User Account

All Pages

Describe how each is countered bya particular feature of ssl

Assignment Help Computer Network Security
Reference no: EM131138295

Problem solving and/or short essays

Question 1. An early attempt to force users to use less-predictable passwords involved computer-supplied passwords. The passwords were eight characters long, taken fromthe character set consisting of lowercase letters and digits. They were created by apseudorandom number generator with 215 possible starting values. Using the technology of the day, the time required to search through all character strings of length 8from a 36-character alphabet was 112 years. Unfortunately, this is not a true reflection of the actual security of the system today. Why?

Explore and explain the problem in detail.

Question 2. Consider user accounts on a system with a Web server configured to provide access touser Web areas. In general, it uses a standard directory name, such as "public_html," in a user's home directory. This acts as their user Web area if it exists. However, toallow the Web server to access the pages in this directory, it must have at least search(execute) access to the user's home directory, read/execute access to the Web directory, and read access to any webpages in it. Consider the interaction of this requirement with the cases you discussed for the preceding problem. What are the consequences of this requirement? Note that a Web server typically executes as a specialuser and in a group that is not shared with most users on the system.

Are there somecircumstances when running such a Web service is simply not appropriate? Explain.

Question 3. A decentralized NIDS is operating with two nodes in the network, monitoring anomalous inflows of traffic. In addition, a central node is present to generate an alarm signal upon receiving input signals from the two distributed nodes. The signatures oftraffic inflow into the two IDS nodes follow one of four patterns: P1, P2, P3, or P4. Thethreat levels are classified by the central node based upon the observed traffic by the two NIDS at a given time, as outlinedin the following table.

Threat Level

Signature

Low

1 P1 + 1 P2

Medium

1 P3+ 1 P4

High

2 P4

If at least one distributed node generates an alarm signal P3at a given time instance, what is the probability that the observed traffic in the network will be classified atthreat level "Medium"?

Question 4. Assume we have an internal Webserver, used only for testing purposes, at IP address 5.6.7.8on our internal corporate network. The packet filter is situated at a chokepointbetween our internal network and the rest of the Internet.

Can such a packet filterblock all attempts by outside hosts to initiate a direct TCP connection to this internal Webserver? If yes, show a packet-filtering ruleset that provides this functionality; if no,explain why a (stateless) packet filter cannot do it.

Note: A ruleset is a list of rules, and the first matching rule determines the actiontaken. A rule is an action followed by a specification of which packets match, for example, droptcp 1.2.3.4:* -> *:25.

Question 5. The BLP model imposes the ss-property and the *-property on every element of b, but does not explicitly state that every entry in M must satisfy the ss-property and the*-property.

a. Explain why it is not strictly necessary to impose the two properties on M.
b. In practice, would you expect a secure design or implementation to impose the two properties on M? Explain.

Question 6. Consider the following threats to Web security, and describe how each is countered bya particular feature of SSL.

a. Man-in-the-middle attack: An attacker interposes during key exchange, acting asthe client to the server and as the server to the client.

b. Password sniffing: Passwords in HTTP or other application traffic are "eavesdropped."

c. IP spoofing: Uses forged IP addresses to fool a host into accepting bogus data.

d. IP hijacking: An active, authenticated connection between two hosts is disrupted, so the attacker can take the place of one of the hosts.

e. SYN flooding: An attacker sends TCP SYN messages to request a connectionbut does not respond to the final message to establish the connection fully. Theattacked TCP module typically leaves the "half-open connection" around for afew minutes. Repeated SYN messages can clog the TCP module.

Question 7. Sensors, analyzers, and user interfaces are three important components of any intrusion detection system. Explain in detail what each component does, what approaches IDS typically use to analyze sensor data, what sensor data can be used for host-based intrusion detection, and what sensor data can be used for network-based intrusion detection.

Question 8. Firewalls play very important roles in computer and network security. Explore and explain in detail the functionalities of different types of firewalls, including those installed on your home computers and home networks (on the router you may have), as well as the protocols used on these firewalls.

Reference no: EM131138295

Questions Cloud

What sustaining technology or technologies it will replace : Describe the characteristics of an IT-dependent strategic initiative that will lead to a sustainable competitive advantage. Please review the attached PPT: "Strategic Information Systems: Summary" for information to assist in your response.
Which type of foundation provide in laterite soil : Which type of foundation provide in laterite soil based upon two storey residential building.
What is the actual wavelength and velocity of a near-infrare : What is the actual wavelength and velocity of a near-infrared beam (0.901um) of light modulated at a frequency of 330 MHz through an atmosphere with a dry bulb temperature,T, of 26 degrees celcius; a relative humidity, H, of 75%, and an atmospheri..
Determine the magnification of the final image formed : Two lenses, one converging with focal length 20.0 cm and one diverging with focal length -10.0 cm are placed 25.0 cm apart. An object is placed 60.0 cm in front of the converging lens.
Describe how each is countered bya particular feature of ssl : Describe how each is countered bya particular feature of SSL - In practice, would you expect a secure design or implementation to impose the two properties on M? Explain.
What achievements you accomplished in this module : Reflect on all the material covered (e.g. readings, learning activities, etc.) throughout this module. Explain your thoughts on which learning experiences influenced your perspectives on IT and why. Additionally, explain what achievements you acco..
Between-homicides data on normal probability plot : Kittlitz (1999) presents data on homicides in Waco, Texas, for the years 1980-1989 (data taken from the Waco Tribune-Herald, December 29, 1989). There were 29 homicides in 1989. The table gives the dates of the 1989 homicides and the number of days b..
Draw an edgeworth box depicting the feasible allocations : Draw an Edgeworth box depicting the feasible allocations of state 1 consumption of m and state 2 consumption.- Identify the ex ante Pareto efficient allocations 1.
How much heat must be absorbed by the cube : A .50kg sample of water is at 15.0C in a calorimeter. A 0.040 block of zinc at 115C is placed in the water. Find the final temperature of the system.

Reviews

Write a Review

Computer Network Security Questions & Answers

  How a company-wide policy program could help the situation

Explain why you think the use of these guidelines and procedures is not sufficient and may not solve the problem. Consider how a company-wide policy program could help the situation.

  Determine the primary security concerns

Determine the primary security concerns regarding the scenario in question. Explain the controls you would implement in order to lessen those concerns.

  Securing of computer forensics evidence

Securing of Computer Forensics Evidence

  What other ways can you track and measure the performance

what other ways can you track amp measure performance of a project other than earned value measurement evm? are some

  Discretionary and mandatory access control

Logic bombs, War dialing, Ping of death attack, steganography, RSA scheme, digital signature, A chain of certificates, A certificate revocation list, A trust anchor, asymmetric algorithm used by PGP, IPSec mode, IP virtual Private Networks

  List the three fundamental security properties

What sorts of protection is provided by the bank to ensure secure online banking? Justify why the bank would use these security measures.

  Describe common security concerns inherent to wired

Describe common security concerns inherent to wired, wireless, and mobile networking.

  What security features given by running special software

What security features could be given without changing mail delivery infrastructure, i.e., by only running special software at source and destination?

  Incremental evaluation of a system

TCB subsets are said to leverage purely hierarchical domains ordered by privilege and explain the relation between these domains and protection rings.

  Nowadays the internet has been very broadly used as a means

nowadays the internet has been very widely used as a means of receiving and processing lots of information which are

  Security issues considered when implementing a wireless lan

What type of security issues need to be considered when implementing a Wireless LAN?

  Social media manager for a vendor management consultancy

Question: What is the problem? What are the main events? Question: Who are the participants and the decision makers influencing the outcome?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd