In this section, we’ll talk about an important question from the introduction to AKTU Unit 1 on Computer System Security. I wish you success on your next examinations and I hope this article will be helpful.
Dudes 🤔.. You want more useful details regarding this subject. Please keep in mind this as well. Important Questions For Computer System Security: *Unit-01 *Unit-02 *Unit-03 *Unit-04 *Unit-05 *Short-Q/Ans *Question-Paper with solution 21-22
Q1. Explain briefly computer security. How you will design the policies for information security within an organization ?
1. Information systems must be protected from theft or damage to its hardware, software, and data through the use of computer security.
2. Controlling physical access to the hardware is part of this, as is preventing damage via network access, data and code injection, and operator error.
We can design the policies for information security within an organization by providing:
1. Confidentiality: Only authorized users can access the data resources and information.
2. Integrity: Only authorized users should be able to modify the data when needed.
3. Availability: Data should be available to users when needed.
4. Authentication: Communicating with the authorized.
Ans. Problems related with computer security are :
1. Phishing: Phishing is the practise of attempting to obtain sensitive information from people by posing as a reliable institution in an online contact, such as their banking and credit card information (e-mail, social media, etc).
2. Vishing: Vishing (voice phishing) is a method used by con artists to get their victims to send money or personal information over the phone.
3. Smishing: Any situation in which text messages are delivered in an effort to trick recipients into sending money or clicking on dubious links is known as smishing (SMS phishing).
- a. Pharming is a cyberattack designed to divert traffic from one legitimate website to a false one.
- b. Pharming can be carried either by altering the hosts file on the victim’s computer or by taking advantage of a DNS server software bug.
- c. In pharming, no conscious user interaction is required.
a. A software flaw known as a vulnerability gives a bad actor the ability to directly access a system or network and launch an attack.
b. An attacker may be able to utilise vulnerabilities to pretend to be a superuser or even the system administrator, giving them unlimited access rights.
a. It offers a hostile actor covert access to a network or system.
b. An exposure might make it possible for a hacker to gather private data covertly.
Q3. Discuss the security mechanism used to provide security in computer system.
Ans. Security mechanisms used to provide security in computer system are:
1. Encipherment :
- a. Encipherment is an algorithm that transforms data from plaintext to ciphertext in order to accomplish encryption or decryption.
- b. Cryptography and steganography are used for enciphering.
2. Data integrity :
- a. The upkeep and assurance of the data’s accuracy throughout its full life-cycle is known as data integrity.
- b. By comparing the check value created and received, data integrity is maintained.
3. Digital signature :
- a. A digital signature enables both the sender and the recipient of the material to electronically sign and verify the signature.
- b. Public and private keys can be used.
4. Authentication exchange : In an authentication exchange, two entities communicate with one another to establish their identities.
5. Traffic padding : To avoid illegal use of the traffic analysis, some bogus data is inserted into the data transmission. This is known as traffic padding.
6. Routing control : To prevent the adversary from listening in on a specific route, routing control entails choosing and constantly switching between the various available routes between sender and recipient.
7. Notarization :
- a. Selecting a third reliable party to manage communication between two entities is known as notarization.
- b. In order to prevent the sender from subsequently disputing that they submitted a request, the receiver can enlist the help of a reliable third party to store the request.
Q4. Discuss various attacks in computer security.
Ans. Various attacks in computer security :
1. Malware :
- a. Malicious software, such as spyware, ransomware, viruses, and worms, is referred to as malware.
- b. Usually when a user follows a risky link or email attachment and subsequently instals risky software, malware enters a network through a vulnerability.
2. Macro viruses :
- a. These viruses infect applications such as Microsoft Word or Excel.
- b. Macro viruses attach to an application’s initialization sequence.
- c. The virus starts to carry out its instructions as soon as the application is opened before giving control to the application.
- d. The virus replicates itself and attaches to other code in the computer system.
3. File infectors :
- a. Usually, file infector infections affix themselves to .exe files and other executable programmes.
- b. The virus is installed when the code is loaded.
4. System or boot-record infectors :
- a. A boot-record virus attaches to the master boot record on hard disks.
- b. The boot sector of the system will be examined when the system boots up, and the virus will be loaded into memory, where it can spread to other drives and computers.
5. Stealth viruses :
- a. Stealth viruses take over system functions to conceal themselves.
- b. In order for malware detection software to report an infected region as being clean, it must be compromised.
- c. These infections cover up any growth in a file’s size or adjustments to the latest update date or time.
6. Trojans :
- a. A Trojan is a program that hides in a useful program and has a malicious function.
- b. A major difference between viruses and Trojans is that Trojans do not self-replicate.
7. Logic bombs : A sort of malicious software known as a “logic bomb” is added to a programme and is activated by a particular event, such as a logical condition or a particular date and time.
8. Worms :
- a. Worms are self-contained programmes that spread through networks and computers, unlike viruses, which connect to a host file.
- b. Email attachments are a frequent way for worms to spread, and opening the attachment launches the worm software.
9. Droppers :
- a. A virus installation application known as a “dropper” is utilised on computers. The dropper is frequently free of harmful code, making it possible for virus detection software to miss finding it.
- b. Additionally, a dropper can use an internet connection to download updates for virus software that is already installed on a compromised system.
10. Ransomware : An example of malware known as ransomware is when it threatens to publish or delete the victim’s data unless a ransom is paid.
11. Denial of service attack :
- a. A denial of service attack overloads servers, networks, or systems with traffic in order to consume bandwidth and resources.
- b. Because of this, the system is unable to satisfy valid requests. This attack can also be carried out by attackers using numerous compromised devices.
- c. This is known as a Distributed Denial of Service (DDoS) attack.
Q5. Write short note on server-side attack and insider attack.
Ans. Server-side attacks :
- 1. Server-side attacks are conducted directly at a listening service by an attacker (the client).
- 2. Attacks against servers’ data and programmes are aimed at compromising and breaching them.
- 3. Server-side attacks exploit vulnerabilities in installed services.
Insider attacks :
- 1. An insider attack is a malicious attack carried out on a computer system or network by a user who has been granted access to the system.
- 2. Attackers who are within to the organization have a distinct advantage over external attackers since they are permitted to access the system and may be familiar with its design, policies, and processes.
- 3. Additionally, as many firms prioritize defence against external attacks, there can be less security against internal attacks.
Q6. Discuss control hijacking in computer security.
Ans. 1. A particular kind of network security assault called a “hijacking” involves the attacker seizing control of a communication.
2. A man in the middle attack, sometimes referred to as a hijacking, occurs when an established connection is taken over while it is still active.
3. In order to make it look as though the two original parties are still in direct communication with one another, the attacker intercepts messages in a public key exchange and then retransmits them using their own public key instead of the one that was requested.
4. The attacker employs a programme that appears to the client as the server and to the server as the client.
5.Using this approach, the attacker may be able to view the messages or modify them before retransmitting them.
6. Attacker’s goal in control hijacking:
- a Takeover target machine (for example web server)
- b. Execute arbitrary code on target by hijacking application control flow
7. There are three types of control hijacking in computer security :
- a. Buffer overflow attacks
- b. Integer overflow attacks
- c. Format string vulnerabilities
Important Question with solutions | AKTU Quantums | Syllabus | Short Questions
Computer System Security Quantum, Syllabus, Important Questions
|Question paper – 2021-22
Computer System Security Quantum PDF: | AKTU Quantum PDF:
AKTU Important Links | Btech Syllabus
|Btech AKTU Circulars
|Btech AKTU Syllabus
|Btech AKTU Student Dashboard
|AKTU RESULT (One VIew)