a) Write short note on DOS. Ans: A DOS, or disk operating system, is an operating system that runs from a disk drive. The term can also refer to a particular family of disk operating systems, most commonly MS-DOS, an acronym for Microsoft DOS. An operating system (OS) is the software that controls a computer's hardware and peripheral devices and allows other software programs to function. b) What is computer security and it’s need. Ans: Computer network security is an important aspect in today's world. Now days due to various threats designing security in organization is an important consideration. It is essential to understand basic security principles, various threats to security and techniques to address these threats. c) Explain access control policies.. Ans: Considered a key component in a security plan, access control policies refer to rules or policies that limit unauthorized physical or logical access to sensitive data. An access control policy secures sensitive data and minimizes the risk of an attack. Access control policies function by authenticating user credentials, proving their identity, and allowing the pre-approved permissions associated with their username and IP address. d) Describe the term Identification and Authentication. Ans: When user logged on to a computer, he performs two tasks. Identification:- Enter username & password Authentication : Prove that you are who claim to be After entering & password, the computer will compare this input against the entries stored in password input Login is successful if username login is fail. password. is valid and if wrong then login is fail Many systems count the foil login attempts & prevent or deny next attemp when threshold has been reached. Now a day, many computer systems use identification & authentication through username and password as first step of protection e) Define virus and list any two types of virus Ans: A computer virus is a program which can harm our device and files and infect them for no further use. When a virus program is executed, it replicates itself by modifying other computer programs and instead enters its own coding. Boot Sector Virus - It is a type of virus that infects the boot sector of floppy disks or the Master Boot Record (MBR) of hard disks. The Boot sector comprises all the files which are required to start the Operating system of the computer. ne virus either overwrites the existing program or copies itself to another part of the disk. Direct Action Virus - When a virus attaches itself directly to a .exe or .com file and enters the device while its execution is called a Direct Action Virus. If it gets installed in the memory, it keeps itself hidden. It i also known as Non-Resident Virus. Q. 2 Attempt any Three a) Define the terms i) Encryption ii) Decryption. Ans: i) Enceyption-: Encryption is used to protect data from being stolen, changed, or compromised and works by scrambling data into a secret code that can only be unlocked with a unique digital key. Encrypted data can be protected while at rest on computers or in transit between them, or while being processed, regardless of whether those computers are located on-premises or are remote cloud servers. ii) Definition: The conversion of encrypted data into its original form is called Decryption. It is generally a reverse process of encryption. It decodes the encrypted information so that an authorized user can only decrypt the data because decryption requires a secret key or password. b) Explain Man-in- Middle attack with help of diagram. Ans: A MITM attack is a form of cyber-attack where a user is introduced with some kind of meeting between the two parties by a malicious individual, manipulates both parties and achieves access to the data that the two people were trying to deliver to each other. A man-in-the-middle attack also helps a malicious attacker, without any kind of participant recognizing till it's too late, to hack the transmission of data intended for someone else and not supposed to be sent at all. In certain aspects, like MITM, MitM, MiM or MIM, MITM attacks can be referred. If an attacker puts himself between a client and a webpage, a Man-in- the-Middle (MITM) attack occurs. This form of assault comes in many different ways. c) Explain CIA Model of computer security Ans: Explain CIA rule in computer security. i. Confidentiality, integrity and availability, aho known as the CIA triad, in a model designed to guide policies for information security within an organization. ii. The following is a breakdown of the three key concepts that form the CIA triad: iii. Confidentiality is coughly equivalent to privacy. Confidentiality measures are designed to prevent sensitive information from unauthorized access attempts. It is common for data to be categorized according to the amount and type of damage that could be done if it fell into the wrong hands. More or less stringent measures can then be implemented according to those categories. iv. Integrity involves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people (for example, in a breach of confidentiality) v. Availability means information should be consistently and readily accessible for authorized parties. This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information. vi. Non-Repudiation is associated with verifying the identities of individuals or companies who are participating in an on-line transaction. The main purpose of authenticating identities online is to prevent one party or the other from denying the transaction. vii. Accountability is an essential part of an information security plan. The phrase means that every individual who works with an information system should have specific responsibilities for information assurance. viii. Authentication is an access control method (s) used to verify the fentity of an individual who is attempting to gain access into an information asset.
d) Describe piggybacking and shoulder surfing.
Ans: i) Shoulder surfing: It is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is a similar procedure in which attackers position themselves in such a way as to- be-able to observe the authorized user entering the correct access code. • Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. ii) Piggybacking: Piggybacking on Internet access is the practice of establishing a wireless Internet connection by using another subscriber's wireless Internet access service without the subscriber's explicit permission or knowledge.
