B5.3-R3: NETWORK MANAGEMENT & INFORMATION SECURITY Question Papers January 2007
July 2006 JANUARY 2006 January, 2005 July, 2005 July, 2004 January, 2004
january 2007 B5.3-R3: NETWORK MANAGEMENT & INFORMATION SECURITY NOTE: 1. Answer question 1 and any FOUR questions from 2 to 7. 2. Parts of the same question should be answered together and in the same sequence. Time: 3 Hours
1. a) b) c) d) e) f) g)
2.
Total Marks: 100
Distinguish between Host based and Network based Intrusion Prevention Systems. Why is the Domain Security policy required? How is it different from local security policy? What are the short comings of IT Act 2000 that deter companies from approaching the cyber cell for the enforcement? How is Dictionary attack different from Brute Force attack? What is the use of Active Directory in Windows 2000? How can IPsec be used to create a VPN? In most of the campus/corporate networks, we find firewalls preceded by a router, but not the reverse. Why has this become almost a de-facto standard? (7x4)
a) b)
3. a)
b)
4. a) b) c)
What are the various categories of Denial of Service Attack (DOS) available? State at least three ways by which this attack could be launched by an intruder. Explain the various measures required to be taken in Security Testing of a financial institution with respect to IT. (9+9)
In RSA Encryption method if the prime number p and q are 3 and 7 respectively, the encryption exponent e is 11, find the following: i) the least positive decryption exponent d ii) public and private key iii) cipher text when the plain text P is encrypted using the public key ? How does User Based Security Model provide integrity protection with or without delay detection and privacy protection? (10+8)
How is a virus different from a worm? What are the various types of viruses? Compare the strength and weaknesses of Intrusion Detection System (IDS)? How does Digital Signature prevent E-mail spoofing? (8+6+4)
5. a) b) c)
6. a) b) c)
7. a) b) c)
Alice sends some message M to Bob using RSA public-Key encryption Algorithm where public key is (5,119) and private key is (77,119). The Cipher text is 66. Find the message M sent to Bob. How does biometric help in security electronic banking? Why can IP spoofing not be prevented by using Packet Filter Firewall Technique? (5+8+5)
What is Trojan Horse? Explain some functions of the Trojan. Also suggest any three ways to detect Trojan. How does Asymmetric key encryption ensure “Non-Repudiation”? Explain with an example? Why are each initiator and each target assigned to one or more security groups in an access control scheme based on security labels? (7+5+6)
How is Kerberos designed to provide strong authentication for client/server applications by using secret key cryptography? Also mention the short comings of Kerberos. Hoe does SET make a digital wallet similar to a real wallet and secure for e-commerce payment transaction? Explain briefly the three modes that a snoop can configure. (6+6+6)
july 2006
B5.3-R3: NETWORK MANAGEMENT & INFORMATION SECURITY NOTE: 1. 2.
Answer question 1 and any FOUR questions from 2 to 7. Parts of the same question should be answered together and in the same sequence.
Time: 3 Hours
1. a) b) c) d) e) f) g) 2. a) b) c)
3. a) b)
4. a) b)
5. a)
Total Marks: 100
What are the unicast and multicast packets? By examining the addresses used, determine whether the packet is multicast or unicast. How IPSec can be used to create VPN? How does two filtering routers make the screened subnet firewall most secure? What basic arithmetical and logical functions are used in MD5 and SHA-1? What are the Denial of Service attacks? How is ASN.1 different from other data structure definition schemes? What are main services provided by Computer security incident response teams? (7x4)
What protocol is used at the transport layer? Explain briefly the three functional areas of IP level security. Why does Encapsulating Security Payload (ESP) include a padding field? What is the difference between passive and active attacks with respect to security threats faced in using the web. (6+6+6)
What are the basic techniques that are used by firewalls to control access and enforce the site’s security policy? Which type of firewall does act as a relay of application level traffic? Explain, how it is better from other types of firewalls. (12+6)
Differentiate between both the MD5 and SHA-1 algorithms. Suppose that A has a data file namely “d” that B needs. A and B want to ensure a secure transmission of file. They do not want that anyone should know the content of file even if it is intercepted during transmission. B also wants to know whether or not whatever is transmitted from A has not been corrupted or altered in transit and that the file was sent by A . It is assumed that A and B share a secret symmetric key that no one else knows and there is a public key infrastructure available. Describe the steps that A takes to send the data file “d” meeting the requirements give as above. Your solution should only use as few a number of symmetric and/or public key as necessary while meeting the above requirements. (6+12)
What are some of the attacks that can be made on packet filtering routers and their appropriate counter measures?
b) 6. a) b)
7. a) b)
What are the procedures involved in Quantitative Risk Assessment? How is the Annualized Loss Expectancy (ALE) calculated? (12+6) What was the security problem present in SNMP V1 that was solved in SNMP v3 and how? What are two most popular active contents used as tools by attackers? Describe them briefly. (12+6)
What is a “smurf attack” and how is it defended? What are the conditions prescribed in IT Act 2000 for the purpose of Electronic Governance to retain documents, record or information in electronic form for any specified period? (12+6)
JANUARY 2006 B5.3-R3: NETWORK MANAGEMENT & INFORMATION SECURITY NOTE: 1. Answer question 1 and any FOUR questions from 2 to 7. 2. Parts of the same question should be answered together and in the same sequence. Time: 3 Hours 1. a). b) c) d) e) f) g) 2. a) b) c)
Total Marks: 100
What is digital signature? Which algorithms are used for digital signatures? Differentiate between steganography and cryptography. How does message digest help in checking the integrity of a transmitted text? State four primary functions of CERT. Differentiate between active and passive attacks on a computer. What is an application level firewall and why is it necessary? State any four acts amounting to "cybercrime" as per IT Act 2000. (7x4) Suppose you are doing RSA encryption with the prime numbers p=13 and q=7. Also, assume that encryption exponent e=5. Find the least positive decryption exponent d. Next, encrypt the message m=7. Now decrypt the cipher c=2. Explain the distributed DoS (Denial of Service) attack with a suitable diagram? Why is this kind of attack very common during the final hours of the Internet auction? What is the importance of "no read up" plus "no write down" rule for a multilevel security system? (9+6+3)
3. a) b) c) 4. a)
b)
What is meant by IP spooling? How can a router be used to prevent IP spooling? How does RSA based digital signature help in "non-repudiation"? Explain with a concrete example scenario between a sender and a receiver. Describe the Digital Signature (OS) Algorithm based on OS standard of NIST. How are signing and verifying done in OS standard? (3+6+9) Consider the following threats to Web security and describe how each is countered by a particular feature of SSL (Secure Sockets Layer): i) Brute-Force Cryptanalytic Attack ii) Replay Attack iii) Packet Sniffing iv) Password Cracker v) SYN Flooding vi) Man-In- The-Middle Attack Name the six participants in the SET system and show their interconnections in a secure electronic commerce component diagram. ([6x2]+6)
B5.3-R3 5. a) b) c) 6. a) b)
7.
Page 1 of 2
January, 2006
In most of the campus/corporate networks, we find firewalls preceded by a router, but not the reverse. Can you explain why this has become almost a defacto standard? What is the difference between "reactive" and "proactive" fault management? State the four steps usually followed in reactive fault management. What does SNMP define as manager, agent and client? .Why does SNMP need SMI and MIB to manage a network? How are they related to UDP? (3+6+9) Describe briefly the Bell-La Padula Model and its limitations. What is tranquility principle in this model? What are the three classes of intruders? Discuss any three metrics used in profile-based anomaly detection. Explain the architecture of a distributed intrusion detection system (with a suitable diagram) and name the various components. (8+10) Write short notes on any three: i) Pretty Good Privacy (PGP) ii) IPsec VPN iii) Risk Assessment (RA) iv) Biometrics
(3x6)
January, 2005 Note: 1. Answer question 1 and any FOUR questions from 2 to 7. 2. Parts of the same question should be answered together and in the same sequence. Time: 3 Hours Total Marks:100 1. 1. List and describe three preventative measures that can be taken to minimize the risk of computer virus infection, other than the use of antivirus software. .
2. With respect to an operating system, what is the primary security benefit of access control lists? . 3. Explain why the use of UDP is "popular" for packet spoofing attacks. 4. Briefly describe port-scanning attacks and explain why attackers use them. 5. Cryptography needs physical security. To what extent is this statement correct? 6. We consider the random cipher model with random variables M, C and K for plaintext, ciphertext and key, respectively. Give an interpretation in cryptographic terms of the equation H(M,C) = H(M)+H(C). Give also an example of a cryptosystem, which has this property. 7. Describe how IPsec can be used to create a VPN. (7x4) 2. 1. How is the Internet challenging the protection of individual privacy? Discuss and give examples where appropriate. 2. Briefly describe steps from recovering from system compromise in which an intruder or an attacker has gained access to system. (12+6) 3. 1. Consider the task of designing a Web server that will target specifically Ecommerce, with the objective of accommodating a number of merchant sites, each consisting of a catalog, shopping cart, payment system interfacing with a credit card company, customer profiles repository based on previous transactions, and a recommender system. What specific architectural suggestions would you make to ensure: 1. efficiency 2. security 3. reliability 2. What is meant by IP spoofing? How can a router be used to prevent IP spoofing? 3. What is an important difference between an SNMP request/response and an SNMP trap message? 4. Explain the difference between identification and authentication. (9+3+3+3) 4. 1. What is an Intrusion Detection System? Describe briefly the main components of an IDS with the help of a diagram.
2. You will find that experts disagree on the relative strength of proxy servers and packet filtering firewalls. Examine their arguments and justify your own verdict on their dispute? (10+8) 5. 1. What are the objectives mentioned in the Preamble to the IT Act? 2. How do IP addresses get mapped on to data-link layer addresses, such as Ethernet? Explain by illustrating class 'C' networks of a university. 3. Give a list of SNMP v3 commands and their functionalities. Indicate their direction of flow. Which of the commands are not supported in SNMP v1? (6+6+6) 6. 1. We consider the use of RSA encryption with a 1024 bits modulus to transmit a 56 bit DES key to be used as session key. One can develop a meet-in-the-middle attack on this practice, based on the fact that a random 56 bit number m can with significant probability be factored as m = m1.m2, where both m1and m2 are 28 bit numbers. So, assume that the DES key m has such a factorization and that the ciphertext c = me mod N has been intercepted by an adversary. Describe the attack in detail and give estimates of how much computation and storage that is needed for the attack. 2. Nikita and Michael decide to agree on a secret encryption key using the Diffie-Hellman key exchange protocol. You observe the following: 1. Nikita chooses p=13 for the modulus and g=2 as generator. 2. Nikita sends 6 to Michael. 3. Michael sends 11 to Nikita. Determine the secret key. 7. (12+6) 8. 1. Write short notes on any THREE of the following technologies explaining how they are used in the development of a distributed information system. 1. Active X control 2. FTP server 3. CGI script 4. Active Server Page 5. HTML form Indicate whether the technology runs on the client, on the server, or on both.
2. Which security feature's do you expect-from a secure e-mail system and from the machines running a secure e-mail system? Which layer is most appropriate for such a security service? Distinguish between services that want to offer anonymity in your answer. (12+6)
JULY 2005 NOTE:
1. Answer question 1 and any FOUR questions from 2 to 7. 2. Parts of the same question should be answered together and in the same sequence TIME: 3 HOURS TOTAL MARKS: 100 1.
1. 2. 3. 4. 5. 6. 7.
What are agents in network management system? What is a proxy and how does it work? What are the three key properties of hash functions? Differentiate between passive and active attacks on a computer. Is a firewall sufficient to secure network or do we need anything else? How can an intrusion detection system actively respond to an attack? What is non-repudiation? How does Asymmetric key encryption ensure non-repudiation? (7x4)
2. 1. What is a digital signature? Which algorithms are used to digital signatures? 2. What is IPSec? Explain. 3. Differentiate between Symmetric Key and Asymmetric Key algorithms? Which is most commonly used for encryption on the web? (4+6+8) 3. 1. What are DOS attacks? Explain one of them. 2. What other countermeasures besides IDS are there in a network? What are different types on Intrusion Detection Systems? 3. What are Intrusion Prevention Systems? Explain. (6+6+6)
4. 1. Explain briefly about Mandatory Access Control and Discretionary Access Control. 2. What are Trojans? Give example of at least one commonly known Trojan? 3. Differentiate between works and viruses. (6+6+6) For more questions papers visit www.DoeaccOnline.com, www.IgnouOnline.com
5.
1. Explain briefly about penetration testing and post scanning. 2. What are the different levels in TCP/IP at which web security may be implemented? Illustrate with examples. 3. What is Demilitarized Zone? Explain with a diagram. (6+6+6)
6. 4. How are Digital Certificates used to provide third party trust? 5. What are the components of X.506 v3 format for digital signatures? 6. What is CRL? How is it used to validate digital certificates? (5+6+7)
7. Write short notes on the following: 7. Public Key infrastructures (PKI) 8. Reverse Proxy 9. Virtual Private Network (VPN) (6+6+6)
July, 2004 Note: 1. Answer question 1 and any FOUR questions from 2 to 7. 2. Parts of the same question should be answered together and in the same sequence. Time: 3 Hours Total Marks:100 1. 1. Differentiate between passive and active attacks on a computer. 2. What is malicious code? What are its different types? What differentiates one type from another? 3. A data entry firm experiences on an average a loss of 10 files of 1000 bytes each per day due to power failures. The loss probability is 0.9. The cost of keying in a character is Rs. 0.005. At what cost burden the firm should consider putting in a loss prevention mechanism? 4. What are session keys? How are they distributed using PKI? 5. What are access control lists and capability lists? In what ways they differ in their organization? 6. A password cracker knows for certain that a genuine user uses a password that is four characters long drawn from a set of 100 characters. He decides to crack the password by brute force method. What is the maximum number of combinations he needs to test? How long would it take (in years) for him to crack the password if it takes 100 msec to test each password? 7. Show that in a block chaining mode of encryption a XOR operation on the decrypted result with the preceding block produces the plain text. (7x4) 2. 1. List any four biometric methods other than voice print used for user authentication. Discuss the user registration and authentication procedures in the case of voice print biometric key. 2. What is the basic purpose of a security model for computer systems? 3. Discuss no read up and no write down security policies and the tranquility principle in Bell - La Padula security model. (8+3+7) 3. 1. What is steganography? How is it different from cryptography? 2. Give expressions describing the triple DES function at the sending and receiving ends. What is the purpose of the intermediate stage? Illustrate how the intended purpose of the intermediate stage is achieved.
3. Consider the plain text 47E6BF5193ACD280 and the key FFC16B4A both in hexadecimal. Apply the following functions on the plain text using the key and compute the result:
4. (4+6+8) 5. 1. What is hashing? How does it help in checking the integrity of a transmitted text? 2. Given a message, describe the steps involved in arriving at a digital signature for the message. 3. What are the three phases of authentication in Kerberos v4? Discuss each phase briefly bringing out clearly how certain security threats are overcome in each phase. (4+5+9) 6. 1. What are agents in Network Management System? 2. Give a list of SNMP v3 commands and their functionalities. Indicate their direction of flow. Which of the commands are not supported in SNMP v1? 3. What are the different components of IDS? Explain the different types of IDS. (6+7+5) 7. 1. What are the different levels in TCP/IP at which WEB security may be implemented? Illustrate with examples. 2. Explain with a diagram how tunnel mode IPSec operation can be established among different segments of a virtual private network. 3. What is DOS attack? Explain one of them. (6+6+6) 8. 1. What is the basic purpose of a firewall? Briefly discuss the different types of firewalls. 2. Present and discuss the screened subnet architecture of firewalls. 3. IT Act 2000 specifies eight acts which if carried out without the permission of the owner or the person in-charge of a computer system are considered as crimes. List any three such acts and relate them to the type of security attacks. (8+5+5)
January, 2004 Note: 1. Answer question 1 and any FOUR questions from 2 to 7. 2. Parts of the same question should be answered together and in the same sequence. Time: 3 Hours Total Marks:100 1. 1. What are four problems related to network security? Explain the meaning of each of them. 2. Explain what is challenge response system? 3. What are agents in Network management system? 4. What is a stream cipher? Is DES a stream or block cipher? 5. What is firewall? State briefly how it works. 6. What are the three key properties of hash functions? 7. With the possibility of inside attack, where should IDS devices be located? (7 x 4) 2. 1. What are two common techniques used to protect a password file? 2. Explain briefly what are the following Internet security threats: 1. Packet sniffing. 2. IP spoofing. 3. Denial of service. 3. Why is authentication an important requirement for network security? (6+8+4) 3. 1. Explain briefly about Mandatory Access Control and Discretionary Access Control. 2. Describe briefly the Bell-La Padula model and its limitations. 3. What are the essential components of a corporate security policy? (6+6+6) 4. 1. What are the four modes of operation for a symmetric cipher? What are the relative advantages of each of the mode? 2. A wants to send B a signed message. A and B have certificates for their public keys, signed by a mutually trusted CA. Explain how A generates
the signature which is appended to the message, assuming RSA, and MD5 can be used. 3. Does the certification Authority need a private key? What for? What happens if this is compromised? (6+6+6) 5. 1. Briefly explain how cookies pose security threat? 2. What is MIB? What are the two ways to convey MIB information? 3. What is the difference between SNMP and RMON ? Explain in brief about the snmpbulkget request operation. 4. Which message types are used: 1. to gather information from an agent? 2. to inform the manager of certain events? (4+5+5+4) 6. 1. What is buffer overflow? How does it lead to security problems? 2. Explain briefly about penetration testing and port scanning. 3. What is the difference between IDS and Firewall? (8+6+4) 7. Write short notes on the following: 1. Virtual Private Network (VPN) 2. Secure Socket Layer. 3. Proxy Firewall