Cash-back offer from May 7th to 12th, 2024: Get a flat 10% cash-back credited to your account for a minimum transaction of $50.Post Your Questions Today!

Coursemerits Online Homework Help
Question DetailsNormal
$ 69.00

CSEC 640 Final Exam complete solution correct answer key

Question posted by
Online Tutor Profile
request

CSEC 640 Final Exam complete solution correct answer key

This test is open book and open note. All work, however, must be your own. You are not allowed to discuss this exam with anyone else.

Points will be awarded or deducted based upon:

  • The answer displays a sound understanding of the subject matter and course material.
  • The support used in the answer corresponds to the information sought in the question
  • The explanation displays a sound and thorough understanding of the matter in question.
  • The answer reflects the student’s own thoughtful consideration of the material. You must quote and reference sources that include all 11 modules, the Lab, papers, discussion posts and other external sources.  Please cite your sources properly using APA 6th Edition notation and include a reference section at the end of your exam that will be comprehensive of all questions. 

Partial credit will be given as appropriate. Do not leave any problem blank.  Some questions have no right or wrong answers.  If you encounter a problem that you don’t know the answer, make a logical guess (I would like to see how you think and react).

The final exam will cover the following study areas:

 

·         All 11 modules

·         Lab 1 and Lab 2 (especially Lab 2)

·         Reading List

·         Discussions postings

 

The exam is graded over 100 points.  There are 8 questions, and the maximum point values are included with each question.  Your answers should be complete and supported by graphs, charts, and table summaries.   Each answer should have about 800 words (about 2 pages) excluding diagrams, illustrations or other addendum, and bibliography. 

The exam must be in MS Word and named as follows:

 

             [LastName]_[FirstName]_Final_Exam.docx

             Example:

             Fernandez_Rolando_Final_Exam.docx

----------------------------------------------------------------------------------------------------------

Honor Pledge

This exam is my own work. I received no assistance from any other individual, commercial entity, or unauthorized source.

I understand that suspected violations of the academic integrity policy of the University of Maryland University College will be processed in accordance to the Procedures for Handling Charges of Alleged Academic Dishonesty outlined in Policy 150.25 - Academic Dishonesty and Plagiarism (http://www.umuc.edu/policy/aa15025.shtml).

In typing my name following the word 'Signature', I intend that this certification will have the same authority and authenticity as a document executed with my hand-written signature.

 

Signature: [Insert your name here]

Date:  [Insert date here]

1.  [16 points total, TCP/IP]

a.   Unlike IP fragmentation (which can be done by intermediate devices), IP reassembly can be done only at the final destination. What problems do you see if IP reassembly is attempted in intermediate devices like routers? [8 points]

Answer:

 

b. Let’s assume that Host A (receiver) receives a TCP segment from Host B (sender) with an out-of-order sequence number that is higher than expected as shown in the diagram. Then, what do Host A (receiver) and host B (sender) do? [8 points]

 

Answer:

 

2. Describe or propose a way to detect ARP spoofing attack. What could be a possible weakness in your proposed method? Please do not discuss any prevention method (e.g., port security is an example of a preventive method). [8  points]

Answer:

 

3.  [Wireless LAN Security-WEP] What is the main difference between the FMS attack and Chopchop attack? Clearly explain your answer [8 points]

Answer:

 

4.   A huge enterprise decides to use a symmetric encryption to protect routing update messages between its own routers (i.e. entire routing update messages are encrypted by a strong shared symmetric key). They think this will prevent routing table modification attacks. Do you think their decision is appropriate? Do you see any problems or issues with their decision? [10 points]

Answer:

 

5. An ACK scan does not provide information about whether a target machine’s ports are open or closed, but rather whether or not access to those ports is being blocked by a firewall. If there is no response or an ICMP “destination unreachable” packet is received as a response, then the port is blocked by a firewall. If the scanned port replies with a RST packet, then ACK packet reached its intended host. So the target port is not being filtered by a firewall. Note, however, that port itself may be open or closed.

Describe at least 2 rules that could be used by Snort to detect an ACK scan. Cleary express your assumption and explain your rules. Do you think Bro can do a better job detecting an ACK scan? Explain your answer. [15 points]

Answer:

 

6. Explain the main difference between SQL injection and XSS attacks. [10 points]

Answer:

 

7.  [24 points] As shown in the above diagram, Kevin, the system admin, installed a text-message sender and a text-message receiver in a Multi-Level-Secure (MLS) environment. In the MLS environment, two security levels exist (i.e., Unclassified (Low) and Classified (High) levels). His goal is to enforce the Bell-La Padula (BLP) access control model in the network. In a nut shell, the BLP model defines two mandatory access control rules:

 

  • No Read Up Rule: a subject (Low) at a lower security level must not read an object (High) at a higher security level. Simply, a Low entity cannot have read-access to a High object.
  • No Write Down Rule: a subject (High) at a higher security level must not write to any object (Low) at a lower security level. Simply, a High entity cannot have a write-access to a Low object.

 

In this scenario, enforcing the BLP model means no confidential information flows from Classified LAN (High) to Unclassified LAN (Low). However, information can still flow from Unclassified LAN to Classified LAN.

 

To achieve his goal, he configured both text message sender and receiver as follows:

  • The text message sender is configured to send a text message to the text message receiver via TCP/IP protocol.
  • The text message receiver is configured to receive a simple text message from the sender via TCP/IP protocol.
  • The following IP/port is  given to each machine:
    • Text message sender : 192.168.2.2 and port 9898 is open
    • Text message receiver: 192.168.3.3 and port 9999 is open
    •  A text message is allowed to be sent only from port 9898 of 192.168.2.2 (sender) host to port 9999 of 192.168.3.3 (receiver) host. 

 

Part A) As you can see from the diagram above, the text message sender and receiver have been compromised by the adversary and the Trojan, respectively. However, the router with Snort IDS installed (router/snort) is securely protected and can be fully trusted.

Write at least 2 efficient Snort rules and at least 5 access control lists which will be implemented on the router/snort to detect or block confidential information leakage from High to Low. Write your rationale for writing your rules and access control lists.  For example, if the text message receiver (Trojan at High LAN) attempts to send a text message (confidential information) to the text message sender (the adversary at Low LAN), the attempt will be either blocked by your access control list(s) or detected by your snort rule(s).

At least one access control list must be included.  [15 points]

Hint: Access control lists are discussed in Module 10 and snort rules are covered in Module 7 as well as Lab2.  To see more snort options, please refer to chapter 3 of Snort User Manual 2.9.1 by the Snort Project (link: http://www.snort.org/assets/166/snort_manual.pdf)

Answer:

 

Part B) Describe a way for the Trojan to covertly transmit 4 characters (e.g., A, B, C and D) to the adversary without being detected or blocked by your rules and access control lists provided in Part A.  

[9 points].

 

 

Answer:

 

8. [topic: IPsec VPN] What do you think are the advantages & disadvantages of using both AH and ESP protocols on the same end to end IPsec connection (transport mode)? In addition, it is recommended that the ESP protocol should be performed before the AH protocol. Why is this approach recommended rather than authentication (AH) before encryption (ESP)? [9 points]

Answer:

 

Available Answer
$ 69.00

[Solved] CSEC 640 Final Exam complete solution correct answer key

  • This Solution has been Purchased 3 time
  • Submitted On 21 Jul, 2015 09:10:09
Answer posted by
Online Tutor Profile
solution
Answer 1 Ip fragmentation and reassembly are total different mechanism and not identical to each other. The main difference between two of them is that the intermediate routers perform fragmentation and they do not perform reassembly of an IP datagram. The reassembly takes place at receiver site. When the data travels over the internet, intermediate routers divide the whole information into smaller segments known as packets (datagram’s). There are thousands reasons why reassembly of an IP datagram has to made on receiver side. The substantial reason is that the packets can take different routes so that they can reach their real destination. ('IP fragment reassembly vulnerability', 2000) This mean is that the whole information goes through multiple routers. Hence, multiple paths are available to transmit data. If the task of reassembly is handed over to intermediate routers then all fragments of a message are unavailable. The intermediate router is unable to see all the fragments. System becomes more complex if reassembly carries out by the middle routers. Apart from them, there are thousands of drawbacks associated if reassembly attempts while the data is being sent. If reassembly begins in intermediate routers then there are high chances of data loss or obscure information. The entire message becomes corrupted because of missing fragment. If intermediate has to take place at intermediate routers, buffers resources are needed. All parts of the datagram have to go through intermediate nodes for proper reassembly, which might halt the process of dynamic routing. The main task of an intermediate router is to perform fragmentation, not to do reassembling. The end device has full privilege to reassemble the fragments. We got a reason for that. (a) The fragments follow the concept of packet switching instead of circuit switching. This means datagram can may follow different paths instead of one. There are thousands chances that one router may receive only few fragments of a packet. It is not in proper situation to get all the needed fragments. Hence, this halts the continue flow of data and might pose some problems. If router has capability to receive all the fragments, it is futile to put an extra pressure on a router and this pressure slows down the working of an intermediate router. Part 2 In the above scenario, we can see clearly that Host B sends two tcp segments of 100 bytes each. One segment is lost during the data transmission and flow of data is unidirectional. The receiver receives the TCP segment NO 2 which is out of order. The receiver puts the data in its buffer after leaving a gap to show that data is still missing and yet to receive. Acknowledgement is sent back to the sender displaying the next byte it expects. It is important to note that the receiver stores bytes 201 – 300, but these bytes are not delivered to the application till the missing space is filled. There is one RTO timer lying on sender TCP for entire duration of connection. When TCP segment 1 times out, then TCP resends the missing segment again. Host A successfully receives the missing segment and put in its buffer. When the whole data is in proper sequence, it sends to the process. This way is very useful and beneficial for proper flow of data. After retransmission of the missing segment, host A can successfully receive the whole information without any obstacle after reassembling is over. Answer 2 Arp stands for address resolution protocol that does not possess authentication procedure so that true identity of the initiator can be verified. This networking protocol holds a long history and lacks immunity against spoofing attacks. It is considered that ARP spoofing is the first stair that leads to various attacks such DoS, man in the middle attack etc. The world is still using passive mechanism for the detection of spoofing attack. This method does not hold good reputation because it got a lot of drawbacks. There is a time lag between detection and learning, which is the main of its less popularity. Sometimes, the system is unable to grab the neck of an attacker and come to know about this event long after. The active approach is an alternative to overcome from this situation. This approach is better, incredible faster as compared to passive approach in figuring out ARP spoofing attacks. This is just not enough because it has capability to detect the real mapping of MAC to ip address. The active approach has been chosen that divides our detection in different modules. ARP sniffer module: The main task of this module is to collect all the needed traffic from every inch of the network. MHAD module: - The main job of this module is to divide all the traffic into two different categories. These categories are inconsistent and consistent header ARP packets respectively. KTFM: - It stands for known traffic module whose main task is to perform filtering of all the traffic. The packet will be dropped by it if the internet protocol to MAC mapping is systematic. If contradiction exists then alarm will be raised. The main task of spoof detection engine is to done verification of new ARP packets and they do not have known address. SDE module: - It stands for spoof detection engine module which is the prominent engine to detect anything related with ARP spoofing. It receives input in the form of consistent header ARP packets. It has thousands of responsibilities on its shoulder and comes with deep complexity. Database module: - When the verification of legitimate ARP entries done, then these entries are sent to host database. Spoof alarm module: - An alarm will be raised by this module if it detects arp spoofing. It immediately sends a mail, text to the administrator who is eagerly waiting for such moment. Hence, a lot of pressure on network administrator shoulders has already been reduced. We can clearly from the above diagram that ARP sniffer collects the entire ARP traffic from every part of its local area network. The next module receives input from the previous module and then sent to ...
Buy now to view the complete solution
attachment
Attachment
Other Similar Questions
User Profile
vpqnr...

CSEC 640 Final Exam complete solution correct answer key

Answer 1 Ip fragmentation and reassembly are total different mechanism and not identical to each other. The main difference between two of them is that the intermediate routers perform fragmentation and they do not perform re...

The benefits of buying study notes from CourseMerits

homeworkhelptime
Assurance Of Timely Delivery
We value your patience, and to ensure you always receive your homework help within the promised time, our dedicated team of tutors begins their work as soon as the request arrives.
tutoring
Best Price In The Market
All the services that are available on our page cost only a nominal amount of money. In fact, the prices are lower than the industry standards. You can always expect value for money from us.
tutorsupport
Uninterrupted 24/7 Support
Our customer support wing remains online 24x7 to provide you seamless assistance. Also, when you post a query or a request here, you can expect an immediate response from our side.
closebutton

$ 629.35

Confirm Cancel
Copyright © 2024 CourseMerits | All rights reserved
CourseMerits is not sponsored or endorsed by any college or university.