UNIVERSITY OF ENGINEERING AND

TECHNOLOGH PESHAWAR DEPARTMENT OF

COMPUTER SCIENCE &IT

Introduction to Information Security

ASSIGNMENT 05

NAME: AHMAD ELYAS

REG NO: 20PWBCS0818
SECTION: C
SUBMITTED TO: Dr. Zakira Inayat
Question 01:
Explain the difference between IDS, IRS and IPS in detail.
Solution:
Intrusion Detection System (IDS):
• Functionality:
• IDS is designed to monitor and analyze network or system
activities for malicious activities or security policy violations.
• It detects and alerts administrators about potential security threats,
unauthorized access, or unusual behavior based on predefined rules
or patterns.
• Passive Monitoring:
• IDS operates in a passive mode, meaning it observes and analyzes
traffic without actively preventing or blocking any malicious
activity.
• Alerts:
• When suspicious activity is detected, an IDS generates alerts,
notifying administrators so they can investigate and take
appropriate actions.
• Intrusion Prevention System (IPS): Functionality: IPS builds
on the capabilities of IDS but takes a more proactive approach by
actively blocking or preventing identified threats. It can
automatically respond to security incidents by blocking malicious
activities or unauthorized access. Active Prevention: Unlike IDS,
IPS doesn't just passively monitor; it actively intervenes to stop
malicious activities in real-time. Alerts and Prevention: IPS can
generate alerts like IDS, but it also has the capability to take
predefined actions to prevent further harm, such as blocking
specific IP addresses or applying firewall rules.
• Intrusion Response System (IRS):
• Functionality:
 • IRS focuses on the process of responding to security incidents once
they have been detected, often in coordination with other security
measures.
• It involves the steps taken to contain, mitigate, and recover from
security breaches.
• Coordination with Other Systems:
• IRS may work in conjunction with IDS and IPS, among other
security tools, to create a comprehensive security posture.
• Forensics and Analysis:
• IRS includes activities such as analyzing the incident, determining
the extent of the damage, identifying the root cause, and collecting
evidence for further investigations or legal actions.

Question 02:
For each of the following statements, give an example of a situation in which
the statement is true.
a) Prevention is more important than detection and recovery.
b) Detection is more important than prevention and recovery.
c) Recovery is more important than detection and prevention Solution:
A) Prevention is more important than detection and recovery Example:
Network Firewall Protection
• In a corporate network, a firewall is configured to block unauthorized
access to certain services or servers. The prevention here involves setting
up rules that restrict access based on IP addresses, protocols, and ports. In
this scenario, preventing unauthorized access through the firewall is
crucial because it reduces the likelihood of a successful attack,
minimizing the need for extensive detection and recovery efforts. B)
Detection is more important than prevention and recovery:
• Example: Intrusion Detection System (IDS) for Advanced Persistent
Threats (APTs)
 • Consider a scenario where an organization is targeted by sophisticated
attackers using advanced techniques to bypass traditional preventive
measures. In this case, relying solely on prevention may not be sufficient.
An Intrusion Detection System that can identify and alert on unusual or
suspicious activities, such as patterns indicative of an APT, becomes
crucial. Detection becomes a priority to identify the breach as early as
possible, allowing for timely response and mitigation.
c) Recovery is more important than detection and prevention:
Example: Data Backup and Disaster Recovery
In the aftermath of a natural disaster, such as a flood or earthquake,
the primary concern may shift from prevention and detection to recovery. While
preventive measures are essential, they may not be sufficient to withstand all
types of disasters. Once the event has occurred, the focus is on quickly restoring
systems, data, and services. A well-prepared disaster recovery plan that includes
regular backups, offsite storage, and efficient restoration processes becomes
critical in such situations.

Question 03:
. Identifymechanisms for implementing the following, State what policy or
policies they might be enforcing.
a) A password changing program will reject passwords that are less than 5
characters long or that or found in the dictionary.
b) Only students in a computer science class will be given accounts on the
department’s computer system

Solution:
a) Mechanism for Password Changing Program:
• Policy Enforcement Mechanism:
• Password Policy Enforcement: The password changing program
implements a mechanism to reject passwords that are less than 5
characters long or are found in the dictionary.
• Policies Enforced:
 • Minimum Password Length Policy: This policy specifies the
minimum length a password must have.
• Dictionary Check Policy: This policy prevents the use of easily
guessable passwords by checking against a dictionary of common
words.
B) Mechanism for Student Accounts on Department's Computer System:

Policy Enforcement Mechanism:

Access Control Mechanism:
Implementing an access control mechanism that allows only students in a
computer science class to have accounts on the department's computer system.
Policies Enforced:
Role-Based Access Control (RBAC) Policy:
This policy assigns roles based on user characteristics (in this case, being a
student in a computer science class) and allows access permissions accordingly.
Departmental Access Policy:
A policy specifically stating that only students in the computer science class are
eligible for accounts on the department's computer system.
Question 04:
Describe digital signature by providing general framework of Digital signature.
Solution:
1. Private Key Generation:
A digital signature system typically involves a pair of
cryptographic keys: a private key and a corresponding public key.
The private key is generated and kept secret by the owner or signer.
2. Public Key Distribution:
• The corresponding public key is distributed openly or through a
trusted authority. The public key is used to verify the digital
signature but cannot be used to create new signatures.
3. Message Hashing:
 • Before signing a message or document, a cryptographic hash
function is applied to generate a fixed-size hash value (digest)
unique to the content of the message. This hash is a condensed
representation of the data.
4. Signing Process:
• The private key holder applies their private key to the hash value of
the message using a signing algorithm. This produces the digital
signature, which is unique to both the message and the private key.
5. Digital Signature Attachment:
• The digital signature is then attached to the original message or
document. This can be done by appending the signature to the
message or embedding it within the document.
6. Verification Process:
• To verify the authenticity and integrity of the message, the recipient
or any third party can use the public key associated with the sender
to decrypt and verify the digital signature. The process involves
applying the public key to the received signature, generating a hash
value, and comparing it with a newly computed hash of the original
message.
7. Non-Repudiation:
• Digital signatures provide non-repudiation, meaning that the signer
cannot later deny their involvement in creating the signature. The
private key is known only to the signer, and the corresponding
public key can verify the signature.
8. Key Management:
Proper key management practices are essential to the security of
digital signatures. The private key must be kept secure, and the
public key must be distributed and verified through trusted
channels.