Ans: Symmetric key uses the same key to encrypt and decrypt data. However, they are easy to be captured during key exchange between two networked hosts. If any one key is lost to an attacker, the traffic content can be compromised. The major advantage is the comparatively high speed for encryption and decryption of data between (3)
Asymmetric key uses two mathematically different keys to encrypt (Private) and decrypt (Public). During a key exchange, it is harder to capture content of keys and reuse it for decryption since private key will not be exchanged (3)
OR Similar
- In PKI, what are Public Key and Private or crypto keys? In what situation, it advances over other such as SSH (8 marks)
Ans: In Public-Private Key Infrastructure (PKI), Private key mathematically derives a additional key called public key (2), once a key pair is generated by its owner. However, information cannot be encrypted by public key but by private key. (1.5) The private key is an encryption key for the owner to encrypt data on his/her communication device. He can then distribute his public or a mathematically related key to his intended recipient. (1.5) It can be distributed through some transport mechanism such as floppy. The recipient can use the sender’s public to decrypt data. (2-23 to -24) The major advantage over SSH is that PKI does not require a real time channel be created before data exchange. A file or email can be encrypted in advance by the private key and be sent over unsecured media. (3)
OR SIMILAR in PKI concept.
c) How firewalls differ from proxy? When they are used? (6 marks)
Ans: In a network situation, a proxy divides the network connection between a server and client devices. Proxy receives request from an internal client and forward the request to another host such as a server on behalf of the client by providing its proxy external network address. (1.5)
On the other hand, a firewall also divides traffic between a server and client to examine packets passing through its external and internal interfaces for possible attacks. Firewalls can also create policies or rules to govern what kind of packet types can pass. (1.5)
Proxy can reduce traffic on WAN by caching requested content while reducing the risks of exposing its clients network addresses in order to minimize the attacks. (1.5)
Firewall can be implemented to control unwanted traffic to flow between. It is usually used in a defensive situation on network (1.5)
d) Please describe each item in a short sentence (5 Marks)
i) ICMP - Internet Control Message Protocol provides flow control and route determination in IP protocol. (1)
ii) DNS - Domain Naming Service provide name resolution between a descriptive name (host name) to IP address. E.g. www.abc.com <-> 172.1.1.1 (1)
iii) Port number - A number is used for identifying a network service (1)
vi) ACK flag - In three way handshake communication, a host receives a request and confirms reception to source system by issuing an acknowledgment (ACK flag) (1)
v) UDP - User Datagram Protocol is a transport and connectionless oriented protocol (1)
QUESTION 3 (25 points)
a) Consider the following CGI script,
#!perl
Print “Content-type:text/html\n\n”;
Print<<EndOfHTML;
<html><head><title>Print Environment</title></head>
<body>
……
Why is it lethal to a web server if it is not secured properly? What is a possible solution to correct the problem on the web server? (6)
Ans: In CGI, it can receive form query from the Web client and interact with the backend Webserver. (1) Without the use of the tainting parameter “T” in the script, (2) this PERL script can display configuration parameters from the web server such as OS type, patch level, etc. to an attacker. (2) An attacker knows from such information to acquire appropriate tools to attack the target Web Server and/or its OS platform.
One way to secure it is to disable execute scripts command, set appropriate file/folder level permissions, apply security patch if available (1) OR similar
b) In lab exercise, we have intruded a simulated On-line banking system and viewed the communication sessions. A hacking tool is used for hacking the session during the transaction.
- What type of attack is it? How it works? (5)
Ans: Man in the middle (2). A proxy agent captures the traffics from both web server and client. When a client replies with a password on the corresponding bank account, the password is shown in clear text. A hacker then can use the legitimate credential for logging into the bank account. (3)
- How can we make the session more secure? List three names. (5)
Ans: Possible solutions including encrypting credentials, Secure Socket Layer, Certificate mapping, PKI, etc. (1.3 each)
- How can RAID 0, 1 and 5 on a server provide fault tolerance in hardware emergency? (9)
Ans: Also redundant array of inexpensive disks provides fault tolerance against hard disk crashes.
There are many levels: RAID 0 to 5. (2)
With level 0, it is strictly for performance gains and provides no fault tolerance. RAID 0 stripes the data across multiple hard disks. (2)
RAID 1 maintains a full copy of all files information on every disk and thus is sometimes referred to as disk mirroring. Should a disk fail; each of the remaining disks has a full copy of the entire file system. (2)
RAID 5 has data and ECC storage capability. This arrangement helps to improve speed over RAID 0 with fault tolerance feature. Yet it also suffers from bottlenecks on the parity drive. Compared with RAID 1, it increases disk space in all disk storage minus one disk. (3)
QUESTION 4 (25 points)
- How does Kerberos work in authenticating user? (5)
Ans: Kerberos is an authentication method which can be used for single sign-on mechanism and allows mutual authentication and encrypted communication between user and services. (2)
- User authenticates to the local OS. A local agent sends an authentication request to the Kerberos server. (1)
- The server responds by sending the encrypted credentials for the user attempting to authenticate to the system and local agent then tries to decrypt the credentials using the user supplied password. (1)
- If succeed with the password, the user is validated and given authentication ticket for access other Kerberos authenticated services (1)
OR Similar
- Given a netmask (subnet mask) 255.255.224.0, please determine if both the IP addresses, 172.16.65.148 and 172.16.97.221, reside on the same sub network? Please show your calculations and justify your answer. (6)
Ans:
The above items, combination receives (1.5), SN receives (1.5) and From and End IP receives (1.5), result in total (6)
The answer is NO (1.5). They are not in the same sub network as shown. IP with 148 as ending is in 64 SN and 221 is in 96 SN. (See bold figures)
-
Covert bd (hex) to binary digits. Show your work for full marks! (5)
Ans: = (11 x 16^1) + (13 x 16^0) = 176 + 13 = 189 (decimal) (3)
From decimal
= 189 -128 – 32 – 16 – 8 -4 -1 = 0 so, we have 10111101 (2)
- Given a packet captured from a sniffer, please answer the following: (9)
4500 002f cc2f 4000 ff06 eeb9 ac1c 0ac1
0a00 0002 0007 0443 1aae 67db 001c 8119
5018 2238 76c6 0000 6865 6c6c 6f0d 0a
- What is the IP data?
Ans: 4500 002f cc2f 4000 ff06 eeb9 ac1c 0ac1 (3)
0a00 0002
- What is the TCP data ?
Ans: 0007 0443 1aae 67db 001c 8119 (3)
5018 2238 76c6 0000
- What is the application data?
Ans: 6865 6c6c 6f0d 0a (3)
QUESTION 5 (25 points)
Write notes for the following terms:
- Worms
Ans: A worm is an application which could replicate itself via a permanent or dial-up network connection. Unlike a virus, it seeds itself within the computer’s hard disk or file system, a worm is a self supporting program. A typical worm maintains only a functional copy of itself in active memory. It does not even write it self to disk OR similar (3)
- IP Security (IPSEC)
Ans: A set of protocols developed by IETF to support the encryption and authentication of data at the IP layer of the OSI model. It is a key technology in VPN usage. It has many protocol such as AH, ESP, IPcomp and IKE. IPSEC can be used in two modes, transport – encrypting communication between two hosts and tunnel – encapsulating traffic packet into another IP packet as used in VPN
OR similar (3)
- Hardware Firewalls
Ans: Also known as appliance firewalls, they are intended be used without much setup and configuration works before providing firewall services. OR similar (3)
- Software Bugs
Ans: When an application or system consists of many lines of codes, there may be some logical errors expected to find. Some bugs can impose security impacts and are required to fix by “patching”, a rewrite of subset of program to correct the codes. OR similar (3)
- Authentication
Ans: The act of proving you are who you say you are. There are a number of methods to prove. One example is by providing password and username in dialog box by computer. OR similar (3)
- Strong/complex Password (3)
Ans: A password combination has at least eight characters and numbers. It can increase the complexity to an attacker to conduct brut force attack.
- UPS (3)
Ans: It is Also called “Uninterruptible Power Supply” and a backup battery for computer equipment.
- IP Spoofing (4)
Ans: A widely used method is used by an attacker. An attacker uses a “fake” IP such as pretended internal IP to conceal their identity. (3) It can pass through a firewall if it scans policies based on IP only. (1)
QUESTION 6 (25 points)
- Please explain the requirements for a secure network (9 marks)
Ans: Privacy – it should offer a reasonable level of assurance to it users only those are authorized to access resources. (3)
cy – it should offer a reasonable level of assurance to it users only those are authorized to access resources. (3)
– it should offer a reasonable level of assurance to it users only those are authorized to access resources. (3)
– it should offer a reasonable level of assurance to it users only those are authorized to access resources. (3)
it should offer a reasonable level of assurance to it users only those are authorized to access resources. (3)
it should offer a reasonable level of assurance to it users only those are authorized to access resources. (3)
t should offer a reasonable level of assurance to it users only those are authorized to access resources. (3)
should offer a reasonable level of assurance to it users only those are authorized to access resources. (3)
should offer a reasonable level of assurance to it users only those are authorized to access resources. (3)
hould offer a reasonable level of assurance to it users only those are authorized to access resources. (3)
ould offer a reasonable level of assurance to it users only those are authorized to access resources. (3)
uld offer a reasonable level of assurance to it users only those are authorized to access resources. (3)
ld offer a reasonable level of assurance to it users only those are authorized to access resources. (3)
d offer a reasonable level of assurance to it users only those are authorized to access resources. (3)
offer a reasonable level of assurance to it users only those are authorized to access resources. (3)
offer a reasonable level of assurance to it users only those are authorized to access resources. (3)
ffer a reasonable level of assurance to it users only those are authorized to access resources. (3)
fer a reasonable level of assurance to it users only those are authorized to access resources. (3)
er a reasonable level of assurance to it users only those are authorized to access resources. (3)
r a reasonable level of assurance to it users only those are authorized to access resources. (3)
a reasonable level of assurance to it users only those are authorized to access resources. (3)
a reasonable l
nable level of assurance to it users only those are authorized to access resources. (3)
sonable level of assurance to it users only those are authorized to access resources