UNIVERSITY OF BOLTON SCHOOL OF CREATIVE TECHNOLOGIES COMPUTER AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2016/2017 NETWORK SECURITY

Size: px

Start display at page:

Download "UNIVERSITY OF BOLTON SCHOOL OF CREATIVE TECHNOLOGIES COMPUTER AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2016/2017 NETWORK SECURITY"

Derrick West
6 years ago
Views:

1 [CRT03] UNIVERSITY OF BOLTON SCHOOL OF CREATIVE TECHNOLOGIES COMPUTER AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2016/2017 NETWORK SECURITY MODULE NO: CPU6004 Date: Tuesday 16 th May 2017 Time: 14:00-16:00 INSTRUCTIONS TO CANDIDATES: There are SIX questions on this paper. Answer FOUR questions. All questions carry equal marks.

2 Page 2 of 11 Question 1 1. modprobe ip_conntrack iptables -P INPUT ACCEPT iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT iptables -A FORWARD -i p2p1 -o p8p1 -s /24 -p tcp --dport 80 -j ACCEPT iptables -A FORWARD -i p8p1 -o p2p1 -d /24 -p tcp --sport 80 -j ACCEPT iptables -A FORWARD -i eth1 -o p8p1 -s /24 -j ACCEPT iptables -A FORWARD -i p8p1 -o eth1 -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -i p8p1 -p tcp --dport 80 -j DNAT --to-destination :80 iptables -t nat -A POSTROUTING -o p8p1 -s /24 -j SNAT --to-source echo 1 > /proc/sys/net/ipv4/ip_forward Illustration 1: Network Topology Diagram - Larger version on Appendix A 1 Using the iptables rules and topology diagram above, provide a detailed analysis of each of the rules shown in the context of the traversal of a packet through the firewall discussing the appropriate tables and chains in each of the rules. (25 marks) Question 2

3 Page 3 of 11 2a/ You have a web server located within your DMZ and you are getting reports that it is not responding to request for pages. You undertake some network investigation and observe that you are currently under attack. Using Wireshark you have captured a number of packets to aid you with the analysis of the attack as shown in Illustration 2 below (larger version in Appendix B). Illustration 2: Packet Capture of suspected attack - Larger version in Appendix B i) Identify the attack being undertaken (2 marks) ii) Discuss the nature of the attack and how it is constructed iii) Provide details of how this kind of attack can be mitigated. (8 marks) (8 marks) 2b/ Outline the concept of stateful filtering (stateful packet inspection) and explain why configuring stateful filtering can reduce the number of ports open to attack. (7 marks)

4 Page 4 of 11 Question 3 3a/ Saltzer and Schroeder s Principles discussed several principles that relate to information security. Most of these principles are still applied in today s computing infrastructure. Discuss what is meant by the term Fail-Safe Defaults and provide an example in relation to computer security. (9 Marks) 3b/ Outline the concept of defence-in-depth in the context of network security then explain what approach to security could be used in this context. Give examples of the types of security appliances or security software you would employ to protect a network and indicate with the aid of a diagram where these would be located. (16 marks)

5 Page 5 of 11 Question 4 4a/ Illustration 3: Network Topology Diagram - larger version in Appendix A In the above diagram the DMZ network has address /24 and the Internal network has the address /24. The address of the firewall s external interface is The Web server in the DMZ ( ) is accessible to clients on the Internet. A network analyzer is monitoring all the interfaces on the firewall FW. State why NAT is necessary in this situation and identify the type of NAT which would be used. In your answer booklet complete the table below to show source and destination IP addresses and port numbers of the incoming and outgoing packets associated with a connection from a host with IP address on the Internet to the Web server in the DMZ as seen by the network analyzer. (You should choose representative values for the client source port numbers.) (19 marks) Question 4a continues over the page.

6 Page 6 of 11 Question 4a continued. For Incoming Packets entering the firewall Destination IP Address Destination Port No. Source IP Address Source Port No. For Incoming Packets leaving the firewall Destination IP Address Destination Port No. Source IP Address Source Port No. For Outgoing Packets entering the firewall Source IP Address Source Port No. Destination IP Address Destination Port No. For Outgoing Packets leaving the firewall Source IP Address Source Port No. Destination IP Address Destination Port No. 4b/ What is masquerading, under what circumstances would you use it and, suggest any advantages and disadvantages of the technique? (6 marks)

7 Page 7 of 11 Question 5 5a/ Unstructured attacks come from inexperienced individuals typically using automated attack tools downloaded from the Internet, referred to as 'Script Kiddies' in the security profession. Contrast the unstructured attack with that of a structured attack using a case study to aid your discussions. (19 marks) 5b/ When undertaking authorised penetration testing using a Black box model staff do not know about the test nor is the tester given details about network. One of the first steps that the penetration tester must undertake is information gathering. Identify at least three elements of the information gathering phase and the kind of data that might be gathered by each one. (6 marks)

Page 8 of 11 Question 6 6a/ In terms of computer security provide an overview of what a baseline is. (4 marks) 6b/ Within SELinux there are 3 modes of operation.

8 Page 8 of 11 Question 6 6a/ In terms of computer security provide an overview of what a baseline is. (4 marks) 6b/ Within SELinux there are 3 modes of operation. Discuss briefly each of these modes of operation. (6 marks) 6c/ A system administrator has moved over a recently created index.html file from the home directory of a web developer to document root directory of the companies web server using the following command mv /home/devops/content* /var/www/html The web server is correctly configured, however access to the index.html file is forbidden as shown in Illustration 4. Illustration 4: Browser Error returned from attempting to access developers web page. After checking the system logs the systems administrator has identified that this error relates to the mandatory access control provided by SELinux. Investigating further, the systems administrator identifies the issue based upon the output from the ls Z /var/www/html command as shown in Illustration 5. Illustration 5: Output from the ls -Z command Question 6c continues over the page.

9 Page 9 of 11 Question 6c continued. Using the information provided above: i) Identify the cause of the problem and how it could have been prevented. (5 marks) ii) Develop and document the solution to the problem discuss each of the actions that you have chosen. (10 marks) END OF QUESTIONS APPENDIX A & B CAN BE FOUND OVER THE PAGE.

10 Page 10 of 11 Appendix A - Illustration 1

11 Page 11 of 11 Appendix B - Illustration 2

UNIVERSITY OF BOLTON SCHOOL OF CREATIVE TECHNOLOGIES COMPUTER NETWORKS AND SECURITY SEMESTER TWO EXAMINATIONS 2017/2018 NETWORK SECURITY

[CRT11] UNIVERSITY OF BOLTON SCHOOL OF CREATIVE TECHNOLOGIES COMPUTER NETWORKS AND SECURITY SEMESTER TWO EXAMINATIONS 2017/2018 NETWORK SECURITY MODULE NO: CPU6004 Date: Tuesday 22 nd May 2018 Time: 14:00