Final Exam – CSEC 640
Last Examination – CSEC 640 Identify: ____________________________________ Observe: This take a look at is open guide and open word. All work, nevertheless, should be your personal. You aren't allowed to debate this examination with anybody else. Factors will likely be awarded or deducted primarily based upon: The reply shows a sound understanding of the subject material and course materials. The help used within the reply corresponds to the knowledge sought within the query The clarification shows a sound and thorough understanding of the matter in query. The reply displays the student’s personal considerate consideration of the materials. You could quote and reference different sources when you like. Should you do, please cite your sources and embody a bibliography together with your reply. Partial credit score will likely be given as applicable. Don't go away any downside clean. Many questions don't have any proper or mistaken solutions. Should you encounter an issue that you don’t know the reply, make a logical guess (I wish to see how you assume and react). 1. [16 points total, TCP/IP] a. Not like IP fragmentation (which might be performed by intermediate gadgets), IP reassembly can be performed solely on the last vacation spot. What issues do you see if IP reassembly is tried in intermediate gadgets like routers? [8 points] Reply: b. Let’s assume that Host A (receiver) receives a TCP section from Host B (sender) with an out-of-order sequence quantity that's greater than anticipated as proven within the diagram. Then, what do Host A (receiver) and host B (sender) do? [8 points] .png"> Reply: 2. Describe or suggest a technique to detect ARP spoofing assault. What may be a attainable weak point in your proposed technique? Please don't focus on any prevention technique (e.g., port safety is an instance of a preventive technique). [8 points] Reply: three. [Wireless LAN Security-WEP] What's the principal distinction between the FMS assault and Chopchop assault? Clearly clarify your reply [8 points] Reply: four. An enormous enterprise decides to make use of a symmetric encryption to guard routing replace messages between its personal routers (i.e. total routing replace messages are encrypted by a powerful shared symmetric key). They assume this may stop routing desk modification assaults. Do you assume their choice is suitable? Do you see any issues or points with their choice? [10 points] Reply: 5. An ACK scan doesn't present data about whether or not a goal machine’s ports are open or closed, however slightly whether or not or not entry to these ports is being blocked by a firewall. If there isn't any response or an ICMP “vacation spot unreachable” packet is obtained as a response, then the port is blocked by a firewall. If the scanned port replies with a RST packet, then ACK packet reached its meant host. So the goal port will not be being filtered by a firewall. Observe, nevertheless, that port itself could also be open or closed. Describe a rule (or a algorithm) that may very well be utilized by Snort to detect an ACK scan. Cleary categorical your assumption and clarify your guidelines. Do you assume Bro can do a greater job detecting an ACK scan? Clarify your reply. [15 points] Reply: 6. Clarify the principle distinction between SQL injection and XSS assaults. [10 points] Reply: .png"> 7. As proven within the above diagram, Kevin, the system admin, put in a text-message sender and a text-message receiver in a Multi-Stage-Safe (MLS) surroundings. Within the MLS surroundings, two safety ranges exist (i.e., Unclassified (Low) and Categorized (Excessive) ranges). His objective is to implement the Bell-La Padula (BLP) entry management mannequin within the community. In a nut shell, the BLP mannequin defines two necessary entry management guidelines: No Learn Up Rule: a topic (Low) at a decrease safety degree should not learn an object (Excessive) at the next safety degree. Merely, a Low entity can't have read-access to a Excessive object. No Write Down Rule: a topic (Excessive) at the next safety degree should not write to any object (Low) at a decrease safety degree. Merely, a Excessive entity can't have a write-access to a Low object. On this state of affairs, implementing the BLP mannequin means no confidential data flows from Categorized LAN (Excessive) to Unclassified LAN (Low). Nevertheless, data can nonetheless movement from Unclassified LAN to Categorized LAN. To realize his objective, he configured each textual content message sender and receiver as follows: The textual content message sender is configured to ship a textual content message to the textual content message receiver through TCP/IP protocol. The textual content message receiver is configured to obtain a easy textual content message from the sender through TCP/IP protocol. The following IP/port is given to every machine: Textual content message sender : and port 9898 is open Textual content message receiver: 192.168.three.three and port 9999 is open A textual content message is allowed to be despatched solely from port 9898 of (sender) host to port 9999 of 192.168.three.three (receiver) host. Half A) As you may see from the diagram above, the textual content message sender and receiver have been compromised by the adversary and the Trojan, respectively. Nevertheless, the router with Snort IDS put in (router/snort) is securely protected and might be absolutely trusted. Write environment friendly Snort guidelines and entry management lists which will likely be applied on the router/snort to detect or block confidential data leakage from Excessive to Low. Write your rationale for writing your guidelines and entry management lists. For instance, if the textual content message receiver (Trojan at Excessive LAN) makes an attempt to ship a textual content message (confidential data) to the textual content message sender (the adversary at Low LAN), the try will likely be both blocked by your entry management listing(s) or detected by your snort rule(s). Don't write greater than 5 guidelines and lists in whole. No less than one entry management listing should be included. [15 points] Trace: Entry management lists are mentioned in Module 10 and snort guidelines are lined in Module 7 in addition to Lab2. To see extra snort choices, please consult with chapter three of Snort Person Guide 2.9.1 by the Snort Mission (hyperlink:"> Reply: Half B) Describe a method for the Trojan to covertly transmit four characters (e.g., A, B, C and D) to the adversary with out being detected or blocked by your guidelines and entry management lists offered in Half A. [9 points]. Reply: eight. [topic: IPsec VPN] What do you assume are the benefits & disadvantages of utilizing each AH and ESP protocols on the similar finish to finish IPsec connection (transport mode)? As well as, it's really useful that the ESP protocol ought to be carried out earlier than the AH protocol. Why is that this method really useful slightly than authentication (AH) earlier than encryption (ESP)? [9 points] Reply: