THE BCS PROFESSIONAL EXAMINATIONS BCS Level 6 Professional Graduate Diploma in IT April 2009 EXAMINERS' REPORT Network Information Systems General Comments Last year examiners report a good pass rate with many candidates clearly well prepared and able to demonstrate their knowledge. Unfortunately this year the pass rate dropped to 65%, due to some 17% of candidates scoring 20% or less. Approximately 16% of candidates obtained around 30% and with more study should have been able to pass. A few candidates were unable to attempt an answer to 3 questions. For some reason very few candidates attempted questions in part B and 81% of answers were to questions in part A. However a very large majority of candidates who attempted questions from part B obtained high marks. Examiners again stress the need for candidates to study and understand the syllabus and in addition to test themselves on past papers using the answer pointers given in examiners reports to compare their answers with those expected by the examiners. Weak candidates identify a question on which they feel they may be able to obtain a few marks by offering very general points on the subject. On this paper question A1 is a good example (see examiners comments below). Question A1 Section A For each of the following describe why the technique is used and also describe a real world example clearly demonstrating the use of the technique. In each case also identify any weakness which could lead to a security risk: a) Public key encryption (6 marks) b) Message digest (6 marks) c) Digital signature (6 marks) d) Digital server certificate (7 marks) Answer Pointers Public key encryption requires two keys which are based on large prime numbers. The encryption and decryption is asymmetric. Data encrypted with the public key can only be decrypted with the secret key and vice versa. Usage message exchange C=PS1(PP2(M)), M=PP2(PS1(C)) The secret key should be kept secret. The public key needs to be widely known and it is important that others trust the public key to be genuine. Need to assume that secret key is secret and the public key is genuine to guarantee security. Key exchange mechanisms can be used to obtain public keys. (6) A message digest is a one way hashing algorithm, such as MD5. The algorithm produces a fixed length hash from any data source. The hash is statistically unique so that a slight modification to the data produces a completely different hash. Usage to check that a downloaded file wasn't corrupted in transit. Need to use a reliable algorithm. MD5 has been proven to have collisions (6) A Digital signature is a message digest which has been encrypted with the data originator's secret key. It requires the public key to decrypt the message digest and validate the data. Usage ensures that the messages digest comes from the data originator and not some third party who has modified the data. Requires a genuine public key which has a secure secret key (6)
A Digital server certificate is the public key of a server with some identification information which includes the server's FQDN. The whole certificate has a digital signature, created by a trusted third party certificate authority (CA), to validate it. Users of certificates have the public keys, themselves as part of certificates, of trusted CA s so the digital signature can be validated. Usage to obtain and validate a genuine copy of a server's public key to establish SSL connection to a trusted server. Certificate needs to be in date, signed by a trusted CA to be genuine. CA s do little checking to validate server.(7) Examiners Comments Almost all candidates attempted this question, however just over half reached a pass standard.. Many answers described the technical aspects of the technologies but didn't describe a real world example which clearly demonstrated the technique. Few answers mentioned the issue that public keys need to be genuine and key exchange mechanisms can be used to obtain public keys. Those that demonstrated knowledge by giving advantages and disadvantages were awarded marks. None of the answers mentioned the integrity of hashing algorithms, MD5 has been seriously compromised and should no longer be used. None of the answers discussed the integrity of certificate authorities (CA) and that CA s often do very few, if any, checks that the organisation to whom they issue a certificate are the actual organisation and not an impostor. Question A2 A company provides a Web and email hosting service to external customers. The company needs to configure its email server so that customers can freely receive and send email. The company must ensure the email server is not an open relay which could be abused by those who send out spam emails. a) Describe each of the following email receiving mechanisms, describing their relative strengths and weaknesses. Make a recommendation of the best solution. i) POP and POPS. (4 marks) ii) IMAP and IMAPS. (4 marks) iii) Webmail. (4 marks) b) Describe each of the following email sending mechanisms, describing their relative strengths and weaknesses. Make a recommendation of the best solution. i) POP before send. (4 marks) ii) TLS with client certificates. (5 marks) iii) Webmail. (4 marks) Answer Pointers a) POP is the Post Office Protocol, POPS is POP over SSL. It allows email to be downloaded from a server as headers, full messages or in bulk. It does not allow mail folders. IMAP is the Internet Message Access Protocol, IMAPS is IMAP over SSL. It allows email on a server to be managed from a client. It allows email folders. Webmail uses a set of web pages which typically connect to a POP or IMAP server and an SMTP server. It uses a user name and password to log in. It is the best solution as it usually accesses a local POP/IMAP and SMTP server. b) POP before send requires the user to collect mail via a POP3 server. This then gives temporary (typically 5 minutes) access to the SMTP server for sending mail from a remote address. TLS uses encryption to access the SMTP server. The client has a certificate which contains the public key of the server. The TLS SMTP server has the private key and can validate the client. Webmail has access to a local SMTP server and does not require the SMTP server to relay.
Examiners Comments About 70% of candidates attempted this question, however less than 50% obtained a pass for the following reasons. It was clear that most candidates had not read, thought about the question, and then applied their answers to the question. Specifically very few answers mentioned stopping spam. Very few marks were awarded for section b) as a result of this. Most answers correctly described the use of POP and IMAP to retrieve mail remotely. Marks were lost for not stating that POPS and IMAPS are POP and IMAP over SSL. There were few correct answers which described Webmail as Web content over HTTP or HTTPS which act as an interface to local POP/IMAP and SMTP servers. There were no correct answers for POP before send. This mechanism allows users to relay off an SMTP server to send mail for a short time after successfully authenticating and retrieving mail from a POP server. There were no correct answers to TLS with client certificates. This makes use of certificates which identify a client and which are signed with the mail server's private key. When a client successfully authenticates with a mail server using the certificate it is allowed to send mail by relaying. A small number of answers correctly stated that Webmail gets around the relaying problem by sending mail to a local SMTP server. Question A3 A media company needs to implement a network to meet organisational needs. The company uses two remote data centres which house the high volume Web and database servers. The Web servers are connected to the Internet and the database servers are connected to the Web servers via a LAN which is located in the data centres. There is no direct connection between the data centres and the company offices other than via the Internet. The company has a sales department whose employees need email and Internet Web browsing access. There is also an IT department whose employees need to remotely administer the Web and database servers located in the data centres. They also require email and Internet Web browsing. The company employees should not be able to access social Web sites such as Facebook. Every employee has a PC workstation running Windows. All servers and active network switching components have to be PCs running Linux and Open Source software packages. a) Design a network topology which will meet the company's needs. Draw a diagram of your solution which clearly identifies any network hardware and software components which would be required to implement your solution. Give IP addresses to each subnet, computer and switching component. (20 marks) b) For each hardware and software component which is required to implement your solution, describe its function and justify why it is required. (5 marks) Answer Pointers LAN in data centre 1 connecting web and database servers using 10.1.0.0/16, web servers have external IP (2) LAN in data centre 2 connecting web and database servers using 10.2.0.0/16, web servers have external IP (2) Backbone LAN using 10.10.1.0/24 (2) LAN for sales staff using 10.10.2.0/24 (2) LAN for developers using 10.10.3.0/24 (2) Linux router connecting external IP to backbone 10.10.1.1, 2 WAN VPN links to data centres using openvpn. (4) Runs Squid proxy and sendmail SMTP, firewall rules (2) Linux router 10.10.1.2 & 10.10.2.254 (2) Linux router 10.10.1.3 & 10.10.3.254 (2) VPN software openvpn required to link office LANs to data centre LANs across the internet securely (2) Proxy server squid required to limit web access (1)
SMTP server sendmail/qmail/exim required to send and receive email (1) Linux firewall rules to protect network and limit external access (1). Examiners Comments About 70% of candidates attempted this question with some 60% reaching a pass standard. Again, many candidates had not read and thought about the question before attempting an answer. Most answers to part a) produced a good IP address annotated diagram of the network topology. Marks were lost due to not adding IP addresses to the diagram. Very few answers mentioned the use of a VPN link between sites. Very few answers mentioned the use of a backbone subnet to connect the other LANs together. Many candidates did not mention a proxy server for Web browsing. Part b) answers were very poor. The question asked for the software and hardware components to be described and justified. Very few candidates were able to answer this important part of the question. The expected answers could have included Squid proxy server, Linux firewall rules, Openvpn etc.
Section B Question B4 The Network File System (NFS), developed by a major market leader, has been widely adopted in industry and in academic environments since its introduction in the mid 80 s. a) Figure 1 below shows local and remote file systems accessible on an NFS client. Explain the following five design goals and comment on the extent to which they have been achieved. Access transparency. Location transparency. Failure transparency. Performance transparency. Migration transparency. (15 marks) Figure 1: Local and remote file systems accessible on a NFS client b) The software architecture of NFS clients and servers are shown in figure 2 below. The components of NFS concerned with the mounting of remote file systems are not shown. Processes using NFS are referred to here as user level client processes in order to distinguish them from NFS client module which resides in the UNIX kernel on each client computer. Describe the communication operations involved in this architecture. (10 marks) Figure 2: NFS Software architecture
Answer Pointers a) Access transparency: the NFS client module provides an application programming interface to local processes that is identical to the local op sys interface. Location transparency: Each client establishes a file name space by adding remote file systems to its local name space. Failure transparency: the NFS service is stateless and most of the operations file access protocol are repeatable. Performance transparency: both client and server employ caching to achieve satisfactory performance. The client module maintains a local catch of blocks from remote files, directories and file attribute data. Migration transparency: there is a separate service, the mount service, that supports the mounting of remote file systems in the client s local file name space. b) The NFS client and server modules communicate using remote procedure calls. A port mapper service is included to enable clients to bind to services in a given host by name. Encryption of RPC messages can be specified as an optional security feature but the RPC interface to NFS server is open. NFS client and server modules are operating system independent. Examiners Comments Around half the candidates attempted this question and around 90% reached a pass standard with one candidate obtaining 96%. The question was designed to test both the theoretical principles (part a) and operational details (part b) of network file systems. Part a) required knowledge of principles and design goals with reference to transparency for: Access, Location, Failure, Performance and Migration. Unfortunately some candidates attempted only a few of the 5 transparency aspects and gained very few marks. Some attempted to answer the question by providing a mixture of theory and operational details more appropriate to Part b). Most, however, managed to address the issues quite well and gained reasonable marks. Part b) was on the whole well answered, with a high proportion gaining 6 or 7 of the 10 marks available. However, some candidates did not answer part b) at all, and some provided incomplete answers. Question B5 a) Regardless of the application, a replica manager contains the following five main state components which are kept in main memory: i) Value, ii) Value timestamp, iii) Update log, iv) Replica timestamp, v) Identifiers of executed calls. With reference to figure 3 below, explain the function of each of these five states and comment on how they are affected by the update operations carried out by the replica manager. (15 marks)
Figure-3: A Gossip replica manager Answer Pointers b) The replica managers are numbered serially 1,2,3.. and the i-th element of a vector timestamp held by replica manager i corresponds to the number of updates received from front ends by i. The j-th component (j i) equals the number of updates received by j and propagated to i in 'gossip' messages. So, for example, in a three manager gossip system a value timestamp of (2,4,5) at manager 1 would represent the fact that the value there reflects the first two updates accepted from front ends at manager 1, the first four at manager 2 and the first five at manager 3. Explain how the timestamps are used in the processing of query operations. Assume that a query request q contains a description of the operation and a time stamp q.prev sent by the front end and valuets is the replica's value timestamp. (10 marks) a) i) Value: as maintained by replica manager, which is a state machine with an initial value that is continuously updated. ii) Value timestamp: is updated when an update operation is done on the value. iii) Update log: replica manger keeps all updates in a log, iv) Replica timestamp: represents the updates accepted by the replica manager, i.e. placed in the manager s log. v) Identifiers of executed calls: the same update may come from a front end or another manager, to stop it from being done twice a list is kept of the identifiers of updates done to the value. Replica manger checks this list before doing a stable update. b) The task of the replica manager is to return a value that is at least as recent q.prev. If valuets is the replica s value timestamp, then q can be applied to the replica s value if q.prev < or = valuets The replica manager keeps q on a list of pending query operations until this condition is satisfied. Once the query can be applied the replica manager returns valuets to the front end as the timestamp new. The front end then merges this with its timestamp: frontendts := merge(frontendts, new).
Examiners Comments Not a popular question, only 5% of candidates made an attempt at an answer with most obtaining sufficient marks to pass. The question was designed to test both understanding of the function (part a) and practical application (part b) of the ideas of replica managers. Part a) required an explanation to demonstrate understanding in terms of executed calls of the state components: Value, Value timestamp, Update log, Replica timestamp, and Identifiers. For Part a) a large proportion of candidates found it difficult to answer the question in to any degree worthy of marks. Comprehension of the elements of the question was a problem. Most, however, managed to gain at least one or two marks by describing or commenting upon one or two of the state components. Part b) was set to test the details of a practical application posed as a general analytical question. This part was not answered particularly well by a few of the candidates who clearly had very little idea of how to proceed with the solution.