Reference no: EM132552260

COMP 30019 Network Security - Middle East College

Learning Outcome 1: Demonstrate an understanding of cryptography and digital signatures

Learning Outcome 2: Demonstrate an understanding of authentication requirements and applications

Learning Outcome 3: Design and Configure Microsoft Forefront Threat Management Gateway and implement network polices

Assignment Objective

Evaluate the students understanding of asymmetric cryptography for data encryption and digital signature. Also the students will evaluate different types of authentication mechanisms and requirements. Moreover, a practical part of designing and implementing TMG based on some security requirements.

Assignment Tasks

Task 1

Secure information and communication techniques derived from mathematical concepts and a set of rule-based calculations called algorithms, to transform messages in ways that are hard to decipher. These deterministic algorithms are used for cryptographic key generation, digital signing, verification to protect data privacy, web browsing on the internet, and confidential communications such as credit card transactions. One of the cryptography types is asymmetric cryptography that is used to provide data confidentiality and non-repudiation. One of the most common algorithm in this type is RSA. Assume the RSA algorithm parameters are ( p = 29, q = 23 and e =17)

a. Explain the process of securing the communication between two parties using asymmetric cryptography.

b. Using the given RSA parameters, Generate your key pairs for asymmetric cryptography.

c. Suppose Ali wants to send you the PIN cod = 124 confidentially. Discuss in details, how to exchange this PIN code by implementing RSA algorithm.

d. Explain how you will use asymmetric cryptography in a digital signature.

e. Critically evaluate the security attacks on asymmetric cryptography.

Task 2

Authentication is element of a typical security model. It is the process of confirming the identification of a user (or in some cases, a machine) that is trying to log on or access resources. There is a number of different authentication mechanisms, but all serve this same purpose.
a. Critically analyze any five user authentication mechanisms.
b. Critically evaluate the security threats for each authentication mechanism.

Task 3:

You are the network administrator for MACRO Company. The company has implemented Microsoft Forefront TMG as a security gateway. The company works 5 days a week (Sunday to Thursday) from 7am to 3pm. The company has the following requirements:

The Company management wants to implement Network Inspection System (NIS). The goal is to enable inspect all networks traffic except the traffic of administration servers, which does not require NIS traffic evaluation. Also, MACRO Company wants to configure intrusion detection system to detect the common attacks and DNS attacks. , UDP bomb and IP half scan attacks and all sorts of DNS attacks.

Implement the following tasks to meet the company's requirements and provide screenshots report for your implementation.

Task 3.a Configure network Inspection System (NIS) as following :

• Configure an exception named ‘admin_YOURNAME' (e.g: admin_ALI) for the NIS with IP addresses 192.168.20.18 to 192.168.20.28.
• Signature should be updated 48 times per a day.
• The NIS should alerting after 10 days if there is no update installed

• Anomaly signature need to be denied.
Task 3.b Configure an intrusion detection System (IDS)as following :

• The IDS should detect for Ping of death, UDP bomb and IP half scan attacks.
• Also it should detect all port scanning attacks whenever the number of attacks exceed 5 for well-known ports and 10 for all other ports.
• The IDS should detect all types of DNS attack.
• The IDS should detect the SYN flood attacks and UDP flood attacks
• The IDS should monitor any attempt of DoS attack
• The IDS should block any IP address that exceed 200 TCP connection

Attachment:- Network Security.rar