IIS EXAM

Q 1. Define the following types of attacks –

1. Trap doors, 2. Logic bombs, 3. Trojan horse, 4. Virus, 5. Worm

1. Trapdoors
In computing terms a trapdoor specifies a hidden entry into a system.
This hidden door then can be used to gain access to the compromised system
without the knowledge of the concerned party.

A trapdoor in a login system might take the form of a hard coded user and
password combination which gives access to the system.

Using a typical trapdoor, someone can

1. Gain access without anyone knowing,

2. Remain hidden from casual oversight.

2. Logic bombs
A logic bomb is a piece of code that is inserted into a computer program
to do something that was originally not the purpose of that software.

Logic bombs may reside within standard computer programs or it maybe included
as part of a payload in an malicious software. Such as viruses, worms etc.

An example of a logic bomb could be a specific program stops working after a

specific date.

There are different types of logic bombs. Such as

Time bombs
In a time bomb attack, malicious codes are inserted into a program. The
aim is to do damage on a specific date or time.

Arbitrary code execution

Malicious coding can also be used to allow arbitrary code to be executed.
 Say for example, if a specific condition is meet, a piece of damaging code could
be executed to harm the machine.

3. Trojan Horse
A trojan horse is a computer program or part of a computer program, which hides
it’s original activities and pretends to be doing something else. A trojan horse
does not spread by itself. Rather, the victim has to be tricked into executing it in
his/her computer. In some cases, a trojan horse can be manually installed in a
specific computer.

Methods of Infection

The program may have come to the user through an unsuspecting email claiming
to be an important document, a very attractive picture or screen saver or some
thing of interest to the user. Sometimes, the user can be infected by a trojan
simply by visiting a malicious website.

Some well-known trojan horses are -

Back Orifice, Back Orifice 2000, Beast Trojan, NetBus, SubSeven.

4. Virus
In the arena of computer security, a virus is a computer program that spreads by
inserting copies of itself into other programs.

Most viruses are written with the intent of causing harm. There are also some
viruses whose aim is to just cause irritation on the part of the user.

Different types of viruses:

Resident Viruses
This type of viruses tries to keep themselves in computer memory from
the moment they are able too load themselves in main memory.

Non-resident Viruses
This viruses don’t stay resident in memory.
 Boot sector viruses
This types of viruses infect the hard disk partition table.

5. Worm
Computer worm is a self-replicating computer program similar to a computer
virus.
A virus attaches itself to, and becomes part of, another executable program;
however, a worm is self-contained and does not need to be part of another
program to propagate itself.
They are often designed to exploit the file transmission capabilities found on
many computers. The main difference between a computer virus and a worm is
that a virus cannot propagate by itself whereas worms can.
A worm uses a network to send copies of it to other systems and it does so
without any intervention. In general, worms harm the network and consume
bandwidth, whereas viruses infect or corrupt files on a targeted computer.
Q 2. Prepare a checklist for the following level of network security skills –

 
            
 a. User level, b. Network Administrator level, c. Software development level
   

User level skills

1. Uses a personal firewall such as zone alarm or kerio personal firewall.
2. Uses a personal virus scanner such as Avg Free or Norton AntiVirus.
3. Always scans attachments for viruses.
4. Uses precaution when opening attachments from unknown senders.
5. Keeps the installed softwares updated.
6. Scans removable media for viruses before using them.
7. Scans hard drive for viruses in a regular manner using updated virus signatures.

Network administrator skills

1. Keeps the network hardware working smoothly and updates the inbuilt firmware if a flaw in
found.
2. Keeps an eye on the types of softwares used on the network.
3. Prevents compromised computers from communicating through the network until they are
fixed.
4. Looks out for common software security misconfiguration(s).
5. Most importantly, maintains the network security policy approved by higher management. If no
such management exists then creates and maintains a security policy by himself.
6. Able to handle network security crisis.

Software development level skills

1. Uses updated/required network communication protocols to write (network related) softwares.
2. If necessary uses encryption for communication in the required softwares.
3. Makes the management of the programs as documented as possible.
4. Always looks out for bugs and tries to fix them.
5. Makes solutions necessary to meet the network security needs/demands.
Q 3. Describe about Linux file system

The linux filesystem is quite different from the windows filesystem.

1. Linux uses the ext3 (previously ext2, ext) filesystem to format its partitions.

2. There is only a single hierarchal directory structure. Everything starts from the root dir-
ectory, represented by '/'

3. Under Windows, the various partitions are detected at boot and assigned a
drive letter. Under Linux, unless you mount a partition or a device, the
system does not know of the existence of that partition or device.

4. Linux uses the forward slash “/” symbol to differentiate between directories.

5.Linux is also case sensitive.

6. the root directory of generic linux distributions contain the following directories

bin/ dev/ home/ lost+found/ proc/ sbin/ usr/

boot/ etc/ lib/ mnt/ root/ tmp/ var/

/sbin - This directory contains all the binaries that are essential to the
working of the system.

/bin - In contrast to /sbin, the bin directory contains several useful

commands that are used by both the system administrator as well as
non-privileged users.

/usr/bin, which contains other user binaries. These binaries

on the other hand are not essential for the user.
/boot - This directory contains the system.map file as well as the Linux
kernel.

/dev – This directory lists the different components available to the system.

/etc - This directory contains all the configuration files for your system.

/home – Contains the user specific directories.

/lib - This contains all the shared libraries that are required by system
programs.

/lost+found – After a system crash, fsck or e2fsck runs and checks the whole system for
filesystem corruption. If any recoverable files are found, they are place in this directory.

/mnt – Generic mount point for different partitions, cdroms etc.

/opt - This directory contains all the software and add-on packages that
are not part of the default installation.

/root – Home folder of the system administrator.

/tmp – Temporary files folder.

/usr - This is one of the most important directories in the system as it

contains all the user binaries. X and its supporting libraries can be
found here. User programs like telnet, ftp etc are also placed here.

And there are more important directories under linux.

Q 4. Describe the functions of a packet analyzer like Ethereal

Functions

Ethereal is still technically beta software, but it has a comprehensive feature set and is
suitable for production use. Here is the list of features, current as of version 0.9.14, in no
particular order:

• Data can be captured "off the wire" from a live network connection, or read from 
a capture file. 
• Ethereal can read capture files from tcpdump (libpcap), Sniffer™ Pro, Microsoft's 
Network Monitor, Novell's LANalyzer, Cisco Secure IDS iplog, the pppd log 
(pppdump­format). 
• Live data can be read from Ethernet, FDDI, PPP, Token­Ring, IEEE 802.11, Clas­
sical IP over ATM, and loopback interfaces (at least on some platforms; not all of 
those types are supported on all platforms). 
• Captured network data can be browsed via a GUI, or via the TTY­mode "tethere­
al" program. 
• Capture files can be programmatically edited or converted via command­line 
switches to the "editcap" program. 
• 759 protocols can currently be dissected: 
Q 5. Write a report on five common settings and activities taking place on internet 

enabled computers that make them vulnerable.

The common settings & activities that make the Internet enabled computers vulnerable:

1. Internet Explorer: Microsoft Internet Explorer is the most popular browser used for web surf-
ing and is installed by default on each Windows system. Internet Explorer contains multiple
vulnerabilities that can lead to memory corruption, spoofing and execution of arbitrary scripts.

2. Microsoft Office and Outlook Express: The attacker sends the malicious Office document in
an email message. Viruses can exploit this attack factor if the user opens and saves this
message into his folder without verifying the sender.

3. Windows Libraries:
Windows applications leverage a large number of system libraries often packaged in DLL files.
The reasons of vulnerabilities in windows libraries: Windows System may not have all the latest
security patches installed.

4. Windows Services:
The family of Windows Operating systems supports a wide variety of services, networking
methods and technologies. Vulnerabilities in these services that implement these Operating
System functionalities are one of the most common avenues for exploitation.

5. File Sharing Applications:

Peer-to-Peer File Sharing Programs (P2P) is used by a rapidly growing user base. Some P2P
program may have backdoors or bugs that could allow attacks through it.

6. Instant Messaging Applications:

Messages sent through IM application are usually sent unencrypted. So, if we send our 

credit card number through it, the number could easily be read by a third party.
Q 6. What is encryption? Describe how the encryption technology is being used to 

maintain integrity and privacy of the contents.

Encryption:

• Cryptography is the science of using mathematics to encrypt and decrypt data.

• Cryptography enables us to store sensitive information or transmit it across insecure

networks (like the Internet) so that it cannot be read by anyone except the intended
recipient.

How does encryption work?

1. A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and
decryption process.
2. A cryptographic algorithm works in combination with a key — a word, number, or phrase — to
encrypt the plaintext. The same plaintext encrypts to different cipher text with different keys.
3. There are two types of cryptography. Public Key Cryptography and Private Key Cryptography.
4. In Public Key Cryptography the encryption key is known by the trusted parties.
5. In Private Key Cryptography, the encryption key is only known to the person who encrypted the
document first.
6. Pretty Good Privacy (PGP) and Public Key Infrastructure (PKI) are two of the well know n
desktop encryption software in use today.
Q 7. What are the hexadecimal and binary equivalents of these IP addresses?

Do yourself.

Q 8. What is firewall? Describe the functions of firewall.

Definition: A Firewall is a system which limits network access between two or more networks. Normally, 
a Firewall is deployed between a trusted, protected private network and an untrusted public network.

Functions of firewall (NOTE – give short notes on the points)

1. Restrict / allow packets to and from the computer.

2. Restrict / allow specific programs to access the internet.

3. Keep logs of specific events.

4. Detect attacks. Such as port scans.

5. Close un­necessary ports and even make them stealth to the hacker.

6. Enable the user to create custom rules and maintain them.
Q 9. What is Virtual Hosting? What are the benefits if virtual hosting?

Virtual Hosting

• A virtual host is a domain associated with a server that hosts many domains.

• Which means that, in a virtual host, more than one web sites can be hosted in a 

single machine.

Benefits of virtual hosting

1. Virtual hosts provide the ability for a single server to host many sites.

2. A single pc can possibly handle many (even 100’s) domains on a single network 

connection.

3. Each virtual site appears as if it is running from it’s own machine.

4. This allows better utilization of servers.

5. This makes administration tasks much easier.

6. Costs are reduced.
Q 10. Why do we need Security? Describe details.

Computer security is the effort to create a secure computing platform, designed so that 
agents (users or programs) can only perform actions that have been allowed. 

This involves specifying and implementing a security policy. The actions in question can 

be reduced to operations of access, modification and deletion. 

Need for computer security:

• To protect our online privacy and the privacy of our data.

• To safe­guard critical information already stored in the computer.

• To safe­guard data while in transmission over the internet. Such as important 

emails.

• Ability to safely and totally erase critical information.

• To protect our pc’s from hackers.

• To protect our pc’s from maliciously written softwares. Such as – virus, worms, 

trojans, adwares etc.
11. What is PGP? Describe the logistic weakness of PGP.

[Please do it, and upload it. Like upload this file with an incremented version number.]
Q 12. What are the main differences between windows and Linux operation system?

Main differences between windows and linux are 

1. License – Windows is a commercial product from Microsoft. Linux is a open source 

and free product copyrighted by Linus Torvalds and is released under GNU GPL2.

2. Filesystem – Windows uses the FAT, FAT32 and NTFS filesystem. Linux uses ext2, 

ext3, RAID filesystem.

3. Drive naming – Windows names each hard disk / cd­rom as C:, D:, E: etc. Linux 

names each drive as /dev/hda1, /dev/cdrom etc.

4. Security – Without using third party tools, linux is a more secure system than windows.

5. File hierarchy – Linux uses a simple file hierarchy, where every thing is mounted under 

“/” or root. In windows folders are usually seen under c: , d: or e: drive etc.

6. Naming files – In windows naming of files are not case sensitive. But, naming of files 

under linux is case sensitive.

7. Directory separation – Windows uses the back slash “\” character to separate 

directories. Linux uses forward slash “/” character.

8. POSIX – Linux is POSIX complient. Windows is not POSIX complient.

9. Vendors – There are many vendors of linux available. Such as SuSE, RedHat etc. But, 

there is only one vendor of windows, that is Microsoft.

10. Ease of use – Windows has tried always to be an easy operating system. And it is. 

Linux has always tried to be an advanced operating system. And it is so too.  
Q 13. What is web server? How do you secure a Web Server?

Definition: 

A computer that delivers (serves up) Web pages. Every Web server has an IP address and possibly a domain 

name. For example, if you enter the URL http://www.pcwebopedia.com/index.html in your browser, this 

sends a request to the server whose domain name is pcwebopedia.com. The server then fetches the page 

named index.html and sends it to your browser.

How do you secure a Web Server:

Passwords

Keep your Web server password secure, don't share it with other people (or write it 

down), and follow good password security.

Security through Obscurity

We should never think that just because our website is small that we are not going to be 

hacked. We should always be obscure about our website’s security, even be it is small.

Do not brag

It is never a good idea to brag about the security of the system, because it always presents 

a challenge to the crackers. As we know that even the us FBI site has been hacked. SO, 

we should not brag about.

Running the Server

Servers running on Unix and Linux should be run as an account with little or no access. If 

you need a Web user, then make sure that that user account has no permissions on the 

server. NEVER RUN YOUR SERVER AS ROOT.

CGI­BIN Issue

Make sure that your interpreters (programs that run your CGIs) are not stored in your cgi­

bin directory. Perl, sh, Tcl, and so on, should be in directories that are not accessible from 

the Web. 
Intrusion detection system

Make use of a Intrusion Detection System, such as SNORT or TripWire.