System & Web Security - May 2016

Information Technology (Semester 6)

TOTAL MARKS: 80
TOTAL TIME: 3 HOURS (1) Question 1 is compulsory.
(2) Attempt any three from the remaining questions.
(3) Assume data if required.
(4) Figures to the right indicate full marks. 1(a) For an online shopping system identify vulnerability, threat and attack.(5 marks) 1(b) What is IP spoofing? How does it lead to Denial of service attack?(5 marks) 1(c) What are the different modes of authenticating a user?(5 marks) 1(d) What are the different phases of a virus? How does a virus propagate?(5 marks) 2(a) Differentiate between
        (i) Access control list and capability list
        (ii) Firewall and IDS.(10 marks) 2(b) Explain RSA algorithm for public key encryption. Given modulus N = 143 and public key = 7, find the values of p, q, phi (n), and private key d. Can we choose value of e=5? Justify.(10 marks) 3(a) What is session hijacking? How does it occur? Give two ways to prevent a session hijack.(10 marks) 3(b) How is single sign on achieved in Kerberos protocol? What is the concept of a ticket in this protocol?(10 marks) 4(a) Compare the different types of firewalls that can be used to secure a network.(10 marks) 4(b) List the different protocols of Ssl and explain the working in detail.(10 marks) 5(a) What are the different appraoches to software reverse engineering?(10 marks) 5(b) What are the file system vulnerabilities for a Linux system?(10 marks) 6(a) Secure email(5 marks) 6(b) Multi level access control(5 marks) 6(c) Digital Right Management(5 marks) 6(d) Non-maliciou programming errors(5 marks) 6(e) Federated Identity Management(5 marks)