You are on page 1of 30


- The most important characteristics in an electronic cable are the

following ones: impedance, attenuation, shielding and capacitance.
Could you describe them?
Impedance: The resistance to the movement of electrons in an AC
circuit. Its represented by the letter Z.Like resistance, its unit of
measurement is the ohm, represented by Omega.
Attenuation: refers to the resistance to the flow of electrons, and why a
signal becomes degraded(to fade away) as it travels along the conduit.
Its unit of measurement is the db/m.
Shielding: is normally specified as a cable construction detail.For
example Shielded twisted pair STP which contains four pair copper wires
and each pair is wrapped in metallic foil. The functions are to act as a
barrier between the internal or external signals (to reduce the EMI) and
to be part of the electrical circuit.
Capacitance: How much energy it is hold in the cable. Its represented by
the letter C and its unit of measurement is the picofarads pF
- Give a physical description of the following cables: twisted pair, coaxial
and optical fiber. Explain the role of each material.
Twisted pair: It consists of four pairs of thin, copper wires covered in
color-code plastic insulation that are twisted together.
The wire pairs are twisted for two reasons.
First, to provide protection against crosstalk, which is the noise
generated by adjacent pairs of wires. Two magnetic fields occur in
opposite directions and cancel each other out.
Second, network data is sent using two wires in a twisted pair. One
copy of the data is sent on each wire, and two copies are mirror images
of each other(differentials signals). If the two wires are twisted together,
noise seen on one wire is also seen on the other wire. When the data is
received, one copy is inverted, and the two signals are then compared.
In this manner the recover can filter out noise because the noise signals
cancel each other.
Coaxial cable, as show in Figure, consists of four parts:
-Copper conductor.
-Plastic Insulation.
-Braided copper shielding
-Outer jacket
At the center of the cable is a solid copper conductor. Surrounding that
conductor is a layer of flexible plastic insulation. A woven copper braid or
metallic foil is wrapped around the insulation. This layer acts as the
second wire in the cable. It also act as a shield for the inner conductor
and helps reduce the amount of outside interference. Covering this
shield is the outer cable jacket. The connector used on coaxial cable is
the BNC, short for British Naval Connector or Bayonet Neill Concelman,
Fiber-Optic cablle:
Five parts typically make up each fiber-optic cable:
-The core
-The cladding
-A buffer
-A strengthening material
-An outer jacket
The core is the light transmission element at the center of the optical
fiber, and all the light signals travel through the core. This core is
typically glass made from a combination of silica and other elements.
Surrounding the core is the cladding, also made of silica but with a lower
index of refraction than the core. Light rays traveling through the fiber
core reflect off this core-to-cladding interface where the core and
cladding meet, which keeps light in the core as it travels down the fiber.
Surrounding the cladding is a buffer material, usually plastic, that helps
shield the core and cladding from damage.
The strengthening material surrounds the buffer, preventing the fiber
cable from being stretched when installers pull it. The material used is
often Kevlar, the same material used to produce bulletproof vests. The
final element, the outer jacket, surounds the cable to protect the fiber
against abrasions, solvents, and other contaminants. this outer jacket
composition can vary depending on the cable usage.
- What is the difference between UTP and STP? Any consequence?
The difference between UTP and STP is the shielding. The shielding
reduces unwanted electrical noise. This noise reduction provides a major
advantage of STP over unshielded cable. However, shielded cable is
more difficult to install than unshielded cable because the metallic
shielding needs to be grounded. If improperly installed, STP become
very susceptible to noise problems because an ungrounded shield acts
like an antenna, picking up unwanted signals. The insulation and
shielding considerably increase the size, weight, and cost of the cable.
Despite these disadvantages, shielded copper cable is still used as
networking media today, especially in Europe.
- When crimping RJ-45 UTP cables, how can you create straight-
through, crossover and loopback cables? Describe some situations in
which they are used.
Crossover cables provide a network connection between two similar
devices, such as computer to computer or switch to router. With
crossover cables you can connect 2 computers directly. It directly
connects two network devices of the same type to each other over
Ethernet. Ethernet crossover cables are commonly used when
temporarily networking two devices in situations where a network router,
switch or hub is not present. Crossover cables have the 1st and 3rd
wires crossed, and the 2nd and 6th wires crossed. Two devices in the
same category use a crossover cable. As you can see as follows:
1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8

Straight cable Cat.1 &
Crossover cable (Cat.
Crossover cable (Cat.
Crossover cable (Cat.
Crossover cable (Cat.
Loopback cable: A loopback cable redirects the output back into itself.
This effectively gives the NIC the impression that it is communicating on
a network, since its able to transmit and receive communications. You
must Redirect Pin 1 to Pin 3 and Pin 2 to Pin 6 to create Loopback
- What is the difference between single-mode and multimode fiber-optic
The part of an optical fiber through which light rays travel is called the
core of the fiber. Light rays cannot enter the core of an optical fiber at all
angles. The rays can enter the core only if their angle is inside the fiber's
numerical aperture: likewise, one the rays have entered the fiber's core,
a limited number of optical paths exist that a light ray can follow through
the fiber. These optical path are called modes. If the diameter of a fiver's
core is large enough so that many paths exist that light can take as it
passes through the fiber, the fiber is called multimode fiber. Single-mode
fiber has a much smaller core that allows light rays to travel along only
one path(one mode) inside the fiber.
- Describe the basic types of networks as far as their size is concerned:
PAN, LAN, CAN, MAN and WAN. Give some examples.
LAN or local area network is a group of interconnected devices that is
under the same administrative control. It is a network which covers a
small physical area. All local networks within a LAN are under one
administrative control group that governs the security and access control
policies. LANs allow users to have common access to data and
equipment such as printers.
WAN or Wide-area networks are networks that connect LANs in
geographically separated locations. It is a network which covers a wider
area, in which machines are usually connected via telephone lines or
radio. A WAN can be as small as two LANs which are connected, or as
big as the Internet. The Internet is a large WAN that is composed of
millions of interconnected LANs. Telecommunications service providers
(TSP) are used to interconnect these LANs at different locations.
MAN or metropolitan area network is a computer network that usually
spans a city or a large campus. A MAN usually interconnects a number
of local area networks (LANs) using a high-capacity backbone
technology, such as fiber-optical links. A MAN typically covers an area of
between 5 and 50 km diameter.
PAN: Personal Area Network (Ex: Bluetooth)
CAN: Campus Area Network (Ex: Hospitals, Universities, etc)
- Compare simplex, half-duplex and full-duplex transmissions.
Simplex: The capability of transmission is only one direction between a
sending station and a receiving station. Broadcast television is an
example of a simplex technology.
half-duplex: A capability for data transmission in only one direction at a
time between a sending station and receiving station.
full-duplex: The capability for simultaneous data transmission between a
sending station and receiving station.
- Data are delivered by means of packets in a network. Provide a
technical description of "packet".
A logical grouping of information that includes a header containing
control information and (usually) user data. Packets most often refer to
network layer units of data. The terms datagram, frame, message, and
segment also describe logical information groupings at various layers of
the OSI reference model and in various technology circles.
- Describe the OSI model.
A network architectural model developed by the ISO. This model
consists of seven layers, each of which specifies particular network
functions, such as addressing, flow control, error control, encapsulation,
and reliable message transfer.
The following sections briefly describe each layer in the OSI
reference model:
Layer 7. The Application Layer. Is the layer that is closest to the user. It
provides network services to the user's applications.
Layer 6. The Presentation Layer. Ensures that the information that the
application layer of one system sends out can be read by the application
layer of another system. If necessary, the presentation layer translates
among multiple data formats by using a common format. One of the
more important tasks of this layer is encryption and decryption.
Layer 5. The Session Layer. As its name implies, the session layer
establishes, manages, and terminates sessions between two
communicating hosts. The session layer provides its services to the
presentation layer. It also synchronizes dialogue between the two host's
presentations layers and manages their data exchange.
Layer 4: The Transport Layer: This layer is responsible for reliable
network communication between en nodes. The transport layer provides
mechanisms to establish, maintain, and terminate virtual circuits,
transport fault detection and recovery, and information flow control.
Layer 3: The Network Layer: This layer provides connectivity and path
selection between two ends systems. The network layer is the layer at
which routing occurs.
Layer 2:The Data Link Layer: This layer provides reliable transit of data
across a physical link. In so doing, the data link layer is concerned with
physical(as opposed to logical) addressing, network topology, network
access, error notification, ordered delivery of frames, and flow control.
Layer 1: Physical Layer: The physical layer defines the electrical,
mechanical, procedural, and functional specifications for activating,
maintaining, and deactivating the physical link between the systems.
- Describe the following application protocols in TCP/IP: SMTP, POP3,
SMTP: Simple mail transfer Protocol. The SMTP protocol transport e-
mail messages in ASCII format using TCP. When a mail server receives
a message destined for a local client, it stores that message and waits
for the client to collect the mail. Mail clients can collect their mail in
several ways:
They can use programs that access the mail servers files directly
or can use one of many network protocols. The most popular mail client
protocols are Post Office Protocol Version 3(POP3) and Internet
Messaging Access Protocol version 4 (IMAP4)
POP3: Post Office Protocol Version 3, which uses TCP port 110, is a
mail protocol that is responsible for holding e-mail until delivery. When a
SMTP servers sends an e-mail message to a POP3 server, POP3 holds
on to the message until a user makes a request to have the data
delivered. Thus, POP3 transfers mail files from a mail server to a mail
IMAP4: Internet Message Access Protocol Version 4 allows a client to
access and manipulate electronic mail messages on a server. IMAP4
permits manipulation remote message folders, called mailboxes, in a
way that functionally equivalent to local mailboxes
FTP: is a fast connection-oriented, error free protocol that uses TCP
ports 20 and 21. FTP allows data to be transferred between servers and
clients. For FTP to connect to a remote server, IP address or host name
must be provided. FTP must be capable of resolving IP addresses to
host names to establish a connection.
HTTP: which uses TCP port 80, allows clients to transfer documents that
are written in Hypertext Markup Language(HTML) over the World Wide
Web for display by a browser. It's the universal display language of the
HTTPS: Another protocol for transmitting data securely over the World
Wide Web, which is designed to transmit individual messages securely.
Technically, it is not a protocol in and of itself; rather, it is the result of
simply layering the Hypertext Transfer Protocol (HTTP) on top of the
SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to
standard HTTP communications.
DNS: is a name-resolution service that resolves (associates) host names
to IP addresses. DNS keeps a record of IP addresses and host names in
a process called a domain. DNS provides services along hierarchical
chain, with a database design that is similar to a file tree structure. DNS
also services requests for host names that cannot be resolved locally.
Large inter-networks have several levels os DNS servers to provide
efficient name resolutions.
- Compare the two main transport protocols (i.e. TCP and UDP).
An advantage that UDP has over TCP is that, because it does not
concentrate on establishing a connection, it can transmit more
information in a smaller amount of time than TCP. TCP is useful for
transmitting large amounts of data reliably, but with the penalty of large
ACK overhead consuming bandwidth. UDP is useful for transmitting
small amounts of data when reliability is less crucial, UDP lacks the
overhead caused by ACKs.
- Describe the following Internet protocols: ARP, RARP, ICMP and IGMP.
ARP: Determines de data link layer addresses for known IP addresses.
ARP is used to bind(associate) the physical (MAC) addresses with
a specific logical (IP) address. When the data packet is sent to a
particular destination, ARP matches the addressing information against
the ARP cache for the appropriate MAC address. If no matches are
made, ARP sends a broadcast message on the network looking for the
particular destination. A host responds with the correct address and
sends a reply to ARP.
RARP: (Reverse address Resolution Protocol)Determines de network
addresses when data link layer addresses are known. A protocol in TCP/
IP stack that provides a method for finding IP addresses based on MAC
ICMP: Internet Control Message Protocol is a network layer protocol that
reports error. When datagram delivery errors occur, ICMP reports these
errors to the sender of the datagram. ICMP does not correct the
encountered network problem.
IGMP:The Internet Group Management Protocol (IGMP) is a
communications protocol used by hosts and adjacent routers on IP
networks to establish multicast group memberships.
- Compare the role and format of IP addresses and MAC addresses.
Although IP works in a network layer and MAC works in a physical layer
the role is the same. Identify every device that connects to a network or
LAN. The IP addresses are controlled by the AIANA(for instance in
Spain) and the MAC addresses are controlled by the IEEE.The first
known as a software address and the last as a hardware address or
physical address.
The IP addresses are 4 bytes long and the MAC addresses are 6 bytes
- How and why can you ping an IP address?
To ping you have to run this application and It send ICMP echo message
and wait for its reply.Often used in IP networks to test the reachability of
a network device.
- Are there reserved IP addresses within a given network? Which ones?
What for?
Certain addresses are reserved and cannot be assigned to devices on a
network. These reserved host addresses include the following:
Network addresses are used to identify the network itself for instance
The broadcast address is used to broadcast packets to all the devices
on a network.
- Compare subnet mask classes A, B and C. How do they relate with IP
To accommodate different-sized networks and to aid in classifying them,
IP addresses are divided into groupings called classes. Each complete
32-bit IP address is broken into a network part and host part. A bit or bit
sequence at the start of each address determines the class of the
Class A use the first byte for the network.
Class B use the first and the second byte for the network.
Class C use the first, second and third byte for the network.
- Describe in detail how TCP communication occurs: TCP 3-Way
Handshake & TCP Windowing.
HANDSHAKE:Establishing a normal TCP connection requires three
separate steps:
1. The first host (Alice) sends the second host (Bob) a
"synchronize" (SYN) message with its own sequence number ,
which Bob receives.
2. Bob replies with a synchronize-acknowledgment (SYN-ACK)
message with its own sequence number and acknowledgement
number , which Alice receives.
3. Al i ce repl i es wi t h an acknowl edgment message wi t h
acknowledgement number , which Bob receives, and doesn't need
to reply to.
In this setup, the synchronize messages, act as service requests from
one server to the other, while the acknowledgement messages return to
the requesting server to let it know the message was received.
One of the most important factors of three-way handshake is that to
exchange the starting sequence number the two sides plan to use. The
client first sends a segment with its own initial sequence number , then
the server responds by sending a segment with its own sequence
number and the acknowledgement number , and finally the client
responds by sending a segment with acknowledgement number .
The reason for the client and server not using the default sequence
number such as 0 for establishing connection is to protect against two
incarnations of the same connection reusing the same sequence number
too soon, which means a segment from an earlier incarnation of a
connection might interfere with a later incarnation of the connection.
WINDOWING:The number of data packets that the sender is allowed to
have outstanding without having received an acknowledgment is know
as the window. Windowing refers to the fact that the window size is
negotiated dynamically during the TCP session. Windowing is a flow-
control mechanism requiring that the source device receive an
acknowledgment from the destination after transmitting a certain amount
of data.
- Describe the main physical topologies (e.g. bus, star, ring and mesh)
according to parameters such as cost, set-up, scalability, maintenance
and performance.
BUS: Common called a linear bus, a bus topology connects all the
devices using a single cable. The main cable segment must end with a
terminator that absorbs the signal when it reaches the end of the line or
wire. If there in no terminator, the electrical signal representing the data
bounces back at the end of the wire, causing errors in the network.
STAR: Is made up of a central connection point that is a device such as
hub, switch, or router,where all the cabling segments meet. Although a
physical star topology costs more to implement that the physical bus
topology, the advantages of a star topology make it worth the additional
cost. Because each host is connected to the central device with its own
cable, when the cable has a problem, only that host is affected but if a
central device fails, the whole network becomes disconnected.
RING: A topology in which host are connected in the form of a ring or
circle. Unlike the physical bus topology, the ring topology has no
beginning or end that needs to be terminated.
MESH:Connects all devices(nodes) to each other for redundancy and
fault tolerance. The advantage is that every node is connected physically
to every other node, which creates a redundant connection. If any link
fails, information can flow through many other links to reach its
destination. The primary disadvantage is that for anything more than a
small number of nodes, the amount of media for the links and the
number of the connections on the lines becomes overwhelming.
Implementing a full.mesh topology is expensive and difficult.
- Explain how communication takes place between two computers within
an Ethernet network. Remember that Ethernet uses CSMA/CD (Carrier
Sense Multiple Access with Collision Detection).
A media-acces mechanism wherein devices ready to transmit data first
check the channel for a carrier. If no carrier is sensed for specific period
of time, a device can transmit. If two devices transmit once, a collision
occurs and is detected by all colliding devices. This collision
subsequently delays retransmissions from those devices for some
random length of time.The retransmission delay when a collision occurs i
the backoff.
- Explain how communication takes place between two computers in a
Token Ring network.
In a token ring network individual host are arranged in a ring. A special
data token circulates around the ring. When a host wants to transmit, it
seizes the token, transmits the data for a limited time, and then places
the token back in the ring, where it can be passed along, or seized, by
another host.
- How do hubs work?
Is a common connection point for devices in a network. Hubs commonly
connect segments of a LAN. A Hub contains multiple ports. When a
packet arrives at one port, it copied to the other ports so that all the
segments of the LAN can see all the packets.
- How do switches work? Describe some core functions such as
learning, flooding, filtering, forwarding and aging.
Switch is a device that connects LAN segments, uses a table of MAC
addresses to determinate on which a frame needs to be transmitted, and
reduces traffic. Similar to bridges, switches forward and flood traffic
based on MAC addresses.Because switching is performed in hardware,
it is significantly faster than the switching function performed by a bridge
using software. Think of each switch port as a micro bridge. Each switch
port acts as a separate bridge and gives each host the medium's flu
bandwidth.This process is called micro segmentation(allows the creation
of private or dedicate segments). However, as with a bridge, a switch
forwards a broadcast message to all the segments on the switch. All
segments in a switched environment are therefor considered to be in the
same broad cast domain.
- Describe the difference between static and dynamic routing.
The process to finding a path to destination host is routing. Static
routing allows routers to properly route a packet from network to network
based on manually configured information.Dynamic routing adjusts
automatically to network topology or traffic changes. Also called adaptive
Static route knowledge is administered manually by a network
administrator who enters it into a router's configuration. The
administrator must update these static route entry annually whenever an
internetwork topology change requires an update. Dynamic route
knowledge works differently. After a network administrator enters
configuration commands to start dynamic routing, the route knowledge
automatically is updated by a routing process whenever new information
is received from the internetwork. Changes in dynamic know ledge are
exchanged between routers as part of the update process.
- How does RIP work?
Routing Information Protocol uses hop count to determinate the direction
and distance to any link in the internetwork.If there are multiple paths to
a destination, RIP selects the path with the fewest hops. However,
because hop count is the only routing metric RIP uses, it does not
necessarily select the fastest path to a destination.RIP-1 uses only
classful routing. This means that all devices in the network must use the
same subnet mask, because RIP-1 does not include the subnet
information with the routing update.
RIP-2 provides what is called prefix routing and sends subnet mask
information with the route updates. This supports the use of classless
routing. With classless routing protocols, different subnets within the
same network can have different subnet masks. The use of different
subnet masks within the same network is called variable-length subnet
- Explain how the name resolution process works in DNS.
If a local DNS server is capable of translating a domain name into its
associated IP address, it does so and returns the result to the client. If it
cannot translate the address, it passes the request up to the next higher-
level DNS server on the system, which then tries to translate the
address. If the DNS server at this level is capable of translating a
domain name into its associated IP address, it does so and returns the
result to the client. If not, it sends the request to the next higher level.
This process repeats itself until the domain name has been translated or
until the top-level DNS server has been reached. If the domain name
cannot be found on the top-level DNS server, it is considered to be an
error and the corresponding error message is returned.
- State some advantages and disadvantages between these two types of
wireless data transmission media: infrared and radio-frequency.
The radio spectrum is the part of the electromagnetic spectrum used to
transmit voice, video, and data. It uses frequencies from 3 kilohertz to
300 gigahertz. Each type of wireless data communication has its
advantages and drawbacks, as follows:
Infrared(IR):Very high data rates and lower cost, but very short distance.
Narrowband: Low data rates and medium cost. Requires a license and
covers a limited distance.
Spread Spectrum: Medium cost and high data rates. Limited to campus
- Explain how communication takes place between two computers with
the CSMA/CA standard in wireless networks?
A carrier sensing is used,but nodes attempt to avoid collisions by
transmitting only when the channel is sensed to be "idle".
- Compare 802.11 standards (a, b and g) according to their frequency,
channels and data rate.
Like 802.11a, 802.11g uses Orthogonal Frequency Division Multiplexing
and supports 54 Mbps. However, 802.11g is not compatible with
802.11a. for one thing, 802.11g uses 2.4GHz, whereas 802.11a uses 5
GHz. On the other hand, 802.11g is backwards compatible with 802.11b.
To support 802.11b, 802.11g also supports the complementary code
keying(CCK) technique used in 802.11b.
- Compare the two most important wireless network modes.
Ad-hoc Mode
Ad-Hoc mode is sometimes called peer to peer mode, which each
wireless node in direct contact with
each other node in a decentralized free for all. This is suited for wireless
networks use in small groups.
Infrastructure Mode
Wireless networks running in infrastructure mode use one or more WAPs
to connect the wireless network nodes to a wired network segment, as
shown above. A single WAP servicing a given area is called a Basic
Service Set (BSS). This service area can be extended by adding more
WAPs. This is called, appropriately, an Extended basic Service Set
Wireless networks running in infrastructure mode require more planning
and are more complicated to configure than ad-hoc mode networks, but
they also give you finer control over how the networks operates.
Infrastructure mode is better suited to business networks or networks
that need to share dedicated resources like Internet connections and
centralized databases. If you plan setting up a wireless network for a
large number of PCs, or need to have centralized control over the
wireless network, then infrastructure mode is what you need.
- Describe the step-by-step process to configure a WAP as an extension
Connect the computer to one of the four LAN ports on your router.
Open a web browser, type "" in the address bar and press
Enter on your keyboard.
Click Login in the upper right corner.
The router does not ship with a password, so just click Submit.
Click Use as Access Point on the left side of the page.
Select Enable. This will give you the options to set the IP Address and
Subnet mask for the router. These settings should match your existing
network settings. By default, the IP address will be set to
and the Subnet mask will be
Some of the older router models have a different setup procedure:
1. Click LAN settings.
2. When the LAN settings page opens, you need to make two changes.
First, change the IP Address to something such as or you
can use As long as the first three sets of numbers match
your existing network, you will be fine.
3. Secondly, you need to turn off the DHCP server.
4. When finished, click Apply Changes.
Congratulations! You've now set up your router as an access point.
- Compare the two types of authentication in wireless security: PSK and
Remote Authentication Dial-in User Service RADIUS is the better option
provided secure (ie long) passwords / passphrases are used and a
sensible lock out policy is in place.
The main reason for this is that for RADIUS, you need to interact with an
authentication service to test a password, and so once you are locked
out, that is the end of your attempt to breach.
With PSK, all you need to do is capture enough handshakes that you
can take offline and bruteforce it. In other words, the bruteforcing of a
PSK is done without any interaction with the AP once the requisite
handshakes are captured, and so are undetectable. You would be totally
unaware of it. Combine this with the difficulty in changing a PSK and
rolling out a new one.
- Give a technical description of a "piconet" in Bluetooth.
A collection of devices connected via Bluetooth technology in an ad hoc
fashion. A piconet starts with two connected devices, and may grow to
eight connected devices. Bluetooth communication always designates
one of the Bluetooth devices as a main controlling unit or master unit.
Other devices that follow the master unit are slave units. This allows the
Bluetooth system to be non-contention based (no collisions). This means
that after a Bluetooth device has been added to the piconet, each device
is assigned a specific time period to transmit and they do not collide or
overlap with other units operating within the same piconet.
Piconet range varies according to the class of the Bluetooth device. Data
transfer rates vary between about 200 and 2100 kilobits per second.
Because the Bluetooth system hops over 79 channels, the probability of
interfering with another Bluetooth system is less than 1.5%. This allows
several Bluetooth Piconets to operate in the same area at the same time
with minimal interference.
- The main problem with radio-frequency connections is interference.
Bluetooth uses a technique called Frequency Hopping Spread-Spectrum
(FHSS) to avoid this problem. Describe this technique.
Transmissions hop from one frequency to another in random patterns.
This technique enables the transmissions to hop around narrowband
interference, resulting in a a clearer signal and higher reliability of the
transmission. However this technology is slower, and the receiver must
use the same pattern to decode.
- ISDN uses the same UTP wiring as POTS, yet it can transmit data at
much higher speeds. How?
Integrates Services Digital Network Using digital signals instead of
analog signals.
- What is the main problem for users of cable Internet?
This broadband service shares bandwidth between telephone and
Internet of all customers of an area or neighbors are connected at the
same demark. The data transfer is reduced as the users join to the
The opposite is the ADSL service that it doesnt share the bandwidth with
the others.
- Describe the Caesar cipher formula when encrypting the plaintext
SECRET when the key is 10.
is one of the simplest and most widely known encryption techniques. It is
a type of substitution cipher in which each letter in the plaintext is
replaced by a letter some fixed number of positions down the alphabet.
For example, with a left shift of 3, D would be replaced by A, E would
become B, and so on. The method is named after Julius Caesar, who
used it in his private correspondence.
The encryption can also be represented using modular arithmetic by first
transforming the letters into numbers, according to the scheme, A = 0, B
= 1,..., Z = 25. Encryption of a letter by a shift n can be described
Decryption is performed similarly,
- What is an attack? Describe the brute force attack.
In computer and computer networks an attack is any attempt to destroy,
expose, alter, disable, steal or gain unauthorized access to or make
unauthorized use of an asset.[1]
brute force:
It consists of systematically checking all possible keys until the correct
key is found.
- What do you mean by block cipher?
In cryptography, a block cipher is a deterministic algorithm operating on
fixed-length groups of bits, called blocks, with an unvarying
transformation that is specified by a symmetric key. Block ciphers are
important elementary components in the design of many cryptographic
protocols, and are widely used to implement encryption of bulk data.
In computer science, a deterministic algorithm is an algorithm which,
given a particular input, will always produce the same output, with the
underlying machine always passing through the same sequence of
- How do symmetric-key and public-key systems work?
two separate keys, one of which is secret and one of which is public.
Although different, the two parts of the key pair are mathematically
linked. One key locks or encrypts the plaintext, and the other unlocks or
decrypts the ciphertext. Neither key can perform both functions by itself.
The public key may be published without compromising security, while
the private key must not be revealed to anyone not authorized to read
the messages.
Public-key cryptography uses asymmetric key algorithms and can also
be referred to by the more generic term "asymmetric key cryptography."
The algorithms used for public key cryptography are based on
mathematical relationships (the most notable ones being the integer
factorization and discrete logarithm problems) that presumably have no
efficient solution. Although it is computationally easy for the intended
recipient to generate the public and private keys, to decrypt the message
using the private key, and easy for the sender to encrypt the message
using the public key, it is extremely difficult (or effectively impossible) for
anyone to derive the private key, based only on their knowledge of the
public key. This is why, unlike symmetric key algorithms, a public key
algorithm does not require a secure initial exchange of one (or more)
secret keys between the sender and receiver. The use of these
algorithms also allows the authenticity of a message to be checked by
creating a digital signature of the message using the private key, which
can then be verified by using the public key. In practice, only a hash of
the message is typically encrypted for signature verification purposes.
Hash encoding, or hashing, ensures that messages are not corrupted
or tampered with dur- ing transmission. Hashing uses a mathematical
function to create a numeric value that is unique to the data. If even one
character is changed, the function output, called the message digest, will
not be the same. However, the function is one-way. Knowing the
message digest does not allow an attacker to re-create the message.
This makes it difficult for someone to
intercept and change messages. Figure 16-4 illustrates the hash-
encoding process. The names of the most popular hashing algorithms
are SHA and MD5.
- Compare advantages and disadvantages between symmetric-key and
public-key encryptions (e.g. security, speed and number of keys).
Advantages and disadvantages:
Security: It is more secure the asymmetric-key because the private key
is never sent across the network. It is less secure the public key because
the key is sent across the network and the hacker can intercept the key
and decrypt the information.
Speed: Symmetric encryption it is faster because it uses simpler
operations, such as XOR, on smaller numbers (64 or 128 bits).
Asymmetric encryption usually uses complex mathematical operations,
such as power and modulus, on very large numbers (2048 bits). These
operations take time.
Number of keys: In case that it is uses symmetric key, for a group of N
people using a secret-key cryptosystem, it is necessary to distribute a
number of keys equal to:
In case that it is uses asymmetric key, for a group of N people using a
secret-key cryptosystem, it is necessary to distribute a number of keys
equal to: 2*N
- What is a digital signature? How is it created?
A digital signature is a mathematical scheme for demonstrating the
authenticity of a digital message or document.
A digital signature scheme typically consists of three algorithms:
A key generation algorithm that selects a private key uniformly at
random from a set of possible private keys. The algorithm outputs
the private key and a corresponding public key.
A signing algorithm that, given a message and a private key,
produces a signature.
A signature verifying algorithm that, given a message, public key
and a signature, either accepts or rejects the message's claim to
Two main properties are required. First, a signature generated from a
fixed message and fixed private key should verify the authenticity of that
message by using the corresponding public key. Secondly, it should be
computationally infeasible to generate a valid signature for a party
without knowing that party's private key.
- Describe the characteristics of hash functions.
A hash function is any algorithm or subroutine that maps data sets of
variable length to data sets of a fixed length. For example, a person's
name, having a variable length, could be hashed to a single integer. The
values returned by a hash function are called hash values, hash codes,
hash sums, checksums or simply hashes.
- Explain how SSL uses symmetric and asymmetric encryption together
with a digital certificate.
How SSL works
SSL uses both symmetric and asymmetric encryption algorithms.
Symmetric algorithms use the same key to encrypt and decrypt data.
They are faster than asymmetric algorithms but can be insecure.
Asymmetric algorithms use a pair of keys. Data encrypted using one key
can only be decrypted using the other. Typically, one of the keys is kept
private while the other is made public. Because one key is always kept
private, asymmetric algorithms are generally secure; however, they are
much slower than symmetric algorithms. To reap the benefits of both
algorithms, SSL encapsulates a symmetric key that is randomly selected
each time inside a message that is encrypted with an asymmetric
algorithm. After both the client and server possess the symmetric key,
the symmetric key is used instead of the asymmetric ones.
When server authentication is requested, SSL uses the following
1. To request a secure page, the client uses HTTPS.
2. The server sends the client its public key and certificate.
3. The client checks that the certificate was issued by a trusted party
(usually a trusted Certificate Authority) that the certificate is still
valid, and that the certificate is related to the contacted site.
4. The client uses the public key to encrypt a random symmetric
encryption key and sends it to the server, along with the encrypted
URL required and other encrypted HTTP data.
5. The server decrypts the symmetric encryption key using its private
key and uses the symmetric key to decrypt the URL and HTTP
6. The server sends back the requested HTML document and HTTP
data that are encrypted with the symmetric key.
7. The client decrypts the HTTP data and HTML document using the
symmetric key and displays the information.
- Give examples of telephone scams and hoaxes.
The attacker makes a phone call to someone in the organization to gain
information. The attacker attempts to come across as someone inside
the organization and uses this to get the desired information. Probably
the most famous of these scams is the I forgot my user name and
password scam
hoaxes -> chains mails
- How does phishing work?
Is the act of trying to get people to give their usernames, passwords, or
other security information by pretending to be someone else
electronically. A classic example is when a bad guy sends you an e-mail
thats supposed to be from your local credit card company asking you to
send them your username and password. Phishing is by far the most
common form of social engineering done today.
- Describe the following types of network attacks: sniffing, port scanning
and spoofing.
Sniffing: intercept and log traffic passing over a digital network or part of
a network.
captures each packet and, if needed, decodes the packet's raw data,
showing the values of various fields in the packet, and analyzes its
port scanning: sends client requests to a range of server port
addresses on a host, with the goal of finding an active port and exploiting
a known vulnerability of that service
spoofing: is email activity in which the sender address and other parts
of the email header are altered to appear as though the email originated
from a different source.
- Explain Denial of Service (DoS) attacks.
is an attempt to make a machine or network resource unavailable to its
intended users.
One common method of attack involves saturating the target machine
with external communications requests, so much so that it cannot
respond to legitimate traffic, or responds so slowly as to be rendered
essentially unavailable
- Compare the following malware: virus, worm and Trojan.
Virus: a computer virusis a piece of malicious software that gets passed
from computer to
computer. A computer virus is designed to attach itself to a program on
your computer. It could be our e-mail program, your word processor, or
even a game. Whenever you use the infected program, the virus goes
into action and does whatever it was designed to do. It can wipe out your
e-mail or even erase our entire hard drive! Viruses are also sometimes
used to steal information or send spam e-mails to veryone in your
address book.
Worm: is a complete program that travels from machine to machine,
usually through computer etworks. Most worms are designed to take
advantage of security problems in operating systems and nstall
hemselves on vulnerable machines. They can copy themselves over and
over again on infected networks nd can create so much activity that they
overload the network by consuming bandwidth, in worst cases ven
bringing chunks of the entire Internet to a halt
Trojan: freestanding programs that do something other than what the
person who runs the program thinks they will
- Describe a Demilitarized Zone (DMZ).
Is a physical or logical subnetwork that contains and exposes an
organization's external- facing services to a larger untrusted network,
usually the Internet. The purpose of a DMZ is to add an additional layer
of security to an organization's local area network (LAN); an external
attacker only has access to equipment in the DMZ, rather than any other
part of the network.
- What are packet-filtering firewalls? Describe some advantages and
A set of rules that allow or deny traffic based on criteria such as IP
addresses, protocols, or ports used
- What are stateful firewalls? Describe some advantages and limitations.
Firewall that keeps track of the state of network connections traveling
through the firewall. Packets that are not part of a known connection are
not allowed back through the firewall.
- What are proxy firewalls? Describe some advantages and limitations.
A firewall that inspects all traffic and allows or denies packets based on
configured rules. A proxy acts as a gateway that protects computers
inside the network