CRYPTOGRAPHY AND NETWORK

SECURITY
IT1352 – IT 3rd yr

UNIT – I

PART – A

1.Write different types of Authentication & explain it.

1. Peer entity authentication, 2.Data authentication

Peer entity authentication: Provides for the corroboration of the identify of a peer
entity in an association. It provided for use at the establishment of a connection. It
attempts to provide confidence that an entity is not attempting an unauthorized
replay of a previous connection.

2. Data authentication: Provides for the corroboration of the source of a data unit. It
does not provide protection against the duplication of data units. This type of
service supports applications like electronic mail where there are no prior
interactions between the communicating entities.

2.Define Access control.

In the context of security ,access control is the ability to limit and control the access to
host systems and applications via communications links.

3.Dfine Data Confidentiality

It is the protection of transmitted data from passive attacks with respect to the content
of a data transmission, several levels of protection can be identified. The broadest service
protects all user data transmitted between two users over a period of time.

4.Write Connection Integrity with Recovery

It provides for the integrity of all users data on a connection and detects any
modification, insertion ,deletion or replay of any data with in a entire data sequence, with
recovery attempted.

5.Define No repudiation origin and nonrepudiation destination.

Nonrepudiation origin:
Proof that the message was sent by the specified party.
 Nonrepudiation destination:
Proof that the message was received by the specified party.

6.Define Authentication.
Authentication service in concerned with assuring that a communication is authentic.

7.Defie passive attacks and list its types?

Passive Attacks:
A Passive attack attempts to learn or make use of information from the system but
does not affect system resources.
Types:
Passive Attacks are classified in to two types; they are
1.Release of message contents.
2.Traffic Analysis.

8.Define Traffic padding?

Traffic padding:
The insertion of bits in to gaps in a data stream to frustrate traffic analysis attempts.

9.Define plain text?

Plain text:
This is the original intelligible message or data that is fed in to the algorithm as input.

10.Define Encryption Algorithm?

Encryption Algorithm:
The Encryption algorithm performs various substitutions and transformations on the
plaintext.

11.Define secret key?

Secret Key:
The secret key is also input to the encryption algorithm. The key is a value
independent of the plaintext.The algorithm will produce a different output depending on
the specific key being used at the time.

12.Define ciphertext?
Cipher Text:
This is the scrambled message produced as output. It depends on the plain text
and the secret key. For a given message, two different keys will produce two different
ciphertexts. The ciphertext is an apparently random stream of data.

13.Define Decryption Algorithm?

Decryption Algorithm:
This is essentially the encryption algorithm run in reverse. It takes the cipher
text and the secret key and produces the original plaintext.
14.List the characteristics of cryptography.

1.The type of operations used for transforming plaintext to ciphertext.

2.The number of keys used.
3.The way in which the plaintext is processed.

15.List the two approaches to attack conventional encryption.

The two general approaches to attacking a conventional encryption scheme are :
1.Cryptanalysis.
2.Brute-force attacks.

16.List the different types of attacks on encrypted messages.

1.Ciphertext only.
2.Known plaintext.
3.Chosen ciphertext .
4.Chosen text.

17.List the different types of substitution techniques.

1.Caesar cipher.
2.Monoalphabetic ciphers.
3.Playfair cipher.
4.Hill cipher.
5.Polyalphabetic cipher.

18 Distinguish Stream Ciphers and Block Ciphers.

Stream Ciphers: It is one that encrypts a digital data stream one bit or one byte at
a time.
Block Ciphers: It is one in which a block of plaintext is treated as a whole and used
to produce a cipher text block of equal length.

19.Define Decryption.
The translation of encrypted text or data(called cipher text)into original text or data
(plain text) Decryption also called as deciphering.

20.Differential Cryptanalysis.
A technique in which chosen plaintext with particular XOR difference patterns are
encrypted. The difference patterns of the resulting cipher text provide information
That can be used to determine the encryption key.
21.Define Diffusion and Confusion
Diffusion:Cryptographic technique that seeks to obscure the statistical structure of the
plain text By spreading out the influence of each individual plain text digit over many
cipher text Digits.
Confusion: Makes the relationship between cipher key and plaintext as complex as
possible

PART-B

1.Briefly explain the OSI Security Architecture.

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 7
1.Security Services
2.Authentication
3.Data Confidentiality
4.Security mechanisms
5.Security attacks

2.Explain Classical Encryption Techniques.

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 24

1.Symmetric Cipher Model

* Cryptography
* Cryptanalysis

2.Substitution Techniques
*Caser Cipher
*Monoalphabetic Ciphers
*Playfair cipher
*Hill Cipher
*Polyalphebetic Cipher

3.Transposition Techniques

4.Rotor Machines
3.Explain Block Cipher Design Principles

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 63

*DES Design Criteria

*Design of Function F
1.Design criteria for F
2.S-Box Design
*Key schedule Algorithm

4.Write about AES Cipher and Triple DES.

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 143 & 174

1.AES Architecture
2.AES S –Boxes
3.AES Key Expansion
4.Doubles DES
5.Triple DES TWO Keys
6.Triple DES THREE Keys

5.Explain Placement of Encryption Function

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 202

1.Potential Location for Confidentiality Attacks

2.Link versus End to End Encryption
*Basic Approaches
*Logical Placement of End to End Encryption Function
 UNIT – II

1.Write about Public key cryptography.

It provides a radical departure from all that has gone before .Public key algorithm are
based on mathematical functions rather than on substitution and permutation. More
important, public key cryptography is asymmetric involving the use of 2 separate
keys, in contrast to symmetric encryption ,which use only one key.The use of 2 keys has
profound consequences in the areas of confidently ,key distribution and authentication.

2.Write about RSA Algorithm

The RSA algorithm can be used for both public key

encryption and digital signatures. Its security is based on the
difficulty of factoring large integers.

3.Write about Security of RSA:

The possible approaches to attacking the RSA algorithm are follows.

1.Brute force:

This involves trying all possible keys .

2.Mathematical attacks: There are several approaches, all equivalent in

effect to factoring the product of two primes.

3.Timing attacks: These depend on the running time of the

decryption algorithm.

4.Definitions of Trap-door one-way function

A mathematical function that is significantly easier to perform in one direction (the

forward direction) than in the opposite direction (the inverse direction). Concerning
trap-doors, the inverse direction is easy, given a certain piece of information (the trap
door), but difficult otherwise.

5 Define Elliptic curve cryptography

Elliptic curve cryptography (ECC) is an approach to public-

key cryptography based on the mathematics of elliptic curves.
 6.Define one-way function:

A one-way function is a function which is easy to calculate

but hard to invert — it is difficult to calculate the input to the
function given its output. The precise meanings of "easy" and
"hard" can be specified mathematically. With rare exceptions,
almost the entire field of public key cryptography rests on the
existence of one-way functions.

7.Write the Distribution of Public Keys.

Several techniques have been proposed for the distribution

of public keys.

1 .Public announcement
2 Publicly available directory
3 Public key authority
4 Public key certificates

8. Define Diffie-Hellman Key Exchange

A cryptographic key exchange method developed by Whitfield

Diffie and Martin Hellman in 1976. Also known as the "Diffie-
Hellman-Merkle" method and "exponential key agreement," it
enables parties at both ends to derive a shared, secret key
without ever sending it to each other. Using a common number,
both sides use a different random number as a power to raise the
common number. The results are then sent to each other. ...

9.What are the attacks can be identified in the context of

communication across a network?

1.Disclosure

2.Traffic analysis

3.Masquerade

4.Conten modification

5.Timing modification

6.Source repudiation

7.Destination repudiation
 PART – B

1.Explain briefly about the Distribution of public keys

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 211

* Public Announcement of Public Keys

*Public Available Directory

*Public Key Authority

*Public key Certificates

2.Explain Diffie Hallman Key Exchange

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 293

Algorithm: *Global Public Elements

* User A key Generation

* User B key Generation

*Generation of secret key by user A

* Generation of secret key by user B

3.Explain briefly Elliptic Curve Cryptography

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 304

*Analog of Diffie Hallman Key Exchange

*Elliptic Curve Encryption and Decryption

*Security of Elliptic Curve Cryptography

 4.Expalin Public key Cryptosystems with neat diagram

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 259

1. Public key Cryptography

*Encryption

*Decryption

2. Public key Cryptanalysis

5.Explain with example of RSA Algorithm.

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 268

*Description of the Algorithm

*Computational Aspects

*Encryption and *Decryption

*Key Generation

6.Explain the Security of RSA.

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 274

1.Brute force

2.Mathematical attacks

3.Timing attacks

4.Factering problem
 UNIT – III

PART-A

1.What are the classes are available in Authentication Function.

1.Message encryption

2.Message authentication code

3.Hash function.

2.Define Message authentication code.

A public function of the message and a secret key that produces

a fixed length value that serve as the authenticator.

3.Define Hash function

A public function that maps a message of any length into a

fixed length hash value which serve as the authenticator.

4.Write about Message Authentication Code.

An alternative authentication technique involves the use of a

secret keys to generate a small fixed size of block of data
known as cryptographic checksum or Message Authentication
Code.

5.Explain Hash function.

A variation on the message authentication code is the one way

hash function. As with the message authentication code,a hash
function accepts a variable size message as input and produces a
fixed output referred to as hash code.

Or

A hash function H is a transformation that takes an input m and returns a fixed-size

string, which is called the hash value h (that is, h = H(m)). Hash functions with just
this property have a variety of general computational uses, but when employed in
cryptography, the hash functions are usually chosen to have some additional
properties.
6.Explain purpose of hash function.

The purpose of hash function is to produce a fingerprint of a

file, message or other block of data.

7.What is message Authentication Code

A Message Authentication Code is a one-way hash computed

from a message and some secret data. Its purpose is to detect if
the message has been altered.

8.What is the difference between a message authentication

code(MAC) and a one-way hash function?

The difference between a one-way hash and a MAC (Message authentication

code), is that the hash verifies the uniqueness of a message or file. The MAC is usually
an encrypted hash, also used to verify the uniqueness of a message, but which only can be
verified if you know the secret key.

For example, say you have a list of the MD5 hashes of all your system files. If you verify
the MD5 values of the files periodically with this list, you could see which files have
been changed or updated, by a virus, for instance. However, if a virus comes in your
system, and replaces a system file, it could also replace the MD5 value in your list with
the new one, and you wouldn't know this happened.

If you had a list of MACs, however, the virus could replace your system file, but it has no
way of replacing the hash, since it doesn't have the key to decrypt it.

PART-B

1.Explain with example of Authentication Functions

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 313

*Message encryption
*MAC (Message Authentication Code)
*Hash function
2.Briefly write about Security of Hash Functions

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 335

1.Brute Force Attacks

*Hash functions
*MAC
2.Cryptanalysis

3.Explain HMAC.

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 372

*HMAC Design Objectives

*HMAC Algorithm
*HMAC Security

4.Explain Digital Signatures verification briefly.

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 380

*Define Digital Signature

*Direct Digital Signature
*Arbitrated Digital Signature

5.Briefly explain about the Authentication Protocols

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 384

1.Mutual Authentication
*Simple relay
*Repetition that can be logged
*Backward without modification
*Timestamps
*Challenge
2.Symmetric Encryption Approaches
 UNIT-IV

PART-A

1.Write about use of IP Security.

To secure the network infrastructure from unauthorized monitoring and control of

network traffic and the need to secure end user to end user traffic using authentication
And encryption mechanism.

2.Explain Applications of IP Security.

1.Secure branch office connectivity over the Internet.
2.Secure remote access over the internet
3.Establishing extranet and internet connectivity with partners.
4.Enhancing electronic commerce security.

3.Benifits of IP Security.
1. IP Security in a firewall is resistant to bypass if all traffic from the outside must use IP
and the firewall is the only means of entrance from the internet into the organization.
2.IP Security can be transparent to end users. It provide security for individual users if
need

4.Write IP Security Documents.

1. Architecture
2. Encapsulating Security payload.
3. Authentication header
4. Encryption algorithm
5. Key management
6. Domain of interpretation.

5.Define IP Security Services.

IP Security provide Service’s at the IP layer by enabling a system to select required
security protocols, determine the algorithm to use for the service and put in place any
cryptographic keys required to provide the requested services.

6.Define selectors.
Security Policy Database entry is defined by a set of IP and upper-layer protocol
Field values called selectors.

7.Define security association.

A key concept that appears in both the authentication and confidentiality mechanisms
For IP is the security association.

8.Explain the concept of Association.

 Association is one way relationship between sender and receiver that affords security
services to the traffic carried on it.

9.Write the Parameters of SA.

1.SA Parameters Index
2.IP Destination Address.
3. Security Protocol

10.Write any 4 selectors of SPD.

1.Destination IP address
2.Source IP address
3.User ID
4.Data sensitivity level

11.Explain Transport Mode.

It provides protection primarily for upper-layer protocols. That is transport mode
protection extends to the pay load of an IP packet.

12.Explain Tunnel Mode.

It provides protection to the entire IP packet. To archive this after the AH or ESP fields
are added to the IP packet, the entire packet plus security fields are treated as the payload
of new outer IP packet with new outer IP header.

13.Define SSL Architecture.

Secure Socket Layer is designed to make use of TCP to provide a reliable end-to-end
secure service’s is not a single protocol but rather two layers of protocols.

14.Define Connection.
A connection is a transport that provides a suitable type of service.

15.Write about SSL Session.

SSL Session is an association between a client and server. Sessions are created by
Handshake Protocol.Session define a set of cryptographic security parameters, which
Can be shared among multiple connections.

16.Write the parameters of Session.

1.Session identifier
2.Peer certificate
3.Compression method
4.Cipher spec
5.Master secret.
17. Write the parameters of Connection.
1.Server and Client random
2.Server with MAC secret
3.Server write key
4.Client write key
5.Initialitation vectors

18.Define SSL Protocol

It provides two services for SSL connections.

1. Confidentiality
2.Message Integrity

19.Define Alert Protocol

It is used to convey SSL related alerts to the peer entity. As with other application that
use SSL ,alert message are compressed and encrypted, as specified by the current state.

20.Explain Change Cipher Protocol

It is one of the three SSL specific protocols that use SSL record protocol, and it is the
simplest.This protocol consists of single message,which consists of single byte with the
value 1.The sole purpose of this message is to cause the pending state to copied into the
current state ,which updates the cipher suite to be used on this connection.

21.Explain Handshake Protocol.

The most complex part of SSL is the Handshake Protocol.This protocol allows the
server and client to authenticate each other and to negotiate an encryption and MAC
algorithm and cryptographic keys to be used to protect data sent in SSL record.

22.Define Secure Electronic Transaction.

SET is open encryption and security specification designed to protect credit card
transaction on the internet.

23.Write purpose of Dual Signature.

The purpose of Dual Signature is to link two messages that are intended for two different
recipients.
24.Motivation Behind Kerberos

In a non-networked personal computing environment, resources and information can be

protected by physically securing the personal computer. In a timesharing computing
environment, the operating system protects users from one another and controls resources. In
order to determine what each user is able to read or modify, it is necessary for the timesharing
system to identify each user. This is accomplished when the user logs in.

25.What is Kerberos?

Kerberos is a trusted third-party authentication service based on the model presented by

Needham and Schroeder. It is trusted in the sense that each of its clients believes
Kerberos' judgment as to the identity of each of its other clients to be accurate.
Timestamps (large numbers representing the current date and time) have been added to
the original model to aid in the detection of replay. Replay occurs when a message is
stolen off the network and resent later.

26.What Does Kerberos Do?

Kerberos keeps a database of its clients and their private keys. The private key is a large
number known only to Kerberos and the client it belongs to. In the case that the client is a
user, it is an encrypted password. Network services requiring authentication register with
Kerberos, as do clients wishing to use those services. The private keys are negotiated at
registration.

27What are the Kerberos Software Components

The Athena implementation comprises several modules:

• Kerberos applications library

• encryption library
• database library
• database administration programs
• administration server
• authentication server
• db propagation software
• user programs
• applications
28.How Kerberos Works

This section describes the Kerberos authentication protocols. As mentioned above, the
Kerberos authentication model is based on the Needham and Schroeder key distribution
protocol. When a user requests a service, her/his identity must be established. To do this,
a ticket is presented to the server, along with proof that the ticket was originally issued to
the user, not stolen. There are three phases to authentication through Kerberos. In the first
phase, the user obtains credentials to be used to request access to other services. In the
second phase, the user requests authentication for a specific service. In the final phase,
the user presents those credentials to the end server.
29.Pretty Good Privacy.

PGP is a remarkable phenomenon. It provides a confidentially and authentication service

that can be used for electronic mail and file storage applications.

30.Cryptography Keys and Rings

PGP makes use of 4 types of keys: one time session symmetric keys, public keys, private
keys and pass phrase based symmetric keys

31.Session key Generation

Each session key is associated with a single message and is used only for the purpose of
encrypting and decrypting that message.

32.Define X.509 authentication service

It defines a frame work for the provision of the authentication services By X.509
directory to its users. The directory may serve as a repository of public key
certificates of the type. The distributed set of servers that maintains a data base of
information about users. The information includes a mapping from user name to
work address, as well as other attributes and information about the users.

33.Write About One way authentication

One way authentication involves a single transfer of information from one user(A) to
another(B) and establishes the following.

1.The identity of A and that the message was generated by A

2.That the message was indented for B

3.The integrity and originality .

34.Define S/MIME.

Secure /Multipurpose Internet Mail Extension is a security enhancement to the MIME

Internet e-mail format standard, based on the technology from RSA Data Security.
S/MIME. Is defined in a number of documents ,most importantly RFC
2630,2632,2633.

35.Multi purpose Internet Mail Extensions

This document provides links to information about Multipurpose Internet Mail

Extensions (MIME). MIME extends the format of Internet mail to allow non-US-ASCII
textual messages, non-textual messages, multipart message bodies, and non-US-ASCII
information in message headers.
36.Define S/MIME. Functionality.

In terms of general functionality’s/MIME is very similar to PGP.Both offer the ability to

sign and encrypt messages

37.Write different type of S/MIME. Functionality

1.Enveloped Data.

2.Signed Data

3 Signed and. Enveloped Data.

4.Signed Data .

38.te types of Multi purpose Internet Mail Extensions

1.Text Type

2.Multipart Type

PART-B

1.Explain briefly about X.509 Authentication service

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 419

*Define X.509 Formats

*Certificates
*Obtaining Users Certificate
1.Forwared certificate
2.Reverse certificate
*Authentication Procedures
1.One way Authentication
2.Two way Authentication

2.Explain PGP (Pretty Good Privacy) with example.

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 436

*PGP Cryptographic Function

*Confidently
 *Confidently and Authentication
*Comparison
*E-Mail Compatibility
*Segmentation and Reassembly

3.Write the Functions of Cryptographic Keys and Key Rings

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 444

Keys

*Session Key Generation

*Key Identifiers
1.Timestamp
2.Message Digest
3.Leading two octets of message digest
4.Key ID of senders public key

Key Rings
*Timestamp
*Key ID
*Public Key
*Private Key
*User ID

4.Explain Secure /Multipurpose Internet Mail Extension(S/MIME).

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 444

1.MIME Content Types

2.S/MIME Functionality
1.Enveloped data
2.Signed data
3.Clear signed data
4.Signed & Enveloped data
3.Cryptographic algorithm
4.S/MIME Messages
5.Explain S/MIME Certificate Processing

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 469

*Key generation
*Registration
*Certificate storage and retrieval
*Very Sign certificates
*Enhanced Security Services

6.Explain IP Security Overview with example.

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 482

1.Applications of IP’S
2.Benifits of IP’S
3Routing Applications

7.Briefly explain IP’S Architecture.

Text Book :Cryptography and Network Security
Author :William Stallings
Page No : 485

1.IP’S Documents
*Architecture
*Encapsulating Security Payload(ESP)
*Authentication Header
*Encryption algorithm
*Authentication algorithm
*Key management
*Domain of Interpretation
2.IP’S Services
3.Security Association
4. SA Selectors

8.Expalin briefly about Transport and Tunnel Modes.

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 490
 Transport Mode (end –to- end communication between two hosts)

9.Explain Secure Socket Layer Architecture.

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 531

1.Connection
2.Session
*Session identifier
*Peer certificate
*Compression method
*Cipher spec
*Master secret
*Server write MAC secret
*Server and Client Write Key

10.Write briefly about the SSL Record Protocol .

Text Book :Cryptography and Network Security
Author :William Stallings
Page No : 533

1.Servicess
2.Change Cipher Spec Protocol.
3.Alert Protocol
4.Handshake Protocol

UNIT-V
SYSTEM LEVEL SECURITY

PART-A

1.Define Passwords.
Password serves to authenticate the ID of the individual logging on the system .

2.Write different types of password selection techniques.

*User education
*Computer generated password
*Reacting password checking
*Proactive password checking
3.Define Logic Bomb.
One of the oldest types of program threat, predating viruses and warms, is the logic
bomb. The logic bomb is code embedded in some legitimate program that is set to
explode when certain conditions are met.

4.Define Trojan Horses

Trojan Horses is useful program or command procedure containing hidden code that
when invoked ,performs some unwanted or harmful function.

5.Define Zombie
It is a program that secretly takes over another internet attached computer and then uses
that computer to launch attacks that are difficult to trace to the zombie creator .Zombie is
used in denial of services attacks, typically against targeted websites

6.Difine VIRUSES.
It is a program that can infect other programs by modifying them, The modification
includes a copy of the virus program, which can then go on to infect other programs.

7.What are the phases are involved in the virus spreading process.
1.Dormant phase
2.Propacation phase
3.Triggering phase
4.Execution phase

8.Explain virus structure.

Virus can be pretended or post pended to an executable program or it can be embedded
In some other fashion. The key to its operation is that the infected program ,when
invoked ,will first execute the virus code and then execute the original code of the
program.

9.Write types of viruses.

1.Parasitic virus
2.Memory resident virus
3.Boot sector virus
4.Stealth virus
5.Polymorphic virus

10.What do you mean by Polymorphic virus?

Polymorphic virus creates copies during replication that are functionally equivalent but
have distinctly different bit patterns.

11Define Macro Viruses

It is a platform independent .Virtually all of the macro viruses infect MS word
document .This Macro virus are easily spread and a very common method is E- mail.
12.What are the Auto executing Macros are available in the MS Word?
1. Auto execute
2. Auto macro
3. Command macro

13.Define E-mail viruses

A more recent development in malicious software is the e-mail virus.The first rapidly
spreading e-mail viruses such as Melissa.

14.Explain antivirus approaches.

1.Detection:Once the infection has occurred determine that it has occurred and locate the
virus.
2.Identification:Once detection has been achieved identify the specific virus that has
Infected a program.
3.Removal: Once detection has been identified remove all traces of the virus from the
infected program and restore it to its original state .Remove the virus from all infected
systems so that the disease cannot spread further.

15.What are the Anti virus techniques are available ?

There are two Antivirus techniques are as follows.
1.Generic Decryption
2.Digital Immune System

16.Define Generic Decryption.

Generic Decryption technology enables the antivirus program to detect easily even the
most complex polymorphic viruses, while maintaining fast scanning speeds.

17.Define Behavior-Blocking Software

Unlike heuristics or finger print based scanners, behavior-blocking software integrates
With the operating system of a host computer and monitors program behavior in real
time for malicious action. The Behavior-Blocking Software then blocks potentially
malicious actions before they have a chance to affect the system.

18.Explain Firewall design principles

* Centralized data processing system ,with a central mainframe supporting a number of
directly connected terminals.
* LAN’s interconnecting PC’s and terminals to each other and the mainframe.
* Premises network, consisting of a number of LAN’s interconnecting PC’s servers and
perhaps a mainframe.

19.Explain Firewall characteristics.

1.All traffic from inside to outside and vice versa must pass through the firewall.This
Is achieved by physically blocking all access to the local network except via firewall.

2.Only authorized traffic as defined by local security policy will be allowed to pass.
Various types of firewalls are used ,which implement various types of security polices.

3.The firewall itself is immune to penetration .This implies that use of system with a
secure operating system.

20.List the four general techniques that firewall use to control access.
1.Service control
2.Direction control
3.User control
4.Behavior control

21.List the types of firewall

1.Packet Filtering Router
2.Application Gateways
3.Circuit level Gateways

22.Define Packet Filtering Router

Packet Filtering Router applies a set of rules to each incoming IP packet and then
forwards or discards the packet. The router is typically configured to filter packets going
In both directions. Filtering rules are based on information contained in a network
packet.

21.List the attacks that can be made on packet filtering routers .

1.IP address spoofing
2.Source routing attacks
3.Tiny fragment attacks

22.Define Application level gateway

Application level gateway also called as proxy server, act as a relay of Application level
Traffic. This proxy server tend to be more secure than packet filters.

23.What do you meant by Bastion Host

A Bastion host is a system identified by the firewall administrator as a critical
Strong point in the network security .Typically the bastion host serves as a platform for
an application level gateway.

PART-B

1.Explain Audit Records and Statistical Anomaly Detection.

Text Book :Cryptography and Network Security
Author :William Stallings
Page No : 537

Audit Records
1.Native Audit Records
2.Detection specific audit records
3.Action
4.Subject
5.Exception – Condition
6.Resource Usage

Statistical Anomaly Detection

1.Counter
2.Gauge
3.Interval Timer
4.Resource utilization

2.Explain Distributed Instruction Detection.

Text Book :Cryptography and Network Security
Author :William Stallings
Page No : 578

*Host agent module

*LAN Monitor agent module
*Central manager module

3.Explain Markov Modal for Password Selection Strategies.

Text Book :Cryptography and Network Security

Author :William Stallings
Page No : 586

4.Explain Different types of VIRUSES.

Text Book :Cryptography and Network Security
Author :William Stallings
Page No : 604

1.E-Mail Viruses
2.Macro Viruses
*Auto execute
*Auto macro
*Command macro
3. Parasitic virus
4. Memory resident virus
5. Boot sector virus
 6.Stealth virus
7. Polymorphic virus
5.Explain Trojan Horse Defense method briefly
Text Book :Cryptography and Network Security
Author :William Stallings
Page No : 631

6.Explain the advanced Antivirus Techniques .

Text Book :Cryptography and Network Security
Author :William Stallings
Page No : 610

1.Generic Decryption
*CPU Emulator
*Virus signature scanner
*Emulation control module

2.Digital Immune System

*Integrated mail system
*Mobile program system

7.Explain Fire Wall Characteristics .

Text Book :Cryptography and Network Security
Author :William Stallings
Page No : 617

1.Service Control
2.Direction control
3.User control
4.Behavior control

8.Explain the types of Firewall with suitable example.

Text Book :Cryptography and Network Security
Author :William Stallings
Page No : 618

1.Packet filters
*Source IP address
*Destination IP address
*Source and Destination Transport level address
*IP protocol field
*Interface
2.Application –level gateways
3.Circuit Level Gateway