Q.1.

Using Chinese remainder theorem, solve for x:-

X = 1 (mod 3)
X = 3 (mod 5)
X = 2 (mod 7)

Q.2. Find all primitive roots of 25.

Q.3. Give format of X.509 Public Key Certificate. Explain under what condition the
certificate is to be revoked? Explain certificate revocation list (CRL).

Q.4. Explain different types of firewalls and their configurations. Explain the concept
of trusted systems. What do you mean by reference monitor?

Q.5. What are the services IPSec provides? Explain Oakley key exchange protocol.

Q.6. What is SSL and SET? What is the difference between SSL connection and SSl
session? Discuss SSL protocol architecture. How does SET work? Describe dual
signature for SET and its purpose.

Q.7. Explain the concept of security association in IPSec. Describe how

authentication header (AH)is used in transport and tunnel mode in IPSec protocol?
What are the important features of Oakley algo used for key determination in context
of IPSec.

Q.8. What are the different measures used for intrusion detection? What do you mean
by DDoS Attack?

Q.9. What are typical phases of operation of a virus or worm and how does behaviour
blocking software work?

Q. 10. What is dual signature? What is the purpose of dual signature. Explain how a
dual signature is constructed?
What do you mean by DDoS Attack?

- A distributed denial-of-service (DDoS) attack is one in which a multitude of

compromised systems attack a single target, thereby causing denial of service for
users of the targeted system. The flood of incoming messages to the target system
essentially forces it to shut down, thereby denying service to the system to legitimate
users.

In a typical DDoS attack, a hacker (or, if you prefer, cracker) begins by exploiting a
vulnerability in one computer system and making it the DDoS master. It is from the
master system that the intruder identifies and communicates with other systems that
can be compromised. The intruder loads cracking tools available on the Internet on
multiple -- sometimes thousands of -- compromised systems. With a single command,
the intruder instructs the controlled machines to launch one of many flood attacks
against a specified target. The inundation of packets to the target causes a denial of
service.

While the press tends to focus on the target of DDoS attacks as the victim, in reality
there are many victims in a DDoS attack -- the final target and as well the systems
controlled by the intruder. Although the owners of co-opted computers are typically
unaware that their computers have been compromised, they are nevertheless likely to
suffer degradation of service and malfunction. Both owners and users of targeted sites
are affected by a denial of service. Yahoo, Buy.com, RIAA and the United States
Copyright Office are among the victims of DDoS attacks. DDoS attacks can also
create more widespread disruption. In October 2010, for example, a massive DDoS
attack took the entire country of Myanmar offline.

A computer under the control of an intruder is known as a zombie or bot. A group of

co-opted computers is known as a botnet or a zombie army. Both Kaspersky Labs and
Symantec have identified botnets -- not spam, viruses, or worms -- as the biggest
threat to Internet security.

Evaluating and tuning an intrusion-

detection system
Mike Chapple
Rating: -2.90- (out of 5)
The vast majority of intrusion-detection systems (IDS) available today allow system
administrators some degree of flexibility in configuring the sensitivity of the system's
detection and reporting algorithms. This presents a dilemma to diligent
administrators: What is the proper balance between providing adequate intrusion
detection and the possibility of overwhelming administrators with false reports?
The answer to this question is not an easy one. Indeed, there is no single answer that
will apply to every situation or organization, as varying circumstances dictate
different security postures. However, if you have a thorough understanding of the
metrics used to evaluate these systems, you'll be more capable of determining an
appropriate balance for your situation.

There are three main measures of IDS performance:

• The False Positive Rate is the frequency with which the IDS reports
malicious activity in error. These errors are the bane of a security
administrator's existence. They're the "nuisance reports" that require
investigation but lead to a dead end. The true danger of a high false positive
rate lies in the fact that it may cause administrators to ignore the system's
output when legitimate alerts are raised. You may also see false positives
referred to as "Type I errors," a phrase borrowed from the field of medical
research. Generally speaking, increasing the sensitivity of an intrusion-
detection system results in a higher false positive rate, while decreasing the
sensitivity lowers the false positive rate.

• The False Negative Rate is the frequency with which the IDS fails to raise an
alert when malicious activity actually occurs. These are the most dangerous
types of errors, as they represent undetected attacks on a system. The
corresponding term from medical research is a "Type II error." False negative
rates change in an inverse proportion to false positive rates. As the false
positive rate increases, the false negative ...

Dual signature

An important innovation introduced in SET is the dual signature. The purpose of the
dual signature is the same as the standard electronic signature: to guarantee the
authentication and integrity of data. It links two messages that are intended for two
different recipients. In this case, the customer wants to send the order information
(OI) to the merchant and the payment information (PI) to the bank. The merchant
does not need to know the customer's credit card number, and the bank does not need
to know the details of the customer's order. The link is needed so that the customer
can prove that the payment is intended for this order.

The message digest (MD) of the OI and the PI are independently calculated by the
customer. The dual signature is the encrypted MD (with the customer's secret key) of
the concatenated MD's of PI and OI. The dual signature is sent to both the merchant
and the bank. The protocol arranges for the merchant to see the MD of the PI without
seeing the PI itself, and the bank sees the MD of the OI but not the OI itself. The dual
signature can be verified using the MD of the OI or PI. It doesn't require the OI or PI
itself. Its MD does not reveal the content of the OI or PI, and thus privacy is
preserved.