ICT318: Implementing security protection using packet filtering router firewalls is a fairly common for all network systems :Network Security Assignment, SUSS, Singapore

Question 1

(a) Assess and comment on the following statements,

(i) “Implementing security protection using packet filtering router firewalls is a fairly common for all network systems but they are not as effective and efficient”.

(ii) “Only either AH (Authentication Header) or ESP (Encapsulating Security Payload) protocol can be implemented in an individual Security Association (SA) but not both. However a particular traffic flow can be provided by both AH and ESP”.

(b) Assess and analyse the email header of an email, using Yahoo mail, Hotmail or otherwise, based on Activity 5 of Study Unit 3, Chapter2.

(i) Provide the steps of how the email header may be read from the chosen email service.

(ii) List and explain TWO (2) MIME headers of your email.

(iii) Authenticated Received Chain (ARC) helps preserve email authentication results and verifies the identity of email intermediaries that forward a message on to its final destination. Identify and explain the three ARC headers.

Question 2

(a) (i) Apply columnar transposition algorithm to the following ciphertext and determine its plaintext:

CGIPPURRSYAFTHNOY

Assume that the key is “ASSESS”, ignoring all spaces.

(ii) Apply Vigenère Square cipher algorithm to the plaintext obtained in Q2(a)(I), using the key, ‘CRYPTO, describe how the resultant ciphertext can be obtained. {Note: Use the Vigenère Square table given below}

(iii) What is the possible weakness of using Vigenère Square method of encryption?

(b) (i) Apply symmetric encryption technique, determine THREE (3) concerns relating to algorithm and keys.

(ii) Apply the use of symmetric and asymmetric cryptosystems, discuss how authentication, integrity and non-repudiation can be provided. You may make use of an appropriate diagram to illustrate your answers.

Question 3

(a) Refer to the following website:  access the SSL test pcap file. Explore the SSL_test pcap file and determine the following:

(i) What is the chosen Cipher Suite and explain how did the server obtain the
Cipher Suite?

(ii) Discuss the main purpose of the Premaster Secret, and identify how it was encrypted.

(iii) Discuss clearly the relationship between Change Cipher Spec and Encrypted Handshake Message.

(b) (i) Go into any browser and open up any web-based (X.509 Version 3) public
certificate. Illustrate by using your chosen certificate and determine the following items:
– the purpose of the certificate and the issuer.
– the public key, the signature algorithm and the issuer’s signature.
– the URL where the CRL list can be found and highlight one of the CRLs (Provide a screen-shot of all these items as part of your illustration)

(ii) Discuss how verification can be done to determine if the public certificate is genuine and came from the correct source. Illustrate your answer by using an appropriate diagram.

Question 4

(a) An intrusion detection system (IDS) can be seen as a device or software application that monitors a network or systems for malicious activity or policy violations.

(i) Examine the difference between threshold detection and profile-based detection used in statistical anomaly detection.

(ii) A small-medium enterprise has set up a computer network system solely for its employees. The employees have working there for a good number of years and are expected to continue working there till their retirement and beyond.

However, the network administrator who is recently employed is relatively new and not so experienced.

– Examine what is the enterprise’s chances of setting up an effective intrusion detection system and why?

– Determine and recommend which detection system would be suitable for the enterprise? Explain your answer.

(b) A cybersecurity consultancy firm has a headquarter (HQ) in Singapore and a branch in Bangkok. The network systems between the Bangkok the HQ linked via Internet.

As the firm is relatively new, you have been asked by your CISO to determine establishing a secured communication between the two networks i.e. HQ Network and Bangkok Network. Confidentiality of the traffic must be provided, including the IP addresses of the sending and receiving devices. All the Internet traffic will flow via the gateways.

You are told that the Server at HQ and the Server at Bangkok hold sensitive data information. The keys to encrypt the data information between these two servers must reside in these machines only. Essentially the firm do not find authentication as an issue.

Apply IPSEC and recommend suitable IPSEC configurations for the company to provide the necessary secured communication. Discuss why you have made these recommendations.

(c) Discuss what are the security services specified by the IEEE 802.11i RSN standard. Illustrate, in your answer, the appropriate security protocols supporting these services