Chapter-5 Cyberspace Infrastructure from Computer Network Security and Cyber Ethics
1. Explain in detail TCP/IP Protocol Architecture
TCP/IP has Four Layers:
Application Layer: Application layer protocols are those used for the exchange of user information. Protocol uses here are Simple Mail Transfer Protocol (SMTP), Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Simple Network Management Protocol (SNMP) etc.

Host-to-Host Transport Layer: The core protocols of the Transport layer are Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP).
TCP provides a one-to-one, connection-oriented, reliable communications service.
UDP provides a one-to-one or one-to-many, connectionless, unreliable communications service.

Internet Layer: The Internet layer is responsible routing of IP packet. The core protocols of the Internet layer are IP, ARP (Address Resolution Protocol, ICMP (Internet Control Message Protocol), and IGMP (Internet Group Management Protocol).
The Internet Protocol (IP) is a routable protocol responsible for IP addressing, routing, and the fragmentation and reassembly of packets.

Network Interface Layer:
The Network Interface layer (also called the Network Access layer) is responsible for placing TCP/IP packets on the network medium and receiving TCP/IP packets off the network medium.
Hardware Devices: Hubs, Switch, Bridge etc hardware devices used here.

2. Write short notes on Ethernet.
Ethernet is a frame-based computer networking technology for local area networks (LANs). It is Network of two or more Computers.
Standard Name: IEEE 802.3 Local Area Network (LAN) protocols.
Protocol: data are transmitted using the popular Carrier-Sense Multiple Access/Collision Detection (CSMA/CD) protocol
Ethernet Technologies:
Three data rates are currently defined for operation over optical fiber and twisted-pair cables. They are:
1. 10 Mbps - 10Base-T Ethernet (IEEE 802.3)
2. 100 Mbps - Fast Ethernet (IEEE 802.3u)
3. 1000 Mbps - Gigabit Ethernet (IEEE 802.3z)

Ethernet Network Elements:
Ethernet LANs consist of network nodes and interconnecting media. The network nodes fall into two major classes:
1. Data terminal equipment (DTE)
2. Data communication equipment (DCE)

Chapter-4 Morality, Technology and Value from Computer Network Security and Cyber Ethics

1. Define Technology and list three components of Technological process?
Technology is a rational process of creating a means to order and transform matter, energy, and information to realize certain valued ends.
Technological processes have three components: Inputs, Engines and Outputs.

2. How to make good use of Technology?
Value of any technology depends on how we use the technology. Every technology should have a regulated policy. New Laws to strengthen, new moral and ethical concepts and massive education campaign to make good use of technology.

Chapter-1 All Security Involves Trade-offs from Beyond Fear

1. List 5-step process to analyze and evaluate security systems, technologies, and practices.
The Five Steps process are as follows:
1. What assets are you trying to protect?
2. What are the risks to these assets?
3. How well does the security solution mitigate those risks?
4. What other risks does the security solution cause?
5. What costs and trade-offs does the security solution impose?

2. Define Attack and Assets
Attack means intentional unwarranted actions. An attack is a specific way to attempt to break the security of a system or a component of a system.
Assets are the objects of attack. Assets can be as small as a single diamond and as
large as a nation’s infrastructure.

Chapter-2 Security Trade-offs Are Subjective from Beyond Fear

1. Define Threat and Risk.
Threat: A potential way an attacker can attack a system.
Risk: A likelihood of threat and seriousness of successful attack.

2. Define Risk Management.
It’s figuring out which attacks are worth worrying about and which ones can be ignored. “Threat determines the risks, and the risks determine the countermeasures”.

Chapter-3 Security Trade-offs depend on power and agenda (Summary) from Beyond Fear

1. Why do we need proxies for easy security trade-offs?
Proxies are the players who act in the interest of other players. Proxies are the intermediate person that has specializations in their field. Everyone can’t do everything. So proxies are needed.
For E.g.: Hiring a building inspector to evaluate the physical condition of house. This cannot be done by everyone unless you are having expertise in it.

2. Which are the two players that create security problems?
Attacker and the Attack (Assets owner) are the two players that create security problems. If no attacker than there would be no security problems.

Questions from Cryptography Presentation

1. Explain Public key Cryptography or Asymmetric Cryptography

Public key Cryptography was introduced by Diffie and Hellman in 1976, where each person gets a pair of keys, called the public key and the private key. Each person's public key is shared while the private key is kept secret known only to the recipient of the message. Messages are encrypted using the intended recipient's public key and can only be decrypted using his private key. Communications involve only public keys, and no private key is ever transmitted or shared.It is called asymmetric encryption because it uses two keys i.e. public key and a private key.
E.g.: RSA encryption, PGP (Pretty Good Privacy)

2. Explain Private Key Cryptography or Symmetric Key Cryptography
Private Key Cryptography is a cryptographic method in which the same key is used to encrypt and decrypt the message. It also called Symmetric encryption because it uses only singe key. Symmetric-key cryptography is sometimes called as secret-key cryptography
A problem with private-key cryptography is that the sender and the recipient of the message must agree on a common key via some alternative secure channel.
E.g.: Data Encryption Standard (DES), triple-DES (3DES), Advanced Encryption Standard (AES).