August 2011

Master of Business Administration-MBA Semester IV MI0026 Computer Networks 2 Credits (Book ID: B1041) Assignment Set- 1 (30 Marks)
http://smumbaassignmentssolved.blogspot.com/ Completely Solved Assignments.

Note: Each question carries 10 Marks. Answer all the questions. Q.1 write the diagram of a LAN network of your organization connecting all the peripheral devices. Also specify what kind of topology you use to connect your organization to the internet and why. [10 Marks]

Q.2 Explain the different modes of data transmission.

[10 marks]

Q.3 Write short notes on a. CSMA/CD b. Fast Ethernet c. IEEE 802.11 Frame structure d. Routing algorithms [10 Marks]

August 2011

Master of Business Administration-MBA Semester IV MI0026 Computer Networks 2 Credits (Book ID: B1041) Assignment Set- 2 (30 Marks)
Note: Each question carries 10 Marks. Answer all the questions. Q.1 Q.2 Bring out the differences between the different topologies. [10 Marks]

Network security is an issue at firms of all sizes. Even the best of informationtechnology (IT) departments constantly face new challenges as they try to keep their firms' systems secure. The only completely secure computer is one that is not connected to a network or the Internet - and we all know that is not an option in todays workplace. With that in mind, we need to find ways to mitigate the threats of data loss both in transition and on digital media. Data encryption, one of the best and most commonly used methods of determining data theft and hacking, is transparent to the end user. Encryption is the act of adding a cipher or string of characters to raw data (such as binary computer files), and in doing so, creating "ciphertext," or encoded blocks of text. In effect, encryption takes data that is easily viewable and "translates" it into a coded language that is very difficult to read. The computer system has to remove the cipher to convert it back to usable data by the end user. Encryption is used primarily in three security scenarios: SSL Web encryption, digital media encryption and email encryption. SSL encryption To most users, the padlock in the corner of their Web browser that shows up on certain Web pages is an indication that the information they are sending or retrieving over the Internet is secure. Any site can be encrypted by simply purchasing and applying a Secure Socket Layer (SSL) Certificate to the site. SSL encryption allows

August 2011

for the transmission of sensitive data between people and sites, eliminating the worry about whether that information is floating around the Internet in plain-text format. One of the rapidly growing uses of SSL encryption in the accounting industry is securing Web portal access. More and more companies are allowing employees to connect to their network remotely and are implementing SSL Virtual Private Networks (VPN), which require individual passwords to trigger decryption of the information to secure the traffic. Additionally, clients are logging into the network via portals to extranets holding their secure data. This is what a complete SSL transaction involves: * An end user requests access to a secure page via a Web browser, usually https:// and over port 443. Port 443 was defined by Netscape as the standard port number for secure communications via the Web and is still used as the secure port today. * The contacted server transmits its public key with its certificate. The browser verifies that the certificate was issued by a trusted party, that the certificate is valid and that the certificate is affiliated with the site contacted. * The browser then uses the public key to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required, as well as other encrypted http data. * The Web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data. * The Web server sends back the requested Web document and http data encrypted with the symmetric key. * The Internet browser decrypts the data and Web page using the symmetric key and displays the information. Here's a diagram of how that description works for a CPA firm client: Encrypted digital media Traditionally, accounting firms went to great lengths to secure client data in their office and in off-site storage, but little attention was paid to the data traveling with the auditors on a daily basis. That, coupled with the increased popularity of telecommuting, has increased the necessity of encrypting digital media such as hard drives, flash digital media drives, PDAs and smart phones to insure the security of your firm's data. Both hardware and software manufacturers have identified the need for such encryption, and many are including such solutions in their products. The initial push for digital media encryption began with the need to secure hard drives. Several technology platforms emerged, leading to a debate between wholedisk encryption versus encryption vaults, which finally lead to the realization that both should be used in conjunction for optimal results. The approach of whole-disk encryption is that the hard drive is useless without the encryption password once the

August 2011

computer is shut down. The encrypted-vault model was especially useful on computers with shared access, as each user has their own encrypted space that cannot be accessed by other users. Each user can encrypt a folder on the computer that no one else even realizes is there. Whole-disk encryption is the most prevalent technology, but in many scenarios, both encryption techniques are used together for maximum security. This is how encrypted digital media works in our everyday environment: Look around your desk, in your pockets or purse. You'll probably find a USB flash drive. USBs are extremely portable, easy to use, readily available, inexpensive and can hold large amounts of data. The same characteristics that make these drives so popular are exacdy why they are such a security threat. Browse the Internet, and you will find a significant number of instances where lost drives have caused companies to lose critical and confidential data. The chances are good that encrypted USBs, which are readily available but more costly, can prevent such losses. Many PDAs and smart phones can be encrypted as well. Generally, the entire device is not encrypted; instead, the storage digital media card is protected (similar to the encryption vault model). Even though most devices have remote wipe capabilities that remove all data and return the phone to factory defaults, if the phone or PDA is lost and the person who finds it does not connect to the Web, the data could be compromised. Current versions of Microsoft Exchange have included the ability to encrypt the PIM. VOL (which is the information storage on a Wondows Mobile phone) on Windows Mobile phones, which includes e-mail and calendars, temp folders and the user's document folders. Additionally there are third-party solutions that accomplish the same security, but will work across multiple phone platforms, such as GaurdianEdge SmartPhone Protection which protects iPhone, Palm and Windows Mobile phones. The scalability of the encryption products on the market are extremely varied, as some are targeting an individual device while others are delivered and managed through network policies. Encrypted e-mail As e-mail continues to grow and gain vitality in corporations' communication systems, so has the need to protect this information in transit from company to company. This is currently the least-used area of encryption and has met with some resistance since it is often difficult to implement and use. Companies are using encrypted e-mail and secure file transfer technologies to protect communications between their employees and clients, but more importantly are protecting sensitive content in the e-mails. Clients of CPA firms have a reasonable expectation that any financial or personal information (such as Social Security Numbers, bank account information, pay stubs, etc.) sent via e-mail is encrypted, and legislation is quickly catching up to the technology (see ,e.g., Personal Data Privacy and Security Act of 2005 and Gramm-LeachBiley Act). Currently, several different methods are used to encrypt e-mails:

August 2011

* Endpoint to Endpoint: This means that the e-mail is encrypted from when it is sent until it is received. This method is the most secure, but also the hardest to implement and manage. * Gateway to Endpoint: In this model, there is a server or appliance at the edge of the sender's network that encrypts the e-mail as it leaves the company. This Sender may not even be aware that the e-mail is encrypted as it requires no extra action, the only extra work is on the recipient. * Gateway to Gateway: This model is ideal as there is no extra work for the sender or recipient, but to accomplish this model, you have to implement the compatible solution on both sides, which in many cases is not possible, especially in a clientservice model. * Gateway to Web: This model is probably the most popular model, as it creates an e-mail as composed and a file is attached to it. The file is stripped off and stored on a server in an encrypted vault. The recipient receives the e-mail, which now contains a URL pointing to the file on the secure server. After an authentication process, the person outside the company can download the file. Typically with this method the file is only saved on the secure server for a short period of time, and the file has to be resent if the email is not retrieved within that time. This solution also solves size limitation issues on e-mails as the e-mail systems do not see the secured file as an attachment.

a. b. c. d. e.

What are the other methods of determining data theft and hacking? How does encryption helps us in determining hacking? What is secure socket layer? What is public key? What is an encrypted Email? What are the different standards for Email security system?
[10 Marks]

Q.3

Write short notes on a. MIME with an example

b. CMS with an example

[10 Marks]