MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

Important Instructions to examiners:

1) The answers should be examined by key words and not as word-to-word as given in the
model answer scheme.
2) The model answer and the answer written by candidate may vary but the examiner may
try to assess the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more
Importance (Not applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in
the figure. The figures drawn by candidate and model answer may vary. The examiner
may give credit for anyequivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed
constant values may vary and there may be some difference in the candidate’s answers
and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of
relevant answer based on candidate’s understanding.
7) For programming language papers, credit may be given to any other program based on
equivalent concept.
8) As per the policy decision of Maharashtra State Government, teaching in English/Marathi
and Bilingual (English + Marathi) medium is introduced at first year of AICTE diploma
Programme from academic year 2021-2022. Hence if the students in first year (first and
second semesters) write answers in Marathi or bilingual language (English +Marathi), the
Examiner shall consider the same and assess the answer based on matching of concepts
with model answer.
Q. Sub Answer Marking
No Q.N. Scheme
1. Attempt any FIVE of the following 10M
a) Compare virus and logic bomb (any two points) 2M
Ans. virus Logic bomb Any two
Virus is a program which A logic bomb is a set of points 1M
each
attaches itself to another instructions in a program
program and causes damage carrying a malicious payload
to the computer system or the that can attack an operating
network. It is loaded onto system, program, or network.
your computer without your It only goes off after certain
knowledge and runs against conditions are met. A simple
your wishes example of these conditions
is a specific date or time.
Characteristic of a virus is, Characteristic of a logic
How it spread. bomb is, how it's triggered.

Page 1 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

b) Identify any four user responsibility in computer security. 2M

Ans. i) Do not share passwords, OTP etc to anyone. Any four
ii) Do not leave sensitive information unprotected. points
1/2M each
iii) Secure storage media which contains sensitive information.
iv) Shredding paper containing organizational information before
discarding it.

c) Define following terms 2M

(i) Cryptography
(ii) Cryptology. Definition
Ans. Cryptography: Cryptography is the art and science of achieving of
Each term
security by encoding messages to make them non-readable. 1M

Cryptology: It is the art and science of transforming the intelligent

data into unintelligent data and unintelligent data back to intelligent
data.
Cryptology = Cryptography + Cryptanalysis

d) Construct digital signature using cryptool. 2M

Ans. Step 1: Open Cryptool application. Correct
Step 2: Open the file and enter message to create digital signature. steps 2M

Step 3: Select menu Digital signature -> Sign Document

Step 4: Select any Hash function and choose private key.
Step 5: Enter PIN number and Click on Sign button to generate
digital signature.
e) List any two types of active and passive attacks 2M
Ans. Active Attack: Any two
 Masquerade active
attacks
 Replay 1M,
 Message Modification
 Denial-Of-Service Any two
passive
attacks 1M
Passive Attack:
 Eavesdropping
 Traffic Analysis

Page 2 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

f) State any two policies of the firewall 2M

Ans.  Service control: Determines the types of Internet services that can
Any two
be accessed, inbound or outbound. The firewall may filter traffic policies 2M
on the basis of IP address, protocol, or port number; may provide
proxy software that receives and interprets each service request
before passing it on; or may host the server software itself, such as
a Web or mail service.
 Direction control: Determines the direction in which particular
service requests may be initiated and allowed to flow through the
firewall.
 User control: Controls access to a service according to which user
is attempting to access it. This feature is typically applied to users
inside the firewall perimeter (local users).
 Behavior control: Controls how particular services are used. For
example, the firewall may filter e-mail to eliminate spam, or it may
enable external access to only a portion of the information on a
local Web server.

g) List any types of cybercrimes 2M

Ans. Types of cyber crime :- Any four
1. Hacking types 1/2M
2. Digital Forgery each
3. Cyber Stalking / Harassment
4. Cyber Pornography
5. Identity Theft and Fraud
6. Cyber Terrorism
7. Cyber Defamation
2. Attempt any THREE of the following: 12M
a) Describe CIA model with suitable diagram. 4M
Ans. 1. Confidentiality: the principle of confidentiality specifies that only
Explanatio
sender and intended recipients should be able to access the contents n with
of a message. Confidentiality gets compromised if an unauthorized diagram
4M
person is able to access the contents of a message. Example of
compromising the Confidentiality of a message is shown in fig.

Page 3 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

Fig. Loss of confidentiality

Here, the user of a computer A send a message to user of computer B.
another user C gets access to this message, which is not desired and
therefore, defeats the purpose of Confidentiality. This type of attack
is also called as interception

2. Authentication: Authentication helps to establish proof of

identities. The Authentication process ensures that the origin of a
message is correctly identified. For example, suppose that user C
sends a message over the internet to user B. however, the trouble is
that user C had posed as user A when he sent a message to user B.
how would user B know that the message has come from user C, who
posing as user A? This concept is shown in fig. below. This type of
attack is called as fabrication.

Fig. absence of authentication

3. Integrity: when the contents of the message are changed after the
sender sends it, but before it reaches the intended recipient, we say
that the integrity of the message is lost. For example, here user C
tampers with a message originally sent by user A, which is actually
destined for user B. user C somehow manages to access it, change its
contents and send the changed message to user B. user B has no way
of knowing that the contents of the message were changed after user
A had sent it. User A also does not know about this change. This type
of attack is called as modification.

Page 4 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

Fig. Loss of Integrity

b) Define the following with suitable example 4M

i) DAC
Definition
ii) MAC with
i) DAC: DAC (discretionary access control) policy utilizes user example of
Ans. identification procedures to identify and restrict object access .It DAC 2M
restricts access to objects based on the identity of subjects and or
groups to which they belongs to. The owner of information or any
resource is able to change its permissions at his discretion .Data
Owners can transfer ownership of information to other users .Data
Owners can determine the type of access given to other users (read,
write etc.)
Features of DAC policy are as follows :-
Flexible –In DAC policy owner of information or resource can
change its permission.
Backup - Discretionary access control allows organizations to
backup security policies and data to ensure effective access points.
Usability - Discretionary access control is easy to use. Data Owners
can transfer ownership of information to other users easily.
Definition
ii) MAC :It is used in environments where different levels of security with
are classified. It is much more restrictive. It is sensitivity based example of
MAC 2M
restriction, formal authorization subject to sensitivity. In MAC the
owner or User cannot determine whether access is granted to or not.
i.e. Operating system rights. Security mechanism controls access to
all objects and individual cannot change that access.

Page 5 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

c) Differentiate between symmetric and asymmetric key 4M

cryptography (any four points)
Ans. Any four
points 1M
each

d) Explain Steganography with suitable example. 4M

Ans. Steganography: Steganography is the art and science of writing
hidden message in such a way that no one apart from sender and Correct
explanatio
intended recipient suspects the existence of the message. n with
Steganography works by replacing bits of useless or unused data in suitable
example
regular computer files (such as graphics, sound, text, html or even
4M
floppy disks) with bits of different, invisible information. This hidden
information can be plain text, cipher text or even images. In modern
steganography, data is first encrypted by the usual means and then
inserted, using a special algorithm, into redundant data that is part of
a particular file format such as a JPEG image.
Steganography process:
Cover-media + Hidden data + Stego-key = Stego-medium

Fig : Steganography

Page 6 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

Cover media is the file in which we will hide the hidden data, which
may also be encrypted using stego-key. The resultant file is stego-
medium. Cover-media can be image or audio file. Stenography takes
cryptography a step further by hiding an encrypted message so that
no one suspects it exists. Ideally, anyone scanning your data will fail
to know it contains encrypted data. Stenography has a number of
drawbacks when compared to encryption. It requires a lot of overhead
to hide a relatively few bits of information. I.e. One can hide text,
data, image, sound, and video, behind image.

Applications :
1. Confidential communication and secret data storing
2. Protection of data alteration
3. Access control system for digital content distribution
4. Media Database systems

3. Attempt any THREE of the following 12M

a) Describe piggy backing and shoulder surfing 4M
Ans. Piggybacking: It is the simple process of following closely behind a
Descriptio
person who has just used their own access card or PIN to gain n of piggy
physical access to a room or building. An attacker can thus gain backing
access to the facility without having to know the access code or 2M
having to acquire an access card. i.e. Access of wireless internet
connection by bringing one's own computer within range of another
wireless connection & using that without explicit permission, it
means when an authorized person allows (intentionally or
unintentionally) others to pass through a secure door. Piggybacking
on Internet access is the practice of establishing a wireless Internet
connection by using another subscriber's wireless Internet access
service without the subscriber’s explicit permission or knowledge.
Piggybacking is sometimes referred to as "Wi-Fi squatting." The
usual purpose of piggybacking is simply to gain free network access
rather than any malicious intent, but it can slow down data transfer
for legitimate users of the network.

Page 7 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

Shoulder surfing: Shoulder surfing a similar procedure in which

Descriptio
attackers position themselves in such a way as to- be-able to observe n of
the authorized user entering the correct access code. Shoulder surfing shoulder
is an effective way to get information in crowded places because it's surfing
2M
relatively easy to stand next to someone and watch as they fill out a
form, enter a PIN number at an ATM machine, or use a calling card
at a public pay phone. Shoulder surfing can also be done long
distance with the aid of binoculars or other vision enhancing devices.
Shoulder surfing is using direct observation techniques, such as
looking over someone's shoulder, to get information.

b) Convert plain text into cipher text by using single columnar 4M

technique of the following sentence:
―Maharashtra State board of Technical Education‖ 2M for
plain text
Ans. 1 2 3 4 5 table
M A H A R
2M for
A S T R A cipher text
S T A T E
B O A R D
O F T E C
H N I C A
L E D U C
A T I O N

PLAIN TEXT:
MAHARASTRA STATE BOARD OF TECHNICAL EDUCATION
LET ORDER BE:4,5,3,2,1

CIPHER
TEXT:ARTRECUORAEDCACNHTAATIDIASTOFNETMASBOH
LA

Note: Any relevant order shall be considered.

Page 8 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

c) State any four difference between Firewall and Intrusion 4M

Detection System
Ans.

Any four
differences
1M each

d) Describe any four password selection criteria. 4M

Ans. Password: Password is a secret word or expression used by Any four
criteria’s
authorized persons to prove their right to access, information, etc. 1M each
Components of good password:
1. It should be at least eight characters long.
2. It should include uppercase and lowercase letters, numbers, special
characters or punctuation marks.
3. It should not contain dictionary words.
4. It should not contain the user's personal information such as their
name, family member's name, birth date, pet name, phone number or
any other detail that can easily be identified.
5. It should not be the same as the user's login name.
6. It should not be the default passwords as supplied by the system
vendor such as password, guest, and admin and so on.

Page 9 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

4. Attempt any THREE of the following 12M

a) Convert the given plain text, encrypt it with the help of Caesor‟s 4M
cipher technique.
“Network and Information Security”. 2M for
plain text
Ans. table

2M for
Caesor’s
cipher
technique

PLAIN TEXT: NETWORK AND INFORMATION SECURITY

CIPHER TEXT:QHWZRUNDQGLQIRUPDWLRQVHFXULWB
b) Demonstrate configuration of Firewall setting windows operating 4M
system.
Ans. Correct
A firewall is a device which monitors and filters all the incoming and explanatio
outgoing network traffic and prevents unauthorized access to/within n 4M
the network. The firewall is the most important line of defense in
maintaining the security of the network and the application. Every
firewall has a set of rules predefined to allow type of data within the
network; accordingly, it allows or denies the incoming traffic within
the network.

Configuring firewalls on Windows 10

Since Windows is widely used at personal level, this article has been
written specifically for configuring firewalls on Windows.
These are the steps for opening any specific port on the Windows 10
firewall:
1) Search ―firewall‖ and click on Windows Defender Firewall, as
shown below:

Page 10 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

2) Click on Inbound Rules, as shown.

3) Click on New Rule, select port and click Next as shown:

Page 11 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

4) Enter a specific port number. In this case, it’s 443. Click Next.

Page 12 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

5) Allow or block the connection as needed.

6) Name the rule and description as needed.

7) The same steps need to be followed for allowing outbound

connection. In step 1, instead of selecting Inbound Rules, select
Outbound Rules and follow the same steps as above.
That’s easy it is to configure to allow or deny any connection for a
particular port on Windows 10.

Page 13 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2023 EXAMINATION

-
Subject: Network and Information Security Subject Code:
22620

c) Describe DMZ with suitable diagram. 4M

Ans. DMZ (Demilitarized Zone): It is a computer host or small network
inserted as a ―neutral zone‖ in a company‟s private network and the Explanatio
outside public network. It avoids outside users from getting direct n 2M
access to a company‟s data server. A DMZ is an optional but more
secure approach to a firewall. It can effectively acts as a proxy server.
Diagram
The typical DMZ configuration has a separate computer or host in 2M
network which receives requests from users within the private
network to access a web sites or public network. Then DMZ host
initiates sessions for such requests on the public network but it is not
able to initiate a session back into the private network. It can only
forward packets which have been requested by a host. The public
network‟s users who are outside the company can access only the
DMZ host. It can store the company‟s web pages which can be
served to the outside users. Hence, the DMZ can‟t give access to the
other company‟s data. By any way, if an outsider penetrates the
DMZ‟s security the web pages may get corrupted but other
company‟s information can be safe.

d) Describe PGP with suitable diagram. 4M

Ans. PGP is Pretty Good Privacy. It is a popular program used to encrypt
and decrypt email over the internet. It becomes a standard for email Explanatio
n 2M
security. It is used to send encrypted code (digital signature) that lets
the receiver verify the sender’s identity and takes care that the route
of message should not change. PGP can be used to encrypt files being
stored so that they are in unreadable form and not readable by users
or intruders It is available in Low cost and Freeware version. It is
Page 14 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

most widely used privacy ensuring program used by individuals

as well as many corporations.

Diagram
2M

There are five steps as shown below:

1. Digital signature: it consists of the creation a message digest of the
email message using SHA-1 algorithm. The resulting MD is then
encrypted with the sender’s private key. The result is the sender’s
digital signature.
2. Compression: The input message as well as p digital signature are
compressed together to reduce the size of final message that will be
transmitted. For this the Lempel -Ziv algorithm is used.
3. Encryption: The compressed output of step 2 (i.e. the compressed
form of the original email and the digital signature together) are
encrypted with a symmetric key.
4. Digital enveloping: the symmetric key used for encryption in step 3
is now encrypted with the receiver’s public key. The output of step 3
and 4 together form a digital envelope.
5. Base -64 encoding: this process transforms arbitrary binary input
into printable character output. The binary input is processed in
blocks of 3 octets (24-bits).these 24 bits are considered to be made up
of 4 sets, each of 6 bits. Each such set of 6 bits is mapped into an 8-
bit output character in this process.

e) Find the output of initial permutation box when the input is given 4M
in hexadecimal as
0 x 0003 0000 0000 0001

Page 15 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code: 22620

Ans.
0 0 0 3 Hexadecimal
0000 0000 0000 0011 Binary
Correct
0 0 0 0 Hexadecimal output 4M
0000 0000 0000 0000 Binary

0 0 0 0 Hexadecimal
0000 0000 0000 0000 Binary

0 0 0 1 Hexadecimal
0000 0000 0000 0001 Binary
Input

1 2 3 4 5 6
1 0 0 0 0 0 0
2 0 0 0 0 0 0
3 0 0 0 0 0 0
4 0 0 0 0 0 0
5 0 0 0 0 0 0
6 0 0 0 0 0 0
7 0 0 0 0 0 0
8 0 0 0 0 0 0

Permutation table

1 2 3 4 5 6
1 58 50 42 34 26 18
2 60 52 44 36 28 20
3 62 54 46 38 30 22
4 64 56 48 40 32 24
5 57 49 41 33 25 17
6 59 51 43 35 27 19
7 61 53 45 37 29 21
8 63 55 47 39 31 23

Page 16 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

Output

1 2 3 4 5 6
1 0 0 0 0 0 0
2 0 0 0 0 0 0
3 0 0 0 0 0 0
4 1 0 0 0 0 0
5 0 0 0 0 0 0
6 0 0 0 0 0 0
7 0 0 0 0 0 0
8 0 0 0 0 0 0

Hexadecimal
0000 0082 0000 0002
Note: Any other relevant logic shall be considered.
5. Attempt any TWO of the following 12M
a) Describe the following terms 6M
i) Asset
ii) Vulnerability
iii) Risks
Ans. i) Asset: Asset is any data, device, or other component of the
environment that supports information-related activities. Assets
Descriptio
generally include hardware, software and confidential information. n of each
term 2M
ii) Vulnerability: It is a weakness in computer system & network.
The term "vulnerability" refers to the security flaws in a system that
allows an attack to be successful. Vulnerability testing should be
performed on an on-going basis by the parties responsible for
resolving such vulnerabilities, and helps to provide data used to
identify unexpected dangers to security that need to be addressed.
Such vulnerabilities are not particular to technology — they can also
apply to social factors such as individual authentication and
authorization policies.

iii) Risks: Risk is probability of threats that may occur because of

presence of vulnerability in a system.

Page 17 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

OR
Risk is any event or action that could cause a loss or damage to
computer hardware, software, data, or information.
b) Describe network base IDS with suitable diagram 6M
Ans.

Diagram
2M

1. Network-based IDS focuses on network traffic —the bits & bytes

Explanatio
traveling along the cables & wires that interconnect the system. n 4M
2. A network IDS should check the network traffic when it passes &
it is able to analyse traffic according to protocol type, amount, source,
destination, content, traffic already seen etc.
3. Such an analysis must occur quickly, &the IDS must be able to
handle traffic at any speed the network operates on to be effective.
4. Network-based IDSs are generally deployed so that they can
monitor traffic in &out of an organization’s major links like
connection to the Internet, remote offices, partner etc.
Network-based IDSs looks for certain activities like:
 Denial of service attacks
 Port scans or sweeps
 Malicious content in the data payload of a packet or packets
 Vulnerability scanning Trojans, viruses, or worms
 Tunneling
 Brute-force attacks
OR
1. Traffic collector: This component collects activity or events from
the IDS to examine. On Host-based IDS, this can be log files, audit
logs, or traffic coming to or leaving a specific system. On Network-
based IDS, this is typically a mechanism for copying traffic of the
network link.

Page 18 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

2. Analysis Engine: This component examines the collected network

traffic & compares it to known patterns of suspicious or malicious
activity stored in the signature database. The analysis engine acts like
a brain of the IDS.
3. Signature database: It is a collection of patterns & definitions of
known suspicious or malicious activity.
4. User Interface & Reporting: This is the component that interfaces
with the human element, providing alerts when suitable & giving the
user a means to interact with & operate the IDS.
Advantages:
 O.S specific and detailed signatures.
 Examine data after it has been decrypted.
 Very application specific.
 Determine whether or not an alarm may impact that specific.
Disadvantages:
 Should a process on every system to watch.
 High cost of ownership and maintenance.
 Uses local system resources.
 If logged locally, could be compromised or disable.
c) Describe COBIT framework with neat diagram 6M
Ans.
Diagram
2M

COBIT stands for ―Control Objectives for Information and related Explanatio
Technology‖, it is a framework that was developed by ISACA n 4M
(Information System Audit and Control Association). It is a set of
guidance material for IT governance to manage their requirements,
technical issues, and business risks.

Page 19 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

COBIT connects IT initiatives with business requirements, monitors

and improves IT management practices, and ensures quality control
and reliability of information systems in an organization.
 Plan and Organize: This domain addresses direction to solutions,
Information architecture, managing IT investments, assess the
risks, quality, and project.
 Acquire and Implement: This domain acquires and maintains
application software and technology infrastructure, develops as
well as maintains procedures and manages changes, implements
desired solutions and passes them to be turned into services.
 Deliver and Support: This domain defines and manages service
levels, ensures the security of the system, educates or trains, and
advises users. It receives solutions and makes them usable for end
users.
 Monitor and Evaluate: This domain monitors the process, assesses
internal control capability, finds independent assurance, and
provides independent audit.
Principle of COBIT:
 Providing service of delivering information that an organization
requires.
 Undesired events will be prevented, detected, and corrected.
 Managing and controlling IT resources using a structured set of
processes.
Fulfilling client’s requirements.
Note: Any other relevant framework shall be considered

6. Attempt any TWO of the following 12M

a) Describe any three phases of virus with suitable example 6M
Ans. Definition: Virus is a program which attaches itself to another
program and causes damage to the computer system or the network. It Any three
Phases 3M
is loaded onto your computer without your knowledge and runs
against your wishes. Suitable
During the lifecycle of virus it goes through the following four example
phases: 3M

Page 20 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

1. Dormant phase: The virus is idle and activated by some event.

2. Propagation phase: It places an identical copy of itself into
other programs or into certain system areas on the disk.
3. Triggering phase: The virus is activated to perform the function
for which it was intended.
4. Execution phase: The function of virus is performed

Note: Any other relevant example shall be considered

b) Describe „ Kerberos‟ protocol with suitable diagram 6M
Ans. Kerberos: Kerberos is a network authentication protocol. It is
designed to provide strong authentication for client/server
applications by using secret-key cryptography. It uses secret key Descriptio
cryptography. It is a solution to network security problems. It n with
provides tools for authentication and strong cryptography over the suitable
network to help you secure your information system There are 4 diagram of
parties involved in Kerberos protocol Authentica
tion service
i) User (AS)
ii) Authentication service (AS) 3M
iii) Ticket granting server (TGS)
iv) Service server
Working of Kerberos: Descriptio
n with
1. The authentication service, or AS, receivers the request by the suitable
client and verifies that the client is indeed the computer it claims to diagram of
be. This is usually just a simple database lookup of the user’s ID. Ticket
granting
server
(TGS)
3M

Page 21 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

2. Upon verification, a timestamp is created. This puts the current

time in a user session, along with an expiration date. The default
expiration date of a timestamp is 8 hours. The encryption key is then
created. The timestamp ensures that when 8 hours is up, the
encryption key is useless.
3. The key is sent back to the client in the form of a ticket-granting
ticket, or TGT. This is a simple ticket that is issued by the
authentication service. It is used for authentication the client for
future reference.

1. The client submits the ticket-granting ticket to the ticket-granting

server, or TGS, to get authenticated.
2. The TGS creates an encrypted key with a timestamp, and grants the
client a service ticket.

3. The client decrypts the ticket, tells the TGS it has done so, and
then sends its own encrypted key to the service.

Page 22 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

4. The service decrypts the key, and makes sure the timestamp is still
valid. If it is, the service contacts the key distribution center to
receive a session that is returned to the client.

5. The client decrypts the ticket. If the keys are still valid,
communication is initiated between client and server.
c) Write a brief note on firewall configuration 6M
i) Packet filter as a firewall
ii) Application level gateway firewall
iii) Circuit level gateway firewall Explanatio
n with
Ans. 1. Packet filter as a firewall : As per the diagram given below diagram
Firewall will act according to the table given for example source IP 2M
150.150.0.0 is the IP address of a network , all the packets which are each
coming from this network will be blocked by the firewall in this way
it is acting as a firewall. Table also having port 80, IP Address
200.75.10.8 & port 23 firewall will act in the similar fashion. Port 23
is for Telnet remote login in this case firewall won’t allow to login
onto this server. IP Address 200.75.10.8 is the IP address of
individual Host, all the packet having this IP address as a destination
Address will be denied. Port 80 no HTTP request allowed by firewall

Page 23 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

2. Application level gateway Firewalls: Application level firewalls

decide whether to drop a packet or send them through based on the
application information (available in the packet). They do this by
setting up various proxies on a single firewall for different
applications. Both the client and the server connect to these proxies
instead of connecting directly to each other. So, any suspicious data
or connections are dropped by these proxies. Application level
firewalls ensure protocol conformance. For example, attacks over http
that violates the protocol policies like sending Non-ASCII data in the
header fields or overly long string along with Non ASCII characters
in the host field would be dropped because they have been tampered
with, by the intruders.

Page 24 / 25
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

- SUMMER – 2023 EXAMINATION

Subject: Network and Information Security Subject Code:

22620

3. Circuit level gateway Firewalls: The circuit level gateway firewalls

work at the session layer of the OSI model. They monitor TCP handshaking
between the packets to determine if a requested session is legitimate. And
the information passed through a circuit level gateway, to the internet,
appears to have come from the circuit level gateway. So, there is no way for
a remote computer or a host to determine the internal private ip addresses of
an organization, for example. This technique is also called Network Address
Translation where the private IP addresses originating from the different
clients inside the network are all mapped to the public IP address available
through the internet service provider and then sent to the outside world
(Internet). This way, the packets are tagged with only the Public IP address
(Firewall level) and the internal private IP addresses are not exposed to
potential intruders

Page 25 / 25
 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Important Instructions to examiners:

1) The answers should be examined by key words and not as word-to-word as given in the model answer
scheme.
2) The model answer and the answer written by candidate may vary but the examiner may try to assess
the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more Importance (Not
applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in the figure.
The figures drawn by candidate and model answer may vary. The examiner may give credit for any
equivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed constant values
may vary and there may be some difference in the candidate‟s answers and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of relevant answer
based on candidate‟s understanding.
7) For programming language papers, credit may be given to any other program based on equivalent
concept.
8) As per the policy decision of Maharashtra State Government, teaching in English/Marathi and
Bilingual (English + Marathi) medium is introduced at first year of AICTE diploma Programme from
academic year 2021-2022. Hence if the students in first year (first and second semesters) write
answers in Marathi or bilingual language (English +Marathi), the Examiner shall consider the same
and assess the answer based on matching of concepts with model answer.

Q.N Sub Answer Marking

o Q.N. Scheme
1. Attempt any FIVE of the following: 10
a) Define following terms: 2M
i) Confidentiality
ii) Accountability
Ans i) Confidentiality: The principle of confidentiality specifies that only 1M for
sender and intended recipients should be able to access the contents of each
a message. Confidentiality gets compromised if an unauthorized person definition
is able to access the contents of a message.
OR
The goal of confidentiality is to ensure that only those individuals who
have the authority can view a piece of information, the principle of
confidentiality specifies that only sender and intended recipients
should be able to access the contents of a message. Confidentiality gets
compromised if an unauthorized person is able to access the contents
of a message.
ii) Accountability: The principle of accountability specifies that every
individual who works with an information system should have specific

Page 1 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

responsibilities for information assurance.

The tasks for which a individual is responsible are part of the overall
information security plan and can be readily measurable by a person
who has managerial responsibility for information assurance.
One example would be a policy statement that all employees must
avoid installing outside software on a company-owned information
infrastructure.
OR
The security goal that generates the requirement for actions of an entity
to be traced uniquely to that entity.
b) Explain the terms: 2M
i) Shoulder surfing
ii) Piggybacking
Ans. i) Shoulder surfing: It is using direct observation techniques, such as 1M for
looking over someone's shoulder, to get information. Shoulder surfing each
is a similar procedure in which attackers position themselves in such a explanation
way as to- be-able to observe the authorized user entering the correct
access code.
• Shoulder surfing is an effective way to get information in crowded
places because it's relatively easy to stand next to someone and watch
as they fill out a form, enter a PIN number at an ATM machine, or use
a calling card at a public pay phone. Shoulder surfing can also be done
long distance with the aid of binoculars or other vision-enhancing
devices.

ii) Piggybacking : Piggybacking on Internet access is the practice of

establishing a wireless Internet connection by using another
subscriber's wireless Internet access service without the subscriber‟s
explicit permission or knowledge.
OR
Access of wireless internet connection by bringing one's own computer
within range of another wireless connection & using that without
explicit permission , it means when an authorized person allows
(intentionally or unintentionally) others to pass through a secure door.
OR
An attacker can thus gain access to the facility without having to know
the access code or having to acquire an access card. It is the simple
tactic of following closely behind a person who has just used their own
access card or PIN to gain physical access to a room or building.

Page 2 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

c) Define term cryptography. 2M

Ans. Cryptography is art & science of achieving security by encoding 2M for
messages to make them non-readable. definition,
diagram is
optional

d) Classify following cyber crimes: 2M

i) Cyber stalking
ii) Email harassment 1M for
Ans. i) Cyber stalking : Cyber Stalking means following some ones each
activity over internet. This can be done with the help of many protocols explanation
available such as e- mail, chat rooms, user net groups.
OR
Cyber stalking :Cyberstalking/ Harassment refers to the use of the
internet and other technologies to harass or stalk another person online,
and is potentially a crime in the India under IT act-2000.
This online harassment, which is an extension of cyberbullying and in-
person stalking, can take the form of e-mails, text messages, social
media posts, and more and is often methodical, deliberate, and
persistent.

ii) Email harassment : Email harassment is usually understood to be

a form of stalking in which one or more people send consistent,
unwanted, and often threatening electronic messages to someone else
OR
Email harassment : Cybercrime against individual
e) Differentiate between viruses & worms (any two) 2M
Ans. S. N Worms Virus 1M for
1. The worm is code that The virus is the program code each
replicate itself in order to that attaches itself to difference,
consume resources to application program and when any two can
bring it down. application program run it be
runs along with it considered
2. It exploits a weakness in It inserts itself into a file or
an application or operating executable program.
system by replicating itself

Page 3 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

3 It can use a network to It has to rely on users

replicate itself to other transferring infected
computer systems without files/programs to other
user intervention. computer systems.
4 Usually not. Worms Yes, it deletes or modifies
usually only monopolize files. Sometimes a virus also
the CPU and memory. changes the location of files.
5 Worm is faster than virus Virus is slower than worm.
6 E.g. Code red E.g. Macro virus, Directory
virus, Stealth Virus
f) Define firewall. Enlist types of firewalls. 2M
Ans. Definition Firewall: A firewall is a network security device that 1M for
monitors incoming and outgoing network traffic and permits or blocks definition
data packets based on a set of security rules. Its purpose is to establish 1M for
a barrier between your internal network and incoming traffic from listing any
external sources (such as the internet) in order to block malicious two types
traffic like viruses and hackers.
Types of Firewall :
1 .Packet Filter
2. Circuit level Gateway
3. Application Gateway
4. Software
5. Hardware
6. Hybrid
7. Stateful multilayer Inspection Firewall

g) Define AH & ESP with respect to IP security. 2M

Ans. Authentication header (AH): 1M each,
1. The AH provides support for data integrity and authentication of any one
IP packets. The data integrity service ensures that data inside IP point also
packet is not altered during the transit. can be
2. The authentication service enables an end user or computer system considered
to authenticate the user or the application at the other end and decides
to accept or reject packets accordingly
Encapsulation Header (ESP):
1. Used to provide confidentiality, data origin authentication, data
integrity.

2. It is based on symmetric key cryptography technique.

Page 4 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

3. ESP can be used in isolation or it can be combined with AH.

2. Attempt any THREE of the following: 12

a) Define following terms: 4M
i) Operating System Security
ii) Hot fix
iii) Patch
iv) Service pack
Ans. i) Operating System Security: The OS must protect itself from 1M for
security breaches, such as runaway processes ( denial of service ), each
memory-access violations, stack overflow violations, the launching of definition
programs with excessive privileges, and many others.
ii)Hot Fix : Normally this term is given to small software update
designed to address a particular problem like buffer overflow in an
application that exposes the system to attacks.
iii) Patch: This term is generally applied to more formal, larger s/w
updates that may address several or many s/w problems. Patches often
contain improvement or additional capabilities & fixes for known
bugs.
iv) Service Pack : service pack is a collection of updates and fixes,
called patches, for an operating system or a software program. Many of
these patches are often released before a larger service pack, but the
service pack allows for an easy, single installation.
OR
A service pack (SP) is an update, often combining previously released
updates, that helps make Windows more reliable. Service packs can
include security and performance improvements and support for new
types of hardware.
b) Explain the mechanism of fingerprint & voice pattern in 4M
Biometrics. 2M for
Ans. each
explanation
, diagram is
optional

Page 5 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Fingerprint registration & verification mechanism

1. During registration, first time an individual uses a biometric system
is called an enrollment.
2. During the enrollment, biometric information from an individual is
stored.
3. In the verification process, biometric information is detected and
compared with the information stored at the time of enrolment.
4. The first block (sensor) is the interface between the real world and
the system; it has to acquire all the necessary data.
5. The 2nd block performs all the necessary pre-processing.
6. The third block extracts necessary features. This step is an important
step as the correct features need to be extracted in the optimal way.
7. If enrollment is being performed the template is simply stored
somewhere (on a card or within a database or both).
8. If a matching phase is being performed the obtained template is
passed to a matcher that compares it with other existing templates,
estimating the distance between them using any algorithm.
9. The matching program will analyze the template with the input. This
will then be output for any specified use or purpose.
Voice pattern :
1. Biometric Voice Recognition is the use of the human voice to
uniquely identify biological characteristics to authenticate an
individual unlike passwords or tokens that require physical input.
2. Voice biometric recognition works by inputting the voice of the
individual whose identity has to be stored in the system. This input
is kept as a print for authentication. The input print is made with
software that can split the voice statement into multiple frequencies
3. A voice biometrics tool collects a user‟s voice template.

Page 6 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

it only checks who is speaking and what is speaking (Who you are and
what you speak)
c) Differentiate between symmetric and asymmetric key 4M
cryptography. 1M for
Ans. each valid
point, any
four points
can be
considered

d) Write & explain DES algorithm 4M

Ans.
2M for
diagram

2M for
explanation

Initial Permutation (IP): It happens only once. It replaces the first bit
of the original plain text block with the 58th bit of the original plain
text block, the second bit with the 50th bit of original plain text block
and so on. The resulting 64-bits permuted text block is divided into
two half blocks. Each half block consists of 32 bits. The left block
called as LPT and right block called as RPT.16 rounds are performed
on these two blocks. Details of one round in DES

Page 7 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Step 1 : key transformation: the initial key is transformed into a 56-

bit key by discarding every 8th bit of initial key. Thus ,for each round ,
a 56 bit key is available, from this 56-bit key, a different 48-bit sub key
is generated during each round using a process called as key
transformation Expansion Permutation Key Transformation
S-box substitution
XOR and swap
P-box Permutation

Step 2: Expansion permutation: During Expansion permutation the

RPT is expanded from 32 bits to 48 bits. The 32-bit RPT is divided
into 8 blocks, with each block consisting of 4-bits. Each 4-bits block of
the previous step is then expanded to a corresponding 6-bit block, per
4-bit block, 2 more bits are added. They are the repeated 1st and 4th
bits of the 4-bit block. The 2nd and 3rd bits are written as they were in
the input. The 48 bit key is XOR ed with the 48-bit RPT and the
resulting output is given to the next step.
Step 3: S-box substitution: It accepts the 48-bits input from the XOR
operation involving the compressed key and expanded RPT and
produces 32-bit output using the substitution techniques. Each of the 8
S-boxes has a 6-bit input and a 4-bit output. The output of each S-box
then combined to form a 32-bit block, which is given to the last stage
of a round
Step 4: P- box permutation: the output of S-box consists of 32-bits.
These 32-bits are permuted using P-box. Step
5: XOR and Swap: The LPT of the initial 64-bits plain text block is
XORed with the output produced by P box-permutation. It produces

Page 8 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

new RPT. The old RPT becomes new LPT, in a process of swapping.

Final Permutation: At the end of 16 rounds, the final permutation is

performed. This is simple transposition. For e.g., the 40th input bit
takes the position of 1st output bit and so on.

3. Attempt any THREE of the following: 12

a) Describe the features of DAC access control policy. 4M
Ans. DAC (discretionary access control) policy utilizes user identification 1M for
procedures to identify and restrict object access .It restricts access to explanation
objects based on the identity of subjects and or groups to which they , 3M for
belongs to. The owner of information or any resource is able to change features
its permissions at his discretion .Data Owners can transfer ownership
of information to other users .Data Owners can determine the type of
access given to other users (read, write etc.)

Features of DAC policy are as follows :-

Flexible –In DAC policy owner of information or resource can change
its permission.

Page 9 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Backup - Discretionary access control allows organizations to

backup security policies and data to ensure effective access points.

Usability - Discretionary access control is easy to use. Data Owners

can transfer ownership of information to other users easily.

b) Consider plain text “COMPUTER ENGINEERING” and convert 4M

given plain text into cipher text using „Caesar Cipher‟ with shift of
position three- write down steps in encryption.
Ans. Caesar cipher technique is proposed by Julius Caesar. It is one of the 2M for
simplest and most widely known encryption techniques. It is a type of explanation
substitution technique in which each letter in the plain text is replaced 2M for
by a letter some fixed number of position down the alphabet. The problem
Caesar cipher involves replacing each letter of the alphabet with the solution
letter three places further down the alphabet. For example, with a shift
of 3, A would be replaced by D, B would became E, and so on as
shown in the table below

PLAIN TEXT -COMPUTER ENGINEERING

CIPHER TEXT–FRPSXWHU HQJLQHHULQJ

c) Differentiate between host-based & network based IDS 4M

Ans. SN Host Based Ids Network Based Ids 1M for
1 Examines activity on an Examines activity on the each valid
individual system, such as a network itself point, any
mail server, web server, or four points
individual PC. can be
2 It is concerned only with an It has visibility only into the considered
individual system and traffic crossing the network
usually has no visibility into link it is monitoring and
the activity on the network typically has no idea of
or systems around it what is happening on
individual systems.

Page 10 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

3 HIDS is looking for certain NIDSs look for certain

activities that typify hos- activities that typify hostile
tile actions or misuse, such actions or misuse, such as
as the following: the following:
 Logins at odd hours  Denial-of-service
 Login authentication attacks
failures  Port scans or sweeps
 Additions of new user  Malicious content in the
accounts data payload of a packet
 Modification or access or packets
of critical system files  Vulnerability scanning
 Trojans, viruses, or
worms
 Tunneling
 Brute-force attacks
4

5 It is host dependent It is host independent

6 It has low false positive rate It has high false positive
rate
7 It senses local attack. It senses network attack
8 It slow down the host that It slow down the network
have IDS client installed that have IDS client
installed
d) Define access control and explain authentication mechanism for 4M
access control.
Ans. Access Control – 2M for
Access is the ability of a subject to interest with an object. Access
Authentication deals with verifying the identity of a subject. It is control
ability to specify, control and limit the access to the host system or
application, which prevents unauthorized use to modify data or

Page 11 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

resources. Access control is to specify, control and limit the access to 2M for
the host system or application, which prevents unauthorized use to authenticati
access or modify data or resources. on
Authentication -
Authentication helps to establish proof of identities. The
Authentication process ensures that the origin of a message is correctly
identified. For example, suppose that user C sends a message over the
internet to user B. however, the trouble is that user C had posed as user
A when he sent a message to user B. how would user B know that the
message has come from user C, who posing as user A? This concept is
shown in fig. below. This type of attack is called as fabrication
Authentication is the process of determining identity of a user or other
entity. It is performed during log on process where user has to submit

His / her username and password.

There are three methods used in it.
1. Something you know - User knows user id and password.
2. Something you have - Valid user has lock and key.
3. Something about you - User‟s unique identity like fingerprints,
DNA etc.

4. Attempt any THREE of the following: 12

a) Enlist substitution techniques & explain any one. 4M
Ans. Substitution Techniques:- In substitution technique letters of plain text 1M for list,
are replaced by the other letters or by numbers or by symbols. 2M for
Substitution techniques are as follows:- explanation
a) Caesar cipher 1M for
b) Modified version of Caesar cipher example
c) Mono-alphabetic cipher
d) Vigener„s cipher

Page 12 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Caesar cipher:
It is proposed by Julius Caesar. In cryptography Caesar cipher also
known as Caesar cipher/code, shift cipher/code. It is one of the
simplest and most widely known encryption techniques. It is a type of
substitution technique in which each letter in the plain text is replaced
by a letter some fixed number of position
down the alphabet. For example, with a shift of 3, A would be replaced
by D, B would became E, and so on as shown in the table below.

Using this scheme, the plain text “SECRET” encrypts as Cipher text
“VHFUHW”. To allow someone to read the cipher text, you tell them
that the key is 3
For S:= (p+k)mod26
= (18 + 3) mod 26
= 21
=V
To allow someone to read the cipher text, you tell them that the key is3
Algorithm to break Caesar cipher:
1. Read each alphabet in the cipher text message, and search for it in
the second row of the table above.
2. When a match in found, replace that alphabet in the cipher text
message with the corresponding alphabet in the same column but the
first row of the table. (For example, if the alphabet cipher text is J,
replace it with G).
3. Repeat the process for all alphabets in the cipher text message.
b) Explain DMZ 4M
Ans. DMZ (Demilitarized Zone):- 1M for
 It is a computer host or small network inserted as a “neutral diagram
zone” in a company‟s private network and the outside public network. 2M for
It avoids outside users from getting direct access to a company‟s data explanation
server. A DMZ is an optional but more secure approach to a firewall. It 1M for

Page 13 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

can effectively acts as a proxy server. example

 The typical DMZ configuration has a separate computer or host
in network which receives requests from users within the private
network to access a web sites or public network. Then DMZ host
initiates sessions for such requests on the public network but it is not
able to initiate a session back into the private network. It can only
forward packets which have been requested by a host.

Advantage: The main benefit of a DMZ is to provide an internal

network with an additional security layer by restricting access to
sensitive data and servers. A DMZ enables website visitors to obtain
certain services while providing a buffer between them and the
organization's private network.

c) Differentiate between firewall & IDS 4M

Ans. S. N Firewall IDS 1M for
1 Firewall is hardware or An intrusion detection system each
software that stands (IDS) is a device or software correct
between a local network application that monitors a point
and the Internet and filters traffic for malicious activity or Any four
traffic that might be policy violations and sends points
harmful based on alert on detection.
predetermined rules.
2 Firewall does not inspect IDS inspects overall network
content of permitted traffic
traffic

Page 14 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

3 A firewall can block an An IDS can only report an

unauthorized access to intrusion .It cannot block it.
network
4 Firewalls Block traffic IDS gives Alerts/alarms on
based on rules the detection of anomaly
5 It filters traffic based on It detects real time traffic and
IP address and port looks for traffic patterns or
numbers signatures of attack and them
generates alerts
d) Explain Email security in SMTP. 4M
Ans. Email Security Email is emerging as one of the most valuable services 1M for
on the internet today. Most of the internet systems use SMTP as a diagram
method to transfer mail from one user to another. SMTP is a push 3M for
protocol and is used to send the mail whereas POP (post office explanation
protocol) or IMAP (internet message access protocol) are used to
retrieve those mails at the receiver„s side.
1. SMTP (simple mail transfer protocol)
2. PEM (Privacy Enhance Mail)
3. PGP (Pretty Good Privacy)
SMTP (Simple Mail Transfer Protocol)
Simple Mail Transfer Protocol, a protocol for sending email messages
between servers. Most e-mail systems that send mail over the Internet
use SMTP to send messages from one server to another; the messages
can then be retrieved with an e-mail client using either POP or IMAP.
In addition, SMTP is generally used to send messages from a mail
client to a mail server. This is why you need to specify both the POP or
IMAP server and the SMTP server when you configure your e-mail
application. SMTP usually is implemented to operate over Internet port
25. An alternative to SMTP that is widely used in Europe is X.400.
Many mail servers now support Extended Simple Mail Transfer
Protocol (ESMTP), which allows multimedia files to be delivered as e-
mail.

Page 15 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

The basic phases of an email communication consists of the following

steps :-
1. At sender„s end an SMTP server takes the message sent by uses
computer
2. The SMTP server at the sender„s end then transfer the message to
the SMTP server of the receiver.
3. The receiver„s computer then pulls the email message from the
SMTP server at the receiver„s end, using the other mail protocol such
as Post Office Protocol (POP) or IMAP (Internet mail access protocol )

e) Explain digital signature in Cryptography. 4M

Ans. Digital Signature: 1Mfor
1. Digital signature is a strong method of authentication in an diagram
electronic form. 3M for
2. It includes message authentication code (MAC), hash value of a explanation
message and digital pen pad devices. It also includes cryptographically
based signature protocols.
3. Digital Signature is used for authentication of the message and the
sender to verify the integrity of the message.
4. Digital Signature may be in the form of text, symbol, image or
audio.
5. In today‟s world of electronic transaction, digital signature plays a
major role in authentication. For example, one can fill his income tax
return online using his digital signature, which avoids the use of paper
and makes the process faster.
6. Asymmetric key encryption techniques and public key infrastructure
are used in digital signature.
7. Digital signature algorithms are divided into two parts-
a. Signing part: It allows the sender to create his digital signature.
b. Verification part: It is used by the receiver for verifying the
signature after receiving the message.
Generation and Verification of digital signatures:
Working:
1. Message digest is used to generate the signature. The message digest
(MD) is calculated from the plaintext or message.
2. The message digest is encrypted using user‟s private key.
3. Then, the sender sends this encrypted message digest with the
plaintext or message to the receiver.

Page 16 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

4. The receiver calculates the message digest from the plain text or
message he received.
5. Receiver decrypts the encrypted message digest using the sender‟s
public key. If both the MDs are not same then the plaintext or message
is modified after signing.

Advantages of Digital Signatures

 Speed: Businesses no longer have to wait for paper documents to
be sent by courier. Contracts are easily written, completed, and
signed by all concerned parties in a little amount of time no matter
how far the parties are geographically.
 Costs: Using postal or courier services for paper documents is
much more expensive compared to using digital signatures on
electronic documents.
 Security: The use of digital signatures and electronic documents
reduces risks of documents being intercepted, read, destroyed, or
altered while in transit.
 Authenticity: An electronic document signed with a digital
signature can stand up in court just as well as any other signed
paper document.
 Non-Repudiation: Signing an electronic document digitally
identifies you as the signatory and that cannot be later denied.
 Time-Stamp: By time-stamping your digital signatures, you will
clearly know when the document was signed

Page 17 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

5. a) Attempt any TWO of the following 12

Define Information. Explain the basic principle of information 6M
Ans. security.
Information is organized or classified data, which has some
meaningful values for the receiver. Information is the processed data
on which knowledge, decisions and actions are based.
For the decision to be meaningful, the processed data must qualify for 2M for
the following characteristics definition
 Timely − Information should be available when required. 1M for
 Accuracy − Information should be accurate. diagram
 Completeness − Information should be complete. 3M for
principles
Basic Principles of information security explanation

Fig CIA Triad of information security

1. Confidentiality: The goal of confidentiality is to ensure that only
those individuals who have the authority can view a piece of
information, the principle of confidentiality specifies that only
sender and intended recipients should be able to access the contents
of a message. Confidentiality gets compromised if an unauthorized
person is able to access the contents of a message.
2. Authentication helps to establish proof of identities. Authentication
process ensures that the origin of a message is correctly identified.
Authentication deals with the desire to ensure that an individual is
who they claim to be.
3. Integrity: Integrity is a related concept but deals with the generation
and modification of data. Only authorized individuals should ever be
able to create or change (or delete) information. When the contents
of the message are changed after the sender sends it, but before it
reaches the intended recipient, we say that the integrity of the
message is lost.

Page 18 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

b) Define & explain. 6M

i) Circuit Gateway
ii) Honey Pots
iii) Application Gateway
Ans. i) Circuit level gateway does not permit an end-to-end TCP 2M for
connection; rather, the gateway sets up two TCP connections, one each
between itself and a TCP user on an inner host and one between itself definition
and a TCP user on an outer host. Once the two connections are and
established, the gateway typically relays TCP segments from one explanation
connection to the other without examining the contents. The security
function consists of determining which connections will be allowed. A
typical use of Circuit level gateways is a situation in which the system
administrator trusts the internal users. The gateway can be configured
to support application level or proxy service on inbound connections
and circuit level functions for outbound connections.

ii) Honey Pots

A relatively recent innovation in intrusion detection technology is the

honey pot. Honey pots are decoy systems that are designed to lure a
potential attacker away from critical systems. Honey pots are designed
to:
 divert an attacker from accessing critical systems
 collect information about the attacker's activity
It encourages the attacker to stay on the system long enough for
administrators to respond. These systems are filled with fabricated
information designed to appear valuable but that a legitimate user of
the system wouldn‟t access. Thus, any access to the honey pot is
suspect.

Page 19 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

iii) Application Gateway

An Application level gateway, also called a proxy server, acts as a

relay of application level traffic. The user contacts the gateway using a
TCP/IP application, such as Telnet or FTP, and the gateway asks the
user for the name of the remote host to be accessed. When the user
responds and provides a valid user ID and authentication information,
the gateway contacts the application on the remote host and relays TCP
segments containing the application data between the two endpoints.
Application level gateways tend to be more secure than packet filters.
It is easy to log and audit all incoming traffic at the application level. A
prime disadvantage is the additional processing overhead on each
connection.

c) Explain the working of Kerberos 6M

Ans Kerberos is a network authentication protocol. It is designed to provide 6M for
strong authentication for client/server applications by using secret-key relevant
cryptography. steps

Page 20 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

The entire process takes a total of eight steps, as shown below.

1. The authentication service, or AS, receivers the request by the client
and verifies that the Client is indeed the computer it claims to be. This
is usually just a simple database lookup of the user‟s ID.

2. Upon verification, a timestamp is crated. This puts the current time

in a user session, along with an expiration date. The default expiration
date of a timestamp is 8 hours. The encryption key is then created. The
timestamp ensures that when 8 hours is up, the encryption key is
useless. (This is used to make sure a hacker doesn‟t intercept the data,
and try to crack the key. Almost all keys are able to be cracked, but it
will take a lot longer than 8 hours to do so).

3. The key is sent back to the client in the form of a ticket-granting

ticket, or TGT. This is a simple ticket that is issued by the
authentication service. It is used for authentication the client for future
reference.

4. The client submits the ticket-granting ticket to the ticket-granting

server, or TGS, to get authenticated.

Page 21 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

5. The TGS creates an encrypted key with a timestamp, and grants the
client a service ticket.

6. The client decrypts the ticket, tells the TGS it has done so, and then
sends its own encrypted key to the service server.

7. The service server decrypts the key, and makes sure the timestamp is
still valid. If it is, the
service contacts the key distribution center to receive a session that is
returned to the client.
8. The client decrypts the ticket. If the keys are still valid,
communication is initiated between client and server.

Page 22 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

6. Attempt any TWO of the following: 12

a) Explain DOS with neat diagram. 6M
Ans. Denial Of Service Attack: Denial of service (DOS) attack scan exploits 2M for
a known vulnerability in a specific application or operating system, or diagram
they may attack features (or weaknesses) in specific protocols or 4M for
services. In this form of attack, the attacker is attempting to deny explanation
authorized users access either to specific information or to the
computer system or network itself. The purpose of such an attack can
be simply to prevent access to the target system, or the attack can be
used in conjunction with other actions in order to gain unauthorized
access to a computer or network. SYN flooding is an example of a
DOS attack that takes advantage of the way TCP/IP networks were
designed to function, and it can be used to illustrate the basic principles
of any DOS attack. SYN flooding utilizes the TCP three-way
handshake that is used to establish a connection between two systems.
In a SYN flooding attack, the attacker sends fake communication
requests to the targeted system. Each of these requests will be
answered by the target system, which then waits for the third part of
the handshake. Since the requests are fake the target will wait for
responses that will never come, as shown in Figure.

The target system will drop these connections after a specific time-out
period, but if the attacker sends requests faster than the time-out period
eliminates them, the system will quickly be filled with requests. The
number of connections a system can support is finite, so when more
requests come in than can be processed, the system will soon be
reserving all its connections for fake requests. At this point, any further
requests are simply dropped (ignored), and legitimate users who want
to connect to the target system will not be able to. Use of the system
has thus been denied to them.

Page 23 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

b) Explain Public Key Infrastructure with example. 6M

Ans. A public key infrastructure (PKI) is a set of roles, policies, 3M
hardware, software and procedures needed to create, manage, Explanatio
distribute, use, store and revoke digital certificates and manage public- n
key encryption. The purpose of a PKI is to facilitate the secure 1M
electronic transfer of information for a range of network activities such diagram
as e-commerce, internet banking and confidential email. 2M for
PKI is the governing body behind issuing digital certificates. It helps to example
protect confidential data and gives unique identities to users and
systems. Thus, it ensures security in communications.
The public key infrastructure uses a pair of keys: the public key and the
private key to achieve security. The public keys are prone to attacks
and thus an intact infrastructure is needed to maintain them.
PKI identifies a public key along with its purpose. It usually consists of
the following components:

 A digital certificate also called a public key certificate

 Private Key tokens
 Registration authority
 Certification authority
 CMS or Certification management system

Working on a PKI:
PKI and Encryption: The root of PKI involves the use of
cryptography and encryption techniques. Both symmetric and
asymmetric encryption uses a public key. There is always a risk of
MITM (Man in the middle). This issue is resolved by a PKI using
digital certificates. It gives identities to keys in order to make the
verification of owners easy and accurate.
Public Key Certificate or Digital Certificate: Digital certificates are
issued to people and electronic systems to uniquely identify them in the
digital world.
 The Certification Authority (CA) stores the public key of a user
along with other information about the client in the digital
certificate. The information is signed and a digital signature is also
included in the certificate.
 The affirmation for the public key then thus be retrieved by
validating the signature using the public key of the Certification
Authority.

Page 24 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

Certifying Authorities: A CA issues and verifies certificates. This

authority makes sure that the information in a certificate is real and
correct and it also digitally signs the certificate. A CA or Certifying
Authority performs these basic roles:

 Generates the key pairs – This key pair generated by the CA can be
either independent or in collaboration with the client.
 Issuing of the digital certificates – When the client successfully
provides the right details about his identity, the CA issues a
certificate to the client. Then CA further signs this certificate
digitally so that no changes can be made to the information.
 Publishing of certificates – The CA publishes the certificates so
that the users can find them. They can do this by either publishing
them in an electronic telephone directory or by sending them out to
other people.
 Verification of certificate – CA gives a public key that helps in
verifying if the access attempt is authorized or not.
 Revocation – In case of suspicious behavior of a client or loss of
trust in them, the CA has the power to revoke the digital
certificate.

The most popular usage example of PKI (Public Key Infrastructure) is

the HTTPS (Hypertext Transfer Protocol Secure) protocol. HTTPS is a
combination of the HTTP (Hypertext Transfer Protocol) and SSL/TLS
(Secure Sockets Layer/Transport Layer Security) protocols to provide
encrypted communication and secure identification of a Web server.

In HTTPS, the Web server's PKI certificate is used by the browser for
two purposes:

Page 25 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

 Validate the identity of the Web server by verify the CA's digital
signature in the certificate.
 Encrypt a secret key to be securely delivered to the Web server. The
secret key will be used to encrypt actual data to be exchanged between
the browser and the Web server.

Other examples of PKI (Public Key Infrastructure) are:

 Digital signature - The sender of a digital message uses his/her private

key to generate a digital signature attached to the message. The
receiver uses the sender's certificate to verify the digital signature to
ensure the message was sent by the claimed sender.
 Encryption of documents - The sender of a digital message uses the
receiver's certificate to encrypt the message to protect the
confidentiality of the message. Only the receiver who can use his/her
private key decrypt the message.
 Digital identification - User's certificate is stored in a smart card to be
used to verify card holder's identities.
 (CONSIDER ANY ONE EXAMPLE)

c) Explain Policies, configuration & limitations of firewall. 6M

Ans. Policies of firewall:
a) All traffic from inside to outside and vice versa must pass through the 1M for
firewall. To achieve this all access to local network must first be policies
physically blocked and access only via the firewall should be 1M for
permitted. As per local security policy traffic should be permitted. listing
b) The firewall itself must be strong enough so as to render attacks on it configurati
useless. on
2M for
Configuration of firewall configurati
There are 3 common firewall configurations. on, any one
1. Screened host firewall, single-homed bastion configuration can be
2. Screened host firewall, dual homed bastion configuration explained
3. Screened subnet firewall configuration 2M for
limitation,
1. Screened host firewall, single-homed bastion configuration any two
points
In this type of configuration a firewall consists of following parts
i)A packet filtering router
(ii)An application gateway.

Page 26 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

The main purpose of this type is as follows:Packet filter is used to

ensure that incoming data is allowed only if it is destined for
application gateway, by verifying the destination address field of
incoming IP packet. It also performs the same task on outing data by
checking the source address field of outgoing IP packet.
Application gateway is used to perform authentication and proxy
function. Here Internal users are connected to both application gateway
as well as to packet filters therefore if packet filter is successfully
attacked then the whole Internal Network is opened to the attacker

Fig single homed bastion configuration

2. Screened host firewall, dual homed bastion configuration

To overcome the disadvantage of a screened host firewall, single
homed bastion configuration, another configuration is available known
as screened host firewall, Dual homed bastion. n this, direct
connections between internal hosts and packet filter are avoided. As it
provide connection between packet filter and application gateway,
which has separate connection with the internal hosts. Now if the
packet filter is successfully attacked. Only application gateway is
visible to attacker. It will provide security to internal hosts.

Fig dual homed bastion configuration

Page 27 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

SUMMER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network Information Security Subject Code: 22620

3. Screened subnet firewall configuration

It provides the highest security among all firewall configurations. It is
improved version over all the available scheme of firewall
configuration. It uses two packet filters, one between the internet and
application gateway and another between the application gateway and
the internal network. Thus this configuration achieves 3 levels of
security for an attacker to break into.

Fig Screened subnet firewall configuration

Limitations: (one mark)

1. Firewall do not protect against inside threats.
2. Packet filter firewall does not provide any content based filtering.
3. Protocol tunneling, i.e. sending data from one protocol to another
protocol which negates the purpose of firewall.
4. Encrypted traffic cannot be examine and filter.

Page 28 / 28

Downloaded by Darshan Awale ([email protected])

 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
Important Instructions to examiners:
1) The answers should be examined by key words and not as word-to-word as given in the
model answer scheme.
2) The model answer and the answer written by candidate may vary but the examiner may
try to assess the understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more
Importance (Not applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in
the figure. The figures drawn by candidate and model answer may vary. The examiner
may give credit for anyequivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed
constant values may vary and there may be some difference in the candidate’s answers
and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of
relevant answer based on candidate’s understanding.
7) For programming language papers, credit may be given to any other program based on
equivalent concept.
8) As per the policy decision of Maharashtra State Government, teaching in English/Marathi
and Bilingual (English + Marathi) medium is introduced at first year of AICTE diploma
Programme from academic year 2021-2022. Hence if the students in first year (first and
second semesters) write answers in Marathi or bilingual language (English +Marathi), the
Examiner shall consider the same and assess the answer based on matching of concepts
with model answer.

Q. Sub Answer Marking

No Q.N. Scheme
1. Attempt any FIVE of the following: 10
a) Define computer security and state it’s need 2M
Ans. Computer Security refers to techniques for ensuring that data stored Definition
1M
in a computer cannot be read or compromised by any individuals
without authorization.

Need of computer Security:

Any one
1. For prevention of data theft such as bank account numbers, credit
need 1M
card information, passwords, work related documents or sheets, etc.
2. To make data remain safe and confidential.
3. To provide confidentiality which ensures that only those
individuals should ever be able to view data they are not entitled to.

Page 1 / 27

about:blank 1/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code: 22620

4. To provide integrity which ensures that only authorized individuals

should ever be able change or modify information.
5. To provide availability which ensure that the data or system itself
is available for use when authorized user wants it.
6. To provide authentication which deals with the desire to ensure
that an authorized individual.
OR
The need of computer security has been threefold: confidentiality,
integrity, and authentication—the “CIA” of security.
1. Confidentiality: the principle of confidentiality specifies that
only sender and intended recipients should be able to access the
contents of a message. Confidentiality gets compromised if an
unauthorized person is able to access the contents of a message.
2. Integrity: when the contents of the message are changed after the
sender sends it, but before it reaches the intended recipient, we
say that the integrity of the message is lost.
3. Authentication: Authentication helps to establish proof of
identities. The Authentication process ensures that the origin of a
message is correctly identified.

b) Explain shoulder surfing attack. 2M

Ans. Shoulder surfing a similar procedure in which attackers position
themselves in such a way as to- be-able to observe the authorized user Relevant
explanation
entering the correct access code. 2M
Shoulder surfing is an effective way to get information in crowded
places because it's relatively easy to stand next to someone and watch
as they fill out a form, enter a PIN number at an ATM machine, or
use a calling card at a public pay phone. Shoulder surfing can also be
done long distance with the aid of binoculars or other vision-
enhancing devices.
Shoulder surfing is using direct observation techniques, such as
looking over someone's shoulder, to get information.

Page 2 / 27

about:blank 2/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
c) Explain the term cryptography. 2M
Ans. Cryptography: Cryptography is the art and science of achieving Correct
explanation
security by encoding messages to make them non-readable. 1M

Diagram
1M

d) State the meaning of hacking. 2M

Ans. Hacking in simple terms means an illegal intrusion into a computer Correct
system and/or network. Government websites are the hot target of the explanation
2M
hackers due to the press coverage, it receives. Hackers enjoy the
media coverage.
OR
Hacking is the act of identifying and then exploiting weaknesses in a
computer system or network, usually to gain unauthorized access to
personal or organizational data. Hacking is not always a malicious
activity, but the term has mostly negative connotations due to its
association with cybercrime.
e) Describe sniffing attack. 2M
Ans. This is software or hardware that is used to observe traffic as it passes Correct
explanation
through a network on shared broadcast media. It can be used to view 2M
all traffic or target specific protocol, service, or string of characters
like logins. Some network sniffers are not just designed to observe
the all traffic but also modify the traffic. Network administrators use
sniffers for monitoring traffic. They can also use for network
bandwidth analysis and to troubleshoot certain problems such as
duplicate MAC addresses.
f) Explain need for firewall. 2M
Ans. Any two
 A firewall is a network security device that monitors incoming
needs 2M
and outgoing network traffic and permits or blocks data packets
based on a set of security rules.
 Its purpose is to establish a barrier between your internal network
and incoming traffic from external sources (such as the internet)
in order to block malicious traffic like viruses and hackers.
 Firewalls can be an effective means of protecting a local system
or network of systems from network-based security threats while
at the same time affording access to the outside world via wide
area networks and the Internet.

Page 3 / 27

about:blank 3/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
g) Explain use of PCI DSS 2M
Ans. The Payment Card Industry Data Security Standard (PCI DSS) is a Correct
explanation
set of security standards designed to ensure that all companies that 2M
accept process, store or transmit credit card information maintain a
secure environment.PCI DSS is the global data security standard that
any business of any size must adhere to in order to accept payment
cards, and to store, process, and/or transmit cardholder data. It
presents common sense steps that mirror best security practices.
2. Attempt any THREE of the following: 12
a) Define Risk. Describe qualitative and quantitative risk analysis. 4M
Ans. Risk: A computer security risk is any event or action that could cause Definition
1M
a loss or damage to computer hardware, software, data, or
information OR Risk is probability of threats that may occur because Explanation
of presence of vulnerability in a system. of
qualitative
Quantitative Risk Analysis: A Process of assigning a numeric value and
quantitative
to the probability of loss based on known risks, on financial values of risk analysis
the assets and on probability of threats. It is used to determine 3M
potential direct and indirect costs to the company based on values
assigned to company assets and their exposure to risk. Assets can be
rated as the cost of replacing an asset, the cost of lost productivity, or
the cost of diminished brand reputation. In this 100% quantitative risk
analysis is not possible.

Qualitative Risk Analysis: A collaborative process of assigning

relative values to assets, assessing their risk exposure and estimating
the cost of controlling the risk. It utilizes relative measures and
approximate costs rather than precise valuation and cost
determination. Assets can be rated based on criticality - very
important, important, not-important etc. Vulnerabilities can be rated
based on how it is fixed - fixed soon, should be fixed, fix if suitable
etc. Threats can be rated based on scale of likely - likely, unlikely,
very likely etc. In this 100% qualitative risk analysis is feasible.
b) Explain working of biometric access control with any type of 4M
example. Diagram
Ans. Biometric refers study of methods for uniquely recognizing humans 1M
based upon one or more intrinsic physical or behavioral Explanation
characteristics. Biometric identification is used on the basis of some 3M
unique physical attribute of the user that positively identifies the user.

Page 4 / 27

about:blank 4/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
Example: finger print recognition, retina and face scan technique,
voice synthesis and recognition and so on. Different types of
Biometrics
1. Finger print recognition
2. Hand print recognition
3. Retina/iris scan technique
4. Face recognition
5. Voice patterns recognition
6. Signature and writing patterns recognition
7. Keystroke dynamics

Fig. block diagram of biometric system

Finger print recognition
Above figure shows the block diagram of biometric system.
Fingerprint registration & verification process
1. During registration, first time an individual uses a biometric
system is called an enrollment.
2. During the enrollment, biometric information from an individual is
stored.
3. In the verification process, biometric information is detected and
compared with the information stored at the time of enrolment.
4. The first block (sensor) is the interface between the real world and
the system; it has to acquire all the necessary data.
5. The 2nd block performs all the necessary pre-processing
6. The third block extracts necessary features. This step is an
important step as the correct features need to be extracted in the
optimal way.
7. If enrollment is being performed the template is simply stored
somewhere (on a card or within a database or both).
8. If a matching phase is being performed the obtained template is

Page 5 / 27

about:blank 5/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
passed to a matcher that compares it with other existing templates,
estimating the distance between them using any algorithm.
9. The matching program will analyze the template with the input.
This will then be output for any specified use or purpose.

Limitations:-
1) Using the fingerprint scanner does not take into consideration
when a person physically changes
2) The cost of computer hardware and software programs can be
expensive
3) Using the fingerprint scanner can lead to false rejections and false
acceptance.
4) It can make mistakes with the dryness or dirty of the finger„s skin,
as well as with the age (is not appropriate with children, because the
size of their fingerprint changes quickly.
c) Explain Caesar’s cipher substitute technique with suitable 4M
example.
Ans. Caesar cipher technique is proposed by Julius Caesar. It is one of the Explanation
simplest and most widely known encryption techniques. It is a type of 2M
substitution technique in which each letter in the plain text is replaced Example
by a letter some fixed number of position down the alphabet. The 2M
Caesar cipher involves replacing each letter of the alphabet with the
letter three places further down the alphabet. For example, with a
shift of 3, A would be replaced by D, B would became E, and so on
as shown in the table below

Example
PLAIN TEXT - COMPUTER ENGINEERING
Convert each alphabet in the plain text, using the table, the cipher text
can be written as
CIPHER TEXT – FRPSXWHU HQJLQHHULQJ
Algorithm to break Caesar cipher:

Page 6 / 27

about:blank 6/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code: 22620

1. Read each alphabet in the cipher text message, and search for it in
the second row of the table above.
2. When a match in found, replace that alphabet in the cipher text
message with the corresponding alphabet in the same column but the
first row of the table. (For example, if the alphabet cipher text is J,
replace it with G).
3. Repeat the process for all alphabets in the cipher text message.
d) Describe DES algorithm with suitable example. 4M
Ans. Data Encryption Standard is symmetric block cipher which takes
input of 64-bit plain text along with 64-bit key and process it, to Diagram
1M
generate the 64-bit cipher text.
The diagram below illustrates the working of DES. Explanation
in short 3M

DES Encryption:-
Step 1: In the first step the 64-bit plain text undergoes initial
permutation which rearranges the bits to produce two 32-bit permuted
block which is called left plain text (LPT 32-bit) and right plain text
(RPT 32-bit).
Step 2: Now, 16 rounds of DES encryption will be performed on this
LPT and RPT with a 56-bit key.
Step 3: After the 16th round the 32-bit LPT and 32-bit RPT are
integrated which forms a 64-bit block again and then the final
permutation is applied to this 64-bit block, to obtain the 64-bit cipher
text.
Rounds in Data Encryption Standard
Each round of DES performs the same function. So, below are the
steps of the function performed in each round of DES algorithm:

Page 7 / 27

about:blank 7/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code: 22620

1. Key Transformation: -In DES initial key size is 64-bit which is

reduced to the 56-bit key. This is done by discarding every 8th bit
from the 64-bit key. So, for each round of DES, this 56-bit key is
used. In the key transformation step, this 56-bit is transformed to the
48-bit key.

2. Expansion Permutation: -In the first step of encryption, during

the initial permutation of DES, the 64-bit plain text is permuted and
we have 32-bit LPT and 32-bit RPT. Now, the expansion permutation
is performed on the 32-bit RPT which transforms it from 32-bit to 48-
bit. The 32-bit LPT is untouched during the process.

3. S-box Substitution:-The input to S-box is 48-bit resultant block of

expansion permutation. In S-box substitution, the input 48-bit block
is transformed to 32-bit block

4. P-box Permutation:- The 32-bit output obtained from s-box

substitution is provided as an input to P-box. Here, the 32-bit input is
simply permuted and send to the next step.

5. XOR and Swap:-In this step, the 32-bit LPT of the initial 64-bit
plain text is XOR with the output of P-box permutation. The result of
the XOR is the new RPT for next round and the old RPT is swapped
with LPT.
DES Decryption:-
The same Data Encryption Standard algorithm used for encrypting
the plain text is also used to decrypting the cipher text. But the
algorithm is reversed, such as the initial and final permutation events
are reversed. Even the sequence of the sub keys applied in 16 rounds
of DES is also reversed.
3. Attempt any THREE of the following: 12
a) Explain the term Authorization and Authentication with respect 4M
to security. Explanation
Ans. Authorization: It is a process of verifying that the known person has of each term
2M
the authority to perform certain operation. It cannot occur without
authentication. It is nothing but granting permissions and rights to
individual so that he can use these rights to access computer resources
or information.

Page 8 / 27

about:blank 8/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
Authentication. Authentication is the process of determining identity
of a user or other entity. It is performed during log on process where
user has to submit his/her username and password. There are three
methods used in it. 1. Something you know User knows user id and
password. 2. Something you have Valid user has lock and key. 3.
Something about you User‟s unique identity like fingerprints, DNA
etc.
b) Write an algorithm for simple columnar transposition technique 4M
and explain with example.
Ans. Simple columnar transposition technique: Algorithm
1M
Algorithm:
1. The message is written out in rows of a fixed length. Any
2. Read out again column by column according to given order or in relevant
example 3M
random order.
3. According to order write cipher text.
Example
The key for the columnar transposition cipher is a keyword e.g.,
ORANGE. The row length that is used is the same as the length of
the keyword.
To encrypt a below plaintext: COMPUTER PROGRAMMING

In the above example, the plaintext has been padded so that it neatly
fits in a rectangle. This is known as a regular columnar transposition.
An irregular columnar transposition leaves these characters blank,
though this makes decryption slightly more difficult. The columns are
now reordered such that the letters in the key word are ordered
alphabetically.

Page 9 / 27

about:blank 9/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

The Encrypted text or Cipher text is:

MPMETGNMUOIXPRXCERGORAL
c) Describe DMZ with suitable example. 4M
Ans. DMZ (Demilitarized Zone): It is a computer host or small network Description
2M
inserted as a “neutral zone” in a company‟s private network and the
outside public network. It avoids outside users from getting direct Diagram
access to a company‟s data server. A DMZ is an optional but more 1M
secure approach to a firewall. It can effectively acts as a proxy server. Any one
The typical DMZ configuration has a separate computer or host in Example
network which receives requests from users within the private 1M

network to access a web sites or public network. Then DMZ host

initiates sessions for such requests on the public network but it is not
able to initiate a session back into the private network. It can only
forward packets which have been requested by a host. The public
network‟s users who are outside the company can access only the
DMZ host. It can store the company‟s web pages which can be served
to the outside users. Hence, the DMZ can‟t give access to the other
company‟s data. By any way, if an outsider penetrates the DMZ‟s
security the web pages may get corrupted but other company‟s
information can be safe.

Page 10 / 27

about:blank 10/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

Examples:
1) Web servers
It‟s possible for web servers communicating with internal database
servers to be deployed in a DMZ. This makes internal databases more
secure, as these are the repositories responsible for storing sensitive
information. Web servers can connect with the internal database
server directly or through application firewalls, even though the DMZ
continues to provide protection.

2) DNS servers
A DNS server stores a database of public IP addresses and their
associated hostnames. It usually resolves or converts those names to
IP addresses when applicable. DNS servers use specialized software
and communicate with one another using dedicated protocols. Placing
a DNS server within the DMZ prevents external DNS requests from
gaining access to the internal network. Installing a second DNS
server on the internal network can also serve as additional security.

3)Proxy servers
A proxy server is often paired with a firewall. Other computers use it
to view Web pages. When another computer requests a Web page, the
proxy server retrieves it and delivers it to the appropriate requesting

Page 11 / 27

about:blank 11/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

machine. Proxy servers establish connections on behalf of clients,

shielding them from direct communication with a server. They also
isolate internal networks from external networks and save bandwidth
by caching web content.

d) Write short note on DAC and MAC 4M

Ans. Discretionary Access control (DAC): Explanation
of each term
Restricting access to objects based on the identity of subjects and or 2M
groups to which they belong to, it is conditional, basically used by
military to control access on system. UNIX based System is common
method to permit user for read/write and execute

Mandatory Access control (MAC):

It is used in environments where different levels of security are
classified. It is much more restrictive. It is sensitivity-based
restriction, formal authorization subject to sensitivity. In MAC the
owner or User cannot determine whether access is granted to or not.
i.e. Operating system rights. Security mechanism controls access to
all objects and individual cannot change that access.
4. Attempt any THREE of the following: 12
a) Write a short note on stegnography. 4M
Ans. Steganography is the art and science of writing hidden message in
such a way that no one, apart from the sender and intended recipient, Explanation
of technique
suspects the existence of the message. 2M
Steganography works by replacing bits of useless or unused data in Any
regular computer files (such as graphics, sound, text, html or even relevant
floppy disks) with bits of different, invisible information. diagram 2M

This hidden information can be plain text, cipher text or even images. OR
In modern steganography, data is first encrypted by the usual means Advantage
and then inserted, using a special algorithm, into redundant data that 1M
Disadvantag
is part of a particular file format such as a JPEG image. e 1M

Page 12 / 27

about:blank 12/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

Steganography process:
Cover-media + Hidden data + Stego-key = Stego-medium
Cover media is the file in which we will hide the hidden data, which
may also be encrypted using stego-key. The resultant file is stego-
medium. Cover-media can be image or audio file.
Advantages:
1. With the help of steganography we can hide secret message within
graphics image.
2. In modern Steganography, data is encrypted first and then inserted
using special algorithm so that no one suspects its existence.
Drawbacks:
1. It requires lot of overhead to hide a relatively few bits of
information.
2. Once the system is discovered, it becomes virtually worthless.
b) Explain honey pots. 4M
Ans. Honeypots are designed to purposely engage and deceive hackers and
identify malicious activities performed over the Internet. The Explanation
2M
honeypots are designed to do the following:
Any
1. Divert the attention of potential attacker. relevant
diagram 2M
2. Collect information about the intruder‟s action.
3. Provide encouragement to the attacker so as to stay for some time,
allowing the administrations to detect this and swiftly act on this.

Page 13 / 27

about:blank 13/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

Honeypots are designed for 2 important goals

1. Make them look-like full real-life systems.
2. Do not allow legitimate users to know about or access them.

c) Explain Host based IDS. 4M

Ans. (Host Intrusion Detection System (HIDS) Explanation
Host intrusion detection systems (HIDS) run on independent hosts or 2M
Relevant
devices on the network. A HIDS monitors the incoming and outgoing diagram 2M
packets from the device only and will alert the administrator if
suspicious or malicious activity is detected. It takes a snapshot of
existing system files and compares it with the previous snapshot. If
the analytical system files were edited or deleted, an alert is sent to
the administrator to investigate. Anexample of HIDS usage can be
seen on mission critical machines, which are not expected to change
their layout.

Basic Components HIDS:

 Traffic collector:
This component collects activity or events from the IDS to examine.
On Host-based IDS, this can be log files, audit logs, or traffic coming
to or leaving a specific system

Page 14 / 27

about:blank 14/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

 Analysis Engine:
This component examines the collected network traffic & compares it
to known patterns of suspicious or malicious activity stored in the
signature database. The analysis engine acts like a brain of the IDS.
 Signature database:
It is a collection of patterns & definitions of known suspicious or
malicious activity.
 User Interface & Reporting:
This is the component that interfaces with the human element,
providing alerts & giving the user a means to interact with & operate
the IDS.
d) Describe working principle of SMTP. 4M
Ans. 1. Composition of Mail: A user sends an e-mail by composing an Working
principle
electronic mail message using a Mail User Agent (MUA). Mail User explanation
Agent is a program which is used to send and receive mail. The 2M
message contains two parts: body and header. The body is the main
part of the message while the header includes information such as the Suitable
sender and recipient address. The header also includes descriptive diagram 2M
information such as the subject of the message. In this case, the
message body is like a letter and header is like an envelope that
contains the recipient's address.

2. Submission of Mail: After composing an email, the mail client

then submits the completed e-mail to the SMTP server by using
SMTP on TCP port 25.

3. Delivery of Mail: E-mail addresses contain two parts: username of

the recipient and domain name. For example, [email protected],
where "vivek" is the username of the recipient and "gmail.com" is the
domain name.
If the domain name of the recipient's email address is different from
the sender's domain name, then MSA will send the mail to the Mail
Transfer Agent (MTA). To relay the email, the MTA will find the
target domain. It checks the MX record from Domain Name System
to obtain the target domain. The MX record contains the domain
name and IP address of the recipient's domain. Once the record is
located, MTA connects to the exchange server to relay the message.

Page 15 / 27

about:blank 15/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
4. Receipt and Processing of Mail: Once the incoming message is
received, the exchange server delivers it to the incoming server (Mail
Delivery Agent) which stores the e-mail where it waits for the user to
retrieve it.

5. Access and Retrieval of Mail: The stored email in MDA can be

retrieved by using MUA (Mail User Agent). MUA can be accessed
by using login and password.

e) Explain creation and verification of digital signature. 4M

Ans. Working of digital signature Generation and Verification: Working
2M
1. Key Generation: Digital signature are electronic signatures, which
assures that the message was sent by a particular sender. While Relevant
performing digital transactions authenticity and integrity should be diagram 2M
assured, otherwise the data can be altered or someone can also act as
if he was the sender and expect a reply.

2. Signature Verification: Verifier receives Digital Signature along

with the data. It then uses Verification algorithm to process on the
digital signature and the public key (verification key) and generates
some value. It also applies the same hash function on the received
data and generates a hash value. Then the hash value and the output
of the verification algorithm are compared. If they both are equal,
then the digital signature is valid else it is invalid.

Page 16 / 27

about:blank 16/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

5. Attempt any TWO of the following: 12

a) Explain any three criteria for classification of information. 6M
Ans. i) Useful life Any three
criteria 2M
A data is labeled „more useful‟ when the information is available each
ready for making changes as and when required. Data might need to
be changed from time to time, and when the „change‟ access is
available, it is valuable data.
ii) Value of data
This is probably the most essential and standard criteria for
information classification. There is some confidential and valuable
information of every organization, the loss of which could lead to
great losses for the organization while creating organizational issues.
Therefore, this data needs to be duly classified and protected.
iii) Personal association
It is important to classify information or data associated with
particular individuals or addressed by privacy law.
iv) Age
The value of information often declines with time. Therefore, if the
given data or information comes under such a category, the data
classification gets lowered.

Page 17 / 27

about:blank 17/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
b) List types of firewall and explain any one of them. 6M
Ans. (Note: Firewalls available in market can also be considered)
List four
List of firewall: types 2M
1. Packet filter as a firewall
2. Circuit level gateway firewall Diagram
3. Application level gateway firewall with
4. Proxy server as a firewall explanation
of any one
5. Stateful multilayer Inspection Firewall 4M
.
1. Packet filter as a firewall : As per the diagram given below
Firewall will act according to the table given for example source IP
150.150.0.0 is the IP address of a network , all the packets which are
coming from this network will be blocked by the firewall in this way
it is acting as a firewall. Table also having port 80, IP Address
200.75.10.8 & port 23 firewall will act in the similar fashion. Port 23
is for Telnet remote login in this case firewall won‟t allow to login
onto this server. IP Address 200.75.10.8 is the IP address of
individual Host, all the packet having this IP address as a destination
Address will be denied. Port 80 no HTTP request allowed by firewall

2. Circuit level gateway Firewalls: The circuit level gateway

firewalls work at the session layer of the OSI model. They monitor
TCP handshaking between the packets to determine if a requested
session is legitimate. And the information passed through a circuit
level gateway, to the internet, appears to have come from the circuit
level gateway. So, there is no way for a remote computer or a host to
determine the internal private ip addresses of an organization, for
example. This technique is also called Network Address Translation
where the private IP addresses originating from the different clients
inside the network are all mapped to the public IP address available

Page 18 / 27

about:blank 18/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code: 22620

through the internet service provider and then sent to the outside
world (Internet). This way, the packets are tagged with only the
Public IP address (Firewall level) and the internal private IP
addresses are not exposed to potential intruders

3. Application level gateway Firewalls: Application level firewalls

decide whether to drop a packet or send them through based on the
application information (available in the packet). They do this by
setting up various proxies on a single firewall for different
applications. Both the client and the server connect to these proxies
instead of connecting directly to each other. So, any suspicious data
or connections are dropped by these proxies. Application level
firewalls ensure protocol conformance. For example, attacks over http
that violates the protocol policies like sending Non-ASCII data in the
header fields or overly long string along with NonASCII characters in
the host field would be dropped because they have been tampered
with, by the intruders.

Page 19 / 27

about:blank 19/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

4. Stateful multilayer Inspection Firewall (SMLI)

The stateful multi-layer inspection (SMLI) firewall uses a
sophisticated form of packet-filtering that examines all seven layers
of the Open System Interconnection (OSI) model. Each packet is
examined and compared against known states of friendly packets.
While screening router firewalls only examine the packet header,
SMLI firewalls examine the entire packet including the data. SMLI is
a mechanism that uses a sophisticated form of packet-filtering,
examining all major layers of the OSI model. In other words, this
type of filter examines packets on the network, transmission, and
application levels, comparing them to known trusted packets. SMLI
checks the entire packet and only allows it to pass through each layer
individually. Such firewalls inspect packets to assess the state of
communication in order to ensure that all facilitated communication
only takes place with trusted sources. To be more specific, an SMLI
firewall is not necessarily a single firewall implementation. Rather, it
is a series of firewalls that work in concert to secure traffic at
different levels of the OSI model. It may be a composition of a
stateless packet filter, a stateful firewall, as well as an application-
level proxy. SMLI.

Page 20 / 27

about:blank 20/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code: 22620

c) Explain IP sec security with help of diagram. 6M

Ans.
Diagram
2M

Explanation
4M

It encrypts and seal the transport and application layer data during
transmission. It also offers integrity protection for internet layer. It
sits between transport and internet layer of conventional TCP/IP
protocol 1. Secure remote internet access: Using IPsec make a local
call to our internet services provider (ISP) so as to connect to
organization network in a secure fashion from our house or hotel
from there; to access the corporate network facilities or access remote
desktop/servers. 2. Secure branch office connectivity: Rather than
subscribing to an expensive leased line for connecting its branches
across cities, an organization can setup an IPsec enabled network for
security. 3. Setup communication with other organization: Just as
IPsec allow connectivity between various branches of an
organization, it can also be used to connect the network of different
organization together in a secure & inexpensive fashion. Basic
Concept of IPsec Protocol: IP packet consist two position IP header &
actual data IPsec feature are implemented in the form of additional
headers called as extension header to the standard, default IP header.
IPsec offers two main services authentication & confidentially. Each
of these requires its own extension header. Therefore, to support these
two main services, IPsec defines two IP extension header one for
authentication & another for confidentiality.

Page 21 / 27

about:blank 21/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

It consists of two main protocols

Authentication header (AH): Authentication header is an IP Packet
(AH) protocol provides authentication, integrity &an optional anti-
reply service. The IPsec AH is a header in an IP packet. The AH is
simply inserted between IP header & any subsequent packet contents
no changes are required to data contents of packet. Security resides
completing in content of AH.
Encapsulation Header (ESP): Used to provide confidentiality, data
origin authentication, data integrity. It is based on symmetric key
cryptography technique. ESP can be used in isolation or it can be
combined with AH.

Fig: AP and ESP

6. Attempt any TWO of the following: 12
a) Define virus and describe the phases of virus. 6M
Ans. Definition: Virus is a program which attaches itself to another Definition
2M
program and causes damage to the computer system or the network. It
is loaded onto your computer without your knowledge and runs Phases 4M
against your wishes.
During the lifecycle of virus it goes through the following four
phases:
1. Dormant phase: The virus is idle and activated by some event.
2. Propagation phase: It places an identical copy of itself into other
programs or into certain system areas on the disk.
3. Triggering phase: The virus is activated to perform the function
for which it was intended.
4. Execution phase: The function of virus is performed

Page 22 / 27

about:blank 22/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code: 22620

b) Explain Kerberos with help of suitable diagram. 6M

Ans. Kerberos: Kerberos is a network authentication protocol. It is
designed to provide strong authentication for client/server Step by step
applications by using secret-key cryptography. It uses secret key explanation
with
cryptography. It is a solution to network security problems. It suitable
provides tools for authentication and strong cryptography over the diagram 6M
network to help you secure your information system There are 4
parties involved in Kerberos protocol
i) User
ii) Authentication service (AS)
iii) Ticket granting server (TGS)
iv) Service server
Working of Kerberos:
1. The authentication service, or AS, receivers the request by the
client and verifies that the client is indeed the computer it claims to
be. This is usually just a simple database lookup of the user‟s ID.

2. Upon verification, a timestamp is created. This puts the current

time in a user session, along with an expiration date. The default
expiration date of a timestamp is 8 hours. The encryption key is then
created. The timestamp ensures that when 8 hours is up, the
encryption key is useless.
3. The key is sent back to the client in the form of a ticket-granting
ticket, or TGT. This is a simple ticket that is issued by the
authentication service. It is used for authentication the client for
future reference.

Page 23 / 27

about:blank 23/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620

4. The client submits the ticket-granting ticket to the ticket-granting

server, or TGS, to get authenticated.

5. The TGS creates an encrypted key with a timestamp, and grants the
client a service ticket.

6. The client decrypts the ticket, tells the TGS it has done so, and then
sends its own encrypted key to the service.

Page 24 / 27

about:blank 24/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code: 22620

7. The service decrypts the key, and makes sure the timestamp is still
valid. If it is, the service contacts the key distribution center to
receive a session that is returned to the client.

8. The client decrypts the ticket. If the keys are still valid,
communication is initiated between client and server.
c) Write a brief note on firewall configuration 6M
Ans. A firewall is combination of packet filter and application level Diagram
2M
getway , Base on these there are three types of configurations
Explanation
4M

1. Screened Host firewall, Single-Homed Bastion

a) Here , the firewall configuration consist of two parts a packet
filter router and application level gateway
b) A packet filter router will insure that the income traffic will
allowded only if it is intended for the application gatway, by
examining the dstination address field of each incomming IP
Packet

Page 25 / 27

about:blank 25/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER
Subject: Network & Information Security Subject Code: 22620
c) It will also insure that outgoing traffic is allowded only if it is
originated from appliocation level gateway, by examining the
source address field of every outgoing IP packet.
d) An application level gateway perfors authentication as well as
proxy function

Fig: Single Homed Bastion

Advantages: It improve security of network by performing checks at
both levels- thet is packet and application level.
It provide flexibility fexibility to the network administrator to define
more secure policies.
Disadvantages : Internal users are connected to the application
gateway as well as packet filter router , So if any how packet filter is
attacked , then the whole internal network is exposed to the attacker.
1. Screened Host Firewall , Dule Homed Bastion: In this type of
Configuration the direct connection between internal host and packet
filter are avoided.
Here the packet filter connection only to the application gateway,
which is turned as separate connection with the internal host.
Hence, Packet filter is successfully attacked, and then only
application gateway is visible to the attacker.

Fig: Dule Homed Bastion

Page 26 / 27

about:blank 26/27
Downloaded by Darshan Awale ([email protected])
 lOMoARcPSD|37379541

3/13/23, 12:09 PM 22620 modelans W-g22

MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION

(Autonomous)
(ISO/IEC - 27001 - 2005 Certified)

WINTER – 2022 EXAMINATION

MODEL ANSWER

Subject: Network & Information Security Subject Code: 22620

3 Screened Subnet Firewall

This type of configuration offer highest security among the possible
configurations
In this type two packet filters are used , one between internet and
application gateway and other in between application gateway and
internal network
This configuration achieve 3 level of security of an attacker to break
into

Fig: Screened Subnet Firewall

Page 27 / 27

about:blank 27/27
Downloaded by Darshan Awale ([email protected])
23124
22620
3 Hours / 70 Marks Seat No.

Instructions : (1) All Questions are compulsory.

(2) Answer each next main Question on a new page.
(3) Illustrate your answers with neat sketches wherever necessary.
(4) Figures to the right indicate full marks.
(5) Assume suitable data, if necessary.
(6) Mobile Phone, Pager and any other Electronic Communication
devices are not permissible in Examination Hall.

Marks
1. Attempt any FIVE of the following : 10
(a) List any four virus categories.
(b) List any four biometric mechanisms.
(c) Define the following terms :
(i) Cryptography
(ii) Cryptanalysis
(d) Give examples of Active & Passive Attacks (two each).
(e) State the two types of firewall with its use.
(f) List two protocols in IP Sec. State its function.
(g) Classify the following cyber crime :
(i) Cyber terrorism against a government organization
(ii) Cyber – Stalking
(iii) Copyright infringement
(iv) Email harassment

[1 of 4] P.T.O.
22620 [2 of 4]
2. Attempt any THREE of the following : 12
(a) Explain basic principles of information security.
(b) Explain any two password attacks.
(c) Describe digital signature technique using message digest.
(d) Explain steganography technique with an example.

3. Attempt any THREE of the following : 12

(a) Describe :
(i) Piggybacking
(ii) Dumpster diving
(b) Consider plain text “CERTIFICATE” and convert it into cipher text using
Caesar Cipher with a shift of position 4. Write steps for encryption.
(c) State the use of packet filters. Explain its operation.
(d) State the features of (i) DAC (ii) MAC.

4. Attempt any THREE of the following : 12

(a) Convert the given plain text into cipher text using simple columnar technique
using the following data :
 Plain text : NETWORK SECURITY
 Number columns : 06
 Encryption key : 632514
(b) State the working principle of application gateways. Describe circuit gateway
operation.
(c) Describe DMZ with an example.
(d) State the use of Digital Certificates. Describe the steps for digital certificate
creation.
(e) Considering DES, find the output of the initial permutation box when the
input is given in hexadecimal as, 0×0000 0080 0000 0002
22620 [3 of 4]
5. Attempt any TWO of the following : 12
(a) State the criteria for information classification. Explain information
classification.
(b) State the features of the following IDS :
(i) Network based IDS
(ii) Host based IDS
(iii) Honey pots
(c) Explain step-by-step procedure of Kerberos with diagrams.

6. Attempt any TWO of the following : 12

(a) Explain the following attacks using an example :
(i) Sniffing (ii) Spoofing (iii) Phishing
(b) Describe ITIL framework with different stages of life cycle.
(c) State and explain 3 types of firewall configurations with a neat diagram.
_______________

P.T.O.
21222
22620
3 Hours / 70 Marks Seat No.
15 minutes extra for each hour

Instructions : (1) All Questions are compulsory.

(2) Answer each next main Question on a new page.
(3) Illustrate your answers with neat sketches wherever necessary.
(4) Figures to the right indicate full marks.
(5) Assume suitable data, if necessary.
(6) Mobile Phone, Pager and any other Electronic Communication
devices are not permissible in Examination Hall.

Marks

1. Attempt any FIVE of the following : 10

(a) Define following terms :

(i) Confidentiality

(ii) Accountability

(b) Explain the terms :

(i) Shoulder surfing

(ii) Piggybacking

(c) Define term cryptography.

(d) Classify following cyber crimes :

(i) Cyber stalking

(ii) Email harassment

[1 of 4] P.T.O.
22620 [2 of 4]
(e) Differentiate between viruses & worms (Any two).

(f) Define firewall. Enlist types of firewalls.

(g) Define AH & ESP with respect to IP security.

2. Attempt any THREE of the following : 12

(a) Define following terms :

(i) Operating System Security

(ii) Hot fix

(iii) Patch

(iv) Service pack

(b) Explain the mechanism of fingerprint & voice pattern in Biometrics.

(c) Differentiate between symmetric & asymmetric key cryptography.

(d) Write & explain DES algorithm.

3. Attempt any THREE of the following : 12

(a) Describe the features of DAC access control policy.

(b) Consider plain text “COMPUTER ENGINEERING” & convert given plain
text into cipher text using ‘Caesar Cipher’ with shift of position three - write
down steps in encryption.

(c) Differentiate between host-based & network based IDS.

(d) Define access control & explain authentication mechanism for access control.
22620 [3 of 4]
4. Attempt any THREE of the following : 12

(a) Enlist substitution techniques & explain any one.

(b) Explain DMZ.

(c) Differentiate between firewall & IDS.

(d) Explain Email security in SMTP.

(e) Explain Digital Signature in Cryptography.

5. Attempt any TWO of the following : 12

(a) Define Information. Explain basic principle of information security.

(b) Define & explain :

(i) Circuit Gateway

(ii) Honey Pots

(iii) Application Gateway

(c) Explain the working of Kerberos.

6. Attempt any TWO of the following : 12

(a) Explain DOS with neat diagram.

(b) Explain Public Key Infrastructure with example.

(c) Explain Policies, configuration & limitations of Firewall.

_______________

P.T.O.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Important Instructions to examiners:

1) The answers should be examined by key words and not as word-to-word as given in the model answer
scheme.
2) The model answer and the answer written by candidate may vary but the examiner may try to assess the
understanding level of the candidate.
3) The language errors such as grammatical, spelling errors should not be given more Importance (Not
applicable for subject English and Communication Skills.
4) While assessing figures, examiner may give credit for principal components indicated in the figure. The figures
drawn by candidate and model answer may vary. The examiner may give credit for any equivalent figure drawn.
5) Credits may be given step wise for numerical problems. In some cases, the assumed constant values may vary
and there may be some difference in the candidate’s answers and model answer.
6) In case of some questions credit may be given by judgement on part of examiner of relevant answer based on
candidate’s understanding.
7) For programming language papers, credit may be given to any other program based on equivalent concept.
8) As per the policy decision of Maharashtra State Government, teaching in English/Marathi and Bilingual
(English + Marathi) medium is introduced at first year of AICTE diploma Programme from academic year
2021-2022. Hence if the students write answers in Marathi or bilingual language (English +Marathi), the
Examiner shall consider the same and assess the answer based on matching of concepts with model answer.

Q. Sub Marking
Answer
No. Q. N. Scheme

1. Attempt any FIVE of the following: 10 M

(a) Define CIA model of Security Basic. 2M
Ans. The CIA triad is a model that guides information security by focusing on three key Correct
principles: confidentiality, integrity, and availability: Definition
• Confidentiality: Limits access to data and information to authorized 2M
individuals and systems
• Integrity: Ensures that information is accurate and trustworthy
• Availability: Guarantees that authorized people have reliable access to
information
(b) Enlist the types of Firewalls. 2M
Ans. 1. Packet Filters. ½ M Each
2. Stateful Inspection Firewalls. type
(Any four
3. Application Layer Firewalls.
types)
4. Next-generation Firewalls.
5. Circuit-level Gateways.
6. Software Firewalls.
7. Hardware Firewalls.
8. Cloud Firewalls.
(c) Differentiate between Virus & Worm (any two). 2M
Ans. Any Two
Difference
Virus Worm 1M each
A virus is a piece of code that A worm is a malicious program
attaches itself to legitimate program. that spread automatically.

Page 1 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme

Virus modifies the code. Worm does not modify the code.

It does not replicate itself. It replicate itself.

Virus is a destructive in nature. Worm is nondestructive in nature.
Aim of virus is to infect the code or Aim of worm is to make
program stored on computer system. computer or network unusable.
Worm does not infect other files
Virus can infect other files. but it occupies memory space by
replication.
Virus may need a trigger for
Worm does not need any trigger.
execution.
(d) Explain the term Cryptography. 2M
Ans. Cryptography is an ancient art and science of writing in secret message. In areas Correct
like data and telecommunications, cryptography is most important when Explanation
communicating over any un-trusted medium; it includes any network particularly 2M
the Internet.
Cryptography, not only protects data from alteration, but it can also be used for
authentication of user.
OR
Cryptography is a technique of securing communication by converting plain text
into ciphertext.
It involves various algorithms and protocols to ensure data confidentiality,
integrity, authentication, and non-repudiation.
(e) Define the term Honeypots. 2M
Ans. Honeypots are the innovation in Intrusion Detection technology. Correct
A honeypot is a computer system on the Internet which is specifically set up to Definition
attract and "trap" people who are attempting to penetrate (attackers) other critical 2M
systems.
(f) Enlist two Intrusion Detection System. 2M
Ans. 1. Host Based Intrusion Detection System (HIDS) Any Two
Systems 1M
2. Network Based Intrusion Detection System (NIDS) each
3. Protocol-Based Intrusion Detection System (PIDS)
4. Application Protocol-Based Intrusion Detection System (APIDS)
5. Hybrid Intrusion Detection System

(g) Enlist two Active & Passive attack each. 2M

Page 2 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
Ans. Active attacks Any Two
1. Interruption Active &
2. Message Modification Attack Passive
3. Fabrication Attacks 2M
4. Man-in-the-Middle (MITM) Attack (½ M each)
5. Denial of Service (DoS) Attack
6. Distributed Denial of Service (DDoS) Attack
7. Trojans
8. Session Hijacking
9. Phishing
10. SQL Injection
11. Malware Attack
12. Masquerade Attack
13. Password Cracking
14. Spoofing Attacks

Passive attacks
1. Release of message contents
2. Traffic analysis
3. Eavesdropping
4. Password Sniffing,
5. Social Media Profiling
6. Shoulder Surfing
7. Covert Channel Attacks
8. Key logging
9. Network Mapping
10. Sniffing
2. Attempt any THREE of the following: 12M
(a) Explain criterias for information classification. 4M
Ans. The information classification defines what kind of information is stored on a 1M each
system. Based on that classification, the Information may need additional protections Criteria
in place. Explanation

Following are the criteria used to decide classification of information.

1. Value: It is the common criteria of information classification. When the
information is more valuable for organization then that information should be
classified.
2. Age: Age states that the classification of information might be lowered if the
information's value decreases over time. For example - if the documents are
classified and then they are automatically declassified after specific time period.
3. Useful Life: Useful Life states that if the information has been made out-of-date
due to new information or any other reasons then that information can regularly be
declassified.

Page 3 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
4. Personal Association: The information which is personally associated with
particular individuals or it is addressed by a privacy law then such information
should be classified.
(b) Describe the dumster diving with its prevention mechanism. 4M
Ans. Dumpster Diving: Definition
2M
Dumpster diving is the process of going through a target's trash in order to find little &
bits of information. In the world of information technology, dumpster diving is a Prevention
technique used to retrieve information that could be used to carry out an attack on a Mechanism
computer network. 2M

Prevention Mechanism:

• Dumpster diving isn't limited to searching through the trash for obvious
treasures like access codes or passwords written down on sticky notes.
Innocent information like a phone list, calendar, or organizational chart can be
used to assist an attacker to gain access to the network.
• To prevent dumpster divers from learning anything valuable from the trash,
experts recommend that the company establish a disposal policy where all
paper, including print-outs, is shredded in a cross-cut shredder before being
recycled, all storage media is erased, and all staff is educated about the danger
of untracked trash.
• Attackers always need a certain amount of information before attack. If the
attacker is in the surrounding area of the target, one common place to find this
information is to go through the target's trash in order to find little bits of
information that could be useful. This process of going through a target's trash
is known as dumpster diving.
• If the attackers are very lucky, and the target's security procedures are very
poor, they may actually find user IDs and passwords. We have studied earlier
that the users sometimes write their password down. When the password is
changed, they discard the paper where the old password was written on without
shredding it and in this way the lucky dumpster diver can get a valuable clue.
• Even though the attacker is not lucky enough to obtain a password directly,
they can found the name of employee and from that it's not hard to determine
user IDs for attackers.
• From hardware or software manuals, which is purchased by user may also
provide clues as what vulnerabilities exist on the target's computer systems and
networks. Like this by many ways the attacker may gather a variety of
information, which can be useful in a social engineering attack.

Page 4 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme

(c) Draw and explain Host-Based intrusion detection system. 4M

Ans. Correct
Diagram
2M
&
Explanation
2M

Fig: Host-Based intrusion detection system

• A host based IDS check log files, audit trails and network traffic coming into or
leaving specific host.
• HIDS can operate in real time, looking for activity as it arises, or batch mode,
looking for activity on a periodic basis.
• Typically Host based systems are self-contained, but many new commercial
products are designed for reporting to and be managed by a central system.
These systems are also taking local system resources to operate.
• Older version of host-based IDSs was operating in batch mode, looking for
suspicious activity on an hourly or daily basis and typically looked for particular
events in the system's log files.
• In the new version of host-based IDS, processor speed is increased and IDSs
start looking through the log files in real time and the ability to examine the data
traffic the host was generating and receiving is also added.
• Many host-based IDS focus on the log files or audit trails produced by local
operating system. On windows systems, the examined logs are typically
Application, System and Security event logs. On Unix system, the examined logs
are generally message, kernel and error logs.
• Some host based IDSs have the ability to cover specific applications by
examining the logs produced by that specific applications or examining the traffic
from the services themselves like FTP, or web services.
• HIDS is looking for certain activities in the log file are:
Logins at odd hours.
Login authentication failure.
Page 5 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
Adding new user account.
Modification or access of critical system files.
Modification or removal of binary files.
Starting or stopping processes.
Privilege escalation.
Use of certain programs.
(d) Explain Data Encryption Standard. 4M
Ans. Data Encryption Standard (DES) Correct
Diagram
• The Data Encryption Standard (DES) is the classic among the symmetric block 1M
cipher algorithms. DES was developed in the 1970s as a US-government &
standard for protecting non-classified information and was published as a Explanation
Federal Information Processing Standard. 3M

• DES encrypts 64 bit clear text blocks under the control of 56 bit keys. Each
key is extended by a parity byte give a 64 bit working key.

Fig: Data Encryption standard

• DES based on two fundamental attributes of cryptography Substitution
Transposition.
• DES consists of 16 steps each of which is called as a round.
• Each round performs the steps of substitution and transposition techniques for
scrambling of the characters.
Steps:
1. 64 bit Plaintext block is handed over to an Initial Permutation (IP) function.
2. Initial Permutation is performed on Plaintext.
3. IP produces two halves of permuted block.
Left Plaintext (LPT)
Page 6 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
Right Plaintext (RPT)
4. Each LPT and RPT goes through 16 rounds of encryption process, each with
its own key.
5. In the end LPT and RPT are rejoined and Final Permutation (FP) is performed
on the combined block.
6. The result is 64-bit Cipher text.
Initial Permutation (IP) happens only once. IP replaces the first bit of original
Plaintext block with Same original Plaintext block, second bit with the 50 bit and
so on.
3. Attempt any THREE of the following : 12M
(a) Define following terms: 4M
(i) Operating system security
(ii) Hot fix
(iii) Patch
(iv) Service Pack
Ans. (i) Operating system security: The process of ensuring OS availability, 1M for
confidentiality, integrity is known as operating system security. OS security defining
refers to the processes or measures taken to protect the operating system from each term
dangers, including viruses, worms, malware, and remote hacker intrusions.
(ii) Hot fix: A hotfix is like a quick update that fixes a specific big problem in
software. It's not like regular updates which come on a schedule for small
improvements and bug fixes.
(iii) Patch: A software patch is primarily used to address vulnerabilities issues,
errors, or performance concerns in a software application. Patches can also
provide new features, improve compatibility with other software or hardware,
and increase overall security.
(iv) Service Pack: A service pack is a collection of updates and fixes,
called patches for an operating system or a software program. Many of these
patches are often released before a larger service pack, but the service pack
allows for an easy, single installation. An installed service pack also tends to
update the version number for Windows.

(b) Define password selection strategies. 4M

Ans. Password selection strategies are guidelines or methods designed to help users 1M for each
create secure passwords that are resistant to attacks, such as brute force, correct
dictionary attacks, or social engineering. strategy
(Any 4)
1. User education:
(i). Users can be told the importance of using hard-to-guess passwords and
can be provided with guidelines for selecting strong passwords.
(ii). This user education strategy is unlikely to succeed at most installations,
particularly where there is a large user population or a lot of turnovers. Many
Page 7 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
users will simply ignore the guidelines.
(iii). Others may not be good judges of what is a strong password.
(iv). For example, many users believe that reversing a word or capitalizing the
last letter makes a password un-guessable.

2. Computer-generated passwords:
(i). Passwords are quite random in nature. Computer generated passwords also
have problems.
(ii). If the passwords are quite random in nature, users will not be able to
remember them. Even if the password is pronounceable, the user may have
difficulty remembering it and so be tempted to write it down.
(iii). In general, computer-generated password schemes have a history of poor
acceptance by users.
(iv). FIPS PUB 181 defines one of the best-designed automated password
generators. The standard includes not only a description of the approach but
also a complete listing of the C source code of the algorithm.
(v). The algorithm generates words by forming pronounceable syllables and
concatenating them to form a word. A random number generator produces a
random stream of characters used to construct the syllables and words.

3. Reactive password checking:

(i). A reactive password checking strategy is one in which the system
periodically runs its own password cracker to find guessable passwords. (ii).
The system cancels any passwords that are guessed and notifies the user.
(iii). This tactic has a number of drawbacks. First it is resource intensive, if
the job is done right. Because a determined opponent who is able to steal a
password file can devote full CPU time to the task for hours or even days an
effective reactive password checker is at a distinct disadvantage.
(iv). Furthermore, any existing passwords remain vulnerable until the reactive
password checker finds them.

4. Proactive password checking:

(i). The most promising approach to improved password security is a
proactive password checker.
(ii). In this scheme, a user is allowed to select his/her own password.
However, at the time of selection, the system checks to see if the password is
allowable and if not, rejects it.
(iii).Such checkers are based on the philosophy that with sufficient guidance
from the system, users can select memorable passwords from a fairly large
password space that are not likely to be guessed in a dictionary attack.
(iv).The trick with a proactive password checker is to strike a balance between
user acceptability and strength.
(v). If the system rejects too many passwords, users will complain that it is too
hard to select a password.
(vi).If the system uses some simple algorithm to define what is acceptable,
this provides guidance to password crackers to refine their guessing technique.
In the remainder of this subsection, we look at possible approaches to
proactive password checking.
Page 8 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme

OR

The primary strategies for password selection:

1. Random Password Generation

• Use software tools or algorithms to generate truly random passwords.
• These passwords often include a mix of uppercase letters, lowercase letters,
numbers, and special characters.
• Example: d9A$kL7*Xz#

2. Passphrase Selection
• Use a string of unrelated but memorable words or a phrase.
• This approach increases the length of the password while maintaining ease of
memorization.
• Example: HorseBatteryStapleCloud.

3. Character Combination Rules

• Enforce a minimum length and require the use of multiple character types (e.g.,
uppercase, lowercase, numbers, special characters).
• Example: My$3curePa$$.

4. Avoidance of Common Passwords

• Prohibit the use of commonly used passwords like 123456, password, or qwerty.
• Refer to lists like those published by organizations such as "Have I Been Pwned"
to block these passwords.

5. Password Complexity Policies

• Require users to avoid predictable patterns such as sequential numbers, repeated
characters, or easily guessable information (e.g., names, birthdays).
• Example: Instead of John1990, use JoH!n@9_90.

6. Password Management Tools

• Encourage users to rely on password manager software to generate and store
complex passwords.
• Example: Tools like LastPass or Bitwarden help in creating secure, random
passwords.

7. Two-Factor Authentication (2FA) Support

• Complement password strategies by requiring an additional authentication factor,
such as a mobile app, SMS code, or biometric verification.
8. Periodic Password Changes
• Encourage users to update their passwords periodically to mitigate risks from
breaches or leaks.
9. Mnemonic-Based Passwords
• Use a phrase or sentence to derive a password by taking the first letter of each

Page 9 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
word and incorporating variations.
• Example: From "I love chocolate chip cookies in 2024," create Ilc3Cci@24.

10. Avoiding Personal Information

• Avoid using easily accessible information, such as names, phone numbers, or
addresses, which attackers can obtain.
11. Length Over Complexity
• Prioritize length (e.g., 16+ characters) over excessive complexity for increased
security.
• Example: ThisIsAReallyLongPassword1234.
A combination of these strategies typically offers the best protection, especially
when coupled with awareness of phishing attempts and secure storage of
passwords.

(c) Explain Caesar's Cipher substitute technique with suitable example. 4M

Ans. Caesar's Cipher Substitute Technique: 2M for
Caesar's cipher is one of the simplest and oldest encryption techniques. It is a explanation
substitution cipher where each letter in the plaintext is shifted a fixed number of &
places down or up the alphabet. 2M for any
suitable
Key Characteristics: example

1. Substitution Rule: Each letter is replaced by another letter at a fixed distance

in the alphabet.
2. Key: The number of positions the letters are shifted (e.g., 3 places).
3. Wrap-Around: The alphabet is treated as circular, so shifting past 'Z'
continues from 'A'.

Limitations:
1. Weak Security: Caesar's cipher is vulnerable to brute force attacks since there
are only 25 possible shifts.
2. Frequency Analysis: Attackers can exploit letter frequency patterns to break
the cipher.

Steps in Caesar's Cipher:

1. Choose the Shift (Key):

• Decide how many positions to shift. For example, a shift of 3 means

A → D, B → E, etc.
2. Encrypt the Message:

• Replace each letter in the plaintext with the letter shifted by the key.
Non-alphabetic characters remain unchanged.

Page 10 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
3. Decrypt the Message:

• Reverse the shift by subtracting the key.

Example:
Given:
• Plaintext: HELLO WORLD
• Key: 3
Encryption Process:
1. Write the alphabet:
Alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Shifted: DEFGHIJKLMNOPQRSTUVWXYZABC
1. Replace each letter in the plaintext:

• H → K, E → H, L → O, L → O, O → R

• Space remains unchanged.

• W → Z, O → R, R → U, L → O, D → G
Encrypted message: KHOOR ZRUOG

Decryption Process:
To decrypt, shift each letter backwards by 3:
• K → H, H → E, O → L, O → L, R → O
• Space remains unchanged.
• Z → W, R → O, U → R, O → L, G → D
Decrypted message: HELLO WORLD

(d) Explain Email Security in SMTP. 4M

Ans. 2M for
• Electronic mail (Email) is the most widely used application on the Internet. Using Explanation
Email, user can send a text messages, pictures, videos and sounds etc. to other &
Internet Users. 2M for
• Now a day's security for Email messages has become an extremely important Correct
issue. Diagram
• For text Email transmission, the message is considered as two portions - Contents
and header, similar to postal system.
• Every Email message consists of a number of header lines which are followed by
the actual message contents means a keyword, followed by a colon. Header
keywords are - From, To, Subject and Date.

➢ SMTP (Simple Mail Transfer Protocol):

Page 11 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme

• Simple Mail Transfer Protocol (SMTP) is a TCP/IP protocol that specifies

how computers exchange electronic mail. It works with Post Office Protocol
(POP).
• SMTP is "request/response" based, which means the email client software at
the sender's end gives the email message to the SMTP server.
• Actually, SMTP server transfers the message to the receiver's SMTP server.
The job of SMTP's mail is to carry the email message between the sender and
the receiver.
• It provides a mail exchange between sender and receiver on the same or
different computers, and it also supports:

1. It can send a single message to one or more recipients.

2. Sending message can include text, voice, video or graphics.
3. It can also send the messages on networks outside the internet.

• SMTP uses TCP port number 25 for his service. Hence, e-mail is delivered
from sender to receiver by having the source machine established a TCP
connection to port 25 of the destination machine.

• Email communication consists of following steps:

1. At the sender's end, an SMTP server takes the message sent by a user's
computer.
2. At the sender's end, the SMTP server at the sender's then transfers the message
to the SMTP server of the receiver.
3. The receiver's computer then drags the email message from SMTP server at the
receiver's end, using other email protocols like Post Office Protocol (POP) or
Internet Mail Access Protocol (IMAP).

Fig.: Email using SMTP Protocol

The SMTP operation follows three phases:

1. Connection Set up:
An SMTP sender will attempt to set up a TCP connection with a target when it
has one or more mail message to deliver to that host.

Page 12 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
The following sequence occurs during connection setup:

(a) The sender opens a TCP connection with the receiver.

(b) Once the connection is established, the receiver identifies itself with "220 Service
Ready".
(c) The sender identifies itself with the HELO command.
(d) The receiver accepts the sender's identification with "250 OK".
(e) If the mail service on the destination is not available, the destination host returns a
"421 Service Not Available" reply in step 2 and the process is terminated.

2. Mail transfer:
After the connection has been established, the SMTP sender may send one or more
messages to the SMTP receiver.

There are three logical phases to the transfer of a message;

(a) A MAIL command identifies the originator of the message.

(b) One or more RCPT commands identify the recipients of this message.
(c) A DATA command transfers the message text.

3. Connection termination:

The SMTP sender closes the connection in the following manner;

(a) The sender sends a QUIT command and waits for a reply.
(b) Sender initiates TCP close operation for the TCP connection.
(c) The receiver initiates its TCP close after sending is reply to the QUIT command.

4. Attempt any THREE of the following : 12M

(a) Differentiate between Symmetric and Asymmetric key cryptography. 4M
Ans. Sr. 1M each
Symmetric Key Encryption Asymmetric Key Encryption
No. (Any 4
It requires two keys, a public key correct
It only requires a single key for differences)
1 and a private key, one to encrypt
both encryption and decryption.
and the other to decrypt.
Also known as Single Key It is also called as public and
2
Cryptography. private key cryptography.

3 Less Security. More Security.

Hard to implement as compared

4 Simple to implement.
to symmetric key cryptography.
The size of ciphertext is the same The size of ciphertext is the
5
or smaller than the original same or larger than the original
Page 13 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
plaintext. plaintext.

The encryption process is very

6 The encryption process is slow.
fast.
It is used when a large amount of It is used to transfer small
7
data needs to be transferred. amount of data.
It provides confidentiality,
8 It only provides confidentiality. authenticity, and non-
repudiation.
The length of key used is 128 or The length of key used is 2048
9
256 bits or higher
In symmetric key encryption,
resource utilization is low In asymmetric key encryption,
10
compared to asymmetric key resource utilization is high.
encryption.
It is comparatively less efficient
It is efficient as it is used for
11 as it can handle a small amount
handling large amount of data.
of data.
Security is lower as only one key Security is higher as two keys
12 is used for both encryption and are used, one for encryption and
decryption purposes. the other for decryption.
The Mathematical Representation The Mathematical
is as follows- Representation is as follows-
P = D (K, E(K, P)) P = D(Kd, E (Ke,P))
where K –> encryption and where Ke –> encryption key
13 decryption key Kd –> decryption key
P –> plain text D –> Decryption
D –> Decryption E(Ke, P) –> Encryption of plain
E(K, P) –> Encryption of plain text using encryption key Ke. P –
text using K > plain text
Examples: 3DES, AES, DES and Examples: Diffie-Hellman,
14
RC4 ECC, El Gamal, DSA and RSA

(b) Draw and explain DMZ. 4M

Ans. DMZs (Dematerialized Zone) provide a level of network segmentation that helps 2M for
protect internal corporate networks. These subnetworks restrict remote access to Explanation
internal servers and resources, making it difficult for attackers to access the &
internal network. This strategy is useful for both individual use and large 2M for
organizations. Businesses place applications and servers that are exposed to the Correct
internet in a DMZ, separating them from the internal network. The DMZ isolates diagram
these resources so, if they are compromised, the attack is unlikely to cause
exposure, damage or loss.

Page 14 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme

Fig DMZ network

How does a DMZ work?
DMZs function as a buffer zone between the public internet and the private
network. The DMZ subnet is deployed between two firewalls. All inbound
network packets are then screened using a firewall or other security appliance
before they arrive at the servers hosted in the DMZ. If better-prepared threat
actors pass through the first firewall, they must then gain unauthorized access to
the services in the DMZ before they can do any damage. Those systems are likely
to be hardened against such attacks. Finally, assuming well-resourced threat
actors take over a system hosted in the DMZ; they must still break through the
internal firewall before they can reach sensitive enterprise resources. Determined
attackers can breach even the most secure DMZ architecture. However, a DMZ
under attack will set off alarms, giving security professionals enough warning to
avert a full breach of their organization

(c) Describe cyber crime and cyber laws in detail. 4M

Ans. Cyber Crime: 2M for
• It is a general term that refers to all criminal activities done using the Description
medium of computers, internet and the world-wide web. of Cyber
• Cyber Crime refers to those criminal acts which have either been Crime
committed entirely in cyberspace, such as various forms of bank frauds &
and identity thefts or acts that have a physical component and are simply 2M for
facilitate through the internet-based tools. Cyber Laws
• It also called as computer crime and which uses the computer as the tool
for the further unlawful things, such as committing fraud, trafficking in
child pornography, intellectual property, stealing identities or violating
privacy.
• Cybercrimes can also involve criminal activities that are traditional in
nature, such as theft, fraud, forgery, defamation and mischief all of which
are subject to the Indian Penal Code.
• Because of wide use of internet cyber-crime has grown in importance as
the computer has become central to Commerce, entertainment and
Page 15 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
Government.
• Mostly cyber crime is an attack on data or information about individual,
corporations or governments.
• Generally, the attacks do no take place on a physical body but it will be on
the personal or corporate virtual body that means a set of informational
attributes which define people and institutions etc. on the internet.
• In the digital world any person’s virtual identities are important elements-
information’s about individuals can be used in multiple computer data
bases owned by governments and corporations.
• There are other crimes that involve attempts to disrupt the actual workings
of the internet.
o Financial
o Piracy
o Hacking
o Cyber-terrorism
o Online Pornography
o Sabotage
The abuse of computers has also given birth to a gamut of new age crimes
that are addressed by the Information Technology Act, 2000.
We can categorize Cybercrimes in two ways
• The computer as a Target: using a computer to attack other computers.
e.g. Hacking, Virus/Worm attacks, DOS attack etc.
• Computer as a weapon: using a computer to commit real world crimes.
e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds,
Pornography etc.

Cyber laws:

•
It is the term used to describe the legal issues related to use of
communications technology.
• Cyber law is the rule which regulates the conduct of the cyber activities
and the security under the cyber space.
• Cyber law is the law related to the cyber space which includes computers,
networks, software, data storage devices, the internet, websites, emails and
electronic devices like cell phones, ATM machines etc.
• It is less of a distinct field of law in the way that property or contract are as
it is an intersection of many legal fields, including intellectual property,
privacy, freedom of expression and jurisdiction.
• In essence, cyber law is an attempt to apply law designed for the physical
world, to human activity on the internet.
Laws made to prevent Cyber Crimes:
• Information Technology Act, 2000
• Amendment in IT Act, 2000, in 2008

• The IT act 2000, is an act that has been made punishable.

• The main objective of this act is to create a environment where
Information Technology can be used safely.
Page 16 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
• In India, the IT act,2000 as alter by the IT act, 2008 is known as cyber law.
It has a separate chapter entitled offences in which various Cyber Crimes
have been declared as penal offences punishable with imprisonment and
fine.
Cyber law includes laws relating to :
• Cyber Crimes
• Intellectual property
• Data protection and Privacy
• Electronic and Digital Signatures
The following are the details of cyber laws in India:
1. Section 65 – Tampering with computer Source Documents
2. Section 66 - Using password of another person
3. Section 66D - Cheating Using computer resource
4. Section 66E - Publishing private Images of Others
5. Section 66F - Acts of cyber-Terrorism
6. Section 67 - Publishing Child Porn or predating children online
7. Section 69 - Govt.’s Power to block websites
8. Section 43A - Data protection at corporate level
• Law may be formed in two ways: the first way is the legislative body and
the second way is to add new amendments by case laws. The case law is
defined as the law which is made by the current decisions of the cases
which has been taken by courts.
OR

1. Cybercrime against an individual is a type of cybercrime that occurs in or

through the use of the internet. Sexual, ethnic, religious, or other forms of
harassment exist.
2. Cybercrime against an individual’s property includes computer wreckage,
the destruction of other people’s property, the delivery of destructive
programs, trespassing, and unlawful possession of computer information.
3. Cybercrime against the government, such as cyberterrorism or plotting
against the governmental activities

(d) Write a brief note on Firewall configuration and state its limitations. 4M
Ans. 2M for
A firewall is a combination of packet filter and application level gateway. Explanation
Based on these, there are three to configurations. &
½ M for
1. Screened Host firewall, Single-Homed Bastion. each correct
2. Screened Host firewall, Dual-Homed Bastion limitation
3. Screened Subnet Firewall (any 4)

1. Screened Host firewall, Single-Homed Bastion.

• Here, the firewall configuration consists of two parts a pocket filter
router and an application-level gateway.
• A packet filter router will ensure that the incoming traffic is allowed

Page 17 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
only if it is intended for the application gateway, by examining the
destination address field of each incoming IP Packet.
• It will also ensure that the outgoing traffic is allowed only if it is
originated from application-level gateway, by examining the source
address field of every outgoing IP Packet.
• An application-level gateway performs authentication as well as proxy
functions.

Fig. : Single Homed Bastion

2. Screened Host firewall, Dual-Homed Bastion

• In this type of configuration, the direct connections between the
internal Hosts and the packet filter are avoided.
• Here, the packet filter connects only to the application gateway, which
in turn has a separate connection with the internal hosts.
• Hence, if packet Filter is successfully attacked, then only application
gateway is visible to the attacker.

Fig. : Screened Host firewall, Dual-Homed Bastion

3. Screened Subnet Firewall

• This type of configuration offers highest security among the possible

configurations.
• In this type, two packet filters are used, one between the Internet and
application gateway and other in between application gateway and the
Internal network
Page 18 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme

• This configuration achieves 3 levels of security for an attacker to break

into.

Fig. : Screened Subnet Firewall

Limitations:
1. Firewall cannot protect against attacks that bypass the firewall.

2. Firewall does not protect against insider threats like employees innocently
cooperates with an external attacker.

3. Firewall cannot protect against the transfer of virus infected programs or files.

4 It may not be able to protect against viruses and infected files since it may not be
possible to scan all incoming traffic.

OR

Firewall Configuration:
Firewall configuration involves setting up rules and policies to control network
traffic to protect systems from unauthorized access and cyber threats. A firewall
acts as a barrier between trusted internal networks and untrusted external
networks, like the internet. Configuration typically includes:
1. Defining Access Rules: Specifying which traffic is allowed or blocked based
on IP addresses, ports, and protocols.
2. Network Address Translation (NAT): Mapping private IP addresses to
public ones for secure communication.
3. Intrusion Prevention: Monitoring and blocking malicious traffic patterns.
4. Setting Up Zones: Segregating networks into zones (e.g., internal, DMZ,
external) with specific access rules.
5. Logging and Monitoring: Enabling logs for auditing and troubleshooting
network traffic.

Limitations of Firewall:
1. Cannot Prevent Internal Threats: Firewalls are ineffective against threats
originating within the network.
2. Limited Protection for Encrypted Traffic: Cannot inspect encrypted data
Page 19 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
without additional tools like SSL inspection.
3. Dependence on Configuration: Poorly configured firewalls can become a
vulnerability.
4. Ineffectiveness Against Social Engineering: Firewalls cannot prevent
attacks like phishing or human errors.
5. Resource Intensive: Complex configurations may lead to performance
bottlenecks.
While firewalls are a critical component of network security, they should be part
of a layered defence strategy, including antivirus software, intrusion detection
systems, and user training.

(e) Draw and explain network-based intrusion detection system. 4M

Ans. 2M for
Correct
diagram
&
2M for
Explanation

Fig : Network based Intrusion detection System

The above image depicts a Network-Based Intrusion Detection System (NIDS)

and its key components:
1. Router: Directs network traffic and provides the first layer of protection by
routing packets between external and internal networks.
2. Firewall: Filters incoming and outgoing traffic based on predefined rules,
serving as a barrier to unauthorized access.
3. Network Sensors: Deployed strategically to monitor traffic across critical
points in the network. These sensors inspect packet data to identify anomalies or
patterns indicating malicious activity.
4. Management Console: Centralized system where alerts and reports from
sensors are analyse. Administrators use it for decision-making and response
actions.
Functionality:
• Traffic Monitoring: Sensors passively inspect all network traffic for
predefined attack signatures or behaviour anomalies.
• Packet Analysis: Each packet is analysed for malicious payloads or irregular
communication patterns.
• Alerting: Detected threats trigger alerts that are sent to the management
console for review and response.
This system enables detection of threats such as malware, unauthorized access
Page 20 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
attempts, or data exfiltration. By being network-focused, it monitors traffic in
real-time without interfering with endpoint operations.

5. Attempt any TWO of the following : 12M

(a) Draw and explain DOS & DDOs attack in detail. 6M
Ans. 1. DoS Attack: A single computer sends an overwhelming number of requests to a Explanation
target server or network. The server becomes overwhelmed and unable to respond to of attacks
legitimate user requests. 2M each
&
Correct
diagram 1M
each
Key Characteristics:

a) Only one attacking system is involved.

b) Easier to identify and block since all malicious traffic originates from a single
source.
c) Limited in scale compared to DDoS attacks.

Fig: DoS Attack

2. DDoS Attack: Multiple computers, often part of a botnet (a network of

compromised devices), send a massive volume of requests to the target server
simultaneously. This results in overloading the server and causing a service outage.

Key Characteristics:

a) Involves multiple attack systems (distributed nature).

b) Much harder to detect and mitigate because malicious traffic comes from various
IPs worldwide.
c) Larger scale, leading to a more significant impact.

Feature DoS DDoS

Source of Attack Single device Multiple devices
(botnet)

Page 21 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
Scale Limited Large-scale
Complexity Easier to detect and Harder to defend against
mitigate

Fig: DDoS Attack

Write short note on:
(b) (i) Digital signature 6M
(ii) Steganography
Ans. (i) Digital Signature: 3M for each
sub point
A digital signature is a cryptographic technique used to validate the authenticity,
integrity, and origin of digital data. It serves as a digital equivalent of a handwritten
signature or a stamped seal but is much more re. Digital signatures are widely used
in electronic communications to ensure that the message or document received has
not been tampered with and that it genuinely comes from the stated sender.

Key Features of Digital Signatures:

1. Authentication: Confirms the identity of the sender, ensuring that the

document or message is from a trusted source.
2. Integrity: Ensures that the data has not been altered during transmission. Any
modification would render the signature invalid.
3. Non-Repudiation: Prevents the sender from denying their involvement in
signing the message or document.

How Digital Signatures Work:

1. The sender generates a hash (a fixed-size string of characters representing the

Page 22 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
data) of the message or document.
2. The hash is then encrypted using the sender’s private key to create the digital
signature.
3. The digital signature is attached to the document and sent to the receiver.
4. The receiver decrypts the signature using the sender’s public key and compares
the hash to verify authenticity.

Applications:

1. Secure email communication.

2. Digital contracts and agreements.
3. Software distribution to verify authenticity.
4. Block chain transactions.

Advantages:

1. Enhances security in online communications.

2. Reduces fraud by preventing data tampering.
3. Builds trust in digital transactions.

(ii) Steganography:

Steganography is the practice of hiding secret information within ordinary,

non-secret data or media to avoid detection. Unlike cryptography, which
focuses on encrypting information to make it unreadable without a key,
steganography conceals the fact that a message exists at all. It is often used
for secure communication, where the presence of the hidden information
needs to remain undetected.

Key Features of Steganography:

1. Concealment: The primary goal is to hide information in a way that it is

imperceptible to unintended recipients.
2. Carrier Mediums: Information can be hidden in various types of media, such
as:
▪ Images (most common)
▪ Audio files
▪ Video files
▪ Text documents
▪ Network packets
3. Payload: The hidden message (text, image, or other data) is embedded into the
carrier medium without significantly altering its appearance or quality.

Page 23 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
How Steganography Works:

1. Embedding: 1. Secret information is embedded into the carrier medium using

algorithms.

For example:

▪ In images, the least significant bit (LSB) of pixel values is altered to

encode data.
▪ In audio, minor changes to frequencies or amplitude are used.
2. Extraction: The recipient uses a predefined key or algorithm to extract the
hidden information.

Applications:

1. Covert Communication: Used for secure information transfer without

attracting attention.
2. Digital Watermarking: Embedding copyright or ownership information into
digital media.
3. Data Protection: Hiding sensitive data in plain sight.

Advantages:

1. Provides an additional layer of security by disguising the presence of secret

data.
2. Easy to combine with cryptographic techniques for enhanced security.

(c) Explain Kerberos with the help of suitable diagram. 6M

Ans. Kerberos is a network authentication protocol designed to provide secure 2M for
communication over an insecure network. It uses a trusted third-party explanation,
authentication system (Key Distribution Centre or KDC) and cryptographic tickets 2M for
to verify users and services. Kerberos was developed at MIT as part of the Project process
Athena initiative in the 1980s and is widely used in enterprise environments, &
particularly in Windows Active Directory and UNIX/Linux systems. 2M for
Correct
Components: diagram

1. User/Client: The entity that requests access to a service.

2. Key Distribution Centre (KDC):

a) Authentication Server (AS):

Validates the user and issues a Ticket Granting Ticket (TGT).
b) Ticket Granting Server (TGS): Issues service tickets based on the TGT.

Page 24 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme

3. Application Server: The service the user wants to access.

Steps in the Kerberos Authentication Process:

1. Request for Authentication: The client sends a request to the Authentication

Server (AS), typically including the username.
2. Issuance of TGT: The AS authenticates the client (using a shared secret, like a
password) and issues a Ticket Granting Ticket (TGT) encrypted with the client’s
key. The TGT includes an expiration time.
3. Request for Service Ticket: The client sends the TGT to the Ticket Granting
Server (TGS) along with the requested service details.
4. Issuance of Service Ticket: The TGS validates the TGT and issues a Service
Ticket, which includes session keys for communication with the application server.
5. Access to the Application Server: The client presents the service ticket to the
Application Server, which validates it. Once validated, the client is granted access
to the service.

Key Features:

1. Time-based Tickets: Ensures tickets are valid only for a specific time period,
reducing misuse.
2. Mutual Authentication: Both client and server confirm each other’s identity
3. Single Sign-On (SSO): Users authenticate once and gain access to multiple
services.
4. Symmetric Cryptography: Kerberos primarily uses symmetric encryption
(e.g., AES or DES) for encrypting tickets and session keys.
5. Mutual Authentication: Both the client and the server verify each other’s
identity, reducing the risk of man-in-the-middle attacks.
6. Replay Attack Protection: Kerberos includes timestamps in its tickets,
ensuring that old or duplicated tickets cannot be reused.
7. Single Sign-On (SSO): Users authenticate once and can access multiple
services within the network without re-entering credentials.

Page 25 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme

Fig: Kerberos working

6. Attempt any TWO of the following : 12M
Describe following terms w.r.t. biometric:
(i) Finger Print Analysis
(a) 6M
(ii) Retina Scan
(iii) Keystroke
Ans. (i) Fingerprint Analysis in Biometrics: 2M for each
Fingerprint analysis is a biometric authentication method that uses the unique sub point
patterns of ridges and valleys on a person's finger to identify or verify their identity.
Since no two individuals (even identical twins) have the same fingerprint patterns,
fingerprint analysis is one of the most reliable and widely used biometric
techniques.

Key Features of Fingerprint Analysis:

1. Uniqueness: Each individual has a unique fingerprint pattern, including

minutiae points (specific ridge characteristics) and overall ridge flow.
2. Permanence: Fingerprints remain relatively unchanged throughout an
individual's life, making them reliable for long-term identification.
3. Collectability: Fingerprints are easy to capture using various hardware like
optical, capacitive, or ultrasonic scanners.

How Fingerprint Analysis Works:

1. Fingerprint Acquisition: A scanner or sensor captures the fingerprint image.

Types of sensors:
Page 26 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
▪ Optical: Uses light to capture the ridge patterns.
▪ Capacitive: Measures electrical differences in ridge and valley patterns.
▪ Ultrasonic: Uses sound waves to map the fingerprint structure.
2. Feature Extraction: Algorithms extract specific features like:
▪ Minutiae Points: Ridge endings and bifurcations (branching points).
▪ Core and Delta Points: Central points and triangular patterns.
▪ Ridge counts and flow patterns.
3. Template Creation: The extracted features are stored as a mathematical
representation (not as an actual image) to ensure privacy.
4. Matching: The template is compared to stored fingerprint templates in the
database during verification or identification.

Applications:

1. Authentication: Used in smartphones, laptops, and access control systems.

2. Forensics: Crime scene investigations often use fingerprint analysis to identify
suspects.
3. Attendance and Time Tracking: Widely used in workplaces and schools for
employee and student tracking.
4. Government Identification: Used in systems like Aadhaar (India) or
fingerprint-based passports for identification.

(iii) Retina Scan in Biometrics:

Retina scanning is a biometric technique that uses the unique patterns of blood
vessels in the retina (a thin layer of tissue at the back of the eye) to identify or
verify a person's identity. The retina's intricate vascular patterns are unique to each
individual, even between identical twins, and remain stable over time, making this
method highly accurate and secure.

Key Features of Retina Scan:

1. Uniqueness: The arrangement of blood vessels in the retina is unique to every

person. Even two eyes of the same individual have different patterns.
2. Permanence: Retinal patterns remain unchanged throughout life unless affected
by diseases such as glaucoma or diabetes.
3. High Accuracy: Retina scanning is one of the most reliable and precise
biometric methods, with a very low false acceptance rate (FAR).

How Retina Scanning Works:

1. Image Capture: The individual looks into a scanner, which emits a low-energy
infrared light. The light illuminates the retina and highlights the blood vessels.
Page 27 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
2. Pattern Detection: The scanner captures the reflected light, mapping the blood
vessel pattern of the retina.
3. Template Generation: The captured image is converted into a digital template
using algorithms that store the unique features.
4. Matching: During authentication, the scanned retina is compared to pre-stored
templates in a database for identity verification.

Applications of Retina Scanning:

1. High-Security Access Control: Used in military facilities, laboratories, and

secure government areas.
2. Healthcare: Retinal scans can also help detect certain medical conditions, such
as diabetes, hypertension, or retinal diseases.
3. Law Enforcement and Forensics: Used for identifying individuals in criminal
investigations.

(iii) Keystroke Dynamics in Biometrics

Keystroke dynamics is a behavioural biometric technique that analyses a person’s

unique typing patterns on a keyboard to identify or authenticate them. Every
individual has a distinct typing rhythm and style, which can be captured and
analysed to enhance security.

Key Features of Keystroke Dynamics:

1. Behavioural Biometric: Unlike physical biometrics (e.g., fingerprints or

retina), keystroke dynamics rely on the unique behaviours and habits of individuals.
2. Uniqueness: Typing speed, rhythm, and pressure vary significantly from one
person to another, making it a reliable form of authentication.
3. Non-Intrusive: Keystroke analysis happens passively in the background as the
user types, without requiring any special hardware.

How Keystroke Dynamics Work:

1. Data Collection: The system captures a user’s typing patterns during regular
use or during a pre-defined training phase. Metrics analysed include:
▪ Dwell Time: The time a key is pressed.
▪ Flight Time: The time between releasing one key and pressing the next.
▪ Typing Speed: Overall speed at which the user types.
▪ Error Patterns: How a user handles mistakes (e.g., use of the
backspace key).
2. Template Creation: The system uses the collected data to create a biometric
Page 28 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
profile or template of the user’s typing patterns.
3. Verification: During authentication, the user’s current typing behaviour is
compared to the stored profile.
4. Machine Learning Models: Advanced systems use AI and machine learning to
continuously improve the accuracy of keystroke dynamics by adapting to changes
in a user's typing style over time.

Applications of Keystroke Dynamics:

1. Authentication: Used in systems where passwords are required; adds a second

layer of verification by analysing how the password is typed.
2. Fraud Detection: Helps detect unauthorized users who may know a legitimate
user's password but cannot mimic their typing pattern.
3. Continuous Monitoring: Used for continuous authentication in workplaces or
secure environments, where the system monitors typing behaviour throughout a
session.

Draw and explain following terms:

(b) (i) Packet Filter Firewall 6M
(ii) Proxy Server
Ans. (i) Packet Filter Firewall: 2 M for
explanation
A Packet Filter Firewall is a type of network security device that controls the flow &
of data packets in and out of a network based on a set of predefined rules. It operates 1 M for
Correct
at the network layer (Layer 3) and sometimes the transport layer (Layer 4) of the
diagram
OSI model. It examines packets individually without keeping track of any (each sub
established connections. point)

Key Features:

1. Rules-Based Filtering: It uses rules defined by the network administrator to

allow or block packets. Rules are typically based on:

• Source and destination IP addresses.

• Source and destination port numbers.
• Protocols (e.g., TCP, UDP, ICMP).

2. Stateless Operation: Packet filtering firewalls are typically stateless, meaning

they do not monitor the state of connections (e.g., whether a connection is
established or terminated).
3. Fast and Lightweight: Because it only examines the packet headers and does
not maintain connection states, it is relatively faster and uses fewer resources
compared to more advanced firewalls.
Page 29 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
4. Limited Context Awareness: It cannot inspect packet contents or track
application-level data (e.g., HTTP requests).

How it Works:

When a packet arrives at the firewall:

1. The packet's header information (IP addresses, port numbers, protocol) is

extracted.
2. The firewall evaluates the packet against its filtering rules. If the packet
matches a rule that allows it, the packet is forwarded to its destination. If the packet
matches a rule that blocks it, the packet is discarded.
3. If no rule matches, the firewall applies a default action (allow or block, based
on its configuration).

Advantages:
1. Simple to implement and configure.
2. Efficient for networks with basic traffic control needs.
3. Can prevent unauthorized access based on IP addresses or port numbers.

Disadvantages:
1. Lacks the ability to inspect deeper packet contents (e.g., payload).
2. Cannot detect malicious traffic hidden in allowed protocols (e.g., HTTP or
HTTPS).
3. Does not track connection states, leading to potential security gaps.

Example Use Case: A packet filter firewall might block incoming packets from
specific IP addresses (e.g., known malicious sources) or disallow access to certain
ports (e.g., 22 for SSH) to restrict unauthorized access to a server.

Fig: Packet Filter Firewall

(ii) Proxy Server:

Page 30 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
A Proxy Server is an intermediary server that sits between a client (such as a user’s
computer) and the server providing the service (such as a website). The proxy
server makes requests on behalf of the client and then forwards the response back to
the client. It acts as a "gateway" that facilitates or controls communication between
a user and the internet or other network resources.

Key Features:

1. Intermediary Role: A proxy server performs as an intermediary between the

client (user) and the server (website). When a client sends a request to access a
resource, the proxy makes the request to the server, receives the data, and then
sends it back to the client.
2. Network Address Translation (NAT): When using a proxy, the client’s real IP
address is often hidden. The proxy server uses its own IP address for
communication with the outside world, masking the client's identity.
3. Caching: Proxy servers often cache (store) responses from the server. If the
same request is made again, the proxy can return the cached data without needing to
contact the original server, improving speed and reducing load on the original
server.
4. Content Filtering: Proxy servers can be configured to filter content, such as
blocking access to specific websites or content based on keywords, URLs, or
categories.
5. Security: A proxy can enhance security by hiding internal IP addresses, and by
acting as a barrier to malicious traffic, reducing the exposure of a network or device
to the outside world.
6. Access Control: A proxy server can control access to resources, allowing or
blocking traffic based on IP addresses, user credentials, or other criteria.

How it Works:

1. A client (e.g., a user’s web browser) sends a request to access a resource, such
as a webpage.
2. The proxy server intercepts the request and makes the same request to the
destination server (e.g., the website).
3. The destination server responds with the requested resource (e.g., the webpage).
4. The proxy server forwards the resource back to the client.
5. If the proxy server has cached the resource (and caching is enabled), it can
return the cached content without querying the destination server.

Types of Proxy Servers:

1. Forward Proxy: The most common type, used by clients (e.g., users) to access

Page 31 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
external resources. It typically serves for anonymity, content filtering, or bypassing
restrictions.
2. Reverse Proxy: Positioned in front of one or more web servers, it handles
incoming requests and forwards them to the appropriate server in the back-end.
Reverse proxies are often used to load balance traffic, improve security, and
optimize performance.
3. Transparent Proxy: This type does not modify the request or response, and the
client is often unaware of its presence. It is used for monitoring or caching.
4. Anonymous Proxy: This type of proxy hides the user's IP address from the
destination server, providing some level of anonymity.
5. High Anonymity Proxy: This proxy not only hides the client’s IP address but
also makes it appear as though the client is not using a proxy at all.

Advantages:
1. Privacy and Anonymity: By hiding the client’s IP address, proxies provide
anonymity for users.

2. Improved Performance: Caching frequently requested resources can speed up

access to those resources.

3. Access Control: Proxies can restrict access to certain websites or content, either
for security reasons or to enforce company policies.

4. Security: Proxies can prevent direct access to internal servers, reducing

exposure to attacks.

Disadvantages:
1. Single Point of Failure: If the proxy server goes down, clients may be unable
to access the resources they need.

2. Slower Performance: In some cases, proxy servers can slow down traffic due
to their intermediary role, especially if they are overloaded.

3. Limited Security: While proxies provide some security features, they are not a
substitute for other security measures like firewalls and intrusion detection systems.

Example Use Case:

Page 32 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme

Fig: Proxy Server

(c) Explain following terms of intellectual property right:

(i) Copyright
6M
(ii) Patent
(iii) Trademark
Ans. (i) Copyright: 2 M for
each sub
Copyright is a type of intellectual property right that grants the creator of original point
works exclusive rights to their use and distribution. These works can include a
wide variety of creative outputs such as books, music, films, software, artwork,
and more. Copyright provides the creator with control over how their work is used,
ensuring they are compensated for its use and protecting it from unauthorized
copying or distribution.

Key Features of Copyright:

1. Exclusive Rights: Copyright holders have exclusive rights to reproduce,

distribute, perform, display, and create derivative works based on their original
work.
2. Originality: Copyright applies only to original works of authorship
3. Automatic Protection: In many jurisdictions (including the United States),
copyright protection is granted automatically when a work is created and fixed in a
tangible medium of expression (e.g., written down, recorded, or otherwise
captured).
4. Duration: Copyright typically lasts for the lifetime of the author plus a set
number of years (e.g., 70 years in many countries).
5. Transferability: Copyright can be transferred or licensed to others.
6. Moral Rights: In addition to economic rights (like the right to copy or
distribute), some countries also grant moral rights to authors, including the right to

Page 33 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
attribution and the right to object to derogatory treatment of the work.

Types of Works Protected by Copyright:

• Literary works: Novels, articles, poems, and computer programs.

• Musical works: Compositions, lyrics, and sheet music.
• Dramatic works: Plays, screenplays, and choreography.
• Artistic works: Paintings, sculptures, drawings, and photographs.
• Audio-visual works: Films, TV shows, and videos.
• Sound recordings: Recorded music and other audio recordings.
• Architectural works: Designs and plans for buildings.

How Copyright Works:

1. Creation: A creator develops an original work (e.g., writing a novel,

composing a song).
2. Fixation: The work is fixed in a tangible form (e.g., writing the novel on
paper, recording the song).
3. Rights: The creator automatically gains the rights to use and control the work.
4. Enforcement: The creator can take legal action against unauthorized use of the
work, such as suing for infringement or seeking damages..

(ii) Patent:

A Patent is an intellectual property right granted to an inventor for a new, useful,

and non-obvious invention or process. It provides the inventor with exclusive
rights to prevent others from making, using, selling, or distributing the patented
invention without permission, typically for a limited period (usually 20 years from
the filing date of the patent application).

Key Features of a Patent:

1. Exclusive Rights: The patent holder has the exclusive right to use, make, sell,
or license the invention.
2. Invention: The patent is granted for new inventions or improvements to
existing inventions.
3. Novelty: To qualify for a patent, the invention must be novel, meaning it must
be new and not previously disclosed to the public in any form (e.g., published in
scientific papers, patents, or existing products).
4. Non-Obviousness: The invention must not be obvious to someone skilled in
the relevant field based on existing knowledge or inventions.
5. Utility: The invention must be useful and capable of providing some practical
benefit.

Page 34 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
6. Disclosure Requirement: To obtain a patent, the inventor must publicly
disclose detailed information about the invention, including how it works and how
to make it.
7. Limited Duration: Patents typically last for 20 years from the filing date (in
most countries), after which the invention enters the public domain, and anyone
can use it without permission.

Types of Patents:

1. Utility Patents: These are the most common type and cover new inventions or
functional improvements to existing products or processes. Examples include
machines, tools, software algorithms, or chemical compounds.
2. Design Patents: These protect the aesthetic design of an article or product,
such as the unique visual appearance of a chair or a smartphone. They do not cover
the functionality of the item.
3. Plant Patents: These are granted for new, distinct, and asexually reproduced
varieties of plants (e.g., new strains of flowers or crops).

How a Patent Works:

1. Application: The inventor files a patent application with a national or

international patent office. The application must include detailed descriptions,
drawings (if necessary), and claims outlining the scope of the invention's
protection.
2. Examination: The patent office examines the application to ensure that the
invention meets the requirements of novelty, non-obviousness, and utility. This
may involve a search of prior patents and publications to verify that the invention
is truly new.
3. Granting: If the patent office is satisfied with the application, it grants the
patent and issues a patent certificate, giving the inventor exclusive rights to the
invention.
4. Enforcement: The patent holder can enforce their rights by taking legal action
against others who use the patented invention without permission, such as suing
for patent infringement.

(iii) Trademark:

A Trademark is a form of intellectual property that protects brands, logos,

symbols, names, words, designs, or other identifiers that distinguish goods or
services of one business from those of another. The purpose of a trademark is to
help consumers identify the source of a product or service and to prevent confusion
in the marketplace. Trademarks serve as a symbol of quality, reputation, and

Page 35 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
consumer trust.

Key Features of a Trademark:

1. Distinctiveness: For a trademark to be protected, it must be distinctive,

meaning it must be capable of identifying the source of the goods or services.
2. Source Identification: A trademark is primarily used to identify the source of
goods or services.
3. Exclusive Rights: A trademark owner has the exclusive right to use the mark
in connection with the goods or services for which it is registered.
4. Durability and Duration: Trademarks can potentially last indefinitely as long
as they are actively used in commerce and their registration is properly maintained
(through renewals, etc.).
5. Registration: While trademark rights are automatically acquired through use
in commerce in many countries (common law rights), registering a trademark with
a relevant government office (e.g., the United States Patent and Trademark
Office (USPTO)) provides additional legal benefits, such as nationwide
protection, a public record of ownership, and the right to sue for infringement in
federal court.

Types of Trademarks:

1. Product Marks: Trademarks that identify the source of a specific product,

such as a logo or brand name on a product (e.g., Nike logo on sports shoes).
2. Service Marks: Similar to product marks, but they apply to services rather
than goods (e.g., FedEx for courier services).
3. Collective Marks: These marks are used by members of a group or association
to indicate membership or affiliation (e.g., the CPA logo for certified public
accountants).
4. Certification Marks: These marks are used to certify the origin, quality, or
characteristics of goods or services (e.g., UL mark for safety certifications on
electrical products).

How a Trademark Works:

1. Creation: A business or individual creates a logo, name, symbol, or slogan

that represents its products or services.
2. Use in Commerce: The mark is used in the marketplace to identify and
distinguish the product or service.
3. Registration: The trademark owner can register the mark with a national or
regional trademark office, such as the USPTO in the U.S. or the European Union
Intellectual Property Office (EUIPO) for EU-wide protection.

Page 36 of 37
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION
(Autonomous)
(ISO/IEC - 27001 - 2013 Certified)
_________
Winter-2024 EXAMINATION
Model Answer – Only for the Use of RAC Assessors
Subject Name: Network an Information Security Subject Code: 22620

Q. Sub Marking
Answer
No. Q. N. Scheme
4. Enforcement: The trademark holder has the right to enforce the trademark by
taking legal action against others who use a confusingly similar mark in a way that
could cause consumer confusion or dilution of the trademark's value.

Page 37 of 37