Assignment 1
Due: August 25, 2009, Midnight EST
Total: 40
- One of the most astounding side-effects of the Internet is how readily accessible information is about individuals, organizations, and computer systems. This assignment is designed to give you some experience in obtaining this information. 10 points
a. Use NSLookup to determine the IP address of csc.columbusstate.edu and sail-1.colstate.edu
b. Determine who administers these computers and any other information readily available about the network. You may use any websites or tools like ARIN, Neotrace, Whois, or other open source public information. You now have all kinds of information that would allow you to take advantage of vulnerabilities at that site.
c. Repeat this process for your place of employment or the school where you obtained your undergraduate degree.
d. Write down the information that you received about Columbus State University and your place of employment. Discuss ways that an attacker could exploit this information.
- Complete the following matrix to show the relationship between X.800 security services and network security attacks. If a service attempts to provide some guard against an attack, write “X” in the corresponding cell. For example, peer entity authentication attempts to provide confidence that an entity is not trying to masquerade. So the corresponding cell will contain X. If there is no relation between a service and an attack, keep that cell empty. 10 pts
|
Services |
Release of message content |
Traffic analysis |
Masquerade |
Replay |
Modification of messages |
Denial of service |
|
Peer entity authentication |
|
|
|
|
|
|
|
Data origin authentication |
|
|
|
|
|
|
|
Access control |
|
|
|
|
|
|
|
Confidentiality |
|
|
|
|
|
|
|
Traffic flow confidentiality |
|
|
|
|
|
|
|
Data integrity |
|
|
|
|
|
|
|
Non-repudiation |
|
|
|
|
|
|
|
Availability |
|
|
|
|
|
|
- Complete the following matrix to show the relationship between X.800 mechanisms and network security attacks in the same way as the previous problem. 10 pts
|
Mechanisms |
Release of message content |
Traffic analysis |
Masquerade |
Replay |
Modification of messages |
Denial of service |
|
Encipherment |
|
|
|
|
|
|
|
Digital signature |
|
|
|
|
|
|
|
Access control |
|
|
|
|
|
|
|
Data integrity |
|
|
|
|
|
|
|
Authentication exchange |
|
|
|
|
|
|
|
Traffic padding |
|
|
|
|
|
|
|
Routing control |
|
|
|
|
|
|
|
Notarization |
|
|
|
|
|
|
- Consider the following way of confirming that two persons A and B possess the same secret key. A creates a random bit string with same length as the key, XORs it with the key and sends the result (in plaintext) to B. B XORs the incoming block with the key and sends the resultant string back to A.
a. After getting the resultant string from B, how can A determine whether she has the same key as B? 5 pts
b. Does this scheme have any security flaw? In other words, can a third person achieve the key? 5 pts
XOR Operation:
A bitwise exclusive or takes two bit patterns of equal length and performs the logical XOR operation on each pair of corresponding bits. The result in each position is 1 if the two bits are different, and 0 if they are the same. For example:
0101
XOR 0011
= 0110