Information & Network Security - Dec 2012
Information Technology (Semester 6)
TOTAL MARKS: 100
TOTAL TIME: 3 HOURS (1) Question 1 is compulsory.
(2) Attempt any four from the remaining questions.
(3) Assume data wherever required.
(4) Figures to the right indicate full marks.
Attempt any four questions:-
1 (a) What is primary advantage of SSL over IP sec? What is primary advantage of IP sec over SSL? (5 marks) 1 (b) What is a distinction between a polymorphic and a metamorphic worm? How might metamorphic software be used for a good instead of evil?(5 marks) 1 (c) What is validation error? How can such an error lead to a security flow?(5 marks) 1 (d) What is race condition? Discuss an example of race condition.(5 marks) 1 (e) Strength and DES depends on S-boxes in DES . Comment on the statement.(5 marks)
Explain technique (or fundamental concept behind) following attacks? Attempt any five questio
2 (a) Cross site scripting.(4 marks)
2 (b) ARP poisoning.(4 marks)
2 (c) Packet sniffing.(4 marks)
2 (d) Spoofing.(4 marks)
2 (e) Session hijacking.(4 marks)
2 (f) Ping to death.(4 marks)
2 (g) Root Traverse attack on web server(4 marks)
3 (a) Why is it a good idea to hash password that are stored in a file? What is a "salt" and why should a salt be used whenever passwords are hashed?(5 marks)
3 (b) Explain visual CAPTCHA.(5 marks)
3 (c) How are polyalphabetic ciphers implemented and how are they superior to monoalphabetic ciphers?(10 marks)
4 (a) Explain DMZ in enterprise wide networks. Explain various attacks possible on DMZ and its counter measure.(10 marks)
4 (b) Explain key generation encryption and decryption in the RSA algorithm.(10 marks)
5 (a) Identify security issues due to protocol weakness in following protocols.
(ii) Ethernet with MTU 1500.(10 marks) 5 (b) What is difference between digital signature and digital certificate?(5 marks) 5 (c) Explain Diffie-Hellman key exchange algorithm.(5 marks) 6 (a) How is authentication achieved in pretty good privacy?(5 marks) 6 (b) What are the possible attacks on the password? Explain each in details.(5 marks) 6 (c) What is Access Control? How it is different from availability?(5 marks) 6 (d) Explain relationship between confidentiality, integrity and availability.(5 marks)
Write short notes on:-
7 (a) PKI.(5 marks) 7 (b) IDS/IPS.(5 marks) 7 (c) Firewall.(5 marks) 7 (d) Kerberos.(5 marks)