System & Web Security - Dec 2016
Information Technology (Semester 6)
TOTAL MARKS: 80
TOTAL TIME: 3 HOURS (1) Question 1 is compulsory.
(2) Attempt any three from the remaining questions.
(3) Assume data if required.
(4) Figures to the right indicate full marks. 1(a) Give two techniques to establish a covert channel.(5 marks) 1(b) Compare and contrast discretionary access control and mandatory access control.(5 marks) 1(c) Define with examples i) SQL injections ii) Cross-site scripting.(5 marks) 1(d) What are the different phases of a virus? Explain.(5 marks) 2(a) What are the different kinds of malware? How do they propagate?(10 marks) 2(b) Explain RSA algorithm for public key encryption. Given modulus N= 143 and public key =7, find the values of p, q, phi (n), and private key d. Can we choose value of e = 5? Justify.(10 marks) 3(a) What is a firewall? Explain different types of firewalls and specify at which layer of the Internet stack do they operate?(10 marks) 3(b) What is a denial of service attack? Discuss different ways in which an attacker can mount a DOS attack.(10 marks) 4(a) Distinguish between the ESP and AH protocol in IPSec. Show the working of each in transport and tunnel mode.(10 marks) 4(b) What is an IDS? How does it differ from a honeypot? Discuss the different types of IDS.(10 marks) 5(a) Explain the process of generation and verification of digital certificate.(10 marks) 5(b) With respect to SSL protocol explain the following :-
i) Generation of master key
ii) Authenticiation of server to client.(10 marks)
Wriet short note Any four Q.6 (a, b, c, d, e)
6(a) Windows Security(5 marks) 6(b) Federated Identity Management(5 marks) 6(c) Software Reverse Engineering(5 marks) 6(d) Knapsack cryptosystem(5 marks) 6(e) No-mailcious programming erros.(5 marks)