1.What are Firewalls? Explain the Types of Firewalls. 2.Explain Secure Electronic Transaction. 3.Explain Intrusion Detection systems.

● Network Firewalls are the devices that are used to prevent private ● Secure Electronic Transaction or SET is a system that ensures the ● Intrusion Detection Systems (IDS) are security mechanisms designed to
networks from unauthorized access. security and integrity of electronic transactions done using credit cards monitor network or system activities for signs of malicious or
● A Firewall is a security solution for the computers or devices that are in a scenario. unauthorized activities.
connected to a network, they can be either in form of hardware as well ● SET is not some system that enables payment but it is a security ● The primary goal of an Intrusion Detection System is to detect, log, and
as in form of software. protocol applied to those payments. It uses different encryption and respond to security-related events in real-time.
● It monitors and controls the incoming and outgoing traffic (the amount hashing techniques to secure payments over the internet done through ● IDS plays a crucial role in enhancing the overall security posture of a
of data moving across a computer network at any given time ). credit cards. network or system by providing early detection and response to
● The major purpose of the network firewall is to protect an inner ● The SET protocol was supported in development by major organizations potential security threats.
network by separating it from the outer network. like Visa, Mastercard, and Microsoft which provided its Secure ● There are two main types of IDS: Network-based IDS (NIDS) and Host-
● Inner Network can be simply called a network created inside an Transaction Technology (STT), and Netscape which provided the based IDS (HIDS).
organization and a network that is not in the range of inner network can technology of Secure Socket Layer (SSL). How does an IDS work?
be considered as Outer Network. ● SET protocol restricts the revealing of credit card details to merchants ● An IDS (Intrusion Detection System) monitors the traffic on a computer
Types of Network Firewall : thus keeping hackers and thieves at bay. network to detect any suspicious activity.
1.Packet Filters – ● The SET protocol includes Certification Authorities for making use of ● It analyzes the data flowing through the network to look for patterns
● It is a technique used to control network access by monitoring outgoing standard Digital Certificates like X.509 Certificate. and signs of abnormal behavior.
and incoming packets and allowing them to pass or halt based on the Before discussing SET further, let’s see a general scenario of electronic ● The IDS compares the network activity to a set of predefined rules and
source and destination Internet Protocol (IP) addresses, protocols, and transactions, which includes client, payment gateway, client financial patterns to identify any activity that might indicate an attack or
ports. ● This firewall is also known as a static firewall. institution, merchant, and merchant financial institution. intrusion.
2. Stateful Inspection Firewalls – ● If the IDS detects something that matches one of these rules or
● It is also a type of packet filtering which is used to control how data patterns, it sends an alert to the system administrator.
packets move through a firewall. It is also called dynamic packet ● The system administrator can then investigate the alert and take action
filtering. to prevent any damage or further intrusion.
● These firewalls can inspect that if the packet belongs to a particular Network-Based IDS (NIDS):
session or not. It only permits communication if and only if, the session ● Functionality:
is perfectly established between two endpoints, otherwise it will block 1. Monitors network traffic in real-time.
the communication. 2. Analyzes packets and network flows to identify patterns indicative of
3. Application Layer Firewalls – suspicious or malicious activity.
● These firewalls can examine application layer (of OSI model) ● Deployment:
information like an HTTP request. Requirements in SET: The SET protocol has some requirements to 1. Positioned at strategic points within the network infrastructure, such as
meet, some of the important requirements are: at network gateways or on specific network segments.

4.Explain SSL in detail. 5.Explain Firewall Design Principles Explain the Principles of Firewall 6.Explain the importance of web security.
→Secure Socket Layer (SSL) provides security to the data that is Design. Web security is of paramount importance in the modern digital
transferred between web browser and server. 1. Developing Security Policy: landscape due to the increasing reliance on the internet for various
SSL encrypts the link between a web server and a browser which ● Security policy is a very essential part of firewall design. Security policy activities.
ensures that all data passed between them remains private and free is designed according to the requirement of the company or client to The importance of web security can be understood from several
from attack. know which kind of traffic is allowed to pass perspectives:
Secure Socket Layer Protocols: ● . Without a proper security policy, it is impossible to restrict or allow a 1. Protection of Sensitive Information:
● SSL record protocol specific user or worker in a company network or anywhere else. ● Many websites and web applications handle sensitive user information,
● Handshake protocol ● A properly developed security policy also knows what to do in case of a such as personal details, financial data, and login credentials.
● Change-cipher spec protocol security breach. Without it, there is an increase in risk as there will not ● Web security ensures that this information is protected from
● Alert protocol SSL Protocol Stack: be a proper implementation of security solutions. unauthorized access and misuse.
2. Simple Solution Design: 2. Prevention of Data Breaches:
● If the design of the solution is complex. then it will be difficult to ● Data breaches can have severe consequences, including financial losses,
implement it. If the solution is easy. then it will be easier to implement reputational damage, and legal ramifications.
it. ● Web security measures, such as encryption and secure coding
● A simple design is easier to maintain. we can make upgrades in the practices, help prevent unauthorized access to databases and sensitive
simple design according to the new possible threats leaving it with an information.
efficient but more simple structure. 3. User Trust and Confidence:
● The problem that comes with complex designs is a configuration error ● Users expect websites to be secure when providing personal
that opens a path for external attacks. information or conducting online transactions.
SSL Record Protocol: 3. Choosing the Right Device: ● A secure website builds trust and confidence among users, fostering
SSL Record provides two services to SSL connection. ● Every network security device has its purpose and its way of positive relationships between businesses and their customers.
a. Confidentiality implementation. 4. Protection Against Cyber Attacks:
b. Message Integrity ● if we use the wrong device for the wrong problem, the network ● The internet is a breeding ground for various cyber threats, including
● In the SSL Record Protocol application data is divided into fragments. becomes vulnerable. if the outdated device is used for a designing malware, phishing attacks, and ransomware.
● The fragment is compressed and then encrypted MAC (Message firewall, it exposes the network to risk and is almost useless. Web security measures, such as firewalls, intrusion detection systems,
Authentication Code) generated by algorithms like SHA (Secure Hash and secure coding practices, help defend against these threats.
Protocol) and MD5 (Message Digest) is appended. 5. Availability and Reliability: Web security also encompasses measures
Handshake Protocol: to ensure the availability and reliability of websites.
● Handshake Protocol is used to establish sessions. Distributed Denial of Service (DDoS) attacks, for example, can disrupt
● This protocol allows the client and server to authenticate each other by services, making websites temporarily or permanently unavailable. Web
sending a series of messages to each other. security solutions mitigate the impact of such attacks.

7. Explain Viruses and threats. 8.Explain DDOS. 9.Write a short note on PGP.
Ans. Ans. Ans.
Viruses and threats in the context of information network security refer A Distributed Denial of Service (DDoS) attack is a malicious attempt to ● Pretty Good Privacy (PGP) is a data encryption and decryption program
to malicious software and potential risks that can compromise the disrupt the regular functioning of a targeted system, service, or network that provides cryptographic privacy and authentication for
confidentiality, integrity, and availability of data in a computer network. by overwhelming it with a flood of traffic. communication over the internet.
These threats are designed to exploit vulnerabilities in systems, Here's an explanation of DDoS attacks: ● It is widely used for securing email communication and files. PGP is a
networks, and applications, posing risks to the security of sensitive ● A DDoS attack is a type of cyberattack in which multiple compromised crucial tool in the context of information network security for several
information. Here are key concepts related to viruses and threats in the computers or devices are coordinated to flood a target system or reasons:
context of information network security: network with an overwhelming volume of traffic. Encryption and Authentication:
1. Viruses: ● The objective is to exhaust the target's resources, such as bandwidth, ● PGP employs a hybrid encryption model that combines symmetric-key
● Definition: A computer virus is a type of malicious software that processing power, or network connections, rendering it incapable of and public-key cryptography.
attaches itself to legitimate programs or files, spreading from one responding to legitimate user requests. ● This allows for secure and private communication by encrypting the
computer to another when the infected file is shared. Execution : content of messages using a shared secret key, and the secret key itself
● Characteristics: ● DDoS attacks are executed by a network of computers, often called a is encrypted using the recipient's public key. This ensures both
A. Self-Replication: Viruses can replicate themselves and spread across a botnet, that are under the control of a malicious actor. confidentiality and authentication.
network, infecting other files or systems. ● The attacker commands these compromised devices to send a large Digital Signatures:
B. Payload: Viruses often carry a payload, which may be harmful code, volume of traffic to the target simultaneously. This coordinated effort ● PGP supports digital signatures, allowing users to sign their messages or
designed to perform malicious activities. amplifies the impact of the attack, making it challenging for the target files with their private key.
● Impact: Viruses can corrupt or delete files, disrupt system operations, to distinguish between legitimate and malicious traffic. ● Recipients can then verify the authenticity of the sender and ensure
and sometimes serve as a delivery mechanism for other types of Types of DDoS Attacks : that the content has not been tampered with during transit.
malware. There are various types of DDoS attacks, including: ● This enhances the integrity of the information being exchanged.
2. Worms: ● Volume-Based Attacks: Flood the target with a massive volume of
● Definition: Worms are self-replicating malware that can spread traffic (e.g., ICMP or UDP floods). Web of Trust:
independently across networks without requiring user intervention or ● Protocol-Based Attacks: Exploit vulnerabilities in network protocols, a. PGP operates on the principle of a "web of trust." Users can sign each
attaching to host files. consuming resources (e.g., SYN/ACK, Ping of Death). other's public keys, establishing a network of trusted relationships.
● Characteristics: Application Layer Attacks: Target specific applications or services, b. This decentralized trust model enables users to verify the authenticity
A. Network Propagation: Worms exploit network vulnerabilities to exhausting application resources (e.g., HTTP/HTTPS floods). of public keys and enhances the overall security of the PGP system.
propagate and infect other systems automatically. Objectives and Impact : The primary objective of a DDoS attack is to Email Security:
B. Resource Consumption: Worms can consume network bandwidth and disrupt the normal functioning of the targeted system or network. The a. PGP is commonly used to secure email communication, providing end-
system resources, leading to performance degradation. impact can include: to-end encryption for the contents of emails.
● Impact: Worms can rapidly infect a large number of systems, causing Service Disruption: Overwhelms servers, making them unresponsive b. This ensures that even if emails are intercepted during transit, the
widespread disruption. and causing service downtime. information remains confidential.
 10. Write a short note on S/MIME. 11. Explain IP Security Architecture. 12. What is encapsulating security payload in IP Security?
Ans. →IPSec (IP Security) architecture uses two protocols to secure the traffic Ans.
● S/MIME, or Secure/Multipurpose Internet Mail Extensions, is a widely or data flow. The Encapsulating Security Payload (ESP) is a crucial component of the
used standard for securing email communication through the These protocols are ESP (Encapsulation Security Payload) and AH IPsec (Internet Protocol Security) protocol suite.
application of cryptographic techniques. (Authentication Header). IPsec is a set of protocols designed to secure Internet Protocol (IP)
● S/MIME enhances the security of email messages by providing IPSec Architecture includes protocols, algorithms, DOI, and Key communications by providing authentication, integrity, and
encryption, digital signatures, and certificate-based authentication. Management. confidentiality.
Here's a short note on S/MIME: All these components are very important in order to provide the three ESP specifically focuses on providing confidentiality and optional
Overview: main services: authentication for the data being transferred between two devices.
● S/MIME is a protocol that enables the secure exchange of emails over 1. Confidentiality Here are key aspects of the Encapsulating Security Payload (ESP) in
the Internet. 2. Authentication IPsec:
● It builds upon the MIME standard, which defines the format of 3. Integrity 1. Confidentiality:
multimedia data in email messages, by adding security features. IP Security Architecture: a. Encryption:
● S/MIME is commonly employed to protect the confidentiality and i. ESP primarily addresses the confidentiality of data by encrypting the
integrity of email content, as well as to verify the authenticity of the payload (the actual data being transmitted).
sender. ii. This ensures that even if the packets are intercepted, the content
Key Features: remains confidential and unreadable without the appropriate
1. Digital Signatures: decryption key.
a. S/MIME allows users to sign their email messages using their private 2. Header and Trailer:
keys. a. Encapsulation:
b. The digital signature provides a way for the recipient to verify the origin i. ESP encapsulates the original IP packet by adding a new ESP header and
and integrity of the message. an ESP trailer. ii. The original IP packet becomes the payload of the new
c. If the signature is valid, the recipient can be confident that the message ESP-encapsulated packet.
has not been tampered with and was indeed sent by the claimed 3. Header Fields:
sender. a. SPI (Security Parameter Index): Identifies the security association (SA)
2. Email Encryption: to be used for processing the packet.
a. One of the primary features of S/MIME is email encryption. 1. Architecture: Architecture or IP Security Architecture covers the b. Sequence Number: Helps prevent replay attacks by ensuring the correct
b. Users can encrypt the content of their email messages, ensuring that general concepts, definitions, protocols, algorithms, and security order of received packets.
only the intended recipient, who possesses the corresponding private requirements of IP Security technology. c. Payload Data: Contains the encrypted original IP packet.
key, can decrypt and read the message. 2. ESP Protocol: ESP(Encapsulation Security Payload) provides a d. Padding: Used to ensure that the payload data meets the encryption
c. This protects sensitive information from unauthorized access during confidentiality service. algorithm's block size.
transmission. Encapsulation Security Payload is implemented in either two ways: e. Pad Length: Specifies the length of the padding field.

13. Discuss web security Considerations. 14. Write a short note on Secure Socket Layer. 15.Write in brief about Transport Layer Security.
Ans. Ans. Ans.
● Web Security is very important nowadays. Websites are always prone to Secure Socket Layer (SSL) provides security to the data that is Transport Layer Securities (TLS) are designed to provide security at the
security threats/risks. Web Security deals with the security of data over transferred between web browser and server. SSL encrypts the link transport layer. TLS was derived from a security protocol called Secure
the internet/network or web or while it is being transferred to the between a web server and a browser which ensures that all data passed Socket Layer (SSL).
internet. between them remain private and free from attack. TLS ensures that no third party may eavesdrop or tampers with any
● For e.g. when you are transferring data between client and server and Secure Socket Layer Protocols: message.
you have to protect that data that security of data is your web security. ● SSL record protocol There are several benefits of TLS:
● Hacking a Website may result in the theft of Important Customer Data, ● Handshake protocol ● Encryption: TLS/SSL can help to secure transmitted data using
it may be the credit card information or the login details of a customer ● Change-cipher spec protocol encryption.
or it can be the destruction of one’s business and propagation of illegal ● Alert protocol ● Interoperability: TLS/SSL works with most web browsers, including
content to the users while somebody hacks your website they can SSL Protocol Stack: Microsoft Internet Explorer and on most operating systems and web
either steal the important information of the customers or they can servers.
even propagate the illegal content to your users through your website ● Algorithm flexibility: TLS/SSL provides operations for authentication
so, therefore, security considerations are needed in the context of web mechanism, encryption algorithms and hashing algorithm that are used
security. during the secure session.
Security Consideration: ● Ease of Deployment: Many applications TLS/SSL temporarily on a
1. Updated Software: You need to always update your software. Hackers windows server 2003 operating systems.
may be aware of vulnerabilities in certain software, which are ● Ease of Use: Because we implement TLS/SSL beneath the application
sometimes caused by bugs and can be used to damage your computer ● SSL Record Protocol: layer, most of its operations are completely invisible to client.
system and steal personal data. SSL Record provides two services to SSL connection. Working of TLS: The client connect to server (using TCP), the client will
Older versions of software can become a gateway for hackers to enter a. Confidentiality be something.
your network. Software makers soon become aware of these b. Message Integrity The client sends number of specification:
vulnerabilities and will fix vulnerable or exposed areas. That’s why It is In the SSL Record Protocol application data is divided into fragments. Version of SSL/TLS. which cipher suites, compression method it wants
mandatory to keep your software updated, It plays an important role in The fragment is compressed and then encrypted MAC (Message to use.
keeping your personal data secure. Authentication Code) generated by algorithms like SHA (Secure Hash ● The server checks what the highest SSL/TLS version is that is supported
2. Beware of SQL Injection: SQL Injection is an attempt to manipulate Protocol) and MD5 (Message Digest) is appended. After that encryption by them both, picks a cipher suite from one of the clients option (if it
your data or your database by inserting a rough code into your query. of the data is done and in last SSL header is appended to the data. supports one) and optionally picks a compression method.
For e.g. somebody can send a query to your website and this query can ● Handshake Protocol: Handshake Protocol is used to establish sessions. ● After this the basic setup is done, the server provides its certificate. This
be a rough code while it gets executed it can be used to manipulate This protocol allows the client and server to authenticate each other by certificate must be trusted either by the client itself or a party that the
your database such as change tables, modify or delete data or it can sending a series of messages to each other Handshake protocol uses client trusts.
four phases to complete its cycle.

16.Differentiate between IDS & IPS. 17.What are the types of Intrusion Detection systems? 18. What is Malicious Mobile Code?
Ans. Ans. Ans.
In the realm of information network security, Intrusion Detection An IDS monitors and detects behavior across a network and should be Malicious mobile code refers to software or code specifically designed
Systems (IDS) and Intrusion Prevention Systems (IPS) are two distinct considered a diagnostic solution. The system, if it detects something to perform malicious activities on mobile devices, such as smartphones
technologies designed to enhance the security posture of computer problematic, will alert the security team so they can investigate. and tablets.
networks. There are five types of Intrusion Detection System This category of threats includes various types of malicious code, often
Here's a differentiation between IDS and IPS: 1. Network intrusion detection systems (NIDS) delivered through apps, websites, or other means, with the intent of
Intrusion Detection System (IDS): A network intrusion detection system will monitor traffic through compromising the security and privacy of mobile users.
● Purpose: various sensors — placed either via hardware or software — on the Malicious mobile code can take different forms and execute a range of
○ Detection: The primary purpose of an IDS is to detect and alert on network itself. harmful actions. Here are some common examples:
potential security incidents or anomalies within a network. It monitors The system will then monitor all traffic going through devices across the Mobile Malware:
network or system activities, analyzes patterns, and identifies behavior multiple sensor points. ● Trojan Horses: Malicious apps disguised as legitimate ones, tricking
that may indicate an intrusion. 2. Host intrusion detection systems (HIDS) users into installing them. Once installed, they may perform
● Action Taken: A HIDS is placed directly on devices to monitor traffic, giving network unauthorized activities without the user's knowledge.
○ Passive: IDS operates in a passive mode, meaning it observes and administrators a bit more control and flexibility. ● Spyware: Software designed to spy on the user's activities, collect
analyzes network traffic without actively preventing or blocking any However, this can become burdensome depending on the sensitive information, and transmit it to malicious actors. This may
activities. It does not interfere with the flow of data. organization’s size. If an organization is only leveraging HIDS, the include monitoring calls, text messages, or browsing habits.
● Response: company would have to account for every new device added within the ● Ransomware: Malware that encrypts the user's data, rendering it
○ Alerting: When an IDS identifies suspicious or malicious activity, it organization, leaving room for error while also taking up a lot of time. inaccessible. Attackers then demand payment for the decryption key.
generates alerts or notifications to notify security administrators. The 3. Protocol-based intrusion detection systems (PIDS) ● Adware: Unwanted software that displays intrusive advertisements,
response is typically manual, with human intervention required to A protocol-based IDS is often placed at the front of a server and often disrupting the user experience and potentially leading to other
investigate and mitigate the threat. monitors traffic flowing to and from devices. This is leveraged to secure security issues.
● Deployment: users browsing the internet. Drive-by Downloads:
○ Monitoring Only: IDS is commonly deployed for monitoring purposes to 4. Application protocol-based intrusion detection systems (APIDS) ● Malicious code can be injected into legitimate websites or ads,
gain insights into network activities, detect potential threats, and An APIDS is similar to a protocol-based system but monitors traffic exploiting vulnerabilities in the mobile device's browser or operating
facilitate incident response. across a group of servers. This is often leveraged on specific application system.
● Focus: protocols to specifically monitor activity, helping network ● When a user visits the compromised site or interacts with the malicious
○ Visibility: IDS provides visibility into network traffic, helping security administrators better segment and classify their network monitoring content, the code is automatically downloaded and executed on the
teams understand the nature of attacks, potential vulnerabilities, and activities. device.
trends over time. SMS or MMS Attacks:
Intrusion Prevention System (IPS): ● Malicious code can be delivered through text messages or multimedia
messages. Clicking on a link or opening a message may trigger the