Network and Information Security 22620

Chapter 4
2 marks questions

Q.1. Define Firewall and List needs of Firewall

Ans: A Firewall is a networking device it may be hardware, software or a combination of both. The purpose
of the firewall is to ensure a security policy across its connection.
Needs of a Firewall:
1. Acts as a Barrier – Protects your PC from unauthorized access by cyber threats.
2. Monitors Data Packets – Filters incoming and outgoing data to ensure security.
3. Prevents Hacking – Blocks malicious attempts to access sensitive information.
4. Secures Personal Data – Safeguards bank details, passwords, and other confidential information.
5. Enhances Network Security – Ensures only trusted connections are established.

Q.2. List firewall policies

Ans: Firewall Policies:
1. Access Control Policy
2. Traffic Filtering Policy
3. Intrusion Prevention Policy
4. VPN Policy
5. Logging and Monitoring Policy
6. Application Control Policy
7. Data Protection Policy
8. User Authentication Policy
9. Malware Protection Policy
10. Content Filtering Policy

Q.3. What is vulnerability assessment?

Ans: A vulnerability assessment checks a system for security weaknesses and risks. It helps identify issues that
hackers could use to gain access or steal information. By finding these problems early, organizations can take steps to
fix them and keep their data safe. This assessment also ensures that important information remains secure, reliable,
and available. This process helps fix issues like XSS and SQL injection before they cause damage.

Q.4. State Anomaly detection

Ans: Anomaly detection is a method used to spot anything unusual or out of the ordinary in data. It helps
find problems like security threats or system errors by noticing things that don’t match normal patterns. For
example, if someone does something they don’t usually do, like accessing a lot of sensitive information,
anomaly detection can alert you to investigate.

Q.5. Define: Honeypots.

Ans: A honeypot is a cybersecurity technique that creates fake targets to distract hackers from real systems.
It can simulate things like software, servers, or entire networks. Organizations use the data from honeypots
to strengthen their security and find weaknesses in their systems.
4 marks questions

Q.1. Explain DMZ with diagram

Ans:

Or

1. A DMZ is a computer or small network placed between a company’s private network and the public
network.
2. It stops outside users from directly accessing the company’s data server and makes the network more
secure.
3. The DMZ setup has a separate host that handles requests from the private network to access websites on
the public network.
4. Outside users can only access the DMZ, not the private company network.
5. It can store the company’s public web pages for outside users to access.
6. If an outsider breaches the DMZ, only the web pages may be damaged, but the company’s private
information stays safe.
Q.2. What is IDS? Explain Host Based IDS with diagram.
Ans: IDS: Intrusion is when a hacker gains access to a system without permission.
An Intrusion Detection System (IDS) watches network traffic for suspicious activity and alerts the admin
if something bad is found. It helps protect the system by spotting harmful actions and identifying normal vs.
dangerous connections.
Host Based IDS: This Intrusion Detection System treats each host (like a PC or server) as its own system. It
monitors the files and data coming in and out of the host. It works by comparing the current state of the
system to a previous snapshot. If nothing has changed, the system is safe. But if there are changes, it might
indicate a possible attack.
Host based IDS monitors certain activities like: (this part is optional)
1. Logins at odd hours
2. Login authentication failure
3. Adding new user account
4. Use of a certain program
Q.3. What is IDS? Explain Network Based IDS with diagram.
Ans:
IDS: Intrusion is when a hacker gains access to a system without permission.
An Intrusion Detection System (IDS) watches network traffic for suspicious activity and alerts the admin
if something bad is found. It helps protect the system by spotting harmful actions and identifying normal vs.
dangerous connections.
Network Based IDS: This Intrusion Detection System monitors the entire network, including mixed and hybrid
environments like cloud systems. If it detects anything unusual or malicious, it sends alerts to notify of potential
threats.
NIDS (Network-Based IDS) Monitors: (this part is optional)
1. Network traffic between devices.
2. Data packets traveling across the network.
3. Suspicious activity or unusual patterns.
4. Connections made within the network.
Q.4. List types of firewalls. Explain Packet Filtering firewall with diagram.
Ans:
Types:
1. Packet Filters
2. Stateful Inspection Firewalls
3. Application Layer Firewalls
4. Next-generation Firewalls
5. Circuit-level Gateways
6. Software Firewall
7. Hardware Firewall
8. Cloud Firewall

Packet Filtering firewall: A packet filter controls network access by checking incoming and outgoing data
packets. It decides whether to allow or block packets based on their source and destination IP addresses,
protocols, and ports. This type of firewall is also called a static firewall.

Q.5. List types of firewalls. Explain Application Gateways firewall with diagram
Ans:
1. Packet Filters
2. Stateful Inspection Firewalls
3. Application Layer Firewalls
4. Next-generation Firewalls
5. Circuit-level Gateways
6. Software Firewall
7. Hardware Firewall
8. Cloud Firewall

Application Gateways Firewall: These firewalls can check information at the application. If they find any
suspicious or unsafe application, they block it immediately to protect the network.
Q.6. List types of firewalls. Explain Circuit Gateways firewall with diagram.
Ans:
1. Packet Filters
2. Stateful Inspection Firewalls
3. Application Layer Firewalls
4. Next-generation Firewalls
5. Circuit-level Gateways
6. Software Firewall
7. Hardware Firewall
8. Cloud Firewall

Circuit Gateway Firewall: A circuit-level gateway is a firewall that secures UDP and TCP connections. It
works between the transport and application layers of the OSI model, focusing on the session layer. This
firewall checks the connection setup to make sure it's safe and legitimate, helping protect the network from
unauthorized access while allowing valid connections to pass through.’

Q.7. List types of firewalls. Explain Stateful Packet Filtering firewall with diagram.
Ans:
1. Packet Filters
2. Stateful Inspection Firewalls
3. Application Layer Firewalls
4. Next-generation Firewalls
5. Circuit-level Gateways
6. Software Firewall
7. Hardware Firewall
8. Cloud Firewall

Stateful Packet Filtering firewall: A stateful firewall works at Layers 3 and 4 of the OSI model. It tracks
approved network connections and saves them in a state table. This table records information for allowed
TCP or UDP connections. If there’s no traffic for a set time, the connection is removed from the table.
Chapter 5
2 marks question
Q.1. Define:
1) Cyber-crime: Cyber-crime is illegal activity done using computers or the internet, like hacking or online
fraud. It can harm individuals or organizations.
2) PKI (Public key infrastructure): PKI is a system that uses two keys (public and private) to secure online
communication and verify identities. It helps keep data safe when exchanged online.

Q.2. List needs of cyber laws.

Ans:
1. Protects against cyber-crimes
2. Ensures data privacy
3. Regulates online transactions
4. Promotes safe internet use
5. Resolves disputes
6. Protects intellectual property
7. Ensures national security
8. Encourages digital growth

Q.3. What is cyber defamation?

Ans: Cyber defamation is when someone damages another person’s reputation online. This usually happens
when people post negative, false comments about the victim on public platforms like social media. Both
celebrities and regular people can be targeted by cyber defamation.

Q.4. Define Hacking. List types of Hackers.

Ans: Hacking is the act of gaining unauthorized access to a computer system, network, or device in order to
steal, alter, or destroy data.
Types:
1. Black Hat Hacker
2. White Hat Hacker
3. Grey Hat Hacker
4. Elite Hacker
5. Script Hacker

Q.5. What is Indian cyber law & list two types.

Ans: Indian Cyber Law refers to legal regulations governing online activities in India, mainly covered by
the Information Technology Act, 2000. It addresses cybercrimes, data protection, digital signatures, e-
commerce, and cybersecurity to ensure safe internet use and protect against online threats.
Types:
1. Cybercrime Laws
2. Data Protection Laws
Q.6. Explain PGP
Ans: Pretty Good Privacy (PGP) is an encryption software used to secure digital communication and ensure
the confidentiality, integrity, and authenticity of information. It combines both symmetric-key and public-
key cryptography to protect data.
In symmetric-key cryptography, the same key is used to encrypt and decrypt data. In public-key
cryptography, two keys are used: a public key for encryption and a private key for decryption.
PGP provides the following services:
1. Authentication: Verifies the identity of the sender.
2. Confidentiality: Ensures the data is kept private by encrypting it.
3. Email Compatibility: Secures emails and works with email systems.
4. Segmentation: Divides large data into smaller encrypted parts for easy transfer.

Q.7. Explain cybercrimes against Government.

Ans: Cybercrimes against governments involve harmful activities like cyberterrorism, hacking, and data
breaches that target government systems, data, and operations. These crimes can seriously damage national
security and stability.

Q.8. Explain cybercrimes against individual.

Ans: Cybercrime against individuals involves using the internet to harm or exploit people. This includes
hacking, phishing, cyberstalking, identity theft, and spreading malware, all to steal personal information,
damage reputation, or cause harm.

Q.9. Explain SMTP

Ans: SMTP is an application layer protocol used to send emails. The client connects to the SMTP server via
TCP, using port 25. The server is always ready to accept connections. Once the connection is made, the
client sends the email immediately.

4 marks question
Q.1. Explain SMTP.
Ans: SMTP is an application layer protocol. The client who wants to send the mail opens a TCP connection
to the SMTP server and then sends the mail across the connection. The SMTP server is an always-on
listening mode. As soon as it listens for a TCP connection from any client, the SMTP process initiates a
connection. After successfully establishing a TCP connection the client process sends the mail
instantly. SMTP uses command and response to transfer message between a (Mail Transfer Agent) MTA
Client and a MTA Server.
Q.2. List different types of cyber-crime & explain hacking.
Ans: types of cybercrimes:
1. Hacking
2. Phishing
3. Cyberstalking
4. Identity Theft
5. Malware
6. Online Fraud
7. Data Breach
8. Cyberterrorism
9. Child Exploitation
10. Intellectual Property Theft

Hacking: Hacking is the act of gaining unauthorized access to a computer system, network, or device in
order to steal, alter, or destroy data.
Types:
1. Black Hat Hacker
2. White Hat Hacker
3. Grey Hat Hacker
4. Elite Hacker
5. Script Hacker

Q.3. Explain working of Kerberos with diagram.

Ans:
1. User Login: User requests a ticket for services.
2. Authentication: Server checks credential and sends a ticket with a session key.
3. Decryption: User decrypts the message and sends the ticket to the Ticket Granting Server.
4. Ticket Granting Server: Server verifies and creates a service request ticket.
5. Send Ticket to Server: User sends the ticket to the service server.
6. Access Granted: Server verifies and grants access to the service.
Q.4. Explain PGP. 5. Explain ITIL framework.
Ans: Pretty Good Privacy (PGP) is an encryption software used to secure digital communication and ensure
the confidentiality, integrity, and authenticity of information. It combines both symmetric-key and public-
key cryptography to protect data.
In symmetric-key cryptography, the same key is used to encrypt and decrypt data. In public-key
cryptography, two keys are used: a public key for encryption and a private key for decryption.
ITIL framework:

Q.6. Explain IPsec security with help of diagram.

Ans:

IPSec (Internet Protocol Security) is used to protect data when it travels over the Internet. It creates secure
connections between devices, ensuring that information stays safe from unauthorized access. IPSec operates
in two modes: Transport Mode and Tunnel Mode.
IPSec uses two main protocols: AH (Authentication Header) and ESP (Encapsulating Security Payload). AH
verifies that the data comes from a trusted source and hasn't been altered, while ESP both authenticates and
encrypts the data to protect it from being read.
For encryption, IPSec uses cryptographic keys, which are created and shared using a process called IKE
(Internet Key Exchange) to ensure secure connections.
Q.7. Explain types of cybercrime in details.
Ans:
Types of Cyber Crime:
1. Cyber Crimes Against Networks or Devices:
o Malware: Harmful software like viruses that damage or steal data. Example: Ransomware
that locks files until paid.
o DoS Attacks: Overloading a system with traffic to make it crash. Example: DDoS attack on a
website.
o Phishing: Fake messages tricking people into giving personal info. Example: Fake login
pages.
o Botnets: Hacked computers used for attacks or spamming. Example: Sending spam emails.
o Exploits: Using software weaknesses to steal data. Example: Hacking a banking app.
2. Crimes Using the Internet:
o Cyberstalking: Threatening or harassing someone online. Example: Sending harmful
messages.
o Financial Fraud: Stealing money or committing scams online. Example: Fake online stores
stealing credit card details.
o Identity Theft: Stealing someone’s personal details to commit fraud. Example: Using stolen
info for credit cards.
o Harassment: Bullying or discriminating people online. Example: Cyberbullying based on
race or gender.
o Intellectual Property Theft: Stealing ideas or content online. Example: Copying software to
sell as your own.