Sunday, 23 June 2019

CNS ---Assignments

Chapter 1 .Assignment 1- CO1

1. Define Threats
2. Define virus and worms.
3. Define intruders.Also explain different three types of intruders.
4. Define DOS
5.Explain backdoors and trapdoors.
6. Explain sniffing and spoofing.
7. Define logic bombs and trojan horse.
8. Define active attack.Explain various active attacks.
9. Define passive attack.Explain various passive attacks.
10. Difference between DOS and DDOS attack.
11. Write a short note on security basics.
12. List out different security threats.
13. Explain avenues of attack and steps involved in an attack.

Chapter 2.Assignment 2-CO2
  1. Describe password and Explain characteristic of good password.
  2. Explain Piggybacking.
  3. Explain Dumpster Diving.
  4. Explain Shoulder surfing. 
  5. Explain Password protection strategies.
  6. Define: Biometrics.
  7. Define: Key Escrow.
  8. Write a short note on password selection strategy.
  9. Explain unauthorized software and hardware effects on computer network.
  10. List various methods of biometrics access. Explain any two in brief.
                  Chapter 3.Assignment 3-CO3
  1. Draw and explain symmetric cipher model.
  2. Draw and explain asymmetric cipher model.
  3. Define the following terms:
    1. Encryption
    2. Decryption
    3. Plain Text
    4. Cipher Text
    5. encipher
    6. decipher
    7. cryptography
    8. cryptanalyst
    9. cryptanalysis
    10. cryptology
    11. Block cipher
    12. Stream cipher
    13. Symmetric key
    14. Asymmetric key
    15. Transposition cipher
    16. Substitution cipher
  4. Write steps and explain caesar cipher algorithm with example(Show encryption and decryption).
  5. Write steps and explain shift cipher algorithm with example.(Show encryption and decryption)
  6. Write steps and explain playfair cipher algorithm with example.(Show encryption and decryption)
  7. Write steps and explain hill cipher algorithm with example.
  8. Write steps and explain vernam cipher algorithm with example.(Show encryption and decryption)
  9. Write steps and explain vigenere cipher algorithm with example.(Show encryption and decryption)
  10. Write steps and explain railfence cipher algorithm with example.
  11. Write a short note on steganography.
Chapter 3.Assignment 4- CO4

  1. Define hashing function.
  2. Write down application of hash function.
  3. What is digital signature?
  4. Explain key escrow.
  5. What is public key infrastructure?Give full form of PKI.
  6. Give steps for obtaining digital signature.
  7. Explain centralized and decentralized infrastructure.
  8. List out different trust models.Explain any two trust models.


Chapter 4.Assignment 5- CO5

  1. Define Firewall.Write down any two characteristic of firewall.
  2. Write down different types of firewall and explain anyone in brief.
  3. Write a short note on kerberose.
  4. Write a short note on DMZ.
  5. Write a short note on VLAN.
  6. Write a short note on tunnelling.
  7. Write a short note on IP security.
  8. Write a short note on E-Mail security.
Chapter 5.Assignment 6- CO6

  1. Define intrusion detection system and list out any two advantages of it.
  2. Explain logical components of IDS.
  3. Write a short note on host based intrusion detection system.
  4. Write a short note on network based intrusion detection system.
  5. Explain web security threats.
  6. Write a short note on SSL.
  7. Explain Transport Layer Security.
  8. Write a short note on basic concept of secure electronic transaction.


Various computer and network threats

  • Threat - An action or potential action with an aim to cause damage.
  • Vulnerability - A condition of weakness. If there were no vulnerabilities, there would be no concern for threat activity.

  • Phishing attack

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, tricks a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.An attack can have dangerous results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft.Attacker sets up fake web sites,which look like real web sites.The attacker can clone banking website and tricks user to enter his user-id and password.Now the attacker can use this information in real website.

  • Trapdoor and Backdoor

A backdoor also known as trapdoor is a technique in which a system security mechanism is bypassed undetectable to access a computer or its data. The backdoor access method is sometimes written by the programmer who develops a program.A network administrator (NA) may intentionally create or install a backdoor program for troubleshooting or other official use. Hackers use backdoors to install malicious software (malware) files or programs, modify code or detect files and gain system and/or data access. 

  • Man in the middle attack
Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems.
A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.Man-in-the-middle attacks allow attackers to intercept, send and receive data never meant to be for them without either outside party knowing until it is too late.

  • TCP/IPHacking:
TCP/IP is the communication protocol for communication between computers on the Internet. TCP/IP stands for Transmission Control Protocol / Internet Protocol. TCP/IP defines how electronic devices (like computers) should be connected to the Internet, and how data should be transmitted between them.
TCP/IP Hijacking is when an authorized user gains access to a genuine network connection of another user. It is done in order to bypass the password authentication which is normally the start of a session.
In theory, a TCP/IP connection is established as shown below −
TCP/IP
To hijack this connection, there are two possibilities −
  • 1. Find the seq which is a number that increases by 1, but there is no chance to predict it.
  • 2. The second possibility is to use the Man-in-the-Middle attack.
  • sniffing
Packet sniffing is a passive attack on an ongoing conversation. An attacker need not hijack a conversation,but instead can simply observe(sniff) packets as they passby .In order to prevent an attacker from sniffing packets,the information that is passing needs to be protected in some ways.This can be done at two levels (i) The data that is traveling can be encoded in some ways or (ii)The transmission link itself can be encoded. To read a packet the attacker somehow needs to access it first via a computer through which traffic passes by. 

  • spoofing
In this attack ,an attacker sends packets with incorrect source address.When this happens the receiver unknowingly would send packets back to this forged (spoofed)address.This can lead to three possiblities:
(i) The attacker can intercept the reply:If the attacker is between the destination and the forged source,the attacker can see the reply and use that information for hijacking attacks.
(ii)The attacker need not see the reply: If the attacker's intention was a denial of service(DOS) attack,the attacker need not bother about the reply.
(iii)The attacker does not want the reply: The attacker may put host's address as the forged source address and send the packet to the destination.The attacker does not want a reply from the destination,as it wants the host with the forged address to recieve it and get confused.

  • DOS and DDOS Attacks

Denial of service (DOS) and distributed denial of service (DDOS) attacks are tools used by hackers to disrupt online services. The implications of these attacks can be wild – sometimes costing bigger companies millions of dollars.

DOS Attacks

A DOS attack is an attempt to overload an online service (website) with traffic. The goal is to disrupt the website or network in order to stop legitimate users from accessing the service.The DOS attack is usually launched from a single machine, as opposed to a DDOS attack which is launched from multiple machines.Here’s a good example.Picture a shopping center where a recent incident has animal activists up in arms. These animal activists (illegitimate traffic) crowd the entrance to block shoppers (legitimate traffic) from entering the premises.The shoppers can’t get to the stores and the stores lose money.This is pretty much what a DOS attack is like, metaphorically speaking.

DDOS Attacks

DDOS attacks are normally worse than DOS attacks. They are launched from multiple computers. The machines involved could number hundreds of thousands or more.These machines aren’t all owned by the attacker, naturally. These machines are usually added to the hacker’s network by means of malware. This group of machines is also known as a botnet.A DDOS attack is particularly frustrating to defend against, because it’s very difficult to tell legitimate traffic from attacker traffic.

  • SQL Injection
SQL Injection (SQLi) is a type of an injection attack that makes it possible to execute malicious SQL statements. These statements control a database server behind a web application. Attackers can use SQL Injection vulnerabilities to bypass application security measures. They can go around authentication and authorization of a web page or web application and retrieve the content of the entire SQL database. They can also use SQL Injection to add, modify, and delete records in the database.An SQL Injection vulnerability may affect any website or web application that uses an SQL database such as MySQL, Oracle, SQL Server, or others. Criminals may use it to gain unauthorized access to your sensitive data: customer information, personal data, trade secrets, intellectual property, and more.

  • Attackers can use SQL Injections to find the credentials of other users in the database. They can then impersonate these users. The impersonated user may be a database administrator with all database privileges.
  • SQL lets you select and output data from the database. An SQL Injection vulnerability could allow the attacker to gain complete access to all data in a database server.
  • SQL also lets you alter data in a database and add new data. For example, in a financial application, an attacker could use SQL Injection to alter balances, void transactions, or transfer money to their account.
  • You can use SQL to delete records from a database, even drop tables. Even if the administrator makes database backups, deletion of data could affect application availability until the database is restored. Also, backups may not cover the most recent data.
  • In some database servers, you can access the operating system using the database server. This may be intentional or accidental. In such case, an attacker could use an SQL Injection as the initial vector and then attack the internal network behind a firewall.

  • Logic Bombs
A logic bomb, sometimes referred to as slag code, is a string of malicious code used to cause harm to a network when the programmed conditions are met. The term comes from the idea that a logic bomb “explodes” when it is triggered by a specific event. Events could include a certain date or time, a particular record being deleted from a system or the launching of an infected software application.
Common malicious actions that logic bombs are able to commit include data corruption, file deletion or hard drive clearing.Logic bombs are secretly inserted into a computer network through the use of malicious code. The code can be inserted into the computer’s existing software or into other forms of malware such as viruses, worms or Trojan horses. It then lies dormant, and typically undetectable, until the trigger occurs.

Friday, 21 June 2019

Computer and Network Security [HandWritten Notes]










Computer Network and Security

Active and passive Attacks

  • Passive Attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are release of message contents and traffic analysis.

  • Release of message contents

The release of message contents is easily understood (Figure 1.3). A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions.


Fig 1.3

  • Traffic analysis

A second type of passive attack is traffic analysis,  Suppose that we had a way of masking the contents of messages or other information traffic so that opponents, even if they captured the message, could not extract the information from the message. The common technique for masking contents is encryption. If we had encryption protection in place, an opponent might still be able to observe the pattern of these messages. The opponent could determine the location and identity of communicating hosts and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place.Passive attacks are very difficult to detect because they do not involve any change of the data. 

  • Active Attacks

Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service.
  • Masquerade:
A masquerade takes place when one entity pretends to be a different entity. 

  • Replay:
It involves the passive capture of a data unit and than   re-transmit it to produce an unauthorized effect.

  •  Modification of message:

Modification of messages simply means that some portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an unauthorized effect .
  • Denial of service:
The denial of service prevents  the normal use or management of communications facilities 
. This attack may have a specific target; for example, an entity may suppress all messages 
directed to a particular destination . Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance.