You are on page 1of 29

1.

a)During the interview for a post as an IT security analyst for a large IT corporation part of the interview process is to write a description of the role of a penetration tester. Provide this description as if you were the interviewee. (13 marks)
A penetration test, occasionally pentest, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders (who do not have an authorized means of accessing the organization's systems) and malicious insiders (who have some level of authorized access). The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities. Security issues uncovered through the penetration test are presented to the system's owner. Effective penetration tests will couple this information with an accurate assessment of the potential impacts to the organization and outline a range of technical and procedural countermeasures to reduce risks. Penetration tests are valuable for several reasons: 1. Determining the feasibility of a particular set of attack vectors 2. Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence 3. Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software 4. Assessing the magnitude of potential business and operational impacts of successful attacks 5. Testing the ability of network defenders to successfully detect and respond to the attacks 6. Providing evidence to support increased investments in security personnel and technology

b)Discuss the importance of having a well-written set of procedures and policies with respect to network security. (4 marks)
Many information policies in small businesses fail because they do not consider the importance of people as a key part of policy. It is not enough to focus on information technology itself. Procedures must be created that respect your employees as they interact with any part of the information systems they are using.

Communications Policies
The core step to implementing a successful information policy is ensuring that staff members understand the steps they are taking as well as the reasons for taking those steps. If the employees believe your information security policies are too restrictive or that they are being treated as if their time and effort are not valued, they will subvert the security system to ease their own workflow.

Password Implementation
Password security policies should be set only as restrictive as they need to be. A password security policy that requires passwords be rotated too often or a policy that complicates passwords (such as requiring mixed case and numerals), can needlessly annoy staff and increase the likelihood of subversion. Staff members may write down their passwords in insecure locations or choose passwords that are too simple because they are unable to remember them.

Physical Access
Computers, networks and other information technology are only as secure as available physical access to them. Nearly any commercial technology can have its security overridden by a knowledgeable person who has the capability to modify its hardware.

Network interactions
Your networks should be separated into public and private zones. Information that is truly private should never have physical connections to the Internet or any other public network. Users that must have a combination of public and private access, such as simultaneous connections to the Internet and to an Intranet, must choose not to copy, or be restricted from copying, files to their local computers.

Encryption
All sensitive documents should be encrypted before they are stored on hard drives or sent over any network. Encryption methods will fail if they are too onerous for your users, therefore your file should be encrypted automatically by the software being used.

c)An organisation does not have adequate and well-written procedures and policies to deal with things like access control, passwords and unauthorised software download and use. Outline some of the problems that the organisation will face and why it will be almost impossible to overcome them. (8 marks)

2.

a)Certain TCP ports are required to be open to allow services to work across a distributed system. Unmanaged open ports can create a number of security threats. Explain what some of these threats are and how they may be mitigated (without closing the system down completely). (8 marks)
Once a hacker finds a computer with open ports they probe further to see if software behind each open port contains buffer overflows, outdated software or misconfigurations. If a hacker finds one of these vulnerabilities they may attack your computer. Here is a partial list of the things a hacker could do to your computer if it has vulnerabilities:

1.

View Your Passwords - If a hacker has access to your computer they

may have access to files stored on your computer where passwords are kept. Sometimes passwords are stored in normal text and sometimes they are encrypted. Either way, a hacker can probably crack the passwords you use on your system so they can continue to access your computer. If you access your company network from home then this becomes especially dangerous. The passwords you type to access your company network may be stored on your home PC. A hacker may be able to break into your corporate network because your home PC was not secure.

2.

Watch Everything You Do - If a hacker installs remote control software

then you are no longer safe. Remote control software allows a hacker to view everything on your computer as you do. If you view your personal banking information on your computer then so does the hacker. Also, remote control software allows a hacker to record keystrokes typed into your computer. So your passwords are no longer safe and should be changed.

3.

Install a Zombie - Zombie software allows a hacker to "make" your

computer attack other computers on the Internet. Once Zombie software is installed on your computer you will not know it is running. If Zombie software were installed on your computer right now you could be attacking the website of a large corporation. The corporation will trace the attack back to your computer and you will plead ignorance. In European countries you are now liable for damages to others if a hacker is using your computer for attack purposes.

4.

Copy Files From Your Hard Drive - If you have network shares set to

READ for the group EVERYONE then a hacker may be able to copy your data. If you have personal accounting data or confidential files on your computer then a hacker may have already copied that data. Accounting software, word processing, spreadsheet, and most applications don't use good password encryption schemes. Most passwords for these applications can be cracked easily.

5.

Copy Files To Your Hard Drive - If you have network shares set to

READ/WRITE for the group EVERYONE then a hacker may be able to copy files to your computer. Why is that a problem? This is how hackers install remote control software. Or they may decide to copy viruses to your computer, or ruin the configuration of your computer,

-Firewall, Block unwanted ports and updating the security patches for software (this will help to block the hacker from attacking on vulnerability in the software through the ports they use), IDS, IPS b)Explain the term port scanning and identify countermeasures that may be used against port scanning techniques. (5 marks)
A basic understanding of port scanning, what it is how it helps an attacker identify open ports and the services running on those ports. Once an attacker has a 'footprint' of an organisation they will move to the second pre-attack phase, scanning. In the scanning phase the attacker will attempt to send probe packets to the target organisations IP address or addresses in an attempt to identify open ports and the services running on those ports. Port scanning is another important part of the process for an attacker as they need to find out what is actually running on these ports so that they can try to identify vulnerabilities. You should also know the terms full connect scan, half-open scan and stealth scan and how scans can be prevented using standard countermeasures firewalls, IDS, IPS etc. For example, if the question were, what is a stealth scan? Your answer would include the following points, A stealth scan is one that effectively does not complete the TCP 3way handshake, instead electing to send the initial SYN and await the response. Should the response from the

target be SYN/ACK, the port is open, if not the port is closed or filtered. The advantage to this type of scan is that it will not be recorded in many application logs as the connection was never made. The bold parts show how to gain the marks for a question as they are making the salient points.

c)What types of activities are considered to be footprinting and why is it such an essential step during the steps to intrusion? (6 marks)
Footprinting can be thought of as the first pre-attack phase during the steps to intrusion. Footprinting is the process of using (mainly) passive systematic intelligence gathering techniques which include a combination of digital and non-digital methods. These include surfing the target organisation website, searching forums, digests, blogs and job websites to identify technical or organisational structures within the target organisation. Non-digital techniques include reading newspapers, magazines, job adverts or any other company literature. Less passive techniques would be anything type of social engineering or perhaps deliberately applying for a job to probe the interviewers about say a technical position and the skills required.

d)Denial of Service (DoS) attacks come in many different shapes and forms. Give a brief outline of two types of DoS attack and why they are so successful. (6 marks)
Ping of death

Ping of death is caused by an attacker deliberately sending a ping packet, normally 64 bytes, that is larger than the 65,535 bytes. Many computer systems cannot handle an IP packet larger than the maximum IP packet size of 65,535, and often causes computer systems crash. It is illegal to send a ping packet of size greater than 65,535, but a packet of such size can be sent if it is fragmented.

When a receiving computer reassembles the packet, a buffer overflow occurs, which often causes computer to crash. This exploit has affected a wide variety of systems including Unix, Linux, Mac, Windows and routers; but the fixes have been applied since 1997 making this exploit mostly historical.
Ping of flood

Ping of flood is caused by an attacker overwhelming the victim's network with ICMP Echo Request (ping) packets. This is a fairly easy attack to perform without extensive network knowledge as many ping utilities support this operation. A flood of ping traffic can consume significant bandwidth on low to mid-speed networks bringing down a network to a crawl.
Smurf Attack

Smurf attach exploits the target by sending repeated ping request to broadcast address of the target network. The ping request packet often uses forged IP address (return address), which is the target site that is to receive the denial of service attack. The result will be lots of ping replies flooding back to the innocent, spoofed host. If number of hosts replying to the ping request is large enough, the network will no longer be able to receive real traffic.
SYN Floods

When establishing a session between TCP client and server, a hand-shaking message exchange occurs between a server and client. A session setup packet contains a SYN field that identifies the sequence in the message exchange. An attacker may send a flood of connection request and do not respond to the replies, which leaves the request packets in the buffer so that legitimate connection request can't be accommodated.

3. a)What does the CIA triangle mean and how does this model fit with the principles of information/computer security that we understand? (8 marks)
CIA is confidentiality, integrity and availability.

Confidentiality
Confidentiality refers to limiting information access and disclosure to authorized users -- "the right people" -and preventing access by or disclosure to unauthorized ones -- "the wrong people." Authentication methods like user-IDs and passwords, that uniquely identify data systems' users and control access to data systems' resources, underpin the goal of confidentiality. Confidentiality is related to the broader concept of data privacy -- limiting access to individuals' personal information

Integrity
Integrity refers to the trustworthiness of information resources. It includes the concept of "data integrity" -- namely, that data have not been changed inappropriately, whether by accident or deliberately malign activity. It also includes "origin" or "source integrity" -- that is, that the data actually came from the person or entity you think it did, rather than an imposter. Integrity can even include the notion that the person or entity in question entered the right information -- that is, that the information reflected the actual circumstances (in statistics, this is the concept of "validity") and that under the same circumstances would generate identical data (what statisticians call "reliability"). On a more restrictive view, however, integrity of an information system includes only preservation without corruption of whatever was transmitted or entered into the system, right or wrong.

Availability
Availability refers, unsurprisingly, to the availability of information resources. An information system that is not available when you need it is almost as bad as none at all. It may be much worse, depending on how reliant the organization has become on a functioning computer and communications infrastructure. Availability, like other aspects of security, may be affected by purely technical issues (e.g., a malfunctioning part of a computer or communications device), natural phenomena (e.g., wind or water), or human causes (accidental or deliberate). While the relative risks associated with these categories depend on the particular context, the general rule is that humans are the weakest link. (Again, that's why your ability and willingness to use our data systems securely is critical.)

b)There are many techniques used to authenticate messages. With this in mind, discuss the use of message digests in ensuring authenticity. (3 marks)
There are two terms that you should note here hash function and message digest. Hash function is a one way mathematical function applied to a message. Result of the hash function is unique to each message called Message Digest. A message digest is a single large number typically between 128 to 256 bits in length. Thus, we can have up to 2 256different

messages each having

a unique message digest associated with it. This gives rise to almost an incalculable figure. We can safely assume that each different message that can possibly be typed would have a unique message digest on

applying a hash function. A hash function is said to be one way because we cannot go back to the original text on applying the hash function to a message digest. Basically, the concept of hash function and message digest is used to confirm the integrity of a message.

c)What is the difference between message integrity and non-repudiation and is it sensible to compare them? (4 marks)
The message integrity is the validity of a transmitted message. It deals with methods that ensure that the contents of a message have not been tampered with and altered. The most common approach is to use a one-way hash function that combines all the bytes in the message with a secret key and produces a message digest that is impossible to reverse. Integrity checking is one component of an information security program. Neither authentication nor integrity protections prevent replay attacks. A malicious user can capture a signed and encrypted message and post it multiple times. Therefore a party can repudiate having sent the same message multiple times. Making each message unique using timestamps and/or nonce addresses this and is therefore used for nonrepudiation in combination with signing and encryption.

d)There are many alternatives to current IT systems that utilise passwords as the only type of access mechanism. Discuss some of the alternatives to using passwords and provide a justification for one in particular to be used to replace a password only system. (10 marks) Section B 4. a)Describe a system that can facilitate a private network over public infrastructure. Your description should include the advantages and disadvantages of such a system. A diagram should be used in order to aid your description.

(9 marks)

A Virtual Private Network (VPN) is a network technology that creates a secure network connection over a public network such as the Internet or a private network owned by a service provider.
Advantages of VPN

The Low Cost One way a VPN lowers costs is by eliminating the need for expensive long-distance leased lines. With VPNs, an organization needs only a relatively short dedicated connection to the service provider. This connection could be a local leased line (much less expensive than a long-distance one), or it could be a local broadband connection such as DSL service. Another way VPNs reduce costs is by lessening the need for long-distance telephone charges for remote access. Recall that to provide remote access service, VPN clients need only call into the nearest service provider's access point. In some cases this may require a long distance call, but in many cases a local call will suffice. A third, more subtle way that VPNs may lower costs is through offloading of the support burden. With VPNs, the service provider rather than the organization must support dial-up access for example. Service providers can in theory charge much less for their support than it costs a company internally because the public provider's cost is shared amongst potentially thousands of customers.

Scalability and VPNs The cost to an organization of traditional leased lines may be reasonable at first but can increase exponentially as the organization grows. A company with two branch offices, for example, can deploy just one dedicated line to connect the two locations. If a third branch office needs to come online, just two additional lines will be required to directly connect that location to the other two. However, as an organization grows and more companies must be added to the network, the number of leased lines required increases dramatically. Four branch offices require six lines for full connectivity, five offices require ten lines, and so on. Mathematicans call this phenomenon a combinatorial explosion, and in a traditional WAN this explosion limits the flexibility for growth.

VPNs that utilize the Internet avoid this problem by simply tapping into the geographicallydistributed access already available. Disadvantages of VPNs With the hype that has surrounded VPNs historically, the potential pitfalls or "weak spots" in the VPN model can be easy to forget. These four concerns with VPN solutions are often raised. 1. VPNs require an in-depth understanding of public network security issues and proper deployment of precautions. 2. The availability and performance of an organization's wide-area VPN (over the Internet in particular) depends on factors largely outside of their control. 3. VPN technologies from different vendors may not work well together due to immature standards. 4. VPNs need to accomodate protocols other than IP and existing ("legacy") internal network technology. Generally speaking, these four factors comprise the "hidden costs" of a VPN solution. Whereas VPN advocates tout cost savings as the primary advantage of this technology, detractors cite hidden costs as the primary disadvantage of VPNs.

b)Illustrate how a system, as described above, can be implemented using IPsec. A diagram should be used in order to aid your description. (9 marks) c)What is an Access Control List? Provide an example of an extended ACL. (4 marks)
The Cisco Access Control List (ACL) is are used for filtering traffic based on a given filtering criteria on a router or switch interface. Based on the conditions supplied by the ACL, a packet is allowed or blocked from further movement. Extended Access Control Lists: Extended IP ACLs allow you to permit or deny traffic from specific IP addresses to a specific destination IP address and port. It also allows you to have granular control by specifying controls for different types of protocols such as ICMP, TCP, UDP, etc within the ACL statements. Extended

IP ACLs range from 100 to 199. In Cisco IOS Software Release 12.0.1, extended ACLs began to use additional numbers (2000 to 2699). Example of Extended Access Lists : access-list 110 permit tcp 92.128.2.0 0.0.0.255 any eq 80

d)Study the standard ACL below and explain its purpose. Which interface was it applied to and in which direction. Router(config)access-list 99 deny ip 192.168.14.1 0.0.0.255 Router(config)access-list 99 permit any Router(config)int fa0/0 Router(config-if))ip access-group 99 in (3 marks)

5. a)There are two main types of cryptography, describe each briefly before comparing and contrasting them. (9 marks)
Symmetric cryptography uses the same secret (private) key to encrypt and decrypt its data whereas asymmetric uses both a public and private key. Symmetric requires that the secret key be known by the party encrypting the data and the party decrypting the data. Asymmetric allows for distribution of your public key to anyone with which they can encrypt the data they want to send securely and then it can only be decoded by the person having the private key. This eliminates the need of having to give someone the secret key (as with symmetric encryption) and risk having it compromised. The issue with asymmetric is that it is about 1000 times slower than symmetric encryption which makes it impractical when trying to encrypt large amounts of data. Also to get the same security strength as symmetric, asymmetric must use strong a stronger key than symmetric.

b)Argue the advantages of using say DES over PGP for lots of short messages and explain in outline why this is the case. (9 marks)
DES has some basic advantages over asymmetric encryption techniques: DES is well understood algorithm providing a clear picture of Quick processing on the senders machine. Wide availability DES is available for many platforms Can be used to keep data on a network secure. Often accepted by governmental organisations as a standard where DES can and cannot be used.

for encryption Asymmetric encryption in comparison to DES is often: Slower to encrypt messages Not good for large numbers of small messages Not good for small numbers of very large messages

c)Explain how cryptography can help meet more than one of the principles of computer security. (7 marks)
Encryption in this instance providing confidentiality and integrity at the same time . Section A 1. a)What role do port numbers play at the transport layer with respect to the following TCP services: a.Telnet (3) b.HTTP (3)

c.DNS (3) d.SNMP (3) Your answer should cover: 1.how the service operates, 2.what the designated port is for each service, 3.how the source and destination discriminate between multiple conversations from the same source. (3 marks per protocol, 1 mark for each of the points above) (12 marks) b)Why would an attacker footprint an organisation prior to attacking it? (3 marks) Footprinting is the process of using (mainly) passive systematic intelligence gathering techniques which include a combination of digital and non-digital methods. These include surfing the target organisation website, searching forums, digests, blogs and job websites to identify technical or organisational structures within the target organisation. Non-digital techniques include reading newspapers, magazines, job adverts or any other company literature. Less passive techniques would be anything type of social engineering or perhaps deliberately applying for a job to probe the interviewers about say a technical position and the skills required. 2. a)Explain what an amplification attack is and give an example of such an attack including how it works and countermeasures that can be put in place against it. (12 marks) b)Define the term SQL injection and provide a simple example such an attack. (7 marks) c)Why might an attacker try to telnet to a URL even when they have no intention of breaking into the system this way?

(6 marks)

3. a)What does the CIA triangle mean and what mechanisms can be used to enforce them? (10 marks)

b)With respect to the following attacks, briefly describe each of the following before providing a contemporary example: i. Buffer Overflow Attack (5) ii. Denial of Service Attack (5) iii. XSS Attack (5) (15 marks) Section B 4. a)Provide a brief description of the Computer Misuse Act 1990. For each of the three sections, provide an example of an activity that would breach this legislation. (9 marks) b)Why is patching so important in terms of operating systems? (2 marks) c)How might a hacker find out what rules are in place in a firewall?

(3 marks) d)Compare and contrast a NIDS to a host based IDS. (11 marks) 5. a)What are the two main types of cryptography? What are the advantages and disadvantages of both? (11 marks) b)Wired networks are 'generally' considered to be more secure that wireless networks. Why is this the case. (2 marks) c)Two commonly used security protocols for WiFi are WEP and WPA. Describe each protocol before highlighting any known vulnerability there may be in it. (You are not expected to discuss complex algorithmic or cryptographic issues, merely to provide a brief outline of how the vulnerability affects the protocol.) (12 marks)

Section A

1. a)During the interview for a post as a IT security analyst for a large IT corporation. Part of the interview process is to write a description of the steps to intrusion. Provide this description as if you were the interviewee. (13 marks) b)Discuss the importance of a well-written Acceptable Use Policy as a technique in the pursuit of network security. (4 marks) c)If the Acceptable Use Policy defines policy, what technical mechanisms are used to enforce the policy? (8 marks)

2. a)Umanaged TCP ports can create a number of security threats. Explain what some of these threats are and how they may be mitigated. (8 marks) b)Examine the output from the scanning tool shown in Figure 1 and describe what services are running and what security implications these may have for this particular network.

Figure 1. Output of Scanning Tool (7 marks)

c)Footprinting is considered to be the most challenging but possibly the most important step during an attempt to carry out an intrusion. Critically discuss the above statement. (6 marks) d)Review the impact of the February 2007 attack on Internet DNS Root Servers. What would be the impact on the Internet if all 13 DNS Root Servers were brought down by a DoS attack? (4 marks)

3.

a)What are the three principles of computer security and what mechanisms can be used in achieving these principles? (10 marks) b)Explain the role of a digital signature in information security. (3 marks) c)What is the difference between Authentication and Identification? (2 marks)

d)You are requested to write a report on password only security systems for your IT Security Manager (with a view to replacing them with something more secure). Compare and contrast the alternatives to password only systems and select what you think is most feasible as a replacement. (10 marks) Section B

4. a)Describe how a Virtual Private Network (VPN) can be implemented using Secure Socket Layer\ Transport Layer Security (SSL\TLS). A diagram should be used in order to aid your description. (9 marks) b)Illustrate how a VPN, as described above, can be implemented using IPSec. A diagram should be used in order to aid your description. (9 marks) c)What is an Access Control List? Provide an example of a standard ACL.

(2 marks) d)Study the extended ACL below and explain its purpose. access-list 101 permit tcp 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0 eq 80 access-list 101 permit tcp 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0 eq 443 access-list 101 deny ip 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0 (5 marks) 5. a)Compare and contrast symmetric and asymmetric cryptography. (10 marks) b)Argue some of the advantages of using DES encryption over asymmetric encryption. (10 marks) c)Cryptography is generally considered to be the broadest security technique available. Explain what this statement means with respect to the principles of information security. (5 marks)

Section A 1. a)During the interview for a post as an IT security analyst for a large IT corporation part of the interview process is to write a description of the role of a penetration tester. Provide this description as if you were the interviewee. (13 marks)

b)Discuss the importance of having a well-written set of procedures and policies with respect to network security. (4 marks) c)An organisation does not have adequate and well-written procedures and policies to deal with things like access control, passwords and unauthorised software download and use. Outline some of the problems that the organisation will face and explain why it will be almost impossible to overcome them. (8 marks)

2. a)Unmanaged open ports can create a number of security threats. What are some of these threats are and how might they may be mitigated? (11 marks) b)Critically discuss the term port scanning and identify countermeasures that may be used against port scanning.

(9 marks) c)Escalation of privileges during an attack is a commonly used technique. Explain what this means and why an attacker would wish to escalate privileges. (5 marks)

3. a)What does the CIA triangle mean and how does this model fit with the principles of information/computer security that we understand? (10 marks)

b)Briefly describe the following computer access systems before comparing and contrasting them: secure token , biometric, multi-modal biometric and hybrid. (15 marks) Section B 4. a)Describe the UK legislation that prevents unauthorised access to computer systems. Give examples of activities that would breach this legislation. (9 marks) b)Discuss the importance of keeping an operating system patched with up-to-date security patches. (2 marks) c)What is the specific technique that a hacker may use to find out what rules are in place in a firewall? (3 marks) d)Critically discuss NIDS (Network Based Intrusion Detection Systems). (11 marks)

5. a)There are two main types of cryptography, describe each briefly before comparing and contrasting them. (10 marks)

b)Critically discuss 'codes' as a system for protecting systems as opposed to a cipherbased security system. (10 marks) c)Explain how cryptography can help meet more than one of the principles of computer security. (5 marks) 1. a)Write a description of the role of a penetration tester. Give consideration to the types of thing that a penetration tester will be able to do steps to intrusion etc (13 marks) b)Discuss the importance of having a well-written set of procedures and policies with respect to network security. An example may be an Acceptable Use Policy (AUP). (4 marks) c)Outline some of the problems that an organisation will face if it does not have adequate and well-written procedures and policies to deal with things like access control, passwords and unauthorised software download and use. Explain why it will be almost impossible to overcome them. (8 marks) 2. a)What are some of the threats posed by unmanaged ports and how might they may be mitigated? (11 marks) b)What is port scanning and how can you prevent attackers scanning your network.

(9 marks) c)Explain what it means to escalate privileges during an attack and why an attacker would wish to escalate privileges. (5 marks)

3. a)Describe in detail what is meant by the CIA triangle. (10 marks)

b)Briefly describe four computer access systems before comparing and contrasting them. (15 marks) Section B 4. a)The CMA 1990 prevents unauthorised access to a computer system. Describe this Act and give some examples of activities would breach this legislation. (9 marks) b)Why is patching an operating system such an important job? (2 marks) c)Explain what it means to carry out firewalking? (3 marks) d)What is a NIDS (Network Based Intrusion Detection Systems)? How does it work?

(11 marks)

5. a)Compare and contrast the two main types of cryptography. (10 marks) b)When might a code be a better choice than a cipher? Compare and contrast codes and ciphers. (10 marks) c)How many principles of computer security can cryptography can help meet? (5 marks)

1. a)How would you describe the four steps to intrusion to a non-technical manager? (12 marks) b)Describe why a poorly written on non-existent Acceptable Use Policy will cause a major problem for security. (6 marks) c)The Acceptable Use Policy defines policy, how is this policy therefore enforced? (7 marks)

2. a)Ports are an essential part of the way TCP works. Explain how ports facilitate different communications for a single IP address. (8 marks) b)Examine the output from the scanning tool shown in Figure 1 and describe what services are running and what security implications these may have for this particular network.

Figure 1. Output of Scanning Tool

(7 marks)

c)Footprinting is considered to be the perhaps the most important step of intrusion. Why is this the case? (6 marks)

d)What would be the impact on the Internet if all of the DNS Root Servers had their performance significantly impeded by a DoS attack? (4 marks)

3. a)The three principles of computer security are confidentiality, integrity and availability. Describe each principle and provide an explanation of why trying to ensure one principle can have an adverse affect on another. (10 marks) b)Give an example of a mechanism used to ensure the integrity of information. (3 marks) c)What is the difference between Authentication and Authorisation? (2 marks)

d)There are many techniques that can be used to crack passwords. Provide a description of the different contemporary techniques an tools that may be used crack passwords. (10 marks) Section B

4. a)What exactly is a VPN and under what circumstances would an organisation decide to implement a VPN? (9 marks)

b)Give examples of two different technologies that can be used to implement a VPN. (9 marks) c)Explain the difference between a standard and extended Access Control List (ACL). (2 marks) d)Study the extended ACL below and explain its purpose. access-list 101 deny tcp 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0 eq 23 access-list 101 deny tcp 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0 eq 21 access-list 101 permit ip 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0 (5 marks) 5. a)Give examples of when you may decide to use asymmetric cryptography instead of symmetric cryptography. (10 marks) A system that requires two seperate keys; One to lock (encrypt) and the other to unlock (decrypt). One key will be published (public) and the other will be kept private. It can work in two ways - 1 if the encryption key is public then the system will enable private communication from the sender to the unlocking keys's owner. 2 if the decryption key is public then the system verifies the signature of the documents locked by the private keys owner.

How it works? For example, it is easy to compute the product of two given numbers, but it is computationally much harder to find the two factors given only their product. Given both the product and one of the factors, it is easy to compute the second factor, which demonstrates the fact that the hard direction of the computation can be made easy when access to some secret key is given. The function used, the algorithm, is known universally. This knowledge does not enable the decryption of the message. The only added information that is necessary and sufficient for decryption is the recipient's secret key.

You would use asymetric cryptography over symetric cryptography in several situations. Firstly it offers a greater degree of security when trying to encrypt messages over non private networks. This is due to the fact that the sender that uses the private key does not have to be concerned with keeping the private key secret as this information is not held by them. It is useful with instances like internet banking. If only symetric cryptography were possible then the banks would need to securily hold a vast number of keys. This becomes problematic. However by the use of public keys the bank can select a different key for each session. Only the intended recipent can decrypt the message due to the fact that they will be the only one with the private key required to decrypt the code. The main problem with asymetric cryptography is that compared to standard symetric cryptigrophy it is very slow. Thus unless the information that you need to send it very sensitive then normaly it is best to use standard symetric cryptographic techniques.

b)Argue some of the advantages of using Triple-DES or AES encryption over DES. (10 marks)

DES - Data Encryption Standard. Triple DES applies the Data Encryption Standard three times to each block of data. The original DES was 56 bits, but as technology improved this became suseptable to brute force attacks. Triple DES allowed a simple way of preventing such attacks without the need of designing a new algorithm. Thus the key size is 168 bits. AES - Advanced Encyrption Standard. 192 bits. Assuming a machine could try 255 keys per second it would take 149 trillion years to crack this code rendering brute force attacks useless. DES would take 4.6 billion years. AES advantage over DES is that it can encrypt data at a much faster rate than DES. Another advantage is that AES actualy consumes less memory than DES Both keys are symetric

c)Cryptography is a 'broad' tool that can be used to do more than just keep data confidential. Describe some of these other characteristics. (5 marks) To reduce the size of data that needs to be transfered.

You might also like