Presentation

on
Network And Information Security
(22620)
By

Ms.Pritee H. Raut
(Assistance Professor)

COMPUTER ENGINEERING DEPARTMENT

G. H. RAISONI POLYTECHNIC,NAGPUR
 UNIT-1

Introduction To Computer And Information Security

(MARKS-14)
 Define Computer Security
 Computer security deals with the prevention and detection of unauthorized action by user of a
computer system.

NEED OF COMPUTER SECURITY

1. To Protect Personal Information

2. To Protect Organization Properties
3. To Prevention From Data Theft
4. To Prevent From Viruses And Malware
 SECURITY BASICS(4m)
 Confidentiality:
The degree of confidentiality determines the secrecy of the information. The principle specifies that only the
sender and receiver will be able to access the information shared between them. Confidentiality compromises
if an unauthorized person is able to access a message. For example, let us consider sender A wants to share
some confidential information with receiver B and the information gets intercepted by the attacker C. Now
the confidential information is in the hands of an intruder C.
 Authentication:
Authentication is the mechanism to identify the user or system or the entity. It ensures the identity of the
person trying to access the information. The authentication is mostly secured by using username and
password. The authorized person whose identity is preregistered can prove his/her identity and can access the
sensitive information.
 Integrity:
Integrity gives the assurance that the information received is exact and accurate. If the content of the message
is changed after the sender sends it but before reaching the intended receiver, then it is said that the integrity
of the message is lost.
 Non-Repudiation:
Non-repudiation is a mechanism that prevents the denial of the message content sent through a network. In some
cases the sender sends the message and later denies it. But the non-repudiation does not allow the sender to refuse
the receiver.

 Availability:
The principle of availability states that the resources will be available to authorize party at all times. Information
will not be useful if it is not available to be accessed. Systems should have sufficient availability of information to
satisfy the user request.
 Risk And Thread Analysis
What’s an asset?

 An asset is any data, device or other component of an organisation’s systems that is

valuable – often because it contains sensitive data or can be used to access such
information.
 For example, an employee’s desktop computer, laptop or company phone would be
considered an asset, as would applications on those devices. Likewise, critical
infrastructure, such as servers and support systems, are assets.
 What’s a threat?(2m)
 A threat is any incident that could negatively affect an asset – for example, if it’s lost,
knocked offline or accessed by an unauthorized party.
 Threats can be categorized as circumstances that compromise the confidentiality, integrity
or availability of an asset, and can either be intentional or accidental.

There are three main types of threats:

1. Natural threats, such as floods, hurricanes, or tornadoes
2. Unintentional threats, like an employee mistakenly accessing the wrong information
3. Intentional threats, such as spyware, malware, adware companies.
 What’s a vulnerability?(2m)
 A vulnerability is an organizational flaw that can be exploited by a threat to destroy,
damage or compromise an asset.
 You are most likely to encounter a vulnerability in your software, due to their complexity
and the frequency with which they are updated. These weaknesses, known as bugs, can be
used by criminal hackers to access to sensitive information.
 Vulnerabilities don’t only refer to technological flaws, though. They can be physical
weaknesses, such as a broken lock that lets unauthorized parties into a restricted part of
your premises, or poorly written (or non-existent) processes that could lead to employees
exposing information.
 What is risk?(2m)
Risk is defined as the potential for loss or damage when a threat exploits a vulnerability. Examples of risk
include:
 Financial losses
 Loss of privacy
 Damage to your reputation
 Legal implications
 Even loss of life
Risk can also be defined as:

Risk = Threat x Vulnerability

 countermeasure

 In computer security a countermeasure is an action, device, procedure, or technique that reduces a threat,
a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by
discovering and reporting it so that corrective action can be taken.
 What is viruse?

 A virus is a computer code or program, which is capable of affecting your computer data badly by corrupting
or destroying them.

 Computer virus has the tendency to make its duplicate copies , and also spread it across every folder and
damage the data of your computer system.

 A computer virus is actually a malicious software program or "malware" that, when infecting your system,
replicates itself by modifying other computer programs and inserting its own code.
 Types of Virus
1. Boot Sector Virus
2. Parasitic Virus
3. Memory Resident Virus
4. Nom-Resident Virus
5. Stealth virus
6. Micro virus
7. Polymorphic Virus
8. Companion virus
9. Email virus
10. Metamorphic virus
11. Overwrite Virus
Boot Sector Viruses

This type of viruses has ability to hide in boot sector. The viruses will load into memory when
there is booting system and trying to read from hard disk. Boot sector viruses are more spread
since old time when floppy disk was popular. But now we hardly seen them since many of
them only can spread through floppy disk.

Companion Viruse
Companion Viruses is create a new program instead of modifying an existing file

Macro Virus
These viruses are not executable, it affect Microsoft word like documents. They can spread
through email.
Parasitic Virus

it attached itself to executable code and replicates itself. When the infected code is executed, it will find other
executable code or program to infect

Resident Viruses
Resident Viruses or known as Memory Resident Viruses is malicious module. The viruses can replicate module and installing
malicious code into computer memory (RAM). The viruses are commonly classified into two main categories: Fast Infectors
and Slow Infectors.
Nonresident Viruses
This type of virus executes itself and terminated or destroyed after specific time

Polymorphic Viruses:
Polymorphic Virus is similar to encrypted viruses; polymorphic viruses encrypt their codes and use different encryption keys
every time. Some polymorphic viruses are hardly to detect by antivirus software using virus signature based, because it do not
remain any identical after replication.
A particularly infamous polymorphic backdoor trojan – the Storm Worm discovered in 2007 – could alter its identity every 10 to
30 minutes. The speed of the change made it a headache for cyber-security experts trying to stamp out the threat.
Example: Pseudonym, 1260
 Stealth Viruses

Stealth Viruses is some sort of viruses which has ability to hide itself from some antivirus software programs.
Therefore, some antivirus program cannot detect them.

Metamorphic virus
This type of virus keeps rewrite itself every time . It may change their behavior as well as appearance code.

Email virus
Virus gets executed when email attachment is open by recipient . Virus sends itself to everyone on the mailing list of sender

Overwriting Virus
an overwrite virus is a computer virus that overwrites a file with its own code, helping spread the virus to other files and
computers. An overwrite virus deletes user data - documents, pictures, videos etc ..in such a way that they cannot be
recovered.
 Phases of virus/Lifecycle (6m)
 What are typical phases of operation of a virus or worm?
 Dormant phase: The virus is idle. but during this stage, the virus does not take any action. The virus will
eventually be activated by some event
 Propagation stage: The virus places an identical copy of itself into other programs or into certain system
areas on the disk. Each infected program will now contain a clone of the virus, which will itself enter a
propagation phase.
 Triggering phase: The virus is activated to perform the function for which it was intended. condition may
be a particular date, time, size on disk exceeding a threshold, or opening a specific file.

 Execution phase: The function is performed . It can be destructive such as deleting files on disk, crashing the
system, or corrupting files.
 What is worm
 A computer worm is a type of malware that spreads copies of itself from computer to computer.
A worm can replicate itself without any human interaction, and it does not need to attach itself to a
software program in order to cause damage
 It usually doesn’t target files on an individual computer. Instead, it takes on entire networks in an
attempt to create large botnets.
 A worm makes multiple copies of itself which then spread across the network or through
an internet connection. These copies will infect any inadequately protected computers and servers that
connect—via the network or internet
 virus Worms
A Virus is a malicious executable code attached to A Worm is a form of malware that replicates itself
another executable file which can be harmful or and can spread to different computers via
can modify or delete data. Network.

The main objective of virus is to modify the The main objective of worms to eat the system
information. resources.

It needs human action to replicate.. It does not needs human action to replicate.

It is more harmful. It is less harmful as compared.

Antivirus software are used for protection against Worms can be detected and removed by the
viruses. Antivirus and firewall.

Its spreading speed is slower as compared. Its spreading speed is faster

 What is Trojan Horse
 Trojan horse is a malware that hides itself within another program like games or documents and
harms the system. As it is masked within another program that appears harmless, the user is not
aware of the threat.
 After it executes, this allows cyber criminals to perform many actions on the user’s computer like
deleting data from files, modifying data from files, and more.

 Trojans can be found in MP3 songs that the user may have downloaded, or downloading games
from an unsecured website, or the advertisement that pops up when the user is browsing the page.
Some features of the Trojan horse are as follows :
 It steals information like a password and more.
 It can be used to allow remote access to a computer.
 It can be used to delete data and more on the user’s computers.
How to prevent this virus:

The most basic prevention method: –

• Do not download anything like the images, audios from an unsecured website.
• Do not click on the ads that pop up on the page with some advertisements for online games.
• Do not open any attachment that has been sent from an unknown use.

The most common method:

The user has to install the anti-virus program. This anti-virus program has the capacity to detect those files which are
affected by a virus.
Intruders: (4m)
An Intruder is a person who attempts to gain unauthorized access to a system, to damage that system, or to disturb data on that system. In
summary, this person attempts to violate Security by interfering with system Availability, data Integrity or data Confidentiality.

Three main classes of intruders:

i. Masquerader:

An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account

ii. Misfeasor:

A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but
misuses his or her privileges
LegitImate user with no permission to access permission

iii. Clandestine user:

They try to steal and use the credentials of their supervisor

The masquerader is likely to be an outsider; the misfeasor generally is an insider; and

the clandestine user can be either an outsider or an insider.
Insiders :(4m)

An Insider threat is a malicious threat to an organization that comes from people within the organization, such as
employees, former employees, contractors or business associates, who have inside information concerning the
organization's security practices, data and computer systems.

For example, a software engineer might have database access to customer information and will steal it to sell to
a competitor. This activity would be difficult to detect since the software engineer has legitimate access to the
database.
Types of Attack(4 or 6m)
Active attacks:

An Active attack attempts to alter system resources or effect their operations. Active attack involve some
modification of the data stream or creation of false statement.

Types of active attack

1. Masquerade
2. Modification of messages
3. Repudiation
4. Replay
5. DOS
 Masquerade –
 Masquerade attack takes place when one entity pretends to be different entity. A
Masquerade attack involves one of the other form of active attacks.
 Modification of messages
It means that some portion of a message is altered or that message is delayed or reordered to
produce an unauthorised effect. For example, a message meaning “Allow JOHN to read
confidential file X” is modified as “Allow Smith to read confidential file X”.
 Repudiation
 This attack is done by either sender or receiver. The sender or receiver can deny later that
he/she has send or receive a message. For example, customer ask his Bank “To transfer an
amount to someone” and later on the sender(customer) deny that he had made such a
request. This is repudiation.
 Replay
 It involves the passive capture of a message and its subsequent the transmission to
produce an authorized effect. Replay Attack is a type of security attack to the data sent
over a network.
In this attack, the hacker or any person with unauthorized access, captures the traffic and
sends communication to its original destination, acting as the original sender. The
receiver feels that it is an authenticated message but it is actually the message sent by the
attacker. The main feature of the Replay Attack is that the client would receive the
message twice, hence the name, Replay Attack.
Example:-

Suppose Alice wants to request Bob to transfer $100 from his account to hers. Alice will send
an authentic message to Bob to make this request. Since Bob trusts Alice, he transfers her the
amount. Unfortunately, Alice’s initial transfer request was intercepted by an attacker who
resends the message to Bob. Bob sees a message he thinks is from Alice, so he again transfers
the required amount. However, this time the money is transferred to the attacker instead of
Alice. This is one example of how replay attacks can be used to meet an attacker’s malicious
intent.
 Denial of Service
 It prevents normal use of communication facilities. This attack may have a specific target.
For example, an entity may suppress all messages directed to a particular destination.
Another form of service denial is the disruption of an entire network by disabling the
network or by overloading it by messages so as to degrade performance.
Passive attacks:
A Passive attack are those, where attacker aims to obtain information that is in transit. In passive attack,
attacker does not involve any modification to the content of original message. So, passive attack are4 hard
to detect

Passive Attacks are in the nature of eavesdropping on or monitoring of transmission. The goal of the
opponent is to obtain information is being transmitted.

Types of Passive

1. The release of message content

2. Traffic analysis
 The release of message content
 Telephonic conversation, an electronic mail message or a transferred file may contain
sensitive or confidential information. We would like to prevent an opponent from
learning the contents of these transmissions.
Traffic analysis
 Suppose that we had a way of masking (encryption) of information, so that the attacker
even if captured the message could not extract any information from the message.
 The opponent could determine the location and identity of communicating host and could
observe the frequency and length of messages being exchanged. This information might
be useful in guessing the nature of the communication that was taking place.
 DOS(Denial of Service)(4m)
 DOS is an attack used to deny legitimate users access to a resource such as accessing a website, network,
emails, etc. or making it extremely slow.
 DoS is the Denial of Service. This type of attack is usually implemented by hitting the target resource such
as a web server with too many requests at the same time. This results in the server failing to respond to all
the requests. The effect of this can either be crashing the servers or slowing them down.
 Cutting off some business from the internet can lead to significant loss of business or money. The internet
and computer networks power a lot of businesses. Some organizations such as payment gateways, e-
commerce sites entirely depend on the internet to do business.
 Popular flood attacks include:
1. Buffer overflow attacks – the most common DoS attack. The concept is to send more traffic to a
network address than the programmers have built the system to handle.

2. SYN flood – sends a request to connect to a server, but never completes the handshake. Continues
until all open ports are saturated with requests and none are available for legitimate users to connect
to.
Distributed Denial of Service (DDoS)
(4m)
 A Distributed Denial of Service (DDoS) attack is an attempt to make an online
service or a website unavailable by overloading it with huge floods of traffic
generated from multiple sources.
 Unlike a Denial of Service (DoS) attack, in which one computer and one Internet
connection is used to flood a targeted resource with packets, a DDoS attack uses
many computers and many Internet connections, often distributed globally in
what is referred to as a botnet.
What are Botnets?
Attackers build a network of hacked machines which are known as botnets, by spreading
malicious piece of code through emails, websites, and social media. Once these computers are
infected, they can be controlled remotely, without their owners' knowledge, and used like an
army to launch an attack against any target.
 Backdoors and Trapdoors(4m)
 Backdoor is a term that refers to the access of the software or hardware of a computer system without
being detected. The backdoor can be created by the developer themselves so that they can quickly and
easily make changes to the code without the need to log in to the system.
 A back door in an operating system would provide access to all system functions in the computer.
 However, backdoors can be used by hackers in cyberattacks to steal personal information and data.

 A backdoor attack is a type of malware that gives cybercriminals unauthorized access to a website.
Cybercriminals install the malware through unsecured points of entry, such as outdated plug-ins or
input fields. Once they enter through the back door, they have access to all your company’s data,
including customers’ personal identifiable information (PII).

 As the name suggests, a backdoor attack is stealthy, and cybercriminals often slip in undetected.
 Sniffing(2m or 4m)

 Sniffing is the process of monitoring and capturing all the packets passing through
a given network using sniffing tools. It is a form of “tapping phone wires” and get
to know about the conversation. It is also called wiretapping applied to the
computer networks.
 Data packets captured from a network are used to extract and steal sensitive
information such as passwords, usernames, credit card information, etc. Attackers
install these sniffers in the system in the form of software or hardware. There are
different types of sniffing tools used and they include Wireshark,
Ettercap, BetterCAP, Tcpdump, WinDump, etc.
How to Prevent Sniffing Attacks
Untrusted networks: users should avoid connecting to unsecured networks, which includes free public Wi-Fi.
These unsecured networks are dangerous since an attacker can deploy a packet sniffer that can sniff the entire
network. Another way an attacker can sniff network traffic is by creating their own fake–free public Wi-Fi.

Encryption: Encryption is the process of converting plaintext into cipher text in order to protect the message
from attackers. Before leaving the network, the information should be encrypted to protect it from hackers who
sniff into networks. This is achieved through the use of a virtual private network (VPN).

Network scanning and monitoring: Network administrators should scan and monitor their networks to detect
any suspicious traffic. This can be achieved by bandwidth monitoring or device auditing.
 Spoofing (6M)
 when someone or something pretends to be something else in an attempt to gain our confidence, get access to
our systems, steal data, steal money, or spread malware.
 Spoofing is a type of attack on computer device in which the attacker tries to steal the identity of the
legitimate user and act as another person. This kind of attack is done to breach the security of the system or to
steal the information of the users.

 Example:
 Hackers normally change their IP addresses to hack a website so that the hacker can’t be traced.

Types of spoofing attacks (4m)

 Email spoofing
 Caller ID spoofing
 IP spoofing
 Website spoofing
 Text message spoofing
Different ways of spoofing are:

Email Spoofing: Email spoofing occurs when an attacker uses an email

message to trick a recipient into thinking it came from a known and/or trusted
source. These emails may include links to malicious websites or attachments
infected with malware, or they may use social engineering to convince the
recipient to freely disclose sensitive information.

Caller ID Spoofing: With caller ID spoofing, attackers can make it appear as

if their phone calls are coming from a specific number either one that is known
and/or trusted to the recipient, or one that indicates a specific geographic
location. Attackers can then use social engineering often posing as someone
from a bank or customer support to convince their targets to, over the phone,
provide sensitive information such as passwords, account information, social
security numbers, and more.

Website Spoofing: Website spoofing refers to when a website is designed to mimic an existing site known and/or trusted
by the user. Attackers use these sites to gain login and other personal information from users.
IP Spoofing: Attackers may use IP (Internet Protocol) spoofing to disguise a
computer IP address, thereby hiding the identity of the sender or impersonating
another computer system. One purpose of IP address spoofing is to gain access
to a networks that authenticate users based on IP addresses.

ARP Spoofing: Address Resolution Protocol (ARP) is a protocol that resolves

IP addresses to Media Access Control (MAC) addresses for transmitting data.
ARP spoofing is used to link an attacker’s MAC to a legitimate network IP
address so the attacker can receive data meant for the owner associated with
that IP address. ARP spoofing is commonly used to steal or modify data but can
also be used in denial-of-service and man-in-the-middle attacks or in session
hijacking.

DNS Server Spoofing: DNS (Domain Name System) servers resolve URLs
and email addresses to corresponding IP addresses. DNS spoofing allows
attackers to divert traffic to a different IP address, leading victims to sites that
spread malware.
b Explain in brief IT
How to protect against spoofing attacks

 Never click on an unfamiliar link or download an attachment

 Turn on your spam filter to stop the majority of spoofing emails
 Ensure your firewalls are setup
 Only visit sites with a proper SSL certificate
 Never give out your personal information online
Man in the Middle (MITM) Attack
 A man-in-the-middle attack , generally occure when attackers are able to place themselves in
the middle of two other hosts that are communicating in order to view and modify the traffic.
 For example, a fake banking website may be used to capture financial login information. The
fake site is “in the middle” between the user and the actual bank website.
 Replay
 Replay attacks are the network attacks in which an attacker spies the conversation between
the sender and receiver and takes the authenticated information e.g. sharing key and then
contact to the receiver with that key. In Replay attack the attacker gives the proof of his
identity and authenticity.

Example:

Suppose in the communication of two parties A and B; A is sharing his key to B to prove
his identity but in the meanwhile Attacker C eavesdrop the conversation between them and
keeps the information which are needed to prove his identity to B. Later C contacts to B
and prove its authenticity.
Example
The figure above shows the overview of a replay attack. Let’s look at an example to understand the attack better.

Suppose Alice wants to request Bob to transfer $100 from his account to hers. Alice will send an authentic message
to Bob to make this request. Since Bob trusts Alice, he transfers her the amount. Unfortunately, Alice’s initial
transfer request was intercepted by an attacker who resends the message to Bob. Bob sees a message he thinks is
from Alice, so he again transfers the required amount. However, this time the money is transferred to the attacker
instead of Alice. This is one example of how replay attacks can be used to meet an attacker’s malicious intent.
 TCP/IP Hijacking(4M)
 TCP/IP Hijacking is when an authorized user gains access to a genuine network connection of another user. It
is done in order to bypass the password authentication which is normally the start of a session.

Example
 An attacker monitors the data transmission over a network and discovers the IP’s of two devices that
participate in a connection.
 When the hacker discovers the IP of one of the users, he can put down the connection of the other user by DoS
attack and then resume communication by spoofing the IP of the disconnected user.
TCP/IP hijacking is a type of man-in-the-middle attack. The intruder can determine the IP addresses of the two
session participants, make one of them inaccessible using a DoS attack, and connect to the other by spoofing
the network ID of the former.

IP Spoofing: IP spoofing is a technique which is used to gain unauthorized access to computers where the
intruder sends a message to a computer with an Ip address indicating that the message is coming from a trusted
host.
 Operating System Security
 Hotfix – A work-around or solution to customer-reported issues. Trend Micro develops and releases hot fixes to
specific customers only. Typically, hotfixes are made to address a specific customer situation and may not be
distributed outside the customer organization.
Hotfixes can also solve many of the same issues as a patch, but it is applied to a “hot” system—a live system—to fix an
issue:

1. Immediately
2. Without creating system downtimes or outages.

 Patch - A patch is a program that makes changes to software installed on a computer. Software companies issue
patches to fix bugs in their programs, address security problems, or add functionality.Publicly released update to fix a
known bug/issue

 Service Pack – Large Update that fixes many outstanding issues, normally includes all Patches, Hotfixes,
Maintenance releases that predate the service pack.
A service pack is a collection of updates, fixes and/or enhancements to a software program delivered in the form of a
single installable package. Installing a service pack is easier and less error-prone than installing a high number of
patches individually, even more so when updating multiple computers over a network. Service packs are usually
What is Information Security (InfoSec)?
 Information security (sometimes referred to as InfoSec) covers the tools and processes that
organizations use to protect information. This includes policy settings that prevent unauthorized
people from accessing business or personal information.
Why Is Information Security Important?

Companies need to be confident that they have strong data security and that they can protect against cyber attacks and other
unauthorized access and data breaches. Weak data security can lead to key information being lost or stolen, create a poor
experience for customers that can lead to lost business, and reputational harm if a company does not implement sufficient
protections over customer data and information security weaknesses are exploited by hackers. Solid infosec reduces the risks of
attacks in information technology systems, applies security controls to prevent unauthorized access to sensitive data, prevents
disruption of services via cyber attacks like denial-of-service (DoS attacks), and much more.

Why Is Information Security Needed Within an Organization?

Company core business integrity and client protections are critical, and the value and importance of information security in
organizations make this a priority. All organizations need protection against cyber attacks and security threats, and investing in
those protections is important. Data breaches are time-consuming, expensive, and bad for business. With strong infosec, a
company reduces their risk of internal and external attacks on information technology systems. They also protect sensitive data,
protect systems from cyber attacks, ensure business continuity, and provide all stakeholders peace of mind by keeping
confidential information safe from security threats.
Information classification (4M)
Information classification is a process used in information security to categorize data based on its level of sensitivity
and importance. The purpose of classification is to protect sensitive information by implementing appropriate security
controls based on the level of risk associated with that information.

Information classification, also known as data classification, is how corporate information is classified into specific
significant categories so that critical data remains protected and safe. In a business, vast data volumes are handled
every day – invoice records, email lists, customer information, user data, order history, etc. Obviously, all data is not
equally important, and some information will need higher protection than the other.
If a piece of information is critical or sensitive, it needs more protection as it is more vulnerable to security threats. It is
easier to ascertain which information needs more protection and how data can be classified and labeled with
information classification. For instance, files of different departments of an organization should be kept separately.
They should be saved in different folders, and only individuals of a particular department should be given access to the
files so that they can work with the data. This ensures information security and easy access to the files as and when
needed.
 Information Classification(4m and6m)

 Public: Information that is not sensitive and can be shared freely with anyone.
 Internal: Information that is sensitive but not critical, and should only be shared within the organization.
 Confidential: Information that is sensitive and requires protection, and should only be shared with authorized
individuals or groups.
 Secret: Information that is extremely sensitive and requires the highest level of protection, and should only be
shared with a select group of authorized individuals.
 Top Secret: Information that if disclosed would cause exceptionally grave damage to the national security and
access to this information is restricted to a very small number of authorized individuals with a need-to-know.
Information classification also includes a process of labeling the information with the appropriate classification
level and implementing access controls to ensure that only authorized individuals can access the information. This
is done through the use of security technologies such as firewalls, intrusion detection systems, and encryption.
Criteria for Information Classification
(4M sample)
 Value – the most frequently used criteria for classifying information is the value of data. If the information is
so valuable that their loss could create significant organizational problems, it needs to be classified.
 Age – if the value of certain information declines over time, the classification of the information may be
lowered.
 Useful Life – if the information is available to make desired changes as and when needed, it can be labeled
‘more useful’.
 Personal Association – information that is linked to specific individuals or is addressed by privacy law
needs to be classified.
 Summer 2022
{2M}
1.Define :
i. Confidentiality
ii. accountability
2. Explain terms:
I. Shoulder surfing
II. Piggybacking
3.Differentiate between virus and worms

{4m}
4.define following terms:
III. Operating system
IV. Hot fix
V. Patch
VI. Service pack

{6m}

5 Define information. Explain basic principle of information security .

6.Explain DOS with neat diagram