MS Computer Science Virtual University of Pakistan

CS707 Network Security Viva Preparation

CS707 Network Security Viva Preparation

Q1. What is intrusion “detection” &  “Prevention”?

Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies. OR An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations.

Intrusion Prevention System (IPS):

The main functions of intrusion prevention systems are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity.

Q2. End-to-end encryption:

(E2EE) is a method of secure communication that prevents third-parties from accessing data while it’s transferred from one end system or device to another.

Q3. Link encryption:

Link encryption encrypts all the data along a specific Communication path, as in a satellite link, T3 line, or telephone circuit. Not only is the user information encrypted, but the header, trailers, addresses, and routing data that are part of the packets are also encrypted. Link encryption provides protection against packet sniffers and eavesdroppers. OR Link encryption is an approach to communications security that encrypts and decrypts all traffic at each end of a communications line

Q4. Block cipher and stream cipher?

Answer: Block Ciphers, which work on blocks of bits, and Stream Ciphers, which work on one bit at a time.

Block Cipher: A block cipher is a method of encrypting text (to produce cipher text) in which a cryptographic key and algorithm are applied to a block of data

Stream Cipher: stream cipher is a method of encrypting text (to produce cipher text) in which a cryptographic key and algorithm are applied to each binary digit in a data stream, one bit at a time.

Q5. Encryption? + .What is cipher and cipher text:

The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text; encrypted data is referred to as cipher text.

Q6. SSL (Secure Sockets Layer):

Secure Sockets Layer (SSL) is a computer networking protocol for securing connections between network application clients and servers over an insecure network, such as the internet.

Q7. Cryptosystems:

A cryptosystem encompasses all of the necessary components for encryption and decryption to take place. Pretty Good Privacy (PGP) is just one example of a cryptosystem.

Q8. Passive and active attack?

Passive attack:

Eavesdropping and sniffing data as it passes over a network are considered passive attacks because the attacker is not affecting the protocol, algorithm, key, message, or any parts of the encryption system. Passive attacks are hard to detect, so in most cases methods are put in place to try to prevent them rather than to detect and stop them. OR Passive attacks: it is indirect attack. The attacked host is completely unaware about this; hence it is called passive attack.

Active attacks:

Active attacks: Altering messages, modifying system files, and masquerading as another individual are acts that are considered active attacks because the attacker is actually doing something instead of sitting back and gathering data.

Q9. Cipher block chaining (CBC):

Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits are encrypted as a single unit or block with a cipher key applied to the entire block).

Q10. Encapsulation:

Encapsulation is the process of taking data from one protocol and translating it into another protocol, so the data can continue across a network.

 

Q11. Denial of service (Attack) DOS:

denial-of-service attack is a security event that occurs when an attacker takes action that prevents legitimate users from accessing targeted computer systems, devices or other network resources.

Q12. Cryptography:

Is the practice and study of techniques for secure communication in the presence of third parties called adversaries, More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages;

Q13. Hash function:

Producing hash values for accessing data or for security. A hash value, also called a message digest, is a number generated from a string of text. Hashing is also a common method of accessing data records.

Q14. (PKI) Public Key Infrastructure:

A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption.

Q15. Public & Private Keys

Private and public key are the two keys that two different entities are using in public key cryptography to decrypt (using the private) what have been encrypted with the public or reverse.

Q16. What is authentication?

In security systems, authentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity.

Q17. Digital Signature:

Digital Signature: A digital signature is process which is use for authentication, validity and integrity of the message. Digital signature used digital certificate signed by CA,

Q18. (CA) Certificate Authority:

Certificate Authority.  Create & signed the signature, issued to requester and monitor signature till its validity.

Q19. Crypt Analysis:

Cryptanalysis refers to the study of ciphers, cipher text, or cryptosystems (that is, to secret code systems) with a view to finding weaknesses in them that will permit retrieval of the plaintext from the cipher text, without necessarily knowing the key or the algorithm.

Q20. Data Origin authentication:

Data origin authentication is a property that a message has not been modified while in transit (data integrity) and that the receiving party can verify the source of the message.