SlideShare a Scribd company logo

Unit 1 QB.docx

Download as DOCX, PDF
K
karthikaparthasarath

This document contains a question bank with answers related to cyber security. It discusses topics like the CIA triad of confidentiality, integrity and availability, authentication and authorization. It also defines terms like availability, integrity, non-repudiation and confidentiality. Examples are provided for different authentication factors like something you know, something you have and something you are. The document also discusses symmetric and asymmetric encryption, firewalls and the fundamentals of the domain name system.

Education
Related topics:
Cyber-Security M-SC
1 of 11
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
UNIT –I /II MSc/MTNC Page 1 MANNAR THIRUMALAI NAICKER COLLEGE, (AUTONOMOUS) (Affiliated to Madurai Kamaraj University, Re-accredited with A Grade by NAAC ) MADURAI- 625004. Department of Computer Science Cyber Security – II M.Sc (CS) (2021 onwards) UNIT -I Question Bank with Answers
UNIT –I /II MSc/MTNC Page 2 1. What is the CIA Triad?  The three letters in "CIA triad" stand for Confidentiality, Integrity, and Availability.  The CIA triad is a common model that forms the basis for the development of security systems.  They are used for finding vulnerabilitiesand methods for creating solutions. 2. Define Authentication?  Authentication is important to any secure system, as it is the key to verifying the source of a message or that an individual is whom he or she claims.  Verifying an individual’s authorization to receive specific categories of information. 3.Types Of Factors of Authentication ? There are three authentication factors that can be used:  Something you know,  Something you have,  Something you are. 4.Define Authorization ?  While authentication relates to verifying identities, authorizationfocuses on determining what a user has permission to do.  The NIAG defines authorization as “ access privileges granted to a user, program, or process.” 5.To Write Any Four Frequency of letters in the English language? LETTER FREQUENCY E - 12.70% T- 9.06%
UNIT –I /II MSc/MTNC Page 3 A- 8.17% M- 2.41% 6. What is NIAG ? National Information Assurance Glossary, published by the United States federal government, is an unclassified glossary of Information security terms intended to provide a common vocabulary for discussing Information Assurance concepts. 7. Define Availability ?  Information systems must be accessible to users for these systems to provide any value.  The NIAG defines availability as timely, reliable access todata and information services for authorized users. 8. Define Integrity ?  In the information security realm, integrity normally refers to data integrity, or ensuring that stored data are accurate and contain no unauthorized modifications.  The logical completeness of the hardware and software implementing the protection mechanisms 9. Define Nonrepudiation ?  Assurance the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the data.  But nonrepudiation is still necessary. 10. Define Confidentiality ?  The term confidentiality is familiar to most people, even those not in the security industry.  Confidentiality as assurance that information is not disclosed to unauthorized individuals, processes, or devices.
UNIT –I /II MSc/MTNC Page 4 11. Write The Example Of “ Something You Know ”?  Information the system assumes others do not know.  This information may be secret, like a password or PIN code, or simply a piece of information that most people do not know, such as a user’s mother’s maiden name 12. Write The Example Of “Something You Have ”?  Something the user possesses that only he or she holds  A Radio Frequency ID (RFID) badge, One-Time-Password (OTP) generating Token, or a physical key. 13. Write The Example Of “Something You Are ”?  A person’s fingerprint  Voice print  Retinal scan—factors known as biometrics. 14.What are the fundamentals of information assurance?  Authentication  Authorization  Non repudiation  Confidentiality 15.Describe information assurance fundamental?  Information Assurance concerns implementation of methods that focused on protecting and safeguarding critical information and relevant information systems by assuring confidentiality, integrity, availability, and non-repudiation.
UNIT –I /II MSc/MTNC Page 5 1. Summarize the basics of ciphers and cryptanalysis? The English word cryptography derives from Greek and translates roughly to “hidden writing.” For thousands of years, groups who wanted to communicate in secret developed methods to write their messages in a way that only the intended recipient could read. In the information age, almost all communication is subject to some sort of eavesdropping, and as a result cryptography has advanced rapidly. Understanding how cryptography works is important for anyone who wants to be sure that their data and communications are safe from intruders. This section discusses cryptography, starting with basic ciphers and cryptanalysis. The ancient Egyptians began the first known practice of writing secret messages, using nonstandard hieroglyphs to convey secret messages as early as 1900 bc. Since that time, people have developed many methods of hiding the content of a message. These methods are known as ciphers. The most famous classical cipher is the substitution cipher. Substitution ciphers work by substituting each letter in the alphabet Cyber Security Fundamentals 7 © 2011 by Taylor & Francis Group, LLC with another one when writing a message. For instance, one could shift the letters of the English alphabet as shown: abcdefghijklmnopqrstuvwxyz nopqrstuvwxyzabcdefghijklm Using this cipher, the message “the act starts at midnight” would be written as “gurnpgfgnegfngzvqavtug.” The text above, showing how to decode the message, is known as the key. This is a very simple substitution cipher known as the Caesar cipher (after Julius Caesar, who used it for military communications) or ROT13 because the characters in the key are rotated thirteen spaces to the left. Cryptography is driven by the constant struggle between people who want to keep messages secret and those who work to uncover their meanings. Substitution ciphers are very vulnerable to cryptanalysis, the practice of breaking codes. With enough text, it would be simple to begin replacing characters in the ciphertext with their possible cleartext counterparts. Even without knowing about the Caesar cipher, it is easy to guess that a three-letter word at the beginning of a sentence is likely to be the. By replacing all instances of the letters g, u, and r with t, h, and e, the ciphertext changes to
UNIT –I /II MSc/MTNC Page 6 thenptftnetfntzvqavtht Next, the analyst might notice that the fourth word is only two letters long and ends with t. There are two likely possibilities for this word: at and it. He chooses at and replaces all occurrences of n in the sentence with an a. the apt ftaetf at zvqavtht With at in place, the pattern is clearer, and the analyst guesses that if the letter g translates to t, the adjacent letter f may translate to s. the apt staets at zvqavtht The word sta_ts now looks very close to starts, and the analyst makes another substitution, indicating that rst is equivalent to efg, which reveals the full pattern of the cipher and the message. While the message is now clear, the meaning of “the act starts at midnight” is not. Code words are an excellent way of hiding a message but, unlike cryptography, cannot hide the meaning of arbitrary information without agreement on the meaning of the code words in advance https://quizizz.com/admin/quiz/62d0373ebea654001d6354dd?source=q uiz_page 2.Describe the symmetric encryption? Although symmetric encryption requires a shared key and therefore depends upon the secrecy of that key, it is an effective and fast methodfor protecting the confidentiality of the encrypted content. In this section we explain the basics of symmetric encryption and how it differs from asymmetric algorithms. Symmetric encryption is a class of reversible encryption algorithms that use the same key for both encrypting and decrypting messages. Symmetric encryption, by definition, requires both communication endpoints to know the same key in order to send and receive encrypted messages (see Exhibit 1-6). Symmetric encryption depends upon the secrecy of a key. Key exchanges or pre-shared keys present a challenge to keeping the encrypted text’s confidentiality and are usually performed out of band using different protocols. Algorithms in this category are usually fast because their operations use cryptographic primitives. As previously discussed in Basic Cryptography we explained how the cryptographic primitive substitution works.
UNIT –I /II MSc/MTNC Page 7 Permutation, or altering the order, is another cryptographic primitive that many symmetric algorithms also use in practice. The reason it is possible to brute force an XOR key that uses just one byte is that the length of the key is so small. One byte (8 bits) allows for only 256 possible key combinations. A two-byte (16 bits) key creates 65,536 possible keys, but this number is still quite easy to brute force with modern computing power. Modern cryptographic ciphers typically use 128-bit keys, which are still infeasible to brute force with today’s computing power Modern stream ciphers like RC4, designed by Ron Rivest in 1987, avoid this problem by using a pseudo-random number generation (PRNG) algorithm. Instead of performing an XOR on each byte of data with a key, a PRNG receives a chosen key, used as a “seed.” A PRNG generates numbers that are close to random but will always be the same given the same seed. RC4 uses the PRNG to create an infinitely long, one-time pad of singlebyte XOR keys. This technique allows the sender to encrypt a message with a single (relatively short) key, but for each individual byte, the XOR key is different. 3. Illustrate thepublic key encryption? This section continues this series with a brief discussion of asymmetric encryption, more commonly referred to as public key encryption. Public key encryption represents a branch of cryptography for which the distinguishing attribute of the system is the use of two linked keys for encryption and decryption, rather than a single key. While a variety of public key encryption solutions have been proposed, with some implemented and standardized, each system shares one common attribute: each public key system uses one key, known as the public key, to encrypt data, and a second key, known as the private key, to decrypt the encrypted data. Public key encryption solves one of the major issues with symmetric key encryption, namely, the use of a shared key for both sides of the conversation. In public key systems, the intended recipient of a secure communication publishes his or her public key. Anyone wishing to send a secure datagram to the recipient uses the recipient’s public key to
UNIT –I /II MSc/MTNC Page 8 encrypt the communication; however, those in possession of the public key cannot use the key to decrypt the communication. The use of a public key is a one-way cryptographic operation. This allows recipients to give out their public keys without the risk of someone using the same public keys to reveal the original content of the messages sent. This is the most obvious advantage over symmetric encryption. To decrypt the encrypted message, the recipient uses his or her private key. The private key has a mathematical relationship to the public key, but this relationship does not provide an easy way for an attacker to derive the private key from the public key. Given the fact that the recipient uses the private key to decrypt messages encoded with the public key, it is paramount that the owner of the private key keeps it secure at all times. Visually, the process of encrypting and decrypting a message using the public key method is similar to the process of using symmetric encryption with the notable exception that the keys used in the process are not the same. Exhibit 1-8 illustrates this disconnect. One of the simplest analogies for public key encryption is the lock box analogy. In essence, if an individual (Blake, for example) wanted to send a message to another individual (Ryan, for example) without exchanging a shared cryptographic key, Blake could simply place his communication in a box and secure it with a lock that only Ryan could open. For Blake to possess such a lock, the box would need to be publicly available. In this case, that lock represents Ryan’s public key. Blake could then send the locked box to Ryan. Upon receiving the box, Ryan would use his key to unlock the box to retrieve the message. In this situation, once Blake has locked (encrypted) his message to Ryan into the lock box with Ryan’s lock (public key), Blake, or anyone else who may come in contact with the lock
UNIT –I /II MSc/MTNC Page 9 box, will be unable to access the contents. Only with Ryan’s private key to the lock box will the message become retrievable. 4. Emphasize thefundamentals of Domain Name System. DNS is a fundamental piece of the Internet architecture. Knowledge of how the DNS works is necessary to understand how attacks on the system can affect the Internet as a whole and how criminal infrastructure can take advantage of it. The Internet Protocol is the core protocol the Internet uses. Each computer with Internet access has an assigned IP address so that other systems can send traffic to it. Each IP address consists of four numbers between 0 and 255 separated by periods, such as 74.125.45.100. These numbers are perfect for computers that always deal with bits and bytes but are not easy for humans to remember. To solve this problem, the DNS was invented in 1983 to create easy-to-remember names that map to IP address. The primary goal that the designers of the DNS had in mind was scalability. This goal grew from the failure of the previous solution that required each user to download a multithousand-line file named hosts.txt from a single server. To create a truly scalable system, the designers chose to create a hierarchy of “domains.” At the top of the hierarchy is the “root” domain under which all other domains reside. Just below the root domain are top-level domains (TLD) that break up the major categories of domains such as .com, .gov, and the country code Tdomains that organizations and individuals can register with the registry that manages that TLD. Below the TLDs are second-level domainsthat organizations and individuals can register with the registry that manages that TLD. Below second-level domains are the third-level
UNIT –I /II MSc/MTNC Page 10 domains and so forth, with a maximum of 127 levels. Exhibit 1-10 shows how Separating domains in this way allows different registries to manage the different TLDs. These registries are responsible for keeping the records for their assigned TLD and making infrastructure available to the Internet so users can map each domain name to its corresponding IP address. 5. Explain firewall and the classification of firewalls ? Firewall A Firewall is a device, usually a router or a computer, installed between the internal network of an organization and the rest of the Internet. It is used to control the access of the Internet. It is designed to forward some packets and filter others. It can be used to deny access to a specific host or a specific service in the organization. It is a network security system. It is used to monitor and control over all incoming and outgoing network traffic of your system. It is based on advanced and a defined set of security rules. Firewall Classification It is usually classified as Packet-filter Firewall & Proxy firewall on the basis of its working. Packet-Filter Firewall A packet-filter firewall is a router that uses a filtering table to decide which packets must be discarded i.e. not forwarded. A firewall can be used as a packet filter. It can forward or block packets based on the information in the headers: source and destination IP addresses, source and destination port addresses, type of protocol (TCP or UDP). A packet- filter firewall filter at network or transport layer. An example of a filtration table for such firewall can be shown below. Proxy Firewall The packet-filter firewall is based on the information available in the network layer and transport layer headers (IP and TCP/UDP). Sometimes we need to filter a message based on the information available in the
UNIT –I /II MSc/MTNC Page 11 message itself at the application layer. Installing a proxy computer between the customer computer and corporation computer can be a solution to this situation as shown in the figure below. How a Firewall Works Firewall can constantly monitor all incoming and outgoing traffic. Firewall is different from just a traffic analyser because we can also use set up to block certain things. A firewall might disable particular applications from accessing the network, block URLs from loading, and prevent traffic through certain network ports. Some firewalls can even be used in a mode where they block everything until you explicitly allow every single access. This is one way to block everything on a network so that you can manually set up safeguards against network-related threats.

More Related Content

PDF
Bt0088 cryptography and network security1
Techglyphs
 
PDF
Performance Comparison of File Security System using TEA and Blowfish Algorithms
ijtsrd
 
PDF
Overview on Symmetric Key Encryption Algorithms
IJERA Editor
 
DOCX
Cryptography- "A Black Art"
Aditya Raina
 
PDF
A NEW PROPOSED SYMMETRIC KEY ALGORITHM FOR MODERN CRYPTOGRAPHIC
ijsrd.com
 
PDF
A Study of Different Partitioning Clustering Technique
ijsrd.com
 
PDF
WINSEM2023-24_BCSE309L_TH_VL2023240500748_2024-03-19_Reference-Material-II.pdf
sadinenitejaswi23cse
 
PPT
Fundamentals of cryptography
Hossain Md Shakhawat
 
Bt0088 cryptography and network security1
Techglyphs
 
Performance Comparison of File Security System using TEA and Blowfish Algorithms
ijtsrd
 
Overview on Symmetric Key Encryption Algorithms
IJERA Editor
 
Cryptography- "A Black Art"
Aditya Raina
 
A NEW PROPOSED SYMMETRIC KEY ALGORITHM FOR MODERN CRYPTOGRAPHIC
ijsrd.com
 
A Study of Different Partitioning Clustering Technique
ijsrd.com
 
WINSEM2023-24_BCSE309L_TH_VL2023240500748_2024-03-19_Reference-Material-II.pdf
sadinenitejaswi23cse
 
Fundamentals of cryptography
Hossain Md Shakhawat
 

Similar to Unit 1 QB.docx (20)

PDF
METHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEY
IJNSA Journal
 
PDF
Analysis of Cryptography Techniques
editor1knowledgecuddle
 
PDF
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
IJNSA Journal
 
PDF
A Survey on Cryptographic Techniques for Network Security.pdf
Yasmine Anino
 
PDF
Different date block size using to evaluate the performance between different...
IJCNCJournal
 
PDF
Cryp Essay
Carmen Sanborn
 
PDF
Computer Security (Cryptography) Ch01
Saif Kassim
 
PDF
Cryptographic Algorithms For Secure Data Communication
CSCJournals
 
PPTX
F16 cs61 cryptography
Muhammadalizardari
 
PDF
Achieving data integrity by forming the digital signature using RSA and SHA-1...
IOSR Journals
 
PDF
Cryptography and Network Lecture Notes
FellowBuddy.com
 
PDF
Cryptography And Embedded Systems Used
Carla Bennington
 
PPTX
Data encryption
Balvant Biradar
 
PPTX
Cryptography & Network Security.pptx
sunil sharma
 
PDF
International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
PDF
Evolution of Cryptography and Cryptographic techniques
Mona Rajput
 
PPTX
Domain 9 of CEH Cryptography.pptx
Infosectrain3
 
PDF
A New Method for Encrypting Digital Data Using Symmetric Key in Information E...
Editor IJCATR
 
PDF
A Study On Cryptographic Techniques
Stacy Taylor
 
PPTX
Networking Advance Concepts with handson experience
amansinght675
 
METHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEY
IJNSA Journal
 
Analysis of Cryptography Techniques
editor1knowledgecuddle
 
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
IJNSA Journal
 
A Survey on Cryptographic Techniques for Network Security.pdf
Yasmine Anino
 
Different date block size using to evaluate the performance between different...
IJCNCJournal
 
Cryp Essay
Carmen Sanborn
 
Computer Security (Cryptography) Ch01
Saif Kassim
 
Cryptographic Algorithms For Secure Data Communication
CSCJournals
 
F16 cs61 cryptography
Muhammadalizardari
 
Achieving data integrity by forming the digital signature using RSA and SHA-1...
IOSR Journals
 
Cryptography and Network Lecture Notes
FellowBuddy.com
 
Cryptography And Embedded Systems Used
Carla Bennington
 
Data encryption
Balvant Biradar
 
Cryptography & Network Security.pptx
sunil sharma
 
International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
Evolution of Cryptography and Cryptographic techniques
Mona Rajput
 
Domain 9 of CEH Cryptography.pptx
Infosectrain3
 
A New Method for Encrypting Digital Data Using Symmetric Key in Information E...
Editor IJCATR
 
A Study On Cryptographic Techniques
Stacy Taylor
 
Networking Advance Concepts with handson experience
amansinght675
 
Ad

More from karthikaparthasarath (20)

PPTX
KNOWLEDGE REPRESENTATION AND TYPES .pptx
karthikaparthasarath
 
PPTX
AI-KNOWLEDGE REPRESENTATION - CONTE .pptx
karthikaparthasarath
 
PPTX
AO star algorithm -Adv-Ltms-comp AI.pptx
karthikaparthasarath
 
PPTX
A star algorithm with Pseudcode AI.pptx
karthikaparthasarath
 
DOCX
List of Assignments in Power point for beginners
karthikaparthasarath
 
PDF
Software Engineering Question Bank all.pdf
karthikaparthasarath
 
PDF
MCQ cloud computing reference material.pdf
karthikaparthasarath
 
PPTX
Black-box Testing and its categories.ppt
karthikaparthasarath
 
PPTX
Software engineering -Requirement engineering.pptx
karthikaparthasarath
 
PPTX
BASIC COMPUTER ORGANIZATION unit 1.pptx
karthikaparthasarath
 
DOCX
Fundamentals of Computers MCQS.docx
karthikaparthasarath
 
DOCX
Software Engineering Question Bank.docx
karthikaparthasarath
 
PPTX
BASIC COMPUTER ORGANIZATION unit 1.pptx
karthikaparthasarath
 
PPTX
ATTACKER TECHNIQUES AND MOTIVATION.pptx
karthikaparthasarath
 
PPTX
Unit - I cyber security fundamentals part -1.pptx
karthikaparthasarath
 
PDF
BUilt in Functions and Simple programs in R.pdf
karthikaparthasarath
 
PPT
Heuristic Search Techniques Unit -II.ppt
karthikaparthasarath
 
DOCX
simple programs.docx
karthikaparthasarath
 
PPT
Heuristic Search Techniques Unit -II.ppt
karthikaparthasarath
 
DOCX
UNIT III Process Synchronization.docx
karthikaparthasarath
 
KNOWLEDGE REPRESENTATION AND TYPES .pptx
karthikaparthasarath
 
AI-KNOWLEDGE REPRESENTATION - CONTE .pptx
karthikaparthasarath
 
AO star algorithm -Adv-Ltms-comp AI.pptx
karthikaparthasarath
 
A star algorithm with Pseudcode AI.pptx
karthikaparthasarath
 
List of Assignments in Power point for beginners
karthikaparthasarath
 
Software Engineering Question Bank all.pdf
karthikaparthasarath
 
MCQ cloud computing reference material.pdf
karthikaparthasarath
 
Black-box Testing and its categories.ppt
karthikaparthasarath
 
Software engineering -Requirement engineering.pptx
karthikaparthasarath
 
BASIC COMPUTER ORGANIZATION unit 1.pptx
karthikaparthasarath
 
Fundamentals of Computers MCQS.docx
karthikaparthasarath
 
Software Engineering Question Bank.docx
karthikaparthasarath
 
BASIC COMPUTER ORGANIZATION unit 1.pptx
karthikaparthasarath
 
ATTACKER TECHNIQUES AND MOTIVATION.pptx
karthikaparthasarath
 
Unit - I cyber security fundamentals part -1.pptx
karthikaparthasarath
 
BUilt in Functions and Simple programs in R.pdf
karthikaparthasarath
 
Heuristic Search Techniques Unit -II.ppt
karthikaparthasarath
 
simple programs.docx
karthikaparthasarath
 
Heuristic Search Techniques Unit -II.ppt
karthikaparthasarath
 
UNIT III Process Synchronization.docx
karthikaparthasarath
 
Ad

Recently uploaded (20)

PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PDF
Basic Mud Logging Guide for educational purpose
wdandworks
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PPTX
Lesson notes of climatology university.
sgladness67
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
Pre independence Education in Inndia.pdf
goofy5603
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
Basic Mud Logging Guide for educational purpose
wdandworks
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
Lesson notes of climatology university.
sgladness67
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 

Unit 1 QB.docx

  • 1. UNIT –I /II MSc/MTNC Page 1 MANNAR THIRUMALAI NAICKER COLLEGE, (AUTONOMOUS) (Affiliated to Madurai Kamaraj University, Re-accredited with A Grade by NAAC ) MADURAI- 625004. Department of Computer Science Cyber Security – II M.Sc (CS) (2021 onwards) UNIT -I Question Bank with Answers
  • 2. UNIT –I /II MSc/MTNC Page 2 1. What is the CIA Triad?  The three letters in "CIA triad" stand for Confidentiality, Integrity, and Availability.  The CIA triad is a common model that forms the basis for the development of security systems.  They are used for finding vulnerabilitiesand methods for creating solutions. 2. Define Authentication?  Authentication is important to any secure system, as it is the key to verifying the source of a message or that an individual is whom he or she claims.  Verifying an individual’s authorization to receive specific categories of information. 3.Types Of Factors of Authentication ? There are three authentication factors that can be used:  Something you know,  Something you have,  Something you are. 4.Define Authorization ?  While authentication relates to verifying identities, authorizationfocuses on determining what a user has permission to do.  The NIAG defines authorization as “ access privileges granted to a user, program, or process.” 5.To Write Any Four Frequency of letters in the English language? LETTER FREQUENCY E - 12.70% T- 9.06%
  • 3. UNIT –I /II MSc/MTNC Page 3 A- 8.17% M- 2.41% 6. What is NIAG ? National Information Assurance Glossary, published by the United States federal government, is an unclassified glossary of Information security terms intended to provide a common vocabulary for discussing Information Assurance concepts. 7. Define Availability ?  Information systems must be accessible to users for these systems to provide any value.  The NIAG defines availability as timely, reliable access todata and information services for authorized users. 8. Define Integrity ?  In the information security realm, integrity normally refers to data integrity, or ensuring that stored data are accurate and contain no unauthorized modifications.  The logical completeness of the hardware and software implementing the protection mechanisms 9. Define Nonrepudiation ?  Assurance the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the data.  But nonrepudiation is still necessary. 10. Define Confidentiality ?  The term confidentiality is familiar to most people, even those not in the security industry.  Confidentiality as assurance that information is not disclosed to unauthorized individuals, processes, or devices.
  • 4. UNIT –I /II MSc/MTNC Page 4 11. Write The Example Of “ Something You Know ”?  Information the system assumes others do not know.  This information may be secret, like a password or PIN code, or simply a piece of information that most people do not know, such as a user’s mother’s maiden name 12. Write The Example Of “Something You Have ”?  Something the user possesses that only he or she holds  A Radio Frequency ID (RFID) badge, One-Time-Password (OTP) generating Token, or a physical key. 13. Write The Example Of “Something You Are ”?  A person’s fingerprint  Voice print  Retinal scan—factors known as biometrics. 14.What are the fundamentals of information assurance?  Authentication  Authorization  Non repudiation  Confidentiality 15.Describe information assurance fundamental?  Information Assurance concerns implementation of methods that focused on protecting and safeguarding critical information and relevant information systems by assuring confidentiality, integrity, availability, and non-repudiation.
  • 5. UNIT –I /II MSc/MTNC Page 5 1. Summarize the basics of ciphers and cryptanalysis? The English word cryptography derives from Greek and translates roughly to “hidden writing.” For thousands of years, groups who wanted to communicate in secret developed methods to write their messages in a way that only the intended recipient could read. In the information age, almost all communication is subject to some sort of eavesdropping, and as a result cryptography has advanced rapidly. Understanding how cryptography works is important for anyone who wants to be sure that their data and communications are safe from intruders. This section discusses cryptography, starting with basic ciphers and cryptanalysis. The ancient Egyptians began the first known practice of writing secret messages, using nonstandard hieroglyphs to convey secret messages as early as 1900 bc. Since that time, people have developed many methods of hiding the content of a message. These methods are known as ciphers. The most famous classical cipher is the substitution cipher. Substitution ciphers work by substituting each letter in the alphabet Cyber Security Fundamentals 7 © 2011 by Taylor & Francis Group, LLC with another one when writing a message. For instance, one could shift the letters of the English alphabet as shown: abcdefghijklmnopqrstuvwxyz nopqrstuvwxyzabcdefghijklm Using this cipher, the message “the act starts at midnight” would be written as “gurnpgfgnegfngzvqavtug.” The text above, showing how to decode the message, is known as the key. This is a very simple substitution cipher known as the Caesar cipher (after Julius Caesar, who used it for military communications) or ROT13 because the characters in the key are rotated thirteen spaces to the left. Cryptography is driven by the constant struggle between people who want to keep messages secret and those who work to uncover their meanings. Substitution ciphers are very vulnerable to cryptanalysis, the practice of breaking codes. With enough text, it would be simple to begin replacing characters in the ciphertext with their possible cleartext counterparts. Even without knowing about the Caesar cipher, it is easy to guess that a three-letter word at the beginning of a sentence is likely to be the. By replacing all instances of the letters g, u, and r with t, h, and e, the ciphertext changes to
  • 6. UNIT –I /II MSc/MTNC Page 6 thenptftnetfntzvqavtht Next, the analyst might notice that the fourth word is only two letters long and ends with t. There are two likely possibilities for this word: at and it. He chooses at and replaces all occurrences of n in the sentence with an a. the apt ftaetf at zvqavtht With at in place, the pattern is clearer, and the analyst guesses that if the letter g translates to t, the adjacent letter f may translate to s. the apt staets at zvqavtht The word sta_ts now looks very close to starts, and the analyst makes another substitution, indicating that rst is equivalent to efg, which reveals the full pattern of the cipher and the message. While the message is now clear, the meaning of “the act starts at midnight” is not. Code words are an excellent way of hiding a message but, unlike cryptography, cannot hide the meaning of arbitrary information without agreement on the meaning of the code words in advance https://quizizz.com/admin/quiz/62d0373ebea654001d6354dd?source=q uiz_page 2.Describe the symmetric encryption? Although symmetric encryption requires a shared key and therefore depends upon the secrecy of that key, it is an effective and fast methodfor protecting the confidentiality of the encrypted content. In this section we explain the basics of symmetric encryption and how it differs from asymmetric algorithms. Symmetric encryption is a class of reversible encryption algorithms that use the same key for both encrypting and decrypting messages. Symmetric encryption, by definition, requires both communication endpoints to know the same key in order to send and receive encrypted messages (see Exhibit 1-6). Symmetric encryption depends upon the secrecy of a key. Key exchanges or pre-shared keys present a challenge to keeping the encrypted text’s confidentiality and are usually performed out of band using different protocols. Algorithms in this category are usually fast because their operations use cryptographic primitives. As previously discussed in Basic Cryptography we explained how the cryptographic primitive substitution works.
  • 7. UNIT –I /II MSc/MTNC Page 7 Permutation, or altering the order, is another cryptographic primitive that many symmetric algorithms also use in practice. The reason it is possible to brute force an XOR key that uses just one byte is that the length of the key is so small. One byte (8 bits) allows for only 256 possible key combinations. A two-byte (16 bits) key creates 65,536 possible keys, but this number is still quite easy to brute force with modern computing power. Modern cryptographic ciphers typically use 128-bit keys, which are still infeasible to brute force with today’s computing power Modern stream ciphers like RC4, designed by Ron Rivest in 1987, avoid this problem by using a pseudo-random number generation (PRNG) algorithm. Instead of performing an XOR on each byte of data with a key, a PRNG receives a chosen key, used as a “seed.” A PRNG generates numbers that are close to random but will always be the same given the same seed. RC4 uses the PRNG to create an infinitely long, one-time pad of singlebyte XOR keys. This technique allows the sender to encrypt a message with a single (relatively short) key, but for each individual byte, the XOR key is different. 3. Illustrate thepublic key encryption? This section continues this series with a brief discussion of asymmetric encryption, more commonly referred to as public key encryption. Public key encryption represents a branch of cryptography for which the distinguishing attribute of the system is the use of two linked keys for encryption and decryption, rather than a single key. While a variety of public key encryption solutions have been proposed, with some implemented and standardized, each system shares one common attribute: each public key system uses one key, known as the public key, to encrypt data, and a second key, known as the private key, to decrypt the encrypted data. Public key encryption solves one of the major issues with symmetric key encryption, namely, the use of a shared key for both sides of the conversation. In public key systems, the intended recipient of a secure communication publishes his or her public key. Anyone wishing to send a secure datagram to the recipient uses the recipient’s public key to
  • 8. UNIT –I /II MSc/MTNC Page 8 encrypt the communication; however, those in possession of the public key cannot use the key to decrypt the communication. The use of a public key is a one-way cryptographic operation. This allows recipients to give out their public keys without the risk of someone using the same public keys to reveal the original content of the messages sent. This is the most obvious advantage over symmetric encryption. To decrypt the encrypted message, the recipient uses his or her private key. The private key has a mathematical relationship to the public key, but this relationship does not provide an easy way for an attacker to derive the private key from the public key. Given the fact that the recipient uses the private key to decrypt messages encoded with the public key, it is paramount that the owner of the private key keeps it secure at all times. Visually, the process of encrypting and decrypting a message using the public key method is similar to the process of using symmetric encryption with the notable exception that the keys used in the process are not the same. Exhibit 1-8 illustrates this disconnect. One of the simplest analogies for public key encryption is the lock box analogy. In essence, if an individual (Blake, for example) wanted to send a message to another individual (Ryan, for example) without exchanging a shared cryptographic key, Blake could simply place his communication in a box and secure it with a lock that only Ryan could open. For Blake to possess such a lock, the box would need to be publicly available. In this case, that lock represents Ryan’s public key. Blake could then send the locked box to Ryan. Upon receiving the box, Ryan would use his key to unlock the box to retrieve the message. In this situation, once Blake has locked (encrypted) his message to Ryan into the lock box with Ryan’s lock (public key), Blake, or anyone else who may come in contact with the lock
  • 9. UNIT –I /II MSc/MTNC Page 9 box, will be unable to access the contents. Only with Ryan’s private key to the lock box will the message become retrievable. 4. Emphasize thefundamentals of Domain Name System. DNS is a fundamental piece of the Internet architecture. Knowledge of how the DNS works is necessary to understand how attacks on the system can affect the Internet as a whole and how criminal infrastructure can take advantage of it. The Internet Protocol is the core protocol the Internet uses. Each computer with Internet access has an assigned IP address so that other systems can send traffic to it. Each IP address consists of four numbers between 0 and 255 separated by periods, such as 74.125.45.100. These numbers are perfect for computers that always deal with bits and bytes but are not easy for humans to remember. To solve this problem, the DNS was invented in 1983 to create easy-to-remember names that map to IP address. The primary goal that the designers of the DNS had in mind was scalability. This goal grew from the failure of the previous solution that required each user to download a multithousand-line file named hosts.txt from a single server. To create a truly scalable system, the designers chose to create a hierarchy of “domains.” At the top of the hierarchy is the “root” domain under which all other domains reside. Just below the root domain are top-level domains (TLD) that break up the major categories of domains such as .com, .gov, and the country code Tdomains that organizations and individuals can register with the registry that manages that TLD. Below the TLDs are second-level domainsthat organizations and individuals can register with the registry that manages that TLD. Below second-level domains are the third-level
  • 10. UNIT –I /II MSc/MTNC Page 10 domains and so forth, with a maximum of 127 levels. Exhibit 1-10 shows how Separating domains in this way allows different registries to manage the different TLDs. These registries are responsible for keeping the records for their assigned TLD and making infrastructure available to the Internet so users can map each domain name to its corresponding IP address. 5. Explain firewall and the classification of firewalls ? Firewall A Firewall is a device, usually a router or a computer, installed between the internal network of an organization and the rest of the Internet. It is used to control the access of the Internet. It is designed to forward some packets and filter others. It can be used to deny access to a specific host or a specific service in the organization. It is a network security system. It is used to monitor and control over all incoming and outgoing network traffic of your system. It is based on advanced and a defined set of security rules. Firewall Classification It is usually classified as Packet-filter Firewall & Proxy firewall on the basis of its working. Packet-Filter Firewall A packet-filter firewall is a router that uses a filtering table to decide which packets must be discarded i.e. not forwarded. A firewall can be used as a packet filter. It can forward or block packets based on the information in the headers: source and destination IP addresses, source and destination port addresses, type of protocol (TCP or UDP). A packet- filter firewall filter at network or transport layer. An example of a filtration table for such firewall can be shown below. Proxy Firewall The packet-filter firewall is based on the information available in the network layer and transport layer headers (IP and TCP/UDP). Sometimes we need to filter a message based on the information available in the
  • 11. UNIT –I /II MSc/MTNC Page 11 message itself at the application layer. Installing a proxy computer between the customer computer and corporation computer can be a solution to this situation as shown in the figure below. How a Firewall Works Firewall can constantly monitor all incoming and outgoing traffic. Firewall is different from just a traffic analyser because we can also use set up to block certain things. A firewall might disable particular applications from accessing the network, block URLs from loading, and prevent traffic through certain network ports. Some firewalls can even be used in a mode where they block everything until you explicitly allow every single access. This is one way to block everything on a network so that you can manually set up safeguards against network-related threats.