IIS EXAM

Q 1. Define the following types of attacks –

1. Trap doors, 2. Logic bombs, 3. Trojan horse, 4. Virus, 5. Worm

1. Trapdoors:
In computing terms a trapdoor specifies a hidden entry into a system. This hidden
door then can be used to gain access to the compromised system without the
knowledge of the concerned party.
A trapdoor in a login system might take the form of a hard coded user and
password combination which gives access to the system.

Using a typical trapdoor, someone can:

• Gain access without anyone knowing,
• Remain hidden from casual oversight.

2. Logic bombs:
A logic bomb is a piece of code that is inserted into a computer program to do
something that was originally not the purpose of that software.
Logic bombs may reside within standard computer programs or it maybe included as
part of a payload in malicious software. Such as viruses, worms etc.

An example of a logic bomb could be a specific program stops working after a

specific date.
There are different types of logic bombs. Such as
Time bombs:
In a time bomb attack, malicious codes are inserted into a program. The aim is to do
damage on a specific date or time.
Arbitrary code execution:
Malicious coding can also be used to allow arbitrary code to be executed. Say for
example, if a specific condition is meeting, a piece of damaging code could be
executed to harm the machine.

1
3. Trojan Horse:
A Trojan horse is a computer program or part of a computer program, which hides its
original activities and pretends to be doing something else. A Trojan horse does not
spread by itself. Rather, the victim has to be tricked into executing it in his/her
computer. In some cases, a Trojan horse can be manually installed in a specific
computer.
Methods of Infection:
The program may have come to the user through an unsuspecting email claiming to
be an important document, a very attractive picture or screen saver or some thing
of interest to the user. Sometimes, the user can be infected by a trojan simply by
visiting a malicious website.
Some well-known Trojan horses are -
Back Orifice, Back Orifice 2000, Beast Trojan, Net Bus, and Sub Seven.

4. Virus:
In the arena of computer security, a virus is a computer program that spreads by
inserting copies of itself into other programs.
Most viruses are written with the intent of causing harm. There are also some viruses
whose aim is to just cause irritation on the part of the user.

Different types of viruses:

• Resident Viruses:

These types of viruses tries to keep themselves in computer memory from the
moment they are able too load themselves in main memory.

• Non-resident Viruses:

This virus doesn’t stay resident in memory.

• Boot sector viruses:

These types of viruses infect the hard disk partition table.

5. Worm:
Computer worm is a self-replicating computer program similar to a computer virus.
A virus attaches itself to, and becomes part of, another executable program;
however, a worm is self-contained and does not need to be part of another program
to propagate itself.
They are often designed to exploit the file transmission capabilities found on many

2
computers. The main difference between a computer virus and a worm is that a virus
cannot propagate by itself whereas worms can.
A worm uses a network to send copies of it to other systems and it does so without
any intervention. In general, worms harm the network and consume bandwidth,
whereas viruses infect or corrupt files on a targeted computer.

Q 2. Prepare a checklist for the following level of network security

skills –
a. User level, b. Network Administrator level, c. Software development
level

User level skills:

1. Uses a personal firewall such as zone alarm or kerio personal firewall.
2. Uses a personal virus scanner such as Avg Free or Norton Antivirus.
3. Always scans attachments for viruses.
4. Uses precaution when opening attachments from unknown senders.
5. Keeps the installed software’s updated.
6. Scans removable media for viruses before using them.
7. Scans hard drive for viruses in a regular manner using updated virus signatures.

Network administrator skills:

1. Keeps the network hardware working smoothly and updates the inbuilt firmware if
a flaw in found.
2. Keeps an eye on the types of software’s used on the network.
3. Prevents compromised computers from communicating through the network until
they are fixed.
4. Looks out for common software security misconfiguration(s).
5. Most importantly, maintains the network security policy approved by higher
management. If no such management exists then creates and maintains a security
policy by himself.
6. Able to handle network security crisis.

3
Software development level skills:
1. Uses updated/required network communication protocols to write (network
related) software’s.
2. If necessary uses encryption for communication in the required software’s.
3. Makes the management of the programs as documented as possible.
4. Always looks out for bugs and tries to fix them.
5. Makes solutions necessary to meet the network security needs/demands.

Q 3. Describe about Linux file system:

The Linux file system is quite different from the windows file system.

1. Linux uses the ext3 (previously ext2, ext) file system to format its parti-
tions.

2. There is only a single hierarchal directory structure. Everything starts

from the root directory, represented by '/'

3. under Windows, the various partitions are detected at boot and assigned
a drive letter. Under Linux, unless you mount a partition or a device, the
system does not know of the existence of that partition or device.

4. Linux uses the forward slash “/” symbol to differentiate between direct-
ories.

5. Linux is also case sensitive.

6. The root directory of generic Linux distributions contain the following dir-
ectories

4
bin/ dev/ home/ lost+found/ proc/ sbin/ usr/
boot/ etc / lib/ mnt / root/ tmp/ var/

/sbin - This directory contains all the binaries that are essential to the
working of the system.

/bin - In contrast to /sbin, the bin directory contains several useful

commands that are used by both the system administrator as well as
non-privileged users.

/usr/bin, which contains other user binaries. These binaries

on the other hand are not essential for the user.

/boot - This directory contains the system. Map file as well as the Linux
kernel.

/dev – This directory lists the different components available to the system.

/etc - This directory contains all the configuration files for your system.

/home – Contains the user specific directories.

/lib - This contains all the shared libraries that are required by system
programs.

/lost+found – After a system crash, fsck or e2fsck runs and checks the
whole system for file system corruption. If any recoverable files are found,
they are place in this directory.

/mnt – Generic mount point for different partitions, cdroms etc.

/opt - This directory contains all the software and add-on packages that
are not part of the default installation.

/root – Home folder of the system administrator.

/tmp – Temporary files folder.

/usr - This is one of the most important directories in the system as it

contains all the user binaries. X and its supporting libraries can be
found here. User programs like telnet, ftp etc are also placed here.

And there are more important directories under Linux.

5
Q 4. Describe the functions of a packet analyzer like Ethereal:

Functions

Ethereal is still technically beta software, but it has a comprehensive feature set and
is suitable for production use. Here is the list of features, current as of version
0.9.14, in no particular order:

• Data can be captured "off the wire" from a live network connection, or read from
a capture file.
• Ethereal can read capture files from tcpdump (libpcap), Sniffer™ Pro, Microsoft's
Network Monitor, Novell's LAN analyzer, Cisco Secure IDS iplog, the pppd log
(pppdump-format).
• Live data can be read from Ethernet, FDDI, PPP, Token-Ring, IEEE 802.11, and
Classical IP over ATM, and loop back interfaces (at least on some platforms; not
all of those types are supported on all platforms).
• Captured network data can be browsed via a GUI, or via the TTY-mode "ethereal"
program.
• Capture files can be programmatically edited or converted via command-line
switches to the "edit cap" program.
• 759 protocols can currently be dissected:

Q 5. Write a report on five common settings and activities taking place

on internet enabled computers that make them vulnerable:

The common settings & activities that make the Internet enabled computers
vulnerable:

1. Internet Explorer: Microsoft Internet Explorer is the most popular browser used
for web surfing and is installed by default on each Windows system. Internet Ex-
plorer contains multiple vulnerabilities that can lead to memory corruption, spoof-
ing and execution of arbitrary scripts.

2. Microsoft Office and Outlook Express:

The attacker sends the malicious Office document in an email message. Viruses can
exploit this attack factor if the user opens and saves this message into his folder
without verifying the sender.

6
3. Windows Libraries:
Windows applications leverage a large number of system libraries often packaged in
DLL files. The reasons of vulnerabilities in windows libraries: Windows System may
not have all the latest security patches installed.

4. Windows Services:
The family of Windows Operating systems supports a wide variety of services,
networking methods and technologies. Vulnerabilities in these services that
implement these Operating System functionalities are one of the most common
avenues for exploitation.

5. File Sharing Applications:

Peer-to-Peer File Sharing Programs (P2P) is used by a rapidly growing user base.
Some P2P program may have backdoors or bugs that could allow attacks through it.

6. Instant Messaging Applications:

Messages sent through IM application are usually sent unencrypted. So, if we send
our credit card number through it, the number could easily be read by a third party.

Q 6. What is encryption? Describe how the encryption technology is

being used to maintain integrity and privacy of the contents:
Encryption:
Any procedure used in cryptography to convert plaintext into cipher text in order to
prevent anyone except the intended recipient from reading that data. There are
many types of data encryption, and they are the basis of network security. Common
types include Data Encryption Standard and public-key encryption.

How encryption technology is being used to maintain integrity and

privacy of the contents:

1. To maintain the integrity of the contents:

To ensure integrity, the sender of a message uses a hash function, a mathematical

7
algorithm that creates a unique summary of a message known as a message digest
and transmits it along with the message. When the recipient decrypts the message,
he uses the same hash function (the details of hash functions are generally not
secret) to create his own version of the message digest and then compares it to the
digest transmitted with the message. If the two digests match, the recipient knows
that the integrity of the message is preserved. If the digests differ, something altered
the message along the way. (This alteration could be the result of intentional
mischief or happenstance, such as electrical interference, faulty networking
equipment or similar failures.)

2. To maintain privacy of the contents:

To ensure that no one can forge our electronic signature, in encryption technology
digital signatures make use of public key techniques, using algorithms such as DSA
and RSA (the latter being the most common implementation).

Suppose Alice now wishes to send a signed message to Bob using RSA. She uses a
“hash function” to create a uniquely concise version of the original text - known as a
“message digest” - which serves as a very much smaller "digital fingerprint" of the
message. As with general encryption, there are several secure hash functions
available such as Message Digest 5 (MD-5) or Secure Hash Algorithm (SHA-1). After
a couple of potential weaknesses were discovered with MD5, SHA-1 has become the
preferred method.

Q 7. What are the hexadecimal and binary equivalents of these IP addresses?

Q 8. What is firewall? Describe the functions of firewall:

Firewall:
A firewall is a set of related programs, located at a network gateway server that
protects the resources of a private network from users from other networks. (The
term also implies the security policy that is used with the programs.) An enterprise
with an intranet that allows its workers access to the wider Internet installs a firewall
to prevent outsiders from accessing its own private data resources and for controlling

8
what outside resources its own users have access to.

Functions of firewall (NOTE – give short notes on the points)

1. Restrict / allow packets to and from the computer.
2. Restrict / allow specific programs to access the internet.
3. Keep logs of specific events.
4. Detect attacks. Such as port scans.
5. Close un-necessary ports and even make them stealth to the hacker.
6. Enable the user to create custom rules and maintain them.
Or…

The functions of a firewall:

• A firewall ensures that all communications attempting to cross from one net-
work to the other meet an organization’s security policy.

• Firewalls track and control communications, deciding whether to allow, reject

or encrypt communications.

• In addition to protecting trusted networks from the internet, firewalls are in-
creasingly being deployed to protect sensitive portions of local area networks
and individual PC’s.

Q 9. What is Virtual Hosting? What are the benefits if virtual hosting:

Virtual Hosting:
A virtual host is a domain associated with a server that hosts many domains. Each
domain is given space on the server. A virtual host is either name-based or IP based.
Name based virtual server requires only a domain name. An IP based virtual host
has its own dedicated IP address.
Which means that, in a virtual host, more than one web site can be hosted in a
single machine.
Benefits of virtual hosting:
1. Virtual hosts provide the ability for a single server to host many sites.

2. A single pc can possibly handle many (even 100’s) domains on a single network
connection.

3. Each virtual site appears as if it is running from its own machine.

4. This allows better utilization of servers.
5. This makes administration tasks much easier.
6. Costs are reduced.

9
10
Q 10. Why do we need Security? Describe details:
Computer security is the effort to create a secure computing platform, designed so
that agents (users or programs) can only perform actions that have been allowed.

This involves specifying and implementing a security policy. The actions in question
can be reduced to operations of access, modification and deletion.

Need for computer security:

• To protect our online privacy and the privacy of our data.
• To safe-guard critical information already stored in the computer.
• To safe-guard data while in transmission over the internet. Such as important
emails.
• Ability to safely and totally erase critical information.
• To protect our pc’s from hackers.

• To protect our pc’s from maliciously written software’s. Such as – virus, worms,
Trojans, adwares etc.

11. What is PGP? Describe the logistic weakness of PGP.

Pretty Good Privacy (PGP):
Pretty Good Privacy (PGP) is a computer program which provides cryptographic
privacy and authentication. The first released version of PGP, by designer and
developer Phil Zimmermann, became available in 1991. Subsequent versions have
been developed by Zimmermann and others.
PGP has been sufficiently influential that its operating protocols and data formats
have been standardized for interoperability among different versions of PGP and
related software. Eventually, the PGP design was adopted as an Internet standards-
track specification known as Open PGP.
Logistic weakness of PGP:

• Key Validity Vulnerability:

A PGP key may have more than one user ID and thus be used for more than
one E-mail address (or other identifier). It is possible for an "attacker" to add
a false user ID to a legitimate public key. If that user ID is not signed by the
key's owner, the key itself will appear valid if the owner signed at least one
user ID and another PGP user then adds the key to his public keying and

11
 signs it (or updates it after signing the key before the attack). As a
consequence, the unsuspecting user might encrypt a message and send it to
the attacker (to the spurious user ID) when the intended recipient is the key's
owner. however, the message does not reach the intended recipient. Thus, the
attacker uses this vulnerability to disrupt secure communication between two
PGP users.

• Buffer Overflow in PGP:

The attempt to decrypt an encrypted file with a very large file name can cause
a buffer overflow in PGP itself. An intentional use of this error can result in the
execution of hostile code.

• Source Code Open:

The PGP Corporation makes its source code available for public inspection to
prove that no backdoor exists. Anyone can take that source code, compile it,
and compare the resulting version of PGP with the latest downloaded version
of PGP. The PGP Corporation (and NAI before it) would have no market for its
product if a backdoor existed.

Q 12. What are the main differences between windows and Linux operation
system?
Main differences between windows and Linux are:
1. License – Windows is a commercial product from Microsoft. Linux is a open
source and free product copyrighted by Linus Torvalds and is released under GNU
GPL2.

2. File system – Windows uses the FAT, FAT32 and NTFS file system. Linux uses
ext2, ext3, RAID file system.

3. Drive naming – Windows names each hard disk / cd-rom as C:, D:, E: etc. Linux
names each drive as /dev/hda1, /dev/cdrom etc.

4. Security – Without using third party tools, Linux is a more secure system than
windows.

12
5. File hierarchy – Linux uses a simple file hierarchy, where every thing is mounted
under “/” or root. In windows folders are usually seen under c:, d: or e: drive etc.
6. Naming files – In windows naming of files are not case sensitive. But, naming of
files under Linux is case sensitive.

7. Directory separation – Windows uses the back slash “\” character to separate
directories. Linux uses forward slash “/” character.

8. POSIX – Linux is POSIX compliant. Windows is not POSIX compliant.

9. Vendors – There are many vendors of Linux available. Such as SuSE, Red Hat
etc. But, there is only one vendor of windows that is Microsoft.

10. Ease of use – Windows has tried always to be an easy operating system. And it
is. Linux has always tried to be an advanced operating system. And it is so too.

Q 13. What is web server? How do you secure a Web Server?

Definition:
A web server serves web pages to clients across the Internet or an Intranet. The web
server hosts the pages, scripts, programs, and multimedia files and serves them
using HTTP, a protocol designed to send files to web browsers and other protocols.
After an HTTP server receives a request, it attempts to process the request. If a
document is requested, the web server will attempt to find the document and return
it. If the resource requested can not be located or if there is something wrong with
the request itself, the server generates an error.

The most common web server is Apache (available for all major operating systems)
though IIS (Internet Information Server - available on the Windows Platform) is a
fast growing web server.

How do you secure a Web Server:

1. Passwords:
Keep your Web server password secure, don't share it with other people (or
write it down), and follow good password security.

2. Security through Obscurity:

13
 We should never think that just because our website is small that we are not
going to be hacked. We should always be obscure about our website’s
security, even be it is small.

3. Do not brag:
It is never a good idea to brag about the security of the system, because it
always presents a challenge to the crackers. As we know that even the us FBI
site has been hacked. SO, we should not brag about.

4. Running the Server

Servers running on UNIX and Linux should be run as an account with little or
no access. If you need a Web user, then make sure that that user account has
no permissions on the server. NEVER RUN YOUR SERVER AS ROOT.

5. CGI-BIN Issue:
Make sure that your interpreters (programs that run your CGIs) are not
stored in your cgi-bin directory. Perl, sh, Tcl, and so on, should be in
directories that are not accessible from the Web.

6. Intrusion detection system:

Make use of an Intrusion Detection System, such as SNORT or Tripwire.

-------------------END------------------

14
15