1. Explain the concept of NAT?

Network Address Translation (NAT) is a technique designed to enable private IP networks

that use unregistered IP address to connect to the internet. NAT works by translating private
IP addresses into public IP addresses, allowing multiple devices on a private network to share
a single public IP address for internet communication.

The contents of NAT typically include:

Source IP address: This is the IP address of the device on the private network that is sending
data out to the internet.

Destination IP address: This is the IP address of the device on the internet that is the
intended recipient of the data.

Source port: This is the port number used by the private device to send the data.

Destination port: This is the port number used by the internet device to receive the data.

NAT works by modifying the source and/or destination IP addresses and ports of incoming
and outgoing packets to ensure that they are correctly routed between the private network
and the internet. This allows multiple devices on the private network to share a single public
IP address, which is useful for conserving IP address space and providing an additional layer
of security.

2. Compare TCP/IP and OSI model.



sl- Parameters TCP/IP Model OSI Model

no.

1 Reference TCP/IP refers to Transmission Control OSI refers to Open System

Protocol/Internet Protocol Interconnection

2 Reliability TCP/IP is more reliable. OSI is less reliable.

 3 Layers TCP/IP has five layers: OSI has seven layers:

 Physical  Physical
 Data Link  Data Link
 Internet  Network
 Transport  Transport
 Application  Session
 Presentation
 Application

4 Approaches TCP/IP follow a horizontal approach. OSI follow a vertical approach.

5 Development It developed protocols then model. OSI developed model then

protocols.

6 Assurance Transport layer in TCP/IP does not In OSI model, transport layer
provide assurance delivery of provides assurance delivery of
packets. packets.

7 Protocol Protocols cannot be replaced easily while in OSI model, Protocols are
Replacement in TCP/IP model. better covered and is easy to
replace with the change in
technology.

8 Developed by It is developed by ARPANET It is developed by ISO

(Advanced Research Project Agency (International Standard
Network). Organization).

3. Define Security
Security refers to the measures or precautions taken to protect something from harm,
damage, theft, unauthorized access, or other types of malicious activities. In the context of
computer systems, security refers to the protection of digital information from unauthorized
access, modification, or destruction.

Security can be achieved through various means such as physical security, access control,
encryption, firewalls, antivirus software, intrusion detection systems, and other security
technologies. It is important to implement appropriate security measures to ensure the
confidentiality, integrity, and availability of data, as well as to prevent unauthorized access
and misuse of computer systems.

4. CIA Triad:
When talking about network security, the CIA triad is one of the most important models
which is designed to guide policies for information security within an organization.
CIA stands for:

 Confidentiality
 Integrity
 Availability

 Confidentiality:

Confidentiality means that only authorized individuals/systems can view sensitive or

classified information. The data being sent over the network should not be accessed by
unauthorized individuals. The attacker may try to capture the data using different tools
available on the Internet and gain access to your information. A primary way to avoid this is
to use encryption techniques to safeguard your data so that even if the attacker gains access
to your data, he/she will not be able to decrypt it.

 Integrity:

The next thing to talk about is integrity. Well, the idea here is to make sure that data has not
been modified. Corruption of data is a failure to maintain data integrity. To check if our data
has been modified or not, we make use of a hash function.

Let’s assume Host ‘A’ wants to send data to Host ‘B’ to maintain integrity. A hash function will
run over the data and produce an arbitrary hash value H1 which is then attached to the data.
When Host ‘B’ receives the packet, it runs the same hash function over the data which gives a
hash value of H2. Now, if H1 = H2, this means that the data’s integrity has been maintained
and the contents were not modified.

 Availability:

This means that the network should be readily available to its users. This applies to systems
and to data. To ensure availability, the network administrator should maintain hardware,
make regular upgrades, have a plan for fail-over, and prevent bottlenecks in a network.
Attacks such as DoS or DDoS may render a network unavailable as the resources of the
network get exhausted. The impact may be significant to the companies and users who rely
on the network as a business tool. Thus, proper measures should be taken to prevent such
attacks.

5. Describe TCP 3-way handshaking.

 The TCP three-way handshake is a process used by TCP (Transmission Control Protocol) to
establish a connection between
two network devices. Here are the
steps involved in the TCP three-
way handshake:
Step 1 (SYN- synchronize): In the first step, the client wants to establish a connection with a
server, so it sends a segment with SYN (Synchronize Sequence Number) which informs the
server that the client is likely to start communication and with what sequence number it
starts segments with.

Step 2 (SYN + ACK - synchronize-acknowledge): The server responds to the client request
with SYN-ACK signal bits set. Acknowledgment (ACK) signifies the response of the segment it
received, and SYN signifies with what sequence number it is likely to start the segments with.

Step 3 (ACK- acknowledge): In the final part client acknowledges the response of the server
and they both establish a reliable connection with which they will start the actual data
transfer.

At this point, the connection is established, and the two devices can start sending data.

The 3-way handshake is important because it ensures that both devices are ready and willing
to exchange data, and that they agree on the initial sequence and acknowledgement
numbers. This helps to prevent data loss, corruption, and other errors that can occur during
data transmission.

6. Define Hacking
Hacking is the act of identifying weaknesses in computer systems or networks to exploit its
weakness to gain access.

In other words, it involves attempting to gain control over a computer network or security
system for illicit purposes.

Hackers can destroy, steal, or even prevent authorized users from accessing the system.

Hacking involves the process of finding vulnerabilities and exploiting them to gain
unauthorized access to the target system.

7. Define White hat Hacker, Black hat Hacker, Grey hat Hacker, Red
Team, Blue Team, Purple Team.
 White hat hackers: These types of hackers are also known as ethical hackers; they are
security specialists hired by organizations to conduct tasks such as tests and vulnerability
assessments on their systems to improve their security defences.

Ethical hackers gain access to systems with a view to fix the identified weaknesses. They may
also perform penetration testing and
vulnerability assessments.

Black hat hacker (cracker): A hacker who

gains unauthorized access to computer
systems for personal gain. The intention is
usually to steal confidential data, credential data, corporate data, violate privacy rights,
transfer funds from bank accounts, etc.

These types of hackers are commonly unethical hackers. A black hat hacker is typically one
who engages in cybercrime operations and uses hacking for financial gain and implements
malware into systems.

Grey hat hackers: They are a combination of white hat and black hat hackers. They do not
hack into systems with the malicious goal of stealing data and do not participate in true
ethical hacking.

A grey hat hacker is in between an ethical and a black hat hacker. They break into computer
systems without authority with the aim of identifying weaknesses and revealing them to the
system owner.

Red team: A red team is a group of individuals or a team that acts as the adversary or
attacker. The red team's primary goal is to simulate real-world attacks and attempt to breach
the security defences of a system or organization. They use various Practices, Techniques, and
Procedures (PTP) to identify vulnerabilities, exploit weaknesses, and gain unauthorized
access. The red team evaluates how well the organization's security measures work.

Blue team: A blue team refers to the defensive side or the defenders of a system or
organization. The blue team's objective is to protect the system or organization from attacks.
They implement security measures, monitor systems for any weird or dangerous activities,
and respond to incidents. Blue team activities include vulnerability management, intrusion
detection, incident response, and continuous monitoring to ensure the security and integrity
of the system.

Purple team: The purple team is a collaborative approach that combines the efforts of both
the red team and the blue team. The purple team conducts joint exercises where the red
team performs simulated attacks while the blue team defends against those attacks. The
purpose of the purple team is to foster communication, cooperation, knowledge sharing
between the offensive and defensive teams, and improve the organization's security
practices.

8. Define threat, vulnerability, risk, and exploit.



Threat: A threat is any potential danger or risk to the security of a system, network, or data.
Threats can come from a variety of sources, such as malware, hackers, natural disasters, or
human error. The threat can be intentional or accidental, and its impact can range from mild
to extreme.

Vulnerability: A vulnerability is a weakness or gap in the security of a system that can be

exploited by attackers to gain unauthorized access or cause harm. Vulnerabilities can be
caused by software bugs, misconfigurations, poor security practices, or other factors.
 Risk: Risk is the likelihood or probability that a threat will exploit a vulnerability and cause
harm to a system, organization, or individual. It involves the assessment of the potential
impact of the threat and the vulnerability in question. The risk can be mitigated through
various measures, including risk management strategies, security controls, and incident
response plans.

Exploit: An exploit is a specific tool or technique that is used to take advantage of a

vulnerability in a system or network. Exploits can be created by hackers or discovered by
security researchers, and they can be used to carry out attacks or steal sensitive data. They
can be distributed through various channels, including emails, websites, and social
engineering tactics.

9. Write a detail about Active attack and Passive Attack.

A cyber-attack is any type of offensive action that targets computer information systems,
infrastructures, computer networks, or personal computer devices, using various methods to
steal, alter, or destroy data or information systems.

Security attacks can be classified into two categories:

I. Active attacks: Active attacks involve the modification, destruction, or creation of data.
In an active attack, the attacker tries to alter or destroy the data being transmitted or
manipulate the system in some way to cause harm. Active attacks can take many forms,
such as denial-of-service (DoS) attacks, viruses, worms, and Trojan horses.
II. Passive attacks: Passive attacks involve the interception or monitoring of data without
altering it. In a passive attack, the attacker tries to intercept the data being transmitted or
access data that is being stored in an unauthorized manner. Passive attacks can take
many forms, such as traffic analysis and packet sniffing.
10. What is Ethical Hacking? What are the goals of Ethical hacking?
Ethical Hacking is the authorized practice of bypassing system security to identify potential
data breaches and threats in a network. Ethical hackers aim to investigate the system or
network for weak points that malicious hackers can exploit or destroy.

The goals of ethical hacking in a company are as follows:

o To protect the system from attackers

o To ensure the privacy of organization data
o To eliminate any potential threats
11. Define vulnerability analysis and penetration testing.
Vulnerability analysis and penetration testing are both methods used to identify security
weaknesses in computer systems and networks, but they have different objectives and
approaches.

Vulnerability analysis involves systematically identifying and evaluating potential security

vulnerabilities in a system or network. This can involve scanning the system or network for
known vulnerabilities, testing for common misconfigurations, analysing logs for suspicious
activity, and reviewing system documentation and policies. The goal of vulnerability analysis
is to identify potential weaknesses before they can be exploited by attackers, so that they can
be remediated or mitigated.

Penetration testing, on the other hand, is a more active and aggressive approach to security
testing. Penetration testing involves simulating an attack on a system or network to identify
vulnerabilities that may be exploited by a skilled attacker. This can involve attempting to
exploit known vulnerabilities, testing for new and unknown vulnerabilities, and attempting to
gain unauthorized access to sensitive data or systems. The goal of penetration testing is to
identify real-world security weaknesses and to evaluate the effectiveness of security controls
and incident response procedures.

In summary, vulnerability analysis is a more passive approach to security testing, while

penetration testing is a more active and aggressive approach. Both methods are important
for identifying and addressing security weaknesses in computer systems and networks, and
they are often used together as part of a comprehensive security testing strategy.

12. Explain the concept of honeypot.

A honeypot is a type of cybersecurity tool or technique that involves setting up a decoy
system or network to attract attackers. The honeypot appears to be a valuable target, but it is
closely monitored, and any activity on the honeypot is assumed to be malicious. The goal of
a honeypot is to divert attackers away from actual production systems and to gather
intelligence on their techniques and tactics.

A honeypot typically consists of simulated or emulated systems, applications, and data that
appear to be legitimate but are designed to trap attackers. The honeypot may contain fake
files, user accounts, or network services that are designed to entice attackers into revealing
their techniques or intentions. The honeypot may also be configured to alert security
personnel when it is being accessed or attacked.

There are several different types of honeypots, including low-interaction honeypots and
high-interaction honeypots. Low-interaction honeypots simulate a limited subset of a real
system or application and are used primarily for early detection of attacks. High-interaction
honeypots are more complex and simulate a complete system or application and are used to
gather more detailed information on attacker techniques and behaviours.

The use of honeypots can provide several benefits for cybersecurity, including:

a) Early detection of attacks and malicious activity.

b) Diversion of attackers away from actual production systems.
c) Gathering of intelligence on attacker tactics and techniques
d) Enhancing overall cybersecurity by providing a better understanding of potential
attack vectors and vulnerabilities.

However, the use of honeypots also carries some risks, such as potential exposure of sensitive
information and the possibility of attackers using the honeypot as a launchpad for further
attacks. Therefore, the use of honeypots should be carefully planned and executed as part of
a comprehensive cybersecurity strategy.

13. What is cybercrime? When is an activity over the internet

considered as cybercrime?
Cybercrime is a growing concern in today's digital age. It refers to criminal activities that
are committed using computers or the internet. Cybercrime includes a wide range of illegal
activities such as hacking, identity theft, online scams, cyberbullying, cyberstalking, and
distribution of malicious software (malware).

An activity over the internet is considered cybercrime when it involves the use of technology
to commit an illegal act. For example, stealing personal information or financial data using a
computer or network is considered a cybercrime. Similarly, spreading malware or viruses,
hacking into computer systems or networks, conducting phishing attacks, and online
harassment are all examples of cybercrime.

14. Common Cyber security attacks:

There are numerous types of cyber security attacks that can target individuals and
organizations. Some common ones include:

Phishing attacks: Phishing attacks are often designed to look like legitimate emails or
messages from reputable sources, such as banks or online retailers. They often include a call
to action, such as clicking on a link or entering login credentials, which can lead to the user
unknowingly giving away sensitive information. Phishing attacks can also take the form of
phone calls or social engineering, where an attacker manipulates someone into giving away
information through a seemingly normal conversation.

Denial-of-service (DoS) attacks: DoS attacks can be launched from a single device or
coordinated across multiple devices, such as a botnet. They can target specific systems or
entire networks and can cause significant disruption to online services by sending excessive
traffic to a system and network.

SQL injection attacks: SQL injection attacks are a common type of web application attack.
They take advantage of vulnerabilities in poorly written code that allows attackers to insert
malicious SQL statements into a web application's input fields. This can lead to unauthorized
access to sensitive data or even complete takeover of the web application.

Cross-site scripting (XSS) attacks: XSS attacks can be used to steal user credentials, session
tokens, or other sensitive information from a victim's web browser. They can also be used to
deliver malware or other malicious code to a user's device. XSS attacks are often delivered
through malicious links or by exploiting vulnerabilities in a website's code.

Buffer Overload: Buffer overload can be used to gain control of a system or steal sensitive
data. They often target applications that do not properly validate input, allowing attackers to
inject extra code that can take over the application or trigger a crash. This can allow attackers
to execute arbitrary code, steal data, or escalate privileges.
Drive-by downloads: Drive-by downloads can be difficult to detect, as they often rely on
exploiting vulnerabilities in web browsers or plug-ins that the user may not be aware of.
Once installed on a victim's device, malware can cause a range of problems, such as stealing
personal information, disrupting system operations, or locking the device and demanding a
ransom payment to regain access.

15. The difference between symmetric and asymmetric key

cryptography

Parameters Symmetric key cryptography Asymmetric key cryptography

key In Symmetric key cryptography, the
Generation sender and receiver use the same
key.
Key The key must be securely shared
Distribution between sender and receiver.
Security Security is achieved through the
confidentiality of the shared key.
In Asymmetric key cryptography,
two different keys are generated - a
public key and a private key.
Only the public key needs to be
shared.
Security is achieved using two
different keys and mathematical
algorithms.

Speed Symmetric key cryptography is Asymmetric key cryptography is

faster than Asymmetric key
cryptography as it uses a single key
for both encryption and
decryption.
Key Key management is relatively
Management easier in symmetric key
cryptography.
User Symmetric key cryptography is
mostly used for encrypting large
amounts of data.
Key Strength The security of symmetric key
cryptography is directly
proportional to the length of the
key used.
slower than Symmetric key
cryptography as it uses two keys for
both encryption and decryption.
Key management is complex in
asymmetric key cryptography.
Asymmetric key cryptography is
mostly used for key exchange,
digital signatures, and certificate
management.
The security of asymmetric key
cryptography depends on the
mathematical algorithms and the
length of the key used.

16. The difference between Steganography and Cryptography:

Steganography
Steganography means covered writing.
Steganography is less popular than
Cryptography.
In steganography, structure of data is not
usually altered.
In steganography, the fact that a secret
Cryptography
Cryptography means hidden writing.
While cryptography is more popular than
Steganography.
While in cryptography, structure of data is
altered.
While in cryptography only secret
 communication is taking place is hidden.
In Steganography the information is hidden.
Hidden information is not visible.
Steganography doesn’t have specific
algorithms.
message is hidden.
In cryptography the information is
transformed.
Transformed information is visible.
Cryptography have Various recognized
and approved algorithms to modify data.

17. Explain the working process of Digital signature.

A digital signature is a cryptographic technique used to ensure the authenticity and
integrity of digital documents or messages. The process of creating a digital signature
involves the following steps:

 Creation of the Signature: The sender generates a unique digital signature by using a
cryptographic algorithm such as RSA or DSA. This signature is created using the sender's
private key, which is kept secret and only known to the sender.
 Hashing of the Document: The sender calculates a cryptographic hash of the document
or message that they want to sign. This hash is a unique fingerprint of the document and
is created using a hashing algorithm such as SHA-256 or SHA-512.
 Combining the Signature and Hash: The sender combines the digital signature and the
hash of the document to create a single string of characters. This combined string is
known as the digital signature block.
 Distribution of the Document and Signature: The sender then distributes the original
document and the digital signature block to the recipient. The recipient can verify the
authenticity and integrity of the document by performing the following steps:
 Recalculating the Hash: The recipient recalculates the hash of the document
using the same hashing algorithm that the sender used.
 Verification of the Signature: The recipient then uses the sender's public key
(which is widely distributed and available to anyone) to verify the digital signature
block. This involves decrypting the digital signature block using the sender's
public key to retrieve the original hash value.
 Comparing Hashes: The recipient then compares the recalculated hash of the
document with the original hash value retrieved from the digital signature block.
If the hashes match, the document is considered authentic and unaltered. If the
hashes do not match, the document has been tampered with, and the recipient
will know that the document is not authentic.
18. What is Malware?
Short for Malicious Software. It is software used or created to disrupt computer operations,
gather sensitive information, or gain access to private computer systems. It can appear in the
form of code, script, active content, and other software. Malware is a general term used to
refer to a variety of forms of hostile, intrusive, or annoying software.
19. Define Virus, Adware, Warm, Trojan Horse, spyware, Boot
Sector virus, Macro Virus, Logic Bomb, Multivariant Virus.
Viruses:

• A program or piece of code that is loaded onto your computer without your
knowledge and runs against your wishes.
• Viruses can also replicate themselves.
• All computer viruses are man-made.
• Viruses copy themselves to other disks to spread to other computers.
• They can be merely annoying, or they can be vastly destructive to your files.
• Examples include Macro virus, Boot virus, Logic Bomb virus, and Resident virus.

Trojan Horses:

• A Trojan Horse program has the appearance of having a useful and desired function.
• A Trojan Horse neither replicates nor copies itself but causes damage or compromises
the security of a computer.
• A Trojan Horse must be sent by someone or carried by another program and may
arrive in the form of a joke program or software or some sort.
• These are often used to capture your logins and passwords.
• Examples include Remote access Trojans (RAT), Backdoor Trojans (back doors), IRC
Trojans (IRCbots), and Keylogging Trojans.

Worms:

• A computer worm is a self-replicating computer program.

• It uses a network to send copies of itself to other nodes (computers on the network)
and may do so without any user intervention.
• It does not need to attach itself to an existing program.

Spyware: A type of software that collects data about a user or organization without their
knowledge or consent. This data can include sensitive information such as passwords,
browsing history, and financial information. It is often installed through security
vulnerabilities or disguised as legitimate software.

Adware: A type of software that displays unwanted advertisements on a user's device.

Adware can slow down the performance of a device and generate pop-up ads, banners, and
other types of advertisements. It is often bundled with free software or obtained through
malicious websites.

Boot sector virus: It infects the boot sector of a disk and spreads when the infected disk is
booted. Boot sector viruses can cause the system to fail to boot or display error messages,
making the computer unusable.

Macro virus: It infects documents and spreadsheets that use macro programming
languages. Macro viruses can spread rapidly within an organization, infecting multiple files,
and compromising sensitive information.
Logic Bomb: A logic bomb virus is a type of malicious software that is programmed to
execute a harmful action based on a specific trigger or event. Unlike other types of viruses
that may immediately start causing damage upon infection, a logic bomb virus remains
inactive within a system until the trigger condition is met. Once triggered, it carries out its
malicious actions, such as deleting files, corrupting data, or disrupting the normal operation
of the system. The purpose of a logic bomb virus is to cause harm or damage to the targeted
system or data at a specific time or under specific circumstances.

Multivariant virus: A multivariant virus is a type of computer virus that can change its code
or structure to evade detection by antivirus software. These viruses may have multiple
variants that can mutate and evolve over time, making them difficult to detect and remove.

20. Describe the mechanism of virus detection by an antivirus.

 Antivirus software is a program designed to prevent, detect, and remove malware from a
computer or network.

Antivirus software identifies viruses using several methods:

 Signature-based detection: It matches the code patterns of known viruses to detect

them. The antivirus software has a database of known virus signatures.
 Heuristic-based detection: It uses algorithms to identify behaviour that may indicate a
new, unknown virus. It flags the suspicious code for manual analysis.
 Cloud-based detection: It uses collective intelligence gathered from multiple users and
systems to identify new threats and their behaviour in real-time. The antivirus software
communicates with a cloud server to determine if a file is safe.
21. Compare between DOS and DDOS.

DOS
DOS Stands for Denial-of-service
attack.
In Dos attack single system targets
the victim system.
Victim PC is loaded from the packet
of data sent from a single location.
Dos attack is slower as compared to
DDoS.
Can be blocked easily as only one
system is used.
In DOS Attack only single device is
used with DOS Attack tools.
DOS Attacks are Easy to trace.
Volume of traffic in the Dos attack is
less as compared to DDos.
DDOS
DDOS Stands for Distributed Denial of
service attack.
In DDoS multiple systems attacks the
victim’s system.
Victim PC is loaded from the packet of
data sent from Multiple location.
DDoS attack is faster than Dos Attack.
It is difficult to block this attack as
multiple devices are sending packets
and attacking from multiple locations.
In DDoS attack, the volume Boots are
used to attack at the same time.
DDOS Attacks are Difficult to trace.
DDoS attacks allow the attacker to
send massive volumes of traffic to the
 victim network.

22. What is IDS? Different types of IDS?

IDS stands for Intrusion Detection System. It is a security technology that monitors
network traffic or system activity for signs of malicious activity or policy violations. IDS can
detect unauthorized access, malware, denial of service attacks, and other types of security
threats.

There are several types of IDS, including:

A. Network-based IDS (NIDS): This type of IDS analyses network traffic to detect and alert
on potential security threats. NIDS are often placed at key points on a network, to
monitor all incoming and outgoing traffic.
B. Host-based IDS (HIDS): This type of IDS is installed on a specific host or endpoint to
monitor system activity and detect potential threats. HIDS can monitor system logs, file
changes, and network connections, among other things.
C. Signature-based IDS: This type of IDS uses a database of known attack patterns, called
signatures, to detect potential security threats. When network traffic matches a known
signature, the IDS generates an alert.
D. Anomaly-based IDS: This type of IDS monitors system activity for unusual behaviour
that may indicate a security threat. Anomaly-based IDS uses machine learning and other
advanced techniques to detect activity that deviates from normal patterns.
E. Hybrid IDS: This type of IDS combines signature-based and anomaly-based detection
methods to provide a more comprehensive view of potential security threats.

Each type of IDS has its own strengths and weaknesses, and many organizations use a
combination of different types to provide layered security and better protection against a
wide range of threats.

23. Compare between IDS and IPS.

PARAMETER IPS IDS
Abbreviation for Intrusion Prevention System Intrusion Detection System
Function An IPS performs the same functions as an IDS An IDS monitors network traffic or
but also takes preventive actions to block or activity, detects and alerts on pote
mitigate detected threats. security threats.
System Type An IPS is an active kind of system. An IDS is a Passive kind of system.

Anomaly response Drop, alert or clean malicious traffic
Flexibility IPS prioritizes immediate threat prevention and
response, offering less flexibility for analysis. Its
primary focus is on blocking and mitigating
attacks rather than providing extensive
investigative capabilities.
Sends alarm/alert of detecting ma
traffic
IDS provides more flexibility in ter
monitoring and analysis. It allows
administrators to conduct in-dept
investigations and forensic analysi
potential security incidents.
 Performance Slow down network performance due to delay
caused by inline IPS processing
Benefits The IPS has the advantage of automatically
updating the mistakes without the need for
additional software.
Does not impact network perform
due to non-line deployment of IDS
The IDS do not interfere with the
network's operation; thus, it has n
influence or problems.

24. Describe the working of firewall?

A firewall is a network security system designed to control and monitor network traffic. Its
primary function is to block or permit traffic based on a set of predefined rules and policies.

The firewall sits between the local network and the internet and acts as a filter for incoming
and outgoing network traffic. When a packet of data passes through the firewall, it is
examined against the set of rules and policies. If the packet matches a rule that allows it, it is
passed through to the local network. If it matches a rule that denies it, it is blocked, and a
notification is sent to the sender.

Firewalls use various techniques to control network traffic, including packet filtering, stateful
inspection, and application-level gateways.

Packet filtering is the most basic form of firewalling. It is like checking the address on an
envelope. When a data packet travels through the firewall, it looks at the source and
destination of those packets. If the packet matches a rule in the firewall rule set, it is allowed
or blocked accordingly.

Stateful inspection is a more advanced technique that keeps track of the data flowing in
and out of your computer or network. By remembering the connections, you make, it can
quickly decide if incoming data is part of a legitimate conversation or if it's something new
and potentially harmful. This helps the firewall catch any suspicious activity and protect your
system from unauthorized access or exploits

Application-level gateways, also known as proxies, act as intermediaries between the local
network and the internet. They examine traffic at the application layer of the OSI model, such
as HTTP or FTP, and can filter based on application-specific rules.

Overall, firewalls play a crucial role in protecting networks from unauthorized access,
malware, and other security threats.

25. Describe the term Cyber terrorism.

Cyberterrorism is a term used to describe the use of cyberspace and technology to carry
out politically motivated attacks, causing fear, panic, disruption, or destruction. It involves
targeting critical infrastructure, government systems, financial institutions, or other entities in
order to disrupt normal operations or inflict significant damage.

Cyber terrorists employ various methods such as hacking, distributed denial-of-service

(DDoS) attacks, and the use of malware (viruses, worms, trojans, spyware, keyloggers,
ransomware, etc.), as well as social engineering techniques, to achieve their objectives. Their
primary goal is to create chaos, intimidate populations, and undermine the stability and
security of nations or organizations.

Cyberterrorism poses a significant threat as it has the potential to disrupt vital services,
compromise sensitive information, and cause financial losses. Combating cyberterrorism
requires a coordinated response from governments, law enforcement agencies, and
cybersecurity experts to mitigate these risks and protect against such attacks.

26. Describe Cyber law in India.

 Cyber law in India refers to rules and measures designed to tackle cybercrimes and
safeguard people's data and privacy. It covers:

o Offenses and Penalties: The law addresses various cybercrimes like hacking, identity
theft, phishing, cyberstalking, and distribution of offensive content. People who commit
these crimes can be fined or put in jail, depending on how serious their actions are.
o Data Protection and Privacy: The IT Act includes provisions for the protection of
personal information and privacy. It defines rules and regulations for the collection,
storage, and disclosure of sensitive personal data and establishes penalties for violations.
o Cybersecurity Measures: The law requires organizations to implement reasonable
security practices and procedures to protect sensitive data. It also mandates the
reporting of cyber incidents and provides a framework for the investigation and
prosecution of cybercrimes.

27. Describe the following offences in connection to the cyber

laws in India.
a. Data theft
b. Password theft
c. Identity theft
d. Email spoofing
e. Sending offensive message
f. Voyeurism
g. Cyber terrorism
Under Indian cyber laws, several offenses are recognized in connection with cybercrimes.

 Data Theft: This offense involves the unlawful access, copying, or stealing of someone
else's digital information or data without their consent or authorization. It is deemed a
violation of the Information Technology Act, 2000 in India.
 Password Theft: The act of illegally obtaining someone's login credentials or passwords
to gain unauthorized access to their accounts or personal information is known as
password theft. This action is considered a cybercrime and is punishable under Indian
cyber laws.
 Identity Theft: Identity theft occurs when someone uses another person's personal
information, such as their name, address, social security number, or financial details,
without their permission for fraudulent activities or to deceive others. In India, identity
theft is considered a serious offense under cyber laws.
 Email Spoofing: Email spoofing is a tricky technique where someone pretends to be
someone else when sending an email. They can change the sender's address or mess
with the email details to make it look like it came from a different person or organization.
People do this to trick others or carry out phishing attacks. In India, email spoofing is
seen as a cyber offense according to the Information Technology Act, 2000.
 Sending Offensive Message: Sending offensive messages, which include messages that
are harassing, threatening, or sexually explicit in nature, is another offense under Indian
cyber laws. Such messages can cause harm, mental distress, or emotional trauma to the
recipient. Individuals found guilty of sending offensive messages can face legal
consequences.
 Voyeurism: Voyeurism refers to the act of capturing, transmitting, or publishing images
or videos of a person's private body parts or their private activities without their consent.
In India, voyeurism is a criminal offense under the Information Technology Act, 2008, as
well as other relevant laws. Perpetrators involved in such activities can be punished under
Indian cyber laws.
 Cyber Terrorism: Cyber terrorism involves the use of computer systems or networks to
carry out acts of violence, create fear, or disrupt critical infrastructure with the intention of
causing harm to individuals, governments, or society at large. In India, cyber terrorism is a
serious offense under the Information Technology Act, 2000. Perpetrators involved in
cyber terrorism activities can face severe legal consequences, including imprisonment
and fines.
These offenses highlight the importance of safeguarding personal data and using
technology responsibly. Violating these cyber laws can lead to legal consequences to
protect individuals and their digital privacy.

28. Cyberbullying:
 Cyberbullying is the use of digital technology or online platforms to harass or harm
someone.
 It involves acts such as sending abusive messages, spreading rumours, and sharing
embarrassing content.
 Cyberbullying happens online and can really hurt someone's feelings and mental well-
being.
 It is crucial to treat cyberbullying as a serious issue and take appropriate measures to
address and prevent it.

29. What are the different types of password attacks?

There are several types of password attacks commonly used by attackers. Let's explore
each of them:
a. Brute Force Attack: In this type of attack, the attacker systematically tries all possible
combinations of characters until the correct password is found. This method can be time-
consuming but is effective against weak or short passwords.
b. Dictionary Attack: A dictionary attack involves using a pre-generated list of commonly
used passwords or words from a dictionary to guess the password. This method is more
efficient than a brute force attack, as it focuses on likely password choices.
c. Phishing: Phishing attacks trick users into revealing their passwords through fraudulent
emails, websites, or messages that mimic legitimate sources. Users may unknowingly
provide their passwords to attackers, thinking they are interacting with a trusted entity.
d. Keylogging: Keyloggers are malicious software or hardware that record keystrokes,
including passwords, entered by users. Attackers use these recorded keystrokes to obtain
passwords. Keyloggers can be installed on a target system without the user's knowledge.
e. Social Engineering: Social engineering attacks manipulate and deceive individuals to
obtain their passwords through psychological manipulation or exploiting trust. This can
involve techniques such as impersonation, pretexting, or baiting to trick users into
revealing their passwords.

It's essential to stay vigilant and employ strong password practices to protect against these
attacks, such as using unique, complex passwords and enabling two-factor authentication
when available.

30. What are the different types of passwords commonly used for
security purposes?
 There are various types of passwords used for security, including:

a. Alphanumeric Passwords: These passwords combine letters (both uppercase and

lowercase) and numbers. For example, "P@ssw0rd123".
b. Numeric Passwords: These passwords contain only numbers. They can be as simple
as a series of consecutive digits, such as "123456".
c. Alphabetic Passwords: These passwords contain only letters. For example,
"Password".
d. Symbolic Passwords: These passwords incorporate symbols and special characters.
For example, "MyP@$$w0rd!".
e. Passphrases: Passphrases are like longer and more memorable versions of passwords.
Instead of using complicated combinations of characters, you can use a series of
words or phrases that are easier to remember. For example,
"CorrectHorseBatteryStaple".
f. Biometric Passwords: Biometric passwords use unique physical characteristics, such
as fingerprints or facial recognition, to authenticate access.
g. One-Time Passwords (OTP): OTPs are temporary passwords that are valid for a single
login session or a specific period of time.
h. Two-Factor Authentication (2FA) Passwords: These passwords require a
combination of something the user knows (e.g., a password) and something the user
possesses (e.g., a verification code sent to their phone) for authentication.
It's important to note that using a combination of letters (both uppercase and lowercase),
numbers, symbols, and making the password sufficiently long and complex can enhance
security. Regularly updating passwords and avoiding common or easily guessable choices are
important practices for maintaining password security.

31. What are the different categories of wireless networks?

There are four main categories of wireless networks:

a. Wireless Personal Area Networks (WPAN) - These are short-range networks that
connect devices within a relatively small area, typically up to about 30 feet. They use
Bluetooth technology to interconnect compatible devices, such as connecting a headset
to a laptop.
b. Wireless Local Area Networks (WLAN) - WLANs use radio waves to connect devices to
a network. They typically have a central access point, such as a router, that provides
internet access. WLANs are used for connecting to local resources and the internet within
a limited range, from a single room to an entire building or campus.
c. Wireless Metropolitan Area Networks (WMAN) - WMANs connect multiple WLANs in
a metropolitan area, enabling connectivity between different buildings or locations within
a city.
d. Wireless Wide Area Networks (WWAN) - WWANs cover large areas, such as cities or
countries, using multiple satellite systems, antenna sites, or mobile phone signals. They
provide connectivity over a wide coverage area and are useful when other network access
options are unavailable.

What is Data Communication? What are the components of Data

Communication?
 Data communication is the exchange of data (in the form of 0s and 1s) between two or
more devices or systems, where some form of transmission medium (such as a wire cable) is
used. The components of data communication are as follows:

A. Message: A message is the information or data that is being transmitted from the sender
to the receiver. It can take various forms, such as text, numbers, images, audio, or video.
B. Sender: The sender is the device or system that initiates the communication process by
creating and transmitting the message. It could be a computer, a smartphone, a server, or
any other electronic device capable of generating and sending data.
C. Receiver: The receiver is the device or system that receives the transmitted message
from the sender. It could be a computer, a printer, a mobile device, or any other device
capable of receiving and processing data.
D. Transmission Medium: The transmission medium refers to the physical pathway through
which the data is transmitted from the sender to the receiver. It can be wired or wireless,
including options like copper wires, fibre-optic cables, radio waves, or satellite links. The
choice of transmission medium depends on factors such as distance, data rate, cost, and
environmental conditions.
E. Set of rules (Protocol): A protocol is a set of rules that governs data communication. It
requires an arrangement between the communicating devices.
A protocol defines what is communicated, how it is communicated, and when it is
communicated.

These components work together to enable effective and reliable data communication
between devices and systems, facilitating the exchange of information in various forms
across different networks.

What is Network? What are the criteria a network must meet?

A network is a set of devices (also called nodes) connected by communication links. A
node can be a computer, printer, or any other device capable of sending and/or receiving
data generated by other nodes on the network.

A network must be able to meet a certain number of criteria. The most important of these
are performance, reliability, and security.

A. Performance: Performance is often evaluated by two networking metrics: throughput

and delay. We often need more throughput and less delay. However, these two criteria
are often contradictory. If we try to send more data to the network, we may increase
throughput, but we increase the delay because of traffic congestion in the network.
B. Reliability: In addition to accuracy of delivery, network reliability is measured by the
frequency of failure, the time it takes a link to recover from a failure and the network’s
robustness in a catastrophe.
C. Security: Network security issues include protecting data from unauthorized access,
protecting data from damage and development, and implementing policies and
procedures for recovery from breaches and data losses.

By considering these criteria, network designers and administrators can create and maintain
networks that are efficient, reliable, secure, and adaptable to changing needs and
technologies.

TCP/IP model:
The TCP/IP model is a networking protocol suite that defines how data is transmitted over
the internet. It is comprised of five layers:

Physical Layer: This layer deals with the physical transmission of raw bits over a
communication medium, such as cables or wireless signals. It defines:

 The type of transmission medium.

 The type of encoding of the data (how 0s and 1s are changed into a signal).
 The transmission rate (the number of bits sent each second).
 The type of network topology (e.g., mesh topology, star topology, ring topology).
 The direction of transmission between two devices: simplex, half duplex, or full
duplex.

It also ensures that the sender and the receiver are synchronized at the bit level.
Data Link Layer: This layer is responsible for transferring data between network devices. It
includes protocols such as Ethernet and Wi-Fi and uses MAC (Media Access Control)
addresses to identify devices on a network. It provides services such as:

 Framing.
 Adding physical addresses(MAC) to the sender and receiver of the frame.
 Implementing a flow control mechanism to prevent overwhelming the receiver.
 Error control (detecting and retransmitting damaged or lost frames).
 Controlling the access of the link by different devices.

Internet Layer: This layer is responsible for routing data between networks. It uses the IP
(Internet Protocol) to send and receive data packets, providing logical addressing and
routing services. IP addresses are used to identify devices on a network and to route data
packets from the source to the destination. This layer is also responsible for fragmenting and
reassembling data packets, as needed.

Transport Layer: The transport layer provides port addressing. The transport layer:

 Ensures reliable delivery of data segments between end systems (each segment
containing a sequence number) and reassembles the message correctly after arriving
at the destination.
 Defines if the network is connectionless or connection-oriented.
 Provides error detection and recovery mechanisms.
 Handles end-to-end flow control.

TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are examples of
transport layer protocols.

Application Layer: The application layer is the topmost layer that provides network services
to applications running on the computer. It includes protocols such as HTTP, FTP, SMTP, and
DNS that are designed to support specific application requirements, such as

 file transfer
 email
 web browsing, and
 remote access

OSI model:
The OSI (Open Systems Interconnection) model is a conceptual framework that standardizes
the functions of a communication system or network into seven distinct layers. Each layer has
specific responsibilities and interacts with adjacent layers to facilitate communication
between devices or systems. The layers are as follows:

1. Physical Layer: This layer deals with the physical transmission of raw bits over a
communication medium, such as cables or wireless signals. It defines:

 The type of transmission medium.

 The type of encoding of the data (how 0s and 1s are changed into a signal).
  The transmission rate (the number of bits sent each second).
 The type of network topology (e.g., mesh topology, star topology, ring topology).
 The direction of transmission between two devices: simplex, half duplex, or full
duplex.

It also ensures that the sender and the receiver are synchronized at the bit level.

2. Data Link Layer: This layer is responsible for transferring data between network devices. It
includes protocols such as Ethernet and Wi-Fi and uses MAC (Media Access Control)
addresses to identify devices on a network. It provides services such as:

 Framing.
 Adding physical addresses to the sender and receiver of the frame.
 Implementing a flow control mechanism to prevent overwhelming the receiver.
 Error control (detecting and retransmitting damaged or lost frames).
 Controlling the access of the link by different devices.

3. Network Layer: The network layer provides logical addressing and routing of data
packets between different networks. It determines the best path for data transmission
(Routing). IP (Internet Protocol) is a network layer protocol.

4. Transport Layer: The transport layer provides port addressing. The transport layer:

 Ensures reliable delivery of data segments between end systems (each segment
containing a sequence number) and reassembles the message correctly after arriving
at the destination.
 Defines if the network is connectionless or connection-oriented.
 Provides error detection and recovery mechanisms.
 Handles end-to-end flow control.

TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are examples of
transport layer protocols.

5. Session Layer: The session layer establishes, manages, and terminates sessions between
applications. It handles functions like session establishment, synchronization, and
checkpointing to support reliable communication between applications.

6. Presentation Layer:

 The presentation layer is responsible for data representation and transformation (The
information like strings and numbers should be changed into a bit stream before
being transmitted).
 It deals with the syntax and semantics of the information exchanged between
applications, including data compression, encryption, and data format conversions.

7. Application Layer: The application layer is the topmost layer that provides network
services to applications running on the computer. It includes protocols such as HTTP, FTP,
SMTP, and DNS that are designed to support specific application requirements, such as

 file transfer
  email
 web browsing, and
 remote access

Some commonly used protocols at each level of the OSI model:

 Application layer: HTTP, FTP, SMTP, DNS, SSH, Telnet, POP3
 Presentation layer: SSL, TLS
 Session layer: NetBIOS, SAP, SOCKS
 Transport layer: TCP, UDP
 Network layer: IP, ICMP, ARP
 Data Link layer: Ethernet, Wi-Fi
 Physical layer: RJ-45, optical fibre.

Some commonly used protocols at each level of the TCP/IP model:

 Application layer: HTTP, FTP, SMTP, DNS, Telnet, SSH, POP3
 Transport layer: TCP, UDP,
 Internet layer: IP, ICMP, IGMP
 Data Link layer: Ethernet, Wi-Fi
 Physical layer: RJ-45, optical fibre.

What is Transmission Media? What are the different types of

Transmission Media? Explain briefly. Explain the characteristics of
Twisted Pair Cable, Coaxial Cable, and Optical fibre Cable with the
figure.
 Transmission media refers to the physical pathways through which data is transmitted
from one device to another in a communication network. It can be classified into three main
types: guided media, unguided media, and wireless media. Guided media are those that use
physical cables or wires to transmit data, while unguided media relies on wireless signals for
communication. These types of media do not require physical cables and instead use
methods such as radio waves or microwaves to transmit data. Wireless media is a subset of
unguided media and specifically refers to the use of wireless technologies to transmit data.

The different types of guided transmission media are:

1. Twisted Pair Cable: Twisted pair cable consists of pairs of insulated copper wires that are
twisted together. It is one of the most commonly used transmission media in computer
networks. Twisted pair cables are classified into two categories: unshielded twisted pair
(UTP) and shielded twisted pair (STP).

Characteristics of Twisted Pair Cable:

 Cost-effective and easy to install.

 Limited bandwidth and distance capabilities
 Typically used for short to medium-range communications
Here is a simplified figure illustrating the structure of a twisted pair cable:

| Insulation | Copper Wire (Conductor) | Twisted Pair |

2. Coaxial Cable: Coaxial cable is a type of cable that has a central wire made of copper.
This wire is surrounded by layers of insulation, a metal shield, and another layer of
insulation. The central wire carries the signal, while the metal shield protects the signal
from outside interference.

Characteristics of Coaxial Cable:

 Provides higher bandwidth and longer distance capabilities compared to twisted pair
cable.
 Better resistance to EMI and crosstalk
 Used in cable television (CATV) systems, high-speed internet connections, and some
Ethernet networks.

Here is a simplified figure illustrating the structure of a coaxial cable:

| Outer Insulating Layer | Metallic Shield | Insulation Layer | Copper Wire (Conductor) |

3. Optical Fibre Cable: Optical fibre cable transmits data using pulses of light through a
glass or plastic fibre. It is designed to provide high-speed and long-distance transmission
with minimal signal loss. Optical fibre cables are widely used in telecommunications,
internet backbone networks, and high-bandwidth applications.

Characteristics of Optical Fibre Cable:

 Very high bandwidth and long-distance capabilities

 Immune to electromagnetic interference
 Lighter and thinner compared to copper-based cables.
 Relatively expensive and more complex to install and maintain.

Here is a simplified figure illustrating the structure of an optical fibre cable:

| Outer Jacket | Protective Layer | Cladding Layer | Core (Glass or Plastic Fibre) |

Explain different Network Devices with figure.

Network devices, or networking hardware, are physical devices that are required for
communication and interaction between hardware on a computer network.
Here is the common network device list:
 Hub
 Switch
 Router
 Bridge
 Gateway
 Modem
 Repeater
  Access Point

HUB:
A hub is a common connection point, also known as a network hub, which is used for
connection of devices in a network. It works as a central connection for all the devices that
are connected through a hub. The hub has numerous ports. If a packet reaches at one port, it
is able to see by all the segments of the network due to a packet is copied to the other ports.
A network hub has no routing tables or intelligence (unlike a network switch or router), which
is used to send information and broadcast all network data across each and every
connection.
There are three types of the hub that are given below:
1. Passive Hub
2. Active Hub
3. Intelligent Hub
Functions:
o Hub is used to create small home networks.
o It is used for network monitoring.
o They are also used in organizations to provide connectivity.
o It can be used to create a device that is available thought out of the network.
SWITCH:
Switches are networking devices operating at layer 2 or a data link layer of the OSI model.
They connect devices in a network and use packet switching to send, receive or forward data
packets or data frames over the network. A switch has many ports, to which computers are
plugged in. When a data frame arrives at any port of a network switch, it examines the
destination address, performs necessary checks, and sends the frame to the corresponding
device(s). It supports unicast, multicast as well as broadcast communications.
Functions:
 A switch operates in the layer 2, i.e., data link layer of the OSI model.
 It is an intelligent network device that can be conceived as a multiport network
bridge.
 It uses MAC addresses (addresses of medium access control sublayer) to send
data packets to selected destination ports.
 It uses packet switching technique to receive and forward data packets from
the source to the destination device.
 It is supports unicast (one-to-one), multicast (one-to-many) and broadcast
(one-to-all) communications.
 Transmission mode is full duplex, i.e., communication in the channel occurs in
both the directions at the same time. Due to this, collisions do not occur.
 The number of ports is higher – 24/48.
ROUTER:
Routers are networking devices operating at layer 3 or a network layer of the OSI model.
They are responsible for receiving, analysing, and forwarding data packets among the
connected computer networks. When a data packet arrives, the router inspects the
destination address, consults its routing tables to decide the optimal route and then transfers
the packet along this route.
Functions:
 A router is a layer 3 or network layer device.
 It connects different networks together and sends data packets from one
network to another.
 A router can be used both in LANs (Local Area Networks) and WANs (Wide
Area Networks).
 It transfers data in the form of IP packets. In order to transmit data, it uses IP
address mentioned in the destination field of the IP packet.
 Routers have a routing table in it that is refreshed periodically according to
the changes in the network. In order to transmit data packets, it consults the
table and uses a routing protocol.
 In order to prepare or refresh the routing table, routers share information
among each other.
BRIDGE:
A bridge is a network device that connects two or more LANs (local area networks) to form
a larger LAN. Network bridging refers to the process of aggregating networks. A bridge
connects the various components, making them appear to be part of a single network.
In the OSI model, a bridge operates at layer 2, or the data link layer. This is primarily to
inspect incoming traffic and determine whether it should be filtered or forwarded.
Functions:
 Bridges can also expand the physical size of a network.
 Bridges are also used to connect a LAN segment to another LAN segment in
another location via a synchronous modem connection.
 Bridges are used to split large, busy networks into smaller, interconnected
networks to improve performance.
 It reduces BW waste (bandwidth)

GATEWAY:
A gateway, as the name suggests, is a passage to connect two networks that may work upon
different networking models. They work as messenger agents that take data from one
system, interpret it, and transfer it to another system. Gateways are also called protocol
converters and can operate at any network layer. Gateways are generally more complex than
switches or routers. A gateway is also called a protocol converter.
Functions:
 It allows to move all information over the Web and provides the entry gate for several
networks then users are able to perform many tasks like as send email, navigate the
Web Page, buy any product and services over the Web, etc.
  It plays the role as bridge in between the sensor’s internet devices.
 With using of gateway, battery life of sensors and other devices is getting to boost
up.
 With using of gateway, it allows to make communication with sensors and internet
devices over the various protocols and then translate data into standard protocol that
to be transmitted to the cloud.
 It helps to reduce the latency while preparing the information.
 It allows to get reduction of the number of sensors and devices connected to the
web.

MODEM:
MODEM full form is “Modulator-Demodulator” that means it has ability to modulates and
demodulates analogue carrier signals for encoding and decoding digital data for executing.
Modem is a hardware networking device that helps to make connection with computer or
other hardware components like as switch or router for linking to internet.
Functions:
 They have high uploading and communication rates. An X2 modem provides
an uploading bandwidth between 28.8 to 56 Kbps.
 They are upgradeable through a software patch to meet almost any universal
standard.
 They enable high-speed downstream data transfers by digitally encoding all
downstream data while upstream runs at conventional rates of 33.6 kbps.

REPEATER:
A repeater operates at the physical layer. Its job is to regenerate the signal over the same
network before the signal becomes too weak or corrupted to extend the length to which the
signal can be transmitted over the same network. An important point to be noted about
repeaters is that they do not amplify the signal. When the signal becomes weak, they copy it
bit by bit and regenerate it at its star topology connectors connecting if original strength. It
is a 2-port device.
Functions:
• The primary function of a repeater is to receive signals from one LAN terminal cable,
regenerate them, and retransmit them in their original form over other cable segments.
• A repeater ensures that the amplified signals are not discarded or weakened before
reaching the destination point.
• Most repeaters are capable of regenerating signal strength, but this is done before
broadcasting.
• A repeater works at the physical layer of the OSI model and is transparent to all protocols
operating in the layers above the physical layer.
• By using a repeater, a network can scale beyond the size limit of a single, physical cable
segment.
• The number of repeaters that can be used is generally limited by a particular LAN
implementation. Using a repeater between two or more LAN cable segments requires the
same physical layer protocol to be used for transmitting signals over all the cable
segments.
ACCESS POINT:
Generically, any computer or device in a network that users can gain access to can be called
an access point. In most cases, an access point refers to a base station in a wireless LAN.
Although there are other wireless technologies that use access points, the term generally
refers to a Wi-Fi network. Access points (APs) can be stand-alone devices that plug into a
router or switch. However, access point functionality is also built into a wireless router, which
is widely used in most homes and small offices.
Functions:
• An access point serves as a central hub that enables wireless devices to connect to a
network and communicate with each other.
• It provides wireless connectivity by creating a Wi-Fi network that allows devices to
connect and access resources such as the internet or other devices on the network.
• Access points facilitate seamless roaming within a wireless network, allowing devices to
maintain a stable connection as they move between access point coverage areas.
• They typically provide network security features, such as encryption and authentication,
to protect the wireless network from unauthorized access.
• Access points can be configured with various settings, including network name (SSID),
password, and advanced features such as guest access or VLAN support.
What is Ciphertext?
 Ciphertext is a type of encrypted text that has been transformed from its original,
plaintext form into an unreadable format using a cryptographic algorithm or cipher. The
process of transforming plaintext into ciphertext is known as encryption, and it is used to
protect the confidentiality of information by preventing unauthorized access to the plaintext.

Ciphertext can only be read by someone who has the key to decrypt it, which converts it
back into plaintext. Without the key, the ciphertext appears as a jumbled sequence of
characters that is difficult or impossible to understand. Ciphertext is used in a variety of
applications, including secure communication, online transactions, and data storage, to
protect sensitive information from being intercepted and read by unauthorized parties.

What is Plaintext?
 Plaintext refers to any data or information that is not encrypted or encoded in any way
and is therefore easily readable and understandable by anyone who has access to it. In other
words, plaintext is the original, unencrypted form of data or information. This can include
written text, email messages, files, or any other form of data that has not been encrypted or
protected in any way. The opposite of plaintext is ciphertext, which refers to data or
information that has been encrypted or encoded in some way to protect it from
unauthorized access.

What is Stego image?

A stego image, also known as a steganographic image, refers to an image file that has been
manipulated to hide secret information within it. Steganography is the practice of
embedding data within other data to ensure its secrecy, with the aim of making the hidden
information undetectable to an observer. In the case of a stego image, the secret data is
embedded within the image pixels themselves, allowing it to be transmitted or stored
without attracting attention.

What do you mean by port or port number? Mention different

Protocols with related ports.
 A port number, which is a 16-bit unsigned number, serves as a special address for
messages traveling on the internet or a network. The most common transport protocols that
utilize port numbers are TCP and UDP.

A port number is employed to identify a specific process to which an Internet or another

network message is directed when it reaches a server. For TCP and UDP, a port number is a
16-bit integer ranging from 0 to 65535, which is placed in the header and appended to a
message unit.

Here's the table for ports and their protocols:

What is TELNET NVT?
A network virtual terminal is a software version of physical terminal and allows used to log
on to a remote host. Here is the process of connection:

 The process starts with a terminal, which could be a physical device or a software-based
terminal emulator on a computer.
 The terminal is connected to a Telnet client application running on the local machine.
The Telnet client acts as an intermediary between the terminal and the network.
 The Telnet client sends the input characters from the terminal over the internet using
the Telnet protocol.
 The characters are delivered to the Telnet server running on the remote host. Since the
connection may involve different operating systems or terminals, the Telnet server
performs the necessary character translation to ensure compatibility with the remote
system.
 A pseudo-terminal is a software abstraction that simulates a physical terminal, allowing
applications to interact with it as if it were a real terminal.
 The operating system on the remote machine, with the help of the pseudo-terminal
driver, delivers the received characters to the appropriate application program running
on the remote system. The application program can interpret and process the
characters as needed.
Proxy Server:
 A proxy server is an intermediary server between the client and the internet. It acts on
behalf of the client to communicate with the internet.
 A proxy server serves as a gateway between the client and the internet.
 It functions as an intermediary server that separates end users from the websites they
browse.
 Proxy servers offer the following basic functionalities:
a. Firewall and network data filtering
b. Network connection sharing
c. Data caching
d. Various levels of functionality, such as security and privacy, depending on the
specific use case or company policy.
e. Performance improvement.
Types of Proxy Server:

1. Forward Proxies: In this the client requests its internal network server to forward to the
internet. Used to control and monitor internet access, enhance security.

2. Open Proxies: Open proxies are publicly accessible proxy servers that can be used by
anyone. While they can help bypass content restrictions, they are often targeted by
malicious actors for spam, hacking, or DDoS attacks.

3. Reverse Proxies: In this the requests are forwarded to one or more proxy servers and the
response from the proxy server is retrieved as if it came directly from the original Server.
Explain Proxy Chain
 With Proxifier, you can establish a proxy chain, which allows you to connect to a remote
host by passing through multiple proxy servers in a sequential manner. This mode becomes
useful in situations where accessing a remote host requires going through several proxies
consecutively. It is also helpful when Proxifier is employed to ensure a heightened level of
privacy and confidentiality.

Explain different phases of Ethical Hacking.

 There are 5 phases of Ethical Hacking:

a) Reconnaissance
b) Scanning
c) Gaining Access
d) Maintaining Access
e) Clearing Tracks
Reconnaissance: This is the first step of hacking. It is also called "Footprinting" and
involves gathering information. This preparatory phase aims to collect as much information
as possible about the target. Typically, information is gathered about three groups: the
network, the host, and the people involved. There are two types of Footprinting:

Active: Directly interacting with the target to gather information. For example, using the
Nmap tool to scan the target.

Passive: Collecting information about the target without directly accessing it. This involves
gathering information from social media, public websites, etc.

Scanning: This phase involves three types of scanning:

Port scanning: Scanning the target to gather information about open ports, live systems,
and various services running on the host.

Vulnerability scanning: Checking the target for weaknesses or vulnerabilities that can be
exploited. This is often done using automated tools.

Network mapping: Finding the network topology, including routers, firewalls, servers, and
host information, and creating a network diagram. This map can be a valuable piece of
information throughout the hacking process.

Gaining Access: This phase is where an attacker breaks into the system/network using
various tools or methods. After gaining entry, the attacker may need to escalate privileges to
administrator level to install necessary applications, modify data, or hide their tracks.

Maintaining Access: The hacker may choose to maintain a persistent connection in the
background without the user's knowledge. This can be achieved using Trojans, rootkits, or
other malicious files. The goal is to maintain access to the target system/network until the
hacker completes their objectives.

Clearing Tracks: No hacker wants to get caught. An intelligent hacker always clears all
evidence to prevent detection. This involves modifying, corrupting, or deleting log values,
modifying registry values, uninstalling used applications, and deleting created folders.
Tell me something about Phishing attacks.
 Phishing attacks are a type of cyber-attack where the attacker tries to trick an individual
into revealing sensitive information such as passwords, credit card numbers, or other
personal information. The attacker typically creates a fake website or sends an email that
appears to be from a legitimate source, such as a bank or social media platform.

The goal of a phishing attack is to obtain sensitive information that can be used for identity
theft or financial gain. Phishing attacks can also be used to deliver malware or ransomware
to a victim's computer or device.

To protect yourself from phishing attacks, it's important to be cautious when clicking on links
or opening attachments in emails or text messages. Always verify the legitimacy of a website
or email by checking the URL or sender information. Additionally, keep your software and
anti-virus programs up to date to help protect against malware and ransomware.

Tell me something about Cross-site scripting.

Cross-site scripting (XSS) is a type of web vulnerability that allows an attacker to inject
malicious code into a website that is viewed by other users. The attacker can then execute
the code on the victim's browser and potentially steal sensitive information such as login
credentials or credit card numbers.

In a cross-site scripting attack, the attacker typically injects code into a website by exploiting
a vulnerability in a form or input field that allows unvalidated user input. This can be done by
inserting malicious scripts into fields such as search boxes, comment sections, or contact
forms.

To prevent cross-site scripting attacks, website developers can implement several measures
such as input validation and output encoding to ensure that user input is sanitized and not
executed as code. Additionally, web browsers can implement measures such as Content
Security Policy (CSP) to prevent the execution of untrusted scripts on a webpage. Users can
also protect themselves by using browser extensions that block malicious scripts and by
being cautious when clicking on links from untrusted sources.

What is Snooping, Eavesdropping, BOTs/BOTNETS(Zombies), Man-

in-the-middle attack?


 Snooping: Snooping means secretly looking at or getting into someone else's private
information or messages without their permission. It can happen in different
situations, like monitoring network traffic, reading someone's electronic messages
without them knowing, or getting into someone's personal data without permission.
 Eavesdropping: Eavesdropping is similar to snooping but specifically refers to the act
of secretly listening to or intercepting someone's private conversations or
communications without their knowledge or consent. It can happen in person, where
 someone covertly listens to a conversation, or in electronic form, where
communication channels like phone lines or internet connections are intercepted.
 Bots/Botnets (Zombies): The term "Botnet" is a combination of the words "Robot"
and "Network." A botnet is a collection of internet-connected devices, each running
one or more bots. A bot, in this context, generally refers to malicious software that
infects computers or devices, enabling remote control by an attacker. The infected
computers, commonly known as zombies, can be utilized for various malicious
activities, including distributed denial-of-service (DDoS) attacks, spam email
campaigns, or spreading malware.
 Man-in-the-middle attack: A man-in-the-middle (MITM) attack is a type of cyber
threat where a criminal intercepts communication between two individuals in order to
steal data and can potentially modify or tamper with the messages being exchanged.
For example, an attacker could intercept data transmitted over an unsecured Wi-Fi
network.

How to secure Wireless network?

To secure a wireless network, there are several important steps you can take. Here are five
key points to consider:

o Change default login credentials: Start by changing the default username and
password for your wireless router. These default credentials are well-known, so using
unique ones will protect against unauthorized access.
o Enable encryption: Turn on encryption protocols like WPA2 or WPA3 for your Wi-Fi.
Encryption makes it difficult for attackers to understand the data being transmitted
between your devices and the router.
o Use a strong network password: Choose a strong and unique password for your
wireless network. A good password should be at least 12 characters long and include a
mix of uppercase and lowercase letters, numbers, and special characters. Avoid using
easily guessable information.
o Change the default network name (SSID): The network name or SSID is what you see
when you search for available networks. Change the default SSID to something unique
that doesn't reveal personal information. Avoid using your name, address, or other
identifiable details.
o Enable network encryption and MAC filtering: Configure your router to use network
encryption (HTTPS) to protect your devices' communication with websites. You can also
consider enabling MAC filtering, which allows you to specify which devices are allowed to
connect to your network. This adds an extra layer of security by preventing unauthorized
devices from connecting.

Common wireless network attacks:

Attacks on wireless networks can be categorized into two major classes: active and
passive attacks. In active attacks, an intruder maliciously targets a Wi-Fi network to engage
in mischievous or criminal activities. On the other hand, passive attacks involve the intruder
does not explicitly perform any activity using the Wi-Fi resources but instead, gathering
 information about network resources and connected devices. Passive attacks are more
challenging to identify since the attacker doesn't show any direct evidence of their presence.
In general, common wireless network attacks include:

I. Fake Access Points/Evil Twins: Fake access points can be easily created by setting up a
hotspot at a public location and can be used to appear as a legitimate open Wi-Fi access
point. Alternatively, hackers can use an existing public Wi-Fi router to set up a fake access
point and engage in similar malicious activities. In this case, the Wi-Fi signals are
stronger, and potential victims of such access points are referred to as "evil twins."
II. Packet Sniffing: This attack involves capturing and analysing data packets transmitted
over a wireless network. By intercepting these packets, an attacker can gain access to
sensitive information, such as passwords or personal data.
III. Wardriving: In this attack, an individual drives around with a Wi-Fi-enabled device to
locate vulnerable wireless networks. Once identified, the attacker can exploit security
weaknesses in these networks to gain unauthorized access or perform other malicious
actions.
IV. Warshipping: Warshipping is a hacking technique where the attacker sends a small
device designed to blend in with a package to the target organization. The device can be
remotely controlled to gain access to the organization's network. Organizations can
protect against warshipping attacks by being vigilant when receiving packages and
implementing strong network security measures.

Important terminology in WI-FI network:

1. Attenuation: Attenuation refers to the loss of signal strength in networking cables or
connections. It is measured in decibels or voltage and can cause the signal to become
weaker or degrade.
2. Beacon: In the context of Wi-Fi networks, a beacon is a management frame that is
periodically broadcasted by an access point (AP) or wireless router. The beacon contains
essential information about the network, such as the network name (SSID), supported
channels, security settings, and other parameters. Wi-Fi clients can use beacons to
discover and connect to available networks.
3. BSSID: BSSID stands for Basic Service Set Identifier. It is a unique identifier (MAC ID)
assigned to each access point (AP) or wireless router in a Wi-Fi network.
4. Channel: A channel in networking refers to a specific frequency range used for
communication. In the context of Wi-Fi, channels are used to divide the available
frequency spectrum, allowing multiple devices to communicate simultaneously without
interference. Each Wi-Fi standard supports a specific number of channels, and the
availability and regulations of channels may vary by country. For example, in the United
States and Canada, the 802.11b Wi-Fi standard supports 11 channels.
5. DSSS (Direct Sequence Spread Spectrum): DSSS is a modulation technique used in
wireless communication. It involves spreading the original signal across a wider
bandwidth, which helps improve signal robustness. DSSS can be used to share a single
channel for multiple purposes and is commonly used in Wi-Fi networks.
Sorts note on SMTP:
One of the most popular network services is electronic mail (e-mail). The TCP/IP
protocol that supports electronic mail on the Internet is called the Simple Mail
Transfer Protocol (SMTP). It is a system for sending messages to other computer
users based on addresses. SMTP provides for mail exchange between users on the
same or different computers and supports:

 Sending a single message to one or more recipients.

 Sending a message that includes text, voice, video, or graphics.
 Sending messages to users on networks outside the internet.

User User

SMTP client --------------> Internet --------------------------> SMTP server

In its simplest form, an SMTP client sends a message to an SMTP server via the
Internet. The client is divided into two components: the user agent (UA) and the mail
transfer agent (MTA). The UA is responsible for creating the message, including the
text, voice, video, or graphics, and putting it into an envelope. The MTA is responsible
for transferring the mail to access the Internet.

Now, let's consider a more complex SMTP system. Sometimes, relaying is involved,
which means that other MTAs can act as clients or servers to relay the mail. This
allows for sending messages to users on networks outside the Internet or to sites
that don't use the TCP/IP protocol suite (the protocol used for the Internet). To
achieve this, a mail gateway is used. A mail gateway is a relay MTA that can receive
mail provided by a protocol other than SMTP and transform it into SMTP format
before sending it. It can also receive mail in SMTP format and change it to another
format before sending it.

User User

MTA client MTA server

MTA relay MTA relay

 Internet

Addresses: To deliver mail, a mail handling system must use a unique addressing
system. The addressing system used by SMTP consists of two parts: a local part and a
domain name, separated by an @ sign.

 Local part: The local part defines the name of a special file called the user
mailbox, where all the mail received by a user is stored for retrieval by the user
agent.
 Domain Name: The second part of the address is the domain name. An
organization usually selects one or more hosts to receive and send emails,
sometimes called mail exchangers. The domain name assigned to each mail
exchanger either comes from the DNS database or is a logical name (for
example, the name of the organization).