Assessment Item 3 Assessment 3 Value: 25% Due date: 28-Jan-2013 Return date: 18-Feb-2012 Submission method options EASTS (online) Task Task 1. Online Discussions (24 marks) Below are listed a set of...

1 answer below »
Assessment Item 3
Assessment 3
Value: 25%
Due date: 28-Jan-2013
Return date: 18-Feb-2012
Submission method options
EASTS (online)
Task
Task 1. Online Discussions (24 marks)
Below are listed a set of topics. You are required to conduct research and participate
in online/forum discussions on a topic from the set (total of seven topics). In your
discussion postings, you should try and address the following points:
• Provide information about the topic (discuss the topic, describe the relevant
technologies, applications of the technologies, clarify vague areas of other
students postings, etc.)
• Raise questions about the information provided by other students (this must be
done in an adequately professional manner)
• Respond to questions raised about your own information and other student's
• Contribute to discussions in general
Note that the aim of this task is:
• To build an understanding and perspective of current hot topics in Network
Security; and
• To build generic skills including, but not limited to
o A capacity for teamwork and collaboration
o An ability for critical thinking, analysis and problem solving
o Gaining or improving information technological literacy
o A capacity for lifelong learning and an appreciation of its necessity
As such, the more you contribute the development of these topics and related
discussion the more likely you will score well in this task.
Topics Set
1. The security risks associated with using passwords for internet authentication
2. The privacy implications of data collected by Google, Facebook and other
(social) networking sites
3. Encrypting more and more internet services with SSL (HTTPS) by default
4. The security risks around BYOD (Bring Your Own Device) in the workplace
5. The security risks around using Cloud Computing
6. The security risks to critical infrastructure (such as power, communication,
water) from malicious cyber attacks
7. Offering financial rewards for finding security vulnerabilities in software
Your submission
You are required to prepare and submit a report on your topic to address the following
questions:
1. Summarise the topic and the issues discussed. Discuss how your own posts
contributed to this knowledge.
2. Based on your own research, discuss whether or not the summary presented in
(1) is accurate.
3. Identify any important issue/s that you believe were not addressed, or not
addressed adequately in the discussions. Explain why you view this
issue/these issues as important.
4. Discuss what you believe to be the most important lesson you have learnt as
a result of these discussions. Explain the impact of this and its
application/impact in real life.
Task 2: Understanding RSA (12 marks)
The general method for constructing the parameters of the RSA cryptosystem can be
described as follows
• Select two primes ?? and ??
• Let ?? = ???? and determine Ø ?? = (?? - 1)(?? - 1)
• Randomly choose ?? in the range 1

• Determine ?? as the solution to ???? = 1 mod Ø ??
• Publish (??,??) as the public key
a) Show that a valid public key pair can still be constructed if we use only one prime
??, such that ?? = ?? and Ø ?? = (?? - 1).
b) If we use this “one-prime” RSA construction and publish the public key ??,?? ,
why is it easy to recover the secret key ???
c) Let ??????(??) denote the encryption of the message ?? using the pair ??,?? . Show
that the RSA encryption function has the following property for any two messages
??1 and ??2
?????? ??1 × ??2 = ?????? ??1 × ?????? ??2
That is, the encryption of a product is equal to the product of the encryptions.
Task 3: Security infrastructure and protocols (15 marks)
a) PKI and PGP are two methods for generating and managing public keys for use
in protocols such as secure email. Compare and contrast the trust models for
public keys used in PKI and PGP, and assess the statement that a PKI is a “topdown”
approach to trust and PGP is a “bottom-up” approach to trust.
b) The SSL protocol uses (X.509) certificates to create a secure session between a
server and a client in a web session. Discuss the browser-based trust model
assumed in SSL, and compare it with the trust model used in Kerberos.
Kerberos is designed to operate is a relatively small domain, such as a single
company. Discuss the practical issues around extending the Kerberos trust
model to a global scale, say to provide secure services between Amazon and its
customer base.
c) Both IPsec and SSL provide encrypted network communication, but at different
layers in the Internet protocol stack, and for different purposes. Compare and
contrast these two protocols, and describe the secure communication scenarios
they are best suited to address.
Rationale
This assessment item relates to the learning outcomes (subject objectives) and
provides an opportunity for you to
• Demonstrate factual knowledge, understanding and application of state-ofart
network security;
• Demonstrate ability to integrate and apply information from various topics and
to apply understanding and knowledge to a practical situation;
• Demonstrate ability to work in a team, sharing knowledge; and
• Demonstrate an understanding of the RSA cryptosystem
• Being able to provide coherent descriptions of network security protocols and
services, and be able to recognize the need for distinct protocols at different
layers in Internet security.
Marking Criteria
Task 1: Marking Scale
• Correct and concise summary of the issues discussed in forum (6 Marks)
• Analysis of the summary (4 Marks)
• Discussion of the important/missing issues not addressed in the forum (6 Marks)
• Discussion of the learning and exploring the impacts in real life (8 Marks)
Task 2: Marking Scale
a) Show that “one-prime” construction produces a valid public key (4 Marks)
b) Show the steps to recover ?? (4 Marks)
c) Mathematical argument to show the property (4 Marks)
Task 3: Marking Scale
a) Compare and contrast the trust models (5 Marks)
b) Compare and contrast the trust models (3 Marks), implementing Kerberos on a
large scale (2 marks)
c) Compare and contrast the protocols (3 Marks), best suited scenarios (2 Marks)
Requirements
• Your submission must be in a form readable by Microsoft Word format.
• Each question should be answered individually with the corresponding label to
indicate the tasks completed e.g. Task 1 a.
• Your submission must be not more than 10 pages long (including diagrams), must
have margins no less than 2cm, and font size no less than 12 point. Oversized
assignments will be penalised.
• A cover page (outside the page limit) must be included and should contain
relevant identifying information.
• Appropriate referencing (APA 6th edition) must be used throughout the document
with the bibliography not counted in the page limit.
• Your discussion postings are considered part of your assignment submission and
are thus subject to Faculty regulations for academic misconduct (including
plagiarism). As such, any text adapted from any source must be clearly labelled
and referenced. You should clearly indicate the start and end of any such text.
• Your discussion postings will be used required to complete your assignment but
do not directly form part of the assessment of the assignment. As such, no formal
feedback will be provided regarding your discussions.
005_g8ja95k-znechufi.pdf
Answered Same DayDec 23, 2021

Answer To: Assessment Item 3 Assessment 3 Value: 25% Due date: 28-Jan-2013 Return date: 18-Feb-2012 Submission...

David answered on Dec 23 2021
115 Votes
1

Task: 1a
The security risks associated with using passwords for internet authentication
Risks associated with the password security
Brute force: Brute Forcing of passwords is just guessing the password with several combinations
because most of the users uses default passwords or common passwords that are built into
applications such as date of birth , place of birth , boy friend name etc. These are all known and
usually easily guessable. But strong passwords are difficult for guessing because passwords having
some numerical numbers, if attackers want to guess it they need to perform permutations and
combinations. included with alphabets. Brute forcing of strong passwords is also becoming faster
and faster as technology continues to increase.
Most of the administrators will generates the passwords using following key set:
Numeric Total Characters : : Total numeric’s available on keyboard are 10
Alphabetic Total Characters : Total numeric’s available on keyboard are 26
Upper/Lower Total Characters : Total numeric’s available on keyboard are 52
Keyboard/Extended Total Characters : Total numeric’s available on keyboard are 33
To find the total number of potential combinations of characters for a fixed length password, take the
total number of possible characters(x) and raise to the power of the number of characters in a
password (y).
Task 1b.
The privacy implications of data collected by Google, Face book and other networking sites.
Social networks store information remotely, rather than on a user’s personal computer . Social
networking can be used to keep in touch with friends, make new contacts and find people with
similar interests and ideas. There are two kinds of information that can be gathered about a user from
a social network: information that is shared and information gathered through electronic tracking.
Information a user shares may include:
 Photos and other media
 Age and gender
 Biographical information (education, employment history, hometown, etc.)
 Status updates (also known as posts)
 Contacts
 Interests
 Geographical location
Social networks themselves do not necessarily guarantee the security of the information that has
been uploaded to a profile, even when those posts are set to be private. Because Information
2

Gathered Through Electronic Tracking Information may also be gathered from a user’s actions
online using ―cookies. Some cookies may include:
 Tracking which websites a user has viewed.
 Storing information associated with specific websites (such as items in a shopping cart).
 Tracking movement from one website to another.
 Building a profile around a user.
This personal information is available on social networking sites that can attracted malicious
people who seek to exploit this information. The same technologies that invite user participation also
make the sites easier to infect with malware that can shut down an organization’s networks, or
keystroke loggers that can steal credentials. Common social networking risks such as spear phishing,
social engineering, spoofing, and web application attacks attempt to steal a person’s identity. Such
attacks are often successful due to the assumption of being in a trusting environment social networks
create.
Task 1c.
Encrypting more and more internet services with SSL (HTTPS) by default
Encryption more more internet services with SSL (HTTP) by default because SSL protocols was
designed with 3 modules , each module performs encryption at each level that allows more secure
message exchange between Client and server . means three different protocols was developed as part
of SSL. That are
Handshake Protocol : The Handshake Protocol is used before any application data is transmitted.
The Handshake Protocol consists of a series of messages exchanged by the client and the server.
This protocol allows the server and client to authenticate each other and to negotiate an encryption
and MAC algorithm and cryptographic keys to be used to protect data sent in an SSL record.
Change CipherSpec Protocol , this protocol uses the SSL Record Protocol, This protocol consists
of a single message, which consists of a single byte with the value 1,the purpose of this message is to
cause the pending state to be copied into the current state, which updates the CipherSuite to be used
on this connection. This signal is used as a coordination signal.
Alert Protocol. : The Alert Protocol is used to convey SSL-related alerts to the peer entity. As with
other applications that use SSL, alert messages are compressed and encrypted, as specified by the
current state.
The message exchange procedure between client &server as follows:
Phase1: establish security capabilities: this phase is used to establish a logical connection and
establish the security capabilities that will be associated with it. The exchange is initiated by the
client which send hello message with several parameters.
Phase 2: Server authentication and key Exchange: the server begins this phase by sending it
certificate , if it needs to be authenticated. The message contains one or more X.509 certificates.
Then server key exchange message may sent .
3

Phase3: client authentication and key exchange: upon receipt of the server done message , the client
should be verify that the server provided a valid certificate if required and check that the server
hello parameters area acceptable. If all is satisfactory the client sends one or more messages back to
the server. If the server has requested a certificate the client begins this phase by sending a certificate
message , if no suitable certificate is available the client sends a no certificate alert. Next client key
exchange message, which must be sent in this phase. The content of the message depends on the
type key exchange .
Phase4:FINISH: this phase is completes the setting up on secure connection. The client sends a
change cipher sec message and copies the pending cipherspec into the current cipherSpec.
Task 1d.
The security risks around BYOD (Bring Your Own Device) in the workplace:
BYOD allows employees to use their own devices, including smart phones, tablets and notebooks,
to connect with corporate networks. The employees are happier and work more using devices they
like, without direct control of applications and usage on its network, a company cannot ensure the
security of its data and systems
Organizations can attempt to block BYOD, but that likely would be a losing fight, especially when
it’s CEOs and managing partners who want to access work systems with their siphons and iPads.
Instead, Cieslak recommends several steps organizations can take to mitigate the IT security risks
associated with mobile devices and BYOD.
1. Require the use of lock codes on mobile devices. Only users who know the code should be
able to access the device.
2. Prohibit the storage of work data on the device unless the data is encrypted.
3. Require all employees to sign agreements authorizing the organization to remotely erase all
files on any lost, stolen, or misplaced personal device with access to the organization’s
network.
4. Instruct employees to never use public Wi-Fi, such as in a coffee shop or airport, unless they
immediately route all traffic through a virtual private network (VPN), which creates an
encrypted connection between the mobile device (including laptops) and the host server over
the internet. In addition, employees should be encouraged to use secure websites (those with
―https‖ at the start of the address line) whenever possible. Many popular web apps, including
Gmail, Twitter, and Face book, offer such an option.
5....
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Have files?