CNS - SAMPLE Question Bank

Q. No Questions

1. Explain Security Mechanisms and Attacks?

➔
Security Mechanisms:-
a) security mechanism can also be termed as is set of processes that deal with recovery from
security attacks.
b) Various mechanisms are designed to recover from these specific attacks at various
protocol layers.
c) Types of Security Mechanism are :
1. Encipherment :- This security mechanism deals with hiding and covering of data
which helps data to become confidential.
2. Access Control :- This mechanism is used to stop unattended access to data which you
are sending.
3. Notarization :- This security mechanism involves use of trusted third party in
communication. It acts as mediator between sender and receiver so that if any chance of
conflict is reduced.
4. Data Integrity :- This security mechanism is used by appending value to data to which
is created by data itself. When this packet or data which is appended is checked and is
the same while sending and receiving data integrity is maintained.
5. Authentication exchange :- This security mechanism deals with identity to be known in
communication. This is achieved at the TCP/IP layer where two-way handshaking
mechanism is used to ensure data is sent or not
6. Bit stuffing :- This security mechanism is used to add some extra bits into data which is
being transmitted. It helps data to be checked at the receiving end and is achieved by Even
parity or Odd Parity.
7. Digital Signature :- This security mechanism is achieved by adding digital data that is not
visible to eyes. This mechanism is used to preserve data which is not more confidential but
 sender’s identity is to be notified.

Security Attacks:-
a) A security attack is an unauthorized attempt to steal, damage, or expose data from an
information system such as your website.
b) There are 2 types of attacks :-
1) Active attack:-
● An Active attack attempts to alter system resources or effect their operations.
● Active attack involve some modification of the data stream or creation of false statement.
● Types of active attacks are as following:-
❖ Masquerade – Masquerade attack takes place when one entity pretends to be
different entity. A Masquerade attack involves one of the other form of active
attacks.
❖ Modification of messages – It means that some portion of a message is altered or
that message is delayed or reordered to produce an unauthorised effect.
❖ Repudiation – This attack is done by either sender or receiver. The sender or
receiver can deny later that he/she has send or receive a message.
❖ Replay – It involves the passive capture of a message and its subsequent the
transmission to produce an authorized effect.
❖ Denial of Service – It prevents normal use of communication facilities. This attack
may have a specific target.
2) Passive attack :-
● A Passive attack attempts to learn or make use of information from the system but does not
affect system resources.
● Passive Attacks are in the nature of eavesdropping on or monitoring of transmission.
● The goal of the opponent is to obtain information is being transmitted.
● Types of Passive attacks are as following:-
❖ The release of message content – Telephonic conversation, an electronic mail
message or a transferred file may contain sensitive or confidential information. We
would like to prevent an opponent from learning the contents of these transmissions.
 ❖ Traffic analysis – Suppose that we had a way of masking (encryption) of
information, so that the attacker even if captured the message could not extract any
information from the message. The opponent could determine the location and
identity of communicating host and could observe the frequency and length of
messages being exchanged. This information might be useful in guessing the nature
of the communication that was taking place.

2. Explain Security services?

➔
There are various services of network security which are as follows −
a) Message Confidentiality:- Message confidentiality or privacy means that the sender and
the receiver expect confidentiality. The transmitted message must make sense to only the
intended receiver.
b) Message Integrity:- Message integrity means that the data must arrive at the receiver
exactly as they were sent. There must be no changes during the transmission, neither
accidentally nor maliciously.
c) Message Authentication:- Message authentication is a service beyond message integrity.
In message authentication, the receiver needs to be sure of the sender's identity and that an
imposter has not sent the message.
d) Message Nonrepudiation:- Message nonrepudiation means that a sender must not be able
to deny sending a message that he or she, in fact, did send. The burden of proof falls on the
receiver. For example, when a customer sends a message to transfer money from one
account to another, the bank must have proof that the customer actually requested this
transaction.
e) Entity Authentication:- In entity authentication (or user identification), the entity or user
is verified prior to access to the system resources (files, for example). For example, a
student who needs to access her university resources needs to be authenticated during the
logging process. This is to protect the interests of the university and the student.

3. Describe OSI security architecture?

➔
a) OSI Security Architecture defines the well-planned standard architecture for security
features in computer networking.
b) OSI architecture is internationally acceptable as it lays the flow of providing safety in an
organization.
c) Need of OSI Architecture:-
1. Security Needs:
● OSI Architecture caters to the security needs of an organization.
● Safety and security are ensured by OSI Architecture to prevent risk and threats.
2. Systematic Arrangement:
 ● OSI Architecture gives a systematic approach to the security requirements of an
organization.
● Security policies are well maintained through OSI Architecture.
3. Centralised Processing:
● OSI Architecture maintains a central processing environment.
● LAN and WAN help in the Centralised Processing of OSI Architecture.

d) Benefits of OSI Architecture:

1. Providing Security:
● OSI Architecture in an organization provides the needed security and safety, preventing
potential threats and risks.
● Managers can easily take care of the security and there is hassle-free security
maintenance done through OSI Architecture.

2. Organising Task:
● Managers get the opportunity to organize tasks in an organization effectively.
● A well-planned standard architecture for security features enhances performance.

3. Meets International Standards:

● Security services are defined and recognized internationally meeting international
standards.
● The standard definition of requirements defined using OSI Architecture is globally
accepted.

e) Three Pillars of OSI Security Architecture:- OSI Security Architecture is categorized into
three broad categories mentioned Security Attacks, Security mechanisms, and Security
Services.
 f) These can be represented concisely as follows −

i) Security attack − Security attack is any action that deal the security of data owned by an
organization.

ii) Security mechanism − A process (or a device assortment such a process) that is designed to
identify, avoid, or restore from a security attack.

iii) Security service − A processing or communication service that improves the security of the
data processing systems and the information assign of an organization. The services are
pre-determined to counter security attacks, and they create need of one or more security structure
to support the service.

4. What is Network security model?

➔
Textbook (chp 1) (pg no- 9,10,11)

5. Explain Vigenere cipher with example ?

➔
Vigenere Cipher is a method of encrypting alphabetic text. It uses a simple form of polyalphabetic
substitution. A polyalphabetic cipher is any cipher based on substitution, using multiple
substitution alphabets. The encryption of the original text is done using the Vigenère square or
Vigenère table. The first letter of the plaintext, G is paired with A, the first letter of the key. So
use row G and column A of the Vigenère square, namely G. Similarly, for the second letter of the
plaintext, the second letter of the key is used, the letter at row E, and column Y is C. The rest of
the plaintext is enciphered in a similar fashion. 

EXAMPLE:-

Msg:- “ She is listening”

Key = “pascal”

[ p = 15 , a = 0 , s = 18, c = 2 , l = 11]

Keystream = {15 , 0 , 18 , 2, 0,11 , 15, 0 ,18, 2 ,0 , 11, 15, 0, 18, 2, 0, 11}

ENCRYPTION:- Ci = (Pi + Ki) mod 26

H E I S L I S T E N I N G

8 7 4 8 18 11 8 18 19 4 13 8 13 6
 5 0 18 2 0 11 15 0 18 2 0 11 15 0

7 22 10 18 22 23 18 11 6 13 19 2 6

H H W K S W X S L G N T C G

PLAIN TEXT CIPHER TEXT

“ She is listening “ “HHWKSWXSLGNTCG”

DECRYPTION:- (Ci – Ki ) mod 26

H H W K S W X S L G N T C G

7 7 22 10 18 22 23 18 11 6 13 19 2 6

15 0 18 2 0 11 15 0 18 2 0 11 15 0

18 7 4 8 18 11 8 18 19 4 13 8 13 6

S H E I S L I S T E N I N G

CIPHER TEXT PLAIN TEXT

“HHWKSWXSLGNTCG” “ She is listening”

6 Explain Playfair cipher with example ?

➔
The Playfair cipher was the first practical digraph substitution cipher. The scheme was invented in
1854 by Charles Wheatstone but was named after Lord Playfair who promoted the use of the
cipher. In playfair cipher, unlike traditional cipher, we encrypt a pair of alphabets(digraphs)
instead of a single alphabet. It was used for tactical purposes by British forces in the Second Boer
War and in World War I and for the same purpose by the Australians during World War II. This
was because Playfair is reasonably fast to use and requires no special equipment.
 EXAMPLE:-

Msg = “mosque”

Key = “ MONARCHY’

M O N A R

C H Y B D

E F G I/J K

L P Q S T

U V W X Z

Msg = “mosque”

Mo Sq Ue

On Ts Ml

7 Encrypt “This is the final exam” with Playfair cipher using key “Guidance”. Explain the
steps involved?
➔
8 What are transposition techniques? Explain keyed and keyless transposition ciphers with
examples?
➔
Transposition techniques:-
a) The transposition technique is a cryptographic technique that converts the plain text to
cipher text by performing permutations on the plain text, i.e., changing each character of
plain text for each round.
b) It includes various techniques like the Rail Fence technique, Simple columnar
transposition technique, simple columnar transposition technique with multiple rounds,
Vernam cipher, and book Cipher to encrypt the plain text in a secure way.
Keyless Transposition Cipher:
● In this cipher technique, the message is converted to ciphertext by either of two
 permutation techniques:
a. Text is written into a table column-by-column and is then transmitted row-by-row.
b. Text is written into a table row-by-row and is then transmitted column-by-column
● The first method (a) is also popularly known as Rail-fence cipher
● E.g. We need to send the message “DEFENDTHEEASTWALL”. Arranging into tables we
get :

Keyed Transposition cipher:

● In this approach, rather than permuting all the symbols together, we divide the entire
plaintext into blocks of predetermined size and then permute each block independently.
● Suppose A wants to send a message to B “WE HAVE AN ATTACK”. Both A and B
agreed to had previously agreed oved the blocks size as 5. So the blocks would be as:

9 What is steganography with Examples?

➔
a) A steganography technique involves hiding sensitive information within an ordinary,
non-secret file or message, so that it will not be detected.
b) The sensitive information will then be extracted from the ordinary file or message at its
 destination, thus avoiding detection.
c) Steganography is an additional step that can be used in conjunction with encryption in
order to conceal or protect data.
d) It comes from the Greek words steganos, which means “covered” or “hidden,” and graph,
which means “to write.” Hence, “hidden writing.”
e) The purpose of steganography is to conceal and deceive.
f) It is a form of covert communication and can involve the use of any medium to hide
messages.
g) It’s not a form of cryptography, because it doesn’t involve scrambling data or using a key.
h) Steganography Examples Include:-
● Writing with invisible ink
● Embedding text in a picture (like an artist hiding their initials in a painting they’ve
done)
● Backward masking a message in an audio file (remember those stories of evil messages
recorded backward on rock and roll records?)
● Concealing information in either metadata or within a file header
● Hiding an image in a video, viewable only if the video is played at a particular frame
rate
● Embedding a secret message in either the green, blue, or red channels of an RRB image

10. Block cipher modes of operation?

➔
a) Block cipher is an encryption algorithm that takes a fixed size of input say b bits and
produces a ciphertext of b bits again. If the input is larger than b bits it can be divided
further. For different applications and uses, there are several modes of operations for a
block cipher.
1) Electronic Code Book (ECB) –
❖ Electronic code book is the easiest block cipher mode of functioning.
❖ It is easier because of direct encryption of each block of input plaintext and output is in
form of blocks of encrypted ciphertext.
❖ Generally, if a message is larger than b bits in size, it can be broken down into a bunch of
blocks and the procedure is repeated.
❖ Advantages of using ECB –
● Parallel encryption of blocks of bits is possible, thus it is a faster way of encryption.
● Simple way of the block cipher.
❖ Disadvantages of using ECB –
● Prone to cryptanalysis since there is a direct relationship between plaintext and
ciphertext.
2) Cipher Block Chaining –
❖ Cipher block chaining or CBC is an advancement made on ECB since ECB compromises
some security requirements.
❖ In CBC, the previous cipher block is given as input to the next encryption algorithm after
XOR with the original plaintext block.
❖ In a nutshell here, a cipher block is produced by encrypting an XOR output of the previous
cipher block and present plaintext block.
❖ Advantages of CBC –
● CBC works well for input greater than b bits.
● CBC is a good authentication mechanism.
● Better resistive nature towards cryptanalysis than ECB.
❖ Disadvantages of CBC –
● Parallel encryption is not possible since every encryption requires a previous cipher.
3) Cipher Feedback Mode (CFB) –
❖ In this mode the cipher is given as feedback to the next block of encryption with some new
specifications: first, an initial vector IV is used for first encryption and output bits are
divided as a set of s and b-s bits.
❖ The left-hand side s bits are selected along with plaintext bits to which an XOR operation
is applied.
❖ The result is given as input to a shift register having b-s bits to lhs,s bits to rhs and the
process continues.
❖ Advantages of CFB –
● Since, there is some data loss due to the use of shift register, thus it is difficult for
applying cryptanalysis.
❖ Disadvantages of using ECB –
● The drawbacks of CFB are the same as those of CBC mode. Both block losses and
concurrent encryption of several blocks are not supported by the encryption.
Decryption, however, is parallelizable and loss-tolerant.
4) Output Feedback Mode –
❖ The output feedback mode follows nearly the same process as the Cipher Feedback mode
except that it sends the encrypted output as feedback instead of the actual cipher which is
XOR output.
 ❖ In this output feedback mode, all bits of the block are sent instead of sending selected s
bits.
❖ The Output Feedback mode of block cipher holds great resistance towards bit transmission
errors.
❖ It also decreases the dependency or relationship of the cipher on the plaintext.
❖ Advantages of OFB –
● In the case of CFB, a single bit error in a block is propagated to all subsequent blocks.
This problem is solved by OFB as it is free from bit errors in the plaintext block.
❖ Disadvantages of OFB-
● The drawback of OFB is that, because to its operational modes, it is more susceptible to
a message stream modification attack than CFB.
5) Counter Mode –
❖ The Counter Mode or CTR is a simple counter-based block cipher implementation.
❖ Every time a counter-initiated value is encrypted and given as input to XOR with plaintext
which results in ciphertext block.
❖ The CTR mode is independent of feedback use and thus can be implemented in parallel.
❖ Advantages of Counter –
● Since there is a different counter value for each block, the direct plaintext and
ciphertext relationship is avoided. This means that the same plain text can map to
different ciphertext.
● Parallel execution of encryption is possible as outputs from previous stages are not
chained as in the case of CBC.
❖ Disadvantages of Counter-
● The fact that CTR mode requires a synchronous counter at both the transmitter and the
receiver is a severe drawback. The recovery of plaintext is erroneous when
synchronisation is lost.

11. Explain Data Encryption Standard in detail?

➔
a) The Data Encryption Standard (DES) is a symmetric-key block cipher published by the
National Institute of Standards and Technology (NIST).
b) DES is an implementation of a Feistel Cipher.
c) It uses 16 round Feistel structure.
d) The block size is 64-bit.
e) Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the 64
bits of the key are not used by the encryption algorithm (function as check bits only).
f) Since DES is based on the Feistel Cipher, all that is required to specify DES is −
● Round function
● Key schedule
● Any additional processing − Initial and final permutation
12. Explain Advanced Encryption Standard in detail?
➔
Advanced Encryption Standard (AES) is a specification for the encryption of electronic data
established by the U.S National Institute of Standards and Technology (NIST) in 2001. AES is
widely used today as it is a much stronger than DES and triple DES despite being harder to
implement.
Points to remember
● AES is a block cipher.
● The key size can be 128/192/256 bits.
● Encrypts data in blocks of 128 bits each.

That means it takes 128 bits as input and outputs 128 bits of encrypted cipher text as output. AES
relies on substitution-permutation network principle which means it is performed using a series of
linked operations which involves replacing and shuffling of the input data.
❖ Working of the cipher :
AES performs operations on bytes of data rather than in bits. Since the block size is 128 bits, the
cipher processes 128 bits (or 16 bytes) of the input data at a time.
The number of rounds depends on the key length as follows :
● 128 bit key – 10 rounds
● 192 bit key – 12 rounds
● 256 bit key – 14 rounds

Creation of Round keys :

A Key Schedule algorithm is used to calculate all the round keys from the key. So the initial key
is used to create many different round keys which will be used in the corresponding round of the
encryption.
Encryption :
AES considers each block as a 16 byte (4 byte x 4 byte = 128 ) grid in a column major
arrangement.
Each round comprises of 4 steps :
● SubBytes
● ShiftRows
● MixColumns
● Add Round Key

The last round doesn’t have the MixColumns round.

The SubBytes does the substitution and ShiftRows and MixColumns performs the permutation in
the algorithm.
SubBytes :
This step implements the substitution.
In this step each byte is substituted by another byte. Its performed using a lookup table also called
the S-box. This substitution is done in a way that a byte is never substituted by itself and also not
substituted by another byte which is a compliment of the current byte. The result of this step is a
16 byte (4 x 4 ) matrix like before.
The next two steps implement the permutation.
ShiftRows :
This step is just as it sounds. Each row is shifted a particular number of times.
● The first row is not shifted
● The second row is shifted once to the left.
● The third row is shifted twice to the left.
● The fourth row is shifted thrice to the left.

[ b0 | b1 | b2 | b3 ] [ b0 | b1 | b2 | b3 ]
| b4 | b5 | b6 | b7 | -> | b5 | b6 | b7 | b4 |
| b8 | b9 | b10 | b11 | | b10 | b11 | b8 | b9 |
[ b12 | b13 | b14 | b15 ] [ b15 | b12 | b13 | b14 ]
MixColumns :
This step is basically a matrix multiplication. Each column is multiplied with a specific matrix
and thus the position of each byte in the column is changed as a result.
This step is skipped in the last round.
[ c0 ] [ 2 3 1 1 ] [ b0 ]
| c1 | = |1 2 3 1| | b1 |
| c2 | |1 1 2 3| | b2 |
[ c3 ] [3 1 1 2] [ b3 ]
Add Round Keys :
Now the resultant output of the previous stage is XOR-ed with the corresponding round key.
Here, the 16 bytes is not considered as a grid but just as 128 bits of data.

After all these rounds 128 bits of encrypted data is given back as output. This process is repeated
until all the data to be encrypted undergoes this process.
Decryption :
The stages in the rounds can be easily undone as these stages have an opposite to it which when
performed reverts the changes.Each 128 blocks goes through the 10,12 or 14 rounds depending on
the key size.
The stages of each round in decryption is as follows :
● Add round key
 ● Inverse MixColumns
● ShiftRows
● Inverse SubByte

The decryption process is the encryption process done in reverse so i will explain the steps with
notable differences.
Inverse MixColumns :
This step is similar to the MixColumns step in encryption, but differs in the matrix used to carry
out the operation.
[ b0 ] [ 14 11 13 9 ] [ c0 ]
| b1 | = | 9 14 11 13 | | c1 |
| b2 | | 13 9 14 11 | | c2 |
[ b3 ] [ 11 13 9 14 ] [ c3 ]
Inverse SubBytes :
Inverse S-box is used as a lookup table and using which the bytes are substituted during
decryption.

13. Explain RC5 algorithm in detail?

➔
RC5 is a symmetric key block encryption algorithm designed by Ron Rivest in 1994. It is notable
for being simple, fast (on account of using only primitive computer operations like XOR, shift,
etc.) and consumes less memory.
Example:
Key : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Plain Text : 00000000 00000000
Cipher Text : EEDBA521 6D8F4B15

RC5 is a block cipher and addresses two word blocks at a time.

Depending on input plain text block size, number of rounds and key size, various instances of
RC5 can be defined and each instance is denoted as RC5-w/r/b where w=word size in bits,
r=number of rounds and b=key size in bytes.
Allowed values are:
 ❖ In the RC5 algorithm, the input plain text block size, number of rounds and 8-bit bytes of
the key can be of variable length.
❖ Once the values of this are decided, the values will remain the same for a particular
execution of the cryptographic algorithm.
❖ The size of plain text block can be of 32 bits, 64 bits or 138 bits. the length of the key can
be of 0 to 2040 bits.
❖ The output generated by RC5 is the ciphertext which has the size the same as plain text
size.

14. What is Public key cryptography? Explain RSA algorithm with example
➔
Public key cryptography:-
a) Public key cryptography involves a pair of keys known as a public key and a
private key (a public key pair), which are associated with an entity that needs
to authenticate its identity electronically or to sign or encrypt data.
b) Each public key is published and the corresponding private key is kept secret.
c) Data that is encrypted with the public key can be decrypted only with the
corresponding private key.
d) Public key cryptography enables the following:
● Encryption and decryption, which allow two communicating parties to disguise data that
they send to each other. The sender encrypts, or scrambles, the data before sending it. The
receiver decrypts, or unscrambles, the data after receiving it. While in transit, the encrypted
data is not understood by an intruder.
● Nonrepudiation, which prevents:
○ The sender of the data from claiming, at a later date, that the data was never sent
○ The data from being altered.
e) Public-key cryptography, or asymmetric cryptography, is an encryption scheme that uses
two mathematically related, but not identical, keys - a public key and a private key.
f) Unlike symmetric key algorithms that rely on one key to both encrypt and decrypt, each
key performs a unique function.
g) The public key is used to encrypt and the private key is used to decrypt.

RSA algorithm:-
 RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually means that it
works on two different keys i.e. Public Key and Private Key. As the name describes that the
Public Key is given to everyone and the Private key is kept private.
An example of asymmetric cryptography :
1. A client (for example browser) sends its public key to the server and requests some
data.
2. The server encrypts the data using the client’s public key and sends the encrypted data.
3. The client receives this data and decrypts it.
❖ The idea of RSA is based on the fact that it is difficult to factorize a large integer.
❖ The public key consists of two numbers where one number is a multiplication of two large
prime numbers.
❖ And private key is also derived from the same two prime numbers.
❖ So if somebody can factorize the large number, the private key is compromised.
❖ Therefore encryption strength totally lies on the key size and if we double or triple the key
size, the strength of encryption increases exponentially.

15. Given modulus n=91 and public key, e=5, find the values of p, q, phi(n), and d using RSA.
Encrypt M=25. Also perform decryption
➔
16. Hashing Techniques SHA-512?
➔
a) SHA-512, or Secure Hash Algorithm 512, is a hashing algorithm used to convert text of
any length into a fixed-size string.
b) Each output produces a SHA-512 length of 512 bits (64 bytes).
c) This algorithm is commonly used for email addresses hashing, password hashing, and
digital record verification.
d) SHA-512 is also used in blockchain technology, with the most notable example being the
BitShares network.
e) SHA-512 is a hashing algorithm that performs a hashing function on some data given to it.

f) Hashing algorithms are used in many things such as internet security, digital certificates

and even blockchains.

g) Since hashing algorithms play such a vital role in digital security and cryptography, this is

an easy-to-understand walkthrough, with some basic and simple maths along with some

diagrams, for a hashing algorithm called SHA-512.

h) It’s part of a group of hashing algorithms called SHA-2 which includes SHA-256 as well

which is used in the bitcoin blockchain for hashing.

Hashing Algorithm — SHA-512

So, SHA-512 does its work in a few stages. These stages go as follows:

1. Input formatting

2. Hash buffer initialization

3. Message Processing

4. Output

Let’s look at these one-by-one.

1. Input Formatting:

SHA-512 can’t actually hash a message input of any size, i.e. it has an input size limit. This limit

is imposed by its very structure as you may see further on. The entire formatted mesage has

basically three parts: the original message, padding bits, size of original message.
Padding bits

The input message is taken and some padding bits are appended to it in order to get it to the

desired length. The bits that are used for padding are simply ‘0’ bits with a leading ‘1’

(100000…000). Also, according to the algorithm, padding needs to be done, even if it is by one

bit. So a single padding bit would only be a ‘1’.

Padding size

After this, the size of the original message given to the algorithm is appended. This size value

needs to be represented in 128 bits and is the only reason that the SHA-512 has a limitation for its

input message.
17. What is HMAC and CMAC also differentiate between them
➔
Textbook ( chp 2) (pg no- 29,30,31)

18. What is Digital Signature and why it is used?

➔
a) The Digital Signature is a technique which is used to validate the authenticity and integrity
of the message.
b) Digital Signature is used to achieve the following three aspects:
● Integrity: The Digital Signature preserves the integrity of a message because, if any
malicious attack intercepts a message and partially or totally changes it, then the decrypted
message would be impossible.

● Authentication: We can use the following reasoning to show how the message is
authenticated. If an intruder (user X) sends a message pretending that it is coming from
someone else (user A), user X uses her own private key to encrypt the message. The
message is decrypted by using the public key of user A. Therefore this makes the message
unreadable. Encryption with X's private key and decryption with A's public key results in
garbage value.

● Non-Repudiation: Digital Signature also provides non-repudiation. If the sender denies

 sending the message, then her private key corresponding to her public key is tested on the
plaintext. If the decrypted message is the same as the original message, then we know that
the sender has sent the message.

c) Malicious actors who want to steal or manipulate data for their own gain are often present
whenever precious or sensitive data is shared.

d) To minimize the risk of document tampering by malicious parties, businesses must be able
to check and authenticate that these critical business documents, data, and communications
are trusted and delivered securely.

e) In addition to protecting sensitive online data, digital signatures do not impede the
effectiveness of online document workflows; in fact, when compared to paper processes,
they often help improve document management.

f) When digital signatures are in place, signing a document becomes simple and can be done
on any computer or mobile device.

19. Explain Digital Signature Schemes – RSA and DSS?

➔
a) Digital Signature :
As the name sounds are the new alternative to sign a document digitally. It ensures that the
message is sent by the intended user without any tampering by any third party (attacker). In
simple words, digital signatures are used to verify the authenticity of the message sent
electronically.
 b) RSA :
It is the most popular asymmetric cryptographic algorithm. It is primarily used for encrypting
message s but can also be used for performing digital signature over a message.
c) Assume that there is a sender (A) and a receiver (B). A wants to send a message (M) to B
along with the digital signature (DS) calculated over the message (Let us understand how
RSA can be used for performing digital signatures step-by-step.).
Step-1 :
Sender A uses SHA-1 Message Digest Algorithm to calculate the message digest (MD1) over the
original message M.

Step-2 :
A now encrypts the message digest with its private key. The output of this process is called
Digital Signature (DS) of A.
Step-3 :
Now sender A sends the digital signature (DS) along with the original message (M) to B.

Step-4 :
When B receives the Original Message(M) and the Digital Signature(DS) from A, it first uses the
same message-digest algorithm as was used by A and calculates its own Message Digest (MD2)
for M.
Step-5 :
Now B uses A’s public key to decrypt the digital signature because it was encrypted by A’s private
key. The result of this process is the original Message Digest (MD1) which was calculated by A.

Step-6 :
If MD1==MD2, the following facts are established as follows.
● B accepts the original message M as the correct, unaltered message from A.
● It also ensures that the message came from A and not someone posing as A.
 DSS:-
a) Digital Signature Standard (DSS) is a Federal Information Processing Standard(FIPS)
which defines algorithms that are used to generate digital signatures with the help of
Secure Hash Algorithm(SHA) for the authentication of electronic documents.
b) DSS only provides us with the digital signature function and not with any encryption or
key exchanging strategies.

Sender Side :
In DSS Approach, a hash code is generated out of the message and following inputs are given to
the signature function –
1. The hash code.
2. The random number ‘k’ generated for that particular signature.
3. The private key of the sender i.e., PR(a).
4. A global public key(which is a set of parameters for the communicating principles) i.e.,
 PU(g).

These input to the function will provide us with the output signature containing two components –
‘s’ and ‘r’. Therefore, the original message concatenated with the signature is sent to the receiver.
Receiver Side :
At the receiver end, verification of the sender is done. The hash code of the sent message is
generated. There is a verification function which takes the following inputs –
1. The hash code generated by the receiver.
2. Signature components ‘s’ and ‘r’.
3. Public key of the sender.
4. Global public key

20. Explain Kerberos in Detail?

➔
Kerberos provides a centralized authentication server whose function is to authenticate users to
servers and servers to users. In Kerberos Authentication server and database is used for client
authentication. Kerberos runs as a third-party trusted server known as the Key Distribution Center
(KDC). Each user and service on the network is a principal.
The main components of Kerberos are:

● Authentication Server (AS):

The Authentication Server performs the initial authentication and ticket for Ticket
Granting Service.

● Database:
The Authentication Server verifies the access rights of users in the database.

● Ticket Granting Server (TGS):

The Ticket Granting Server issues the ticket for the Server
Kerberos Overview:

● Step-1:
User login and request services on the host. Thus user requests for ticket-granting
service.

● Step-2:
Authentication Server verifies user’s access right using database and then gives
ticket-granting-ticket and session key. Results are encrypted using the Password of the
user.

● Step-3:
The decryption of the message is done using the password then send the ticket to Ticket
Granting Server. The Ticket contains authenticators like user names and network
addresses.

● Step-4:
Ticket Granting Server decrypts the ticket sent by User and authenticator verifies the
request then creates the ticket for requesting services from the Server.

● Step-5:
 The user sends the Ticket and Authenticator to the Server.

● Step-6:
The server verifies the Ticket and authenticators then generate access to the service.
After this User can access the services.

Kerberos Limitations

● Each network service must be modified individually for use with Kerberos
● It doesn’t work well in a timeshare environment
● Secured Kerberos Server
● Requires an always-on Kerberos server
● Stores all passwords are encrypted with a single key
● Assumes workstations are secure
● May result in cascading loss of trust.
● Scalability

What is Kerberos Used For?

Although Kerberos can be found everywhere in the digital world, it is commonly used in secure
systems that rely on robust authentication and auditing capabilities. Kerberos is used for Posix,
Active Directory, NFS, and Samba authentication. It is also an alternative authentication system
to SSH, POP, and SMTP.

21. Explain Digital Certificate: X.509?

➔
a) X.509 is a digital certificate that is built on top of a widely trusted standard known as ITU
or International Telecommunication Union X.509 standard, in which the format of PKI
certificates is defined.
b) X.509 digital certificate is a certificate-based authentication security framework that can be
used for providing secure transaction processing and private information.
c) These are primarily used for handling the security and identity in computer networking and
internet-based communications.
 d) Working of X.509 Authentication Service Certificate:
1) The core of the X.509 authentication service is the public key certificate connected to each
user.
2) These user certificates are assumed to be produced by some trusted certification authority
and positioned in the directory by the user or the certified authority.
3) These directory servers are only used for providing an effortless reachable location for all
users so that they can acquire certificates.
4) X.509 standard is built on an IDL known as ASN.1.
5) With the help of Abstract Syntax Notation, the X.509 certificate format uses an associated
public and private key pair for encrypting and decrypting a message.
6) Once an X.509 certificate is provided to a user by the certified authority, that certificate is
attached to it like an identity card.
7) The chances of someone stealing it or losing it are less, unlike other unsecured passwords.
8) With the help of this analogy, it is easier to imagine how this authentication works: the
certificate is basically presented like an identity at the resource that requires authentication.

Generally, the certificate includes the elements given below:

 ● Version number: It defines the X.509 version that concerns the certificate.
● Serial number: It is the unique number that the certified authority issues.
● Signature Algorithm Identifier: This is the algorithm that is used for signing the
certificate.
● Issuer name: Tells about the X.500 name of the certified authority which signed and
created the certificate.
● Period of Validity: It defines the period for which the certificate is valid.
● Subject Name: Tells about the name of the user to whom this certificate has been
issued.
● Subject’s public key information: It defines the subject’s public key along with an
identifier of the algorithm for which this key is supposed to be used.
● Extension block: This field contains additional standard information.
● Signature: This field contains the hash code of all other fields which is encrypted by
the certified authority private key.

Applications of X.509 Authentication Service Certificate:

Many protocols depend on X.509 and it has many applications, some of them are given below:
● Document signing and Digital signature
● Web server security with the help of Transport Layer Security (TLS)/Secure Sockets
Layer (SSL) certificates
● Email certificates
● Code signing
● Secure Shell Protocol (SSH) keys
● Digital Identities

22. What is PKI?

➔
 a) Public key infrastructure (PKI) refers to tools used to create and manage public keys for
encryption, which is a common method of securing data transfers on the internet.
b) PKI is built into all web browsers used today, and it helps secure public internet traffic.
c) PKI is crucial because the encryption and authentication it manages and makes possible
ensures trustworthy, secure communication online.
d) For an enterprise, PKI can make the difference between an intruder gaining access to the
network through a connected device and keeping a potentially dangerous threat away from
the organization.
e) PKI works through the implementation of two technologies: certificates and keys.
f) A key is a long number used to encrypt data.
g) Each element of a message gets encrypted using the key formula.
h) For example, if you want to write a message where every letter is replaced by the letter
after it, then A will become B, C will be D, etc.
i) If someone is to have this key, they will get what will look like a nonsensical message and
decrypt it.
j) With PKI, the key involves advanced mathematical concepts that are much more
complicated.
k) With the alphabetic example above, there is one key, and if the recipient has it, they can
easily decrypt the message.
l) With PKI, on the other hand, there are two keys: a private and a public one.
m) The public key is available to anyone who wants it and is used to encode a message that
someone sends to you.
n) A private key is what you use to decrypt the message after you get it.
o) The keys are connected using a complex mathematical equation.
p) Even though the private and public keys are connected, the connection is facilitated by
this complex equation.
q) It is therefore extremely difficult to ascertain the private key by using data from the public
key.
r) Certificates, which are issued by a certificate authority (CA), let you know the person or
device you want to communicate with is actually who they claim to be.
s) When the correct certificate is associated with a device, the device is considered authentic.
t) The validity of the certificate can be authenticated through a system that checks whether it
is real or not.

23. Write a note on SPAM?

➔
a) Spam is any kind of unwanted, unsolicited digital communication that gets sent out in
bulk.
 b) Often spam is sent via email, but it can also be distributed via text messages, phone calls,
or social media.
c) Spam is not an acronym for a computer threat, although some have been proposed (stupid
pointless annoying malware, for instance).
d) The inspiration for using the term “spam” to describe mass unwanted messages is a Monty
Python skit in which the actors declare that everyone must eat the food Spam, whether they
want it or not.
e) Similarly, everyone with an email address must unfortunately be bothered by spam
messages, whether we like it or not.
f) Types of spam
1) Phishing emails:- Phishing emails are a type of spam cybercriminals send to many people,
hoping to “hook” a few people. Phishing emails trick victims into giving up sensitive
information like website logins or credit card information.
2) Email spoofing:- Spoofed emails mimic, or spoof, an email from a legitimate sender, and
ask you to take some sort of action. Well-executed spoofs will contain familiar branding
and content, often from a large well-known company such as PayPal or Apple. Common
email spoofing spam messages include:
● A request for payment of an outstanding invoice
● A request to reset your password or verify your account
● Verification of purchases you didn’t make
● Request for updated billing information
3) Tech support scams:- In a tech support scam, the spam message indicates that you have a
technical problem and you should contact tech support by calling the phone number or
clicking a link in the message. Like email spoofing, these types of spam often say they are
from a large technology company like Microsoft or a cybersecurity company like
Malwarebytes.
4) Malspam:- Short for “malware spam” or “malicious spam,” malspam is a spam message
that delivers malware to your device. Unsuspecting readers who click on a link or open an
email attachment end up with some type of malware including ransomware, Trojans, bots,
info-stealers, cryptominers, spyware, and keyloggers.

24. Write a note on Trojan horse, Viruses, Worms and Also Differentiate between them

25. Write a note on System Corruption and Attack Agents

26. Write a note on Information Theft, Trapdoor/ Backdoors?
➔
Trapdoor/ Backdoors:-

a) A trap door is kind of a secret entry point into a program that allows anyone to gain access to
any system without going through the usual security access procedures.
b) Another definition of a trap door is it is a method of bypassing normal authentication
methods. Therefore it is also known as a back door.
c) Trap Doors are quite difficult to detect and also in order to find them the programmers or the
developers have to go through the components of the system.
d) Programmers use Trap door legally to debug and test programs. Trap doors turn to threats
when any dishonest programmers gain illegal access.
e) Program development and software update activities should be the first focus of security
measures. The operating system that controls the trap doors is difficult to implement.
Information Theft:-

There have been a growing number of cases of information theft over the past few years. While
more and more electronic security measures have been going up to protect people's possessions and
information, these new technologies have bugs and design flaws that are opening up whole new
worlds for the technologically advanced criminal.

1) Credit Card Number Theft:-

People are using credit cards for more and more of their purchases as time goes on. This
is opening up a larger and larger arena for credit card fraud. Credit cards are especially
easy to use fraudulently, because they require no extra identification number to use. All
that a thief needs is pure information-they don't need the card, but just the number on
the card. Recently, with people spending more on purchases transacted over the internet,
credit card fraud is becoming easier. Now thieves never have to get within 5,000 miles
of the people they are stealing from. All they would need is a quick and dirty web site
(which could be hosted for free, and anonymously) advertising some fictional product,
and including a form for buying online. Instantly the perpetrators would have a list of
credit card numbers linked with names and mailing addresses, ready to use for anything
they want.

2) ATM Spoofing:-
These crooks have pulled some impressively intricate heists. One group of criminals set
up a complete fake ATM machine inside a mall in Connecticut.. It looked and worked
just like a real one, except that after giving it your card and typing in your pin, it would
refuse you service saying it was out of order. It then had a record of the card and PIN
numbers of all the people who tried to use the machine.
 3) PIN Capturing:-
Another group of criminals scoured the area across the street from a busy ATM, looking
for the perfect spot to hide a video camera aimed at the keys on the ATM machine. They
found such a spot and set up their camera. After each successful PIN number
identification that they recorded, one of the group members would go check for a
discarded receipt at the ATM. If they found one, the group had the card number and the
PIN number.

4) Database Theft:-
The previous criminal activities are all aimed at compiling databases of information
obtained fraudulently from people one by one. This takes time, and these people only
have limited amounts of time before their operations will be recognized and shut down.
This limits the number of people whose information these criminals can obtain. There
are, however, large databases of this kind of information that have been built up slowly
and legally by mild-mannered, legitimate internet companies. For example, BMG Music
Service lets customers give their credit card numbers when they sign up, so they don't
need to bother each time they make a purchase. There are thousands of users of this
service, many of whom likely use this feature. Combine this with the fact that hundreds
of computer systems are hacked into every day, and we have a situation where hackers
could steal an industrial-sized database of this kind of information, and run wild.

5) Electronic Cash:-
We are already well on the way to a cash-free society. People now use ATM cards,
credit cards, and check-cards for a large percentage of their purchasing. As we move
further from a paper-money society, to a purely electronic economy, new types of crime
will emerge. What types exactly will depend on what new forms of security tomorrow's
criminals will need to break. Will people be synthesizing voice authorizations? Or
running replay attacks on retinal scanners? Or even learning to imitate a victim's typing
style. All we can be sure of, is that criminals of tomorrow, like those of last century and
those of today, will keep on innovating.

27. Write a note on Keyloggers, Rootkits and Zombie?

➔
Keyloggers:-
a) Key loggers also known as keystroke loggers, may be defined as the recording of the key
pressed on a system and saved it to a file, and the that file is accessed by the person using this
malware.
b) Key logger can be software or can be hardware.
c) Working: Mainly key-loggers are used to steal password or confidential details such as bank
information etc.
1. Software key-loggers : Software key-loggers are the computer programs which are developed to
steal password from the victims computer. However key loggers are used in IT organizations to
troubleshoot technical problems with computers and business networks. Also Microsoft windows 10
also has key-logger installed in it.
 1. JavaScript based key logger – It is a malicious script which is installed into a web page,
and listens for key to press such as oneKeyUp(). These scripts can be sent by various
methods, like sharing through social media, sending as a mail file, or RAT file.
2. Form Based Key loggers – These are key-loggers which activates when a person fills a
form online and when click the button submit all the data or the words written is sent via
file on a computer. Some key-loggers works as a API in running application it looks like a
simple application and whenever a key is pressed it records it.

2. Hardware Key-loggers : These are not dependent on any software as these are hardware
key-loggers. keyboard hardware is a circuit which is attached in a keyboard itself that whenever the
key of that keyboard pressed it gets recorded.
1. USB keylogger – There are USB connector key-loggers which has to be connected to a
computer and steals the data. Also some circuits are built into a keyboard so no external
wire i used or shows on the keyboard.
2. Smartphone sensors – Some cool android tricks are also used as key loggers such as
android accelerometer sensor which when placed near to the keyboard can sense the
vibrations and the graph then used to convert it to sentences, this technique accuracy is
about 80%. Now a days crackers are using keystroke logging Trojan, it is a malware
which is sent to a victims computer to steal the data and login details.
Rootkits:-

a) Rootkits are a type of malware that are designed so that they can remain hidden on your
computer.
b) But while you might not notice them, they are active. Rootkits give cybercriminals the ability
to remotely control your computer.
c) Rootkits can contain a number of tools, ranging from programs that allow hackers to steal
your passwords to modules that make it easy for them to steal your credit card or online
banking information.
d) Rootkits can also give hackers the ability to subvert or disable security software and track the
keys you tap on your keyword, making it easy for criminals to steal your personal
information.
e) Because rootkits can hijack or subvert security software, they are especially hard to detect,
making it likely that this type of malware could live on your computer for a long time causing
significant damage.
f) Sometimes the only way to completely eliminate a well-hidden rootkit is to erase your
computer’s operating system and rebuild from scratch.
g) You might open an email and download a file that looks safe but is actually a virus.
h) You might also accidentally download a rootkit through an infected mobile app.
i) Types of rootkits:-.
1. Hardware or firmware rootkit:- The name of this type of rootkit comes from where it is

installed on your computer. This type of malware could infect your computer’s hard drive or

its system BIOS, the software that is installed on a small memory chip in your computer’s

motherboard. It can even infect your router. Hackers can use these rootkits to intercept data

written on the disk.

2. Bootloader rootkit:- Your computer’s bootloader is an important tool. It loads your

computer’s operating system when you turn the machine on. A bootloader toolkit, then,

attacks this system, replacing your computer’s legitimate bootloader with a hacked one. This

means that this rootkit is activated even before your computer’s operating system turns on.

3. Memory rootkit:- This type of rootkit hides in your computer’s RAM, or Random Access

Memory. These rootkits will carry out harmful activities in the background. These rootkits

have a short lifespan. They only live in your computer’s RAM and will disappear once you

reboot your system — though sometimes further work is required to get rid of them.

4. Application rootkit:- Application rootkits replace standard files in your computer with

rootkit files. They might also change the way standard applications work. These rootkits

might infect programs such as Word, Paint, or Notepad. Every time you run these programs,

you will give hackers access to your computer. The challenge here is that the infected

programs will still run normally, making it difficult for users to detect the rootkit.

5. Kernel mode rootkits:- These rootkits target the core of your computer’s operating system.

Cybercriminals can use these to change how your operating system functions. They just need

to add their own code to it. This can give them easy access to your computer and make it easy

for them to steal your personal information.

Zombie:-

a) In computing, a zombie is a computer connected to a network that has been compromised by

a hacker, a virus or a Trojan.
b) It can be used remotely for malicious tasks.
 c) Most owners of zombie computers do not realize that their system is being used in this way,
hence the comparison with the living dead.
d) They are also used in DDoS attacks in coordination with botnets in a way that resembles the
typical zombie attacks of horror films.
e) Zombies are frequently used in denial-of-service attacks (DDoS), which refers to the
saturation of websites with a multitude of computers accessing at the same time.
f) As so many users are making requests at the same time to the server hosting the Web page,
the server crashes, denying access to genuine users.
g) A variant of this type of saturation is known as degradation-of-service attack and uses
'pulsing zombies': degradation of the service by periodically saturating the websites at a low
intensity, with the intention of slowing down, instead of blocking, the targeted website.
h) Such attacks are difficult to detect, as the slow service may go undetected for months or even
years or is simply assumed to be due to other problems.
i) Zombies have also been used for sending spam.
j) This technique is useful for criminals as it helps them avoid detection and at the same time
reduce bandwidth costs (as the owners of the zombies will bear the cost).
k) This type of spam is also used for spreading Trojans, as this type of malware is not
self-replicating but relies on circulation via email in order to spread, unlike worms that spread
via other means.
l) For similar reasons, zombies are also used for fraud against sites with pay-per-click
contextual ads, artificially increasing the number of hits.

28. What is Phishing and explain its different types?

➔
a) Phishing starts with a fraudulent email or other communication that is designed to
lure a victim.
b) The message is made to look as though it comes from a trusted sender.
c) If it fools the victim, he or she is coaxed into providing confidential information, often
on a scam website.
d) Sometimes malware is also downloaded onto the target’s computer.
e) Phishing can be categorized into various types.
1) Email Phishing:- Phishing through emails is pretty widespread among cyber attackers as
through emails, thousands of users can be targeted at once. The Phisher behind the email
would generally try to deceive the users by sending intriguing offers or fake virus alerts.
2) Spear Phishing:- While in Email Phishing emails are sent to a large number of people at
once, in Spear Phishing, the cybercriminals target specific people through emails. For that,
the attackers conduct extensive research of the target person and know details like Name, Job,
Place of employment, job title, email address, bank, and more.
3) Domain Spoofing:- In this type of Phishing, the domain of the popular eCommerce sites and
banks are copied and modified to look exactly like the original URL so that users misjudge
them as the official sites; for example, amazon.com is spoofed as amzn.xyz. After spoofing a
domain, users are sent unsolicited links and asked to click on them to get offers and deals.
4) Smishing:- Smishing or SMS Phishing is a type of Phishing in which the Phishers fool users
 by sending fake offers through SMS. The links shared through Smishing are generally
malicious and redirect users to download fake malware containing apps.
5) Vishing:- Vishing is Phishing conducted through calls. The professional Phisher would call
the targets pretending as some official and deceive them into providing sensitive information
such as bank details or other essential credentials.

29. What is Denial of Service Attacks?

➔
a) A denial-of-service (DoS) attack is a type of cyber attack in which a malicious actor aims to
render a computer or other device unavailable to its intended users by interrupting the
device's normal functioning.
b) DoS attacks typically function by overwhelming or flooding a targeted machine with
requests until normal traffic is unable to be processed, resulting in denial-of-service to
addition users.
c) A DoS attack is characterized by using a single computer to launch the attack.

How does a DoS attack work?

The primary focus of a DoS attack is to oversaturate the capacity of a targeted machine, resulting in
denial-of-service to additional requests. The multiple attack vectors of DoS attacks can be grouped
by their similarities.

DoS attacks typically fall in 2 categories:

While it can be difficult to separate an attack from other network connectivity errors or heavy
bandwidth consumption, some characteristics may indicate an attack is underway.

Indicators of a DoS attack include:

● Atypically slow network performance such as long load times for files or websites
● The inability to load a particular website such as your web property
● A sudden loss of connectivity across devices on the same network

A denial of service occurs when a legitimate user is denied access to a network, system, device, or
other resources that they are otherwise authorized to access. That can include their email, e-banking
account, public online services, etc.
30. Describe IPSec and justify the need of AH and ESP?
➔
IPSec (IP Security) architecture uses two protocols to secure the traffic or data flow. These
protocols are ESP (Encapsulation Security Payload) and AH (Authentication Header). IPSec
Architecture includes protocols, algorithms, DOI, and Key Management. All these components are
very important in order to provide the three main services:
● Confidentiality
● Authentication
● Integrity

1. Architecture: Architecture or IP Security Architecture covers the general concepts, definitions,

protocols, algorithms, and security requirements of IP Security technology.
2. ESP Protocol: ESP(Encapsulation Security Payload) provides a confidentiality service.
Encapsulation Security Payload is implemented in either two ways:
● ESP with optional Authentication.
● ESP with Authentication.

Packet Format:
 ● Security Parameter Index(SPI): This parameter is used by Security Association. It is
used to give a unique number to the connection built between the Client and Server.
● Sequence Number: Unique Sequence numbers are allotted to every packet so that on the
receiver side packets can be arranged properly.
● Payload Data: Payload data means the actual data or the actual message. The Payload
data is in an encrypted format to achieve confidentiality.
● Padding: Extra bits of space are added to the original message in order to ensure
confidentiality. Padding length is the size of the added bits of space in the original
message.
● Next Header: Next header means the next payload or next actual data.
● Authentication Data This field is optional in ESP protocol packet format.

3. Encryption algorithm: The encryption algorithm is the document that describes various
encryption algorithms used for Encapsulation Security Payload.
4. AH Protocol: AH (Authentication Header) Protocol provides both Authentication and Integrity
service. Authentication Header is implemented in one way only: Authentication along with Integrity.
 Authentication Header covers the packet format and general issues related to the use of AH for
packet authentication and integrity.
5. Authentication Algorithm: The authentication Algorithm contains the set of documents that
describe the authentication algorithm used for AH and for the authentication option of ESP.
6. DOI (Domain of Interpretation): DOI is the identifier that supports both AH and ESP protocols.
It contains values needed for documentation related to each other.
7. Key Management: Key Management contains the document that describes how the keys are
exchanged between sender and receiver.

31. Explain VPN with its types?

➔
a) VPN stands for "Virtual Private Network" and describes the opportunity to establish a
protected network connection when using public networks.
b) VPNs encrypt your internet traffic and disguise your online identity.
c) This makes it more difficult for third parties to track your activities online and steal data.
d) The encryption takes place in real time.
How does a VPN work?

A VPN hides your IP address by letting the network redirect it through a specially configured
remote server run by a VPN host. This means that if you surf online with a VPN, the VPN server
becomes the source of your data. This means your Internet Service Provider (ISP) and other third
parties cannot see which websites you visit or what data you send and receive online. A VPN works
like a filter that turns all your data into "gibberish". Even if someone were to get their hands on your
data, it would be useless.

A VPN connection disguises your data traffic online and protects it from external access.
Unencrypted data can be viewed by anyone who has network access and wants to see it. With a
VPN, hackers and cyber criminals can’t decipher this data.
Secure encryption: To read the data, you need an encryption key . Without one, it would take
millions of years for a computer to decipher the code in the event of a brute force attack . With the
help of a VPN, your online activities are hidden even on public networks.

Disguising your whereabouts : VPN servers essentially act as your proxies on the internet. Because
the demographic location data comes from a server in another country, your actual location cannot
be determined. In addition, most VPN services do not store logs of your activities. Some providers,
on the other hand, record your behavior, but do not pass this information on to third parties. This
means that any potential record of your user behavior remains permanently hidden.

Access to regional content: Regional web content is not always accessible from everywhere.
Services and websites often contain content that can only be accessed from certain parts of the
world. Standard connections use local servers in the country to determine your location. This means
that you cannot access content at home while traveling, and you cannot access international content
from home. With VPN location spoofing , you can switch to a server to another country and
effectively “change” your location.

Secure data transfer: If you work remotely, you may need to access important files on your
company’s network. For security reasons, this kind of information requires a secure connection. To
gain access to the network, a VPN connection is often required. VPN services connect to private
servers and use encryption methods to reduce the risk of data leakage.

VPN stands for Virtual Private Network (VPN), that allows a user to connect to a private network
over the Internet securely and privately. VPN creates an encrypted connection that is called VPN
tunnel, and all Internet traffic and communication is passed through this secure tunnel.
Virtual Private Network (VPN) is basically of 2 types:
1. Remote Access VPN:
● Remote Access VPN permits a user to connect to a private network and access all its
services and resources remotely.
● The connection between the user and the private network occurs through the Internet
and the connection is secure and private.
● Remote Access VPN is useful for home users and business users both.
An employee of a company, while he/she is out of station, uses a VPN to connect to
his/her company’s private network and remotely access files and resources on the
private network.
● Private users or home users of VPN, primarily use VPN services to bypass regional
restrictions on the Internet and access blocked websites.
● Users aware of Internet security also use VPN services to enhance their Internet
 security and privacy.

Site to Site VPN:

A Site-to-Site VPN is also called as Router-to-Router VPN and is commonly used in the large
companies. Companies or organizations, with branch offices in different locations, use Site-to-site
VPN to connect the network of one office location to the network at another office location.

● Intranet based VPN: When several offices of the same company are connected using
Site-to-Site VPN type, it is called as Intranet based VPN.
● Extranet based VPN: When companies use Site-to-site VPN type to connect to the office
of another company, it is called as Extranet based VPN.

Types of Virtual Private Network (VPN) Protocols:

1. Internet Protocol Security (IPSec):

Internet Protocol Security, known as IPSec, is used to secure Internet communication
across an IP network. IPSec secures Internet Protocol communication by verifying the
session and encrypts each data packet during the connection.
IPSec runs in 2 modes:
○ (i) Transport mode
○ (ii) Tunneling mode
2. The work of transport mode is to encrypt the message in the data packet and the tunneling
mode encrypts the whole data packet. IPSec can also be used with other security protocols
to improve the security system.
3. Layer 2 Tunneling Protocol (L2TP):
 L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is often combined with
another VPN security protocol like IPSec to establish a highly secure VPN connection.
L2TP generates a tunnel between two L2TP connection points and IPSec protocol
encrypts the data and maintains secure communication between the tunnel.
4.
Point–to–Point Tunneling Protocol (PPTP):
PPTP or Point-to-Point Tunneling Protocol generates a tunnel and confines the data
packet. Point-to-Point Protocol (PPP) is used to encrypt the data between the connection.
PPTP is one of the most widely used VPN protocol and has been in use since the early
release of Windows. PPTP is also used on Mac and Linux apart from Windows.
5.
SSL and TLS:
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) generate a VPN
connection where the web browser acts as the client and user access is prohibited to
specific applications instead of entire network. Online shopping websites commonly uses
SSL and TLS protocol. It is easy to switch to SSL by web browsers and with almost no
action required from the user as web browsers come integrated with SSL and TLS. SSL
connections have “https” in the initial of the URL instead of “http”.
6.
OpenVPN:
OpenVPN is an open source VPN that is commonly used for creating Point-to-Point and
Site-to-Site connections. It uses a traditional security protocol based on SSL and TLS
protocol.
7. Secure Shell (SSH):
Secure Shell or SSH generates the VPN tunnel through which the data transfer occurs and
also ensures that the tunnel is encrypted. SSH connections are generated by a SSH client
and data is transferred from a local port on to the remote server through the encrypted
tunnel.
32. Describe SSL/TLS in detail?
➔
Secure Socket Layer(SSL):
It provides protection to the data that’s aligned between the web browser and server. SSL encrypts
the link between a web server and a browser which ensures that all data passed between them stay
private and separate from attack.
Secure Socket Layer Protocols:
● SSL record protocol
● Handshake protocol
● Change-cipher spec protocol
● Alert protocol

Transport Layer Securities (TLS):

Transport Layer Securities (TLS) are aimed to give security at the transport layer. TLS was
concluded from a security protocol called Secure Socket Layer (SSL). TLS ensures that no third
affair may overhear or tampers with any communication.

we are going to discuss the main differences between the SSL and TLS.

1. The SSL is a secure socket layer, whereas the TSL is a Transportation Layer Protection.

2. The SSL and TLS cryptographic protocols authenticate server-to-device data transfers. For
example, a cryptographic protocol encrypts data exchanged among the Web server and a user.

3. A secure framework is needed to encrypt the data from both sides. An SSL/TLS certificate
supports this. It serves as an encryption portal for encrypting information that prevents
unauthorized entry by hackers.

4. For SSL message authentication, key information and configuration data are needed on an ad
hoc basis, even as the TLS model depends on the authentication code for the HMAC hash.

5. SSL was a first-kind cryptographic protocol. On the other hand, TLS was the latest modified
SSL version.
33. Explain HTTPS?
➔
a) HTTPS is an abbreviation of Hypertext Transfer Protocol Secure. It is a secure extension
or version of HTTP.
b) This protocol is mainly used for providing security to the data sent between a website and the
web browser.
c) It is widely used on the internet and used for secure communications.
d) This protocol uses the 443 port number for communicating the data.
e) This protocol is also called HTTP over SSL because the HTTPS communication protocols
are encrypted using the SSL (Secure Socket Layer).
f) Advantages of HTTPS

Following are the advantages or benefits of a Hypertext Transfer Protocol Secure (HTTPS):

● The main advantage of HTTPS is that it provides high security to users.

● Data and information are protected. So, it ensures data protection.

● SSL technology in HTTPS protects the data from third-party or hackers. And this technology
builds trust for the users who are using it.

● It helps users by performing banking transactions.

g) Disadvantages of HTTPS
 Following are the disadvantages or limitations of a Hypertext Transfer Protocol Secure (HTTPS):

● The big disadvantage of HTTPS is that users need to purchase the SSL certificate.

● The speed of accessing the website is slow because there are various complexities in
communication.

● Users need to update all their internal links.

34. What is Secure Shell(SSH)?

➔
a) SSH stands for "Secure Shell."
b) The SSH protocol was designed as a secure alternative to unsecured remote shell protocols.
c) It utilizes a client-server paradigm, in which clients and servers communicate via a secure
channel.
d) The SSH protocol has three layers:
● The transport layer. Ensures secure communication between the server and the client,
monitors data encryption/decryption, and protects the integrity of the connection. It also
performs data caching and compression.
● The authentication layer. Conducts the client authentication procedure.
● The connection layer. Manages communication channels after the authentication.
e) SSH is widely used in data centers to provide secure management, remote access to
resources, software patches, and updates.
f) The protocol also enables protected router management, server hardware maintenance, and
virtualization platform administration.

SSH(Secure Shell) is access credential that is used in the SSH Protocol. In other words, it is a
cryptographic network protocol that is used for transferring encrypted data over network. It allows
you to connect to a server, or multiple servers, without having you to remember or enter your
password for each system that is to login remotely from one system into another.
It always comes in key pair:

1. Public key – Everyone can see it, no need to protect it. (for encryption function)
2. Private key – Stays in computer, must be protected. (for decryption function)

Key pairs can be of the following types:

1. User Key – If public key and private key remain with the user.
2. Host Key – If public key and private key are on a remote system.
 3. Session key – Used when large amount of data is to be transmitted.

How SSH Works ?

It uses asymmetric cipher for performing encryption and decryption. There are many encryption
methods:

rsa, dsa, ed25519 etc.

General procedure is :-
● Public keys from the local computers (system) are passed to the server which is to be
accessed.
● Server then identifies if the public key is registered.
● If so, the server then creates a new secret key and encrypts it with the public key which
was send to it via local computer.
● This encrypted code is send to the local computer.
● This data is unlocked by the private key of the system and is send to the server.
● Server after receiving this data verifies the local computer.
● SSH creates a route and all the encrypted data are transferred through it with no security
issues.

SSH is key based authentication that is not prone to brute-force attack.

It is more convenient and secure than login ids and passwords (which can be stolen in middle).
There is no exposure of valid credentials, if a server has been compromised.

35. Write short note on Email Security ?

➔
a) Email security refers to the collective measures used to secure the access and content of an
email account or service.
b) It allows an individual or organization to protect the overall access to one or more email
addresses/accounts.
c) Email security is a term for describing different procedures and techniques for protecting
email accounts, content, and communication against unauthorized access, loss or
 compromise.
d) Email is often used to spread malware, spam and phishing attacks.
e) Attackers use deceptive messages to entice recipients to part with sensitive information, open
attachments or click on hyperlinks that install malware on the victim’s device.
f) Email is also a common entry point for attackers looking to gain a foothold in an enterprise
network and obtain valuable company data.

E-mail Hacking
Email hacking can be done in any of the following ways:

● Spam
● Virus
● Phishing

Spam
E-mail spamming is an act of sending Unsolicited Bulk E-mails (UBI) which one has not asked for.
Email spams are the junk mails sent by commercial companies as an advertisement of their products
and services.

Virus
Some emails may incorporate with files containing malicious script which when run on your
computer may lead to destroy your important data.

Phishing
Email phishing is an activity of sending emails to a user claiming to be a legitimate enterprise. Its
main purpose is to steal sensitive information such as usernames, passwords, and credit card details.

Such emails contains link to websites that are infected with malware and direct the user to enter
details at a fake website whose look and feels are same to legitimate one.

E-mail Spamming and Junk Mails

Email spamming is an act of sending Unsolicited Bulk E-mails (UBI) which one has not asked for.
Email spams are the junk mails sent by commercial companies as an advertisement of their products
and services.
 Spams may cause the following problems:

● It floods your e-mail account with unwanted e-mails, which may result in loss of
important e-mails if inbox is full.
● Time and energy is wasted in reviewing and deleting junk emails or spams.
● It consumes the bandwidth that slows the speed with which mails are delivered.
● Some unsolicited email may contain virus that can cause harm to your computer.

Blocking Spams
Following ways will help you to reduce spams:

● While posting letters to newsgroups or mailing list, use a separate e-mail address than
the one you used for your personal e-mails.
● Don’t give your email address on the websites as it can easily be spammed.
● Avoid replying to emails which you have received from unknown persons.
● Never buy anything in response to a spam that advertises a product.

36. Describe S/MIME along with its services?

➔
a) S/MIME is a protocol for the secure exchange of e-mail and attached documents originally
developed by RSA Security.
b) Secure/Multipurpose Internet Mail Extensions (S/MIME) adds security to Internet e-mail
based on the Simple Mail Transfer Protocol (SMTP) method and adds support for digital
signatures and encryption to SMTP mail to support authentication of the sender and privacy
of the communication.
c) Note that because HTTP messages can transport MIME data, they can also use S/MIME.
d) How It Works
1) S/MIME is an extension of the widely implemented Multipurpose Internet Mail Extensions
(MIME) encoding standard, which defines how the body portion of an SMTP message is
structured and formatted.
2) S/MIME uses the RSA public key cryptography algorithm along with the Data Encryption
Standard (DES) or Rivest-Shamir-Adleman (RSA) encryption algorithm.
3) In an S/MIME message, the MIME body section consists of a message in PKCS #7 format
that contains an encrypted form of the MIME body parts.
4) The MIME content type for the encrypted data is application/pkcs7-mime.
e) S/MIME services:-
(refer textbook )
37. Explain SNMP v3 in detail?
➔
a) SNMP stands for Standard Network Management Protocol.
b) It is basically an Internet Standard Protocol which is used for monitoring and organizing
information about the devices on IP network by sending and receiving requests.
c) This protocol is used for organizing information from devices like switches, modems,
routers, servers, printers etc.
d) Currently, there are 3 versions of SNMP – SNMPv1, SNMPv2, SNMPv3
e) Uses of SNMP in Networking :
1) it is mainly used for monitoring and organizing networking resources.
2) It is a standard internet protocol which is to be followed by everyone. It sets a standard for
everyone network management, database management, and organizing data objects.
3) Administrator computers (managers) use SNMP for monitoring the clients in the network.
4) This protocol allows for management activities using applications like Management
Information Base (MIB).

f) Special Features about SNMPv3 :

● v3 is the latest version of SNMP which involves great management services with
enhanced security.
● The SNMPv3 architecture makes the use of User-based Security Model (USM) for
security of the messages & the View-based Access Control Model (VACM) for accessing
the control over the services.
● SNMP v3 security models supports authentication and encrypting.
● SNMPv3 supports Engine ID Identifier, which uniquely identifies each SNMP identity.
The Engine ID is used to generate a unique key for authenticating messages.
● v3 provides secure access to the devices that send traps by authenticating users &
encrypting data packets which are sent across the network.
● It also introduces the ability to configure and modify the SNMP agent using SET for the
MIB objects. These commands enable deletion, modification, configuration and addition
of these entries remotely.
● USM – For facilitating remote configuration and management of the security module.
● VACM – For facilitating remote configuration & management for accessing the
 controlling module.

g) SNMPv3 Architecture :
The architecture of the v3 consists of –
● Data definition language,
● Definition of MIB
● Protocol definition
● Security and administration.

38. What is Network Access Control? Explain Principle elements of NAC?

➔
a) Network Access Control is a security solution that uses a set of protocols to keep
unauthorized users and devices out of a private network or give restricted access to the
devices which are compliant with network security policies.
b) It is also known as Network Admission Control. It handles network management and
security that implements security policy, compliance, and management of access
control to a network.
c) NAC works on wired and wireless networks by identifying different devices that are
connected to the network.
d) For setting up an NAC network security solution, administrators will determine the
protocols that will decide how devices and users are authorized for the right level of
authorization.
e) Access rules are generally based on the criterion such as device used, the location
accessed from, the access rights of various individuals, as well as the specific data and
resources being accessed.
f) Principle elements of NAC:-

39. Explain NAC Enforcement methods and steps to implement NAC Solutions?
➔
a) Network access control, also called network admission control, is a method to bolster the

security, visibility and access management of a proprietary network.

b) It restricts the availability of network resources to endpoint devices and users that comply
 with a defined security policy.

c) The NAC can also provide endpoint security protection such as antivirus software, firewall,

and vulnerability assessment with security enforcement policies and system authentication

methods.

d) A NAC system can deny network access to noncompliant devices, place them in a
quarantined area, or give them only restricted access to computing resources, thus
keeping insecure nodes from infecting the network.
e) NAC solutions help organizations control access to their networks through the following
capabilities:
● Policy lifecycle management: Enforces policies for all operating scenarios without
requiring separate products or additional modules.
● Profiling and visibility: Recognizes and profiles users and their devices before malicious
code can cause damage.
● Guest networking access: Manage guests through a customizable, self-service portal that
includes guest registration, guest authentication, guest sponsoring, and a guest management
portal.
● Security posture check: Evaluates security-policy compliance by user type, device type,
and operating system.
● Incidence response: Mitigates network threats by enforcing security policies that block,
isolate, and repair noncompliant machines without administrator attention.
● Bidirectional integration: Integrate with other security and network solutions through the
open/RESTful API.

40. Explain IDS in brief along with its types?

➔
a) An Intrusion Detection System (IDS) is a system that monitors network traffic for
suspicious activity and issues alerts when such activity is discovered.
b) It is a software application that scans a network or a system for the harmful activity or policy
breaching.
c) Any malicious venture or violation is normally reported either to an administrator or
collected centrally using a security information and event management (SIEM) system.
d) A SIEM system integrates outputs from multiple sources and uses alarm filtering techniques
to differentiate malicious activity from false alarms.
e) Classification of Intrusion Detection System:- IDS are classified into 5 types:
1) Network Intrusion Detection System (NIDS):
Network intrusion detection systems (NIDS) are set up at a planned point within the network
 to examine traffic from all devices on the network. It performs an observation of passing
traffic on the entire subnet and matches the traffic that is passed on the subnets to the
collection of known attacks. Once an attack is identified or abnormal behavior is observed,
the alert can be sent to the administrator. An example of a NIDS is installing it on the subnet
where firewalls are located in order to see if someone is trying to crack the firewall.
2) Host Intrusion Detection System (HIDS):
Host intrusion detection systems (HIDS) run on independent hosts or devices on the network.
A HIDS monitors the incoming and outgoing packets from the device only and will alert the
administrator if suspicious or malicious activity is detected. It takes a snapshot of existing
system files and compares it with the previous snapshot. If the analytical system files were
edited or deleted, an alert is sent to the administrator to investigate. An example of HIDS
usage can be seen on mission-critical machines, which are not expected to change their
layout.
3) Protocol-based Intrusion Detection System (PIDS):
Protocol-based intrusion detection system (PIDS) comprises a system or agent that would
consistently resides at the front end of a server, controlling and interpreting the protocol
between a user/device and the server. It is trying to secure the web server by regularly
monitoring the HTTPS protocol stream and accept the related HTTP protocol. As HTTPS is
un-encrypted and before instantly entering its web presentation layer then this system would
need to reside in this interface, between to use the HTTPS.
4) Application Protocol-based Intrusion Detection System (APIDS):
Application Protocol-based Intrusion Detection System (APIDS) is a system or agent that
generally resides within a group of servers. It identifies the intrusions by monitoring and
interpreting the communication on application-specific protocols. For example, this would
monitor the SQL protocol explicit to the middleware as it transacts with the database in the
web server.
5) Hybrid Intrusion Detection System :
Hybrid intrusion detection system is made by the combination of two or more approaches of
the intrusion detection system. In the hybrid intrusion detection system, host agent or system
 data is combined with network information to develop a complete view of the network
system. Hybrid intrusion detection system is more effective in comparison to the other
intrusion detection system. Prelude is an example of Hybrid IDS.

f) Types of IDS:-
1. Signature-based Method:
Signature-based IDS detects the attacks on the basis of the specific patterns such as
number of bytes or number of 1’s or number of 0’s in the network traffic. It also detects on
the basis of the already known malicious instruction sequence that is used by the malware.
The detected patterns in the IDS are known as signatures.
Signature-based IDS can easily detect the attacks whose pattern (signature) already exists
in system but it is quite difficult to detect the new malware attacks as their pattern
(signature) is not known.
2. Anomaly-based Method:
Anomaly-based IDS was introduced to detect unknown malware attacks as new malware
are developed rapidly. In anomaly-based IDS there is use of machine learning to create a
trustful activity model and anything coming is compared with that model and it is
declared suspicious if it is not found in model. Machine learning-based method has a
better-generalized property in comparison to signature-based IDS as these models can be
trained according to the applications and hardware configurations.

41. What is Firewall? Explain different types of firewalls and list their advantages?
➔
a) A Firewall is a hardware or software to prevent a private computer or a network of
computers from unauthorized access, it acts as a filter to avoid unauthorized users from
accessing private computers and networks.
b) It is a vital component of network security.
c) It is the first line of defense for network security.
d) It filters network packets and stops malware from entering the user’s computer or network by
blocking access and preventing the user from being infected.
e) Advantages of Firewall:
1. Blocks infected files: While surfing the internet we encounter many unknown threats.
 Any friendly-looking file might have malware in it. The firewall neutralizes this kind of
threat by blocking file access to the system.
2. Stop unwanted visitors: A firewall does not allow a cracker to break into the system
through a network. A strong firewall detects the threat and then stops the possible
loophole that can be used to penetrate through security into the system.
3. Safeguard the IP address: A network-based firewall like an internet connection
firewall(ICF). Keeps track of the internet activities done on a network or a system and
keeps the IP address hidden so that it can not be used to access sensitive information
against the user.
4. Prevents Email spamming: In this too many emails are sent to the same address leading
to the server crashing. A good firewall blocks the spammer source and prevents the server
from crashing.
5. Stops Spyware: If a bug is implanted in a network or system it tracks all the data flowing
and later uses it for the wrong purpose. A firewall keeps track of all the users accessing
the system or network and if spyware is detected it disables it.

f) there are many other types of firewalls :-

● Packet-filtering Firewalls

● Circuit-level Gateways

● Application-level Gateways (Proxy Firewalls)

● Stateful Multi-layer Inspection (SMLI) Firewalls

● Next-generation Firewalls (NGFW)

● Threat-focused NGFW

● Network Address Translation (NAT) Firewalls

● Cloud Firewalls
 ● Unified Threat Management (UTM) Firewalls

(for more details about the type of firewall visit this website—
https://www.javatpoint.com/types-of-firewall)

42. What are Firewall Design Principles and Characteristics of Firewalls?

➔
a) A Firewall is a hardware or software to prevent a private computer or a network of
computers from unauthorized access, it acts as a filter to avoid unauthorized users from
accessing private computers and networks.
b) It is a vital component of network security.
c) It is the first line of defense for network security.
d) It filters network packets and stops malware from entering the user’s computer or network by
blocking access and preventing the user from being infected.

Characteristics of Firewall

1. Physical Barrier: A firewall does not allow any external traffic to enter a system or a
network without its allowance. A firewall creates a choke point for all the external data
trying to enter the system or network and hence can easily block access if needed.
2. Multi-Purpose: A firewall has many functions other than security purposes. It configures
domain names and Internet Protocol (IP) addresses. It also acts as a network address
translator. It can act as a meter for internet usage.
3. Flexible Security Policies: Different local systems or networks need different security
policies. A firewall can be modified according to the requirement of the user by changing
its security policies.
4. Security Platform: It provides a platform from which any alert to the issue related to
security or fixing issues can be accessed. All the queries related to security can be kept
under check from one place in a system or network.
5. Access Handler: Determines which traffic needs to flow first according to priority or can
change for a particular network or system. specific action requests may be initiated and
allowed to flow through the firewall.
Need and Importance of Firewall Design Principles

1. Different Requirements: Every local network or system has its threats and requirements
which needs different structure and devices. All this can only be identified while
designing a firewall. Accessing the current security outline of a company can help to
create a better firewall design.
2. Outlining Policies: Once a firewall is being designed, a system or network doesn’t need
to be secure. Some new threats can arise and if we have proper paperwork of policies then
the security system can be modified again and the network will become more secure.
3. Identifying Requirements: While designing a firewall data related to threats, devices
needed to be integrated, Missing resources, and updating security devices. All the
information collected is combined to get the best results. Even if one of these things is
misidentified leads to security issues.
4. Setting Restrictions: Every user has limitations to access different level of data or
modify it and it needed to be identified and taken action accordingly. After retrieving and
processing data, priority is set to people, devices, and applications.
5. Identify Deployment Location: Every firewall has its strengths and to get the most use
out of it, we need to deploy each of them at the right place in a system or network. In the
case of a packet filter firewall, it needs to be deployed at the edge of your network in
between the internal network and web server to get the most out of it.
❖ Firewall Design Principles:-

1. Developing Security Policy

Security policy is a very essential part of firewall design. Security policy is designed according to
the requirement of the company or client to know which kind of traffic is allowed to pass. Without a
proper security policy, it is impossible to restrict or allow a specific user or worker in a company
network or anywhere else. A properly developed security policy also knows what to do in case of a
security breach. Without it, there is an increase in risk as there will not be a proper implementation
of security solutions.
2. Simple Solution Design
If the design of the solution is complex. then it will be difficult to implement it. If the solution is
easy. then it will be easier to implement it. A simple design is easier to maintain. we can make
upgrades in the simple design according to the new possible threats leaving it with an efficient but
more simple structure. The problem that comes with complex designs is a configuration error that
opens a path for external attacks.
3. Choosing the Right Device
Every network security device has its purpose and its way of implementation. if we use the wrong
device for the wrong problem, the network becomes vulnerable. if the outdated device is used for a
designing firewall, it exposes the network to risk and is almost useless. Firstly the designing part
must be done then the product requirements must be found out, if the product is already available
then it is tried to fit in a design that makes security weak.
4. Layered Defense
A network defense must be multiple-layered in the modern world because if the security is broken,
the network will be exposed to external attacks. Multilayer security design can be set to deal with
different levels of threat. It gives an edge to the security design and finally neutralizes the attack on
the system.
5. Consider Internal Threats
While giving a lot of attention to safeguarding the network or device from external attacks. The
security becomes weak in case of internal attacks and most of the attacks are done internally as it is
easy to access and designed weakly. Different levels can be set in network security while designing
internal security. Filtering can be added to keep track of the traffic moving from lower-level security
to higher level.

Advantages of Firewall:

6. Blocks infected files: While surfing the internet we encounter many unknown threats.
Any friendly-looking file might have malware in it. The firewall neutralizes this kind of
threat by blocking file access to the system.
7. Stop unwanted visitors: A firewall does not allow a cracker to break into the system
through a network. A strong firewall detects the threat and then stops the possible
loophole that can be used to penetrate through security into the system.
8. Safeguard the IP address: A network-based firewall like an internet connection
firewall(ICF). Keeps track of the internet activities done on a network or a system and
keeps the IP address hidden so that it can not be used to access sensitive information
against the user.
9. Prevents Email spamming: In this too many emails are sent to the same address leading
to the server crashing. A good firewall blocks the spammer source and prevents the server
from crashing.
10. Stops Spyware: If a bug is implanted in a network or system it tracks all the data
flowing and later uses it for the wrong purpose. A firewall keeps track of all the users
 accessing the system or network and if spyware is detected it disables it.

Limitations:

1. Internal loose ends: A firewall can not be deployed everywhere when it comes to
internal attacks. Sometimes an attacker bypasses the firewall through a telephone lane that
crosses paths with a data lane that carries the data packets or an employee who
unwittingly cooperates with an external attacker.
2. Infected Files: In the modern world, we come across various kinds of files through emails
or the internet. Most of the files are executable under the parameter of an operating
system. It becomes impossible for the firewall to keep a track of all the files flowing
through the system.
3. Effective Cost: As the requirements of a network or a system increase according to the
level of threat increases. The cost of devices used to build the firewall increases. Even the
maintenance cost of the firewall also increases. Making the overall cost of the firewall
quite expensive.
4. User Restriction: Restrictions and rules implemented through a firewall make a network
secure but they can make work less effective when it comes to a large organization or a
company. Even making a slight change in data can require a permit from a person of
higher authority making work slow. The overall productivity drops because of all of this.
5. System Performance: A software-based firewall consumes a lot of resources of a system.
Using the RAM and consuming the power supply leaves very less resources for the rest of
the functions or programs. The performance of a system can experience a drop. On the
other hand hardware firewall does not affect the performance of a system much, because
its very less dependent on the system resources.