Download DOC Word file from below links
Link 1: http://gestyy.com/eiT4zZ
Link 2: http://fumacrom.com/RQRL
Disclaimer: Above doc file is only for education purpose only
Contains some important questions on information security/cyber security
Q1) When you want to authenticate yourself to your computer, most likely you type in your username and password. The username is considered public knowledge, so it is the password that authenticates you. Your password is something you know.
1.1 It is also possible to authenticate based on something you are, that is, a physical characteristic. Such a characteristic is known as a biometric. Give an example of biometric-based authentication.
1.2 It is also possible to authenticate based on something you have, that is, something in your possession. Give an example of authentication based on something you have.
1.3 Two-factor authentication requires that two of the three authentication methods (something you know, something you have, something you are) be used. Give an example from everyday life where two-factor authentication is used. Which two of the three are used?
Q2) Malware is software that is intentionally malicious, in the sense that it is designed to do damage or break the security of a system. Malware comes in many familiar varieties, including viruses, worms, and Trojans.
2.1 Has your computer ever been infected with malware? If so, what did the malware do and how did you get rid of the problem? If not, why have you been so lucky?
2.2 In the past, most malware was designed to annoy users. Today, it is often claimed that most malware is written for profit. How could malware possibly be profitable?
Q3) What is war dialling and war driving?
Q4) Suppose that we have a computer that can test 240 keys each second.
4.1 What is the expected time (in years) to find a key by exhaustive search if the key space is of size 288?
4.2 What is the expected time (in years) to find a key by exhaustive search if the key space is of size 2112?
4.3 What is the expected time (in years) to find a key by exhaustive search if the key space is of size 2256?
Q5) What kind of attacks are possible on mobile/cell phones? Explain with example.
Q6) Explain the countermeasures to be practiced for possible attacks on mobile/cell phones.
9548086042 for call girls in Indira Nagar with room service
Information security questions
1. Assignment
Q1) When you want to authenticate yourself to your computer, most likely you
type in your username and password. The username is considered public
knowledge, so it is the password that authenticates you. Your password is
something you know.
1.1 It is also possible to authenticate based on something you are, that is,
a physical characteristic. Such a characteristic is known as a
biometric. Give an example of biometric-based authentication.
1.2 It is also possible to authenticate based on something you have, that
is, something in your possession. Give an example of authentication
based on something you have.
1.3 Two-factor authentication requires that two of the three
authentication methods (something you know, something you have,
something you are) be used. Give an example from everyday life
where two-factor authentication is used. Which two of the three are
used?
Ans: 1.1. Iris recognition is an automated method of biometric identification that uses
mathematical pattern-recognition techniques on video images of one or both of
the irises of an individual's eyes, whose complex patterns are unique, stable, and
can be seen from some distance.
The iris authentication matches the complex mathematical patterns of the irises
which are significantly unique for each. A comprehensive study on biometric
authentication found that the false rejection rate of iris authentication is only
1.8% which is the lowest.
1.2.
Aadhaar Card, we can authenticate using our Aadhaar Card.
Our Phone Number can also be used to authenticate with the help of OTP.
1.3.
It can be our SIM card number. It is something we know, and we have. When
we authenticate using phone number, OTP is sent to our mobile. This acts as two
factor authentication.
Q2) Malware is software that is intentionally malicious, in the sense that it is
designed to do damage or break the securityof a system. Malware comes in many
familiar varieties, including viruses, worms, and Trojans.
2.1 Has your computer ever been infected with malware? If so, what did
the malware do and how did you get rid of the problem? If not, why have
you been so lucky?
2.2 In the past, most malware was designedto annoy users. Today, itisoften
claimed that most malware is written for profit. How could malware
possibly be profitable?
2. Ans: 2.1. My system has not been affected with malware because:
• I have antivirus system installed and up to date.
• Always keep the Windows updated.
• Do not have used external removable devices from unauthorised sources.
• Not opened any malicious websites on browser.
• Always performed scanning before executing a new file.
• Always downloaded files from secured sources.
2.2. Malware can be profitable for many attackers. They can steal and sell
information of users.
They can also encrypt the system files in a running PC and can be accessible
only when a certain given amount of money is paid to the attacker. There are
called Ransomwares.
Spamming, phishing can also lead to loss of your account money. With your
account details they can use money.
Q3) What is war dialling and war driving?
War dialling uses a software program to automatically call large numbers of telephone
numbers in a defined range to search for ones that have a modem attached. The hacker
simply enters an area code and the three-digit exchange of a phone number. The war
dialler will then call all numbers having that area code and starting with that exchange.
Corporations are particularly vulnerable to this type of attack because each of their
locations is typically assigned phone.
Wardriving may be as simple as searching for free Wi-Fi using a smartphone inside an
automobile. However, the definition usually applies to a hardware and software
configuration specifically designed for locating and recording Wi-Fi networks.
Wardriving is the act of searching for Wi-Fi networks from a moving vehicle. It
involves slowly driving around an area with the goal of locating Wi-Fi signals. This
may be accomplished by an individual or by two or more people, with one person
driving and others searching for wireless networks.
Q4) Suppose that we have a computer that can test 240 keys each second.
4.1 What is the expected time (in years) to find a key by exhaustive search
if the key space is of size 288?
4.2 What is the expected time (in years) to find a key by exhaustive search
if the key space is of size 2112?
4.3 What is the expected time (in years) to find a key by exhaustive search
if the key space is of size 2256?
Ans: 4.1. In 1 second = 240
keys computed
3. Size of given key space = 288
keys
So,
288
240
= 248
seconds required
In years,
248
365𝑥24𝑥60𝑥60
= 8925510.528 years
4.2. In 1 second = 240
keys computed
Size of given key space = 2112
keys
So,
2112
240
= 272
seconds required
In years,
272
365𝑥24𝑥60𝑥60
= 1.49 x 1014 years
4.3. In 1 second = 240
keys computed
Size of given key space = 2256
keys
So,
2256
240
= 2216
seconds required
In years,
2216
365𝑥24𝑥60𝑥60
= 3.33 x 1057 years
Q5) What kind of attacks are possible on mobile/cell phones? Explain with
example.
1. Malicious apps
When a user visits Google Play or the App Store to download apps that look innocent
enough, the apps ask for a list of permissions before people can download them. This
led to a serious threat when ignored.
2. Weak Passwords
Having weak password is easy to be cracked. Weak passwords can be opened using
brute force technique and can be exploited.
3. Public Wi-Fi
Instead of connecting directly to a network, people are tricked into accessing a network
that looks authentic, but it is actually controlled by a hacker
4. Wi-Fi Hijacking
Some attackers try to get access of your Wi-Fi systems. They try to find poorly secured
wireless connections using War Driving.
4. 5. Bluetooth snooping and Fuzzing
Attackers can also use Bluetoothnetwork to steal information for victim’s device. Some
Bluetooth devices can automatically connect without the need of Passwords. This
creates vulnerability.
Q6) Explain the countermeasures to be practiced for possible attacks on
mobile/cell phones.
Malicious apps
Do not give extra permissions for certainapps which is not required forits functionality.
Do not download apps from unknown sources.
Weak Passwords
Always try to use all alphanumeric characters along with special symbols like ‘@’,’#’,’-
‘, etc.
Public Wi-Fi
Try to avoid accessing public Wi-Fi or try to avoid doing using services which requires
details of the user. Do not enter your important details in a public Wi-Fi environment.
Wi-Fi Hijacking
Always keep your admin password confidential and use strong password and do not
share with other non- authorized users.
Bluetooth snooping and Fuzzing
Always keep off your Bluetooth when there is no need. Try to avoid using Bluetooth
devices in public places or try to secure it by setting password.
Q7) What kind of cyber securitymeasures an organization should have to take in
case of portable storage devices? Prepare security guidelines which can be
implemented in an organization.
Set up surveillance in all places using intrusion systems, cameras and detection
systems. A video surveillance camera placed in a location that makes it difficult
to tamper with or disable (or even to find) but gives a good view of persons
entering and leaving.
Backing up important data is an essential element in disaster recovery, but don't
forget that the information on those backup tapes, disks, can be stolen and used
by someone outside the company
Laptops and handheld computers pose special physical security risks. A thief can
easily steal the entire computer, including any data stored on its disk as well as
network logon passwords that may be saved.
5. If you don't want employees copying company information to removable media,
you can disable or remove floppy drives, USB ports, and other means of
connecting external drives.
Even before you lockdown the servers, in fact, before you even turn them on for
the first time, you should ensure that there are good locks on the server room
door.
Q8) Explain the various measures for protectionof laptops through physical and
logical control measure.
Physical security
Try to use cables and hard-wired locks
Laptop safes can also be used.
Motion sensors and alarms can be used
Can be protected using warning labels and stamps
Setup an intrusion detection system
Proper handling of removable drives
Logical Security
Avoid installing malicious programs/softwares
Use strong password with more randomness
Install antivirus softwares
Always keep the Firewall updated
Regularly install security patches and updates
Locking down unwanted ports and devices