User Account

All Pages

Draw a diagram illustrating the network

Assignment Help Computer Network Security
Reference no: EM131658367

Advanced Network Security Assignment

Question 1 - Firewalls

Objective: be able to design packet filtering firewall rules and identify advantages/disadvantages of such firewalls

An educational institute has a single router, referred to as the gatewayR, connecting its internal network to the Internet. The institute has the public address range 142.66.0.0/16 and the gateway router has address 142.66.123.1 on its external interface (referred to as interface ifout). The internal network consists of three subnets:

  • A DMZ, which is attached to interface ifdmz of the gateway router and uses address range 142.66.13.0/24.
  • A small network, referred to as shared, with interface ifin of the gateway router connected to two other routers, referred to as staffR, and studentR. This network has no hosts attached (only three routers) and uses network address 10.4.0.0/16.
  • A staff subnet, which is for use by staff members only, that is attached to the staffR router and uses network address 10.4.10.0/24.
  • A student subnet, which is for use by students only, that is attached to the studentR router and uses network address 10.4.20.0/24.

In summary, there are three routers in the network: the gateway router, and routers for the staff and student subnets. There are four subnets: DMZ, shared, staff, and student. There are three servers in the DMZ that all can accept requests from the Internet:

1. A web server supporting HTTP and HTTPS (IP address is 142.66.13.10)

2. A secure shell server using SSH (IP address is 142.66.13.20), and

3. A SMTP email server (IP address is 142.66.13.30).

Members of the staff and student subnets can access the web server; members of the staff subnet only can access the email server but using IMAP; and internal members (both staff and students) cannot access the SSH server.

The gateway router also runs a stateful packet filtering firewall and performs port address translation. In addition to the DMZ setup as described above, security requirements for the educational institute are:

  • External Internet users cannot access any internal computers (except in DMZ and as stated in other requirements).
  • Staff and students can access websites in the Internet.
  • The SSH server in the DMZ can only be accessed by external Internet users from subnets: 31.13.75.0/24 and 23.63.9.0/24.

Considering the above information, answer the following questions:

(a) Draw a diagram illustrating the network. Although there may be many computers in the staff and student subnets, for simplicity you only have to draw three computers in the staff subnet and three computers in the student subnet. Label all computers and router interfaces with IP addresses.

(b) Specify the firewall rules using the format as in the table below. You may add/remove rows as needed. After the table, add an explanation of the rules (why you design the firewall rules the way you did).

(c) When using iptables as firewall software, you can change the default policy using the -P option. Explain the two common default policies, and explain the tradeoffs between the policies.

Question 2 - WiFi Security

Objective: Understanding important challenges with securing WiFi networks

Defense-in-depth is an important principle in network security. Consider you are advising a company in deploying a WiFi network. You advise them to use all of the following security mechanisms to provide defense-in-depth. For each mechanism, give a brief description of the mechanism and how it works, explain the main advantage of the mechanism, and explain the main disadvantage of the mechanism.

(a) WPA

(b) Using antennas, transmit power and AP positioning to control radio range

(c) RADIUS (or similar) authentication

(d) Manual detection of rogue APs

Question 3 - Access Control

Objective: Understand how Linux passwords and access control operates

For this question you must use virtnet (as used in the workshops) to study Linux access control and passwords. This assumes you have already setup and are familiar with virtnet. See Moodle and workshop instructions for information on setting up and using virtnet, and using Linux access control comments.

Your task is to:

1. Create topology 1 in virtnet

2. Create five new users using realistic usernames. Set the passwords to be different except for two users (that is, two users have the same password, the other users have different passwords), however do not use passwords that you use on other systems.

3. View the password information stored for the new users in /etc/passwd and /etc/shadow. Understand the information stored.

4. Create three new groups named student, teacher, and coord (short for coordinators). Allocate the users to groups as follows:

  • User 1: primary group student
  • User 2: primary group student
  • User 3: primary group teacher
  • User 4: primary group coord, also in teacher
  • User 5: primary group is their own (i.e. not in student, teacher or coord).

5. Create the following files and directories for each user. Unless specified, the files/directories can be any name and can contain any content:

  • Both students (User 1 and 2) have directories security, personal and shared in their home directory. All teachers have read-only access to each students security directory (and files within). All users have read/write access to each students shared directory. Only the user can access their personal directory.
  • The coordinator (User 4) has directory security, which has two subdirectories: content and marking. content is read-only by all teachers. marking is only accessible by the user.
  • The remaining teacher (User 3) has directories security and personal. security is editable by teachers and coordinators, while personal is only accessible by the user.
  • Each directory mentioned above should have at least 1 file in it (the name and contents of the file doesn't matter).
  • Every user (including User 5) has a file in their home directory called schedule.txt. This file is readable by everyone.
  • Both students have a file in their home directory called submit.bash and it is executable by the user and coordinator.

6. In addition to the access control rules mentioned above, assume:

  • Every user has read, write permissions on their own files, and full permissions on their own directories.
  • No other user can access the files/directories of other users.
  • If permissions are not covered by the above, then assume the defaults.
  • If there are conflicts in the above, then assume the most restrictive permission.
  • Use only the basic Linux permissions (see example commands below). Do NOT use advanced permissions such as with setfacl or getfacl.

7. Test that the access control works by logging in as each user and checking they can(not) access the specified files/directories.

Answer the following questions after completing the task.

(a) Submit the following files on Moodle:

a. /etc/passwd named as passwd.txt when you submit

b. /etc/shadow as shadow.txt

c. /etc/group as group.txt

d. The output of the following command as files.txt: sudo sh -c 'ls -lR /home > /home/network/files.txt'

(b) Explain where and how password information is stored in Linux. You should mention the files, formats of storing passwords (e.g. what is stored, how is the information created) and any specific algorithms used.

(c) Explain why it is difficult for an administrator to know if two users use the same password.

(d) If a malicious user obtains the file(s) where password information is stored, and users selected long random passwords, then explain why it is difficult for them to find users' actual passwords.

Question 4 - HTTPS and Certificates

Objective: Learn the steps of deploying a secure web server, as well as the limitations/challenges of digital certificates

For this question you must use virtnet (as used in the workshops) to study HTTPS and certificates. This assumes you have already setup and are familiar with virtnet. See Moodle and workshop instructions for information on setting up and using virtnet, deploying the website, and testing the website.

Your task is to:

  • Create topology 5 in virtnet
  • Deploy the MyUni demo website on the nodes
  • Setup the webserver to support HTTPS, including obtaining a certificate certificate.pem. Make sure you use your name or ID in the certificate (e.g. in the email address field) so that it is unique across the class.
  • Capture traffic from the web browser on node1 to the web server that includes a HTTPS session. Save the file as https.pcap.
  • Test and analyse the HTTPS connection.

Answer the following sub-questions based on above test and analysis.

(a) Submit your certificate certificate.pem and HTTPS traffic capture https.pcap on Moodle.

(b) Explain how the client obtains the certificate of the web server.

(c) Explain how the client verifies the certificate of the web server, and what pre-conditions exist such that the verification is possible.

(d) At the bottom of your certificate there should be a field called "Signature Algorithm", followed by a multi-line random looking hex value. This value is the signature. Explain how the signature is generated. Refer to specific algorithms and information that is used in generating the signature.

(e) In practice, Certificate Authorities must keep their private keys very secure, usually storing them offline in special hardware devices. Explain an attack a malicious user could be perform if they could compromise the CA private key. Use your MyUni website as an example.

Question 5 - Internet Privacy

Objective: Understand the advantages and disadvantages of Internet privacy technologies, including VPNs, and learn about advanced techniques (Tor)

Encryption is commonly used to provide data confidentiality in the Internet: when two hosts communicate, other entities in the path between the two hosts cannot read the data being sent. However encryption on its own does not privacy of who is communicating. Although the other entities cannot read the data, they can determine which two hosts are communicating.

Assume you want to have privacy protection while web browsing. Normally, when your client computer sends a HTTP GET request to a web server, the IP address of both your client computer (C) and the web server (S) are included in the IP header of the packet. Any intermediate node on the path between client and server in the Internet can see the values of C and S, thereby learning who is communicating.

Three common techniques for privacy protection, i.e. hiding both values of C and S from intermediate nodes, in the Internet are:

(a) Web proxies

(b) VPNs

(c) Tor

For each technique, provide the following:

1. An explanation of the technique (you may refer to the diagram)

2. A diagram showing the addresses learnt by a malicious user if the technique is used.

3. A recommendation of who or what this technique is good for. (Consider the advantages of the technique compared to the other techniques, and consider the skills and/or requirements of different users).

4. What a malicious user would need to do to compromise the privacy (i.e. learn both C and S) if the technique was used.

For your diagrams you may use the following simple view of an Internet path where client C is communicating using IPv4 with server S. There are n routers on the path. Assume a malicious user, who wants to know information about who is communicating and when, has access to one of the routers in the path (router Rm), e.g. they can capture packets on that router. Note Rm is not directly attached to the subnets of C or S.

1211_figure.png

You may use the above diagram (or similar a diagram) to illustrate each of the techniques.

Attachment:- Assignment File.rar

Reference no: EM131658367

Questions Cloud

Admission of delaware secretary of state certified documents : Did the admission of the Delaware secretary of state's certified documents at Michels's trial violate his rights under the Sixth Amendment? Why or why not?
Evaluate the economic forces driving change : Evaluate the economic forces driving change in the U.S. healthcare industry.
Describe your price elasticities for given products : Describe your price elasticities for such products and discuss the movement of your demand for such a good when the price of that good rises.
Combination mayonnaise and salsa sauce : The Heinz-Kraft corporation (hereafter H-K) is working to introduce Amazing Salsa (AS), a combination mayonnaise and salsa sauce that is expected to take the U
Draw a diagram illustrating the network : COIT20262 - Advanced Network Security Assignment. Objective: be able to design packet filtering firewall rules and identify advantages/disadvantages
Describe the strategic leadership process : Describe the strategic leadership process and why strategic strategies are of essence when building an organizational
What are his consumption quantities after the price change : What are his utility maximizing consumption quantities after the price change? What are his consumption quantities after this price change?
Organization that uses empowered management : Why is trust so important in an organization that uses empowered management? Max words = 15 max
Market quickly with a new finish on its ski boards : Ski? Boards, Inc., wants to enter the market quickly with a new finish on its ski boards.

Reviews

len1658367

9/26/2017 2:51:24 AM

Australian student, make sure that the assignment is dont according to criteria. I need all correct answers. Please make sure that ....Academic references........ and intext citations. This is an individual assignment, and it is expected students answer the questions themselves. Discussion of approaches to solving questions is allowed (and encouraged), however each student should develop and write-up their own answers.

len1658367

9/26/2017 2:51:16 AM

Do not exchange files (reports, captures, diagrams) with other students. Complete tasks with virtnet yourself – do not use results from another student. Draw your own diagrams. Do not use diagrams from other sources (Internet, textbooks) or from other students. Write your own explanations. In some cases, students may arrive at the same numerical answer, however their explanation of the answer should always be their own. Do not copy text from websites or textbooks. During research you should read and understand what others have written, and then write in your own words.

len1658367

9/26/2017 2:51:07 AM

Marking Scheme question 1 - (a) 3 marks if correct network is drawn and labelled. 2 marks if some mistakes in location of nodes or links, or allocation of addresses. 0 or 1 mark if multiple mistakes. (b) If all necessary rules are included, and no unnecessary rules are included, you will receive 4 marks. 0.5 mark will be deducted for an incorrect rule or incorrect explanation of the rule. 0.5 mark will be deducted for a missing rule. 0.5 mark will be deducted for a rule that is included but not needed. The explanation will only be considered if the rules appear wrong or inappropriate.(c) 2 marks if explanation of both policies is clear and advantages/disadvantages are given. 1 mark if unclear or one advantage/disadvantage wrong/missing.

len1658367

9/26/2017 2:50:57 AM

Marking Scheme questions 2 - For each part 2 marks: 1 mark if demonstrate a good understanding of the approach with clear and correct descriptions; 0.5 mark for each correct/clear advantage and disadvantage. Marking Scheme question 3 - (a) The files submitted must contain relevant information: 1 mark each for passwd, shadow and group. 5 marks for file.txt, where marks are allocated based on the required permission settings. (b) 2 marks for listing all correct files, formats and algorithms. 0.5 mark will be deducted for each item missing or wrong. (c) 1 mark for a clear and correct explantion. (d) 1 mark for a clear and correct explantion.

len1658367

9/26/2017 2:50:48 AM

Marking Scheme question4 - (a) 3 marks if a correct/unique certificate is submitted; 3 marks if a correct/unique capture containing HTTPS packets is submitted. (b) Clear and accurate explanation: 1 mark. (c) Clear and accurate explanation: 1 mark; explanation of pre-conditions: 1 mark. (d) All correct information given: 2 marks. Minor mistake: 1 mark. Multiple mistakes: 0 marks. (e) Clear and accurate explanation: 1 mark. Marking Scheme questions 5 - (a) For each technique: 1 mark for the explanation and diagram; 1 mark for the recommendation; and 1 mark for how to compromise.

Write a Review

Computer Network Security Questions & Answers

  What are the pros and cons of each method

What are the pros and cons of each method? If you are the security officer of your company and want to set up a key distribution mechanism, which one would you choose to use?

  When did the bulk of the data get transmitted

When did the bulk of the data get transmitted? What caused this transmission spike? Were any ISP sites accessed? If so which ones? What accounts?

  How the database and web services can be protected

Study how the database and web services can be protected against unauthorized use while maintaining access for authorized users by using firewall and VPN techniques

  Explain a technique used by hackers to cover their tracks

describe a technique used by hackers to cover their tracks after a network attack. this may take a little bit of

  How many intermediate authorities do they employ

How many intermediate authorities do they employ? How many certificates have they signed? Do not limit yourself to these questions, but provide a thorough overview of how the CA is run.

  Define cybersecurity as an organizational strategy

Prepare a short paper of approximately 8-12 ( double spaced)pages investigating the strategic impact of cybersecurity in the organization with a special focus on its ethical and legal implications.

  What is cryptanalysis

What is cryptanalysis. Give an example of a cryptanalytic problem. Describe the components of a digital stream cipher.

  Should copyright laws protect musical compositions

Which is more likely to be effective in protecting intellectual property in digital media such as CDs and DVDs: tougher copyright laws or new technologies incorporating more sophisticated anti-copying measures? Or is it hopeless to try to protect ..

  Technical versus soft skills

Suppose that there is some consensus with basic premise that most skills can be learnt, which would you expect to be the more productive task,

  Targets of security breaches can be larger-smaller companies

Study three recent information security breaches. Do the key targets appear to be larger or smaller companies? Is there particular industry which appears predominately targeted?

  Prepare analysis of the interconnectedness of cybersecurity

Prepare a paper highlighting the threat that China poses to the United States as regards Cyberwar and theft of Intellectual Property (IP). The student should identify the key issues and recommend an effective strategy for US policy makers.

  Explain digital computing/networking in major organizations

Identify and discuss at least three major evolutionary steps in digital computing/networking experienced in major organizations. If possible, provide such insight regarding your current or former organization.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd