Defense-in-depth is an important principle in network security. Consider you are advising a company in deploying a WiFi network. You advise them to use all of the following security mechanisms to provide defense-in-depth. For each mechanism, give a brief description of the mechanism and how it works, explain the main advantage of the mechanism, and explain the main disadvantage of the mechanism.
- Using antennas, transmit power and AP positioning to control radio range
- RADIUS (or similar) authentication
- Manual detection of rogue APs
Encryption is commonly used to provide data confidentiality in the Internet: when two hosts communicate, other entities in the path between the two hosts cannot read the data being sent. However encryption on its own does not privacy of who is communicating. Although the other entities cannot read the data, they can determine which two hosts are communicating.
Assume you want to have privacy protection while web browsing. Normally, when your client computer sends a HTTP GET request to a web server, the IP address of both your client computer (C) and the web server (S) are included in the IP header of the packet. Any intermediate node on the path between client and server in the Internet can see the values of C and S, thereby learning who is communicating.
Three common techniques for privacy protection, i.e. hiding both values of C and S from intermediate nodes, in the Internet are:
For each technique, provide the following:
- An explanation of the technique (you may refer to the diagram)
- A diagram showing the addresses learnt by a malicious user if the technique is used.
- A recommendation of who or what this technique is good for. (Consider the advantages of the technique compared to the other techniques, and consider the skills and/or requirements of different users).
- What a malicious user would need to do to compromise the privacy (i.e. learn both C and S) if the technique was used.