UNIT 5

Subject Name: NIS Model Answer Subject Code: 22620

Q.No. Answer Marking

Scheme
a. Classify following cyber crimes: 2M
i) Cyber stalking
ii) Email harassment
Ans− i) Cyber stalking : Cyber Stalking means following some ones 1M for each
activity over internet. This can be done with the help of many protocols explanation
available such as e− mail, chat rooms, user net groups.
OR
Cyber stalking :Cyberstalking/ Harassment refers to the use of the
internet and other technologies to harass or stalk another person online, and
is potentially a crime in the India under IT act−2000.
This online harassment, which is an extension of cyberbullying and in
person stalking, can take the form of e−mails, text messages, social
media posts, and more and is often methodical, deliberate, and
persistent.

ii) Email harassment : Email harassment is usually understood to be

a form of stalking in which one or more people send consistent,
unwanted, and often threatening electronic messages to someone else
OR
Email harassment : Cybercrime against individual
b. Define AH & ESP with respect to IP security. 2M
Ans− Authentication header (AH): 1M each, any
1. The AH provides support for data integrity and authentication of one point also
IP packets. The data integrity service ensures that data inside IP can be
packet is not altered during the transit. considered
2. The authentication service enables an end user or computer system
to authenticate the user or the application at the other end and decides
to accept or reject packets accordingly
Encapsulation Header (ESP):
1. Used to provide confidentiality, data origin authentication, data
integrity.
2. It is based on symmetric key cryptography technique.
3. ESP can be used in isolation or it can be combined with AH.
c. Explain use of PCI DSS. 2M
Ans− The Payment Card Industry Data Security Standard (PCI DSS) is a Correct
set of security standards designed to ensure that all companies that explanation
accept process, store or transmit credit card information maintain a 2M
secure environment.PCI DSS is the global data security standard that
any business of any size must adhere to in order to accept payment

cards, and to store, process, and/or transmit cardholder data. It

presents common sense steps that mirror best security practices.
 UNIT 5

d. State the meaning of hacking. 2M

Ans− Hacking in simple terms means an illegal intrusion into a computer Correct
system and/or network. Government websites are the hot target of the explanation
hackers due to the press coverage, it receives. Hackers enjoy the 2M
media coverage.
OR
Hacking is the act of identifying and then exploiting weaknesses in a
computer system or network, usually to gain unauthorized access to
personal or organizational data. Hacking is not always a malicious
activity, but the term has mostly negative connotations due to its
association with cybercrime.
e. Describe sniffing attack. 2M
Ans− This is software or hardware that is used to observe traffic as it passes Correct
through a network on shared broadcast media. It can be used to view explanation
all traffic or target specific protocol, service, or string of characters 2M
like logins. Some network sniffers are not just designed to observe
the all traffic but also modify the traffic. Network administrators use
sniffers for monitoring traffic. They can also use for network
bandwidth analysis and to troubleshoot certain problems such as
duplicate MAC addresses.
f. List any two types of active and passive attacks. 2M
Ans− Active Attack: Any two
• Masquerade active attacks
• Replay 1M,
• Message Modification
• Denial−Of−Service Any two
passive
Passive Attack: attacks 1M
• Eavesdropping
• Traffic Analysis
g. List any types of cybercrimes. 2M
Ans− Types of cyber crime :− Any four
1. Hacking types 1/2M
2. Digital Forgery each
3. Cyber Stalking / Harassment
4. Cyber Pornography
5. Identity Theft and Fraud
6. Cyber Terrorism
7. Cyber Defamation
h. Define access control and explain authentication mechanism for access 4M
control.
 UNIT 5

Ans− Access Control – 2M for Access

Access is the ability of a subject to interest with an object. control
Authentication deals with verifying the identity of a subject. It is
ability to specify, control and limit the access to the host system or 2M for
application, which prevents unauthorized use to modify data or resources. authenticatio
Access control is to specify, control and limit the access to
the host system or application, which prevents unauthorized use to
access or modify data or resources.
Authentication -
Authentication helps to establish proof of identities. The
Authentication process ensures that the origin of a message is correctly
identified. For example, suppose that user C sends a message over the
internet to user B. however, the trouble is that user C had posed as user
A when he sent a message to user B. how would user B know that the
message has come from user C, who posing as user A? This concept is
shown in fig. below. This type of attack is called as fabrication
Authentication is the process of determining identity of a user or other
entity. It is performed during log on process where user has to submit

His / her username and password.

There are three methods used in it.
1. Something you know − User knows user id and password.
2. Something you have − Valid user has lock and key.
3. Something about you − User‟s unique identity like fingerprints,
DNA etc.
i. Explain Email security in SMTP. 4M
Ans− Email Security Email is emerging as one of the most valuable services 1M for
on the internet today. Most of the internet systems use SMTP as a diagram 3M
method to transfer mail from one user to another. SMTP is a push for
protocol and is used to send the mail whereas POP (post office explanation
protocol) or IMAP (internet message access protocol) are used to
retrieve those mails at the receiver„s side.
1. SMTP (simple mail transfer protocol)
2. PEM (Privacy Enhance Mail)
3. PGP (Pretty Good Privacy)
SMTP (Simple Mail Transfer Protocol)
 UNIT 5

Simple Mail Transfer Protocol, a protocol for sending email messages

between servers. Most e−mail systems that send mail over the Internet
use SMTP to send messages from one server to another; the messages
can then be retrieved with an e−mail client using either POP or IMAP.
In addition, SMTP is generally used to send messages from a mail
client to a mail server. This is why you need to specify both the POP or
IMAP server and the SMTP server when you configure your e−mail
application. SMTP usually is implemented to operate over Internet port
25. An alternative to SMTP that is widely used in Europe is X.400.
Many mail servers now support Extended Simple Mail Transfer
Protocol (ESMTP), which allows multimedia files to be delivered as e
mail.

The basic phases of an email communication consists of the following

steps :−
1. At sender„s end an SMTP server takes the message sent by uses
computer
2. The SMTP server at the sender„s end then transfer the message to
the SMTP server of the receiver.
3. The receiver„s computer then pulls the email message from the
SMTP server at the receiver„s end, using the other mail protocol such
as Post Office Protocol (POP) or IMAP (Internet mail access protocol ).
 UNIT 5

J. Describe working principle of SMTP. 4M

Ans− 1. Composition of Mail: A user sends an e−mail by composing an Working

electronic mail message using a Mail User Agent (MUA). Mail User principle
Agent is a program which is used to send and receive mail. The explanation
message contains two parts: body and header. The body is the main 2M
part of the message while the header includes information such as the
sender and recipient address. The header also includes descriptive Suitable
information such as the subject of the message. In this case, the diagram 2M
message body is like a letter and header is like an envelope that
contains the recipient's address.

2. Submission of Mail: After composing an email, the mail client

then submits the completed e−mail to the SMTP server by using
SMTP on TCP port 25.

3. Delivery of Mail: E−mail addresses contain two parts: username of

the recipient and domain name. For example, [email protected],
where "vivek" is the username of the recipient and "gmail.com" is the
domain name.
If the domain name of the recipient's email address is different from
the sender's domain name, then MSA will send the mail to the Mail
Transfer Agent (MTA). To relay the email, the MTA will find the
target domain. It checks the MX record from Domain Name System
to obtain the target domain. The MX record contains the domain
name and IP address of the recipient's domain. Once the record is
located, MTA connects to the exchange server to relay the message.

4. Receipt and Processing of Mail: Once the incoming message is

received, the exchange server delivers it to the incoming server (Mail
Delivery Agent) which stores the e−mail where it waits for the user to
retrieve it.

5. Access and Retrieval of Mail: The stored email in MDA can be

retrieved by using MUA (Mail User Agent). MUA can be accessed
by using login and password.

k. Describe any four password selection criteria. 4M

 UNIT 5

Ans− Password: Password is a secret word or expression used by Any four

authorized persons to prove their right to access, information, etc. criteria’s 1M
Components of good password: each
1. It should be at least eight characters long.
2. It should include uppercase and lowercase letters, numbers, special
characters or punctuation marks.
3. It should not contain dictionary words.
4. It should not contain the user's personal information such as their
name, family member's name, birth date, pet name, phone number or
any other detail that can easily be identified.
5. It should not be the same as the user's login name.
6. It should not be the default passwords as supplied by the system
vendor such as password, guest, and admin and so on.
l. Describe PGP with suitable diagram. 4M
Ans− PGP is Pretty Good Privacy. It is a popular program used to encrypt Explanation
and decrypt email over the internet. It becomes a standard for email 2M
security. It is used to send encrypted code (digital signature) that lets
the receiver verify the sender’s identity and takes care that the route
of message should not change. PGP can be used to encrypt files being
stored so that they are in unreadable form and not readable by users
or intruders It is available in Low cost and Freeware version. It ismost widely
used privacy ensuring program used by individuals as
well as many corporations. Diagram 2M

There are five steps as shown below:

1. Digital signature: it consists of the creation a message digest of the
email message using SHA−1 algorithm. The resulting MD is then
encrypted with the sender’s private key. The result is the sender’s
digital signature.
2. Compression: The input message as well as p digital signature are
compressed together to reduce the size of final message that will be
 UNIT 5

transmitted. For this the Lempel −Ziv algorithm is used.

3. Encryption: The compressed output of step 2 (i.e. the compressed
form of the original email and the digital signature together) are
encrypted with a symmetric key.
4. Digital enveloping: the symmetric key used for encryption in step 3
is now encrypted with the receiver’s public key. The output of step 3
and 4 together form a digital envelope.
5. Base −64 encoding: this process transforms arbitrary binary input
into printable character output. The binary input is processed in
blocks of 3 octets (24−bits).these 24 bits are considered to be made up
of 4 sets, each of 6 bits. Each such set of 6 bits is mapped into an 8
bit output character in this process.
m. Explain the working of Kerberos. 6M
Ans− Kerberos is a network authentication protocol. It is designed to provide 6M for
strong authentication for client/server applications by using secret−key relevant steps
cryptography.
The entire process takes a total of eight steps, as shown below.
1. The authentication service, or AS, receivers the request by the client
and verifies that the Client is indeed the computer it claims to be. This
is usually just a simple database lookup of the user‟s ID.

2. Upon verification, a timestamp is crated. This puts the current time

in a user session, along with an expiration date. The default expiration
date of a timestamp is 8 hours. The encryption key is then created. The
timestamp ensures that when 8 hours is up, the encryption key is
useless. (This is used to make sure a hacker doesn‟t intercept the data,
and try to crack the key. Almost all keys are able to be cracked, but it
will take a lot longer than 8 hours to do so).
 UNIT 5

3. The key is sent back to the client in the form of a ticket−granting

ticket, or TGT. This is a simple ticket that is issued by the
authentication service. It is used for authentication the client for future
reference.

4. The client submits the ticket−granting ticket to the ticket−granting

server, or TGS, to get authenticated.

5. The TGS creates an encrypted key with a timestamp, and grants the client
a service ticket.

6. The client decrypts the ticket, tells the TGS it has done so, and then sends
its own encrypted key to the service server.
 UNIT 5

7. The service server decrypts the key, and makes sure the timestamp is
still valid. If it is, the
service contacts the key distribution center to receive a session that is
returned to the client.
8. The client decrypts the ticket. If the keys are still valid,
communication is initiated between client and server.
n. Explain Public Key Infrastructure with example. 6M
Ans− A public key infrastructure (PKI) is a set of roles, policies, 3M
hardware, software and procedures needed to create, manage, Explanation
distribute, use, store and revoke digital certificates and manage public 1M
key encryption. The purpose of a PKI is to facilitate the secure diagram
electronic transfer of information for a range of network activities such 2M for
as e−commerce, internet banking and confidential email. example
PKI is the governing body behind issuing digital certificates. It helps to
protect confidential data and gives unique identities to users and
systems. Thus, it ensures security in communications.
The public key infrastructure uses a pair of keys: the public key and the
private key to achieve security. The public keys are prone to attacks
and thus an intact infrastructure is needed to maintain them.
PKI identifies a public key along with its purpose. It usually consists of
the following components:
• A digital certificate also called a public key certificate
• Private Key tokens
• Registration authority
• Certification authority
• CMS or Certification management system
Working on a PKI:
PKI and Encryption: The root of PKI involves the use of
cryptography and encryption techniques. Both symmetric and
asymmetric encryption uses a public key. There is always a risk of
MITM (Man in the middle). This issue is resolved by a PKI using
digital certificates. It gives identities to keys in order to make the
verification of owners easy and accurate.
 UNIT 5

Public Key Certificate or Digital Certificate: Digital certificates are

issued to people and electronic systems to uniquely identify them in the
digital world.
• The Certification Authority (CA) stores the public key of a user
along with other information about the client in the digital
certificate. The information is signed and a digital signature is also
included in the certificate.
• The affirmation for the public key then thus be retrieved by
validating the signature using the public key of the Certification
Authority.
Certifying Authorities: A CA issues and verifies certificates. This
authority makes sure that the information in a certificate is real and
correct and it also digitally signs the certificate. A CA or Certifying
Authority performs these basic roles:
• Generates the key pairs – This key pair generated by the CA can be
either independent or in collaboration with the client.
• Issuing of the digital certificates – When the client successfully
provides the right details about his identity, the CA issues a
certificate to the client. Then CA further signs this certificate
digitally so that no changes can be made to the information.
• Publishing of certificates – The CA publishes the certificates so
that the users can find them. They can do this by either publishing
them in an electronic telephone directory or by sending them out to
other people.
• Verification of certificate – CA gives a public key that helps in
verifying if the access attempt is authorized or not.
• Revocation – In case of suspicious behavior of a client or loss of
trust in them, the CA has the power to revoke the digital
certificate.

The most popular usage example of PKI (Public Key Infrastructure) is

the HTTPS (Hypertext Transfer Protocol Secure) protocol. HTTPS is a
combination of the HTTP (Hypertext Transfer Protocol) and SSL/TLS
 UNIT 5

(Secure Sockets Layer/Transport Layer Security) protocols to provide

encrypted communication and secure identification of a Web server.
In HTTPS, the Web server's PKI certificate is used by the browser for
two purposes:
Validate the identity of the Web server by verify the CA's digital
signature in the certificate.
Encrypt a secret key to be securely delivered to the Web server. The
secret key will be used to encrypt actual data to be exchanged between
the browser and the Web server.
Other examples of PKI (Public Key Infrastructure) are:

Digital signature − The sender of a digital message uses his/her private

key to generate a digital signature attached to the message. The
receiver uses the sender's certificate to verify the digital signature to
ensure the message was sent by the claimed sender.

Encryption of documents − The sender of a digital message uses the

receiver's certificate to encrypt the message to protect the
confidentiality of the message. Only the receiver who can use his/her
private key decrypt the message.
Digital identification − User's certificate is stored in a smart card to be
used to verify card holder's identities.
(CONSIDER ANY ONE EXAMPLE)
o. Explain IP sec security with help of diagram. 6M
Ans− Diagram 2M
Explanation
4M

It encrypts and seal the transport and application layer data during
transmission. It also offers integrity protection for internet layer. It
sits between transport and internet layer of conventional TCP/IP
protocol 1. Secure remote internet access: Using IPsec make a local
call to our internet services provider (ISP) so as to connect to
 UNIT 5

organization network in a secure fashion from our house or hotel

from there; to access the corporate network facilities or access remote
desktop/servers. 2. Secure branch office connectivity: Rather than
subscribing to an expensive leased line for connecting its branches
across cities, an organization can setup an IPsec enabled network for
security. 3. Setup communication with other organization: Just as
IPsec allow connectivity between various branches of an
organization, it can also be used to connect the network of different
organization together in a secure & inexpensive fashion. Basic
Concept of IPsec Protocol: IP packet consist two position IP header &
actual data IPsec feature are implemented in the form of additional
headers called as extension header to the standard, default IP header.
IPsec offers two main services authentication & confidentially. Each
of these requires its own extension header. Therefore, to support these
two main services, IPsec defines two IP extension header one for
authentication & another for confidentiality.
It consists of two main protocols
Authentication header (AH): Authentication header is an IP Packet
(AH) protocol provides authentication, integrity &an optional anti
reply service. The IPsec AH is a header in an IP packet. The AH is
simply inserted between IP header & any subsequent packet contents
no changes are required to data contents of packet. Security resides
completing in content of AH.
Encapsulation Header (ESP): Used to provide confidentiality, data
origin authentication, data integrity. It is based on symmetric key
cryptography technique. ESP can be used in isolation or it can be
combined with AH.

p. Explain Kerberos with help of suitable diagram. 6M

Ans− Kerberos: Kerberos is a network authentication protocol. It is
 UNIT 5

designed to provide strong authentication for client/server

applications by using secret−key cryptography. It uses secret key
cryptography. It is a solution to network security problems. It
provides tools for authentication and strong cryptography over the
network to help you secure your information system There are 4
parties involved in Kerberos protocol
i) User
ii) Authentication service (AS)
iii) Ticket granting server (TGS)
iv) Service server
Working of Kerberos:
1. The authentication service, or AS, receivers the request by the
client and verifies that the client is indeed the computer it claims to
be. This is usually just a simple database lookup of the user‟s ID.

2. Upon verification, a timestamp is created. This puts the current

time in a user session, along with an expiration date. The default
expiration date of a timestamp is 8 hours. The encryption key is then
created. The timestamp ensures that when 8 hours is up, the
encryption key is useless.
3. The key is sent back to the client in the form of a ticket−granting
ticket, or TGT. This is a simple ticket that is issued by the
authentication service. It is used for authentication the client for
future reference.

4. The client submits the ticket−granting ticket to the ticket−granting server,

or TGS, to get authenticated.
 UNIT 5

5. The TGS creates an encrypted key with a timestamp, and grants the client
a service ticket.

6. The client decrypts the ticket, tells the TGS it has done so, and then sends
its own encrypted key to the service.

7. The service decrypts the key, and makes sure the timestamp is still valid. If
it is, the service contacts the key distribution center to receive a session that
is returned to the client.

8. The client decrypts the ticket. If the keys are still valid, communication is
initiated between client and server.
q. Describe COBIT framework with neat diagram 6M
 UNIT 5

Ans− Diagram 2M

Explanation
4M

COBIT stands for ―Control Objectives for Information and related

Technology‖, it is a framework that was developed by ISACA
(Information System Audit and Control Association). It is a set of
guidance material for IT governance to manage their requirements,
technical issues, and business risks.
COBIT connects IT initiatives with business requirements, monitors and
improves IT management practices, and ensures quality control and
reliability of information systems in an organization.
• Plan and Organize: This domain addresses direction to solutions,
Information architecture, managing IT investments, assess the risks, quality,
and project.
• Acquire and Implement: This domain acquires and maintains application
software and technology infrastructure, develops as well as maintains
procedures and manages changes, implements desired solutions and passes
them to be turned into services.
• Deliver and Support: This domain defines and manages service levels,
ensures the security of the system, educates or trains, and advises users. It
receives solutions and makes them usable for end users.
• Monitor and Evaluate: This domain monitors the process, assesses internal
control capability, finds independent assurance, and provides independent
audit. Principle of COBIT:
• Providing service of delivering information that an organization requires.
• Undesired events will be prevented, detected, and corrected.
• Managing and controlling IT resources using a structured set of processes.
Fulfilling client’s requirements.
Note: Any other relevant framework shall be considered