Recent Question/Assignment
Question 2:
Certificates (10 Marks)
A. Because there are multiple certificate authorities (CAs) for the Web PKI it is possible to buy multiple certificates for the same domain signed by different CAs. How would a browser treat these different certificates? (2 marks)
B. ) Suppose that an imposter is able to obtain a certificate for a domain that the imposter doesn’t own. (For example, in January 2001, an imposter tricked VeriSign into signing two certificates for “Microsoft Corporation” to be used for signing new software to be installed.) What sorts of attacks could an imposter pull off once in possession of such “fake” certificates for
i. installing software. (2 marks)
ii. Viewing Web pages (2 marks)
C Typically the public SSH keys used by servers are not signed by any
certificate authority, but the SSH protocol does support checking certificates.
i. Why, in practice, are server certificates rarely signed? (2 marks)
ii. What is the benefit of checking server certificates? (2 marks)
Question 3:
Firewall Rules (10 Marks)
Assume you have the following firewall rules:
Rule
No. Transport
Protocol Source
IP Source
Port Destination
IP Destination
Port Action
1 UDP 0.0.0.0/0 any 129.174.17.180 53 allow
2 TCP 55.66.77.0/24 any 129.174.17/180 22 allow
3 TCP 55.66.77.12 4500 129.174.17/180 22 deny
4 TCP 127.0.0.1 443 129.174.17/180 6000 allow
5 TCP 0.0.0.0/0 any 129.174.17/180 6000 deny
6 UDP 0.0.0.0/0 any 129.174.17/180 32768 deny
7 TCP 0.0.0.0/0 any 129.174.17/180 32769 deny
8 TCP 0.0.0.0/0 any 129.174.17/180 32768 deny
9 TCP 0.0.0.0/0 any 129.174.17/180 80 allow
10 UDP 129.174.16.20 1025 0.0.0.0/0 65535 allow
11 UDP 129.174.20.100 1025 0.0.0.0/0 65535 allow
12 UDP 129.174.18.100 1025 0.0.0.0/0 65535 allow
13 any 0.0.0.0/0 any 0.0.0.0/0 any allow
14 TCP 0.0.0.0/0 any 0.0.0.0/0 any deny
15 UDP 0.0.0.0/0 any 0.0.0.0/0 any deny
16 TCP 0.0.0.0/0 any 129.57.17.180 6000:6010 deny
17 TCP 0.0.0.0/0 any 129.174.17.180 0:1024 deny
18 any 0.0.0.0/0 any 129.174.17.180 any deny
a) Define what a rule conflict is and Identify any conflicts. (5marks)
b) Identify any redundancies and explain which rule would be applied using each of the following 3 matching strategies:
1. FIRST
2. BEST
3. LAST (5 marks)
Question 4:
Firewalls (10 Marks)
a) What is a proxy firewall and how is it different from a network (or transparent) firewall?
(3 marks)
b) What does NAT stand for, and how does the mechanism work? Describe what, if any, security NAT provides (or fails to provide). (4 marks)
c) Where would you place a web server in an organization assuming that you can use a network firewall and why? (3 marks)
Question 4 Marking Criteria
A question that is addressed thoroughly will score full marks – a lesser mark will be awarded if material is missed or the answer is unclear. 0 Marks will be awarded if the answer is copied directly from sources (i.e. isn’t in your own words).
Certificates (10 Marks)
A. Because there are multiple certificate authorities (CAs) for the Web PKI it is possible to buy multiple certificates for the same domain signed by different CAs. How would a browser treat these different certificates? (2 marks)
B. ) Suppose that an imposter is able to obtain a certificate for a domain that the imposter doesn’t own. (For example, in January 2001, an imposter tricked VeriSign into signing two certificates for “Microsoft Corporation” to be used for signing new software to be installed.) What sorts of attacks could an imposter pull off once in possession of such “fake” certificates for
i. installing software. (2 marks)
ii. Viewing Web pages (2 marks)
C Typically the public SSH keys used by servers are not signed by any
certificate authority, but the SSH protocol does support checking certificates.
i. Why, in practice, are server certificates rarely signed? (2 marks)
ii. What is the benefit of checking server certificates? (2 marks)
Question 3:
Firewall Rules (10 Marks)
Assume you have the following firewall rules:
Rule
No. Transport
Protocol Source
IP Source
Port Destination
IP Destination
Port Action
1 UDP 0.0.0.0/0 any 129.174.17.180 53 allow
2 TCP 55.66.77.0/24 any 129.174.17/180 22 allow
3 TCP 55.66.77.12 4500 129.174.17/180 22 deny
4 TCP 127.0.0.1 443 129.174.17/180 6000 allow
5 TCP 0.0.0.0/0 any 129.174.17/180 6000 deny
6 UDP 0.0.0.0/0 any 129.174.17/180 32768 deny
7 TCP 0.0.0.0/0 any 129.174.17/180 32769 deny
8 TCP 0.0.0.0/0 any 129.174.17/180 32768 deny
9 TCP 0.0.0.0/0 any 129.174.17/180 80 allow
10 UDP 129.174.16.20 1025 0.0.0.0/0 65535 allow
11 UDP 129.174.20.100 1025 0.0.0.0/0 65535 allow
12 UDP 129.174.18.100 1025 0.0.0.0/0 65535 allow
13 any 0.0.0.0/0 any 0.0.0.0/0 any allow
14 TCP 0.0.0.0/0 any 0.0.0.0/0 any deny
15 UDP 0.0.0.0/0 any 0.0.0.0/0 any deny
16 TCP 0.0.0.0/0 any 129.57.17.180 6000:6010 deny
17 TCP 0.0.0.0/0 any 129.174.17.180 0:1024 deny
18 any 0.0.0.0/0 any 129.174.17.180 any deny
a) Define what a rule conflict is and Identify any conflicts. (5marks)
b) Identify any redundancies and explain which rule would be applied using each of the following 3 matching strategies:
1. FIRST
2. BEST
3. LAST (5 marks)
Question 4:
Firewalls (10 Marks)
a) What is a proxy firewall and how is it different from a network (or transparent) firewall?
(3 marks)
b) What does NAT stand for, and how does the mechanism work? Describe what, if any, security NAT provides (or fails to provide). (4 marks)
c) Where would you place a web server in an organization assuming that you can use a network firewall and why? (3 marks)
Question 4 Marking Criteria
A question that is addressed thoroughly will score full marks – a lesser mark will be awarded if material is missed or the answer is unclear. 0 Marks will be awarded if the answer is copied directly from sources (i.e. isn’t in your own words).
Looking for answers ?
Recent Questions
Assessment 2: (20%) Case Study Presentation Due Date weeks 10This assessment builds on your theoretical knowledge and tests your ability to apply this knowledge to practice.you are required to formulate...Assessment 2Assessment 2Report: 30%Word count: 1400 – 1600 wordsDue date: Sunday of Week 8DescriptionYou are playing the role of a community service worker supporting a young adult son who is 18 years...1500-1800 wordsInstructions From TutorPlease download the eTask3 spreadsheet from Canvas and save the eTask spread as an Excel file. The main content of the force method is taught in Lectures 6,7&8.eTask3.1 is a...ASSIGNMENT INSTRUCTIONSAssessment Practical assessmentAssessment code: 011Academic Year: 2023/2024Trimester: 2Module Title: Critical Perspectives on Cross-Border BusinessModule Code: MOD009194Level: 6Module...Information Systems Analysis & DesignAssignmentDue date: Week 5 Friday (5 Apr 2024) 11:59 pm AESTWeighting: 30%Length: 1,200 to 1,500 words (penalty will apply if the length is outside this limit)Assessment...Problem:University of Technology Sydney 48353: CONCRETE DESIGN Autumn 2024 - Assignment 2 (13 Marks)The figure illustrates the cross-section of a reinforced concrete column with a hexagonal shape (equal...Show All Questions