fb
$20 Bonus + 25% OFF
$20 Bonus + 25% OFF
Securing Higher Grades Costing Your Pocket? Book Your Assignment at The Lowest Price Now!
Add File

Error goes here

COIT20262 Advanced Network Security

tag 0 Download11 Pages / 2,700 Words

Questions:

1. Firewalls

Objective: be able to design packet filtering firewall rules and identify advantages/disadvantages of such firewalls

An educational institute has a single router, referred to as the gateway router, connecting its internal network to the Internet. The institute has the public address range 138.77.0.0/16 and the gateway router has address 138.77.178.1 on its external interface (referred to as interface ifext). The internal network consists of four subnets:

A DMZ, which is attached to interface ifdmz of the gateway router and uses address range 138.77.179.0/24.

A small network, referred to as shared, with interface ifint of the gateway router connected to three other routers, referred to as staff_router, student_router, and research_router. This network has no hosts attached (only four routers) and uses network address 10.3.0.0/16.

A staff subnet, which is for use by staff members only, that is attached to the staff_router router and uses network address 10.3.1.0/24.

A student subnet, which is for use by students only, that is attached to the student_router router and uses network address 10.3.2.0/24.

A research subnet, which is for use by research staff, that is attached to the research_router router and uses network address 10.3.3.0/24.

In summary, there are four routers in the network: the gateway router, and routers for each of the staff, student and research subnets. There are five subnets: DMZ, shared, staff, student, and research.

There are two servers in the DMZ that all can accept requests from the Internet: a web server supporting HTTP and HTTPS, and a SMTP email server. Members of the staff, student and research subnets can access the web server; members of the staff subnet only can access the email server but using IMAP.

The gateway router also runs a stateful packet filtering firewall and performs port address translation. In addition to the DMZ setup as described above, security requirements for the educational institute are:

External Internet users cannot access any internal computers (except in DMZ and as stated in other requirements).

Staff, students and researchers can access websites in the Internet.

The researchers (on the research subnet) run a server for sharing data with selected research partners external to the educational institute. That server provides SSH access and a specialised file transfer protocol using TCP and port 1234 to the partners. The server has internal address 10.3.3.31 and NAT is setup on the gateway router to map the public address 138.77.179.44 to the internal address. Currently there are two partner organisations that can access the server, and they have network addresses: 31.13.75.0/24 and 23.63.9.0/24.

The professor that leads the research staff also wants access to the data sharing server while they are at home. At home that professor uses a commercial ISP that dynamically allocates IP addresses in the range 104.55.0.0/16.

Considering the above information, answer the following questions:

  • Draw a diagram illustrating the network. Although there may be many computers in the staff, student and research subnets, for simplicity you only have to draw three computers in the staff subnet, three computers in the student subnet and three computers in the research subnet (one of those in the research subnet should be the data sharing server). Label all computers and router interfaces with IP addresses.

  • Specify the firewall rules using the format as in the table below. You may add/remove rows as needed. After the table, add an explanation of the rules (why you design the firewall rules the way you did).

  • Consider the rule(s) that allows the professor to access from home. Discuss the limitations, and suggest possible solutions.

2. WiFi Security

Objective: Understanding important challenges with securing WiFi networks

  • Explain what a MAC address filter is, and how it can be used as a security mechanism in WiFi. Also explain at least two limitations of using them.
  • In WPA-Personal (CCMP), AES is used for encryption. Consider the key size used by AES in WPA-Personal, and the typical passphrase selected by home users. Discuss the differences (e.g. differences in length, character sets, and how the passphrase is converted to a AES key), and discuss a potential brute force attack on WPA-Personal on home deployments.

3. Password Schemes

Objective: Understand what makes a strong password, and the difficulties of using passwords for most users

You are the IT security administrator for an organisation with about 100 users. The users all have office computers (PCs or laptops), but also use other computers for work (such as shared computers, and personal mobile devices). For example, a typical user may use a Windows PC in their office, occasionally use a Windows PC or Mac in a shared space or lab, and regularly use their own Android or iOS phone for work purposes. There is a mix of operating systems on computers and mobile devices.

You are tasked with educating users on passwords, and recommending password management solutions to the organisation. You are considering two options for password management.

Option 1. Educate users to manage their own passwords, while using some technical controls. This option involves recommending policies to management, providing user training, and applying password management rules in various systems (e.g. when passwords are created). Most users will not use password management software in this option.

Option 2. Enforce password management software for all users. This option requires all users to use a single password management application (e.g. LastPass, KeePass, or `wallet’ software).

First considering Option 1, answer the following sub-questions.

  • You are planning the user training session. You have already explained to users about password lengths and character sets (e.g. minimum recommended length, types of characters to include). List three (3) other recommendations that you think are the most important for users to be aware of with regards to password usage and management. For each recommendation, explain it in detail (that is, what would you tell users), and give one advantage and one disadvantage of the recommendation. For example:

“Recommendation 1. You should do … . The advantage of doing this is … . But the disadvantage of doing this is … .”. (Note you cannot use the password length and character set as a recommendation – you must choose other recommendations)

  • You are designing the technical controls on the password checking system when users register or select a new password. One rule that you have decided to implement is that a password must be at least 8 characters. List three (3) other rules that you think are the most important to be implemented. For each rule, clearly specify the exact conditions, and give one advantage and one disadvantage of the rule. For example: “Rule 1. A password must be at least 8 characters long. The advantage of this rule is … . The disadvantage of this rule is … .”. (Note you cannot use the password length as a rule – you must choose 3 other rules. Also, although you may consider character set as a rule, it can only count as one rule).

Now considering Option 2, answer the following sub-questions.

  • Write a short summary of what password management software is, and how it works. This summary is intended for management and users to understand.
  • Explain the advantages and disadvantages of a password management application (when compared to not using a password management application).
  • Compare a web-based password management solution, such as LastPass, against a standalone password management application, such as KeePass. In your comparison explain the difference between the approaches and the advantages and disadvantages of web-based versus standalone.
  • If a standalone password management application is to be used, recommend where the password database(s) for each user should be stored. Explain why you recommend this approach.

4. HTTPS and Certificates

Objective: Learn the steps of deploying a secure web server, as well as the limitations/challenges of digital certificates

For this question you must use virtnet (as used in the workshops) to study HTTPS and certificates. This assumes you have already setup and are familiar with virtnet. See Moodle and workshop instructions for information on setting up and using virtnet, deploying the website, and testing the website.

Your task is to:

Create topology 5 in virtnet

Deploy the MyUni demo website on the nodes

Setup  the  webserver  to  support  HTTPS,  including  obtaining  a  certificate

certificate.pem.

Capture traffic from the web browser on node1 to the web server that includes a HTTPS session. Save the file as https.pcap.

Test and analyse the HTTPS connection.

Answer the following sub-questions based on above test and analysis.

  • Submit your certificatepemand HTTPS traffic capture https.pcap on Moodle.
  • Draw a message sequence diagram that illustrates the SSL packets belonging to the first TCP connection in the file. Refer to the instructions in assignment 1 for drawing a message sequence diagram, as well as these additional requirements:

Only draw the SSL packets; do not draw the 3-way handshake, TCP ACKs or connection  close.  Hint:  identify  which  packets  belong  to  the  first  TCP connection  and  then  filter  with  “ssl”  in  Wireshark.  Depending  on  your Wireshark version, the protocol may show as “TLSv1.2”.

A single TCP packet may contain one or more SSL messages (in Wireshark look inside the packet for each “Record Layer” entry to find the SSL message names). Make sure you draw each SSL message. If a TCP packet contains multiple SSL messages, then draw multiple arrows, one for each SSL message, and clearly label each with SSL message name.

Clearly mark which packets/messages are encrypted.

  • Based on the capture and your understanding of HTTPS:
  • What port number does the web server use with HTTPS?
  • What symmetric key cipher was used for encrypting the data?
  • What public key cipher was used for exchanging a secret?
  • What cipher and what hash algorithm are used in signing the web servers certificate?
  • In this task you needed to manually load the CA certificate into the client (lynx web browser). In real networks, this step is not necessary (that is, the web browser user does not have to load the CA certificate – it normally is already loaded). Explain how the web browser already knows the CA certificate and what limitations there are of this approach?

5. Internet Privacy

Objective: Understand the advantages and disadvantages of Internet privacy technologies, including VPNs, and learn about advanced techniques (Tor)

Encryption is commonly used to provide data confidentiality in the Internet: when two hosts communicate, other entities in the path between the two hosts cannot read the data being sent. However encryption on its own does not privacy of who is communicating. Although the other entities cannot read the data, they can determine which two hosts are communicating.

Consider a simple view of an Internet path where client C is communicating using IPv4 with server S. There are n routers on the path. Assume a malicious user, who wants to know information about who is communicating and when, has access to one of the routers in the path (router Rm), e.g. they can capture packets on that router. Note Rm is not directly attached to the subnets of C or S.

  • What information can the malicious user learn about who C and S are? Consider both computer addresses and information that may identify the human user (e.g. names, locations), and explain how the malicious user may obtain that information.
  • If Network Address Translation (NAT) is used in the subnet for C (but not for S), how does that change your answer to sub-question (a)?

One method for providing privacy in the Internet is using a Virtual Private Network (VPN). Assume client C is using a VPN server which is located on a router in the path between C and S (but not on Rm).

  • What information can the malicious user learn about who is communicating when C and S communicate via the VPN server?
  • Potential disadvantages of using a VPN server include: reduced performance between C and S; required to trust the VPN server; and VPN server logs may be requested/accessed (by the malicious user). Explain each of these three potential disadvantages.

Onion routing, used in Tor, is another method for providing privacy in the Internet. It is generally consider to provide more privacy than using a VPN. The following sub-questions require you to learn the basics of Tor.

  • Explain how Tor (or onion routing) works. Use the scenario of C and S as an example. That is, how would C communicate with S if Tor was used instead of a VPN.
  • What are the advantages of Tor compared to VPN?
  • What are the disadvantages of Tor computer to VPN?
Download Sample Now

Earn back the money you have spent on the downloaded sample by uploading a unique assignment/study material/research material you have. After we assess the authenticity of the uploaded content, you will get 100% money back in your wallet within 7 days.

Upload
Unique Document

Document
Under Evaluation

Get Money
into Your Wallet

Total 11 pages, 1 USD Per Page

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2021). Advanced Network Security. Retrieved from https://myassignmenthelp.com/free-samples/coit20262-advanced-network-security/filtering-firewall-rules.html.

My Assignment Help (2021) Advanced Network Security [Online]. Available from: https://myassignmenthelp.com/free-samples/coit20262-advanced-network-security/filtering-firewall-rules.html
[Accessed 27 October 2021].

My Assignment Help. 'Advanced Network Security' (My Assignment Help, 2021) <https://myassignmenthelp.com/free-samples/coit20262-advanced-network-security/filtering-firewall-rules.html> accessed 27 October 2021.

My Assignment Help. Advanced Network Security [Internet]. My Assignment Help. 2021 [cited 27 October 2021]. Available from: https://myassignmenthelp.com/free-samples/coit20262-advanced-network-security/filtering-firewall-rules.html.


MyAssignmenthelp.com has assembled a team of extraordinarily talented and knowledgeable PhD qualified online dissertation experts to provide students required dissertation writing help in Canberra, Adelaide, Perth, Melbourne, Sydney and other parts of Australia. Students can buy dissertation online from us with three simple steps. Auditing dissertation help, history dissertation help, geography dissertation help, maths dissertation help are few popular services under our dissertation writing assistance.

Latest Networking Samples

ELG5381 Photonics Networks

Download : 0 | Pages : 2

Answers: Question 1 Question 2 LEDs are used in fiber optic communication networks. However, they are not the best choice because: LEDs emit incoherent light characterized by a broad spectrum since they generate light through spontaneous emission. As a result, the signal will be bound by chromatic dispersion thus limiting the distance over which LEDs based transmitters can transmit data. Also, LED transmitters can only be coupled into mul...

Read More arrow

BN206 System Administration

Download : 0 | Pages : 6

Answers: Introduction An impressive growth can be expected in the use of the communication network taking into consideration few years down the lane. In order, to optimize and initiate the operation of this network, a good management the network facility should be incorporated and adopted. Network management as a term can have many definition depending upon whose operation function is at the questions end. Taking into consideration any organi...

Read More arrow

COIT12206 TCP IP Principles And Protocols

Download : 0 | Pages : 8

Answers: Part A Question 1 (a) File Transfer Protocol establishes two separate TCP connection between the client and the server using the two modes that are active mode and passive mode, for transferring the commands and data through the two different channels. Active Mode establishes command channel from the client to the server and the passive mode establishes the data channel from the server to the client. Question 1 (b) Anonymous IP ad...

Read More arrow

ELEC4740 Internet Of Things

Download : 0 | Pages : 5

Answers: Question 1: The current era of globalization and technological advancement has necessitated several creative minds using technology to solve problems rather than just developing user interfaces. The reason why best interface is identified as no interface is because interfaces create major barriers. The elimination of interfaces is identified as a principle for embracing the natural processes (Doody, 2011). This was significantly addr...

Read More arrow Tags: Australia Footscray Management University of New South Wales 

CS 313 Networking And Telecommunications

Download : 0 | Pages : 15

Answer: Proposal  The proposal in this agenda is prepared to consider secure campus network concept along with suggesting security model. The paper provides proposal for showing security considerations and the factors that should be addressed for implementing network. The proposal further addresses checklist for showing certain aspects in the discussion in order to evaluate the campus network as to provide recommendations of best practic...

Read More arrow
Next

5% Cashback

On APP - grab it while it lasts!

Download app now

*Offer eligible for first 3 orders ordered through app!

ribbon
callback request mobile
Have any Query?