UNIT 2

CHAPTER 9
NETWORK SECURITY

1. Why is a computer considered to be safe if it is not connected to

a network or Internet?
ANS : The computer is considered to be safe if it is not connected to a
network or the Internet because: Computer and network security aid in
the protection of data and devices. Data and network security are two of
a technician's secondary roles.
If a computer is not connected with the internet then it
will called safe because mostly threads can enter in the computer via
internet. Threats include all the ways in which one can exploit any
vulnerability or weakness in a network or communication system to
cause harm or damage one‘s reputation.

2. What is a computer virus? Name some computer viruses that

were popular in recent years.
ANS. A computer virus is a piece of software code created to
perform malicious activities and hamper resources of a computer
system like CPU time, memory, personal files, or sensitive information.
A computer virus infects other computer systems that it comes into
contact with by copying or inserting its code into the computer
programs or software (executable files).
A virus remains dormant on a system and is activated as
soon as the infected file is opened or executed by a user. Most viruses
self-replicate without the knowledge of the user. These viruses can be
spread from one system to another via email, instant messaging,
website downloads, removable media (USB), and network connections.
Some of the most common intentions or motives behind viruses include
stealing passwords or data, corrupting files, spamming the user‘s email
contacts, and even taking control of the user‘s machine. Some file types
are more susceptible to virus infections –
.doc/docx, .exe, .html, .xls/.xlsx, .zip.

some computer viruses that were popular in recent years:

CryptoLocker
ILOVEYOU
MyDoom
Sasser and Netsky
Slammer
Stuxnet.

3. How is a computer worm different from a virus?

ANS.
Basis of
Sr.No.Comparison WORMS VIRUS
A Virus is a malicious
executable code
attached to another
A Worm is a form of executable file which
malware that replicates itselfcan be harmless or
and can spread to different can modify or delete
1. Definition computers via Network. data.
The main objective of
worms is to eat the system
resources. It consumes
system resources such as
memory and bandwidth and
made the system slow in The main objective of
speed to such an extent that viruses is to modify the
2. Objective it stops responding. information.
 It doesn’t need a host to
replicate from one computer It requires a host is
3. Host to another. needed for spreading.
It is less harmful as
4. Harmful compared. It is more harmful.
Detection Worms can be detected and Antivirus software is
and removed by the Antivirus used for protection
5. Protection and firewall. against viruses.
Controlled Worms can be controlled by Viruses can’t be
6. by remote. controlled by remote.
Worms are executed via Viruses are executed
7. Execution weaknesses in the system. via executable files.
Worms generally comes
from the downloaded files or Viruses generally
through a network comes from the shared
8. Comes from connection. or downloaded files.
 Pop-up windows
 Hampering computer linking to malicious
performance by slowing websites
down it  Hampering
 Automatic opening and computer
running of programs performance by
 Sending of emails slowing down it
without your knowledge  After booting,
 Affected the performance starting of unknown
of web browser programs.
 Error messages  Passwords get
concerning to system changed without
9. Symptoms and operating system your knowledge
10. Prevention  Keep your operating  Installation of
system and system in Antivirus software
updated state  Never open email
 Avoid clicking on links attachments
from untrusted or  Avoid usage of
unknown websites pirated software
 Avoid opening emails  Keep your
from unknown sources operating system
 Use antivirus software updated
 Keep your browser

updated as old
versions are
vulnerable to linking
to malicious
and a firewall websites
Boot sector virus,
Internet worms, Instant Direct Action virus,
messaging worms, Email Polymorphic virus,
worms, File sharing worms, Macro virus, Overwrite
Internet relay chat (IRC) virus, File Infector virus
worms are different types of are different types of
11. Types worms. viruses
Examples of worms include Examples of viruses
Morris worm, storm worm, include Creeper,
12. Examples etc. Blaster, Slammer, etc.
It does not need human It needs human action
13. Interface action to replicate. to replicate.
Its spreading speed is
Its spreading speed is slower as compared to
14. Speed faster. worms.

4. How is Ransomware used to extract money from users?

ANS : Ransomware: It is a type of malware that targets user data. It either
blocks the user from accessing their own data or threatens to publish the
personal data online and demands ransom payment against the same. Some
ransomware simply blocks the access to the data while others encrypt data
making it very difficult to access. In May 2017, a ransomware WannaCry
infected almost 200,000 computers across 150 countries. It worked by
encrypting data and demanding ransom payments in the Bitcoin
cryptocurrency. It literally made its victims ―cry‖ and hence the name.
CryptoMalware is a type of ransomware that encrypts user files and requires
payment within a time frame and often through a digital currency like Bitcoin .
5. How did a Trojan get its name?
ANS : Trojan horse is any malware that misleads users of its true intent.
The term is derived from the Ancient Greek story of the deceptive
Trojan Horse that led to the fall of the city of Troy, The ancient Greeks
could not infiltrate the city of Troy using traditional warfare methods and so
they gifted the king of Troy with a big wooden horse with hidden soldiers
inside and eventually defeated them. This stands as the concept behind
the name Trojan.

6. How does an adware generate revenue for its creator?

ANS : Adware is an "advertising-supported software" that displays ads on
websites and collects data on a user's behavior for marketing purposes.
An Adware is a malware that is created to generate revenue for its
developer.
An adware displays online advertisements using pop-ups, web
pages, or installation screens. Once an adware has infected a
substantial number of computer systems, it generates revenue
either by displaying advertisements or using ―pay per click‖
mechanism to charge its clients against the number of clicks on their
displayed ads. Adware is usually annoying, but harmless.

7. Briefly explain two threats that may arise due to a keylogger

installed on a computer.
ANS : A keylogger can either be malware or hardware. The main
purpose of this malware is to record the keys pressed by a user on
the keyboard. A keylogger makes logs of daily keyboard usage and
may send it to an external entity as well. In this way, very sensitive
and personal information like passwords, emails, and private
conversations can be revealed to an external entity without the
knowledge of the user. One strategy to avoid the threat of password
leaks by keyloggers is to use a virtual keyboard while signing into
your online accounts from an unknown computer.

8. How is a Virtual Keyboard safer than On Screen Keyboard?

ANS : The names ―on-screen‖ and ―virtual‖ keyboard refer to any
software-based keyboard and are sometimes used interchangeably.
But, there exists a notable difference between ―on-screen‖ and
―online virtual‖ keyboards. Both types of keyboards may look the
same, but the difference is in terms of the layout or ordering of the
keys. The on-screen keyboard of an operating system uses a fixed
QWERTY key layout , which can be exploited by sophisticated
keylogger software.
The on-screen keyboard of an operating system uses a fixed
QWERTY key layout whereas an online virtual keyboard randomizes the
key layout every time it is used and thus making it very difficult for a
keylogger software to record the keys pressed by the user.

9. List common signs of malware infection and explain different

modes of malware distribution.
ANS : Common signs of some malware infection include the
following:
 frequent pop-up windows prompting you to visit
 some website and/or download some software;
 changes to the default homepage of your web browser;
 mass emails being sent from your email account;
 unusually slow computer with frequent crashes;
 unknown programs start-up as you turn on your computer;
 programs opening and closing automatically;
 sudden lack of storage space, random messages, sounds, or music
start to appear;
 programs or files appear or disappear without your knowledge.

10. List some preventive measures against malware infection.

ANS : some preventive measures against the malware :
 Using antivirus, anti-malware, and other related software and updating
them on a regular basis.
 Configure your browser security settings
 Always check for a lock button in the address bar while making
payments.
 Never use pirated on unlicensed software. Instead go for Free and
Open Source Software (FOSS).
 Applying software updates and patches released by its manufacturers.
 Taking a regular backup of important data.
 Enforcing firewall protection in the network.
 Avoid entering sensitive (passwords, pins) or personal information on
unknown or public computers.
 Avoid entering sensitive data on an unknown network (like Wi-Fi in a
public place) using your own computer also.
 Avoid clicking on links or downloading attachments from unsolicited
emails.
 Scan any removable storage device with an antivirus software before
transferring data to and from it.
 Never share your online account or banking password/pins with
anyone.
 Remove all the programs that you don‘t recognise from your system.
  Do not install an anti-spyware or antivirus program presented to you in
a pop-up or ad.
 Use the pop-up window‘s „X‟ icon located on the top-right of the popup
to close the ad instead of clicking on the „close‟ button in the pop-up.
If you notice an installation has been started, cancel immediately to
avoid further damage.

11. What are the risks associated with HTTP? How can we
resolve these risks by using HTTPS?
ANS : Both the HTTP (Hyper Text Transfer Protocol) and its variant
HTTPS (Hyper Text Transfer Protocol Secure) are a set of rules
(protocol) that govern how data can be transmitted over the WWW
(World Wide Web). In other words, they provide rules for the client
web browser and servers to communicate. HTTP sends information
over the network as it is. It does not scramble the data to be
transmitted, leaving it vulnerable to attacks from hackers. Hence,
HTTP is sufficient for websites with public information sharing like
news portals, blogs, etc. However, when it comes to dealing with
personal information, banking credentials and passwords, we need
to communicate data more securely over the network using HTTPS.
HTTPS encrypts the data before transmission. At the receiver end, it
decrypts to recover the original data. The HTTPS based websites
require SSL Digital Certificate.

12. List one advantage and disadvantage of using Cookies.

ANS : Advantages of cookies:-
1. Cookies do not require any server resources since they are stored on the
client.
2. Cookies are easy to implement.
3. You can configure cookies to expire when the browser session ends
(session cookies) or they can exist for a specified length of time on the client
computer (persistent cookies).
Disadvantages of cookies:-
1. Users can delete a cookies.
2. Users browser can refuse cookies,so your code has to anticipate that
possibility.
3. Cookies exist as plain text on the client machine and they may pose a
possible security risk as anyone can open and tamper with cookies

13. Write a short note on White, Black, and Grey Hat Hackers.
ANS: Hackers and crackers are people having a thorough knowledge of
the computer systems, system software (operating system), computer
networks, and programming. They use this knowledge to find loopholes
and vulnerabilities in computer systems or computer networks and gain
access to unauthorized information. In simple terms, a hacker is a
person that is skilled enough to hack or take control of a computer
system. Depending on the intent, there are different types of hackers.

1. White Hats: Ethical Hacker If a hacker uses its knowledge to find and
help in fixing the security flaws in the system, its termed as White Hat
hacker. These are the hackers with good intentions. They are actually
security experts. Organizations hire ethical or white hat hackers to
check and fix their systems for potential security threats and loopholes.
Technically, white hats work against black hats.

.2 Black Hats: Crackers If hackers use their knowledge unethically to

break the law and disrupt security by exploiting the flaws and loopholes
in a system, then they are called black hat hackers.
3 Grey Hats The distinction between different hackers is not always
clear. There exists a grey area in between, which represents the class of
hackers that are neutral, they hack systems by exploiting its
vulnerabilities, but they don‘t do so for monetary or political gains. The
grey hats take system security as a challenge and just hack systems for
the fun of it.

14. Differentiate between DoS and DDoS attack.

ANS : Difference between DOS and DDOS attacks:

DOS DDOS

DDOS Stands for Distributed Denial of

DOS Stands for Denial of service attack. service attack.

In Dos attack single system targets the In DDoS multiple systems attacks the victims
victim system. system..

Victim PC is loaded from the packet of Victim PC is loaded from the packet of data
data sent from a single location. sent from Multiple location.

Dos attack is slower as compared to

DDoS. DDoS attack is faster than Dos Attack.

It is difficult to block this attack as multiple

Can be blocked easily as only one system devices are sending packets and attacking
is used. from multiple locations.

In DOS Attack only single device is used In DDoS attack,The volumeBots are used to
with DOS Attack tools. attack at the same time.

DOS Attacks are Easy to trace. DDOS Attacks are Difficult to trace.
 DOS DDOS

DDoS attacks allow the attacker to send

Volume of traffic in the Dos attack is less massive volumes of traffic to the victim
as compared to DDos. network.

Types of DOS Attacks are: 1. Buffer

overflow attacks 2. Ping of Death or ICMP Types of DDOS Attacks are: 1. Volumetric
flood 3. Teardrop Attack 4. Flooding Attacks 2. Fragmentation Attacks 3.
Attack Application Layer Attacks 4. Protocol Attack.

15. How is Snooping different from Eavesdropping?

ANS : Snooping: Snooping in network security is a technique in which

criminals get unauthorized access to another person’s data or company’s data.
Snooping in network security includes casual observance of an email that
appears on the user’s computer screen. More sophisticated Snooping in
network security uses software programs to remotely monitor activity on a
computer/network device.

Snooping in network security leads to loss of privacy of several kinds of

information that should be private for a computer network. They may be one
or all the following:

 Passwords
 Financial details
 Private data
 Low-level internet protocol information

However, companies also sometimes snoop on its employees legally to

monitor their use of business systems and track Internet usage. Governments
snoop on individuals to collect information to stop terrorism and crime. Main
purpose of snooping is to listen or read communication or browse through
files or system information of the user’s system.

Although snooping is always taken in a harmful sense, what snooping

actually means is to track activity of a person using any program or utility
that performs a monitoring function in computer technology. For example, a
snoop server is used to capture network traffic for analysis, and the snooping
protocol monitors information on a computer bus to ensure efficient
processing.

Eavesdropping : An eavesdropping attack, also known as a sniffing or

snooping attack, is a theft of information as it is transmitted over a network
by a computer, smartphone, or another connected device. The attack takes
advantage of unsecured network communications to access data as it is
being sent or received by its user. An eavesdropping attack can be difficult to
detect because the network transmissions will appear to be operating
normally. To be successful, an eavesdropping attack requires a weakened
connection between a client and a server that the attacker can exploit to
reroute network traffic. The attacker installs network monitoring software,
the “packet sniffer,” on a computer or a server to intercept data as it is
transmitted.