1. Illustrate different servers used in Kerberos? Explain the role of each one.

Kerberos provides a centralized authentication server whose function is to authenticate users

to servers and servers to users. In Kerberos authentication server and database is used for client
authentication. Kerberos runs as third-party trusted server known as key distribution center
(KDC). Each user and service on the network is a principal.
The main components of Kerberos are:
a. Authentication Server (AS). The authentication server performs the initial authentication
and ticket for Ticket Granting Service.
b. Database. The Authentication Server verifies the access right of users in the database.
c. Ticket Granting Server (TGS). The Ticket Granting Server issues the ticket for the
Server.
Kerberos Overview:

Step 1. User login and request services on the host. Thus user requests for ticket-granting
service.
Step 2. Authentication Server verifies user’s access right using database and then gives ticket-
granting-ticket and session key. Results are encrypted using the Password of the user.
Step 3. The decryption of the message is done using the password and then send the ticket to
ticket granting Server. The ticket contains authenticators like user names and network
addresses.
Step 4. Ticket Granting Server decrypts the ticket sent by User and authenticator verifies the
request then creates the ticket for requesting services from the Server.
Step 5. The user sends the Ticket and Authenticator to the server.
Step 6. The server verifies the Ticket and authenticators then generate access to the service.
After this User can access the services.
2. Give a brief notes on X.509 authentication service.
X.509 is a digital certificate that is built on top of a widely trusted standard known as ITU or
International Telecommunication Union X.509 standard, in which the format of PKI
certificates is defined. X.509 digital certificate is a certificate-based authentication security
framework that can be used for providing secure transaction processing and private
information. These are primarily used for handling the security and identity in computer
networking and internet-based communications.
Working of X.509 Authentication Service Certificate.
The core of X,509 authentication service is the public key certificate connected to each user.
These user certificates are assumed to be produced by some trusted certification authority and
positioned in the directory by the user or the certified authority. These directory servers are
only used for providing an effortless reachable location for all users so that they can acquire
certificates. X.509 standard is built on an IDL known as ASN.1. With the help of Abstract
Syntax Notation, the X.509 certificate format uses an associated public and private key pair
for encrypting and decrypting a message.
Once an X.509 certificate is providing to a user by the certified authority, that certificate is
attached to it like an identity card. The chances of someone stealing it or losing it are less,
unlike other unsecured passwords. With the help of this analog, it is easier to imagine how this
authentication works: the certificate is basically presented like an identity at the resource that
requires authentication.

Applications of X.509 Authentication Service Certificate.

Many protocols depend on X.509 and it has many applications, some of them are given below:
a. Document signing and Digital signature
 b. Web server security with the help of Transport Layer Security (TLS)/Secure Sockets Layer
(SSL) certificates
c. Email certificates
d. Code signing
e. Secure Shell Protocol (SSH) keys
f. Digital Identities
3. Give the structure of HMAC.
The working of HMAC starts with taking a message M containing blocks of length b bits. An
input signature is padded to the left of the message and the whole is given as input to a hash
function which gives us a temporary message-digest MD’. MD’ again is appended to an output
signature and the whole is applied a hash function again, the result is our final message digest
MD.
Here is a simple structure of HMAC:
 Here, H stands for Hashing function.
M is the original message
Si and So are input and output signatures respectively,
Yi is the ith block in original message M, where I ranges from [1, L)
L = the count of blocks in M
K is the secret key used for hashing
IV is an initial vector (some constant)
The generation of input signature and output signature Si and So respectively.

To a normal hash function, HMAC adds a compression instance to the processing. This
structural implementation holds efficiency for shorter MAC values.
4. Explain the Application of HMAC.
a. Verification of e-mail address during activation or creation of an account.
b. Authentication of form data that is sent to the client browser and then submitted back.
c. HMACs can be used for Internet of things (IoT) due to less cost.
d. Whenever there is a need to reset the password, a link that can be used once is sent without
adding a server state.
e. It can take a message of any length and convert it into a fixed-length message digest. That
is even if you got a long message, the message digest will be small and thus permits
maximizing bandwidth.
5. Brief about PGP cryptographic functions for authentication only, confidentiality only
and both confidentiality and authentication.
The Pretty Good Privacy secure email program, is a remarkable phenomenon, has grown
explosively and is now widely used. Largely the effort of a single person, Phil Zimmermann,
who selected the best available crypto algorithms to use & integrated them into a single
program, PGP provides a confidentiality and authentication service that can be used for
electronic mail and file storage applications. It is independent of government organizations and
runs on a wide range of systems, in both free & commercial versions.
PGP Operation – Authentication
 a.Sender creates message
b.Use SHA-1 to generate 160-bit hash of message
c.Signed hash with RSA using sender’s public key, and is attached to message.
d.Receiver use RSA with sender’s public key to decrypt and recover hash code
e.Receiver verifies received message using hash of it and compares with decrypted hash
code.
PGP Operation – Confidentiality

Sender:
a. Generates message and a random number (session key) only for this message
b. Encrypts message with the session key using AES, 3DES, IDEA or CAST-128
c. Encrypts session key itself with recipients public key using RSA
d. Attaches it to message.
Receiver:
a. Recovers session key be decrypting using his private key
b. Decrypts message using the session key
Confidentiality service provides no assurance to the receiver as the identity of sender (i.e. no
authentication). Only provides confidentiality for sender that only the recipient can read the
message (and no one else)
PGP Operation – Confidentiality & Authentication

Can use both services on same message:

a. Create signature & attach to message
b. Encrypt both message & signature
c. Attach RSA encrypted session key
d. Is called authenticated confidentiality
6. Give a short note on S/MIME.
 S/MIME is an abbreviation for “Secure/Multipurpose Internet Mail Extension”. It is a secure
enhanced variant of the MIME internet email format based on RSA Data security technology.
Public key cryptography is utilized in this case to sign, encrypt, or decode the email digitally.
The user obtains a public-private key pair from a trusted authority and then uses those keys
appropriately with email programs. MIME replaced the STMP protocol since it was limited to
text and could only carry text messages. The user obtains a public-private key pair from a
trusted authority and then uses those keys appropriately with email programs. MIME replaced
the SMTP protocol since it was restricted to text, where only text message were permitted to
transmit. The restricted protocol SMTP was unable to communicate multimedia files and
documents in many arbitrary forms because it employs a 7-bit ASCII representation of
characters in an email message, which cannot represent special characters with values more
than 127.
Structure of S/MIME
A MIME email message comprises a text message, some specific headers, and formatted text
parts. Each segment may include an ASCII-encoded portion of data and the technique for
decoding the data at the receiver’s end. MIME headers provide the following information:
MIME version, Content-ID, Content-Type, Content-Transfer-Encoding, and Content-
Description.
Advantages of S/MIME
a. It is available in various modern mail agents like Netscape, MS Outlook, etc.
b. It is utilized in commercial or industrial settings
c. It ensures the message’s validity and security.
d. The digital signature protects the email by using email spoofing.
Disadvantages of S/MIME
a. All users are unable to benefit from S/MIME due to enforced certificate need because some
users simply desire encryption.
b. All email clients do not support S/MIME signatures.
7. Explain ESP Header IPSec.
Encapsulation security payload, also abbreviated as ESP plays a very important role in network
security. ESP is an individual protocol in IPSec. ESP is responsible for the CIA triad of security
(Confidentiality, Integrity, Availability), which is considered significant only when encryption
is carried along with them. Securing all payload/packets/content in IPv4 and IPv6 is the
responsible of ESP.
As the name suggests, it involves encapsulation of the content/ payload encrypts it to suitable
form and then there a security check or authentication takes place for payload in IP Network.
Encryption/ encapsulation and security/ authentication make the payload extremely secure and
safe from any kind of harm or threat to content/ data/ payload being stolen by any third party.
The encryption process is performed by authenticated user, similarly, the decryption process
is carried out only when the receiver is verified, thus making the entire process very smooth
and secure. The entire encryption that is performed by ESP is carried on the principle of the
integrity of payload and not on the typical IP header.
Working of ESP:
a. Encapsulating Security Payload supports both main Transport layer protocols: IPv4 and
IPv6 protocols.
b. It performs the functioning of encryption in headers of Internet Protocol or in general say,
it resides and performs functions in IP Header.
 c. One important thing to note here is that the insertion of ESP is between Internet Protocol
and other protocols such as UDP/TCP/ICMP.
Modes in ESP:
Encapsulating Security Payload supports two modes, i.e. Transport mode, and tunnel mode.
Tunnel Mode:
a. Mandatory in Gateway, tunnel mode holds utmost importance
b. Here, a new IP Header is created which is used as the outer IP Header followed by ESP.
Transport Mode:
a. Here, IP Header is not protected via encryption or authentication, making it vulnerable to
threats.
b. Less processing is seen in this mode, so the inclusion of ESP is preferred.
Components of ESP:

8. What is security association?

A Security Association (SA) is a fundamental concept in the field of computer network
security, particularly in the context of Internet Protocol Security (IPsec). IPsec is a suite of
protocols that provides cryptographic security services for Internet Protocol (IP) traffic. It is
 commonly used to secure communication over a network, such as virtual private networks
(VPNs).
A Security Association represents a logical connection or relationship between two entities,
such as two network devices or hosts, that require secure communication. It defines the
parameters and attributes for securing the communication, including the cryptographic
algorithms, keys, and other security-related details. When two entities want to communicate
securely, they establish a Security Association by negotiating the necessary security
parameters.
There are two main types of Security Associations in IPsec:

1. Transport Mode Security Association: This secures communication between individual

hosts.
2. Tunnel Mode Security Association: This is used to secure communication between
networks, often employed in the context of VPNs.
Establishing a Security Association involves a negotiation process, where the two
communicating entities agree on the security parameters. This negotiation is typically done
using protocols such as the Internet Key Exchange (IKE). Once the Security Association is
established, it provides a secure channel for communication between the entities.
The Security Association ensures the confidentiality, integrity, and authenticity of the data
being exchanged between the entities. It plays a crucial role in enabling secure communication
over potentially insecure networks like the Internet.
9. Determine the different Web Security Requirements.
Web security involves various measures and requirements to protect websites, web
applications, and web services from threats and vulnerabilities. Here are some key web security
requirements:
1. Data Encryption:
- Requirement: Ensure the use of secure and encrypted communication channels
(HTTPS/SSL/TLS) to protect data in transit.
- Purpose: Prevent unauthorized access and eavesdropping on sensitive data during
transmission.
2. Authentication:
- Requirement: Implement strong user authentication mechanisms, such as multi-factor
authentication (MFA).
- Purpose: Verify the identity of users and prevent unauthorized access to sensitive
information.
3. Authorization:
- Requirement: Enforce proper access controls and permissions to restrict user access to
authorized resources.
- Purpose: Prevent unauthorized users from accessing or modifying sensitive data.
4. Input Validation:
- Requirement: Validate and sanitize all user inputs to prevent injection attacks (e.g., SQL
injection, cross-site scripting).
- Purpose: Mitigate the risk of malicious code execution or unauthorized data access through
input manipulation.
5. Session Management:
 - Requirement: Implement secure session handling mechanisms, including secure session
storage and token management.
- Purpose: Protect against session hijacking and ensure the integrity of user sessions.
6. Cross-Site Request Forgery (CSRF) Protection:
- Requirement: Implement measures such as anti-CSRF tokens to prevent CSRF attacks.
- Purpose: Counteract unauthorized actions performed on behalf of an authenticated user.
7. Cross-Origin Resource Sharing (CORS) Configuration:
- Requirement: Configure CORS headers to control which domains can access web
resources.
- Purpose: Mitigate the risk of cross-origin attacks and unauthorized data access.
8. Security Patching:
- Requirement: Regularly update and patch web servers, frameworks, and dependencies to
address known vulnerabilities.
- Purpose: Minimize the risk of exploitation due to outdated software components.
9. Security Headers:
- Requirement: Utilize security headers, such as Content Security Policy (CSP), to control
browser behavior and mitigate certain types of attacks.
- Purpose: Enhance the overall security posture of web applications.
10. Secure File Uploads:
- Requirement: Implement secure file upload mechanisms with proper validation and
restrictions.
- Purpose: Prevent malicious file uploads that could lead to security vulnerabilities.
These requirements collectively contribute to building a strong and comprehensive web
security posture, helping to protect against a wide range of potential threats and attacks.
10. List out the features of SET.
Secure Electronic Transaction (SET) was a protocol designed to enhance the security of
electronic transactions conducted over the Internet. SET was developed by major credit card
companies, including Visa and MasterCard, in the late 1990s. While SET is not as widely used
today, some of its features and concepts have influenced modern secure online transaction
practices. Here are the key features of Secure Electronic Transaction:
1. Confidentiality:
- SET ensures the confidentiality of sensitive information, such as credit card numbers and
personal details, during the online transaction process.
2. Integrity:
- It provides mechanisms to ensure the integrity of the data being transmitted, preventing
unauthorized modification of transaction details.
3. Authentication:
- SET includes strong authentication mechanisms to verify the identities of both the
cardholder and the merchant. This helps prevent unauthorized access and fraud.
4. Digital Certificates:
- SET relies on digital certificates to authenticate the various entities involved in the
transaction, including cardholders, merchants, and payment gateways.
5. Transaction Encryption:
- All communication between the involved parties is encrypted using secure protocols,
ensuring that the transaction details are protected from eavesdropping.
6. Dual Signature:
 - SET transactions involve a dual signature process, where both the cardholder and the
merchant digitally sign the transaction. This adds an extra layer of security.
7. Payment Gateway Integration:
- SET integrates with payment gateways to securely transmit payment information between
the merchant and the financial institution.
8. Certificate Authorities:
- Certificate authorities play a crucial role in SET by issuing digital certificates to entities
involved in the transaction, verifying their identities.
9. Message Integrity Code (MIC):
- SET uses Message Integrity Codes to ensure that messages have not been altered during
transmission.
10. Transaction Timestamps:
- SET includes timestamps to provide a clear timeline of the transaction, helping to prevent
replay attacks.
11. Secure Key Management:
- The protocol employs secure key management practices to protect cryptographic keys used
in the transaction process.
12. Merchant Privacy:
- SET allows merchants to maintain the privacy of their customers by not having direct
access to sensitive payment information.
13. Cardholder Privacy:
- SET enhances the privacy of cardholders by limiting the information shared with
merchants during the transaction process.
14. Non-repudiation:
- SET provides non-repudiation features, ensuring that parties involved in the transaction
cannot deny their participation.
While SET itself is not widely used today, many of its security concepts and practices have
been incorporated into modern payment card industry standards and protocols, such as the
Payment Card Industry Data Security Standard (PCI DSS) and the Secure Sockets Layer (SSL)
and Transport Layer Security (TLS) protocols for secure web communication.
11. Explain about IPsec Architecture.
a. ESP Protocol. ESP provides a confidentiality service. ESP is implemented in either two
ways:
- ESP with optional Authentication
- ESP with Authentication
Packet Format:
• Security Parameter Index. This parameter is used by security association. It is used to give
a unique number to the connection built between the Client and Server.
• Sequence Number. Unique Sequence numbers are allotted to every packet so that on the
receiver side packets can be arranged properly.
• Payload Data. Payload data means the actual data or the actual message. The payload data
is in an encrypted format to achieve confidentiality.
• Padding. Extra bits of space are added to the original message in order to ensure
confidentiality. Padding length is the size of the added bits of space in the original message.
• Next Header. Next header means the next payload or next actual data.
• Authentication Data. This field is optional in ESP protocol packet format.
b. Encryption algorithm. The encryption algorithm is the document that describes various
encryption algorithms used for ESP
c. AH Protocol. Authentication Header Protocol provides both Authentication and Integrity
service. Authentication Header is implemented in one way only: Authentication along with
Integrity. Authentication Header covers the packet format and general issues related to the
 use of AH for packet authentication and integrity of Encapsulation Security Payload.

d. Authentication Algorithm. The authentication Algorithm contains the set of documents

that describe the authentication algorithm used for AH and for authentication option of
ESP.
e. DOI (Domain of Interpretation). DOI is the identifier that supports both AH and ESP
protocols. It contains values needed for documentation related to each other.
f. Key Management. Key Management contains the document that describes how the keys
are exchanged between sender and receiver.
12. Explore the technical details of firewall and describe any three types of firewall with neat
diagram.
Firewall Overview:
A firewall is a network security device or software that monitors and controls incoming and
outgoing network traffic based on predetermined security rules. It acts as a barrier between a
trusted internal network and untrusted external networks, such as the Internet, to prevent
unauthorized access and protect against cyber threats.
Firewalls operate at various layers of the OSI model, including the network layer (Layer 3)
and the application layer (Layer 7). They can be implemented as hardware appliances, software
applications, or a combination of both.
Three Types of Firewalls with Diagrams:
1. Packet Filtering Firewall:
- Description: Packet filtering is the most basic form of firewall protection. It examines each
packet of data that flows through the network and makes decisions based on criteria such as
source and destination IP addresses, port numbers, and protocol types.
 +------------------------+
| Incoming Packets |
| +------------------+ |
| | Packet Filtering | |
| | Firewall | |
| +------------------+ |
| | |
| V |
| +------------------+ |
| | Allow / Block | |
| | Decisions | |
| +------------------+ |
+------------------------+
2. Stateful Inspection Firewall:
- Description: Stateful inspection (dynamic packet filtering) goes beyond the basic packet
filtering approach. It keeps track of the state of active connections and makes decisions based
on the context of the traffic. Stateful inspection is aware of the state of established connections
and allows only legitimate traffic.
+------------------------+
| Incoming Packets |
| +------------------+ |
| | Stateful | |
| | Inspection | |
| | Firewall | |
| +------------------+ |
| | |
| V |
| +------------------+ |
| | Allow / Block | |
| | Decisions | |
| +------------------+ |
+------------------------+
3. Proxy Firewall:
- Description: A proxy firewall acts as an intermediary between internal and external
networks. Instead of allowing direct connections between the two, it establishes a connection
on behalf of the user and makes requests on their behalf. This can provide additional security
by hiding the internal network structure.
 +------------------------+
| Internal Network |
| +------------------+ |
| | Proxy | |
| | Firewall | |
| +------------------+ |
| | |
| V |
| +------------------+ |
| | External Network| |
| | (Internet) | |
| +------------------+ |
+------------------------+
13. Summarize the Intrusion Detection System.
a. An IDS monitors the traffic on a computer network to detect any suspicious activity.
b. It analyzes the data flowing through the network to look for patterns and signs of abnormal
behavior.
c. The IDS compares the network activity to a set of predefined rules and patterns to identify
any activity that might indicate an attack or intrusion.
d. If the IDS detects something that matches one of these rules or patterns, it sends an alert to
the system administrator.
e. The system administrator can the investigate the alert and take action to prevent any
damage or further intrusion.
Classification of Intrusion Detection System
a. Network Intrusion Detection System. NIDS are set up at a planned point within the
network to examine traffic from all devices on the network. It performs an observation of
passing traffic on the entire subnet and matches the traffic that is passed on the subnets to
the collection of known attacks. Once an attack is identified or abnormal behavior is
observed, the alert can be sent to the administrator.
b. Host Intrusion Detection System. HIDS run on independent hosts or devices on the
network. A HIDS monitors the incoming and outgoing packets from the device only and
will alert the administrator if suspicious or malicious activity is detected. It takes a snapshot
of existing system files and compares it with the previous snapshot. If the analytical system
files were edited or deleted, an alert is sent to the administrator to investigate.
c. Protocol based Intrusion Detection System. PIDS comprises a system or agent that
would consistently reside at the front end of a server, controlling and interpreting the
protocol between a user and the server. It is trying to secure the web server by regularly
monitoring the HTTPS protocol stream and accepting the related HTTP protocol. As
HTTPS is unencrypted and before instantly entering its web presentation layer then this
system would need to reside in this interface, between to use the HTTPS.
d. Application Protocol based Intrusion Detection System. APIDS is a system or agent
that generally resides within a group of servers. It identifies the intrusions by monitoring
and interpreting the communication on application-specific protocols.
e. Hybrid Intrusion Detection System. HIDS is made by the combination of two or more
approaches to the IDS. In the HIDS, the host agent or system data is combined with network
 information to develop a complete view of the network system. The HIDS is more effective
in comparison to the other IDS.
14. What are the elements of SNMP? Explain the basic concept of SNMP.
Simple Network Management Protocol:
SNMP is an application layer protocol that uses UDP port number 161/162. SNMP is used to
monitor the network detect network faults, and sometimes even used to configure remote
devices.
SNMP Components.
There are 3 components of SNMP:
a. SNMP Manager. It is a centralized system to monitor network.
b. SNMP agent. It is a software management software module installed on a managed device.
Managed device can be network devices like PC, routers, switches, servers, etc.
c. Management Information Base. MIB consists of information on resource that are to be
managed. This information is organized hierarchically. It consists of object instances which
are essentially variables.
SNMP messages.
Different variables are:
a. GetRequest. SNMP manager sends this message to request data from the SNMP agent. It
is simply used to retrieve data from SNMP agents. In response to this, the SNMP agent
responds with the requested value through a response message.
b. GetNextRequest. This message can be sent to discover what data is available on an SNMP
agent. The SNMP manager can request data continuously until no more data is left. In this
way, the SNMP manager can take knowledge of all the available data on SNMP agents.
c. GetBulkRequest. The message is used to retrieve large data at once by the SNMP manager
from the SNMP agent. It is introduced in SNMPv2c.
d. SetRequest. It is used by the SNMP manager to set the value of an object instance on the
SNMP agent.
e. Response. It is a message sent from the agent upon a request from the manager. When sent
in response to Get messages, it will contain the data requested. When sent in response to
the Set message, it will contain the newly set value as confirmation that the value has been
set.
f. Trap. These are the message sent by the agent without being requested by the manager. It
is sent when a fault has occurred.
g. InformRequest. It was introduced in SNMPv2c, used to identify if the trap message has
been received by the manager or not. The agents can be configured to send trap message
continuously until it receives an Inform message. It is the same as a trap but adds an
acknowledgement that the trap doesn’t provide.
SNMP security levels.
It defines the type of security algorithm performed on SNMP packets. These are used in only
SNMPv3. There are 3 security levels namely:
a. noAuthNoPriv. This security level uses a community string for authentication and no
encryption for privacy.
b. authNopriv. This security level uses HMAC with Md5 for authentication and no encryption
is used for privacy.
c. authPriv. This security level uses HMAC with Md5 or SHA for authentication and
encryption uses the DES-56 algorithm.
15. Define virus. Explain in detail
A computer virus is a type of malicious software (malware) that is designed to replicate itself
and spread from one computer to another. Like biological viruses, computer viruses can attach
themselves to legitimate programs or files, infect them, and then use the infected host to
propagate further. The primary goal of a computer virus is often to cause damage, disrupt
normal computer operations, or steal sensitive information.
Here are the key components and characteristics of computer viruses:
1. Infection Mechanism:
- A virus typically attaches itself to a host program or file, often executable files or
documents. When the infected file is executed or opened, the virus code is activated and can
then carry out its malicious activities.
2. Replication:
- Viruses have the ability to replicate and create copies of themselves. This replication
process allows the virus to spread to other files, programs, or even other computers. The
spreading mechanism can vary, and it may involve attaching copies of the virus to emails,
network connections, or removable storage devices.
3. Payload:
- The payload is the malicious part of the virus that carries out the intended harmful actions.
This could include actions such as deleting files, corrupting data, displaying unwanted
messages, or compromising the security of the infected system.
4. Activation:
- Viruses often have a trigger or activation mechanism that determines when the malicious
payload is executed. This trigger could be a specific date, an event, or a particular condition,
and it is designed to maximize the impact of the virus.
5. Concealment:
- To avoid detection and removal, viruses often employ techniques to conceal their presence.
This can include methods like encrypting their code, modifying file attributes, or using
polymorphic techniques that change the appearance of the virus to evade antivirus detection.
6. Propagation:
- Viruses spread by attaching themselves to other programs or files. They can propagate
through various means, such as infected email attachments, shared network resources, or
compromised websites. Some viruses can also exploit security vulnerabilities to automatically
infect other systems.
7. Types of Viruses:
- There are various types of computer viruses, each with its own characteristics and methods
of operation. These include file viruses, macro viruses (embedded in document macros), boot
sector viruses (infecting the master boot record of a storage device), and script viruses (written
in scripting languages).
8. Antivirus Measures:
- To combat viruses, antivirus software is commonly used. Antivirus programs employ
signature-based detection, behavioral analysis, heuristics, and other methods to identify and
remove viruses from infected systems.