Attempt all the problems.

Section-A

problem1) prepare brief notes on the Kerberos.

problem2) Why must an organization have a network security policy? What are the main  concerns in implementation of a network security policy?

problem3)a) What is authentication? Describe password length and password change frequency?

b) describe identity based policy and rule based policy.

problem4) How do you define term Network Security? Describe the function of protocols in designing the Network Security Models. Also, describe the hardware oriented and software oriented approaches to ensure network security.

Section-B

Case Study

Microsoft and the cult of the dead cow: Hacking into Windows NT.

We reach, Nock in San Franscisco’s lower Height after dark. Once inside, our pupils madly dilate as we try to catch the dynamics of this small, dark Cenozoic cave trimmed in airplane fuselage and grunge-clad patronage. Most do not take any notice, except the medusa like young man sporting the stubby remnants of the recently shorn dreadlocks who raises form a floor cushion and extends his hand for a shake. He is Sir Dystic, a hacker with whom I’d had only E-mail contact until now.

“Cool place,” I offer.

“yup.” He gives a wry smile. “Cyber-Flintstones”

Soon seven of us are slugging down room-temperature Guinness’s, which I am buying. They all belong to Cult of Dead Cow, a 13 year old, in your face hacking group whose members are young, rebellious, brilliant, and fed up with mountain of perceived persecutions. They are misunderstood “White hat” good guys. Clueless federal agents are dogging them for no good reason. Privacy. Free speech. You get the picture.
But what they really hate is Microsoft Corporation, which in past year, has become the greatest of hacking targets. “We bring all these huge, gaping holes to their attention, and they don’t listen,” bellows Deth Veggie, a mammoth 24-year-old with rock-star looks.

Microsoft, they say, is more interest in marketing new systems than in securing them. Microsoft is breeding “dumbed-up” systems administrators who are so reliant on friendly, point-and-click interfaces that they fail to set basic security settings. Microsoft, they say, has not learned from past mistakes made-and patched-in the Unix operating system.

“When we find the hold, we share that exploit with rest of the world-and it takes Microsoft a long time to respond,” say 22-year-old Tweetfish.

Hackers have posted source code and techniques of myriad attacks against Microsoft products on World Wide Web sites and bulletin boards. They have got tools to crack passwords on NT and Windows 95 operating systems, and techniques to grab those passwords form LAN managers. Hackers know how to drop the Active X security level from high to none, essentially helping themselves to anything on the machine and network it’s connected to. And the list goes on.

Why Microsoft? Why NT? First, Microsoft is the biggest dog on the porch. Run, no less, by the richest guy on the planet. That’s irresistible to many hackers. Also, compared with Unix, that has been hacked and patched ad nauseam, NT makes for an exciting new playground.

In addition, Windows NT is quickly infiltrating enterprise. Microsoft is shipping more than 100,000 units of NT Version 4.0 every month. According to The Sentry Group, 85 percent of businesses and government agencies in United States would use Windows NT as a desktop platform by next year.

In NT 5.0, Microsoft would introduce three-tiered security architecture. MIT- developed RCF Kerberos authentication would replace LAN Manager setup that hackers find so inviting. In addition, crypto-key infrastructure would be included to support digital certificates which authenticate users who access the system remotely. Furthermore, in NT 5.0, data encryption would be supported, and administrators would have a central point from which to issue certificates and access controls.

Microsoft also maintains the electronic-mail address (secure@microsoft.com) to which anybody could send information about vulnerabilities. In addition, company employees about 300 engineers who work only on security? And they listen to both hackers and customers, according to ED Muth, NT product manager. “We have demanding customers like banks and defence agencies who are not shy about telling use their security desires,” he says.

In any event, the bottom line is that they security problems most hackers ferret out are not having a serious effect on Microsoft’s ability to do business. Corporate America does not seem to spooked about Microsoft security, given speed at which they are deploying Windows NT. And that just keeps hackers hacking away.

Case problems:

problem5)a) Why are hackers like Cult of the Dead Cow hacking into Windows NT?

b) What is Microsoft doing about hacking and the security of Windows NT?

c) Is hacking by the Cult of the Dead Cow and other “white hat” hackers ethical? Why or why not?