SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216

UNIT 4

Subject Name: NIS Model Answer Subject Code: 22620

Q.No. Answer Marking Scheme

a. Define firewall. Enlist types of firewalls. 2M
Ans- Definition Firewall: A firewall is a network security device that 1M for
monitors incoming and outgoing network traffic and permits or blocks definition
data packets based on a set of security rules. Its purpose is to establish 1M for
a barrier between your internal network and incoming traffic from listing any
external sources (such as the internet) in order to block malicious two types
traffic like viruses and hackers.
Types of Firewall :
1 .Packet Filter
2. Circuit level Gateway
3. Application Gateway
4. Software
5. Hardware
6. Hybrid
7. Stateful multilayer Inspection Firewall
b. Explain need for firewall. 2M
Ans- 1. A firewall is a network security device that monitors incoming Any two needs 2M
and outgoing network traffic and permits or blocks data packets
based on a set of security rules.
2.Its purpose is to establish a barrier between your internal network
and incoming traffic from external sources (such as the internet)
in order to block malicious traffic like viruses and hackers.
3.Firewalls can be an effective means of protecting a local system
or network of systems from network-based security threats while
at the same time affording access to the outside world via wide
area networks and the Internet.
c. State any two policies of the firewall 2M
Ans- 1.Service control: Determines the types of Internet services that can Any two policies
be accessed, inbound or outbound. The firewall may filter traffic 2M
on the basis of IP address, protocol, or port number; may provide
proxy software that receives and interprets each service request
before passing it on; or may host the server software itself, such as
a Web or mail service.
2.Direction control: Determines the direction in which particular
service requests may be initiated and allowed to flow through the
firewall.
3.User control: Controls access to a service according to which user
is attempting to access it. This feature is typically applied to users
inside the firewall perimeter (local users).
4.Behavior control: Controls how particular services are used. For

Prof.Wagh.P.R. SRCOE Page | 1

 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

example, the firewall may filter e-mail to eliminate spam, or it may

enable external access to only a portion of the information on a
local Web server.
d. Differentiate between host-based & network based IDS. 4M
Ans- 1M for each valid
point, any four
points can be
considered

Prof.Wagh.P.R. SRCOE Page | 2

 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

e. Explain DMZ. 4M
Ans- DMZ (Demilitarized Zone):- 1M for
It is a computer host or small network inserted as a “neutral diagram
zone” in a company‟s private network and the outside public network. 2M for
It avoids outside users from getting direct access to a company‟s data explanation
server. A DMZ is an optional but more secure approach to a firewall. It 1M for
can effectively acts as a proxy server.
 The typical DMZ configuration has a separate computer or host
in network which receives requests from users within the private
network to access a web sites or public network. Then DMZ host
initiates sessions for such requests on the public network but it is not
able to initiate a session back into the private network. It can only

Prof.Wagh.P.R. SRCOE Page | 3

 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

forward packets which have been requested by a host.

Advantage: The main benefit of a DMZ is to provide an internal

network with an additional security layer by restricting access to
sensitive data and servers. A DMZ enables website visitors to obtain
certain services while providing a buffer between them and the
organization's private network.
f. Differentiate between firewall & IDS. 4M
Ans- 1M for
each
correct
point
Any four
points

g. Describe DMZ with suitable example. 4M

Ans- DMZ (Demilitarized Zone): It is a computer host or small network Description
inserted as a “neutral zone” in a company‟s private network and the 2M
outside public network. It avoids outside users from getting direct
access to a company‟s data server. A DMZ is an optional but more Diagram
secure approach to a firewall. It can effectively acts as a proxy server. 1M
Prof.Wagh.P.R. SRCOE Page | 4
 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

The typical DMZ configuration has a separate computer or host in

network which receives requests from users within the private Any one
network to access a web sites or public network. Then DMZ host Example
initiates sessions for such requests on the public network but it is not 1M
able to initiate a session back into the private network. It can only
forward packets which have been requested by a host. The public
network‟s users who are outside the company can access only the
DMZ host. It can store the company‟s web pages which can be served
to the outside users. Hence, the DMZ can‟t give access to the other
company‟s data. By any way, if an outsider penetrates the DMZ‟s
security the web pages may get corrupted but other company‟s
information can be safe.

Examples:
1) Web servers
It‟s possible for web servers communicating with internal database
servers to be deployed in a DMZ. This makes internal databases more
secure, as these are the repositories responsible for storing sensitive
information. Web servers can connect with the internal database
server directly or through application firewalls, even though the DMZ
continues to provide protection.

2) DNS servers
A DNS server stores a database of public IP addresses and their
associated hostnames. It usually resolves or converts those names to
IP addresses when applicable. DNS servers use specialized software
and communicate with one another using dedicated protocols. Placing
a DNS server within the DMZ prevents external DNS requests from
gaining access to the internal network. Installing a second DNS
server on the internal network can also serve as additional security.

3)Proxy servers

Prof.Wagh.P.R. SRCOE Page | 5

 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

A proxy server is often paired with a firewall. Other computers use it

to view Web pages. When another computer requests a Web page, the
proxy server retrieves it and delivers it to the appropriate requesting
machine. Proxy servers establish connections on behalf of clients,
shielding them from direct communication with a server. They also
isolate internal networks from external networks and save bandwidth
by caching web content.
h. Explain honey pots. 4M
Ans- Honeypots are designed to purposely engage and deceive hackers and Explanation
identify malicious activities performed over the Internet. The 2M
honeypots are designed to do the following:
1. Divert the attention of potential attacker. Any
2. Collect information about the intruder‟s action. relevant
3. Provide encouragement to the attacker so as to stay for some time, diagram 2M
allowing the administrations to detect this and swiftly act on this.
Honeypots are designed for 2 important goals
1. Make them look-like full real-life systems.
2. Do not allow legitimate users to know about or access them.

i. Explain Host based IDS. 4M

Ans- (Host Intrusion Detection System (HIDS) - Explanation
Host intrusion detection systems (HIDS) run on independent hosts or 2M
devices on the network. A HIDS monitors the incoming and outgoing
packets from the device only and will alert the administrator if
suspicious or malicious activity is detected. It takes a snapshot of Relevant
existing system files and compares it with the previous snapshot. If diagram 2M
the analytical system files were edited or deleted, an alert is sent to
the administrator to investigate. Anexample of HIDS usage can be
seen on mission critical machines, which are not expected to change
their layout.

Prof.Wagh.P.R. SRCOE Page | 6

 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

Basic Components HIDS:

Traffic collector:
This component collects activity or events from the IDS to examine.
On Host-based IDS, this can be log files, audit logs, or traffic coming
to or leaving a specific system.
 Analysis Engine:
This component examines the collected network traffic & compares it
to known patterns of suspicious or malicious activity stored in the
signature database. The analysis engine acts like a brain of the IDS.
 Signature database:
It is a collection of patterns & definitions of known suspicious or
malicious activity.
 User Interface & Reporting:
This is the component that interfaces with the human element,
providing alerts & giving the user a means to interact with & operate
the IDS.
j. State any four difference between Firewall and Intrusion Detection 4M
System.

Prof.Wagh.P.R. SRCOE Page | 7

 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

Ans- Any four

differences
1M each

k. Demonstrate configuration of Firewall setting windows operating 4M

system.
Ans- A firewall is a device which monitors and filters all the incoming and Correct
outgoing network traffic and prevents unauthorized access to/within explanation 4M
the network. The firewall is the most important line of defense in
maintaining the security of the network and the application. Every
firewall has a set of rules predefined to allow type of data within the
network; accordingly, it allows or denies the incoming traffic within
the network.

Configuring firewalls on Windows 10

Since Windows is widely used at personal level, this article has been
written specifically for configuring firewalls on Windows.
These are the steps for opening any specific port on the Windows 10
firewall:
1) Search ―firewall‖ and click on Windows Defender Firewall, as
shown below:

Prof.Wagh.P.R. SRCOE Page | 8

 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

2) Click on Inbound Rules, as shown.

3) Click on New Rule, select port and click Next as shown:

Prof.Wagh.P.R. SRCOE Page | 9

 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

4) Enter a specific port number. In this case, it’s 443. Click Next.

5) Allow or block the connection as needed.

Prof.Wagh.P.R. SRCOE Page | 10

 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

6) Name the rule and description as needed.

7) The same steps need to be followed for allowing outbound

connection. In step 1, instead of selecting Inbound Rules, select
Outbound Rules and follow the same steps as above.
That’s easy it is to configure to allow or deny any connection for a
particular port on Windows 10.
l. Describe DMZ with suitable diagram. 4M
Ans- DMZ (Demilitarized Zone): It is a computer host or small network Explanation 2M
inserted as a ―neutral zone‖ in a company‟s private network and the
outside public network. It avoids outside users from getting direct
access to a company‟s data server. A DMZ is an optional but more Diagram 2M
secure approach to a firewall. It can effectively acts as a proxy server.
The typical DMZ configuration has a separate computer or host in
network which receives requests from users within the private
network to access a web sites or public network. Then DMZ host
initiates sessions for such requests on the public network but it is not
able to initiate a session back into the private network. It can only
forward packets which have been requested by a host. The public

Prof.Wagh.P.R. SRCOE Page | 11

 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

network‟s users who are outside the company can access only the
DMZ host. It can store the company‟s web pages which can be
served to the outside users. Hence, the DMZ can‟t give access to the
other company‟s data. By any way, if an outsider penetrates the
DMZ‟s security the web pages may get corrupted but other
company‟s information can be safe.

m. Define & explain. 6M

i) Circuit Gateway
ii) Honey Pots
iii) Application Gateway
Ans- i) Circuit level gateway does not permit an end-to-end TCP 2M for
connection; rather, the gateway sets up two TCP connections, one each
between itself and a TCP user on an inner host and one between itself definition
and a TCP user on an outer host. Once the two connections are and
established, the gateway typically relays TCP segments from one explanation
connection to the other without examining the contents. The security
function consists of determining which connections will be allowed. A
typical use of Circuit level gateways is a situation in which the system
administrator trusts the internal users. The gateway can be configured
to support application level or proxy service on inbound connections
and circuit level functions for outbound connections.

ii) Honey Pots

A relatively recent innovation in intrusion detection technology is the
honey pot. Honey pots are decoy systems that are designed to lure a
potential attacker away from critical systems. Honey pots are designed

Prof.Wagh.P.R. SRCOE Page | 12

 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

to:
divert an attacker from accessing critical systems
collect information about the attacker's activity
It encourages the attacker to stay on the system long enough for
administrators to respond. These systems are filled with fabricated
information designed to appear valuable but that a legitimate user of
the system wouldn‟t access. Thus, any access to the honey pot is
suspect.

iii) Application Gateway

An Application level gateway, also called a proxy server, acts as a
relay of application level traffic. The user contacts the gateway using a
TCP/IP application, such as Telnet or FTP, and the gateway asks the
user for the name of the remote host to be accessed. When the user
responds and provides a valid user ID and authentication information,
the gateway contacts the application on the remote host and relays TCP
segments containing the application data between the two endpoints.
Application level gateways tend to be more secure than packet filters.
It is easy to log and audit all incoming traffic at the application level. A
prime disadvantage is the additional processing overhead on each
connection.

n. Explain Policies, configuration & limitations of firewall. 6M

Ans- Policies of firewall: 1M for policies
a) All traffic from inside to outside and vice versa must pass through the
firewall. To achieve this all access to local network must first be 1M for listing
physically blocked and access only via the firewall should be configurati on

Prof.Wagh.P.R. SRCOE Page | 13

 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

permitted. As per local security policy traffic should be permitted. 2M for configurati
b) The firewall itself must be strong enough so as to render attacks on it on,
useless.
any one can be
Configuration of firewall explained 2M
There are 3 common firewall configurations.
1. Screened host firewall, single-homed bastion configuration for limitation, any
2. Screened host firewall, dual homed bastion configuration two points
3. Screened subnet firewall configuration
1. Screened host firewall, single-homed bastion configuration
In this type of configuration a firewall consists of following parts
i)A packet filtering router
(ii)An application gateway.
The main purpose of this type is as follows: Packet filter is used to
ensure that incoming data is allowed only if it is destined for
application gateway, by verifying the destination address field of
incoming IP packet. It also performs the same task on outing data by
checking the source address field of outgoing IP packet.
 Application gateway is used to perform authentication and proxy
function. Here Internal users are connected to both application
gateway as well as to packet filters therefore if packet filter is
successfully attacked then the whole Internal Network is
opened to the attacker.

2. Screened host firewall, dual homed bastion configuration

To overcome the disadvantage of a screened host firewall, single
homed bastion configuration, another configuration is available known
as screened host firewall, Dual homed bastion. n this, direct
connections between internal hosts and packet filter are avoided. As it
provide connection between packet filter and application gateway,
which has separate connection with the internal hosts. Now if the
packet filter is successfully attacked. Only application gateway is
visible to attacker. It will provide security to internal hosts.

Prof.Wagh.P.R. SRCOE Page | 14

 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

3. Screened subnet firewall configuration

It provides the highest security among all firewall configurations. It is
improved version over all the available scheme of firewall
configuration. It uses two packet filters, one between the internet and
application gateway and another between the application gateway and
the internal network. Thus this configuration achieves 3 levels of
security for an attacker to break into.

Limitations: (one mark)

1. Firewall do not protect against inside threats.
2. Packet filter firewall does not provide any content based filtering.
3. Protocol tunneling, i.e. sending data from one protocol to another
protocol which negates the purpose of firewall.
4. Encrypted traffic cannot be examine and filter.
o. List types of firewall and explain any one of them. 6M
Ans- (Note: Firewalls available in market can also be considered) List four
types 2M
List of firewall:
1. Packet filter as a firewall Diagram
2. Circuit level gateway firewall with
3. Application level gateway firewall explanation
4. Proxy server as a firewall of any one
5. Stateful multilayer Inspection Firewall 4M .
1. Packet filter as a firewall : As per the diagram given below
Firewall will act according to the table given for example source IP
150.150.0.0 is the IP address of a network , all the packets which are
coming from this network will be blocked by the firewall in this way
it is acting as a firewall. Table also having port 80, IP Address
Prof.Wagh.P.R. SRCOE Page | 15
 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

200.75.10.8 & port 23 firewall will act in the similar fashion. Port 23
is for Telnet remote login in this case firewall won‟t allow to login
onto this server. IP Address 200.75.10.8 is the IP address of
individual Host, all the packet having this IP address as a destination
Address will be denied. Port 80 no HTTP request allowed by firewall.

2. Circuit level gateway Firewalls: The circuit level gateway

firewalls work at the session layer of the OSI model. They monitor
TCP handshaking between the packets to determine if a requested
session is legitimate. And the information passed through a circuit
level gateway, to the internet, appears to have come from the circuit
level gateway. So, there is no way for a remote computer or a host to
determine the internal private ip addresses of an organization, for
example. This technique is also called Network Address Translation
where the private IP addresses originating from the different clients
inside the network are all mapped to the public IP address available
through the internet service provider and then sent to the outside
world (Internet). This way, the packets are tagged with only the
Public IP address (Firewall level) and the internal private IP
addresses are not exposed to potential intruders.

3. Application level gateway Firewalls: Application level firewalls

decide whether to drop a packet or send them through based on the
application information (available in the packet). They do this by
setting up various proxies on a single firewall for different
applications. Both the client and the server connect to these proxies
instead of connecting directly to each other. So, any suspicious data
or connections are dropped by these proxies. Application level
firewalls ensure protocol conformance. For example, attacks over http
Prof.Wagh.P.R. SRCOE Page | 16
 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

that violates the protocol policies like sending Non-ASCII data in the
header fields or overly long string along with NonASCII characters in
the host field would be dropped because they have been tampered
with, by the intruders.

4. Stateful multilayer Inspection Firewall (SMLI)

The stateful multi-layer inspection (SMLI) firewall uses a
sophisticated form of packet-filtering that examines all seven layers
of the Open System Interconnection (OSI) model. Each packet is
examined and compared against known states of friendly packets.
While screening router firewalls only examine the packet header,
SMLI firewalls examine the entire packet including the data. SMLI is
a mechanism that uses a sophisticated form of packet-filtering,
examining all major layers of the OSI model. In other words, this
type of filter examines packets on the network, transmission, and
application levels, comparing them to known trusted packets. SMLI
checks the entire packet and only allows it to pass through each layer
individually. Such firewalls inspect packets to assess the state of
communication in order to ensure that all facilitated communication
only takes place with trusted sources. To be more specific, an SMLI
firewall is not necessarily a single firewall implementation. Rather, it
is a series of firewalls that work in concert to secure traffic at
different levels of the OSI model. It may be a composition of a
stateless packet filter, a stateful firewall, as well as an application
level proxy. SMLI.

Prof.Wagh.P.R. SRCOE Page | 17

 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

p. Write a brief note on firewall configuration. 6M

Ans- A firewall is combination of packet filter and application level Diagram 2M
getway , Base on these there are three types of configurations

Explanation 4M

1. Screened Host firewall, Single-Homed Bastion

a) Here , the firewall configuration consist of two parts a packet
filter router and application level gateway
b) A packet filter router will insure that the income traffic will
allowded only if it is intended for the application gatway, by
examining the dstination address field of each incomming IP
Packet.
c) It will also insure that outgoing traffic is allowded only if it is
originated from appliocation level gateway, by examining the
source address field of every outgoing IP packet.
d) An application level gateway perfors authentication as well as
proxy function.

Prof.Wagh.P.R. SRCOE Page | 18

 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

Advantages: It improve security of network by performing checks at

both levels- thet is packet and application level.
It provide flexibility fexibility to the network administrator to define
more secure policies.
Disadvantages : Internal users are connected to the application
gateway as well as packet filter router , So if any how packet filter is
attacked , then the whole internal network is exposed to the attacker.
1. Screened Host Firewall , Dule Homed Bastion: In this type of
Configuration the direct connection between internal host and packet
filter are avoided.
Here the packet filter connection only to the application gateway,
which is turned as separate connection with the internal host.
Hence, Packet filter is successfully attacked, and then only
application gateway is visible to the attacker.

3 Screened Subnet Firewall

This type of configuration offer highest security among the possible
configurations
In this type two packet filters are used , one between internet and
application gateway and other in between application gateway and
internal network
This configuration achieve 3 level of security of an attacker to break

Prof.Wagh.P.R. SRCOE Page | 19

 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

Into

q. Describe network base IDS with suitable diagram. 6M

Ans- Diagram 2M

1. Network-based IDS focuses on network traffic —the bits & bytes

traveling along the cables & wires that interconnect the system. Explanation 4M
2. A network IDS should check the network traffic when it passes &
it is able to analyse traffic according to protocol type, amount, source,
destination, content, traffic already seen etc.
3. Such an analysis must occur quickly, &the IDS must be able to
handle traffic at any speed the network operates on to be effective.
4. Network-based IDSs are generally deployed so that they can
monitor traffic in &out of an organization’s major links like
connection to the Internet, remote offices, partner etc.
 Network-based IDSs looks for certain activities like:
 Denial of service attacks
 Port scans or sweeps
 Malicious content in the data payload of a packet or packets
 Vulnerability scanning Trojans, viruses, or worms
 Tunneling
 Brute-force attacks
OR
1. Traffic collector: This component collects activity or events from
the IDS to examine. On Host-based IDS, this can be log files, audit
logs, or traffic coming to or leaving a specific system. On Network
based IDS, this is typically a mechanism for copying traffic of the
Prof.Wagh.P.R. SRCOE Page | 20
 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

network link.
2. Analysis Engine: This component examines the collected network
traffic & compares it to known patterns of suspicious or malicious
activity stored in the signature database. The analysis engine acts like
a brain of the IDS.
3. Signature database: It is a collection of patterns & definitions of
known suspicious or malicious activity.
4. User Interface & Reporting: This is the component that interfaces
with the human element, providing alerts when suitable & giving the
user a means to interact with & operate the IDS.
Advantages:
 O.S specific and detailed signatures.
 Examine data after it has been decrypted.
 Very application specific.
 Determine whether or not an alarm may impact that specific.
Disadvantages:
 Should a process on every system to watch.
 High cost of ownership and maintenance.
 Uses local system resources.
 If logged locally, could be compromised or disable.
r. Write a brief note on firewall configuration 6M
i) Packet filter as a firewall
ii) Application level gateway firewall
iii) Circuit level gateway firewall
Ans- 1. Packet filter as a firewall : As per the diagram given below Explanation with
Firewall will act according to the table given for example source IP diagram 2M each
150.150.0.0 is the IP address of a network , all the packets which are
coming from this network will be blocked by the firewall in this way
it is acting as a firewall. Table also having port 80, IP Address
200.75.10.8 & port 23 firewall will act in the similar fashion. Port 23
is for Telnet remote login in this case firewall won’t allow to login
onto this server. IP Address 200.75.10.8 is the IP address of
individual Host, all the packet having this IP address as a destination
Address will be denied. Port 80 no HTTP request allowed by firewall.

Prof.Wagh.P.R. SRCOE Page | 21

 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

2. Application level gateway Firewalls: Application level firewalls

decide whether to drop a packet or send them through based on the
application information (available in the packet). They do this by
setting up various proxies on a single firewall for different
applications. Both the client and the server connect to these proxies
instead of connecting directly to each other. So, any suspicious data
or connections are dropped by these proxies. Application level
firewalls ensure protocol conformance. For example, attacks over http
that violates the protocol policies like sending Non-ASCII data in the
header fields or overly long string along with Non ASCII characters
in the host field would be dropped because they have been tampered
with, by the intruders.

3. Circuit level gateway Firewalls: The circuit level gateway firewalls

work at the session layer of the OSI model. They monitor TCP
handshaking
between the packets to determine if a requested session is legitimate.
And
the information passed through a circuit level gateway, to the internet,
appears to have come from the circuit level gateway. So, there is no way
for
a remote computer or a host to determine the internal private ip
addresses of
an organization, for example. This technique is also called Network
Address
Translation where the private IP addresses originating from the different
clients inside the network are all mapped to the public IP address
available
through the internet service provider and then sent to the outside world

Prof.Wagh.P.R. SRCOE Page | 22

 SHREE RAMCHANDRA COLLEGE OF ENGINEERING, LONIKAND,PUNE 412216
UNIT 4

(Internet). This way, the packets are tagged with only the Public IP
address
(Firewall level) and the internal private IP addresses are not exposed to
potential intruders

Prof.Wagh.P.R. SRCOE Page | 23