EE 7376: Introduction to Computer Networks. Homework #3: Network Security, Email, Web, DNS, and Network Management. Maximum Points: 60



Similar documents
TLS and SRTP for Skype Connect. Technical Datasheet

, SNMP, Securing the Web: SSL

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Chapter 17. Transport-Level Security

Chapter 7 Transport-Level Security

Network Fundamentals Carnegie Mellon University

Chapter 10. Network Security

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

CS5008: Internet Computing

1. The Web: HTTP; file transfer: FTP; remote login: Telnet; Network News: NNTP; SMTP.

Communications Software. CSE 123b. CSE 123b. Spring Lecture 13: Load Balancing/Content Distribution. Networks (plus some other applications)

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

NETWORK ADMINISTRATION AND SECURITY

Sync Security and Privacy Brief

Chapter 25 Domain Name System Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Homework 2 assignment for ECE374 Posted: 02/20/15 Due: 02/27/15

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Telematics. 13th Tutorial - Application Layer Protocols

Computer Networks - CS132/EECS148 - Spring

Configuring SSL Termination

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Network Security Part II: Standards

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Prof. Sead Muftic Feng Zhang. Lecture 10: Secure Systems

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

Security vulnerabilities in the Internet and possible solutions

SSL Overview for Resellers

Networking Applications

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Is your data safe out there? -A white Paper on Online Security

OPENID AUTHENTICATION SECURITY

Encryption. Administrator Guide

Measurement of the Usage of Several Secure Internet Protocols from Internet Traces

Public Key Infrastructure (PKI)

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

Hushmail Express Password Encryption in Hushmail. Brian Smith Hush Communications

Electronic Mail

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Glossary of Technical Terms Related to IPv6

1 Introduction: Network Applications

CSE/EE 461 Lecture 23

Distributed Systems 19. Content Delivery Networks (CDN) Paul Krzyzanowski

Networking Domain Name System

Internet Security and the Advantages of Different Models

Network Security - ISA 656 Security

Instructions on TLS/SSL Certificates on Yealink Phones

DNS and BIND Primer. Pete Nesbitt linux1.ca. April 2012

Transport Layer Security Protocols

Security: Focus of Control. Authentication

Chapter 6 Electronic Mail Security

Overview. SSL Cryptography Overview CHAPTER 1

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

SSL EXPLAINED SSL EXPLAINED

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Lecture 2 CS An example of a middleware service: DNS Domain Name System

Web Security Considerations

SSL/TLS: The Ugly Truth

Installing, Uninstalling, and Upgrading Service Monitor

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

mod_ssl Cryptographic Techniques

The following multiple-choice post-course assessment will evaluate your knowledge of the skills and concepts taught in Internet Business Associate.

Three attacks in SSL protocol and their solutions

Lightweight DNS for Multipurpose and Multifunctional Devices

SSL Guide. (Secure Socket Layer)

Secure Sockets Layer

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Homework 2 assignment for ECE374 Posted: 02/21/14 Due: 02/28/14

Domain Name System (DNS)

Topics in Network Security

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Overlay Networks. Slides adopted from Prof. Böszörményi, Distributed Systems, Summer 2004.

Chap. 1: Introduction

First Semester Examinations 2011/12 INTERNET PRINCIPLES

Internetworking Microsoft TCP/IP on Microsoft Windows NT 4.0

Computer Networks: Domain Name System

Evolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP Abstract Message Format. The Client/Server model is used:

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0

THE MASTER LIST OF DNS TERMINOLOGY. First Edition

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

The Application Layer. CS158a Chris Pollett May 9, 2007.

Security Protocols and Infrastructures. h_da, Winter Term 2011/2012

DNS at NLnet Labs. Matthijs Mekking

loss-tolerant and time sensitive loss-intolerant and time sensitive loss-intolerant and time insensitive

Environmental Monitoring Unit

Transport Level Security

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

The secret life of a DNS query. Igor Sviridov <sia@nest.org>

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Midterm. Name: Andrew user id:

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

CS 161 Computer Security Spring 2010 Paxson/Wagner MT2

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

Compter Networks Chapter 9: Network Security

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Transcription:

EE 7376: Introduction to Computer Networks Homework #3: Network Security, Email, Web, DNS, and Network Management Maximum Points: 60 1. Network security attacks that have to do with eavesdropping on, or monitoring, transmissions are called passive threats. Whereas, attacks that include the modification of the transmitted data and attempts to gain unauthorized access to computer systems are called active threats. Classify the following threats as either passive or active, and list at least one way to protect from each attack: (6 points) a. Release of message contents/ reading of message contents b. Replay c. Masquerade d. Traffic analysis (on amount of data being transmitted) e. Modification of messages f. Denial of service. 2. Suppose that someone suggests the following way to confirm that the 2 of you are both in possession of the same secret key. You create a random bit string the length the key, and send the result over the channel. Your partner XORs the incoming block with the key (which should be the same as your key) and sends it back. You check and if what you receive is your original random string, you have verified that your partner has the same secret key, yet neither of you has ever transmitted the key. Is there a flaw in this scheme? (2 points) 3. What protocols comprise SSL? What service do each of them provide? In SSL and TLS, why is there a separate Change Cipher Spec protocol rather than including a change_cipher_spec message in the Handshake protocol? (5 points) 4. A security protocol uses encryption for privacy of data exchanged. However, since any message can be decrypted to something (which might not have been sent), integrity protection is required. In the following, Mp is plain text message, Mc is encrypted message, Hp is hash of Mp, Hc is the hash of Mc, and E(Hp) is the encrypted Hp. Which of the following will ensure integrity of messages, and why (in short)? Which will also ensure privacy? (6 points) a. Mp and Hp are sent b. Mp and E(Hp) are sent c. Mp and Hc are sent d. Mc and Hp are sent

e. Mc and Hc are sent f. Mc and E(Hp) are sent 5. Public key cryptography: An electronic signature is used so that a user cannot repudiate later - that they are not responsible for some content. One way to electronically sign a message is to have a hash of the message, and then encrypt the hash and attach it at the end of the message. a. If Public Key Cryptography is used to encrypt the message, which of the keys: public or private is used to encrypt the hash. Which key is used to decrypt the message? (1 point) b. If Symmetric Key Cryptography is used to encrypt the hash, should the key be made public so that the others can verify the signature? How can a trusted (by all concerned) third party be used for enforcing signatures in this case? (2 points) c. What is a public key certificate (what is contained in such a certificate)? (1 point) 6. Enable full header in an email that you have received. Google how to view full headers in your web based email or unix based email. Portions of the extended header from an email are copied below. ============================= Return-Path: <somebody@mail.smu.edu> Delivered-To: skangude@engr.smu.edu Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_nextpart_001_01c8f640.1c2e76e7" Subject: Subject of this email Date: Mon, 4 Aug 2008 09:40:59-0500 Message-ID: <3F58FDDAE273C644B7386E9A3CFCD5A30A3669E2@s31xe5.systems.s mu.edu> X-MS-Has-Attach: yes X-MS-TNEF-Correlator: From: "Somebody Somewhere" <somebody@mail.smu.edu> To: <faculty@smu.edu>, <staff@smu.edu>, <Students@smu.edu> ============================ Based on the header, what pattern should the receiver program try to match in the body of the email to separate the various parts of the message? Are the various parts of the message required to be presented to the receiver in the

order they appear in the message? Why, or why not? Is it possible that all the parts of the message are plain text? (3 points) Some email messages include the same content in plain text, as well as html format, and the user s email program is supposed to show the message to the user in whichever format is best to the user. What MIME type and subtype are used for such messages? (1 point) 7. Please solve the following problems a. We ve seen that the character sequence <CR><LF>.<CR><LF> indicates the end of mail data to a SMTP server. What happens if the mail data itself contains that character sequence? (1 point) b. Users are free to define and use additional header fields other than the ones defined in RFC 822. Such header fields must begin with the character string X-. Why? (1 point) c. Using table in http://en.wikipedia.org/wiki/base64, encode the following 3 octets into radix-64 code words (show the ASCII printable characters only): (2 points) 10010100,11100011,10100110 8. Excluding the connection establishment and termination, what is the minimum number of network round trips to send a small email message using SMTP? (2 points) 9. SNMP: A network management protocol uses get, set, and trap messages to request a parameter value, set the value of a parameter, and notify of certain changes respectively. Who (a Manager or an agent ) are the originators of these messages? (1 point) Given that a router has 4 parameter in its MIB: 1) Memory allocated for packets, 2) Average Number of Packets/sec in last 1 minute, 3) Received data in last 1 minute, and 4) forwarded data in last 1 minute. The router has an agent which communicates with the network manager. The manager monitors the router, and sets the parameter 1) to a higher value HV if any of parameters 2), 3), or 4) exceed thresholds T2, T3, or T4 respectively. Also if they exceed higher-thresholds HT2, HT3, and HT4 respectively, the agent is required to notify the manager without waiting for any query from it. On such notification, the manager is required to set the parameter 1) to a very high value VHV1. What message or messages or no messages (get, set, or trap) are sent from whom (manager or agent) AFTER the following cases happen? Also indicate briefly the content of the message. (Note: Only include messages get, set, or trap in your answers; Assume the response, if any, to the get, set, and trap messages, is always a success.) (6 points)

a. Manager sends set 1) to a small value SM b. Parameter 4) value increases from <T4 to >HT4 c. Parameter 2) value increases from {HT2 > parameter 2) >T2} to >HT2 d. Parameter 3) value increases from <T3 to >T3 e. Manager wishes to know the current values of MIB parameters 2) 3) and 4), and the values are 2) <T2, HT3 > 3) > T3, and 4) >HT4 f. Manager wishes to know the current values of all parameters in the routers MIB, and all of parameters 2) to 4) are less than their respective thresholds T2 to T4. Moreover, parameter 1) also has the proper value it is supposed to have. The manager also acts as an agent to an overall-manager. The overallmanager does not set any parameters, and only monitors the MIB values of the router (through the manager of course). If the overall-manager seeks to populate its own MIB values for the router, what type of message/s (get, set, trap) does it generate, and to whom? If the overall manager requests for any of the router s parameter values from the manager, is it always required to query the router for them? If not, why not? If yes, what type of messages does it use to query the router? (3 points) 10.Solve the following: a. Classify a DNS resolver and a DNS name server as either client, server, or both. (1 point) b. What s the main difference between a primary and a secondary name server? (1 point) c. What is the difference between a domain and a zone? (1 point) 11.The DIG tool is used for DNS lookups. Read about the tool on one or more of the following: a) man dig on unix/linux machines; b) Google Domain information groper or man dig. Use the DIG tool at the following website: http://www.kloth.net/services/dig.php a. What are the 3 main parameters to the dig tool? (1 point) b. Find the list of root name servers by using the tool and knowing that all root servers are authoritative for the zone.. (1 points) c. Now find the IP addresses of the k root name server. (0.5 points) d. Now use the dig tool to find the IP address of www.example.com. Copy what is displayed in the QUESTION SECTION and the ANSWER SECTION? (0.5 point) e. What is the TTL from your query in part d above? (0.5 points) f. Now repeat the same query. Why has the TTL field changed? (0.5 point) 12. Does a root server support recursive lookup? (0.5 point) Why or why not? (0.5 point)

13.List briefly 2 reasons why the current DNS system is better than maintaining a central HOSTS.txt file at a well-known IP address, and using the latest version of this HOSTS.txt file to do the name resolution. (2 points) 14.One can browse the same web page on different types of browsers such as Lynx that cannot display images etc. or IE that is more general purpose. If a browser cannot display a certain type of media, how does it tell the server from which it is requesting the URL? (1 point) 15.In the response to a request for a URL, how does the receiver know what type of media is contained in the entity? (1 point) 16.An efficient way to use web caches is for the client to request the server for the URL indicating that it respond with the entity only if the URL contents have changed since the last time the client accessed the same URL. If the URL content has not changed, and is cached at the client side, then the response can be short and does not need to carry potentially large amount of data. How can an http request message make such a request to the server? That is, identify the header field and value to be used. (2 points) 17.A website has a front page that changes in format regularly but the content (in terms of images, sounds, and videos linked on the web page) stays the same more or less. Akamai servers are used to replicate content so that a nearest Akamai server is used to download content rather than cause traffic across larger portion of the Internet. Should the Akamai servers replicate the front page or the less frequently changing content? Why? (1 point) 18. Why do clients using BitTorrent request the rarest file fragment first? (1 point) 19.Between Napster and Gnutella, which one is more susceptible to a single point of failure, and why? (1 point)

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information