This email address is being protected from spambots. You need JavaScript enabled to view it.
  • GooglePlus
live:topwrit

Get commendable grades in your paper today

Assignments Aid

Computer and Network Security Assignment

 

1. Review Questions

(a) 5 points In key distribution and management, two types of keys are generally used: master key

and session key. In WhatsApp Secuirty white paper, a key distribution and management mechanism

has been employed for end-to-end encryption. Which of these keys will you categorize as a master

key and session key(s)? Explain your answer.

(b) 3 points For distribution of public keys, brie

y describe why do we prefer public key certi ficates

over public key authority.

(c) 5 points For SSL, following protocols are used: SSL handshake protocol; SSL change cipher spec

protocol; SSL alert protocol; SSL record protocol. What is the function of SSL handshake protocol?

From your web browser, gure out di erent security parameters exchanged by SSL handshake

protocol with https://www.google.com.au/.

(d) 2 points What mechanisms can a virus use to conceal itself?

(e) 2 points What means can a worm use to access remote systems to propagate?

(f) 3 points What metrics are useful for pro le-based intrusion detection?

 

2. Problems

(a) 10 points In your internet browser (Firefox, Chrome, or any of your favourite browser), view the

Public Key certi cate for www.google.com.au Provide a screenshot for the certi cate you viewed.

Also, gure out the values for the following elds in the certi cate. Please refer to Fig 14.15 in the

book for di erent elds in the certi cate.

1. what is the version of the certi cate (X.509 version)

2. what is the certi cate signature algorithm used?

3. what is the value of the certi cate signature?

4. what is the public key in the certi cate

5. what is the validity period of the certi cate

(b) 5 points Assume you have found a USB memory stick in your work parking area. What threats

might this pose to your work computer should you just plug the memory stick in and examine its

contents? In particular, consider whether each of the malware propagation mechanisms we discuss

could use such a memory stick for transport. What steps could you take to mitigate these threats

and safely determine the contents of the memory stick?

(c) 5 points Suppose you observe that your home PC is responding very slowly to information requests

from the net. And then you further observe that your network gateway shows high levels of network

activity, even though you have closed your e-mail client, Web browser, and other programs that

access the net. What types of malware could cause these symptoms? Discuss how the malware

might have gained access to your system. What steps can you take to check whether this has

occurred? If you do identify malware on your PC, how can you restore it to safe operation?

(d) 5 points Suppose you have a new smartphone and are excited about the range of apps available

for it. You read about a really interesting new game that is available for your phone. You do a

quick Web search for it and see that a version is available from one of the free marketplaces. When

you download and start to install this app, you are asked to approve the access permissions granted

to it. You see that it wants permission to Send SMS messages and to Access your address-book.

Should you be suspicious that a game wants these types of permissions? What threat might the

app pose to your smartphone? Should you grant these permissions and proceed to install it? What

types of malware might it be?

(e) 5 points A common management requirement is that "all external Web trac must 

ow via the

organization's Web proxy." However, that requirement is easier stated than implemented. Discuss

the various problems and issues, possible solutions, and limitations with supporting this require-

ment. In particular consider issues such as identifying exactly what constitutes "Web trac" and

how it may be monitored, given the large range of ports and various protocols used by Web browsers

and servers.