System & Web Security - May 2015

Information Technology (Semester 6)

TOTAL MARKS: 80
TOTAL TIME: 3 HOURS (1) Question 1 is compulsory.
(2) Attempt any three from the remaining questions.
(3) Assume data if required.
(4) Figures to the right indicate full marks. 1 (a) Explain with examples, Vulnerability, Threat and attacks.(8 marks) 1 (b) Discuss with examples the following:
i) ARP spoofing
ii) TCP syn flood attack
iii) Port scanning
iv) IP spoofing(12 marks) 2 (a) Discuss with an example how knapsack is used in cryptography.(10 marks) 2 (b) Explain the roles of the different servers in Kerberos protocol. How does the user get authenticated to the different servers?(10 marks) 3 (a) Define access control list and capability list and compare them. Explain the Bell La Padula access control model.(10 marks) 3 (b) Differentiate between the tunnel mode and transport mode of IPSec. Explain how integrity is achieved.(10 marks) 4 (a) List the different protocols of SSL. Explain in detail Handshake protocol. How does server get authenticated to client?(10 marks) 4 (b) List and explain the different TCP/IP vulnerabilities.(10 marks) 5 (a) What are the different approaches to Software Reverse Engineering?(10 marks) 5 (b) With the help of example explain cross-site scripting and SQL injection attacks.(10 marks)

Write a short notes on:

6 (a) Linux File Security.(5 marks) 6 (b) Phishing and Pharming techniques(5 marks) 6 (c) Federated Identity Management.(5 marks) 6 (d) Biometric authentication schemes.(5 marks)