Network Security and Cryptography. 2 September Marking Scheme

Size: px
Start display at page:

Download "Network Security and Cryptography. 2 September Marking Scheme"

Transcription

1 Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions, and there will frequently be alternative responses which will provide a valid answer. Markers are advised that, unless a question specifies that an answer be provided in a particular form, then an answer that is correct (factually or in practical terms) must be given the available marks. If there is doubt as to the correctness of an answer, the relevant NCC Education materials should be the first authority. Throughout the marking, please credit any valid alternative point. Where markers award half marks in any part of a question, they should ensure that the total mark recorded for the question is rounded up to a whole mark.

2 Answer ALL questions Question 1 a) Briefly describe the FIVE (5) elements of a symmetric encryption system 5 Award 1 mark for each bullet point up to a maximum of 5 marks: Plaintext the actual message in normal, readable format Encryption algorithm the mathematical method used to encrypt the message Secret key a sequence of bits used in the encryption process Ciphertext the encrypted text Decryption algorithm the reverse mathematical process to decrypt the message. b) Explain what is meant by a brute force attack and state TWO (2) problems an attacker faces in using a brute force attack on an encrypted message. 3 Award 1 mark for each point up to a maximum of 3 marks: A brute force attack tries every possible key until correct translation of the encrypted text into plaintext is obtained The main problem is the time required to do this On average an attacker must try half of all possible keys before successfully translating a ciphertext c) Outline TWO (2) ways in which an encryption system may be deemed to be computationally secure. 2 Award 1 mark for each bullet point up to a maximum of 2 marks: The cost of breaking the scheme exceeds the value of the encrypted information The time required to break to the scheme is longer than lifetime of the information Total: 10 Page 2 of 14

3 Question 2 a) Briefly describe FOUR (4) features of public key infrastructure. 4 Award 1 mark for each bullet point up to a maximum of 4 marks: PKI uses a mathematical technique that involves a pair of keys One cryptographic key is public and one is private Can verify the identity of a message sender (through signing) Ensures privacy (through encryption of data) Private/public keys are related but cannot be derived from one another. Note: Credit answers which refer to Certificate Authority and Digital Certification. b) Explain how public key encryption is performed. 3 Award 1 mark for each bullet point up to a maximum of 3 marks: The data is encrypted using a secret key algorithm (symmetric cryptography) A random session key is generated using a symmetric algorithm to encrypt the data The public key is then used to encrypt that key and both are sent securely to the recipient c) Briefly discuss how pubic key decryption is performed. 3 Award 1 mark for each point up to a maximum of 3 marks: If the private key can decrypt the data, the user is certain that the data is meant for him/her but cannot identify the originator The private key decrypts the session key The decrypted session key is used to decrypt the actual data Total: 10 Page 3 of 14

4 Question 3 a) Produce a diagram to show how the TCP/IP model used over the Internet relates to the OSI 7 layer model for open networks. 4 Award 1 mark for each layer in the TCP/IP stack in the correct position up to a maximum of 4 marks: Host-to-Network Internet Transport Application b) Produce a table to demonstrate how Transport Level Security (TLS) fits with other common Internet protocols in a protocol stack. Your table should be illustrated by showing named protocols. 4 Award 1 mark for each layer in the protocol stack in the correct position up to a maximum of 4 marks: IP TCP TLS HTTP, FTP, SMTP, etc. HTTP, FTP, SMTP TLS TCP IP Question 3 continues on next page Page 4 of 14

5 c) TLS is typically implemented as Secure Sockets Layer (SSL). What is a SSL Connection? 2 Award 1 mark for each bullet point up to a maximum of 2 marks: SSL connections are peer-to-peer relationships These SSL connections are transient, only last for a certain length of time and each connection is associated with a session Total: 10 Question 4 a) State THREE (3) uses of cryptographic methods in messaging. 3 Award 1 mark for each bullet point up to a maximum of 3 marks: To sign an message to ensure its integrity and confirm the identity of its sender. To encrypt the body of an message to ensure its confidentiality. To encrypt the communications between mail servers to protect the confidentiality of both the message body and message header b) Explain how the OpenPGP protocol is used to encrypt an message. 7 Award 1 mark for each point up to a maximum of 7 marks: The plaintext message is compressed A random session key is created A digital signature is generated for the message using the sender s private key and then added to the message The message and signature are encrypted using the session key and a symmetric algorithm The session key is encrypted using the recipient s public key and added to the encrypted message The encrypted message is sent to the recipient The recipient reverses these steps Total: 10 Page 5 of 14

6 Question 5 a) Identity FOUR (4) tasks involved in network vulnerability management. 4 Award 1 mark for each bullet point up to a maximum of 4 marks: Prioritising vulnerabilities determining those that are most critical for the network Fixing vulnerabilities removing avenues for attack Reducing the effects of potential breeches developing systems that will minimize downtime, financial loss, etc. should a breech occur Monitoring for new/unknown vulnerabilities ensuring that new attack signatures are identified and defences are updated as new vulnerabilities are discovered b) What is a port scanner? 1 A port scanner is software that probes a network for open ports c) Outline FIVE (5) features of a port scanner. Your answer should refer to how a port scanner is used and how it works. 5 Award 1 mark for each bullet point up to a maximum of 5 marks: It is used by network administrators to test the network It is used by attackers to look for vulnerabilities The TCP/IP protocol suite has services being supplied by a host through a port There are different port numbers available and most services use only a very limited number of ports so these can be tested for legitimate use The scan can determine whether each port is open, filtered or closed Port scanners detect UDP Ports Total: 10 Page 6 of 14

7 Question 6 a) With the use of a diagram, explain how a firewall is used to create a Demilitarised Zone (DMZ). 7 The maximum number of marks awarded to this question is 7. Award 1 mark for each of the key features up to a maximum of 4 marks: Internet/public network Correctly positioned firewall Networked computers Separate server or subnetwork Award 1 mark for each bullet point up to a maximum of 3 marks: Traffic moving between the network on the protected side of the firewall and the Internet goes through the firewall This traffic between the DMZ and the wider internal network also goes through the firewall and has protection policies applied Common to put public-facing servers such as servers in the DMZ. Note: Credit valid alternative diagrams that label the DMZ and internal network. Question 6 continues on next page Page 7 of 14

8 b) With the use of a diagram, briefly describe how a screened subnet DMZ differs from a standard DMZ. The maximum number of marks awarded to this question is 3. Award 2 marks for a suitable diagram: 3 Award 1 mark for describing the difference: Traffic from DMZ to trusted network must go through Bastion Host and packet filtering routers as an extra level of security Total: 10 Page 8 of 14

9 Question 7 a) Briefly describe FOUR (4) key functions of a Virtual Private Network (VPN). 4 Award 1 mark for each bullet point up to a maximum of 4 marks: Authentication - validates that the data was sent from the sender Access Control - preventing unauthorized users from accessing the network Confidentiality - preventing the data from being read or copied as the data is being transported Data Integrity - ensuring that the data has not been altered b) Explain the operation of a Remote Framebuffer Protocol (RFB). 6 Award 1 mark for each bullet point up to a maximum of 6 marks: RFB sends simple graphic messages to the client and input actions to the server It sends information regarding rectangles of screen display The colour information of rectangles for display are transmitted as a framebuffer It includes compression techniques and security features Client uses port 5900 for server access Server may connect in listening mode on port 5500 Total: 10 Page 9 of 14

10 Question 8 a) Describe THREE (3) characteristics of a wireless network that present a set of security issues that are not usually present in wired networks. 3 Award 1 mark for each bullet point up to a maximum of 3 marks: Wireless networks are essentially broadcast networks between access points and devices Ease of spoofing/mitm The boundary of a wireless network is limited only by signal strength A wireless signal can usually be received outside of the building in which the network is based b) State the THREE (3) functions of a Remote Authentication Dial In User Service (RADIUS) server. 3 Award 1 mark for each bullet point up to a maximum of 3 marks: Authenticating users and/or devices and providing permission for them to access the network Authorising users and/or devices for specific services on the network Accounting for usage of network services c) Explain how a RADIUS authentication server is used in the IEEE 802.1X authentication process. 4 Award 1 mark for each bullet point up to a maximum of 4 marks: The authenticator (access point) transmits EAP-Request Identity frames Supplicant (client) listens and responds with an EAP-Response Identity frame containing an identifier, e.g. user ID Authenticator then encapsulates this in a RADIUS Access-Request packet and sends to authentication server Authentication server replies to the authenticator with EAP Request specifying the EAP Method and authenticator transmits this to supplicant Total: 10 Page 10 of 14

11 Question 9 a) State THREE (3) steps to follow in configuring a static packet filter on a company network. 3 Award 1 mark for each bullet point up to a maximum of 3 marks: Decide what traffic to permit and what traffic to block, this is determined by nature of business and assessment of security risks Define this as a set of rules that allow and block that traffic Translate these rules into a language that the router or other device understands which may be vendor specific b) Identify SEVEN (7) types of information that should be included in an access control list for each rule in a static packet filter. 7 Award 1 mark for each point up to a maximum of 7 marks: Source IP address the IP address of the sender Source port the port used to send the traffic Destination IP address the IP address of the receiver Destination port the port used to receive the traffic Action - block/allow Comments - allow a brief text explanation Protocol - any specific protocol to allow or block Total: 10 Page 11 of 14

12 Question 10 a) Describe a typical user authentication process that uses a password for authentication. 4 Award 1 mark for each bullet point up to a maximum of 4 marks: The user supplies a username and password to the system The system looks up the username in the relevant database table The system checks that username, password pair exists The system provides system access to the user usually via some form of token or session variable b) Why is it important that users are not allowed to create their own passwords without ensuring that the password they create is strong? 2 Award 1 mark for each bullet point up to a maximum of 2 marks: Users tend to pick weak passwords if allowed, password is a typical example Weak passwords are very easy to crack via dictionary attack c) Describe TWO (2) methods that are commonly used to ensure that users have strong passwords. 2 Award 1 mark for each bullet point up to a maximum of 2 marks: Ensuring that a set of rules are attached to password creation that ensure the password is strong, e.g. it must be at least 8 characters long, cannot include the user name, must have a combination of upper-case letters, lower-case letters, numbers and special characters The system creates its own passwords and sends them to the user d) State TWO (2) potential security problems with complex passwords. 2 Award 1 mark for each bullet point up to a maximum of 2 marks: Users find it difficult to remember the password They therefore write it down and typically store it near their computer thus proving to be a great security risk Total 10 End of Examination Paper Page 12 of 14

13 Learning Outcomes matrix Question Learning Outcomes assessed 1 1 Yes 2 2 Yes 3 3 Yes 4 3, 4 Yes 5 5, 6 Yes 6 7 Yes 7 8 Yes 8 9 Yes 9 7 Yes 10 5 Yes Marker can differentiate between varying levels of achievement Page 13 of 14

14 Grade descriptors Learning Outcome Pass Merit Distinction Understand the most common types of cryptographic algorithm Demonstrate adequate understanding of common types of cryptographic Demonstrate robust understanding of common types of cryptographic algorithm Demonstrate highly comprehensive understanding of common types of cryptographic Understand the Public-key Infrastructure Understand security protocols for protecting data on networks Be able to digitally sign s and files Understand Vulnerability Assessments and the weakness of using passwords for authentication Be able to perform simple vulnerability assessments and password audits Be able to configure simple firewall architectures Understand Virtual Private Networks Be able to deploy wireless security algorithm Demonstrate adequate level of understanding Demonstrate adequate understanding of security protocols Demonstrate ability to perform the task Demonstrate adequate level of understanding Demonstrate ability to perform the task Demonstrate adequate level of understanding and ability Demonstrate adequate level of understanding Demonstrate ability to perform the task Demonstrate robust level of understanding Demonstrate robust understanding of security protocols Demonstrate ability to perform the task consistently well Demonstrate robust level of understanding Demonstrate ability to perform the task consistently well Demonstrate robust level of understanding and ability Demonstrate robust level of understanding Demonstrate ability to perform the task consistently well algorithm Demonstrate highly comprehensive level of understanding Demonstrate highly comprehensive understanding of security protocols Demonstrate ability to perform the task to the highest standard Demonstrate highly comprehensive level of understanding Demonstrate ability to perform the task to the highest standard Demonstrate highly comprehensive level of understanding and ability Demonstrate highly comprehensive level of understanding Demonstrate ability to perform the task to the highest standard Page 14 of 14

Network Security and Cryptography. December Sample Exam Marking Scheme

Network Security and Cryptography. December Sample Exam Marking Scheme Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers

More information

Indicate whether the statement is true or false.

Indicate whether the statement is true or false. Indicate whether the statement is true or false. 1. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall s database or violations of those rules. 2.

More information

HP Instant Support Enterprise Edition (ISEE) Security overview

HP Instant Support Enterprise Edition (ISEE) Security overview HP Instant Support Enterprise Edition (ISEE) Security overview Advanced Configuration A.03.50 Mike Brandon Interex 03 / 30, 2004 2003 Hewlett-Packard Development Company, L.P. The information contained

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through

More information

Exam Questions SY0-401

Exam Questions SY0-401 Exam Questions SY0-401 CompTIA Security+ Certification https://www.2passeasy.com/dumps/sy0-401/ 1. A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened

More information

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The

More information

(2½ hours) Total Marks: 75

(2½ hours) Total Marks: 75 (2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.

More information

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم بنام خدا تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم امنیت بخشی به سیستمهای فناوری اطالعات Securing Information Systems 1 Learning Objectives Describe the business value of security and control.

More information

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

key distribution requirements for public key algorithms asymmetric (or public) key algorithms topics: cis3.2 electronic commerce 24 april 2006 lecture # 22 internet security (part 2) finish from last time: symmetric (single key) and asymmetric (public key) methods different cryptographic systems

More information

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure

More information

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros

More information

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Distributed Systems. Lecture 14: Security. Distributed Systems 1 06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication

More information

Distributed Systems. Lecture 14: Security. 5 March,

Distributed Systems. Lecture 14: Security. 5 March, 06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication

More information

Advanced Security and Mobile Networks

Advanced Security and Mobile Networks WJ Buchanan. ASMN (1) Advanced Security and Mobile Networks Unit 1: Network Security Application Presentation Session Transport Network Data Link Physical OSI Application Transport Internet Internet model

More information

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography Principles of Information Security, Fourth Edition Chapter 8 Cryptography Learning Objectives Upon completion of this material, you should be able to: Chronicle the most significant events and discoveries

More information

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Exam : Title : Security Solutions for Systems Engineers. Version : Demo Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized

More information

Software Development Techniques. December Sample Exam Marking Scheme

Software Development Techniques. December Sample Exam Marking Scheme Software Development Techniques December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to

More information

Sample excerpt. Virtual Private Networks. Contents

Sample excerpt. Virtual Private Networks. Contents Contents Overview...................................................... 7-3.................................................... 7-5 Overview of...................................... 7-5 IPsec Headers...........................................

More information

1.264 Lecture 28. Cryptography: Asymmetric keys

1.264 Lecture 28. Cryptography: Asymmetric keys 1.264 Lecture 28 Cryptography: Asymmetric keys Next class: Anderson chapters 20. Exercise due before class (Reading doesn t cover same topics as lecture) 1 Asymmetric or public key encryption Receiver

More information

Fundamentals of Computing and Digital Literacy. Sample. Marking Scheme

Fundamentals of Computing and Digital Literacy. Sample. Marking Scheme Fundamentals of Computing and Digital Literacy Sample Marking Scheme This Marking Scheme has been prepared as a guide only to markers. This is not a set of model answers, nor is the Marking Scheme exclusive,

More information

Securing Wireless Networks by By Joe Klemencic Mon. Apr

Securing Wireless Networks by By Joe Klemencic Mon. Apr http://www.cymru.com/ Securing Wireless Networks by By Joe Klemencic (faz@home.com) Mon. Apr 30 2001 Many companies make attempts to embrace new technologies, but unfortunately, many of these new technologies

More information

Part 1. Lecturer: Prof. Mohamed Bettaz Coordinator: Prof. Mohamed Bettaz Internal Examiner: Dr. Mourad Maouche. Examination Paper

Part 1. Lecturer: Prof. Mohamed Bettaz Coordinator: Prof. Mohamed Bettaz Internal Examiner: Dr. Mourad Maouche. Examination Paper Philadelphia University Lecturer: Prof. Mohamed Bettaz Coordinator: Prof. Mohamed Bettaz Internal Examiner: Dr. Mourad Maouche Faculty of Information Technology Department of Computer Science Examination

More information

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide

More information

IT Exam Training online / Bootcamp

IT Exam Training online / Bootcamp DumpCollection IT Exam Training online / Bootcamp http://www.dumpcollection.com PDF and Testing Engine, study and practice Exam : 210-260 Title : Implementing Cisco Network Security Vendor : Cisco Version

More information

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a

More information

Configuring OpenVPN on pfsense

Configuring OpenVPN on pfsense Configuring OpenVPN on pfsense Configuring OpenVPN on pfsense Posted by Glenn on Dec 29, 2013 in Networking 0 comments In this article I will go through the configuration of OpenVPN on the pfsense platform.

More information

Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide

Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide Table of Contents INTRODUCTION... 4 SCENARIO OVERVIEW... 5 CONFIGURATION STEPS... 6 Core Site Configuration... 6 Generate Self-Issued Certificate

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users Learning Objectives Explain why authentication is a critical aspect of network security Explain

More information

Information Security in Corporation

Information Security in Corporation Information Security in Corporation System Vulnerability and Abuse Software Vulnerability Commercial software contains flaws that create security vulnerabilities. Hidden bugs (program code defects) Zero

More information

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by

More information

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide SonicWALL 6.2.0.0 Addendum A Supplement to the SonicWALL Internet Security Appliance User's Guide Contents SonicWALL Addendum 6.2.0.0... 3 New Network Features... 3 NAT with L2TP Client... 3 New Tools

More information

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder. Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/

More information

HikCentral V.1.1.x for Windows Hardening Guide

HikCentral V.1.1.x for Windows Hardening Guide HikCentral V.1.1.x for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1 Strict Password Policy... 2 1.2 Turn Off Windows Remote

More information

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security 1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of

More information

SMart esolutions Information Security

SMart esolutions Information Security Information Security Agenda What are SMart esolutions? What is Information Security? Definitions SMart esolutions Security Features Frequently Asked Questions 12/6/2004 2 What are SMart esolutions? SMart

More information

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013 Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive

More information

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2. P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and

More information

Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide

Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide Table of Contents SUPPORTED DEVICES... 5 INTRODUCTION... 6 GWN7000 VPN FEATURE... 7 OPENVPN CONFIGURATION... 8 OpenVPN

More information

CSC 4900 Computer Networks: Security Protocols (2)

CSC 4900 Computer Networks: Security Protocols (2) CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication

More information

Network Encryption Methods

Network Encryption Methods Network Encryption Network Encryption Methods CSC362, Information Security Objectives understanding the impact of employing encryption at different protocol layers application layer encryption transport

More information

Student ID: CS457: Computer Networking Date: 5/8/2007 Name:

Student ID: CS457: Computer Networking Date: 5/8/2007 Name: CS457: Computer Networking Date: 5/8/2007 Name: Instructions: 1. Be sure that you have 10 questions 2. Write your Student ID (email) at the top of every page 3. Be sure to complete the honor statement

More information

Network Access Flows APPENDIXB

Network Access Flows APPENDIXB APPENDIXB This appendix describes the authentication flows in Cisco Identity Services Engine (ISE) by using RADIUS-based Extensible Authentication Protocol (EAP) and non-eap protocols. Authentication verifies

More information

CTS2134 Introduction to Networking. Module 08: Network Security

CTS2134 Introduction to Networking. Module 08: Network Security CTS2134 Introduction to Networking Module 08: Network Security Denial of Service (DoS) DoS (Denial of Service) attack impacts system availability by flooding the target system with traffic or by exploiting

More information

Choosing The Best Firewall Gerhard Cronje April 10, 2001

Choosing The Best Firewall Gerhard Cronje April 10, 2001 Choosing The Best Firewall Gerhard Cronje April 10, 2001 1. Introduction Due to the phenomenal growth of the Internet in the last couple of year s companies find it hard to operate without a presence on

More information

Data Communication and Network. Introducing Networks

Data Communication and Network. Introducing Networks Data Communication and Network Introducing Networks Introduction to Networking Computer network, or simply network Refers to the connection of two or more computers by some type of medium You can connect

More information

INTRODUCTION TO ICT.

INTRODUCTION TO ICT. INTRODUCTION TO ICT. (Introducing Basic Network Concepts) Lecture # 24-25 By: M.Nadeem Akhtar. Department of CS & IT. URL: https://sites.google.com/site/nadeemcsuoliict/home/lectures 1 INTRODUCTION TO

More information

Cryptanalysis. Ed Crowley

Cryptanalysis. Ed Crowley Cryptanalysis Ed Crowley 1 Topics Cryptanalysis History Modern Cryptanalysis Characterization of Cryptanalysis Attacks Attack Types 2 Cryptanalysis Science of cracking ciphers and codes, decoding secrets,

More information

Sample Exam IT-Security Foundation

Sample Exam IT-Security Foundation Sample Exam Sample Exam IT-Security Foundation SECO-Institute issues the official IT-Security courseware to accredited training centres where students are trained by accredited instructors. Students can

More information

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message

More information

Computers and Security

Computers and Security The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright

More information

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two

More information

Cryptography ThreeB. Ed Crowley. Fall 08

Cryptography ThreeB. Ed Crowley. Fall 08 Cryptography ThreeB Ed Crowley Fall 08 Cryptanalysis History Modern Cryptanalysis Characterization of Cryptanalysis Attacks Attack Types Cryptanalysis. Science of cracking ciphers and codes, decoding secrets,

More information

Digital Certificates Demystified

Digital Certificates Demystified Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates

More information

WHITE PAPER. Authentication and Encryption Design

WHITE PAPER. Authentication and Encryption Design WHITE PAPER Authentication and Encryption Design Table of Contents Introduction Applications and Services Account Creation Two-step Verification Authentication Passphrase Management Email Message Encryption

More information

14. Internet Security (J. Kurose)

14. Internet Security (J. Kurose) 14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:

More information

VPN Overview. VPN Types

VPN Overview. VPN Types VPN Types A virtual private network (VPN) connection establishes a secure tunnel between endpoints over a public network such as the Internet. This chapter applies to Site-to-site VPNs on Firepower Threat

More information

HikCentral V1.3 for Windows Hardening Guide

HikCentral V1.3 for Windows Hardening Guide HikCentral V1.3 for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1Strict Password Policy... 2 1.2Turn Off Windows Remote

More information

Network Encryption 3 4/20/17

Network Encryption 3 4/20/17 The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server

More information

Service Managed Gateway TM. Configuring IPSec VPN

Service Managed Gateway TM. Configuring IPSec VPN Service Managed Gateway TM Configuring IPSec VPN Issue 1.2 Date 12 November 2010 1: Introduction 1 Introduction... 3 1.1 What is a VPN?... 3 1.2 The benefits of an Internet-based VPN... 3 1.3 Tunnelling

More information

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N CompTIA Network+ (Exam N10-007) Course Description: CompTIA Network+ is the first certification IT professionals specializing in network administration and support should earn. Network+ is aimed at IT

More information

Cryptography (Overview)

Cryptography (Overview) Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography

More information

Software Development Techniques. 26 November Marking Scheme

Software Development Techniques. 26 November Marking Scheme Software Development Techniques 26 November 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,

More information

802.1x Port Based Authentication

802.1x Port Based Authentication 802.1x Port Based Authentication Johan Loos Johan at accessdenied.be Who? Independent Information Security Consultant and Trainer Vulnerability Management and Assessment Wireless Security Next-Generation

More information

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME, 1 The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME, PGP), client/server (Kerberos), Web access (Secure Sockets

More information

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Google Cloud Platform: Customer Responsibility Matrix. April 2017 Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder

More information

Module 13 Network Security. Version 1 ECE, IIT Kharagpur

Module 13 Network Security. Version 1 ECE, IIT Kharagpur Module 13 Network Security Lesson 40 Network Security 13.1.1 INTRODUCTION Network Security assumes a great importance in the current age. In this chapter we shall look at some of the security measures

More information

Most Common Security Threats (cont.)

Most Common Security Threats (cont.) Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?

More information

Networking interview questions

Networking interview questions Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected

More information

Recommendations for Device Provisioning Security

Recommendations for Device Provisioning Security Internet Telephony Services Providers Association Recommendations for Device Provisioning Security Version 2 May 2017 Contact: team@itspa.org.uk Contents Summary... 3 Introduction... 3 Risks... 4 Automatic

More information

CSC Network Security

CSC Network Security CSC 474 -- Security Topic 9. Firewalls CSC 474 Dr. Peng Ning 1 Outline Overview of Firewalls Filtering Firewalls Proxy Servers CSC 474 Dr. Peng Ning 2 Overview of Firewalls CSC 474 Dr. Peng Ning 3 1 Internet

More information

PCI DSS and VNC Connect

PCI DSS and VNC Connect VNC Connect security whitepaper PCI DSS and VNC Connect Version 1.2 VNC Connect security whitepaper Contents What is PCI DSS?... 3 How does VNC Connect enable PCI compliance?... 4 Build and maintain a

More information

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005 Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks

More information

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to 1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats

More information

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology

More information

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.). Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 2 M.M:50 The question paper contains 40 multiple choice questions with four choices and students will have to pick the

More information

The following chart provides the breakdown of exam as to the weight of each section of the exam.

The following chart provides the breakdown of exam as to the weight of each section of the exam. Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those

More information

Why Firewalls? Firewall Characteristics

Why Firewalls? Firewall Characteristics Why Firewalls? Firewalls are effective to: Protect local systems. Protect network-based security threats. Provide secured and controlled access to Internet. Provide restricted and controlled access from

More information

ITEC 3800 Data Communication and Network. Introducing Networks

ITEC 3800 Data Communication and Network. Introducing Networks ITEC 3800 Data Communication and Network Introducing Networks Introduction to Networking Computer network, or simply network Refers to the connection of two or more computers by some type of medium You

More information

Simple and Powerful Security for PCI DSS

Simple and Powerful Security for PCI DSS Simple and Powerful Security for PCI DSS The regulations AccessEnforcer helps check off your list. Most merchants think they are too small to be targeted by hackers. In fact, their small size makes them

More information

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL Q&A PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL This document answers questions about Protected Extensible Authentication Protocol. OVERVIEW Q. What is Protected Extensible Authentication Protocol? A.

More information

Virtual Private Networks (VPNs)

Virtual Private Networks (VPNs) CHAPTER 19 Virtual Private Networks (VPNs) Virtual private network is defined as customer connectivity deployed on a shared infrastructure with the same policies as a private network. The shared infrastructure

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Google Cloud Platform: Customer Responsibility Matrix. December 2018 Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect

More information

Assignment front sheet

Assignment front sheet Criteria reference To achieve the criteria the evidence must show that the student is able to: Task no. Page numbers P1 Outline the web architecture and components which enable internet and web functionality.

More information

Chapter 6: Security of higher layers. (network security)

Chapter 6: Security of higher layers. (network security) Chapter 6: Security of higher layers (network security) Outline TLS SET 1. TLS History of TLS SSL = Secure Socket Layer defined by Netscape normalized as TLS TLS = Transport Layer Security between TCP

More information

BCA III Network security and Cryptography Examination-2016 Model Paper 1

BCA III Network security and Cryptography Examination-2016 Model Paper 1 Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct

More information

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 7 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2016. (section 8.8) Also

More information

Application of Cryptographic Systems. Securing Networks. Chapter 3 Part 4 of 4 CA M S Mehta, FCA

Application of Cryptographic Systems. Securing Networks. Chapter 3 Part 4 of 4 CA M S Mehta, FCA Application of Cryptographic Systems Securing Networks Chapter 3 Part 4 of 4 CA M S Mehta, FCA 1 Application of Cryptographic Systems Learning Objectives Task Statements 1.3 Recognise function of Telecommunications

More information

iii PPTP... 7 L2TP/IPsec... 7 Pre-shared keys (L2TP/IPsec)... 8 X.509 certificates (L2TP/IPsec)... 8 IPsec Architecture... 11

iii PPTP... 7 L2TP/IPsec... 7 Pre-shared keys (L2TP/IPsec)... 8 X.509 certificates (L2TP/IPsec)... 8 IPsec Architecture... 11 iii PPTP................................................................................ 7 L2TP/IPsec........................................................................... 7 Pre-shared keys (L2TP/IPsec)............................................................

More information

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure Question Number (ID) : 1 (jaamsp_mngnwi-088) You are the administrator for medium-sized network with many users who connect remotely. You have configured a server running Microsoft Windows Server 2003,

More information

Security. Reliability

Security. Reliability Security The Emizon network is capable of providing a secure monitored service using Internet Protocol (IP) over both fixed line and wireless networks such as GSM GPRS. The protocol used in the Emizon

More information

Revised (10/17) Overview Transmission Toolkit

Revised (10/17) Overview Transmission Toolkit Revised (10/17) Overview Transmission Toolkit Copyright 2017 by KeyBank, N.A. Overview Transmission Toolkit All rights reserved. Reproduction of any part of this work beyond that permitted by Section 107

More information

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government

More information

Network Security. Thierry Sans

Network Security. Thierry Sans Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability

More information

Microsoft Exam Security fundamentals Version: 9.0 [ Total Questions: 123 ]

Microsoft Exam Security fundamentals Version: 9.0 [ Total Questions: 123 ] s@lm@n Microsoft Exam 98-367 Security fundamentals Version: 9.0 [ Total Questions: 123 ] Question No : 1 The Active Directory controls, enforces, and assigns security policies and access rights for all

More information

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.

More information

Ready Theatre Systems RTS POS

Ready Theatre Systems RTS POS Ready Theatre Systems RTS POS PCI PA-DSS Implementation Guide Revision: 2.0 September, 2010 Ready Theatre Systems, LLC - www.rts-solutions.com Table of Contents: Introduction to PCI PA DSS Compliance 2

More information

Sirindhorn International Institute of Technology Thammasat University

Sirindhorn International Institute of Technology Thammasat University Name.............................. ID............... Section...... Seat No...... Sirindhorn International Institute of Technology Thammasat University Course Title: IT Security Instructor: Steven Gordon

More information

Second Semester Examination Higher National Diploma in Information Technology First Year

Second Semester Examination Higher National Diploma in Information Technology First Year Q1). Second Semester Examination -2011 Higher National Diploma in Information Technology First Year IT2004 - Introduction to Data Communication and Networks No of pages: 17 Marking Scheme a) Define Analog

More information

CYBER SECURITY MADE SIMPLE

CYBER SECURITY MADE SIMPLE CYBER SECURITY MADE SIMPLE Author: Christopher Gorog www.logiccentral.org www.newcyberfrontier.com Christopher Gorog, MBA, PMP, CISSP Lead Faculty for Cybersecurity at Colorado Technical University; Published

More information