[CRT14] UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2014/2015 NETWORK SECURITY MODULE NO: CPU6004 Date: Wednesday 27 th May 2015 Time: 14:00 16:00 INSTRUCTIONS TO CANDIDATES: There are SIX questions on this paper. Answer FOUR questions. All questions carry equal marks.
Computing and QUESTION 1 Page 2 of 5 1a. What is a DMZ network and identify what it would typically contain? (7 Marks) 1b. A corporate network uses internal subnets 192.168.1.0/24 and 192.168.2/24 for the internal network and 172.16.1.0/24 for the DMZ. The external interface has the address 193.63.10.6. If you were securing this network on the perimeter firewall which has interfaces on all these subnets what addresses would you routinely block, where would you block them, and why would you block them? 1c. Compare the operation of a network using: i a single firewall ii. multiple firewalls (14 marks) in terms of network design and security. (4 marks) QUESTION 2 2a. With the aid of a diagram, demonstrate how packets flow through the NetFilter iptables firewall. Include in the diagram the flow that packets would take destined for both the Forward Chain and the Input/Output Chain. Ensure that the NAT points and Filtering points are clearly available. (20 marks) 2b. What is masquerading? Under what circumstances would you use it and what are its advantages? PLEASE TURN THE PAGE...
Computing and QUESTION 3 Page 3 of 5 3a. State the advantages of stateful inspection packet filters. 3b. The very nature of a Transmission Control Protocol (TCP) as a connection oriented protocol means that the status of communication sessions can be statefully tracked. Discuss each of the states of the TCP connection involved in the connection process. You may use diagrams to assist your explanations. (15 marks) 3c. In terms of computer security, provide an overview of what a baseline is. QUESTION 4 The structure of iptables consists of 4 tables which contain a number of chains that can be thought of as an ordered set of rules. There are 5 chains that can be used within IP tables. Discuss each of the chains and which table they belong in and the purpose of that particular chain. Use a table to assist with your explanation that shows the iptables table and its built in chains. (25 marks) PLEASE TURN THE PAGE...
Computing and QUESTION 5 Page 4 of 5 5a. Outline the concept of defence-in-depth in the context of network security then explain what approach to security could be used in this context. Give examples of the types of security appliances or security software you would employ to protect a network and indicate with the aid of a diagram where these would be located. (16 marks) 5b. Saltzer and Schroeder s Principles discussed a number of principles that relate to information security. Most of these principles are still applied in today s computing infrastructure. Discuss what is meant by the term Fail-Safe Defaults and provide an example in relation to computer security. (9 Marks) QUESTION 6 6a. Intrusion Prevention Systems (IPS) are considered an extension of Intrusion Detection Systems (IDS) due to them both being used to monitor network traffic and/or system activities of potential malicious activity. The main difference is that IPS is capable of actively blocking malicious packets. Compare how IPS and IDS systems connect to a network and outline their advantages and disadvantages. (9 marks) 6b. A company with a national reputation wants to employ an Intrusion Detection System (IDS) to detect malicious activity on the DMZ and is particularly concerned that they may be vulnerable to 'Zero Day' attacks. Explain briefly what is meant by a 'Zero day attack then outline the main methods used by Network Intrusion Detection Systems giving their relative advantages and disadvantages in this context and hence identifying which of these would be appropriate for the company. (9 marks) Question 6 continues over the page... PLEASE TURN THE PAGE.
Computing and Question 6 continued Page 5 of 5 6c. A computer security consultant visiting the company in 6b makes a recommendation that the company employ a Host IDS on each critical server in the DMZ. Explain what you think his justification would be for this. (7 marks) END OF PAPER