HINDUSTAN COLLEGE OF SCIENCE & TECHNOLOGY Department of Computer Science & Engineering

snakesailboatSecurity

Feb 23, 2014 (3 years and 7 months ago)

225 views

HINDUSTAN
COLLEGE OF SCIENCE & TECHNOLOGY

Department of Computer Science & Engineering

SOLUTIONS
-
(
MT
-
I
I
)

SUBJECT
:

ISCL

(EIT
-
5
05
)

SESSION:

(
2011
-
12
)

SECTION

A

Q1. Attempt all
Questions. (Short type Question)
-





(3*1)

a)

What is Information system? Explain the importance of IS?

b)

What are the Different Security Threats in online business transaction?

c)

What is Digital signature?

Ans:
-

a.

Information system
-







b.

Different Security Threats in online business transaction are
-



Website defacement.



Dos.



Customer Phishing.



Customer Information Theft.



Guessing Passwords.



Network sniffing.



Social Engineering.


c.

Digital S
ignature
-



A digital signature (not to be confused
with a digital certificate) is an electronic signature
that can be used to authenticate the identity of the sender of a message or the signer of a
document, and possibly to ensure that the original content of the message or document
that has been sent is u
nchanged.



Digital signatures are easily transportable, cannot be imitated by someone else, and can
be automatically time
-
stamped.



The ability to ensure that the original signed message arrived means that the sender
cannot easily repudiate it later.






Fig
-
Digital signature

SECTION

B

Q2. Attempt any two Questions. (Medium type Question)
-




(2*2)

a.

Explain Need of physical Security? Also Explain the Basics Tents of Physical
Security of Information System Resources?

b.

Write Short Notes on any two
-

I.

Laptop
Security.

II.

Wireless Network Security.

III.

Security Challenges in Mobile device.

c.

Explain the Different Classification of threats & assessing damages?



ANS:
-

a.

Explain Need of physical Security? Also Explain the Basics Tents of Physical
Security of Information Sys
tem Resources?





The Basic Principle
s of physical Security are
-







b.

Write Short Notes on any two
-

I.

Laptop Security.

II.

Wireless Network Security.

III.

Security Challenges in Mobile device.

ANS
:
-
Laptop Security
-


Wireless Network Security
-



Wireless Network
security

is the prevention of unauthorized access or damage to network
using wireless networks.



http://technet.microsoft.com/en
-
us/library/bb457019.aspx



Change the default wireless network name or SSID.



Change the default password.



Enable Encryption
(Enable

WPA encryption instead of WEP).



DON'T turn off SSID Broadcasting.



Change the network card settings



Enable MAC Address Filtering



Reduce your WLAN transmitter power



Disable

remote administration

Security Challenges Faced by Mobile devices
-


c.

Explain
the Different Classification of threats & assessing damages?

Threats Consists of Following Properties
-




SECTION

C

Q3. Attempt any part of e
ach question. (Long Type Question)
-



(2*4)

1.


a)

What are The Different Design issues in Biometric System? Explain
the
Benefits and Criteria for Selection of Biometrics?

b)

What do you mean by firewall? Explain the design and implementation issues
of firewall in detail?

2.


a)

What are the Basics Principles of Information Security? Explain in detail?

b)

Write Short Notes on Follow
ings
-

I.

E
-
governance.

II.

Different Type of Cyber Crimes.

III.

Digital Signature.

IV.

List The Micro Challenges in Mobile Security (at device level).

ANS:
-

a.

What are The Different Design issues in Biometric System? Explain the Benefits and
Criteria for Selection of
Biometrics?


Biometric is a Physical or biolo
gical

features or
attribute

that can be measured.

It

can be used

as the
means of providing without
raveling your network id that you have certain right or password.




b.

What do you mean by
firewall? Explain the design and implementation issues of firewall in
detail?

FIREWALL:
-




A
firewall

is a device or set of devices designed to permit or deny network
transmissions based upon a set of rules and is frequently used to protect networks
from un
authorized access while permitting legitimate communications to pass.



Firewalls are an essential tool in protecting your network from various threats.



Many personal computer operating systems include software
-
based firewalls to protect
against threats from

the public Internet.



Many routers that pass data between networks contain firewall components and,
conversely, many firewalls can perform basic routing functions.




There are several types of firewall techniques:

o

Packets filter:

Looks at each packet entering or leaving the network and accepts
or rejects it based on user
-
defined rules. Packet filtering is fairly effective and
transparent to users, but it is difficult to configure. In addition, it is susceptible to
IP spoofing.


o

Application gateway:

Applies security mechanisms to specific applications, such
as FTP and Telnet servers. This is very effective, but can impose performance
degradation.

o

Circuit
-
level gateway:

Applies security mechanisms when a TCP or UDP
connection is
established. Once the connection has been made, packets can flow
between the hosts without further checking.

o

Proxy server:

Intercepts all messages entering and leaving the network. The
proxy server effectively hides the true network addresses

Three Desig
n and Implementation Issues:
-



There are a number of basic design issues that should be addressed by the lucky person
who has been tasked with the responsibility of designing, specifying, and implementing
or overseeing the installation of a firewall.

o

The first and most important decision reflects the policy of how your company or
organization wants to operate the system: is the firewall in place explicitly to deny
all services except those critical to the mission of connecting to the Net, or is the
fir
ewall in place to provide a metered and audited method of ``queuing'' access in
a non
-
threatening manner? There are degrees of paranoia between these positions;
the final stance of your firewall might be more the result of a political than an
engineering d
ecision.

o

The second is: what level of monitoring, redundancy, and control do you want?
Having established the acceptable risk level (e.g., how paranoid you are) by
resolving the first issue, you can form a checklist of what should be monitored,
permitted,

and denied. In other words, you start by figuring out your overall
objectives, and then combine a needs analysis with a risk assessment, and sort the
almost always conflicting requirements out into a laundry list that specifies what
you plan to implement.


o

The third issue is financial. We can't address this one here in anything but vague
terms, but it's important to try to quantify any proposed solutions in terms of how
much it will cost either to buy or to implement. For example, a complete firewall
produ
ct may cost between $100,000 at the high end, and free at the low end. The
free option, of doing some fancy configuring on a Cisco or similar router will cost
nothing but staff time and a few cups of coffee. Implementing a high end firewall
from scratch mi
ght cost several man
-
months, which may equate to $30,000 worth
of staff salary and benefits. The systems management overhead is also a
consideration. Building a home
-
brew is fine, but it's important to build it so that it
doesn't require constant (and expe
nsive) attention. It's important, in other words,
to evaluate firewalls not only in terms of what they cost now, but continuing costs
such as support.

4

(
a
)
-

a.

What are the Basics Principles of Information Security? Explain in detail?

Ans
-

Basics Principles

of Information Security
-

(Explain Each in Detail)
-



1.

There are no such things as absolute security
.

2.

The three pillars of information security are
-
CIA
.

3.

Defense in Depth as a strategy.

4.

Computer Security depends on two types of requirements
-



Functional (what

a system should do)



Assurance (how functional requirement should be implemented and tested)

5.

Security through Obscurity is not an answer.

6.

Security=Risk management.

7.

Complexity is the enemy of security
.

8.

Open Disclosure of vulnerability is good for security.





a)

Write Short Notes on Followings
-

I.

E
-
governance.

II.

Different Type of Cyber Crimes.

III.

Digital Signature.

IV.

List The Micro Challenges in Mobile Security (at device level).

E
-
governance
-



E
-
Government

(short for electronic government, also known as
e
-
gov
,
digital
government
,
online government
, or
connected government
) is digital interactions
between a government and citizens (G2C), government and businesses/Commerce (G2B),
government and employees (G2E), and also between government and governments
/agencies (G2G).



E
-
Government delivery models are
-


o

G2C (Government to Citizens)

o

G2B (Government to Businesses)

o

G2E (Government to Employees)

o

G2G (Government to Governments)

o

C2G (Citizens to Governments)



This digital interaction consists of governance, information and com
munication
technology (ICT), business process re
-
engineering (BPR), and e
-
citizen at all levels of
government (city, state/
province
, national, and international).




Four pillars of E
-
governance are
-

o

People
.

o

Process.

o

Technology.

o

Resources
.




Different
Type of Cyber Crimes
-








List
the

Micro Challenges in Mobile Security
(A
t device level)
-



Managing the registry settings.



Authentication server security



Cryptographic security for mobile devices



LDAP security



Remote access server
(RAS)



Media player security