Computer and Network Security
1. Review Questions
(a) In key distribution and management, two types of keys are generally used: master key and session key. In WhatsApp Security, white paper, a key distribution and management mechanism has been employed for end-to-end encryption. Which of these keys will you categorize as a master? key and session key(s)? Explain your answer.
(b) For distribution of public keys, briefly describe why do we prefer public key certi_cates over public key authority.
(c) For SSL, following protocols are used: SSL handshake protocol; SSL change cipher spec protocol; SSL alert protocol; SSL record protocol. What is the function of SSL handshake protocol?
From your web browser, _gure out di_erent security parameters exchanged by SSL handshake protocol with
https://www.google.com.au/.
(d) What mechanisms can a virus use to conceal itself?
(e) What means can a worm use to access remote systems to propagate?
(f) What metrics are useful for pro_le-based intrusion detection?
2. Problems
(a) In your internet browser (Firefox, Chrome, or any of your favourite browser), view the Public Key certi_cate for www.google.com.au Provide a screenshot for the certi_cate you viewed.
Also, _gure out the values for the following _elds in the certi_cate. Please refer to Fig 14.15 in the book for di_erent _elds in the certi_cate.
1. what is the version of the certi_cate (X.509 version)
2. what is the certi_cate signature algorithm used?
3. what is the value of the certi_cate signature?
4. what is the public key in the certi_cate
5. what is the validity period of the certi_cate
(b) Assume you have found a USB memory stick in your work parking area. What threats might this pose to your work computer should you just plug the memory stick in and examine its contents? In particular, consider whether each of the malware propagation mechanisms we discuss could use such a memory stick for transport. What steps could you take to mitigate these threats and safely determine the contents of the memory stick?
(c) Suppose you observe that your home PC is responding very slowly to information requests from the net. And then you further observe that your network gateway shows high levels of network activity, even though you have closed your e-mail client, Web browser, and other programs that access the net. What types of malware could cause these symptoms? Discuss how the malware might have gained access to your system. What steps can you take to check whether this has occurred? If you do identify malware on your PC, how can you restore it to safe operation?
(d) Suppose you have a new smartphone and are excited about the range of apps available for it. You read about a really interesting new game that is available for your phone. You do a quick Web search for it and see that a version is available from one of the free marketplaces. When you download and start to install this app, you are asked to approve the access permissions granted to it. You see that it wants permission to Send SMS messages and to Access your address-book.
Should you be suspicious that a game wants these types of permissions? What threat might the app pose to your smartphone? Should you grant these permissions and proceed to install it? What types of malware might it be?
(e) A common management requirement is that "all external Web tra_c must ow via the organization's Web proxy." However, that requirement is easier stated than implemented. Discuss the various problems and issues, possible solutions, and limitations with supporting this requirement. In particular consider issues such as identifying exactly what constitutes "Web tra_c" and how it may be monitored, given the large range of ports and various protocols used by Web browsers and servers.