Q1. What is network security and why is it important?
Ans: In simple terms, network security is securing the network. Network security protects your network and data from breaches, intrusions and other threats. It is the process of taking preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction or improper disclosure. Implementing these measures allows computers, users and programs to perform their permitted critical functions within a secure environment.
Unless it’s properly secured, any network is vulnerable to malicious use and accidental damage. Hackers, disgruntled employees, or poor security practices within the organization can leave private data exposed, including trade secrets and customers’ private details.
The majority of common attacks against networks are designed to gain access to information, by spying on the communications and data of users, rather than to damage the network itself. But attackers can do more than steal data. They may be able to damage users’ devices or manipulate systems to gain physical access to facilities. This leaves the organization’s property and members at risk of harm.
Competent network security procedures keep data secure and block vulnerable systems from outside interference. This allows the network’s users to remain safe and focus on achieving the organization’s goals. More than that, it means that clients and partners can also interact with the organization confidently.
Ans: Network security tools are designed to protect the network perimeter from viruses, worms, DDoS attacks and other threats. (A network perimeter is the secured boundary between the private and locally managed side of a network, often a company's intranet, and the public facing side of a network, often the Internet).
Network security tools can be either software or hardware based and help security teams protect their organization's networks, critical infrastructure, and sensitive data from attacks. There are a variety of tools that can be used depending on the specific function security teams are looking to accomplish. These include tools such as firewalls, intrusion detection systems and network-based antivirus programs.
More sophisticated tools like packet analyzers and
network mappers are usually used to uncover vulnerabilities hackers look to
exploit in attacks like DDoS and Spear Phishing campaigns.
Q3. What is the importance of network security?
Ans: The use of the Internet has increased drastically, as we are moving even our day-to-day activities towards complete digitalization. Due to the increase in the use of the Internet, hackers and attackers also become more active and our networking system tends to have a higher number of virus attacks.
Basically, the need for
network security is to perform two tasks mainly, the first is to secure the
information from any unauthorized access and the second is to provide the
security to the data stored on PC or laptops not only for an individual network
but also on the shared or public domain networks.
Network security is one of the most important
aspects to consider when working over the internet. A stable and efficient
network security system is essential to protecting client data. A good
network security system helps business reduce the risk of falling victim of
data theft and sabotage. Network security helps protect your workstations from
harmful spyware. It also
ensures that shared data
is kept secure.
Network security ultimately protects the recognition of your
organization. With hackers increasing and becoming smarter day by day, the need
to utilize network security tools becomes more and more
important.
Ans: Network security is essential in protecting networks against data breaches given that virtually all data and applications are connected to a network. Having your network hacked can ruin your organization’s reputation and put you out of business. A good network security system helps businesses mitigate the risk of falling victim of data theft and sabotage.
Firewalls, IPS, network access control
(NAC), and security information and event management (SIEM) are the
four most essential components of network security. Others include data loss
prevention (DLP); antivirus and anti-malware software; application, web and
email security; and more.
Q5. What is network security with example?
Ans: Network security is protection of the access to files and directories in a computer network against hacking, misuse and unauthorized changes to the system. An example of network security is an anti virus system.
Q6. What are the basic concepts of network security?
Ans: Network
security is a set of rules and
configurations designed to protect the integrity, confidentiality and
accessibility of computer networks and data using both software and hardware
technologies.
Network security entails protecting
the usability, reliability, integrity, and safety of network and data.
Effective network security defeats a variety of threats from entering or
spreading on a network. The primary goals of network security are Confidentiality, Integrity, and
Availability (CIA).
Q7. What is a network security plan?
Ans: A network security plan is a strategy that defines the approach and techniques used to protect the network from unauthorized users and guards against events that can jeopardize or compromise a system’s security.
The approach
and techniques used by an organization may consist of creating security policies and procedures which
describe how an organization intends to meet the security requirements for its
systems. The governance and maintenance of the
network security plan varies from one organization to the next.
Q8. Why network security plan is is important?
Ans: Due to the growing threat of hackers continuously probing the Internet for networks to exploit, a Network Security Plan is important to protect the infrastructure from unauthorized access, misuse, destruction, or loss of corporate reputation.
Q9. What are the three
main principles of network security?
Ans: Security on a network is defined by the C-I-A principles (confidentiality,
integrity, and availability). It is possible that one of these principles is
more important than the other, depending on the application and context.
Q10. Explain the basic working of network security?
Ans:
A network security measures and
procedures, hardware and software solutions, and set of rules and standards for
network access and security. The phrase describes all the approaches to safeguarding
a network and its data from intrusions and other dangers.
Network security involves blocking
access to computer programs and networks, identifying and eliminating viruses,
protecting data through encryption, and monitoring traffic.
An effective network security plan
safeguards client data, keeps shared information secure, and ensures reliable
network access and performance. It reduces overhead expenses and safeguards organizations
from costly data breaches or other security incidents. Companies must protect
themselves from cyber threats by ensuring legitimate access to systems,
applications, and data.
Q11. What is Intrusion Prevention System in network security?
Ans: An
Intrusion Prevention System (IPS) is a network security tool (which can be a
hardware device or software)
that continuously monitors a network for malicious activity and takes action to
prevent it, including reporting, blocking, or dropping it, when it does occur.
It
is more advanced than an intrusion detection system (IDS), which simply detects
malicious activity but cannot take action against it beyond alerting an
administrator. Intrusion prevention systems are sometimes included as part of a next-generation
firewall (NGFW) or unified threat management (UTM) solution. Like many
network security technologies, they must be powerful enough to scan a high
volume of traffic without slowing down network performance.
Q12.
What is network encryption?
Ans: Network
encryption is the process of encrypting or encoding data and messages
transmitted or communicated over a computer network.
It is a broad process that includes various
tools, techniques and standards to ensure that the messages are unreadable when
in transit between two or more network nodes
Network encryption implements one or more encryption
algorithms, processes and standards to encrypt the data/message/packet sent
over the network. The encryption services are generally provided by encryption
software or through an integrated encryption algorithm on network devices
and/or in software.
Q13. What is Firewall in computer network?
Ans: A firewall is a network security device, either hardware or software-based, that can help protect your network by filtering traffic and blocking outsiders from gaining unauthorized access to the private data on your computer.
Not
only does a firewall block unwanted traffic, it can also help block malicious software from infecting
your computer. A firewall acts as a gatekeeper.
Firewalls can provide different levels of protection. A firewall establishes a barrier between secured
internal networks and outside untrusted network, such as the Internet.
Firewall monitors all incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects or drops that specific traffic.
Accept: allow the traffic
Reject: block
the traffic but reply with an “unreachable error”
Drop: block
the traffic with no reply
Q14.
What are the benefits of a firewall?
Ans:
Firewall Benefits: One of the most
obvious benefits of a firewall is the ability to control the entry point of the system
and prevent virus attacks. Firewalls serve as a first line of defense to
external threats, malware, and hackers trying to gain access to your data and
systems.
Firewalls provide protection
against outside cyber attackers by shielding your computer or network from
malicious or unnecessary network traffic. Firewalls can also prevent malicious
software from accessing a computer or network via the internet. Firewalls can
be configured to block data from certain locations (i.e., computer network
addresses), applications, or ports while allowing relevant and necessary data
through.
1. Monitors Network
Traffic
A firewall monitors all of the traffic entering your
computer network. Data coming in and out of your systems creates
opportunities for threats to compromise your operations. By monitoring and
analyzing network traffic, firewalls leverage pre established rules and filters
to keep your systems protected. With a well-trained IT team, you can manage
your levels of protection based on what you see coming in and out through your
firewall.
2. Stops Virus Attacks
Nothing can shut your digital operations down faster
and harder than a virus attack. With hundreds of thousands of new threats
developed every single day, it is vital that you put the defenses in place to
keep your systems healthy. One of the most visible benefits of firewalls is the
ability to control your system's entry points and stop virus attacks. The cost
of damage from a virus attack on your systems could be immeasurably high,
depending on the type of virus.
3. Prevents Hacking
Having a firewall keeps hackers out of your network. With
the rise of data theft and criminals holding systems hostage, firewalls have
become even more important, as they prevent hackers from gaining unauthorized
access to your data, emails, systems, and more. A firewall can stop a hacker
completely or deter them to choose an easier target.
4. Stops Spyware
In a data-driven world, a much-needed benefit is
stopping spyware from gaining access and getting into your systems.
As systems become more complex and robust, the entry points criminals can use
to gain access to your systems also increase. One of the most common ways unwanted
people gain access is by employing spyware and malware—programs designed to
infiltrate your systems, control your computers, and steal your data. Firewalls
serve as an important blockade against these malicious programs.
5. Promotes Privacy
An
overarching benefit is the promotion of privacy. By proactively working to keep
your data and your customers' data safe, you build an environment of privacy
that your clients can trust. No one likes their data stolen, especially when it
is clear that steps could have been taken to prevent the intrusion.
Additionally, upgraded data-protection systems can be
a competitive advantage and a selling point to customers and clients. The
benefit increases the more sensitive the data your company deals with.
Q15.
What is a Proxy firewall?
Ans:
A proxy firewall is the most secure form of firewall. It is a network security system that protects network resources by filtering packets at the
application layer, rather than the network or transport layers. A
proxy firewall, also known as an application firewall or a gateway firewall,
limits the applications that a network can support, which increases security
levels but can affect functionality and speed.
A proxy firewall acts as a gateway between
internal users and the internet. It can be installed on an organization's
network or on a remote server that is accessible by the internal network. It
provides security to the internal network by monitoring and blocking traffic
that is transmitted to and from the internet.
In contrast, a traditional
firewall acts as a gateway between two networks. By blocking unwanted external
traffic, a traditional firewall protects the computers and networks behind it
from unauthorized access and attacks.
Q16. What is a UTM?
Ans: UTM refers to a single security solution, and usually a single security appliance, that provides multiple security functions at a single point on the network.
Originally called Unified Threat Management (UTM), these capabilities better known as
a Next-Generation Firewall (NGFW) today, provide multiple security
features and services in a single device or service on the network. Using UTM, your network users are protected with a variety
of security functions, including antivirus, content filtering, email and web blocking,
and anti-spam, and more.
Bringing together all of an organization’s
IT security services into one device may simplify the protection of the
network. It is possible to monitor all dangers and security-related activity
with a single pane of glass through your business. You get comprehensive,
simplified access to all aspects of your security or wireless framework with
this approach.
Q17. Explain Stateful Inspection?
Ans: The stateful inspection is also referred to as dynamic packet filtering. It is a firewall technology that
monitors the state of active connections and uses the information to determine which
network packets to allow through the firewall.
Stateful inspection is a
network firewall technology used to filter data packets based on state and
context. Check Point Software Technologies developed the technique in the early
1990s to address the limitations of stateless inspection. Stateful inspection
has since emerged as an industry standard and is now one of the most common
firewall technologies in use today.
Q18.
What is a DDoS attack?
Ans: DDoS
Attack means "Distributed Denial-of-Service (DDoS) Attack". It
is a cybercrime in which the attacker floods a server with internet traffic to
prevent users from accessing connected online services and sites.
A
distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt
the normal traffic of a targeted server, service or network by overwhelming the
target or its surrounding infrastructure with a flood of Internet traffic.
The DDoS attack will send multiple requests to the attacked web resource – with
the aim of exceeding the website’s capacity to handle multiple requests… and
prevent the website from functioning correctly.
Q19.
What is Malware?
Ans: Malware
is malicious software, including any software that acts against the interest of
the user. Malware can affect not only the infected computer or device but
potentially any other device the infected device can communicate with.
Malware is any type of software created to harm
or exploit another piece of software or hardware. Short for “malicious
software,” malware is a collective term used to describe viruses, ransomware,
spyware, Trojans, and any other type of code or software built with malicious
intent.
Q20.
What is Ransomware?
Ans: Ransomware is a
type of malicious software (malware) that
threatens to publish or blocks access to data or a computer system, usually by
encrypting it, until the victim pays a ransom fee to the attacker. In many
cases, the ransom demand comes with a deadline. If the victim doesn’t pay in
time, the data is gone forever or the ransom increases.Users are shown instructions for
how to pay a fee to get the decryption key.
Ransom malware, or
ransomware prevents users from accessing their system or personal files and
demands ransom payment in order to regain access. While some people might think
"a virus locked my computer," ransomware would typically be
classified as a different form of malware than a virus. The earliest variants
of ransomware were developed in the late 1980s, and payment was to be sent via
snail mail. Today, ransomware authors order that payment be sent via
cryptocurrency or credit card, and attackers target individuals, businesses,
and organizations of all kinds. Some ransomware authors sell the service to
other cybercriminals, which is known as Ransomware-as-a-Service or
RaaS.
Q21.
What is Spyware?
Ans: Spyware is a type of malicious
software that is installed on your computer or mobile device without your knowledge
or permission. Spyware is actually one of the most common
threats on the internet today. It can easily infiltrate your
device and, because of its covert nature, it can be hard to detect.
Spyware is a type of
malware that tries to keep itself hidden while it secretly records information
and tracks your online activities on your computers or mobile devices. It can
monitor and copy everything you enter, upload, download, and store. Some strains of spyware are also capable of activating cameras and
microphones to watch and listen to you undetected.
By definition, spyware is designed to
be invisible, which can be one of its most harmful attributes — the longer it
goes undetected, the more damage it can cause. It’s like a virtual stalker that
follows you through your device usage, collecting your personal data along the
way.
Strictly speaking, there are some valid applications of spyware. For example, your employer might have a security policy that allows them to use software to monitor usage of employee computers and mobile devices. The aim of company spyware is generally either to protect proprietary information or to monitor employee productivity. Parental controls that limit device usage and block adult content are also a form of spyware.
Q22. What does spyware do?
Ans: Generally, spyware:
1. Infiltrates your device: This could happen when you visit a malicious website, unwittingly install a malicious app, or even open a file attachment.
2. Captures your data: Once the spyware is on your device, it begins to collect data, which could be anything from your web activity to screen captures or even your keystrokes.
3. Provides data to a third party: The captured data is then supplied to the spyware creator, where it is either used directly or sold to third parties.
The data collected through spyware may include things like:
- Web browsing history
- Keyboard strokes
- Email address
- Login credentials (usernames and passwords)
- Credit card details and account PINs
Q23.
What is Adware?
Ans: Adware, a term derived from "advertising-supported software"
is software that displays advertising on a computer screen or mobile device,
redirects search results to advertising websites, and collects user data for marketing purposes.
Adware is a type of malware that
displays unwanted advertisements on your computer or mobile device. Adware is
commonly installed on computers and mobile devices without the user's
knowledge. When users try to install legitimate applications, adware is often
activated. Some pop-up windows display advertisements without collecting data
or infecting your computer, but some pop-up windows are designed to target you
with customized adverts. It is possible for adware to direct you to malicious
websites and infected pages via advert links, putting you at risk of computer
viruses.
Q24. How Adware Works?
Ans: Adware, which works well with most web browsers, can track which internet sites a user visits and then present advertisements based on the types of webpages viewed. Adware, while sometimes intrusive and annoying, is usually not a threat to a computer system. It is hardly ever noticed by computer users, rarely making its presence known.
Generally speaking, adware generates revenue
in two ways: the display of advertising to a user, and a pay-per-click payment made if a
user clicks on the ad.
Q25.
What is Phishing?
Ans: Phishing is a cyber crime that leverages deceptive
emails, websites, and text messages to steal confidential personal and
corporate information. It is a type of online
fraud that involves tricking people into providing sensitive information, such
as passwords or credit card numbers, by masquerading as a trustworthy source.
Phishing can be done through email, social media or malicious websites.
Victims
are tricked into giving up personal information such as their credit card data,
phone number, mailing address, company information, etc. This information is
then used by criminals to steal the victim’s identity and commit further crimes
using this stolen identity.
Criminals who use phishing tactics are successful because they
carefully hide behind emails and websites familiar to the intended victim. For
example, the email address might
be administrator@paypal.org.com instead
of administrator@paypal.com and urge the recipient to update their account
credentials to protect them from fraud.
Q26. How does phishing work?
Ans: Phishing works by sending messages that look like they are from a legitimate company or website. The message will usually contain a link that takes the user to a fake website that looks like the real thing. The user is then asked to enter personal information, such as their credit card number. This information is then used to steal the person’s identity or to make fraudulent charges on their credit card.
Q27. What is a VPN?
Ans: A VPN (virtual private network) is a
service that creates a safe, encrypted online connection.
Internet users may use a VPN to give themselves more privacy and anonymity
online or circumvent geographic-based blocking and censorship. VPNs essentially
extend a private network across a public network, which should allow a user to
securely send and receive data across the internet.
Typically, a VPN is used
over a less secure network, such as the public internet. Internet service
providers (ISPs) normally have a rather large amount of insight into a
customer's activities. In addition, some unsecured Wi-Fi access points (APs)
may be a convenient avenue for attackers to gain access to a user's personal
data. An internet user could use a VPN to avoid these encroachments on privacy.
VPNs can be used to hide a
user's browser history, Internet Protocol (IP) address and
geographical location, web activity or devices being used. Anyone on the same
network will not be able to see what a VPN user is doing. This makes VPNs a
go-to tool for online privacy.
Q28. What is the use of a VPN? Or What are VPNs used for?
Ans: VPNs
are used for virtual privacy by both normal internet users and organizations.
Organizations can use VPNs to make sure outside users that access their data
center are authorized and using encrypted channels. VPNs can also be used to
connect to a database from the same organization located in a different area.
A VPN service can increase your
online security, anonymity, and freedom, all without having to sacrifice any of
them. It's a straightforward and quick method of doing so. When using the
internet, your device constantly sends data to other sites in order to exchange
information. A VPN creates a secure tunnel between your device (e.g. mobile or
laptop) and the web. Using a VPN, you may send data across a secure, encrypted
connection to an external server: the VPN server. From there, your information
will be delivered to its destination on the web. Securing your data and hiding
your online identity are just a few of the advantages of rerouting your
internet traffic through a VPN server.
Q29.
What is traceroute?
Ans: Traceroute,
also called tracepath or tracert, is a network tool used to
determine the path packets take from one IP address to another.
On a Windows machine, tracert is the
command; on Linux and Mac, it is traceroute. Traceroute and tracert both
function similarly; they trace the route data takes from one location in a
network to a specific IP server. Traceroute records the name and IP address of
each intermediate device that a data packet must traverse in order to reach its
destination. It then provides the round-trip time (RTT) and the device name.
You can use traceroute to determine where a problem is occurring, but it alone
can't tell you if there is one. To help you determine if there is a problem, ping can be used. Imagine that you're
trying to visit a website and pages take a long time to load. If you use
traceroute to determine where the longest delays are occurring, you can
determine where the problem is.
A traceroute procedure allows you to find out precisely how a data transmission (like a Google search) traveled from your computer to another. Essentially, the traceroute compiles a list of the computers on the network that are involved with specific Internet activity.
The traceroute identifies each computer/server on that list and the amount of time it took the data to get from one computer to the next. If there was a hiccup or interruption in the transfer of data, the traceroute will show where along the chain the problem occurred. Performing a traceroute also has a very practical use: If someone is having difficulty accessing a particular website or computer, performing a traceroute can help find out where the problem is occurring along the network.
Q30. What is Port Scanning?
Ans: A port scan is a method for discovering which ports are open on a machine or network. To test whether someone is at home before knocking on the door, you could port scan the system or network. It reveals which ports are open and accepting information, as well as shows if firewalls are installed between the source and target. Fingerprinting is the term used to describe this technique. As a result, it can also be an ideal reconnaissance tool for attackers seeking to discover a network’s weakest point of entry. It is also used to test network security and the firewall's strength. Port scanning is a standard technique employed by hackers to discover open doors or weak spots in a network. A port scan attack may help cyber criminals discover available ports and determine whether they are sending or receiving data. It may also reveal whether security systems like firewalls are being used by a company. When hackers contact a port, the response they receive determines whether the port is being used and whether potential vulnerabilities exist. A business may also scan ports using this technique and analyze the response for potential vulnerabilities. They may then employ tools like IP scanner, network scanner (Nmap), and Netcat to ensure the security of their network and systems.
Q31.
What is port blocking within LAN?
Ans: An
Internet Service Provider (ISP) blocks Internet traffic by using the port
number and transfer protocol. Blocking certain types of ports within a local
area network is known as port blocking. Blocking ports on plug-and-play devices
such as USB flash drives, removable devices, CD/DVD/CD-ROM, floppy, and mobile
devices like smartphones is among the reasons for port blocking.
Suppose your network has DHCP
service enabled. When a user connects their laptop to your device, they can
obtain your IP address from the DHCP and gain access to your network resources.
This is why you should turn on port security if you can to prevent ports from
conflicting with MAC addresses and allowing anonymous users to obtain an IP
address.
Q32.
What is a Botnet?
Ans: A botnet
is a group of computers that has been taken over by a bot, or a
robot-controlled computer network. Multi-layered computer schemes are often
used to infiltrate and assemble a botnet. Massive data theft, server crashes,
and malware distribution are just a few of the automated tasks that bots are
capable of completing.
A botnet is a group of infected
devices used to scam other users or cause disruptions without the victims’
consent. The “what is a botnet attack and how does it work?” query is
appropriate here. To assist you in understanding how botnets are created and
employed, we'll demonstrate how they're made.
Q33.
What is secure remote access?
Ans: A secure
remote access process or solution may include security procedures such as VPN,
multifactor authentication, and endpoint protection, among others. It is
designed to keep crooks away from an organisation's digital assets and
safeguard sensitive information. Remote access may be protected via VPN,
multifactor authentication, or endpoint protection.
Today's IT environment, which is
facing a rapidly changing threat landscape and the growing number of remote
workers as a result of the Covid pandemic, demands secure remote access. In
order to succeed, users must be educated, strong cybersecurity policies must be
implemented, and best security hygiene practices must be developed.
Q34. What Is a
Network Attack?
Ans: A network attack is an attempt to gain unauthorized access to an organization’s network, with the objective of stealing data or perform other malicious activity. There are two main types of network attacks:
- Passive: Attackers gain access to a network and can monitor or steal sensitive information, but without making any change to the data, leaving it intact.
- Active: Attackers not only gain unauthorized access but also modify data, either deleting, encrypting or otherwise harming it.
Q35. How Does Network Security
Work?
Ans: Network
security integrates multiple layers of defenses in the network and at the
network. Each network security layer implements policies and controls. Access
to networks is gained by authorized users, whereas malicious actors are indeed
blocked from executing threats and exploits.
Q36. Why Network
Security?
Ans: Most
organizations today greatly rely on computer networks to share information in
an efficient and productive manner within the defined network. Organizational
computer networks these days are very large, assuming that each staff member
has a dedicated workstation. A large-scale company would have thousands of
workstations and servers on the network.
It is likely that
these workstations may not be centrally managed, or would they have proper
protection parameters. Organizations may have a variety of operating systems,
hardware, software, and protocols with different levels of cyber awareness among
users.
Imagine these
thousands of workstations on company networks are directly connected to the
Internet. This sort of unsecured Network becomes a target for an attack that
holds sensitive information and valuable data. Network Security helps to
resolve such issues.
Q37. What makes network
security so important?
Ans: Here’s why both businesses and households should consider the security of their networks seriously:
To protect the computers in the network:
Computers and other devices connected to unsecured networks are highly vulnerable to external threats such as malware, ransomware and spyware attacks. A single attack can bring down the entire computer system of an organization and compromise your personal information. By assuring the security of the network – typically with the assistance of a network security specialist – you can stay away from such expensive threats.
To prevent identity theft:
No matter whether you are an organization or an individual, your identity is valuable. If you log into an unsecured network, your identity can become visible to third-parties. To avoid such a situation, you should secure your network. Such an approach becomes mandatory if you are a business that deals with client information.
To protect shared data:
When
it comes to a business, special precautions should be taken to protect shared
data. And, network security is one of the best ways to do so. Network security
can be applied with different restrictions on different computers depending on
the types of files they handle.
To stabilize the network connection:
In
an unrestricted, unprotected network, network activity can become too heavy.
Intense traffic can lead to an unstable computer network. Eventually, the
entire network will become vulnerable to various external attacks.
Q38. What is the difference between symmetric and
asymmetric cryptography?
With
asymmetric crypto, two different keys are used for encryption and decryption.
Every user in an asymmetric cryptosystem has both a public key and a private
key. The private key is kept secret at all times, but the public key may be
freely distributed.
Data
encrypted with a public key may only be decrypted with the corresponding
private key. So, sending a message to John requires encrypting that message
with John’s public key. Only John can decrypt the message, as only John has his
private key. Any data encrypted with a private key can only be decrypted with
the corresponding public key. Similarly, Jane could digitally sign a message
with her private key, and anyone with Jane’s public key could decrypt the
signed message and verify that it was in fact Jane who sent it.
Symmetric
is generally very fast and ideal for encrypting large amounts of data (e.g., an
entire disk partition or database). Asymmetric is much slower and can only
encrypt pieces of data that are smaller than the key size (typically 2048 bits
or smaller). Thus, asymmetric crypto is generally used to encrypt symmetric
encryption keys which are then used to encrypt much larger blocks of data. For
digital signatures, asymmetric crypto is generally used to encrypt the hashes
of messages rather than entire messages.
Q39. What problems does cryptography solve?
Ans: A secure system should provide several assurances such as
confidentiality, integrity, and availability of data as well as authenticity
and non-repudiation. When used correctly, crypto helps to provide these
assurances. Cryptography can ensure the confidentiality and integrity of both
data in transit as well as data at rest. It can also authenticate senders and
recipients to one another and protect against repudiation.
Software systems
often have multiple endpoints, typically multiple clients, and one or more
back-end servers. These client/server communications take place over networks
that cannot be trusted. Communication occurs over open, public networks such as
the Internet, or private networks which may be compromised by external
attackers or malicious insiders.
It can protect
communications that traverse untrusted networks. There are two main types of
attacks that an adversary may attempt to carry out on a network. Passive
attacks involve an attacker simply listening on a network segment and
attempting to read sensitive information as it travels. Passive attacks may be
online (in which an attacker reads traffic in real-time) or offline (in which
an attacker simply captures traffic in real-time and views it later—perhaps
after spending some time decrypting it). Active attacks involve an attacker
impersonating a client or server, intercepting communications in transit, and
viewing and/or modifying the contents before passing them on to their intended
destination (or dropping them entirely).
The
confidentiality and integrity protections offered by cryptographic protocols
such as SSL/TLS can protect communications from malicious eavesdropping and
tampering. Authenticity protections provide assurance that users are actually
communicating with the systems as intended.
It can also be used to protect data at rest. Data on a removable
disk or in a database can be encrypted to prevent disclosure of sensitive data
should the physical media be lost or stolen. In addition, it can also
provide integrity protection of data at rest to detect malicious tampering.
0 Comments
if you have any doubts plz let me know...