UNIVERSITY OF COLOMBO, SRI LANKA

UNIVERSITY OF COLOMBO SCHOOL OF COMPUTING

MASTER OF SCIENCE IN INFORMATION SECURITY

FIRST SEMESTER EXAMINATION

Academic Year 2013/2014

MIS1104 – Network Security

TWO (2) HOURS

Answer All Questions

Important Instructions:

• The duration of the paper is 2 (two) hours.

• The medium of instruction and questions is English.
• This paper has 4 questions and 4 pages.
• Answer all questions (25 marks each).
• Write your answers in English in the Answer Book provided.
• Do not tear off any part of the answer book.
• Under no circumstances may the answer book, used or unused, be
removed from the Examination Hall by a candidate.
• Note that questions appear on both sides of the paper.
If a page is not printed, please inform the supervisor immediately.
• Non-programmable Calculators may be used.
1.

(a). Using a suitable diagram explain a process to build Hash Message Authentication
Code (HMAC) by using a typical Hash algorithm.
[4 Marks]

(b). Suppose the User A generates a symmetric key K1 and encrypts the symmetric key K1
with his public key P1. Then the User A sends encrypted symmetric key to User B.

(i). Can User B retrieve the symmetric key K1? If your answer is “YES’’,
describe the decryption scheme. If your answer is “NO”, describe the correct
encryption scheme.
[4 Marks]

(ii). Suppose User B would like to authenticate the symmetric key K1. How do
you implement such authentication scheme?
[4 Marks]

(c). List three (3) ISO security services provided by Secure Socket Layer (SSL) protocol.
[3 Marks]

(d). What is the purpose of the following Open SSL command? Which files will be created
as the result of the command?
openssl req -new -nodes -out req.pem -keyout key.pem

[5 Marks]

(e). Explain the operations of the Online Certificate Status Protocol (OCSP) by using a
suitable diagram.
[5 Marks]

2.
(a). Explain the format of a PGP e-mail message by using a suitable diagram.
[5 marks]

(b). Briefly describe three (3) anti-spamming techniques.

[3 marks]

(c). The user or machine sends a request to a Remote Access Server (RAS) to gain access
to a particular network resource using access credentials.
(i). How does the credentials are passed to the RAS device?
[2 marks]

(ii). The RAS checks whether the user provided information is correct not using
different authentication protocols. Write down two (2) such protocols.
[2 marks]

Page 2
 (d). A service protected by Kerberos obtains a Kerberos "ticket" before using that service.
(i). What information the user needs to provide to obtain the Ticket Granting
Service (TGS) ticket?
(ii). What can you do with the TGS ticket?
(iii). Write down three (3) weaknesses of Kerberos system.
[3 marks x 3]

(e). Comment of the below statement with justifications. “An IPv6 network is more secure
than an IPv4 network?
[4 marks]

3.
(a). There are number of vulnerability “scoring” systems managed by both commercial and
non-commercial organizations. Each of them has their merits, but they differ by what
they measure.
(i). In order to prioritize the vulnerabilities and the risks CVSS provides a
universal open and standardized method for rating IT vulnerabilities. What
‘CVSS’ stands for?
[1 mark]
(ii). CVSS is composed of three base metric groups. What are they?
[3 marks]
(iii). There are other vulnerability scoring systems used in the industry. Write
down three (3) of such scoring systems.
[3 marks]

(b). The OWASP Top Ten represents a broad consensus about what the most critical web
application security flaws are.
(i). List the top three (in descending order) of critical issues highlighted in
OWASP 2013 documentation.
[3 marks]

(ii). Write a small description on each critical issues listed above?

[5 marks]

(c). Describe why vulnerability assessment process is considered as a “predictable” and a

“repeatable” process.
[4 marks]
(d). Describe what are the differences in below testing methods?
(i). Vulnerability Assessment
(ii). Penetration testing
(iii). Compliance Assessment
[6 marks]

Page 3
4.
(a). List four protocols vulnerable for packet sniffing?
[2 marks]
(b). Describe the difference between session hijacking and spoofing attacks?
[6 marks]
(c). Describe (with examples) how "Inverse TCP flag scanning" technique works?
[5 marks]
(d). Lenny is a new security manager for a retail company that is expanding its
functionality to its partners and customers. The company’s CEO wants to allow its
partners’ customers to purchase items through their web stores as easily as possible.
The CEO also wants the company’s partners to manage inventory across companies
more easily. The CEO wants to understand the network traffic and activities in a
holistic manner, and he wants to know from Lenny what type of technology should be
put into place to allow for a more proactive approach to stop malicious traffic if it
enters the network. The company is a high-profile entity constantly dealing with zero-
day attacks.
Pertaining to the CEO’s security concerns, what solutions should Lenny suggest;
(i). To improve the situational awareness
(ii). To stop the malicious traffic if it enters the network
(iii). To protect from Zero-day attacks
[6 marks]

(e). In order to monitor and secure both outbound and inbound connections the security
practitioner wants to deploy a firewall and Level 3 Network Switch in the network
shown below. Determine what are the best possible places (A, B, C, D) from the
below diagram he should deploy the above mentioned devices.
[6 marks]

********

Page 4