changes can be made to the information.
 Publishing of certificates – The CA publishes the certificates so
that the users can find them. They can do this by either publishing
them in an electronic telephone directory or by sending them out to
other people.
 Verification of certificate – CA gives a public key that helps in
verifying if the access attempt is authorized or not.
 Revocation – In case of suspicious behavior of a client or loss of
trust in them, the CA has the power to revoke the digital
certificate.

The most popular usage example of PKI (Public Key Infrastructure) is

the HTTPS (Hypertext Transfer Protocol Secure) protocol. HTTPS is a
combination of the HTTP (Hypertext Transfer Protocol) and SSL/TLS
(Secure Sockets Layer/Transport Layer Security) protocols to provide
encrypted communication and secure identification of a Web server.

In HTTPS, the Web server's PKI certificate is used by the browser for
two purposes:

Page 25 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

 Validate the identity of the Web server by verify the CA's digital
signature in the certificate.
 Encrypt a secret key to be securely delivered to the Web server. The
secret key will be used to encrypt actual data to be exchanged between
the browser and the Web server.

Other examples of PKI (Public Key Infrastructure) are:

 Digital signature - The sender of a digital message uses his/her private

key to generate a digital signature attached to the message. The
receiver uses the sender's certificate to verify the digital signature to
ensure the message was sent by the claimed sender.
 Encryption of documents - The sender of a digital message uses the
receiver's certificate to encrypt the message to protect the
confidentiality of the message. Only the receiver who can use his/her
private key decrypt the message.
 Digital identification - User's certificate is stored in a smart card to be
used to verify card holder's identities.
 (CONSIDER ANY ONE EXAMPLE)

c) Explain Policies, configuration & limitations of firewall. 6M

Ans. Policies of firewall:
a) All traffic from inside to outside and vice versa must pass through the 1M for
firewall. To achieve this all access to local network must first be policies
physically blocked and access only via the firewall should be 1M for
permitted. As per local security policy traffic should be permitted. listing
b) The firewall itself must be strong enough so as to render attacks on it configurati
useless. on
2M for
Configuration of firewall configurati
There are 3 common firewall configurations. on, any one
1. Screened host firewall, single-homed bastion configuration can be
2. Screened host firewall, dual homed bastion configuration explained
3. Screened subnet firewall configuration 2M for
limitation,
1. Screened host firewall, single-homed bastion configuration any two
points
In this type of configuration a firewall consists of following parts
i)A packet filtering router
(ii)An application gateway.

Page 26 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

The main purpose of this type is as follows:Packet filter is used to

ensure that incoming data is allowed only if it is destined for
application gateway, by verifying the destination address field of
incoming IP packet. It also performs the same task on outing data by
checking the source address field of outgoing IP packet.
Application gateway is used to perform authentication and proxy
function. Here Internal users are connected to both application gateway
as well as to packet filters therefore if packet filter is successfully
attacked then the whole Internal Network is opened to the attacker

Fig single homed bastion configuration

2. Screened host firewall, dual homed bastion configuration

To overcome the disadvantage of a screened host firewall, single
homed bastion configuration, another configuration is available known
as screened host firewall, Dual homed bastion. n this, direct
connections between internal hosts and packet filter are avoided. As it
provide connection between packet filter and application gateway,
which has separate connection with the internal hosts. Now if the
packet filter is successfully attacked. Only application gateway is
visible to attacker. It will provide security to internal hosts.

Fig dual homed bastion configuration

Page 27 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 lOMoARcPSD|19929488

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

3. Screened subnet firewall configuration

It provides the highest security among all firewall configurations. It is
improved version over all the available scheme of firewall
configuration. It uses two packet filters, one between the internet and
application gateway and another between the application gateway and
the internal network. Thus this configuration achieves 3 levels of
security for an attacker to break into.

Fig Screened subnet firewall configuration

Limitations: (one mark)

1. Firewall do not protect against inside threats.
2. Packet filter firewall does not provide any content based filtering.
3. Protocol tunneling, i.e. sending data from one protocol to another
protocol which negates the purpose of firewall.
4. Encrypted traffic cannot be examine and filter.

Page 28 / 28

Downloaded by Umar Nachan (umarnachan786@gmail.com)

 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
Important Instructions to examiners:
1) The answers should be examined by key words and not as word-to-word as given in the
model answer scheme.
2) The model answer and the answer written by candidate may vary but the examiner may
try to assess the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more
Importance (Not applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in
the figure. The figures drawn by candidate and model answer may vary. The examiner
may give credit for anyequivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed
constant values may vary and there may be some difference in the candidate’s answers
and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of
relevant answer based on candidate’s understanding.
7) For programming language papers, credit may be given to any other program based on
equivalent concept.
8) As per the policy decision of Maharashtra State Government, teaching in English/Marathi
and Bilingual (English + Marathi) medium is introduced at first year of AICTE diploma
Programme from academic year 2021-2022. Hence if the students in first year (first and
second semesters) write answers in Marathi or bilingual language (English +Marathi), the
Examiner shall consider the same and assess the answer based on matching of concepts
with model answer.

Q. Sub Answer Marking

No Q.N. Scheme
1. Attempt any FIVE of the following: 10
a) Define computer security and state it’s need 2M
Ans. Definition
Computer Security refers to techniques for ensuring that data stored 1M
in a computer cannot be read or compromised by any individuals
without authorization.

Need of computer Security:

1. For prevention of data theft such as bank account numbers, credit Any one
need 1M
card information, passwords, work related documents or sheets, etc.
2. To make data remain safe and confidential.
3. To provide confidentiality which ensures that only those
individuals should ever be able to view data they are not entitled to.

Page 1 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

4. To provide integrity which ensures that only authorized individuals

should ever be able change or modify information.
5. To provide availability which ensure that the data or system itself
is available for use when authorized user wants it.
6. To provide authentication which deals with the desire to ensure
that an authorized individual.
OR
The need of computer security has been threefold: confidentiality,
integrity, and authentication—the “CIA” of security.
1. Confidentiality: the principle of confidentiality specifies that
only sender and intended recipients should be able to access the
contents of a message. Confidentiality gets compromised if an
unauthorized person is able to access the contents of a message.
2. Integrity: when the contents of the message are changed after the
sender sends it, but before it reaches the intended recipient, we
say that the integrity of the message is lost.
3. Authentication: Authentication helps to establish proof of
identities. The Authentication process ensures that the origin of a
message is correctly identified.

b) Explain shoulder surfing attack. 2M

Ans. Shoulder surfing a similar procedure in which attackers position
themselves in such a way as to- be-able to observe the authorized user Relevant
explanation
entering the correct access code. 2M
Shoulder surfing is an effective way to get information in crowded
places because it's relatively easy to stand next to someone and watch
as they fill out a form, enter a PIN number at an ATM machine, or
use a calling card at a public pay phone. Shoulder surfing can also be
done long distance with the aid of binoculars or other vision-
enhancing devices.
Shoulder surfing is using direct observation techniques, such as
looking over someone's shoulder, to get information.

Page 2 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

c) Explain the term cryptography. 2M

Ans. Cryptography: Cryptography is the art and science of achieving Correct
explanation
security by encoding messages to make them non-readable. 1M

Diagram
1M

d) State the meaning of hacking. 2M

Ans. Hacking in simple terms means an illegal intrusion into a computer Correct
system and/or network. Government websites are the hot target of the explanation
2M
hackers due to the press coverage, it receives. Hackers enjoy the
media coverage.
OR
Hacking is the act of identifying and then exploiting weaknesses in a
computer system or network, usually to gain unauthorized access to
personal or organizational data. Hacking is not always a malicious
activity, but the term has mostly negative connotations due to its
association with cybercrime.
e) Describe sniffing attack. 2M
Ans. This is software or hardware that is used to observe traffic as it passes Correct
explanation
through a network on shared broadcast media. It can be used to view 2M
all traffic or target specific protocol, service, or string of characters
like logins. Some network sniffers are not just designed to observe
the all traffic but also modify the traffic. Network administrators use
sniffers for monitoring traffic. They can also use for network
bandwidth analysis and to troubleshoot certain problems such as
duplicate MAC addresses.
f) Explain need for firewall. 2M
Ans.  A firewall is a network security device that monitors incoming Any two
needs 2M
and outgoing network traffic and permits or blocks data packets
based on a set of security rules.
 Its purpose is to establish a barrier between your internal network
and incoming traffic from external sources (such as the internet)
in order to block malicious traffic like viruses and hackers.
 Firewalls can be an effective means of protecting a local system
or network of systems from network-based security threats while
at the same time affording access to the outside world via wide
area networks and the Internet.

Page 3 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

g) Explain use of PCI DSS 2M

Ans. The Payment Card Industry Data Security Standard (PCI DSS) is a Correct
set of security standards designed to ensure that all companies that explanation
2M
accept process, store or transmit credit card information maintain a
secure environment.PCI DSS is the global data security standard that
any business of any size must adhere to in order to accept payment
cards, and to store, process, and/or transmit cardholder data. It
presents common sense steps that mirror best security practices.
2. Attempt any THREE of the following: 12
a) Define Risk. Describe qualitative and quantitative risk analysis. 4M
Ans. Risk: A computer security risk is any event or action that could cause Definition
1M
a loss or damage to computer hardware, software, data, or
information OR Risk is probability of threats that may occur because Explanation
of presence of vulnerability in a system. of
qualitative
Quantitative Risk Analysis: A Process of assigning a numeric value and
quantitative
to the probability of loss based on known risks, on financial values of risk analysis
the assets and on probability of threats. It is used to determine 3M
potential direct and indirect costs to the company based on values
assigned to company assets and their exposure to risk. Assets can be
rated as the cost of replacing an asset, the cost of lost productivity, or
the cost of diminished brand reputation. In this 100% quantitative risk
analysis is not possible.

Qualitative Risk Analysis: A collaborative process of assigning

relative values to assets, assessing their risk exposure and estimating
the cost of controlling the risk. It utilizes relative measures and
approximate costs rather than precise valuation and cost
determination. Assets can be rated based on criticality - very
important, important, not-important etc. Vulnerabilities can be rated
based on how it is fixed - fixed soon, should be fixed, fix if suitable
etc. Threats can be rated based on scale of likely - likely, unlikely,
very likely etc. In this 100% qualitative risk analysis is feasible.
b) Explain working of biometric access control with any type of 4M
example. Diagram
Ans. Biometric refers study of methods for uniquely recognizing humans 1M
based upon one or more intrinsic physical or behavioral Explanation
characteristics. Biometric identification is used on the basis of some 3M
unique physical attribute of the user that positively identifies the user.

Page 4 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
Example: finger print recognition, retina and face scan technique,
voice synthesis and recognition and so on. Different types of
Biometrics
1. Finger print recognition
2. Hand print recognition
3. Retina/iris scan technique
4. Face recognition
5. Voice patterns recognition
6. Signature and writing patterns recognition
7. Keystroke dynamics

Fig. block diagram of biometric system

Finger print recognition
Above figure shows the block diagram of biometric system.
Fingerprint registration & verification process
1. During registration, first time an individual uses a biometric
system is called an enrollment.
2. During the enrollment, biometric information from an individual is
stored.
3. In the verification process, biometric information is detected and
compared with the information stored at the time of enrolment.
4. The first block (sensor) is the interface between the real world and
the system; it has to acquire all the necessary data.
5. The 2nd block performs all the necessary pre-processing
6. The third block extracts necessary features. This step is an
important step as the correct features need to be extracted in the
optimal way.
7. If enrollment is being performed the template is simply stored
somewhere (on a card or within a database or both).
8. If a matching phase is being performed the obtained template is

Page 5 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
passed to a matcher that compares it with other existing templates,
estimating the distance between them using any algorithm.
9. The matching program will analyze the template with the input.
This will then be output for any specified use or purpose.

Limitations:-
1) Using the fingerprint scanner does not take into consideration
when a person physically changes
2) The cost of computer hardware and software programs can be
expensive
3) Using the fingerprint scanner can lead to false rejections and false
acceptance.
4) It can make mistakes with the dryness or dirty of the finger„s skin,
as well as with the age (is not appropriate with children, because the
size of their fingerprint changes quickly.
c) Explain Caesar’s cipher substitute technique with suitable 4M
example.
Ans. Caesar cipher technique is proposed by Julius Caesar. It is one of the Explanation
simplest and most widely known encryption techniques. It is a type of 2M
substitution technique in which each letter in the plain text is replaced Example
by a letter some fixed number of position down the alphabet. The 2M
Caesar cipher involves replacing each letter of the alphabet with the
letter three places further down the alphabet. For example, with a
shift of 3, A would be replaced by D, B would became E, and so on
as shown in the table below

Example
PLAIN TEXT - COMPUTER ENGINEERING
Convert each alphabet in the plain text, using the table, the cipher text
can be written as
CIPHER TEXT – FRPSXWHU HQJLQHHULQJ
Algorithm to break Caesar cipher:

Page 6 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
1. Read each alphabet in the cipher text message, and search for it in
the second row of the table above.
2. When a match in found, replace that alphabet in the cipher text
message with the corresponding alphabet in the same column but the
first row of the table. (For example, if the alphabet cipher text is J,
replace it with G).
3. Repeat the process for all alphabets in the cipher text message.
d) Describe DES algorithm with suitable example. 4M
Ans. Data Encryption Standard is symmetric block cipher which takes
input of 64-bit plain text along with 64-bit key and process it, to Diagram
1M
generate the 64-bit cipher text.
The diagram below illustrates the working of DES. Explanation
in short 3M

DES Encryption:-
Step 1: In the first step the 64-bit plain text undergoes initial
permutation which rearranges the bits to produce two 32-bit permuted
block which is called left plain text (LPT 32-bit) and right plain text
(RPT 32-bit).
Step 2: Now, 16 rounds of DES encryption will be performed on this
LPT and RPT with a 56-bit key.
Step 3: After the 16th round the 32-bit LPT and 32-bit RPT are
integrated which forms a 64-bit block again and then the final
permutation is applied to this 64-bit block, to obtain the 64-bit cipher
text.
Rounds in Data Encryption Standard
Each round of DES performs the same function. So, below are the
steps of the function performed in each round of DES algorithm:

Page 7 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

1. Key Transformation: -In DES initial key size is 64-bit which is

reduced to the 56-bit key. This is done by discarding every 8th bit
from the 64-bit key. So, for each round of DES, this 56-bit key is
used. In the key transformation step, this 56-bit is transformed to the
48-bit key.

2. Expansion Permutation: -In the first step of encryption, during

the initial permutation of DES, the 64-bit plain text is permuted and
we have 32-bit LPT and 32-bit RPT. Now, the expansion permutation
is performed on the 32-bit RPT which transforms it from 32-bit to 48-
bit. The 32-bit LPT is untouched during the process.

3. S-box Substitution:-The input to S-box is 48-bit resultant block of

expansion permutation. In S-box substitution, the input 48-bit block
is transformed to 32-bit block

4. P-box Permutation:- The 32-bit output obtained from s-box

substitution is provided as an input to P-box. Here, the 32-bit input is
simply permuted and send to the next step.

5. XOR and Swap:-In this step, the 32-bit LPT of the initial 64-bit
plain text is XOR with the output of P-box permutation. The result of
the XOR is the new RPT for next round and the old RPT is swapped
with LPT.
DES Decryption:-
The same Data Encryption Standard algorithm used for encrypting
the plain text is also used to decrypting the cipher text. But the
algorithm is reversed, such as the initial and final permutation events
are reversed. Even the sequence of the sub keys applied in 16 rounds
of DES is also reversed.
3. Attempt any THREE of the following: 12
a) Explain the term Authorization and Authentication with respect 4M
to security. Explanation
Ans. Authorization: It is a process of verifying that the known person has of each term
2M
the authority to perform certain operation. It cannot occur without
authentication. It is nothing but granting permissions and rights to
individual so that he can use these rights to access computer resources
or information.

Page 8 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
Authentication. Authentication is the process of determining identity
of a user or other entity. It is performed during log on process where
user has to submit his/her username and password. There are three
methods used in it. 1. Something you know User knows user id and
password. 2. Something you have Valid user has lock and key. 3.
Something about you User‟s unique identity like fingerprints, DNA
etc.
b) Write an algorithm for simple columnar transposition technique 4M
and explain with example.
Ans. Simple columnar transposition technique: Algorithm
1M
Algorithm:
1. The message is written out in rows of a fixed length. Any
2. Read out again column by column according to given order or in relevant
example 3M
random order.
3. According to order write cipher text.
Example
The key for the columnar transposition cipher is a keyword e.g.,
ORANGE. The row length that is used is the same as the length of
the keyword.
To encrypt a below plaintext: COMPUTER PROGRAMMING

In the above example, the plaintext has been padded so that it neatly
fits in a rectangle. This is known as a regular columnar transposition.
An irregular columnar transposition leaves these characters blank,
though this makes decryption slightly more difficult. The columns are
now reordered such that the letters in the key word are ordered
alphabetically.

Page 9 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

The Encrypted text or Cipher text is:

MPMETGNMUOIXPRXCERGORAL
c) Describe DMZ with suitable example. 4M
Ans. DMZ (Demilitarized Zone): It is a computer host or small network Description
2M
inserted as a “neutral zone” in a company‟s private network and the
outside public network. It avoids outside users from getting direct Diagram
access to a company‟s data server. A DMZ is an optional but more 1M
secure approach to a firewall. It can effectively acts as a proxy server. Any one
The typical DMZ configuration has a separate computer or host in Example
network which receives requests from users within the private 1M

network to access a web sites or public network. Then DMZ host

initiates sessions for such requests on the public network but it is not
able to initiate a session back into the private network. It can only
forward packets which have been requested by a host. The public
network‟s users who are outside the company can access only the
DMZ host. It can store the company‟s web pages which can be served
to the outside users. Hence, the DMZ can‟t give access to the other
company‟s data. By any way, if an outsider penetrates the DMZ‟s
security the web pages may get corrupted but other company‟s
information can be safe.

Page 10 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

Examples:
1) Web servers
It‟s possible for web servers communicating with internal database
servers to be deployed in a DMZ. This makes internal databases more
secure, as these are the repositories responsible for storing sensitive
information. Web servers can connect with the internal database
server directly or through application firewalls, even though the DMZ
continues to provide protection.

2) DNS servers
A DNS server stores a database of public IP addresses and their
associated hostnames. It usually resolves or converts those names to
IP addresses when applicable. DNS servers use specialized software
and communicate with one another using dedicated protocols. Placing
a DNS server within the DMZ prevents external DNS requests from
gaining access to the internal network. Installing a second DNS
server on the internal network can also serve as additional security.

3)Proxy servers
A proxy server is often paired with a firewall. Other computers use it
to view Web pages. When another computer requests a Web page, the
proxy server retrieves it and delivers it to the appropriate requesting

Page 11 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

machine. Proxy servers establish connections on behalf of clients,

shielding them from direct communication with a server. They also
isolate internal networks from external networks and save bandwidth
by caching web content.

d) Write short note on DAC and MAC 4M

Ans. Discretionary Access control (DAC): Explanation
of each term
Restricting access to objects based on the identity of subjects and or 2M
groups to which they belong to, it is conditional, basically used by
military to control access on system. UNIX based System is common
method to permit user for read/write and execute

Mandatory Access control (MAC):

It is used in environments where different levels of security are
classified. It is much more restrictive. It is sensitivity-based
restriction, formal authorization subject to sensitivity. In MAC the
owner or User cannot determine whether access is granted to or not.
i.e. Operating system rights. Security mechanism controls access to
all objects and individual cannot change that access.
4. Attempt any THREE of the following: 12
a) Write a short note on stegnography. 4M
Ans. Steganography is the art and science of writing hidden message in
such a way that no one, apart from the sender and intended recipient, Explanation
of technique
suspects the existence of the message. 2M
Steganography works by replacing bits of useless or unused data in Any
regular computer files (such as graphics, sound, text, html or even relevant
floppy disks) with bits of different, invisible information. diagram 2M

This hidden information can be plain text, cipher text or even images. OR
In modern steganography, data is first encrypted by the usual means Advantage
and then inserted, using a special algorithm, into redundant data that 1M
is part of a particular file format such as a JPEG image. Disadvantag
e 1M

Page 12 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

Steganography process:
Cover-media + Hidden data + Stego-key = Stego-medium
Cover media is the file in which we will hide the hidden data, which
may also be encrypted using stego-key. The resultant file is stego-
medium. Cover-media can be image or audio file.
Advantages:
1. With the help of steganography we can hide secret message within
graphics image.
2. In modern Steganography, data is encrypted first and then inserted
using special algorithm so that no one suspects its existence.
Drawbacks:
1. It requires lot of overhead to hide a relatively few bits of
information.
2. Once the system is discovered, it becomes virtually worthless.
b) Explain honey pots. 4M
Ans. Honeypots are designed to purposely engage and deceive hackers and
identify malicious activities performed over the Internet. The Explanation
2M
honeypots are designed to do the following:
Any
1. Divert the attention of potential attacker. relevant
diagram 2M
2. Collect information about the intruder‟s action.
3. Provide encouragement to the attacker so as to stay for some time,
allowing the administrations to detect this and swiftly act on this.

Page 13 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

Honeypots are designed for 2 important goals

1. Make them look-like full real-life systems.
2. Do not allow legitimate users to know about or access them.

c) Explain Host based IDS. 4M

Ans. (Host Intrusion Detection System (HIDS) Explanation
Host intrusion detection systems (HIDS) run on independent hosts or 2M
Relevant
devices on the network. A HIDS monitors the incoming and outgoing diagram 2M
packets from the device only and will alert the administrator if
suspicious or malicious activity is detected. It takes a snapshot of
existing system files and compares it with the previous snapshot. If
the analytical system files were edited or deleted, an alert is sent to
the administrator to investigate. Anexample of HIDS usage can be
seen on mission critical machines, which are not expected to change
their layout.

Basic Components HIDS:

 Traffic collector:
This component collects activity or events from the IDS to examine.
On Host-based IDS, this can be log files, audit logs, or traffic coming
to or leaving a specific system

Page 14 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

 Analysis Engine:
This component examines the collected network traffic & compares it
to known patterns of suspicious or malicious activity stored in the
signature database. The analysis engine acts like a brain of the IDS.
 Signature database:
It is a collection of patterns & definitions of known suspicious or
malicious activity.
 User Interface & Reporting:
This is the component that interfaces with the human element,
providing alerts & giving the user a means to interact with & operate
the IDS.
d) Describe working principle of SMTP. 4M
Ans. 1. Composition of Mail: A user sends an e-mail by composing an Working
principle
electronic mail message using a Mail User Agent (MUA). Mail User explanation
Agent is a program which is used to send and receive mail. The 2M
message contains two parts: body and header. The body is the main
part of the message while the header includes information such as the Suitable
sender and recipient address. The header also includes descriptive diagram 2M
information such as the subject of the message. In this case, the
message body is like a letter and header is like an envelope that
contains the recipient's address.

2. Submission of Mail: After composing an email, the mail client

then submits the completed e-mail to the SMTP server by using
SMTP on TCP port 25.

3. Delivery of Mail: E-mail addresses contain two parts: username of

the recipient and domain name. For example, vivek@gmail.com,
where "vivek" is the username of the recipient and "gmail.com" is the
domain name.
If the domain name of the recipient's email address is different from
the sender's domain name, then MSA will send the mail to the Mail
Transfer Agent (MTA). To relay the email, the MTA will find the
target domain. It checks the MX record from Domain Name System
to obtain the target domain. The MX record contains the domain
name and IP address of the recipient's domain. Once the record is
located, MTA connects to the exchange server to relay the message.

Page 15 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
4. Receipt and Processing of Mail: Once the incoming message is
received, the exchange server delivers it to the incoming server (Mail
Delivery Agent) which stores the e-mail where it waits for the user to
retrieve it.

5. Access and Retrieval of Mail: The stored email in MDA can be

retrieved by using MUA (Mail User Agent). MUA can be accessed
by using login and password.

e) Explain creation and verification of digital signature. 4M

Ans. Working of digital signature Generation and Verification: Working
2M
1. Key Generation: Digital signature are electronic signatures, which
assures that the message was sent by a particular sender. While Relevant
diagram 2M
performing digital transactions authenticity and integrity should be
assured, otherwise the data can be altered or someone can also act as
if he was the sender and expect a reply.

2. Signature Verification: Verifier receives Digital Signature along

with the data. It then uses Verification algorithm to process on the
digital signature and the public key (verification key) and generates
some value. It also applies the same hash function on the received
data and generates a hash value. Then the hash value and the output
of the verification algorithm are compared. If they both are equal,
then the digital signature is valid else it is invalid.

Page 16 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

5. Attempt any TWO of the following: 12

a) Explain any three criteria for classification of information. 6M
Ans. i) Useful life Any three
criteria 2M
A data is labeled „more useful‟ when the information is available each
ready for making changes as and when required. Data might need to
be changed from time to time, and when the „change‟ access is
available, it is valuable data.
ii) Value of data
This is probably the most essential and standard criteria for
information classification. There is some confidential and valuable
information of every organization, the loss of which could lead to
great losses for the organization while creating organizational issues.
Therefore, this data needs to be duly classified and protected.
iii) Personal association
It is important to classify information or data associated with
particular individuals or addressed by privacy law.
iv) Age
The value of information often declines with time. Therefore, if the
given data or information comes under such a category, the data
classification gets lowered.

Page 17 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

b) List types of firewall and explain any one of them. 6M

Ans. (Note: Firewalls available in market can also be considered)
List four
List of firewall: types 2M
1. Packet filter as a firewall
2. Circuit level gateway firewall Diagram
3. Application level gateway firewall with
4. Proxy server as a firewall explanation
of any one
5. Stateful multilayer Inspection Firewall 4M
.
1. Packet filter as a firewall : As per the diagram given below
Firewall will act according to the table given for example source IP
150.150.0.0 is the IP address of a network , all the packets which are
coming from this network will be blocked by the firewall in this way
it is acting as a firewall. Table also having port 80, IP Address
200.75.10.8 & port 23 firewall will act in the similar fashion. Port 23
is for Telnet remote login in this case firewall won‟t allow to login
onto this server. IP Address 200.75.10.8 is the IP address of
individual Host, all the packet having this IP address as a destination
Address will be denied. Port 80 no HTTP request allowed by firewall

2. Circuit level gateway Firewalls: The circuit level gateway

firewalls work at the session layer of the OSI model. They monitor
TCP handshaking between the packets to determine if a requested
session is legitimate. And the information passed through a circuit
level gateway, to the internet, appears to have come from the circuit
level gateway. So, there is no way for a remote computer or a host to
determine the internal private ip addresses of an organization, for
example. This technique is also called Network Address Translation
where the private IP addresses originating from the different clients
inside the network are all mapped to the public IP address available

Page 18 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

through the internet service provider and then sent to the outside
world (Internet). This way, the packets are tagged with only the
Public IP address (Firewall level) and the internal private IP
addresses are not exposed to potential intruders

3. Application level gateway Firewalls: Application level firewalls

decide whether to drop a packet or send them through based on the
application information (available in the packet). They do this by
setting up various proxies on a single firewall for different
applications. Both the client and the server connect to these proxies
instead of connecting directly to each other. So, any suspicious data
or connections are dropped by these proxies. Application level
firewalls ensure protocol conformance. For example, attacks over http
that violates the protocol policies like sending Non-ASCII data in the
header fields or overly long string along with NonASCII characters in
the host field would be dropped because they have been tampered
with, by the intruders.

Page 19 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

4. Stateful multilayer Inspection Firewall (SMLI)

The stateful multi-layer inspection (SMLI) firewall uses a
sophisticated form of packet-filtering that examines all seven layers
of the Open System Interconnection (OSI) model. Each packet is
examined and compared against known states of friendly packets.
While screening router firewalls only examine the packet header,
SMLI firewalls examine the entire packet including the data. SMLI is
a mechanism that uses a sophisticated form of packet-filtering,
examining all major layers of the OSI model. In other words, this
type of filter examines packets on the network, transmission, and
application levels, comparing them to known trusted packets. SMLI
checks the entire packet and only allows it to pass through each layer
individually. Such firewalls inspect packets to assess the state of
communication in order to ensure that all facilitated communication
only takes place with trusted sources. To be more specific, an SMLI
firewall is not necessarily a single firewall implementation. Rather, it
is a series of firewalls that work in concert to secure traffic at
different levels of the OSI model. It may be a composition of a
stateless packet filter, a stateful firewall, as well as an application-
level proxy. SMLI.

Page 20 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

c) Explain IP sec security with help of diagram. 6M

Ans.
Diagram
2M

Explanation
4M

It encrypts and seal the transport and application layer data during
transmission. It also offers integrity protection for internet layer. It
sits between transport and internet layer of conventional TCP/IP
protocol 1. Secure remote internet access: Using IPsec make a local
call to our internet services provider (ISP) so as to connect to
organization network in a secure fashion from our house or hotel
from there; to access the corporate network facilities or access remote
desktop/servers. 2. Secure branch office connectivity: Rather than
subscribing to an expensive leased line for connecting its branches
across cities, an organization can setup an IPsec enabled network for
security. 3. Setup communication with other organization: Just as
IPsec allow connectivity between various branches of an
organization, it can also be used to connect the network of different
organization together in a secure & inexpensive fashion. Basic
Concept of IPsec Protocol: IP packet consist two position IP header &
actual data IPsec feature are implemented in the form of additional
headers called as extension header to the standard, default IP header.
IPsec offers two main services authentication & confidentially. Each
of these requires its own extension header. Therefore, to support these
two main services, IPsec defines two IP extension header one for
authentication & another for confidentiality.

Page 21 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

It consists of two main protocols

Authentication header (AH): Authentication header is an IP Packet
(AH) protocol provides authentication, integrity &an optional anti-
reply service. The IPsec AH is a header in an IP packet. The AH is
simply inserted between IP header & any subsequent packet contents
no changes are required to data contents of packet. Security resides
completing in content of AH.
Encapsulation Header (ESP): Used to provide confidentiality, data
origin authentication, data integrity. It is based on symmetric key
cryptography technique. ESP can be used in isolation or it can be
combined with AH.

Fig: AP and ESP

6. Attempt any TWO of the following: 12
a) Define virus and describe the phases of virus. 6M
Ans. Definition: Virus is a program which attaches itself to another Definition
2M
program and causes damage to the computer system or the network. It
is loaded onto your computer without your knowledge and runs Phases 4M
against your wishes.
During the lifecycle of virus it goes through the following four
phases:
1. Dormant phase: The virus is idle and activated by some event.
2. Propagation phase: It places an identical copy of itself into other
programs or into certain system areas on the disk.
3. Triggering phase: The virus is activated to perform the function
for which it was intended.
4. Execution phase: The function of virus is performed

Page 22 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

b) Explain Kerberos with help of suitable diagram. 6M

Ans. Kerberos: Kerberos is a network authentication protocol. It is
designed to provide strong authentication for client/server Step by step
applications by using secret-key cryptography. It uses secret key explanation
with
cryptography. It is a solution to network security problems. It suitable
provides tools for authentication and strong cryptography over the diagram 6M
network to help you secure your information system There are 4
parties involved in Kerberos protocol
i) User
ii) Authentication service (AS)
iii) Ticket granting server (TGS)
iv) Service server
Working of Kerberos:
1. The authentication service, or AS, receivers the request by the
client and verifies that the client is indeed the computer it claims to
be. This is usually just a simple database lookup of the user‟s ID.

2. Upon verification, a timestamp is created. This puts the current

time in a user session, along with an expiration date. The default
expiration date of a timestamp is 8 hours. The encryption key is then
created. The timestamp ensures that when 8 hours is up, the
encryption key is useless.
3. The key is sent back to the client in the form of a ticket-granting
ticket, or TGT. This is a simple ticket that is issued by the
authentication service. It is used for authentication the client for
future reference.

Page 23 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

4. The client submits the ticket-granting ticket to the ticket-granting

server, or TGS, to get authenticated.

5. The TGS creates an encrypted key with a timestamp, and grants the
client a service ticket.

6. The client decrypts the ticket, tells the TGS it has done so, and then
sends its own encrypted key to the service.

Page 24 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

7. The service decrypts the key, and makes sure the timestamp is still
valid. If it is, the service contacts the key distribution center to
receive a session that is returned to the client.

8. The client decrypts the ticket. If the keys are still valid,
communication is initiated between client and server.
c) Write a brief note on firewall configuration 6M
Ans. A firewall is combination of packet filter and application level Diagram
2M
getway , Base on these there are three types of configurations
Explanation
4M

1. Screened Host firewall, Single-Homed Bastion

a) Here , the firewall configuration consist of two parts a packet
filter router and application level gateway
b) A packet filter router will insure that the income traffic will
allowded only if it is intended for the application gatway, by
examining the dstination address field of each incomming IP
Packet

Page 25 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
c) It will also insure that outgoing traffic is allowded only if it is
originated from appliocation level gateway, by examining the
source address field of every outgoing IP packet.
d) An application level gateway perfors authentication as well as
proxy function

Fig: Single Homed Bastion

Advantages: It improve security of network by performing checks at
both levels- thet is packet and application level.
It provide flexibility fexibility to the network administrator to define
more secure policies.
Disadvantages : Internal users are connected to the application
gateway as well as packet filter router , So if any how packet filter is
attacked , then the whole internal network is exposed to the attacker.
1. Screened Host Firewall , Dule Homed Bastion: In this type of
Configuration the direct connection between internal host and packet
filter are avoided.
Here the packet filter connection only to the application gateway,
which is turned as separate connection with the internal host.
Hence, Packet filter is successfully attacked, and then only
application gateway is visible to the attacker.

Fig: Dule Homed Bastion

Page 26 / 27
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

3 Screened Subnet Firewall

This type of configuration offer highest security among the possible
configurations
In this type two packet filters are used , one between internet and
application gateway and other in between application gateway and
internal network
This configuration achieve 3 level of security of an attacker to break
into

Fig: Screened Subnet Firewall

Page 27 / 27
 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

Important Instructions to examiners:

1) The answers should be examined by key words and not as word-to-word as given in the
model answer scheme.
2) The model answer and the answer written by candidate may vary but the examiner may
try to assess the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more
Importance (Not applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in
the figure. The figures drawn by candidate and model answer may vary. The examiner
may give credit for anyequivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed
constant values may vary and there may be some difference in the candidate’s answers
and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of
relevant answer based on candidate’s understanding.
7) For programming language papers, credit may be given to any other program based on
equivalent concept.
8) As per the policy decision of Maharashtra State Government, teaching in English/Marathi
and Bilingual (English + Marathi) medium is introduced at first year of AICTE diploma
Programme from academic year 2021-2022. Hence if the students in first year (first and
second semesters) write answers in Marathi or bilingual language (English +Marathi), the
Examiner shall consider the same and assess the answer based on matching of concepts
with model answer.
Q. Sub Answer Marking
No Q.N. Scheme
1. Attempt any FIVE of the following 10M
a) Compare virus and logic bomb (any two points) 2M
Ans. virus Logic bomb Any two
Virus is a program which A logic bomb is a set of points 1M
each
attaches itself to another instructions in a program
program and causes damage carrying a malicious payload
to the computer system or the that can attack an operating
network. It is loaded onto system, program, or network.
your computer without your It only goes off after certain
knowledge and runs against conditions are met. A simple
your wishes example of these conditions
is a specific date or time.
Characteristic of a virus is, Characteristic of a logic
How it spread. bomb is, how it's triggered.

Page 1 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

b) Identify any four user responsibility in computer security. 2M

Ans. i) Do not share passwords, OTP etc to anyone. Any four
ii) Do not leave sensitive information unprotected. points
1/2M each
iii) Secure storage media which contains sensitive information.
iv) Shredding paper containing organizational information before
discarding it.

c) Define following terms 2M

(i) Cryptography
(ii) Cryptology. Definition
Ans. Cryptography: Cryptography is the art and science of achieving of
Each term
security by encoding messages to make them non-readable. 1M

Cryptology: It is the art and science of transforming the intelligent

data into unintelligent data and unintelligent data back to intelligent
data.
Cryptology = Cryptography + Cryptanalysis

d) Construct digital signature using cryptool. 2M

Ans. Step 1: Open Cryptool application. Correct
Step 2: Open the file and enter message to create digital signature. steps 2M

Step 3: Select menu Digital signature -> Sign Document

Step 4: Select any Hash function and choose private key.
Step 5: Enter PIN number and Click on Sign button to generate
digital signature.
e) List any two types of active and passive attacks 2M
Ans. Active Attack: Any two
 Masquerade active
attacks
 Replay 1M,
 Message Modification
 Denial-Of-Service Any two
passive
attacks 1M
Passive Attack:
 Eavesdropping
 Traffic Analysis

Page 2 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

f) State any two policies of the firewall 2M

Ans.  Service control: Determines the types of Internet services that can
Any two
be accessed, inbound or outbound. The firewall may filter traffic policies 2M
on the basis of IP address, protocol, or port number; may provide
proxy software that receives and interprets each service request
before passing it on; or may host the server software itself, such as
a Web or mail service.
 Direction control: Determines the direction in which particular
service requests may be initiated and allowed to flow through the
firewall.
 User control: Controls access to a service according to which user
is attempting to access it. This feature is typically applied to users
inside the firewall perimeter (local users).
 Behavior control: Controls how particular services are used. For
example, the firewall may filter e-mail to eliminate spam, or it may
enable external access to only a portion of the information on a
local Web server.

g) List any types of cybercrimes 2M

Ans. Types of cyber crime :- Any four
1. Hacking types 1/2M
each
2. Digital Forgery
3. Cyber Stalking / Harassment
4. Cyber Pornography
5. Identity Theft and Fraud
6. Cyber Terrorism
7. Cyber Defamation
2. Attempt any THREE of the following: 12M
a) Describe CIA model with suitable diagram. 4M
Ans. 1. Confidentiality: the principle of confidentiality specifies that only
Explanatio
sender and intended recipients should be able to access the contents n with
of a message. Confidentiality gets compromised if an unauthorized diagram
4M
person is able to access the contents of a message. Example of
compromising the Confidentiality of a message is shown in fig.

Page 3 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

Fig. Loss of confidentiality

Here, the user of a computer A send a message to user of computer B.
another user C gets access to this message, which is not desired and
therefore, defeats the purpose of Confidentiality. This type of attack
is also called as interception

2. Authentication: Authentication helps to establish proof of

identities. The Authentication process ensures that the origin of a
message is correctly identified. For example, suppose that user C
sends a message over the internet to user B. however, the trouble is
that user C had posed as user A when he sent a message to user B.
how would user B know that the message has come from user C, who
posing as user A? This concept is shown in fig. below. This type of
attack is called as fabrication.

Fig. absence of authentication

3. Integrity: when the contents of the message are changed after the
sender sends it, but before it reaches the intended recipient, we say
that the integrity of the message is lost. For example, here user C
tampers with a message originally sent by user A, which is actually
destined for user B. user C somehow manages to access it, change its
contents and send the changed message to user B. user B has no way
of knowing that the contents of the message were changed after user
A had sent it. User A also does not know about this change. This type
of attack is called as modification.

Page 4 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

Fig. Loss of Integrity

b) Define the following with suitable example 4M

i) DAC
Definition
ii) MAC with
i) DAC: DAC (discretionary access control) policy utilizes user example of
Ans. DAC 2M
identification procedures to identify and restrict object access .It
restricts access to objects based on the identity of subjects and or
groups to which they belongs to. The owner of information or any
resource is able to change its permissions at his discretion .Data
Owners can transfer ownership of information to other users .Data
Owners can determine the type of access given to other users (read,
write etc.)
Features of DAC policy are as follows :-
Flexible –In DAC policy owner of information or resource can
change its permission.
Backup - Discretionary access control allows organizations to
backup security policies and data to ensure effective access points.
Usability - Discretionary access control is easy to use. Data Owners
can transfer ownership of information to other users easily.
Definition
ii) MAC :It is used in environments where different levels of security with
are classified. It is much more restrictive. It is sensitivity based example of
MAC 2M
restriction, formal authorization subject to sensitivity. In MAC the
owner or User cannot determine whether access is granted to or not.
i.e. Operating system rights. Security mechanism controls access to
all objects and individual cannot change that access.

Page 5 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

c) Differentiate between symmetric and asymmetric key 4M

cryptography (any four points)
Ans. Any four
points 1M
each

d) Explain Steganography with suitable example. 4M

Ans. Steganography: Steganography is the art and science of writing
hidden message in such a way that no one apart from sender and Correct
explanatio
intended recipient suspects the existence of the message. n with
Steganography works by replacing bits of useless or unused data in suitable
example
regular computer files (such as graphics, sound, text, html or even
4M
floppy disks) with bits of different, invisible information. This hidden
information can be plain text, cipher text or even images. In modern
steganography, data is first encrypted by the usual means and then
inserted, using a special algorithm, into redundant data that is part of
a particular file format such as a JPEG image.
Steganography process:
Cover-media + Hidden data + Stego-key = Stego-medium

Fig : Steganography

Page 6 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

Cover media is the file in which we will hide the hidden data, which
may also be encrypted using stego-key. The resultant file is stego-
medium. Cover-media can be image or audio file. Stenography takes
cryptography a step further by hiding an encrypted message so that
no one suspects it exists. Ideally, anyone scanning your data will fail
to know it contains encrypted data. Stenography has a number of
drawbacks when compared to encryption. It requires a lot of overhead
to hide a relatively few bits of information. I.e. One can hide text,
data, image, sound, and video, behind image.

Applications :
1. Confidential communication and secret data storing
2. Protection of data alteration
3. Access control system for digital content distribution
4. Media Database systems

3. Attempt any THREE of the following 12M

a) Describe piggy backing and shoulder surfing 4M
Ans. Piggybacking: It is the simple process of following closely behind a
Descriptio
person who has just used their own access card or PIN to gain n of piggy
physical access to a room or building. An attacker can thus gain backing
access to the facility without having to know the access code or 2M
having to acquire an access card. i.e. Access of wireless internet
connection by bringing one's own computer within range of another
wireless connection & using that without explicit permission, it
means when an authorized person allows (intentionally or
unintentionally) others to pass through a secure door. Piggybacking
on Internet access is the practice of establishing a wireless Internet
connection by using another subscriber's wireless Internet access
service without the subscriber’s explicit permission or knowledge.
Piggybacking is sometimes referred to as "Wi-Fi squatting." The
usual purpose of piggybacking is simply to gain free network access
rather than any malicious intent, but it can slow down data transfer
for legitimate users of the network.

Page 7 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

Shoulder surfing: Shoulder surfing a similar procedure in which

Descriptio
attackers position themselves in such a way as to- be-able to observe n of
the authorized user entering the correct access code. Shoulder surfing shoulder
is an effective way to get information in crowded places because it's surfing
2M
relatively easy to stand next to someone and watch as they fill out a
form, enter a PIN number at an ATM machine, or use a calling card
at a public pay phone. Shoulder surfing can also be done long
distance with the aid of binoculars or other vision enhancing devices.
Shoulder surfing is using direct observation techniques, such as
looking over someone's shoulder, to get information.

b) Convert plain text into cipher text by using single columnar 4M

technique of the following sentence:
―Maharashtra State board of Technical Education‖ 2M for
plain text
Ans. 1 2 3 4 5 table
M A H A R
2M for
A S T R A cipher text
S T A T E
B O A R D
O F T E C
H N I C A
L E D U C
A T I O N

PLAIN TEXT:
MAHARASTRA STATE BOARD OF TECHNICAL EDUCATION
LET ORDER BE:4,5,3,2,1

CIPHER
TEXT:ARTRECUORAEDCACNHTAATIDIASTOFNETMASBOH
LA

Note: Any relevant order shall be considered.

Page 8 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

c) State any four difference between Firewall and Intrusion 4M

Detection System
Ans.

Any four
differences
1M each

d) Describe any four password selection criteria. 4M

Ans. Password: Password is a secret word or expression used by Any four
criteria’s
authorized persons to prove their right to access, information, etc. 1M each
Components of good password:
1. It should be at least eight characters long.
2. It should include uppercase and lowercase letters, numbers, special
characters or punctuation marks.
3. It should not contain dictionary words.
4. It should not contain the user's personal information such as their
name, family member's name, birth date, pet name, phone number or
any other detail that can easily be identified.
5. It should not be the same as the user's login name.
6. It should not be the default passwords as supplied by the system
vendor such as password, guest, and admin and so on.

Page 9 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

4. Attempt any THREE of the following 12M

a) Convert the given plain text, encrypt it with the help of Caesor‟s 4M
cipher technique.
“Network and Information Security”. 2M for
plain text
Ans. table

2M for
Caesor’s
cipher
technique

PLAIN TEXT: NETWORK AND INFORMATION SECURITY

CIPHER TEXT:QHWZRUNDQGLQIRUPDWLRQVHFXULWB
b) Demonstrate configuration of Firewall setting windows operating 4M
system.
Ans. Correct
A firewall is a device which monitors and filters all the incoming and explanatio
outgoing network traffic and prevents unauthorized access to/within n 4M
the network. The firewall is the most important line of defense in
maintaining the security of the network and the application. Every
firewall has a set of rules predefined to allow type of data within the
network; accordingly, it allows or denies the incoming traffic within
the network.

Configuring firewalls on Windows 10

Since Windows is widely used at personal level, this article has been
written specifically for configuring firewalls on Windows.
These are the steps for opening any specific port on the Windows 10
firewall:
1) Search ―firewall‖ and click on Windows Defender Firewall, as
shown below:

Page 10 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

2) Click on Inbound Rules, as shown.

3) Click on New Rule, select port and click Next as shown:

Page 11 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

4) Enter a specific port number. In this case, it’s 443. Click Next.

Page 12 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

5) Allow or block the connection as needed.

6) Name the rule and description as needed.

7) The same steps need to be followed for allowing outbound

connection. In step 1, instead of selecting Inbound Rules, select
Outbound Rules and follow the same steps as above.
That’s easy it is to configure to allow or deny any connection for a
particular port on Windows 10.

Page 13 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

c) Describe DMZ with suitable diagram. 4M

Ans. DMZ (Demilitarized Zone): It is a computer host or small network
inserted as a ―neutral zone‖ in a company‟s private network and the Explanatio
outside public network. It avoids outside users from getting direct n 2M
access to a company‟s data server. A DMZ is an optional but more
secure approach to a firewall. It can effectively acts as a proxy server.
Diagram
The typical DMZ configuration has a separate computer or host in 2M
network which receives requests from users within the private
network to access a web sites or public network. Then DMZ host
initiates sessions for such requests on the public network but it is not
able to initiate a session back into the private network. It can only
forward packets which have been requested by a host. The public
network‟s users who are outside the company can access only the
DMZ host. It can store the company‟s web pages which can be
served to the outside users. Hence, the DMZ can‟t give access to the
other company‟s data. By any way, if an outsider penetrates the
DMZ‟s security the web pages may get corrupted but other
company‟s information can be safe.

d) Describe PGP with suitable diagram. 4M

Ans. PGP is Pretty Good Privacy. It is a popular program used to encrypt
and decrypt email over the internet. It becomes a standard for email Explanatio
n 2M
security. It is used to send encrypted code (digital signature) that lets
the receiver verify the sender’s identity and takes care that the route
of message should not change. PGP can be used to encrypt files being
stored so that they are in unreadable form and not readable by users
or intruders It is available in Low cost and Freeware version. It is
Page 14 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

most widely used privacy ensuring program used by individuals as

well as many corporations.

Diagram
2M

There are five steps as shown below:

1. Digital signature: it consists of the creation a message digest of the
email message using SHA-1 algorithm. The resulting MD is then
encrypted with the sender’s private key. The result is the sender’s
digital signature.
2. Compression: The input message as well as p digital signature are
compressed together to reduce the size of final message that will be
transmitted. For this the Lempel -Ziv algorithm is used.
3. Encryption: The compressed output of step 2 (i.e. the compressed
form of the original email and the digital signature together) are
encrypted with a symmetric key.
4. Digital enveloping: the symmetric key used for encryption in step 3
is now encrypted with the receiver’s public key. The output of step 3
and 4 together form a digital envelope.
5. Base -64 encoding: this process transforms arbitrary binary input
into printable character output. The binary input is processed in
blocks of 3 octets (24-bits).these 24 bits are considered to be made up
of 4 sets, each of 6 bits. Each such set of 6 bits is mapped into an 8-
bit output character in this process.

e) Find the output of initial permutation box when the input is given 4M
in hexadecimal as
0 x 0003 0000 0000 0001

Page 15 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

Ans.
0 0 0 3 Hexadecimal
0000 0000 0000 0011 Binary
Correct
0 0 0 0 Hexadecimal output 4M
0000 0000 0000 0000 Binary

0 0 0 0 Hexadecimal
0000 0000 0000 0000 Binary

0 0 0 1 Hexadecimal
0000 0000 0000 0001 Binary
Input

1 2 3 4 5 6
1 0 0 0 0 0 0
2 0 0 0 0 0 0
3 0 0 0 0 0 0
4 0 0 0 0 0 0
5 0 0 0 0 0 0
6 0 0 0 0 0 0
7 0 0 0 0 0 0
8 0 0 0 0 0 0

Permutation table

1 2 3 4 5 6
1 58 50 42 34 26 18
2 60 52 44 36 28 20
3 62 54 46 38 30 22
4 64 56 48 40 32 24
5 57 49 41 33 25 17
6 59 51 43 35 27 19
7 61 53 45 37 29 21
8 63 55 47 39 31 23

Page 16 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

Output

1 2 3 4 5 6
1 0 0 0 0 0 0
2 0 0 0 0 0 0
3 0 0 0 0 0 0
4 1 0 0 0 0 0
5 0 0 0 0 0 0
6 0 0 0 0 0 0
7 0 0 0 0 0 0
8 0 0 0 0 0 0

Hexadecimal
0000 0082 0000 0002
Note: Any other relevant logic shall be considered.
5. Attempt any TWO of the following 12M
a) Describe the following terms 6M
i) Asset
ii) Vulnerability
iii) Risks
Ans. i) Asset: Asset is any data, device, or other component of the
environment that supports information-related activities. Assets
Descriptio
generally include hardware, software and confidential information. n of each
term 2M
ii) Vulnerability: It is a weakness in computer system & network.
The term "vulnerability" refers to the security flaws in a system that
allows an attack to be successful. Vulnerability testing should be
performed on an on-going basis by the parties responsible for
resolving such vulnerabilities, and helps to provide data used to
identify unexpected dangers to security that need to be addressed.
Such vulnerabilities are not particular to technology — they can also
apply to social factors such as individual authentication and
authorization policies.

iii) Risks: Risk is probability of threats that may occur because of

presence of vulnerability in a system.

Page 17 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

OR
Risk is any event or action that could cause a loss or damage to
computer hardware, software, data, or information.
b) Describe network base IDS with suitable diagram 6M
Ans.

Diagram
2M

1. Network-based IDS focuses on network traffic —the bits & bytes

Explanatio
traveling along the cables & wires that interconnect the system. n 4M
2. A network IDS should check the network traffic when it passes &
it is able to analyse traffic according to protocol type, amount, source,
destination, content, traffic already seen etc.
3. Such an analysis must occur quickly, &the IDS must be able to
handle traffic at any speed the network operates on to be effective.
4. Network-based IDSs are generally deployed so that they can
monitor traffic in &out of an organization’s major links like
connection to the Internet, remote offices, partner etc.
Network-based IDSs looks for certain activities like:
 Denial of service attacks
 Port scans or sweeps
 Malicious content in the data payload of a packet or packets
 Vulnerability scanning Trojans, viruses, or worms
 Tunneling
 Brute-force attacks
OR
1. Traffic collector: This component collects activity or events from
the IDS to examine. On Host-based IDS, this can be log files, audit
logs, or traffic coming to or leaving a specific system. On Network-
based IDS, this is typically a mechanism for copying traffic of the
network link.

Page 18 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

2. Analysis Engine: This component examines the collected network

traffic & compares it to known patterns of suspicious or malicious
activity stored in the signature database. The analysis engine acts like
a brain of the IDS.
3. Signature database: It is a collection of patterns & definitions of
known suspicious or malicious activity.
4. User Interface & Reporting: This is the component that interfaces
with the human element, providing alerts when suitable & giving the
user a means to interact with & operate the IDS.
Advantages:
 O.S specific and detailed signatures.
 Examine data after it has been decrypted.
 Very application specific.
 Determine whether or not an alarm may impact that specific.
Disadvantages:
 Should a process on every system to watch.
 High cost of ownership and maintenance.
 Uses local system resources.
 If logged locally, could be compromised or disable.
c) Describe COBIT framework with neat diagram 6M
Ans.
Diagram
2M

COBIT stands for ―Control Objectives for Information and related Explanatio
Technology‖, it is a framework that was developed by ISACA n 4M
(Information System Audit and Control Association). It is a set of
guidance material for IT governance to manage their requirements,
technical issues, and business risks.

Page 19 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

COBIT connects IT initiatives with business requirements, monitors

and improves IT management practices, and ensures quality control
and reliability of information systems in an organization.
 Plan and Organize: This domain addresses direction to solutions,
Information architecture, managing IT investments, assess the
risks, quality, and project.
 Acquire and Implement: This domain acquires and maintains
application software and technology infrastructure, develops as
well as maintains procedures and manages changes, implements
desired solutions and passes them to be turned into services.
 Deliver and Support: This domain defines and manages service
levels, ensures the security of the system, educates or trains, and
advises users. It receives solutions and makes them usable for end
users.
 Monitor and Evaluate: This domain monitors the process, assesses
internal control capability, finds independent assurance, and
provides independent audit.
Principle of COBIT:
 Providing service of delivering information that an organization
requires.
 Undesired events will be prevented, detected, and corrected.
 Managing and controlling IT resources using a structured set of
processes.
Fulfilling client’s requirements.
Note: Any other relevant framework shall be considered

6. Attempt any TWO of the following 12M

a) Describe any three phases of virus with suitable example 6M
Ans. Definition: Virus is a program which attaches itself to another
program and causes damage to the computer system or the network. It Any three
Phases 3M
is loaded onto your computer without your knowledge and runs
against your wishes. Suitable
During the lifecycle of virus it goes through the following four example
phases: 3M

Page 20 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

1. Dormant phase: The virus is idle and activated by some event.

2. Propagation phase: It places an identical copy of itself into
other programs or into certain system areas on the disk.
3. Triggering phase: The virus is activated to perform the function
for which it was intended.
4. Execution phase: The function of virus is performed

Note: Any other relevant example shall be considered

b) Describe „ Kerberos‟ protocol with suitable diagram 6M
Ans. Kerberos: Kerberos is a network authentication protocol. It is
designed to provide strong authentication for client/server
applications by using secret-key cryptography. It uses secret key Descriptio
cryptography. It is a solution to network security problems. It n with
provides tools for authentication and strong cryptography over the suitable
network to help you secure your information system There are 4 diagram of
parties involved in Kerberos protocol Authentica
tion service
i) User (AS)
ii) Authentication service (AS) 3M
iii) Ticket granting server (TGS)
iv) Service server
Working of Kerberos: Descriptio
n with
1. The authentication service, or AS, receivers the request by the suitable
client and verifies that the client is indeed the computer it claims to diagram of
be. This is usually just a simple database lookup of the user’s ID. Ticket
granting
server
(TGS)
3M

Page 21 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

2. Upon verification, a timestamp is created. This puts the current

time in a user session, along with an expiration date. The default
expiration date of a timestamp is 8 hours. The encryption key is then
created. The timestamp ensures that when 8 hours is up, the
encryption key is useless.
3. The key is sent back to the client in the form of a ticket-granting
ticket, or TGT. This is a simple ticket that is issued by the
authentication service. It is used for authentication the client for
future reference.

1. The client submits the ticket-granting ticket to the ticket-granting

server, or TGS, to get authenticated.
2. The TGS creates an encrypted key with a timestamp, and grants the
client a service ticket.

3. The client decrypts the ticket, tells the TGS it has done so, and then
sends its own encrypted key to the service.

Page 22 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

4. The service decrypts the key, and makes sure the timestamp is still
valid. If it is, the service contacts the key distribution center to
receive a session that is returned to the client.

5. The client decrypts the ticket. If the keys are still valid,
communication is initiated between client and server.
c) Write a brief note on firewall configuration 6M
i) Packet filter as a firewall
ii) Application level gateway firewall
iii) Circuit level gateway firewall Explanatio
Ans. n with
1. Packet filter as a firewall : As per the diagram given below diagram
Firewall will act according to the table given for example source IP 2M
150.150.0.0 is the IP address of a network , all the packets which are each
coming from this network will be blocked by the firewall in this way
it is acting as a firewall. Table also having port 80, IP Address
200.75.10.8 & port 23 firewall will act in the similar fashion. Port 23
is for Telnet remote login in this case firewall won’t allow to login
onto this server. IP Address 200.75.10.8 is the IP address of
individual Host, all the packet having this IP address as a destination
Address will be denied. Port 80 no HTTP request allowed by firewall

Page 23 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

2. Application level gateway Firewalls: Application level firewalls

decide whether to drop a packet or send them through based on the
application information (available in the packet). They do this by
setting up various proxies on a single firewall for different
applications. Both the client and the server connect to these proxies
instead of connecting directly to each other. So, any suspicious data
or connections are dropped by these proxies. Application level
firewalls ensure protocol conformance. For example, attacks over http
that violates the protocol policies like sending Non-ASCII data in the
header fields or overly long string along with Non ASCII characters
in the host field would be dropped because they have been tampered
with, by the intruders.

Page 24 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|21419424

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

MODEL ANSWER-Only for the Use of RAC Assessors

Subject: Network and Information Security Subject Code: 22620

3. Circuit level gateway Firewalls: The circuit level gateway firewalls

work at the session layer of the OSI model. They monitor TCP handshaking
between the packets to determine if a requested session is legitimate. And
the information passed through a circuit level gateway, to the internet,
appears to have come from the circuit level gateway. So, there is no way for
a remote computer or a host to determine the internal private ip addresses of
an organization, for example. This technique is also called Network Address
Translation where the private IP addresses originating from the different
clients inside the network are all mapped to the public IP address available
through the internet service provider and then sent to the outside world
(Internet). This way, the packets are tagged with only the Public IP address
(Firewall level) and the internal private IP addresses are not exposed to
potential intruders

Page 25 / 25

Downloaded by Durvesh Mhatre (durveshmaheshmhatre@gmail.com)

 lOMoARcPSD|36114277

S-24 NIS 22620 Model Answer

Information Technology (Maharashtra State Board of Technical Education)

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)
 lOMoARcPSD|36114277

This paper is solve by Diploma Pass-out Student | Its not official

document
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2024 EXAMINATION
MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Important Instructions to examiners:

1) The answers should be examined by key words and not as word-to-word as given
in the model answer scheme.
2) The model answer and the answer written by candidate may vary but the
examiner may try to assess the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given
more Importance (Not applicable for subject English and Communication Skills).
4) While assessing figures, examiner may give credit for principal components
indicated in the figure. The figures drawn by candidate and model answer may
vary. The examiner may give credit for any equivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the
assumed constant values may vary and there may be some difference in the
candidate’s answers and model answer.
6) In case of some questions credit may be given by judgement on part of
examiner of relevant answer based on candidate’s understanding.
7) For programming language papers, credit may be given to any other
program based on equivalent concept.

Q. Sub Answer Remarks

No Q.N.

a) Differentiate between viruses & worms

Ans.

[Q.1 E]
1.
From S-22

Susbcribe our YT Channel Visit our K Scheme Website

Join our telegram Channel

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)

 lOMoARcPSD|36114277

This paper is solve by Diploma Pass-out Student | Its not official

document
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2024 EXAMINATION
MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

[Q.1 E]
From S-22

b) State any four advantages of Biometrics.

Ans. 1. Improved Security: Biometrics provide a high level of security
as they are unique to individuals.
2. Convenience: No need to remember passwords or carry
identification cards.
3. Difficult to Forge: Unlike passwords, biometric data (like
fingerprints) cannot be easily duplicated.
4. Efficient Authentication: Reduces time for verification and
provides quick accessain the term cryptanalysis.**
5. Cryptanalysis is the study of analyzing and breaking
cryptographic algorithms and ciphers without knowing the
secret key.

c) Explain the term cryptanalysis. ChatGPT

Ans. Cryptanalysis is the process of studying and analyzing cryptographic Answers
algorithms and ciphertexts to find weaknesses and decrypt data without
knowing the encryption key
d) Define term cyber crime.
Ans. Cyber crime refers to illegal activities that involve computers, networks,
or digital devices to commit offenses like hacking, identity theft, and
fraud.
b) State any four advantages of Biometrics.
Ans. 6. Improved Security: Biometrics provide a high level of security
as they are unique to individuals.
7. Convenience: No need to remember passwords or carry
identification cards.
8. Difficult to Forge: Unlike passwords, biometric data (like
fingerprints) cannot be easily duplicated.
9. Efficient Authentication: Reduces time for verification and
Susbcribe our YT Channel Visit our K Scheme Website
Join our telegram Channel

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)

 lOMoARcPSD|36114277

This paper is solve by Diploma Pass-out Student | Its not official

document
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2024 EXAMINATION
MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

provides quick accessain the term cryptanalysis.**

10. Cryptanalysis is the study of analyzing and breaking
cryptographic algorithms and ciphers without knowing the
secret key.

c) Explain the term cryptanalysis.

Ans. Cryptanalysis is the process of studying and analyzing cryptographic ChatGPT
algorithms and ciphertexts to find weaknesses and decrypt data without Answers
knowing the encryption key
Explain the term assets.
Asset: [Q.5 A]
Asset is any data, device, or other component of the environment From S-23
that supports information-related activities. Assets generally include
hardware, software and confidential information.
f) State any four limitations of firewall.
Ans. Limitations:
1. Firewall do not protect against inside threats.
2. Packet filter firewall does not provide any content based [Q.6 C]
filtering. From S-22
3. Protocol tunneling, i.e. sending data from one protocol to
another protocol which negates the purpose of firewall.
Encrypted traffic cannot be examine and filter.
g) Explain working of Kerberos in short.
Ans. Kerberos is a network authentication protocol that uses secret-key
cryptography. The steps include:
1. The user requests authentication from the Authentication
Server (AS). ChatGPT
2. AS verifies the user and provides a Ticket Granting Ticket Answers
(TGT).
3. The user presents the TGT to the Ticket Granting Server (TGS).
4. TGS verifies the ticket and provides a service ticket.
The user accesses the service using the service ticke
2. Attempt any THREE of the following :
a) Enlist types of Biometrics & explain any one Biometrics type in
[Q.2 B]
detail.
2. From W-
Ans. Different types of Biometrics
22
1. Finger print recognition
2. Hand print recognition

Susbcribe our YT Channel Visit our K Scheme Website

Join our telegram Channel

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)

 lOMoARcPSD|36114277

This paper is solve by Diploma Pass-out Student | Its not official

document
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2024 EXAMINATION
MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

3. Retina/iris scan technique

4. Face recognition
5. Voice patterns recognition
6. Signature and writing patterns recognition
7. Keystroke dynamics

Finger print recognition

Above figure shows the block diagram of biometric system.
Fingerprint registration & verification process
1. During registration, first time an individual uses a biometric
system is called an enrollment.
2. During the enrollment, biometric information from an
individual is stored.
3. In the verification process, biometric information is detected
and compared with the information stored at the time of
enrolment.
4. The first block (sensor) is the interface between the real
5. world and the system; it has to acquire all the necessary data.
6. The 2nd block performs all the necessary pre-processing
7. The third block extracts necessary features. This step is an
important step as the correct features need to be extracted in
the optimal way.
8. If enrollment is being performed the template is simply stored
somewhere (on a card or within a database or both).
9. If a matching phase is being performed the obtained template
is passed to a matcher that compares it with other existing
templates, estimating the distance between them using any
algorithm.

Susbcribe our YT Channel Visit our K Scheme Website

Join our telegram Channel

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)

 lOMoARcPSD|36114277

This paper is solve by Diploma Pass-out Student | Its not official

document
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2024 EXAMINATION
MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

10. The matching program will analyze the template with the
input. This will then be output for any specified use or purpose.
b) Explain DOS with neat diagram.
Ans. Denial Of Service Attack: Denial of service (DOS) attack scan exploits a
known vulnerability in a specific application or operating system, or
they may attack features (or weaknesses) in specific protocols or
services. In this form of attack, the attacker is attempting to deny
authorized users access either to specific information or to the computer
system or network itself. The purpose of such an attack can be simply to
prevent access to the target system, or the attack can be used in
conjunction with other actions in order to gain unauthorized access to a
computer or network. SYN flooding is an example of a DOS attack that
takes advantage of the way TCP/IP networks were designed to function,
and it can be used to illustrate the basic principles of any DOS attack.
SYN flooding utilizes the TCP three-way handshake that is used to
establish a connection between two systems. In a SYN flooding attack,
the attacker sends fake communication requests to the targeted system.
Each of these requests will be answered by the target system, which
then waits for the third part of the handshake. Since the requests are
[Q.6 A]
fake the target will wait for responses that will never come, as shown in
Figure. From S-22

The target system will drop these connections after a specific time-out
period, but if the attacker sends requests faster than the time-out period
eliminates them, the system will quickly be filled with requests. The
number of connections a system can support is finite, so when more
requests come in than can be processed, the system will soon be
reserving all its connections for fake requests. At this point, any further
requests are simply dropped (ignored), and legitimate users who want
to connect to the target system will not be able to. Use of the system has

Susbcribe our YT Channel Visit our K Scheme Website

Join our telegram Channel

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)

 lOMoARcPSD|36114277

This paper is solve by Diploma Pass-out Student | Its not official

document
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2024 EXAMINATION
MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

thus been denied to them.

c) Differentiate between symmetric and asymmetric cryptography.
Ans.

[Q.2 C]
From S-22

d) Illustrate digital signature and explain it with neat diagram.

Ans. Digital Signature: 1. Digital signature is a strong method of
authentication in an electronic form. 2. It includes message
authentication code (MAC), hash value of a message and digital pen pad
devices. It also includes cryptographically based signature protocols. 3.
Digital Signature is used for authentication of the message and the
sender to verify the integrity of the message. 4. Digital Signature may be
in the form of text, symbol, image or audio. 5. In today’s world of [Q.4 E]
electronic transaction, digital signature plays a major role in From S-22
authentication. For example, one can fill his income tax return online It is in
Cryptograp
2. using his digital signature, which avoids the use of paper and makes the
hy if this
process faster. 6. Asymmetric key encryption techniques and public key
answer is
infrastructure are used in digital signature. 7. Digital signature
wrong find
algorithms are divided into two parts a. Signing part: It allows the other one
sender to create his digital signature. b. Verification part: It is used by
the receiver for verifying the signature after receiving the message.
Generation and Verification of digital signatures:
Working:
1. Message digest is used to generate the signature. The message
digest (MD) is calculated from the plaintext or message.
2. The message digest is encrypted using user‟s private key.

Susbcribe our YT Channel Visit our K Scheme Website

Join our telegram Channel

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)

 lOMoARcPSD|36114277

This paper is solve by Diploma Pass-out Student | Its not official

document
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2024 EXAMINATION
MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

3. Then, the sender sends this encrypted message digest with the
plaintext or message to the receiver.
4. The receiver calculates the message digest from the plain text
or message he received.
5. Receiver decrypts the encrypted message digest using the
sender’s public key. If both the MDs are not same then the
plaintext or message is modified after signing.

3. Attempt any THREE of the following :

a) Define the following terms:
(i) Authentication
(ii) Authorization
Ans. Authorization: It is a process of verifying that the known person has the
authority to perform certain operation. It cannot occur without
authentication. It is nothing but granting permissions and rights to [Q.3 A]
3. individual so that he can use these rights to access computer resources From W-
or information. 22
Authentication: Authentication is the process of determining identity of
a user or other entity. It is performed during log on process where user
has to submit his/her username and password. There are three methods
used in it. 1. Something you know User knows user id and password. 2.
Something you have Valid user has lock and key. 3. Something about you
User’s unique identity like fingerprints, DNA etc
b) Convert plain text into cipher text by using simple columnar
technique of the following sentence: ChatGPT
ALL IS WELL FOR YOUR EXAM Answers
Ans. 1 2 3 4 5
Susbcribe our YT Channel Visit our K Scheme Website
Join our telegram Channel

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)

 lOMoARcPSD|36114277

This paper is solve by Diploma Pass-out Student | Its not official

document
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2024 EXAMINATION
MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

A L L I S
W E L L F
O R Y O U
R E X A M
PLAIN TEXT: ALL IS WELL FOR YOUR EXAM
LET ORDER BE: 3, 1, 4, 5, 2.
Cipher Text: LYXLWALOELSFIOURRAME.
c) Describe packet filter router firewall with neat diagram.
Packet filter as a firewall: As per the diagram given below Firewall will
Ans. act according to the table given for example source IP 150.150.0.0 is the
IP address of a network, all the packets which are coming from this
network will be blocked by the firewall in this way it is acting as a
firewall. Table also having port 80, IP Address 200.75.10.8 & port 23
firewall will act in the similar fashion. Port 23 is for Telnet remote login
in this case firewall won’t allow to login onto this server. IP Address
200.75.10.8 is the IP address of individual Host, all the packet having
this IP address as a destination Address will be denied. Port 80 no HTTP [Q.6 C]
request allowed by firewall. From S-23

d) Explain working of fingerprint mechanism and its limitations. [Q.2 B]

3.
From S-22

Susbcribe our YT Channel Visit our K Scheme Website

Join our telegram Channel

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)

 lOMoARcPSD|36114277

This paper is solve by Diploma Pass-out Student | Its not official

document
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2024 EXAMINATION
MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Fingerprint registration & verification mechanism

1. During registration, first time an individual uses a biometric
system is called an enrollment.
2. During the enrollment, biometric information from an individual is
stored.
3. In the verification process, biometric information is detected and
compared with the information stored at the time of enrolment.
4. The first block (sensor) is the interface between the real world and
the system; it has to acquire all the necessary data.
5. The 2nd block performs all the necessary pre-processing.
6. The third block extracts necessary features. This step is an
important step as the correct features need to be extracted in the
optimal way.
7. If enrollment is being performed the template is simply stored
somewhere (on a card or within a database or both).
8. If a matching phase is being performed the obtained template is
passed to a matcher that compares it with other existing templates,
estimating the distance between them using any algorithm.
The matching program will analyze the template with the input. This will
then be output for any specified use or purpose.
4. Attempt any THREE of the following:
a) Explain Caesar’s cipher substitution technique with example.
Ans. Caesar cipher technique is proposed by Julius Caesar. It is one of the [Q.2 C]
4. simplest and most widely known encryption techniques. It is a type of From W-
substitution technique in which each letter in the plain text is replaced 22
by a letter some fixed number of position down the alphabet. The Caesar
cipher involves replacing each letter of the alphabet with the letter three
Susbcribe our YT Channel Visit our K Scheme Website
Join our telegram Channel

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)

 lOMoARcPSD|36114277

This paper is solve by Diploma Pass-out Student | Its not official

document
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2024 EXAMINATION
MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

places further down the alphabet. For example, with a shift of 3, A would
be replaced by D, B would became E, and so on as shown in the table
below.

Example
PLAIN TEXT - COMPUTER ENGINEERING
Convert each alphabet in the plain text, using the table, the cipher text
can be written as
CIPHER TEXT – FRPSXWHU HQJLQHHULQJ Algorithm to break
Caesar cipher:
1. Read each alphabet in the cipher text message, and search for it
in the second row of the table above.
2. When a match in found, replace that alphabet in the cipher text
message with the corresponding alphabet in the same column but
the first row of the table. (For example, if the alphabet cipher text
is J, replace it with G).
Repeat the process for all alphabets in the cipher text message
b) Describe host based IDS with its advantages and disadvantages.
Ans.

[Q.5 B]
4.
From S-23

1. Network-based IDS focuses on network traffic —the bits & bytes

traveling along the cables & wires that interconnect the system.
2. A network IDS should check the network traffic when it passes &
it is able to analyse traffic according to protocol type, amount,
source, destination, content, traffic already seen etc.
3. Such an analysis must occur quickly, &the IDS must be able to

Susbcribe our YT Channel Visit our K Scheme Website

Join our telegram Channel

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)

 lOMoARcPSD|36114277

This paper is solve by Diploma Pass-out Student | Its not official

document
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2024 EXAMINATION
MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

handle traffic at any speed the network operates on to be

effective.
4. Network-based IDSs are generally deployed so that they can
monitor traffic in &out of an organization’s major links like
connection to the Internet, remote offices, partner etc.
Network-based IDSs looks for certain activities like:
▪ Denial of service attacks
▪ Port scans or sweeps
▪ Malicious content in the data payload of a packet or packets
▪ Vulnerability scanning Trojans, viruses, or worms
▪ Tunneling
▪ Brute-force attacks
OR
Traffic collector: This component collects activity or events from the IDS
to examine. On Host-based IDS, this can be log files, audit logs, or traffic
coming to or leaving a specific system. On Networkbased IDS, this is
typically a mechanism for copying traffic of the network link.
1. Analysis Engine: This component examines the collected network
traffic & compares it to known patterns of suspicious or malicious
activity stored in the signature database. The analysis engine acts
like a brain of the IDS.
2. Signature database: It is a collection of patterns & definitions of
known suspicious or malicious activity.
3. User Interface & Reporting: This is the component that interfaces
with the human element, providing alerts when suitable & giving
the user a means to interact with & operate the IDS.
Advantages:
▪ O.S specific and detailed signatures.
▪ Examine data after it has been decrypted.
▪ Very application specific.
▪ Determine whether or not an alarm may impact that specific.
Disadvantages:
▪ Should a process on every system to watch.
▪ High cost of ownership and maintenance.
▪ Uses local system resources.
If logged locally, could be compromised or disable
c) Define Hacking. Explain different types of Hackers. [Q.1 D]

Susbcribe our YT Channel Visit our K Scheme Website

Join our telegram Channel

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)

 lOMoARcPSD|36114277

This paper is solve by Diploma Pass-out Student | Its not official

document
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2024 EXAMINATION
MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Ans. Hacking in simple terms means an illegal intrusion into a computer From W-
system and/or network. Government websites are the hot target of the 22
hackers due to the press coverage, it receives. Hackers enjoy the media
coverage.
OR
Hacking is the act of identifying and then exploiting weaknesses in a
computer system or network, usually to gain unauthorized access to
personal or organizational data. Hacking is not always a malicious
activity, but the term has mostly negative connotations due to its
association with cybercrime.
Different Types of Hackers:
1. Black Hat Hacker
Black-hat Hackers are also known as an Unethical Hacker or a Security
Cracker. These people hack the system
illegally to steal money or to achieve their own illegal goals.
2. White Hat Hacker
White hat Hackers are also known as Ethical Hackers or a
Penetration Tester. White hat hackers are the good guys of the
hacker world.
These people use the same technique used by the black hat
hackers. They also hack the system, but they can only hack the Diff Types
4.
system that they have permission to hack in order to test the of Hackers
security of the system.
3. Gray Hat Hacker
Gray hat Hackers are Hybrid between Black hat Hackers and White hat
hackers. They can hack any system even if they don't have permission to
test the security of the system but they will never steal money or
damage the system.
d) Explain the features of IDS technique.
Ans. 1) Traffic Monitoring: IDS continuously analyzes network packets to
detect suspicious activities.
2) Signature-Based Detection: Compares traffic patterns with a
ChatGPT
database of known attack signatures.
Answers
3) Anomaly Detection: Identifies deviations from normal behavior that
may indicate an attack.
4) Real-Time Alerts: Generates warnings and logs any detected
intrusions

Susbcribe our YT Channel Visit our K Scheme Website

Join our telegram Channel

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)

 lOMoARcPSD|36114277

This paper is solve by Diploma Pass-out Student | Its not official

document
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2024 EXAMINATION
MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

e) Differentiate between substitution and transposition techniques?

ChatGPT
Ans Feature Substitution Cipher Transposition Cipher Answers
Definition Replaces characters Rearranges the positions
with other characters of characters without
or symbols. changing them.
Example Caesar cipher (Shift by Columnar transposition
3: A → D) (Rearranging letter order).
Security Lower security as Higher security when
Level frequency analysis can combined with
break it. substitution.
Key Uses a key to Uses a pattern or sequence
Requireme substitute letters for rearrangement
nt
Attempt any TWO of the following:
a) Explain active attack and passive attack with suitable example.
Ans. 1) Active Attack:
▪ Definition: Involves an attacker altering or manipulating the
data being transmitted.
▪ Example: Man-in-the-Middle (MITM) Attack, where an
attacker intercepts communication between two parties and ChatGPT
5.
modifies the data before forwarding it. Answers
2) Passive Attack:
▪ Definition: The attacker only monitors or eavesdrops on
communication without altering the data.
▪ Example: Eavesdropping on network traffic to capture
sensitive information like login credentials

b) Describe the DMZ with suitable example.

Ans. DMZ (Demilitarized Zone): It is a computer host or small network
inserted as a “neutral zone” in a company‟s private network and the
outside public network. It avoids outside users from getting direct
[Q.3 C]
access to a company‟s data server. A DMZ is an optional but more secure
From W-
approach to a firewall. It can effectively acts as a proxy server. The
22
typical DMZ configuration has a separate computer or host in network
which receives requests from users within the private network to access
a web sites or public network. Then DMZ host initiates sessions for such
requests on the public network but it is not able to initiate a session back

Susbcribe our YT Channel Visit our K Scheme Website

Join our telegram Channel

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)

 lOMoARcPSD|36114277

This paper is solve by Diploma Pass-out Student | Its not official

document
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2024 EXAMINATION
MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

into the private network. It can only forward packets which have been
requested by a host. The public network‟s users who are outside the
company can access only the DMZ host. It can store the company‟s web
pages which can be served to the outside users. Hence, the DMZ can‟t
give access to the other company‟s data. By any way, if an outsider
penetrates the DMZ‟s security the web pages may get corrupted but
other company‟s information can be safe.

Examples:
1) Web servers
It’s possible for web servers communicating with internal
database servers to be deployed in a DMZ. This makes internal
databases more secure, as these are the repositories responsible
for storing sensitive information. Web servers can connect with
the internal database server directly or through application
firewalls, even though the DMZ continues to provide protection. [Q.3 C]
5. 2) DNS servers From W-
A DNS server stores a database of public IP addresses and their 22
associated hostnames. It usually resolves or converts those
names to IP addresses when applicable. DNS servers use
specialized software and communicate with one another using
dedicated protocols. Placing a DNS server within the DMZ
prevents external DNS requests from gaining access to the
internal network. Installing a second DNS server on the internal
network can also serve as additional security.
Susbcribe our YT Channel Visit our K Scheme Website
Join our telegram Channel

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)

 lOMoARcPSD|36114277

This paper is solve by Diploma Pass-out Student | Its not official

document
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2024 EXAMINATION
MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

3) Proxy servers
A proxy server is often paired with a firewall. Other computers use it to
view Web pages. When another computer requests a Web page, the
proxy server retrieves it and delivers it to the appropriate requesting
machine. Proxy servers establish connections on behalf of clients,
shielding them from direct communication with a server. They also
isolate internal networks from external networks and save bandwidth
by caching web content.
c) Explain working principle of SMTP in detail.
Composition of Mail: A user sends an e-mail by composing an
electronic mail message using a Mail User Agent (MUA). Mail User Agent [Q.4 D]
is a program which is used to send and receive mail. The message From W-
contains two parts: body and header. The body is the main part of the 22
message while the header includes information such as the sender and
recipient address. The header also includes descriptive information
such as the subject of the message. In this case, the message body is like
a letter and header is like an envelope that contains the recipient's
address.
1) Submission of Mail: After composing an email, the mail client
then submits the completed e-mail to the SMTP server by using
SMTP on TCP port 25.
2) Delivery of Mail: E-mail addresses contain two parts: username
of the recipient and domain name. For example,
vivek@gmail.com, where "vivek" is the username of the recipient
and "gmail.com" is the domain name. If the domain name of the
recipient's email address is different from the sender's domain [Q.4 D]
5. name, then MSA will send the mail to the Mail Transfer Agent From W-
(MTA). To relay the email, the MTA will find the target domain. It 22
checks the MX record from Domain Name System to obtain the
target domain. The MX record contains the domain name and IP
address of the recipient's domain. Once the record is located,
MTA connects to the exchange server to relay the message
3) Receipt and Processing of Mail: Once the incoming message is
received, the exchange server delivers it to the incoming server
(Mail Delivery Agent) which stores the e-mail where it waits for
the user to retrieve it.
4) Access and Retrieval of Mail: The stored email in MDA can be
retrieved by using MUA (Mail User Agent). MUA can be accessed
Susbcribe our YT Channel Visit our K Scheme Website
Join our telegram Channel

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)

 lOMoARcPSD|36114277

This paper is solve by Diploma Pass-out Student | Its not official

document
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2024 EXAMINATION
MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

by using login and password.

Attempt any TWO of the following:

a) Explain any three criteria for classification of information.
Ans. 1. Useful life
A data is labeled „more useful‟ when the information is available
ready for making changes as and when required. Data might need
to be changed from time to time, and when the „change‟ access is
available, it is valuable data.
2. Value of data
This is probably the most essential and standard criteria for
information classification. There is some confidential and [Q.5 A]
6. valuable information of every organization, the loss of which From W-
could lead to great losses for the organization while creating 22
organizational issues. Therefore, this data needs to be duly
classified and protected.
3. Personal association
It is important to classify information or data associated with
particular individuals or addressed by privacy law.
4. Age
The value of information often declines with time. Therefore, if the given
data or information comes under such a category, the data classification
gets lowered.
b) Describe COBIT framework with neat sketch. [Q.5 C]
Ans. From S-23

Susbcribe our YT Channel Visit our K Scheme Website

Join our telegram Channel

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)

 lOMoARcPSD|36114277

This paper is solve by Diploma Pass-out Student | Its not official

document
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2024 EXAMINATION
MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

COBIT stands for ―Control Objectives for Information and related

Technology‖, it is a framework that was developed by ISACA
(Information System Audit and Control Association). It is a set of
guidance material for IT governance to manage their requirements,
technical issues, and business risks.
COBIT connects IT initiatives with business requirements, monitors and
improves IT management practices, and ensures quality control and
reliability of information systems in an organization.
▪ Plan and Organize: This domain addresses direction to
solutions, Information architecture, managing IT investments,
assess the risks, quality, and project.
▪ Acquire and Implement: This domain acquires and maintains
application software and technology infrastructure, develops
as well as maintains procedures and manages changes,
implements desired solutions and passes them to be turned
into services.
▪ Deliver and Support: This domain defines and manages service [Q.5 C]
6.
levels, ensures the security of the system, educates or trains, From S-23
and advises users. It receives solutions and makes them usable
for end users.
▪ Monitor and Evaluate: This domain monitors the process,
assesses internal control capability, finds independent
assurance, and provides independent audit. Principle of COBIT:
▪ Providing service of delivering information that an
organization requires.
▪ Undesired events will be prevented, detected, and corrected.
Managing and controlling IT resources using a structured set of
processes. Fulfilling client’s requirements. Note: Any other relevant
framework shall be considered

Susbcribe our YT Channel Visit our K Scheme Website

Join our telegram Channel

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)

 lOMoARcPSD|36114277

This paper is solve by Diploma Pass-out Student | Its not official

document
MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)
SUMMER – 2024 EXAMINATION
MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

c) Explain policies, configuration & limitations of firewall in detail.

Ans. Policies of firewall:
a) All traffic from inside to outside and vice versa must pass
through the firewall. To achieve this all access to local network
must first be physically blocked and access only via the firewall
should be permitted. As per local security policy traffic should [Q.6 C]
be permitted. From S-22
The firewall itself must be strong enough so as to render attacks on it
useless.

Contact me if i made any mistakes or give you wrong answers

Telegram

Thank You
help without selfish heart in this kaliyug

Susbcribe our YT Channel Visit our K Scheme Website

Join our telegram Channel

Downloaded by Gouri Kshirsagar (gourikshirsagar05@gmail.com)

 …

0 ratings · 12 views · 26 pages

4. 22620 Winter 2023
model answer paper
Uploaded by ksahire2406
AI-enhanced description

Document Information
The document outlines a model answer …

Download
Download as pdf or txt

WINTER – 2023 EXAMINATION MODEL ANSWER

Subject: Network Information & Security (Elect) Subject Code: 22620

Sr.No Attempt any FIVE of the following: Marks

1. List any four virus categories. 2

Marks
Ans: 1. File Infector Viruses:
2. Boot Sector Viruses:
3. Macro Viruses:
4. Polymorphic Viruses:

2. List any four biometric mechanisms. 2

Marks
Ans: 1. Fingerprint Recognition
2. Facial Recognition
3. Iris Recognition
4. Voice Recognition

3. Define the following terms : 2

(i) Cryptography Marks
(ii) Cryptanalysis

Ans: (i) Cryptography is art & science of achieving security by encoding

messages to make them non-readable.

Readable Cryptography Unreadable

message message
System

Cipher text
Plaintext

(ii) Cryptanalysis is the study of analyzing and breaking cryptographic systems with
the goal of deciphering encrypted information without possessing the proper key or
authentication credentials.

Cryptanalysis
&$#*%@- Welcome
System

Cipher text Plaintext

Ad Download to read ad-free

4. Give examples of Active & Passive Attacks (two each). 2

Marks
Ans: 1. Active Attacks:
 Man-in-the-Middle (MITM) Attack

Denial-of-Service (DoS) Attack

2. Passive Attacks:
 Eavesdropping
 Traffic Analysis

5. State the two types of firewall with its use. 2

Marks
Ans: 1. Network-based Firewall
2. Host-based Firewall

6. List two protocols in IP Sec. State its function. 2

Marks
Ans: 1. Authentication Header (AH)

 Function:
o Provides data integrity, authentication, and anti-replay protection for
IP packets.
o Ensures that the data has not been tampered with during transit and
that it originates from a legitimate source.
o AH does not provide encryption, so the payload remains visible.

2. Encapsulating Security Payload (ESP)

 Function:

o Provides data confidentiality through encryption, as well as optional

data integrity, authentication, and anti-replay protection.
o Ensures that the payload (data) is encrypted and protected from
unauthorized access during transmission.
o Often used in combination with AH for comprehensive security.

7. Classify thefollowingcybercrime: 2
(i) Cyber terrorismagainst a government organization Marks
(ii) Cyber – Stalking
(iii) Copyright infringement
(iv) Email harassment

Ans: i) Cyber terrorism against a government organization: Cyber terrorism

involves the use of cyber-attacks by malicious actors (e.g., terrorist groups or
individuals) to disrupt critical government operations, instill fear, or achieve political,
ideological, or social objectives.

Ad Download to read ad-free

ii) Cyber stalking: Cyber Stalking means following some ones activity over
internet. This can be done with the help of many protocols available such as e- mail,
chat rooms, and user net groups.

iii) Copyright infringement: Copyright infringement occurs when someone uses,

reproduces, distributes, displays, or performs copyrighted material without the
permission of the copyright owner, violating their exclusive rights under copyright
law.

iv) Email harassment : Email harassment is usually understood to be a form of

stalking in which one or more people send consistent, unwanted, and often threatening
electronic messages to someone else.

Sr.No Attempt any THREE of the following: Marks

1. Explain basic principles of information security. 4

Marks
Ans: Information is organized or classified data, which has some meaningful values for
the receiver. Information is the processed data on which knowledge, decisions and
actions are based. For the decision to be meaningful, the processed data must qualify
for the following characteristics
Timely − Information should be available when required.
Accuracy − Information should be accurate.
Completeness − Information should be complete.

Basic Principles of information security

Fig CIA Triad of information security

1. Confidentiality: The goal of confidentiality is to ensure that only those individuals

who have the authority canview a pieceof information, the principle of confidentiality
specifies that only sender and intended recipients should be able to access thecontents
of a message. Confidentiality gets compromised if an unauthorized person is able to
access the contents of a message.

2. Authentication: It helps to establish proof of identities. Authentication

Process ensures that the origin of a message is correctly identified. Authentication
deals with the desire to ensure that an individual is who they claim to be.

3. Integrity: Integrity is a related concept but deals with the generation and
modification of data. Only authorized individuals should ever be able to create or

Ad Download to read ad-free

change (or delete) information. When the contents of the message are changed after
the sender sends it, but before it reaches the intended recipient, we say that the integrity
of the message is lost.

2. Explain any two password attacks. 4

Marks
Ans: 1. Brute ForceAttack

 Description:
A brute force attack involves systematically guessing a password by trying
every possible combination of characters until the correct one is found. This
method relies on computing power to generate and test password
combinations.
 How It Works:
o The attacker uses automated tools to try different character
combinations, starting from simple ones and progressing to more
complex variations.
o Strong passwords with greater complexity (e.g., a mix of upper- and
lower-case letters, numbers, and symbols) take significantly longer to
crack.
 Examples:
o An attacker targets a web application login page by attempting
thousands of passwords per second.
o A local brute force attack on a hashed password file.
 Mitigation:
o Implementing account lockout policies after a certain number of
failed attempts.
o Using CAPTCHAs to prevent automated attacks.
o Encouraging the use of long and complex passwords.

2. PhishingAttack

 Description:
A phishing attack involves tricking a user into voluntarily providing their
password by impersonating a trusted entity (e.g., a bank, email provider, or
company).
 How It Works:
o The attacker sends a fraudulent email or message containing a link to
a fake website that resembles a legitimate one.
o The victim is prompted to enter their password and other credentials,
which are then captured by the attacker.
 Examples:
o Receiving an email claiming to be from a bank, asking to verify
account details on a fraudulent website.
o SMS-based phishing (smishing), where the victim is tricked into
providing credentials through a text message.
 Mitigation:

Ad Download to read ad-free

o Educating users to identify phishing attempts (e.g., checking email

addresses, URLs, and grammar).
o Using multi-factor authentication (MFA) to add an extra layer of
security.
o Employing anti-phishing tools and email filters.

Both brute force and phishing attacks highlight the importance of strong passwords
and user awareness in maintaining cyber security.

3. Describe digital signature technique using message digest. 4

Marks
Ans: Digital Signature:
1. Digital signature is a strong method of authentication in an electronic form.
2. It includes message authentication code (MAC), hash value of a message and digital
pen pad devices. It also includes cryptographically based signature protocols.
3. Digital Signature is used for authentication of the message and the sender to verify
the integrity of the message.
4. Digital Signature may be in the form of text, symbol, image or audio.
5. In today’s world of electronic transaction, digital signature plays a major role in
authentication. For example, one can fill his income tax return online using his digital
signature, which avoids the use of paper and makes the process faster.
6. Asymmetric key encryption techniques and public key infrastructure are used in
digital signature.
7. Digital signature algorithms are divided into two partsa. Signing part: It allows the
sender to create his digital signature.
b. Verification part: It is used by the receiver for verifying the signature after receiving
the message.
Generation and Verification of digital signatures:
Working:
1. Message digest is used to generate the signature. The message digest
(MD) is calculated from the plaintext or message.
2. The message digest is encrypted using users private key.
3. Then, the sender sends this encrypted message digest with the plaintext or message
to the receiver.
4. The receiver calculates the message digest from the plain text or message he
received.
5. Receiver decrypts the encrypted messagedigest using thesenders public key. If both
the MDs are not same then the plaintext or message is modified after signing.

Ad Download to read ad-free

Advantages of Digital Signatures

 Speed: Businesses no longerhave to wait for paper documents to be sent by courier.
Contracts are easily written, completed, and signed by all concerned parties in a little
amount of time no matter how far the parties are geographically.
Costs: Using postal or courier services for paperdocuments is much more expensive
compared to using digital signatures on electronic documents.
Security: The use of digital signatures and electronic documents reduces risks of
documents being intercepted, read, destroyed, or altered while in transit.
Authenticity: An electronic document signed with a digital signature can stand up
in court just as well as any other signed paper document.
Non-Repudiation: Signing an electronic document digitally identifies you as the
signatory and that cannot be later denied.
Time-Stamp: By time-stamping your digital signatures, you will clearly know when
the document was signed

4. Explain steganography technique with an example. 4

Marks
Ans: Steganography is the art and science of writing hidden message in such a way that no
one, apart from the sender and intended recipient, suspects the existence of the
message. Steganography works by replacing bits of useless or unused data in regular
computer files (such as graphics, sound, text, html or even floppy disks) with bits of
different, invisible information. This hidden information can be plain text, cipher text
or even images. In modern steganography, data is first encrypted by the usual means
and then inserted, using a special algorithm, into redundant data that is part of a
particular file format such as a JPEG image.

Steganography process:
Cover-media +Hidden data + Stego-key =Stego-medium
Cover media is the file in which we will hide the hidden data, which may also be
encrypted using stego-key. The resultant file is stego-medium. Cover-media can be
image or audio file.
Advantages:
1. With the help of steganography we can hide secret message within graphics image.
2. In modern Steganography, data is encrypted first and then inserted using special
algorithm so that no one suspects its existence.
Drawbacks:
1. It requires lot of overhead to hide a relatively few bits of information.
2. Once the system is discovered, it becomes virtually worthless.

Ad Download to read ad-free

Sr.No Attempt any THREE of the following: Marks

1. Describe : 4
(i) Piggybacking Marks
(ii) Dumpster diving

Ans: (i) Piggybacking: Piggybacking on Internet access is the practice of establishing a

wireless Internet connection by using another subscriber's wireless Internet access
service without the subscriber‟s explicit permission or knowledge.
OR
Access of wireless internet connection by bringing one's own computer within range
of another wireless connection & using that without explicit permission, it means when
an authorized person allows (intentionally or unintentionally) others to pass through a
secure door.

(ii) Dumpster diving: Dumpster diving is a formof social engineering attack where
an individual searches through physical trash or digital remnants to gather sensitive
information. The information found can be used to breach security systems, steal
identities, or commit other malicious acts.
Examples
Corporate Data Breach:
An attacker retrieves confidential business records from improperly shredded
documents found in a company’s trash.

2. Consider plain text “CERTIFICATE” and convert it into cipher text 4

using Caesar Cipher with a shift of position 4. Write stepsfor encryption. Marks

Ans: Caesar cipher technique is proposed by Julius Caesar. It is one of the simplest and
most widely known encryption techniques. It is a type of substitution technique in
which each letter in the plain text is replacedby a letter some fixed number of position
down the alphabet. The Caesar cipher involves replacing each letter of the alphabet
with the letter three places further down the alphabet.
For example, with a shift of 3, A would be replaced by D, B would became E, and so
on as shown in the table below

PLAIN TEXT – CERTIFICATE

CIPHER TEXT– FHUWLILFDWH

Ad Download to read ad-free

Algorithm to break Caesar cipher:

1. Read each alphabet in the cipher text message, and search for it in the second row
of the table above.
2. When a match in found, replace that alphabet in the cipher text message with the
corresponding alphabet in the same column but the first row of the table. (For example,
if the alphabet cipher text is J, replaceit with G).
3. Repeat the process for all alphabets in the cipher text message.

3. State the use of packet filters. Explain its operation. 4

Marks
Ans: Packet filters are a fundamental component of network security and are commonly
used in firewalls to control and monitor the flow of network traffic. Their primary uses
include:

1. Access Control: Restricting or allowing traffic based on specified rules (e.g., IP

addresses, ports, and protocols).
2. Traffic Monitoring: Analyzing and logging data packets to monitor network
activity.
3. Network Segmentation: Enforcing boundaries between different network
segments to reduce risks.
4. Mitigating Threats: Blocking unwanted or malicious traffic, such as IP spoofing
or Denial of Service (DoS) attacks.

Operation of Packet Filters

Packet filters work by inspecting packets at the network layer (Layer 3) and sometimes
at the transport layer (Layer 4) of the OSI model. They determine whether to allow or
block a packet based on a set of predefined rules.

Steps in Packet Filtering Operation

1. Inspection of Packet Headers: The packet filter examines the headers of

incoming and outgoing packets. Key fields include:
SourceIP Address: The IP address of the sender.


Destination IP Address: The intended recipient's IP address.



Protocol Type: Determines whether it is TCP, UDP, ICMP,



etc.
Port Number: Indicates the specific application or service


(e.g., HTTP uses port 80).

2. Rule Matching: Each packet is compared against a list of filtering rules
defined by the administrator. A rule might specify:
Allow traffic from a specific IP range on port 443 (HTTPS).


Block all incoming traffic except for specific ports like 22



(SSH) or 80 (HTTP).
3. Action Enforcement: Based on the match, the packet filter performs one of
two actions:
Allow (Pass): The packet is forwarded to its destination.


Ad Download to read ad-free

 Deny (Drop): The packet is discarded, and no further action

is taken.

Advantages of Packet Filters

 Fast and efficient due to simple header inspection.

 Low resource requirements compared to more advanced firewalls.

Limitations

 Cannot inspect packet payloads or higher-layer data (e.g., application

content).
 Vulnerable to IP spoofing if not configured properly.
 Lacks dynamic rule adaptation or advanced decision-making capabilities.

4. Statethe features of (i) DAC (ii) MAC. 4

Marks
Ans: i) DAC: DAC (discretionary access control) policy utilizes u identification procedures
to identify and restrict object ace restricts access to objects based on the identity of
subjects groups to which they belongs to. The owner of information resource is able
to change its permissions at his discretion Owners can transfer ownership of
information to other users Owners can determine the type of access given to other
users write etc.) Features of DAC policy are as follows: - Flexible -In DAC policy
owner of information or resource change its permission. Backup - Discretionary access
control allows organization backup security policies and data to ensure effective
access poi Usability - Discretionary access control is easy to use. Data can transfer
ownership of information to other users easily.

ii) MAC: It is used in environments where different levels of sec are classified. It is
much more restrictive. It is sensitivity restriction, formal authorization subject to
sensitivity. In MAC owner or User cannot determine whether access is granted to i.e.
Operating system rights. Security mechanism controls ace all objects and individual
cannot change that access.

Ad Download to read ad-free

Sr.No Attempt any THREE of the following: Marks

1. Convert the given plain text into cipher text using simple columnar 4
technique usingthe following data : Marks
 Plain text : NETWORK SECURITY
 Number columns : 06
 Encryption key : 632514

Ans: Simple columnar transposition technique: Algorithm:

1. The message is written out in rows of a fixed length.
2. Read out again column by column according to given order or in random order.
3. According to order write cipher text.
Example The key for the columnar transposition cipher is a keyword e.g., 632514.
The row length that is used is the same as the length of the keyword. To encrypt a
below plaintext: NETWORK SECURITY.

6 3 2 5 1 4

N E T W O R

K S E C U R

I T Y X X X

In the above example, the plaintext has been padded so that it neatly fits in a rectangle.
This is known as aregularcolumnartransposition. An irregularcolumnartransposition
leaves these characters blank, though this makes decryption slightly more difficult.
The columns are now reordered such that the letters in the key word are ordered
alphabetically.

6 3 2 5 1 4

N E T W O R

K S E C U R

I T Y X X X

The Encrypted text or Cipher text is: OUXTEYESTRRXWCXNKI

2. State theworking principle of application gateways. Describe circuit 4

gateway operation. Marks
Ans: An Application Gateway, also known as a Proxy Firewall, operates at the
Application Layer (Layer 7) of the OSI model. Its primary function is to filter traffic
based on the specific application or service that the traffic pertains to. This is

Ad Download to read ad-free

achieved by acting as an intermediary between users and services on the internet

(or between different network segments).

Working Mechanismof Application Gateways:

1. Incoming Request Handling:

When a client makes a request to a specific service (e.g., accessing a website
via HTTP), the request first goes through the application gateway.
2. Request Verification:
The gateway inspects the request to ensure that it adheres to security rules
for the given application. It can check the content of the request, such as
headers or commands, to confirm that it’s legitimate and allowed.
3. Forwarding theRequest:
If the request is valid, the application gateway forwards it to the intended
service (e.g., the web server hosting the requested website).
4. Response Handling:
Once the requested service responds (e.g., the web server sends data back),
the gateway inspects the response before forwarding it to the client, ensuring
it complies with the allowed application protocols and security policies.
5. Isolation of Internal Network:
By acting as an intermediary, the application gateway isolates the internal
network from the external network, preventing direct access to the internal
resources.

Circuit Gateway Operation: A Circuit Gateway operates at the Transport Layer

(Layer 4) of the OSI model and acts as a relay for establishing a communication
session between two hosts, ensuring that data can flow between themwithout directly
exposing their internal addresses.

Working Mechanismof Circuit Gateways:

1. Session Initiation:
When a client wants to establish a connection to a remote service, the circuit
gateway first intercepts and verifies the connection request.
2. Relaying Data Packets:
After the session is established, the circuit gateway creates a communication
path and begins relaying data packets between the client and the service.
However, unlike an application gateway, the circuit gateway does not inspect
the application-level content of the data. It primarily works at the transport
layer, checking for valid transport-layer protocols (like TCP or UDP).
3. Session Termination:
When the session ends (e.g., the user finishes their interaction with the
service), the circuit gateway terminates the communication path, ensuring
the session is properly closed.

Both application gateways and circuit gateways play vital roles in network security,
but they do so at different layers of the OSI model andwith varying degrees of control
over the data. Application gateways offer more granular control at the expense of
performance, while circuit gateways provide faster, transparent session management
with limited inspection.

Ad Download to read ad-free

3. Describe DMZ with an example. 4

Marks
Ans: DMZ (Demilitarized Zone):- It is a computer host or small network inserted as a
“neutral zone” in a company’s private network and the outside public network. It
avoids outside users from getting direct access to a company’s data server. A DMZ is
an optional but more secure approach to a firewall. It can effectively acts as a proxy
server. The typical DMZ configuration has a separate computer or host in network
which receives requests from users within the private network to access a web sites or
public network. Then DMZ host initiates sessions for such requests on the public
network but it is not able to initiate a session back into theprivate network. It can only
forward packets which have been requested by a host.

Advantages:
The main benefit of a DMZ is to provide an internal network with an additional
security layer by restricting access to sensitive data and servers. A DMZ enables
website visitors to obtain certain services while providing a buffer between them
and the organization's private network.

Examples:

1) Web servers: It’s possible for web servers communicating with internal database
servers to be deployed in a DMZ. This makes internal databases more secure, as these
are the repositories responsible for storing sensitive information. Web servers can
connect with theinternal databaseserver directly or through application firewalls, even
though the DMZ continues to provide protection.
2) DNS servers: A DNS server stores a database of public IP addresses and their
associated hostnames. It usually resolves or converts those names to IP addresses when
applicable. DNS servers use specialized software and communicate with one another
using dedicated protocols. Placing a DNS server within the DMZ prevents external
DNS requests from gaining access to the internal network. Installing a second DNS
server on the internal network can also serve as additional security.
3) Proxy servers: A proxy server is often paired with a firewall. Other computers use
it to view Web pages. When another computer requests a Web page, the proxy server
retrieves it and delivers it to the appropriate requesting machine. Proxy servers
establish connections on behalf of clients, shielding them from direct communication
with a server. They also isolate internal networks from external networks and save
bandwidth by caching web content

Ad Download to read ad-free

4. State theuseof Digital Certificates. Describe the steps for digital 4

certificate creation. Marks

Ans: A Digital Certificate is a cryptographic tool used to verify the identity of an entity
and facilitate secure communication in a network. It acts as a trusted "electronic
passport" that confirms the identity of an organization, individual, or device.

Primary Uses of Digital Certificates:

1. Authentication:
o Digital certificates help verify the identity of users, websites, or
devices, ensuring that communication is happening with the correct
entity.
2. Data Encryption:
o Digital certificates, especially in Public Key Infrastructure (PKI)
systems, are used for encrypting data, ensuring that it remains
confidential during transmission.
3. Digital Signatures:
o They are used for signing digital documents or messages, providing
proof of origin, integrity, and non-repudiation.
4. Secure Communication:
o Digital certificates enable secure protocols like SSL/TLS for
encrypting web traffic (e.g., HTTPS), ensuring the confidentiality and
integrity of communication over the internet.
5. Non-Repudiation:
o They ensure that the sender cannot deny the authenticity of the
message, as the certificate is linked to their identity.

Steps for Digital CertificateCreation

The process of creating a digital certificate involves several steps, mainly revolving
around public key cryptography. Here’s an overview of the general process for
creating a Digital Certificate:
Step 1: Generate a Key Pair

 Private Key: The entity that needs the certificate (e.g., a website or user)
generates a private key. This key is kept secret and is used for decryption or
digital signing.
 Public Key: The corresponding public key is generated, which can be shared
openly. The public key is used for encrypting messages that only the private
key can decrypt, or for verifying a digital signature.

Step 2: Create a Certificate Signing Request (CSR)

 The entity creates aCSR, which is a request to the Certificate Authority (CA)
to issue a digital certificate. The CSR includes:
o The public key generated in Step 1.
o Distinguished Name (DN) information, including:
 Common Name (e.g., domain name for SSL certificates)
 Organization Name
 Organizational Unit (e.g., department)

Ad Download to read ad-free

 Country
 Locality and State
o The signature of the entity’s private key, ensuring that the request is
authentic.

Step 3: Submit the CSR to a Certificate Authority (CA)

 The entity submits the CSR to a Certificate Authority (CA), a trusted

organization responsible for verifying the entity's identity and issuing
certificates.
 The CA may perform various checks, including verifying the domain
ownership (for SSL certificates) or checking the identity of the individual or
organization requesting the certificate.

Step 4: Certificate Authority Verifies the Identity

 The CA verifies the identity of the requester, often through a combination of

automated and manual methods. This could involve validating domain
ownership (in the case of SSL certificates) or reviewing business documents
for an organization.

Step 5: CA Issues the Digital Certificate

 Once the identity is verified, the CA generates the digital certificate. The
certificate contains:
o The public key from the CSR.
o The Distinguished Name (DN) of the certificate holder.
o The Certificate Authority’s digital si gnature.
o The Validity Period, specifying the start and expiration dates.
o The Serial Number and other relevant metadata.
 The CA signs the certificate with its private key, providing a way to verify the
authenticity of the certificate.

Step 6: Install the Digital Certificate

 The digital certificate is sent back to the requester, who can now install it on
their server or device.
 The private key remains securely stored by the entity, while the public key
is embedded in the certificate.

Step 7: Public Key Infrastructure (PKI) Trust Chain

 When the digital certificate is installed, it is used to establish secure

communication (e.g., through HTTPS). The certificate is verified by clients
(browsers or other systems) using the CA’s public key, which is typically pre-
installed in the client's trust store.
 If the certificate is issued by a trusted CA, it establishes a trust chain,
ensuring that the public key and identity are valid.

Ad Download to read ad-free

5. Considering DES, find the output of the initial permutation box when the 4
input is given in hexadecimal as, 0×0000 0080 00000002 Marks
Ans:
This is a 64-bit value. First, we need to convert the input into binary format.

Step 1: Convert Hexadecimal Input to Binary

Hexadecimal 0x0000008000000002 is a 64-bit value. Converting it into binary:

0x00000080 00000002 =0000 0000 0000 0000 0000 0000 1000 0000 0000 0000 0000
0000 0000 0000 0000 0010

In binary:

0000000000000000000000001000000000000000000000000000000000000010

This is a 64-bit binary string:

0000 0000 0000 0000 0000 0000 1000 0000 0000 0000 0000 0000 0000 0000 0000
0010

Step 2: Apply the Initial Permutation (IP)

The Initial Permutation (IP) in DES is a fixed permutation that rearranges the bits in a
specific order. The permutation order is specified by the IP table in the DES
specification.

The IP tableis as follows:

Copy code
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7

This table indicates the positions where each bit in the 64-bit input should be placed
during the permutation.

Step 3: Apply the IP Table

To apply the initial permutation, each bit from the original 64-bit input is placed into
the new 64-bit output based on the positions defined in the IP table.

For clarity, let's label the binary input we obtained earlier:

0000000000000000000000001000000000000000000000000000000000000010

Ad Download to read ad-free

Now, we apply the permutation rule based on the IP table. For instance:

 The first bit in the output comes from the 58th position in the input,
 The second bit comes from the 50th position, and so on.

The result after applying the IP permutation to the binary input is:

Step 4: Output after IP

After applying the IP, the output will be a rearranged 64-bit value. This output will
need to be converted back into hexadecimal.

Output in Binary (after IP)

Let's performthe bit-wise permutation. The resulting output afterapplying the IP table
will be:

1000 0010 0000 0010 0000 0000 0000 0000 0000 0010 0000 0000 0000 0000 0000
0000

Step 5: Convert to Hexadecimal

Now, we convert this output back into hexadecimal:

1000 0010 0000 0010 0000 0000 0000 0000 0000 0010 0000 0000 0000 0000 0000
0000
=0x8002000000000000

Final Output:

The output of the Initial Permutation (IP) for the input 0x0000008000000002 is:

0x8002000000000000

This is the resulting value after applying the DES Initial Permutation (IP) to the
provided 64-bit input.

Sr.No Attempt any TWO of the following: Marks

1. Statethe criteria for information classification. Explain information 6

classification. Marks
Ans:
1. Sensitivity: Sensitivity refers to the level of potential harm or damage that could
result from unauthorized disclosure, alteration, or destruction of information.

2. Confidentiality: Confidentiality measures the extent to which information should

be kept secret and protected from unauthorized access.

Ad Download to read ad-free

3. Criticality to Operations: Criticality relates to the importance of information for

the organization's core business functions and operations.

4. Legal and Regulatory Requirements: Legal and regulatory requirements may

mandate specific levels of protection for certain types of information.

5. Value to Competitors: Information that could provide a competitive advantage to

other organizations if disclosed or misused.

6. Risk of Financial Loss: Evaluate the financial consequences that may result from
the compromise of specific information.

7. Personal Identifiable Information (PII): Definition: PII refers to information that

can be used to identify individuals, requiring special protection due to privacy
concerns.

8. Data Ownership: Definition: Consideration of the ownership of the information

within the organization.

2. State thefeaturesof the following IDS : 6

(i) Network based IDS Marks
(ii) Host based IDS
(iii) Honey pots

(i) Network based IDS: Examines activity on the network itself It has visibility only
Ans:
into the traffic crossing the network link it is monitoring and typically has no idea of
what is happening on individual systems. NIDSs look for certain activities that typify
hostile actions or misuse, such as the following:
 Denial-of-service attacks
 Port scans or sweeps
 Malicious content in the data payload of a packet or packets
 Vulnerability scanning
 Trojans, viruses, or worms
 Tunneling
 Brute-force attacks

It is host independent, It has high false positive rate, t senses network attack It slow
down the network that have IDS client installed.

Ad Download to read ad-free

(ii) Host based IDS: Examines activity on an individual system, such as a mail server,
web server, or individual PC. It is concerned only with an individual system and
usually has no visibility into the activity on the network
or systems around it HIDS is looking for certain activities that typify hostile
actions or misuse, such as the following:
 Logins at odd hours
 Login authentication failures
 Additions of new user accounts
 Modification or access of critical system files

It is host dependent, It has low false positive rate, It senses local attack. It slow down
the host that have IDS client installed.
iii) Honey Pots
A relatively recent innovation in intrusion detection technology is the honey pot.
Honey pots are decoy systems that are designed to lure a potential attacker away from
critical systems. Honey pots are designed to:
 divert an attacker from accessing critical systems
 collect information about the attacker's activity
It encourages the attacker to stay on the system long enough for administrators to
respond. These systems are filled with fabricated information designed to appear
valuable but that a legitimate user of the system wouldn’t access. Thus, any access to
the honey pot is suspect

Ad Download to read ad-free

3. Explain step-by-step procedure of Kerberos with diagrams. 6

Marks
Ans: Kerberos: Kerberos is a network authentication protocol. It is designed to provide
strong authentication for client/server applications by using secret-key cryptography.
It uses secret key cryptography. It is a solution to network security problems. It
provides tools for authentication and strong cryptography over thenetwork to help you
secure your information system There are 4 parties involved in Kerberos protocol
i) User
ii) Authentication service (AS)
iii) Ticket granting server (TGS)
iv) Service server

Working of Kerberos:
1. The authentication service, or AS, receivers the request by the client and verifies
that the client is indeed the computer it claims to be. This is usually just a simple
database lookup of the users ID.

2. Upon verification, a timestamp is created. This puts the current time in a user
session, along with an expiration date. The default expiration date of a timestamp is 8
hours. The encryption key is then created. The timestamp ensures that when 8 hours
is up, the encryption key is useless.
3. The key is sent back to the client in the form of a ticket-granting ticket, or TGT.
This is a simple ticket that is issued by the authentication service. It is used for
authentication the client for future reference.

4. The client submits the ticket-granting ticket to the ticket-granting server, or TGS, to
get authenticated.

Ad Download to read ad-free

5. The TGS creates an encrypted key with a timestamp, and grants the client a service
ticket.

6. The client decrypts the ticket, tells the TGS it has done so, and then sends its own
encrypted key to the service.

7. The service decrypts the key, and makes sure the timestamp is still valid. If it is, the
service contacts the key distribution center to receive a session that is returned to the
client.

8. The client decrypts the ticket. If the keys are still valid, communication is initiated
between client and server.

Ad Download to read ad-free

Sr.No Attempt any TWO of the following : Marks

1. Explain thefollowing attacks using an example : 6

Ans: (i) Sniffing (ii) Spoofing(iii) Phishing Marks

(i) Sniffing : Sniffing is a type of network attack where an attacker intercepts and
monitors data transmitted over a network. The attacker uses a packet sniffer or
network analyzer tool to capture network traffic, including sensitive information like
passwords, emails, and personal messages. This attack is particularly effective on
unsecured networks, such as public Wi-Fi, where data is transmitted in clear text and
is not encrypted.
Example: Imagine you're using a public Wi-Fi network at a coffee shop, and you log
into your online bank account. While you're browsing, an attacker sitting nearby uses
a sniffer tool like Wireshark to capture the data packets transmitted over the network.
Because the data is not encrypted, the attacker can see your login credentials, including
your username and password. The attacker may then use this information to access
your bank account.

(ii) Spoofing: Spoofing is an attack where an attacker impersonates another device,

user, or system to gain unauthorized access or perform malicious actions. There are
several types of spoofing, such as IP spoofing, email spoofing, and DNS spoofing.

Example (IP Spoofing): In IP spoofing, the attacker sends IP packets from a forged
source address to appear as though the packets are coming from a trusted source. For
example, an attacker may send a packet that appears to be from the IP address of a
legitimate server, such as a bank’s website, tricking the victim into trusting it. Imagine
an attacker sends a malicious packet that appears to be from a legitimate banking
website. The victim might trust this packet, thinking it's from the bank, and respond
with sensitive information (such as login credentials). In reality, the attacker has forged
the source IP address to impersonate the trusted bank.

(iii) Phishing: Phishing is a type of social engineering attack where an attacker

impersonates a legitimate organization or individual, usually via email, to trick the
victim into disclosing sensitive information such as passwords, credit card numbers,
or personal details.

Example: An attacker sends an email that looks like it’s from a reputable company,
such as a bank or an online store. The email contains a message warning the recipient
about suspicious activity in their account and asks them to click a link to verify their
account details. The link leads to a fake website that looks identical to the real site.
Once the victim enters their personal information (such as username and password),
the attacker captures this data and can use it to steal money or perform identity theft.

Ad Download to read ad-free

2. Describe ITIL framework with different stagesof life cycle. 6

Ans: Marks
The ITIL (Information Technology Infrastructure Library) framework is a set of
best practices for delivering IT services. It provides a systematic approach to IT service
management (ITSM) to ensure that IT services are aligned with business needs and
delivered effectively and efficiently. ITIL is widely adopted across organizations to
improve service delivery, reduce costs, enhance customer satisfaction, and manage
risks in IT service operations.

ITIL Service Lifecycle:

The ITIL framework organizes service management into five stages in the service
lifecycle. Each stage focuses on specific aspects of service management and has its
own set of processes and best practices.

1. Service Strategy

Purpose:
Defines the approach to create and deliver IT services that align with the organization's
objectives and customer needs.

Key Objectives:

 Understand customer needs and the value IT services provide.

 Define service portfolios and prioritize services based on business outcomes.
 Manage demand, risk, and costs associated with IT services.

Processes:

 Service Portfolio Management

 Financial Management for IT Services
 Demand Management
 Business Relationship Management

2. Service Design

Purpose:
Focuses on designing IT services and processes to meet the objectives defined in the
Service Strategy stage.

Key Objectives:

 Design new or modified services to meet business requirements.

 Ensure services are efficient, scalable, and resilient.
 Document and manage service level agreements (SLAs).

Ad Download to read ad-free

Processes:

 Service Catalog Management

 Service Level Management
 Capacity Management
 Availability Management
 IT Service Continuity Management
 Information Security Management
 Supplier Management

3. Service Transition

Purpose:
Facilitates the transition of new or changed services into the operational environment,
ensuring minimal disruption to business operations.

Key Objectives:

 Plan and manage service changes efficiently.

 Test and validate services to meet design specifications.
 Ensure stakeholders are informed and prepared for service deployment.

Processes:

 Change Management
 Release and Deployment Management
 Service Validation and Testing
 Configuration Management
 Knowledge Management

4. Service Operation

Purpose:
Focuses on managing and delivering IT services to ensure they meet agreed service
levels and deliver value to the business.

Key Objectives:

 Maintain stability and availability of IT services.

 Resolve incidents and service requests promptly.
 Ensure user satisfaction and operational excellence.

Processes:

 Incident Management
 Problem Management
 Event Management
 Request Fulfillment

Ad Download to read ad-free

 Access Management

5. Continual Service Improvement (CSI)

Purpose:
Continuously improve the effectiveness and efficiency of IT services and processes.

Key Objectives:

 Identify opportunities for improvement in services, processes, and

infrastructure.
 Measure and analyze performance metrics against SLAs and business goals.
 Implement changes to enhance value delivery.

Processes:

 Service Measurement and Reporting

 Service Review and Assessment
 Improvement Initiatives

Benefits of ITIL Framework

1. Enhanced Customer Satisfaction:

ITIL ensures services meet customer needs, improving satisfaction and trust.
2. Improved Service Quality:
Standardized processes result in reliable and consistent service delivery.
3. Cost Optimization:
Efficient use of resources reduces unnecessary expenditures and improves
ROI.
4. Risk Management:
Proactive risk identification and mitigation ensure business continuity.
5. Alignment with Business Goals:
IT services are closely aligned with organizational objectives.

The ITIL framework provides a structured approach to IT service management, with

its lifecycle stages ensuring end-to-end service excellence. Each stage plays a vital role
in delivering value, from strategy and design to operation and continual improvement,
making ITIL a cornerstone for modern IT organizations.

Ad Download to read ad-free

3. State and explain 3 typesof firewall configurations with a neat diagram. 6

Marks
Ans: A firewall is combination of packet filter and application level getway , Base on these
there arethree types of configurations

1. Screened Host firewall, Single-Homed Bastion

a) Here , the firewall configuration consist of two parts a packet filter router and
application level gateway
b) A packet filter router will insure that the income traffic will allowded only if it is
intended for the application gatway, by examining the dstination address field of each
incomming IP Packet
c) It will also insure that outgoing traffic is allowded only if it is originated from
appliocation level gateway, by examining the source address field of every outgoing
IP packet.
d) An application level gateway perfors authentication as well as proxy function

Advantages:
It improve security of network by performing checks at both levels- thet is packet and
application level. It provide flexibility fexibility to the network administrator to define
more secure policies.
Disadvantages: Internal users are connected to the application gateway as well as
packet filter router, So if any how packet filter is attacked, then the whole internal
network is exposed to the attacker.

1. Screened Host Firewall, Dule Homed Bastion: In this type of Configuration the
direct connection between internal host and packet filter are avoided. Here the packet
filter connection only to the application gateway, which is turned as separate
connection with the internal host. Hence, Packet filter is successfully attacked, and
then only application gateway is visible to the attacker.

Ad Download to read ad-free

3 Screened Subnet Firewall This type of configuration offer highest security among
the possible configurations In this type two packet filters are used , one between
internet and application gateway and other in between application gateway and
internal network This configuration achieve 3 level of security of an attacker to break
into

Share this document

You might also like

PDF 57% (7)
Diploma 6th Sem Model
Answer Paper

26 pages

PDF 100% (1)

Digital CTC Business
Certificate (2) Diezie PDF

2 pages

PDF No ratings yet

Cryptography Full Report

9 pages

PDF No ratings yet

Form GST REG-06:
Government of India

3 pages

PDF No ratings yet

NIS Winter

19 pages

PDF No ratings yet

Information Security ppr1

5 pages

PDF No ratings yet

Report (Sample)

3 pages

PDF No ratings yet

Nis S23 Model answer

26 pages

PDF No ratings yet

MCS-215 - solution

14 pages

PDF No ratings yet

NS Unit 1 Part a(1)

4 pages

PDF No ratings yet

Info, Assu Attempt1

13 pages

PDF No ratings yet

Cns Unit1

99 pages

Show more

About Support
About Scribd, Inc. Help / FAQ

Everand: Ebooks & Accessibility

WeAudiobooks
and our 10 IAB TCF partners store and
Purchase help
access information on your device for the
SlideShare
AdChoices
following purposes: store and/or access
Join our team!
information on a device, advertising and
content measurement, audience research, and
Contact us Social
services development, personalised
Instagram
advertising, and personalised content.
Legal data may be processed to do the
Personal
following: use precise geolocation data and
Facebook
Terms
actively scan device characteristics for
Pinterest
identification.
Privacy Our third party IAB TCF partners
may store and access information on your
Copyright
device such as IP address and device
characteristics. Our IAB TCF Partners may
Cookie Preferences
process this personal data on the basis of
Do not sell
legitimate or share
interest, or with your consent. You
mychange
may personal
or withdraw your preferences at
information
any time by clicking on the cookie icon or link;
however, as a consequence, you may not see
relevant
Get ourads free
or personalized
apps content.
Our website may use these cookies to:
Measure the audience of the
advertising on our website, without
profiling
Display personalized ads based on your
navigation and your profile
Documents
Personalize our editorial content based
on your navigation
Language: English
Allow you to share content on social
Copyright © 2025 Scribd Inc.
networks or platforms present on our
website
Send you advertising based on your
location

Privacy Policy
Third Parties

Customize Your Choices

Accept All

Continue Without
Accepting