UNIVERSITY OF BOLTON SCHOOL OF CREATIVE TECHNOLOGIES COMPUTER NETWORKS AND SECURITY SEMESTER TWO EXAMINATIONS 2017/2018 NETWORK SECURITY

Size: px

Start display at page:

Download "UNIVERSITY OF BOLTON SCHOOL OF CREATIVE TECHNOLOGIES COMPUTER NETWORKS AND SECURITY SEMESTER TWO EXAMINATIONS 2017/2018 NETWORK SECURITY"

Clarissa Black
5 years ago
Views:

1 [CRT11] UNIVERSITY OF BOLTON SCHOOL OF CREATIVE TECHNOLOGIES COMPUTER NETWORKS AND SECURITY SEMESTER TWO EXAMINATIONS 2017/2018 NETWORK SECURITY MODULE NO: CPU6004 Date: Tuesday 22 nd May 2018 Time: 14:00 16:00 INSTRUCTIONS TO CANDIDATES: There are SIX questions on this paper. Answer FOUR questions. All questions carry equal marks. You are permitted to use a maximum of 6 sides of A4 handwritten or printed notes. Additional sheets must be required to be handed to the invigilator

2 Question 1 Page 2 of 9 1a/ Within General Security concepts threat vectors tend to be classified into four distinct categories. Discuss at least three of these threat classifications and provide examples of a specific attack vector and how they may be undertaken. (6 Marks) 1b/ The Operational Model of computing is defined in the following security equation: Protection = Prevention + (Detection + Response) Every security technique and technology falls into at least one of the three elements of the equation. One of the most fundamental approaches to prevention is the concept of Least Privilege Explain the concept of Least Privileges and provide examples of how it can be applied in order to limit an organization s exposure to damage for at least three of the following a user; an application; a network; a process. (19 Marks)

3 Question 2 Page 3 of 9 2/ Iptables is an end user program that allows network adminis to configure and manage a firewall by providing access to the predefined tables in order to allow users to add rules to the appropriate chains. The chains are implemented as a series of Netfilter modules which utilise hooks in order to pass data and call functions from the Linux Kernel. The associated hooks are called to evaluate the packets based upon the rules as defined by the user A Network Admin responsible for the network identified in figure 1 (larger copy is in appendix B) has implemented the firewall using iptables and created a bash script in order to implement them firewall.sh (see appendix A). Figu re 1: Network Topology showing hosts and their IP address configuration With the aid of labelled diagrams show how the packet flow through the Netfilter module and evaluate the association between the Netfilter hooks and the predefined iptables chains for the following connections: i. A web browser in Host A is connected to the web server host B ii. Host A is connected to the firewall via the Linux terminal iii. A web browser in Host B is connected to Host DMZ web server You should use the appropriate rules in firewall.sh when considering which chains are appropriate for the connections stated above. (25 marks)

4 Question 3 Page 4 of 9 3a/ Unstructured attacks come from inexperienced individuals typically using automated attack tools downloaded from the Internet, referred to as 'Script Kiddies' in the security profession. Contrast the unstructured attack with that of a structured attack using a case study to aid your discussions. (20 marks) 3b/ Contrast the differences between an anonymous proxy and a cacheing proxy highlighting any security advantages for each kind of proxy. (5 marks) Question 4 4a/ Consider the following statement: Formal methodologies such as OSSTMM Security Testing provides a methodology for a thorough security test, here referred to as a security audit. An OSSTMM audit is an accurate measurement of security at an operational level Argue the validity of that statement contrasting other security testing methodologies that may be utilised when analysing the security of an IT infrastructure and end hosts. You may use images to help with your answer. (19 marks) 4b/ When undertaking authorised penetration testing using a Black box model Staff do not know about the test nor is the tester given details about network. One of the first steps that the penetration tester must undertake is information gathering. Identify at least three elements of the information gathering phase and the kind of data that might be gathered by each one. (6 marks)

5 Question 5 Page 5 of 9 5a/ A system administrator has moved over a recently created index.html file from the home directory of a web developer to document root directory of the companies web server using the following command mv /home/devops/content* /var/www/html The web server is correctly configured, however access to the index.html file is forbidden as shown in figure 2. After checking the system logs the systems administrator is that this error relates to the mandatory access control mechanisms in the server Investigating further, the systems administrator identifies the issue based upon the output from the ls Z /var/www/html command as shown in figure 3 i. Identify the host security mechanism that has blocked the contrasting Mandatory Access Control with Discretionary Access Control (8 marks) ii. Identify the cause of the problem and Develop and document the solution to the problem discuss each of the actions that you have chosen. (4 marks) Question 5 continues over the page.

6 Question 5 continued. Page 6 of 9 5b/ Tuppence Holdings ltd are a small company that sell financial services across the banking sector. The topology diagram provided in appendix B is the current edge layout for the network. They have approached you as a security consultant and requested that you redesign and improve the security of the edge network. They have requested the following two elements: 1. an additional DMZ for internal servers 2. a distributed firewall configuration 3. a single secure LAN for core business activities synthesize a new topology diagram for the network that meets the requested specification and explain the benefits of introducing a distributed firewall configuration. (13 marks) Question 6 6a/ In, a Denial-of-Service attack (DoS attack) is an attempt to make a machine or network resource unavailable to its deliberate users. It generally consists of efforts to, temporarily/indefinitely interrupt connection or suspend services of a host connected to the network. A DoS attack and a DDoS (Distributed Denial-of-Service) attack differ only in the their mechanisms of implementation. A DoS attack can often be undertaken by a single host where as a DDoS attack is often undertaken by multiple distributed hosts. i. Identify three different classifications of DDoS attack and state explain what the goal of each of the classifications (6 marks) ii. For each of the attack classifications identified in part I) suggest by what mechanism the attacks cripple the target hosts/networks (6 marks) Question 6 continues over the page.

7 Page 7 of 9 Question 6 continued. 6b/ You have a web server located within your DMZ and you are getting reports that It is not responding to request for pages. You undertake some network investigation and observe that you are currently under attack by means of a SYN flood attack. i. Discuss the nature of the attack and how it is constructed (5 marks) ii. one of the ways that this kind of attack can be mitigated is by using SYN cookies. Explain what SYN Cookies are and provide information on how they can be enabled in the web server (8 marks) END OF QUESTIONS

8 Appendix A Iptables bash script #!/bin/bash # Default Policy iptables -P FORWARD DROP iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -A PREROUTING -i enp0s9 -p tcp -d dport 80 -j DNAT --to-destination iptables -A FORWARD -i enp0s3 -o enp0s9 -p tcp --syn --dport 80 -m conntrack -ctstate NEW -j ACCEPT iptables -A FORWARD -i enp0s3 -o enp0s9 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i enp0s9 -o enp0s3 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -o enp0s9 -p tcp --sport 80 -s j SNAT --to-source iptables -A FORWARD -i enp0s9 -o enp0s8 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT iptables -A FORWARD -i enp0s8 -o enp0s9 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i enp0s9 -o enp0s8 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i enp0s3 -p tcp -s /24 --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o enp0s3 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

9 Appendix B

UNIVERSITY OF BOLTON SCHOOL OF CREATIVE TECHNOLOGIES COMPUTER AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2016/2017 NETWORK SECURITY

[CRT03] UNIVERSITY OF BOLTON SCHOOL OF CREATIVE TECHNOLOGIES COMPUTER AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2016/2017 NETWORK SECURITY MODULE NO: CPU6004 Date: Tuesday 16 th May 2017 Time: 14:00-16:00