Ask Question, Ask an Expert

+61-413 786 465

info@mywordsolution.com

Ask Computer Network & Security Expert

Q1.

a. Unlike IP fragmentation (which can be done by intermediate devices), IP reassembly can be done only at the final destination. What problems do you see if IP reassembly is attempted in intermediate devices like routers?

b. Let's assume that Host A (receiver) receives a TCP segment from Host B (sender) with an out-of-order sequence number that is higher than expected as shown in the diagram. Then, what do Host A (receiver) and host B (sender) do?

2. Describe or propose a way to detect ARP spoofing attack. What could be a possible weakness in your proposed method? Please do not discuss any prevention method (e.g., port security is an example of a preventive method).

3. [Wireless LAN Security-WEP] What is the main difference between the FMS attack and Chopchop attack? Clearly explain your answer

4. A huge enterprise decides to use a symmetric encryption to protect routing update messages between its own routers (i.e. entire routing update messages are encrypted by a strong shared symmetric key). They think this will prevent routing table modification attacks. Do you think their decision is appropriate? Do you see any problems or issues with their decision?

5. An ACK scan does not provide information about whether a target machine's ports are open or closed, but rather whether or not access to those ports is being blocked by a firewall. If there is no response or an ICMP "destination unreachable" packet is received as a response, then the port is blocked by a firewall. If the scanned port replies with a RST packet, then ACK packet reached its intended host. So the target port is not being filtered by a firewall. Note, however, that port itself may be open or closed.

Describe at least 2 rules that could be used by Snort to detect an ACK scan. Cleary express your assumption and explain your rules. Do you think Bro can do a better job detecting an ACK scan? Explain your answer.

6. Explain the main difference between SQL injection and XSS attacks.

7. As shown in the above diagram, Kevin, the system admin, installed a text-message sender and a text-message receiver in a Multi-Level-Secure (MLS) environment. In the MLS environment, two security levels exist (i.e., Unclassified (Low) and Classified (High) levels). His goal is to enforce the Bell-La Padula (BLP) access control model in the network. In a nut shell, the BLP model defines two mandatory access control rules:

No Read Up Rule: a subject (Low) at a lower security level must not read an object (High) at a higher security level. Simply, a Low entity cannot have read-access to a High object.

No Write Down Rule: a subject (High) at a higher security level must not write to any object (Low) at a lower security level. Simply, a High entity cannot have a write-access to a Low object.

In this scenario, enforcing the BLP model means no confidential information flows from Classified LAN (High) to Unclassified LAN (Low). However, information can still flow from Unclassified LAN to Classified LAN.

To achieve his goal, he configured both text message sender and receiver as follows:
The text message sender is configured to send a text message to the text message receiver via TCP/IP protocol.
The text message receiver is configured to receive a simple text message from the sender via TCP/IP protocol.
The following IP/port is given to each machine:
Text message sender : 192.168.2.2 and port 9898 is open
Text message receiver: 192.168.3.3 and port 9999 is open
A text message is allowed to be sent only from port 9898 of 192.168.2.2 (sender) host to port 9999 of 192.168.3.3 (receiver) host.

Part A) As you can see from the diagram above, the text message sender and receiver have been compromised by the adversary and the Trojan, respectively. However, the router with Snort IDS installed (router/snort) is securely protected and can be fully trusted.
Write at least 2 efficient Snort rules and at least 5 access control lists which will be implemented on the router/snort to detect or block confidential information leakage from High to Low. Write your rationale for writing your rules and access control lists. For example, if the text message receiver (Trojan at High LAN) attempts to send a text message (confidential information) to the text message sender (the adversary at Low LAN), the attempt will be either blocked by your access control list(s) or detected by your snort rule(s).
At least one access control list must be included.

Hint: Access control lists are discussed in Module 10 and snort rules are covered in Module 7 as well as Lab2. To see more snort options, please refer to chapter 3 of Snort User Manual 2.9.1 by the Snort Project

(link: http://www.snort.org/assets/166/snort_manual.pdf)

Part B) Describe a way for the Trojan to covertly transmit 4 characters (e.g., A, B, C and D) to the adversary without being detected or blocked by your rules and access control lists provided in Part A.

8. [topic: IPsec VPN] What do you think are the advantages & disadvantages of using both AH and ESP protocols on the same end to end IPsec connection (transport mode)? In addition, it is recommended that the ESP protocol should be performed before the AH protocol. Why is this approach recommended rather than authentication (AH) before encryption (ESP)?

Computer Network & Security, Computer Science

  • Category:- Computer Network & Security
  • Reference No.:- M91596973
  • Price:- $50

Priced at Now at $50, Verified Solution

Have any Question?


Related Questions in Computer Network & Security

Question 1 for rsa encryption we need a modulus that is the

Question : 1. For RSA encryption we need a modulus that is the product of two prime numbers, p and q. Assume p = 11 and q = 13, and thus n = p*q = 143. In this case, the RSA encryption exponent e must be relatively prime ...

If a router is attached to a network with a base ip address

If a router is attached to a network with a base IP address of 198.10.0.0/20 and receives a packet addressed to 198.10.10.144, answer the following questions: a. What is the network mask used by the router? (in dotted de ...

Recent tariff actions by president trump include raising

Recent tariff actions by President Trump include raising tariffs and quotas on imports of both manufactured goods like televisions and automobiles and intermediate goods like steel and aluminum sheets. How will the econo ...

Discussion bulldefine a packet analyzer and describe its

Discussion: • Define a packet analyzer and describe its use • List commonly used packet analyzers (beyond WireShark) • List best practices for analyzing packets • Describe uses (good and bad, ie. hacker) of a packetanaly ...

Final project incident response exercise amp reportyour

Final Project: Incident Response Exercise & Report Your Task You have been assigned to work incident clean-up as part of the Sifers-Grayson Blue Team. Your task is to assist in analyzing and documenting the incident desc ...

Describe 2 variables a government will look at to predict

Describe 2 variables a government will look at to predict where the economy will be in the next six months.

Advanced network design assessment - human factors in

Advanced Network Design Assessment - Human factors in network analysis and design Purpose of the assessment - This assignment is designed to assess students' knowledge and skills related to the following learning outcome ...

Suppose alice wants to communicate with bob using symmetric

Suppose Alice wants to communicate with Bob using symmetric key cryptography with a session key KS. They have no public key cryptography and they intend to use a key distribution center (KDC). The KDC is a server that sh ...

A run in a setting is a substring of length at least two as

A run in a setting is a substring of length at least two, as long as possible, and consisting entirely of the same symbol. For instance, the string abbbaab contains a run of b's of length three and a run of a's of length ...

This is from a practical exercise the answers are below but

This is from a practical exercise. The answers are below BUT, I do not know how they came up with them. I'd like a step-by-step explanation of how they got the answers. Practical Exercise 1: Assume the demand for teacher ...

  • 4,153,160 Questions Asked
  • 13,132 Experts
  • 2,558,936 Questions Answered

Ask Experts for help!!

Looking for Assignment Help?

Start excelling in your Courses, Get help with Assignment

Write us your full requirement for evaluation and you will receive response within 20 minutes turnaround time.

Ask Now Help with Problems, Get a Best Answer

Why might a bank avoid the use of interest rate swaps even

Why might a bank avoid the use of interest rate swaps, even when the institution is exposed to significant interest rate

Describe the difference between zero coupon bonds and

Describe the difference between zero coupon bonds and coupon bonds. Under what conditions will a coupon bond sell at a p

Compute the present value of an annuity of 880 per year

Compute the present value of an annuity of $ 880 per year for 16 years, given a discount rate of 6 percent per annum. As

Compute the present value of an 1150 payment made in ten

Compute the present value of an $1,150 payment made in ten years when the discount rate is 12 percent. (Do not round int

Compute the present value of an annuity of 699 per year

Compute the present value of an annuity of $ 699 per year for 19 years, given a discount rate of 6 percent per annum. As