CyberSecurity U4 QB

JEYA PRAKASH KADAMBARAJAN

March 2025

UNIT 4
SHORT QUESTIONS
1. What is a firewall in cybersecurity?
Answer: A firewall is a network security system that monitors and controls incoming and outgoing
traffic based on predetermined security rules.
2. What is social engineering?
Answer: Social engineering is a tactic that manipulates people into revealing confidential infor-
mation rather than hacking systems directly.
3. Define phishing in cybersecurity.
Answer: Phishing is a cyber attack method where attackers use fraudulent emails or messages to
trick individuals into providing sensitive data like passwords or credit card details.
4. What are the three pillars of cybersecurity?
Answer: The three pillars of cybersecurity are Confidentiality, Integrity, and Availability (CIA
Triad).
5. What is the role of an Intrusion Detection System (IDS)?
Answer: An IDS monitors network traffic for suspicious activities and potential threats, alerting
administrators about possible security incidents.
6. A brute force attack attempts 500,000 guesses per second. How long will it take to
crack an 8-character password with 62 possible characters per position?
Answer:
628 = 2.18 × 1014
2.18 × 1014
≈ 4.37 × 108 seconds ≈ 13.8 years
500, 000
7. An attacker can scan 1,000 ports per second. How long will it take to scan 65,535
ports on a system?
Answer:
65, 535
= 65.5 seconds
1000
8. If a phishing attack succeeds 5% of the time, how many people need to be targeted
to guarantee at least one success?
Answer:
1
= 20 people
0.05
9. An encryption algorithm takes 2 milliseconds to encrypt 1 KB of data. How long will
it take to encrypt 1 GB?
Answer:
1GB = 1024 × 1024 KB
1024 × 1024 × 2
= 2097.15 seconds ≈ 35 minutes
1000

1
10. A system is compromised in 3% of login attempts. If there are 10,000 login attempts,
how many are successful breaches?
Answer:
0.03 × 10, 000 = 300 successful breaches

11. How do insider threats contribute to cyber fraud in organizations, and what strategies
can be implemented to mitigate these risks? Provide real-world examples and discuss
key methodologies for detection and prevention.
Answer:
Introduction: Insider threats have become a significant cybersecurity concern as employees, con-
tractors, or business associates with access to sensitive data can misuse their privileges to commit
fraud. Unlike external hackers, insiders have legitimate credentials and knowledge of internal
systems, making detection challenging. Cyber fraud includes data breaches, financial fraud, unau-
thorized transactions, and sabotage of IT infrastructure.
Understanding Insider Threats: Insider threats can be classified into:
• Malicious insiders – individuals with intent to exploit their access for personal gain.
• Negligent insiders – employees who inadvertently compromise security due to lack of aware-
ness.
• Collusive insiders – working with external attackers to facilitate fraud.
Common forms of cyber fraud facilitated by insider threats include:
• Unauthorized access to sensitive financial records.
• Manipulation of transaction logs to divert funds.
• Intellectual property theft and data leaks.
• Exploiting privileged accounts to modify security configurations.
Real-World Example: One of the most notable cases of insider cyber fraud occurred at a major
financial institution, where an IT administrator manipulated transaction records to siphon funds
into personal accounts. The fraud remained undetected for months due to weak monitoring controls
and lack of stringent authentication mechanisms. The organization suffered significant financial
and reputational damage.
Strategies for Mitigating Insider Threats:
(a) Implementing User Behavior Analytics (UBA): AI-powered tools can analyze login
patterns, data access trends, and flag suspicious deviations in user behavior.
(b) Role-Based Access Controls (RBAC): Limiting access based on job roles ensures that
employees can only access data relevant to their responsibilities.
(c) Continuous Monitoring and Auditing: Regular audits of log files and network activities
help detect unauthorized transactions before they escalate.
(d) Multi-Factor Authentication (MFA): Strengthening authentication reduces the risk of
credential misuse by insiders.
(e) Employee Training and Awareness: Conducting regular security training sessions to
educate employees on recognizing potential threats and maintaining cyber hygiene.
(f) Whistleblower Protection Programs: Encouraging employees to report suspicious activ-
ities anonymously can help identify insider threats early.
Conclusion: Insider threats pose a unique challenge to organizations as they involve individuals
with legitimate access. Proactive strategies such as behavior monitoring, stringent access control,
and fostering a security-conscious culture can significantly reduce the risks associated with insider
cyber fraud. Businesses must stay vigilant and employ comprehensive cybersecurity frameworks to
protect against internal vulnerabilities.

2
12. How do Intrusion Detection Systems (IDS) help organizations in mitigating cyber
threats? Discuss different types of IDS, their functionalities, and real-world appli-
cations. Provide examples of how IDS have prevented security breaches in critical
infrastructures.
Answer:
Introduction: Intrusion Detection Systems (IDS) play a crucial role in modern cybersecurity by
monitoring network traffic and identifying potential security threats in real-time. These systems
are designed to detect malicious activities, unauthorized access attempts, and policy violations,
enabling organizations to respond promptly to cyber threats.
Types of IDS: There are several types of IDS, each with specific functionalities:
• Network-Based IDS (NIDS) – Monitors network traffic for suspicious activity and anoma-
lies.
• Host-Based IDS (HIDS) – Operates on individual hosts or devices, analyzing logs and
detecting intrusions.
• Hybrid IDS – Combines features of both NIDS and HIDS for enhanced security.
• Signature-Based IDS – Detects known attack patterns by comparing traffic against prede-
fined signatures.
• Anomaly-Based IDS – Uses machine learning and behavioral analysis to identify deviations
from normal activities.

Real-World Applications: IDS are widely used in various sectors, including:

• Financial institutions to detect fraud and unauthorized transactions.
• Government agencies to safeguard sensitive data from cyber espionage.
• Healthcare organizations to protect patient records from ransomware attacks.
• E-commerce platforms to prevent credential stuffing and data breaches.
Case Study Example: In 2017, a major power grid operator deployed an Anomaly-Based IDS
to monitor its network. The system detected irregular access patterns and alerted security teams
about a potential cyberattack. Upon investigation, it was found that a nation-state actor was
attempting to infiltrate the control system. The timely intervention prevented a possible blackout,
showcasing the critical role of IDS in infrastructure security.
Challenges and Future Directions: Despite their benefits, IDS face challenges such as high
false-positive rates and resource-intensive processing. Future advancements in Artificial Intelligence
and automation are expected to improve IDS efficiency by reducing false alarms and enhancing
real-time threat response capabilities.
Conclusion: Intrusion Detection Systems are an essential component of cybersecurity, providing
organizations with early warnings against cyber threats. By implementing advanced IDS solutions,
businesses can proactively safeguard their networks and critical data from malicious attacks.
13. How do ransomware attacks affect critical infrastructure, and what preventive mea-
sures can organizations implement to mitigate these threats? Provide real-world ex-
amples and discuss cybersecurity frameworks for handling ransomware incidents.
Answer:
Introduction: Ransomware attacks have become one of the most destructive cyber threats, tar-
geting critical infrastructure such as healthcare systems, energy grids, and government services.
These attacks encrypt essential data, demanding ransom payments for decryption, which can lead
to financial losses, service disruptions, and national security risks.
Effects of Ransomware on Critical Infrastructure:
• Service Disruptions: Hospitals, power plants, and public institutions experience downtime,
affecting essential services.
• Financial Losses: Organizations may face ransom payments, incident response costs, and
regulatory fines.

3
 • Data Breaches: Attackers exfiltrate sensitive information before encryption, increasing risks
of data leaks.
• Reputational Damage: Trust in affected institutions declines, impacting long-term opera-
tional sustainability.

Real-World Example: The 2021 Colonial Pipeline ransomware attack disrupted fuel supplies
across the United States, causing panic and economic losses. The attackers exploited weak VPN
credentials, gaining access to the network and encrypting critical systems. The company paid a
ransom of $4.4 million to regain access, highlighting vulnerabilities in industrial control systems.
Preventive Measures and Cybersecurity Frameworks:

(a) Regular Data Backups: Maintain offline and encrypted backups to restore systems without
paying ransom.
(b) Zero Trust Security Model: Restrict access to sensitive systems and enforce strong au-
thentication mechanisms.
(c) Endpoint Detection and Response (EDR): Deploy AI-driven monitoring solutions to
detect ransomware behaviors early.
(d) Network Segmentation: Isolate critical infrastructure networks from corporate IT envi-
ronments to limit attack spread.
(e) Incident Response Planning: Develop and test ransomware-specific response strategies
for quick recovery.

Conclusion: Ransomware attacks pose severe risks to critical infrastructure, but proactive security
measures and strong cybersecurity frameworks can mitigate these threats. Organizations must
prioritize threat intelligence, employee training, and robust response mechanisms to prevent and
recover from ransomware incidents effectively.

14. A brute-force attack is attempted on a secure 256-bit encryption key. The attacker
has access to a supercomputer capable of testing 1018 key combinations per second.
Compute:
• The total number of possible encryption keys.
• The worst-case time required to crack the key.
• The time reduction if the attacker utilizes a botnet with 1 million distributed
machines, each operating at the same speed.
• A comparative analysis of increasing key length from 256-bit to 512-bit.
Answer:
Step 1: Calculating the Total Number of Encryption Keys Since the encryption key is
256-bit long, the total number of possible keys is:

2256 ≈ 1.16 × 1077

Step 2: Calculating the Time Required for a Single Supercomputer Given the attack
rate of 1018 keys per second:
1.16 × 1077
Time Required =
1018
= 1.16 × 1059 seconds
Converting to years:
1.16 × 1059
≈ 3.67 × 1051 years
60 × 60 × 24 × 365
Step 3: Time Reduction with Distributed Botnet If 1 million (i.e., 106 ) machines are used,
each testing 1018 keys per second:

1.16 × 1077
New Time =
1018 × 106

4
 = 1.16 × 1053 seconds
Converting to years:
1.16 × 1053
≈ 3.67 × 1045 years
60 × 60 × 24 × 365
Even with a massive botnet, the cracking time remains astronomically large.
Step 4: Impact of Increasing Key Length to 512-bit For a 512-bit encryption key:

2512 ≈ 1.34 × 10154 possible keys

Using the same attack rate of 1024 keys per second (assuming an extreme computational boost):

1.34 × 10154
Time Required =
1024
= 1.34 × 10130 seconds ≈ 4.25 × 10122 years
This shows that increasing the key length significantly enhances security.
Conclusion: Brute-force attacks on 256-bit encryption are computationally infeasible, even with
massive distributed networks. Doubling the key length to 512-bit further increases security, making
brute-force attacks virtually impossible within the age of the universe.
15. A company experiences a Distributed Denial-of-Service (DDoS) attack where attackers
flood its server with malicious traffic. Given the following details, compute:
• The total data volume received by the server per hour.
• The overload factor compared to normal traffic.
• The bandwidth required to mitigate the attack.
• The cost of mitigation if a cloud security provider charges $0.10 per GB filtered.
• An analysis of the impact if the attack duration increases from 1 hour to 10 hours.
Given Data:
• Normal traffic: 1 million requests per second, each request averaging 2 KB.
• Attack traffic: 200 million requests per second, each request averaging 2 KB.
• Network bandwidth limit: 10 Gbps.
Answer:
Step 1: Calculating Total Data Volume Received per Hour The total data volume from
the attack traffic per second is:

200, 000, 000 × 2 KB = 400, 000, 000 KB = 400 GB/sec

Converting to an hourly rate:

400 × 60 × 60 = 1, 440, 000 GB/hour

Step 2: Calculating the Overload Factor Normal traffic per second:

1, 000, 000 × 2 = 2, 000, 000 KB = 2 GB/sec

Overload factor:
400
= 200 times the normal load
2
Step 3: Required Bandwidth for Mitigation Since the server has a bandwidth limit of 10
Gbps, converting to GB/sec:
1024
10 × = 1.28 GB/sec
8
Required extra bandwidth:
400 − 1.28 = 398.72 GB/sec

5
 Step 4: Cost of Mitigation Total data filtered per hour:

1, 440, 000 GB

Total cost per hour:

1, 440, 000 × 0.10 = 144, 000 USD
For a 10-hour attack:
144, 000 × 10 = 1, 440, 000 USD

Conclusion: DDoS attacks can overwhelm servers and lead to high mitigation costs. Implementing
rate limiting, firewalls, and advanced traffic filtering can reduce costs and improve security.
16. A corporate network deploys a firewall to filter incoming and outgoing traffic. Given
the firewall’s specifications, compute:
• The maximum number of packets it can process per second.
• The time required to inspect a day’s worth of traffic.
• The additional processing power needed if network traffic increases by 300%.
• The cost of upgrading the firewall infrastructure to handle the increased load.
• A comparison of hardware versus cloud-based firewall solutions in terms of cost
and scalability.

Given Data:
• Firewall processing capacity: 10 million packets per second.
• Average packet size: 500 bytes.
• Daily traffic volume: 5 PB (Petabytes).
• Processing efficiency drops by 20% under peak loads.
• Hardware upgrade cost: $100,000 per 10 million packet increase.
• Cloud-based firewall costs $0.02 per GB of filtered traffic.
Answer:
Step 1: Maximum Packets Processed Per Second The firewall can process 10 million packets
per second. Since each packet is 500 bytes:

Data processed per second = 10, 000, 000 × 500 bytes = 5 GB/sec

Step 2: Time to Inspect Daily Traffic Given daily traffic of 5 PB:

5 × 1024 × 1024
Total packets per day = ≈ 10.49 × 1012 packets
500
Time required:
10.49 × 1012
= 1.049 × 106 seconds ≈ 12.15 days
107
Step 3: Additional Processing for 300% Traffic Increase New traffic:

5 × 3 = 15 PB

New packets per day:

15 × 1024 × 1024
≈ 3.15 × 1013 packets
500
Required firewall upgrade:

3.15 × 1013
= 3.15 × 106 seconds ≈ 36.5 days
107

6
 Step 4: Upgrade Cost Required processing capacity:

10 × 3 = 30 million packets/sec

Upgrade cost:
(30 − 10) × 100, 000 = $2, 000, 000

Step 5: Cloud vs Hardware Firewall Cost Comparison Hardware Firewall: $2M for the
upgrade. Cloud Firewall: Given $0.02 per GB,
0.02
Total cost = 15, 000, 000 × 1024 × = $300, 000
1024

Conclusion: Scaling up on-premise firewalls is costly and time-consuming. Cloud-based firewalls

offer a flexible, cost-effective alternative with rapid scalability.
17. Discuss the impact of Intrusion Detection Systems (IDS) in modern cybersecurity
infrastructure. How do IDS mechanisms work, what are their different types, and
what challenges do organizations face in their deployment?
Answer:
Intrusion Detection Systems (IDS) are an essential component of cybersecurity, designed to monitor
and analyze network traffic for signs of malicious activity. With the increasing number of cyber
threats, IDSs play a crucial role in identifying security breaches and preventing potential damage
to IT infrastructures. These systems function as the first line of defense, complementing firewalls
and other security measures to ensure comprehensive protection.
How IDS Works: IDS mechanisms rely on continuous monitoring and analysis of network and
system activities. They detect anomalies and known attack patterns, alerting security administra-
tors to potential threats. The primary functions of an IDS include:
• Monitoring and Logging: Capturing real-time network traffic and system logs for analysis.
• Signature-based Detection: Comparing incoming traffic against a database of known at-
tack signatures.
• Anomaly Detection: Identifying deviations from normal behavior that could indicate a
cyberattack.
• Response Mechanisms: Generating alerts and, in some cases, initiating countermeasures
to mitigate threats.
Types of IDS: IDSs are categorized based on their detection techniques and deployment environ-
ments. The major types include:
• Network-based IDS (NIDS): Deployed at strategic points in a network to monitor traffic
across multiple devices.
• Host-based IDS (HIDS): Installed on individual computers to analyze system activities
and detect unauthorized access.
• Application-based IDS (AIDS): Focuses on monitoring application-layer activities to de-
tect anomalies in software behavior.
• Hybrid IDS: Combines multiple detection techniques for improved accuracy and compre-
hensive coverage.
Challenges in IDS Deployment: Despite their effectiveness, IDSs face several challenges in
real-world deployment:
• High False Positives: IDS may generate alerts for legitimate activities, causing unnecessary
alarms.
• Resource Intensiveness: Continuous monitoring and analysis require substantial comput-
ing power and storage.
• Evasion Techniques: Attackers use encryption and obfuscation methods to bypass IDS
detection.

7
 • Scalability Issues: Large networks with high traffic volumes may overwhelm IDS capabili-
ties.
• Integration Complexity: Ensuring compatibility with existing security systems can be
challenging.
Intrusion Detection Systems play a pivotal role in cybersecurity, helping organizations detect and
respond to cyber threats in real-time. However, addressing challenges such as false positives, scala-
bility, and evolving attack techniques is necessary for optimizing IDS effectiveness. By integrating
IDS with other security solutions and leveraging AI-driven analytics, organizations can enhance
their cybersecurity posture and protect their digital assets.
18. Discuss the impact of Distributed Denial of Service (DDoS) Attacks on modern organi-
zations. How do these attacks work, what are the different types, and what mitigation
strategies can be employed to prevent them?
Answer:
Distributed Denial of Service (DDoS) attacks are among the most severe cybersecurity threats that
organizations face today. These attacks aim to overwhelm a target’s network, server, or service by
flooding it with excessive traffic from multiple sources, rendering it inaccessible to legitimate users.
As businesses rely heavily on online services, DDoS attacks can lead to financial losses, reputational
damage, and operational disruptions.
How DDoS Attacks Work: DDoS attacks exploit the fundamental weaknesses of network
infrastructure by consuming bandwidth, depleting resources, or exploiting protocol vulnerabili-
ties. Attackers typically use botnets—large networks of compromised devices—to generate massive
amounts of traffic directed toward the target. The main components of a DDoS attack include:
• Attack Initiation: The attacker deploys malicious software to control multiple compromised
systems (botnets).
• Traffic Generation: The botnets send overwhelming amounts of data packets or connection
requests to the target.
• Exploitation of Network Resources: The attack exhausts bandwidth, processing power,
or application layer resources.
• Service Disruption: The target system becomes slow, unresponsive, or completely unavail-
able to legitimate users.
Types of DDoS Attacks: DDoS attacks are categorized based on their attack methodology:
• Volume-Based Attacks: These attacks flood the target with high volumes of traffic, con-
suming all available bandwidth. Examples include **UDP floods, ICMP floods, and DNS
amplification attacks**.
• Protocol-Based Attacks: These attacks exploit vulnerabilities in network protocols, ex-
hausting server resources. Examples include **SYN floods, Ping of Death, and Smurf at-
tacks**.
• Application Layer Attacks: These attacks target the application layer by overwhelming
servers with legitimate-looking requests. Examples include **HTTP floods and Slowloris
attacks**.
Mitigation Strategies for DDoS Attacks: Organizations can employ several strategies to
defend against DDoS attacks:
(a) Traffic Filtering and Rate Limiting: Implementing firewalls, intrusion prevention systems
(IPS), and rate-limiting mechanisms to block excessive requests.
(b) Load Balancing: Distributing incoming traffic across multiple servers to prevent overloading
a single system.
(c) DDoS Mitigation Services: Leveraging cloud-based DDoS protection services that detect
and neutralize attacks before reaching the target network.
(d) Anomaly Detection: Using machine learning-based anomaly detection systems to identify
and mitigate suspicious traffic patterns.

8
 (e) Blackhole Routing: Redirecting malicious traffic to a null route, preventing it from affecting
the main network.
DDoS attacks pose a significant risk to modern organizations, causing downtime, financial losses,
and reputational harm. Implementing a combination of proactive defense mechanisms such as
traffic filtering, load balancing, and AI-driven threat detection can help organizations mitigate
these attacks effectively. As cyber threats continue to evolve, businesses must adopt robust security
frameworks to ensure resilience against DDoS attacks.