nnmibm universityexampapers.nust.na/greenstone3/sites/localsite/collect/exampape/in… · granting...
TRANSCRIPT
f
nnmIBm UNIVERSITY
OF SCIENCE HI‘ID TECHNOLOGY
FACULTY OF COMPUTING AND INFORMATICS
DEPARTMENT OF COMPUTER SCIENCE
QUALIFICATION: Bachelor of Computer Science
QUALIFICATION CODE: 07BACS LEVEL: 6
COURSE: Network Security COURSE CODE: NWSGZOS
DATEzlune 2017 SESSION: 1
DURATION: 2hours MARKS: 60
FIRST OPPORTUNITY EXAMINATION QUESTION PAPER
EXAMINER(S) Mrs. Mercy Chitauro
MODERATOR;Mr. Mbaungarajie Tjikuzu
THIS EXAMINATION PAPER CONSISTS OF 2 PAGES
(Excluding this front page)
INSTRUCTIONS
1. Answer all questions.
2. When writing take the following into account: The style should inform than impress, it
should be formal, in third person, paragraphs set out according to ideas or issues and
the paragraphs flowing in a logical order. Information provided should be brief and
accurate.
3. Please, ensure that your writing is legible, neat and presentable.
4. When answering questions you should be led by the allocation of marks. Do not give too
few or too many facts in your answers.
5. Number your answers clearly according to the question paper numbering.
6. Clearly mark rough work as such or cross it out unambiguously in ink.
a. What is
i. A passive attack? [1]
ii. An active attack? [1]
b. From the list given; state whether the attack is passive or active and explain why
it is either passive of active.
i. Recording communication from an IP phone. [2]
ii. Slammer virus infecting internet servers. [2]
iii. An Email message sent by Lusia to Egberth which was created by
Nchindo.
c. How can you protect your network from passive attacks? [2]
Kerberos makes use of a trusted third party, termed a key distribution centre (KDC),
which consists of two logically separate parts: an Authentication Server (AS) and a Ticket
Granting Server (TGS). Kerberos works on the basis of "tickets" which serve to prove the
identity of users.
a Describe briefly how Kerberos works. [4]
b. Why is the ticket granting ticket non—corruptible? [2]
c. What is the use of a timestamp in a ticket granting ticket? [1]
d. A public key certificate consists of a public key plus a user lD of the key owner,
with the whole block signed by a trusted third party
i. Explain ”trusted third party”. [2]
ii. How does a user obtain a public key certificate? [2]
. The SSL Record Protocol provides confidentiality and message integrity security services
for SSL connections.
a. Which protocol from the SSL Suite of protocols provides confidentiality and
message integrity services? [1]
b. How does the protocol in ’3a” provide confidentiality and message integrity? [4]
Considering SSL operation what happens immediately after SSL takes an
application message to be transmitted? [l]
d. Which stage in SSL operation is not compulsory? [1]
When Change Cipher spec protocol value is set to one; what happens? [2]
f. The IETF standard, Transport Layer Security (TLS) was built on which SSL version?
[1]
5.
Highlight four Pretty Good Privacy (PGP) services. [2]
Explain how PGP encrypts a message. [2]
Does the receiver have the key used for encryption before the message is
transmitted? [1]
Explain your answer in ’4c’. [3]
Secure/Multipurpose lnternet Mail Extension (S/MlME) is another email security
standard. S/MIME provides which security services for a MIME? [1]
Worms are typically attached to electronic mails so that they access remote
systems and replicate. What is a worm? [2]
Which other means do worms use to access remote sites [2]
In a worm’s lifetime it goes through the same phases as that of a virus. Explain
the difference between worm’s propagation phase and a virus’s propagation
phase. [4]
IPSec defined in RFC 1636 Identifies key areas for security mechanisms which include;
need to secure the network infrastructure from unauthorized monitoring and control of
network traffic and need to secure end-user—to-end-user traffic using authentication and
encryption mechanisms
3. IPSec operates in transport and tunnel modes. Explain ESP in transport mode and
ESP in tunnel mode. [4]
What are the general differences between IPSec transport mode and tunnel
mode? [4]
Given the following scenarios, state the problem/issue, the protocol/security service
that can be implemented to solve the problem/issue and explain how the
protocol/security service you have chosen will solve the problem.
An individual who is not authorized to use the computer and who penetrates a
system’s access controls to exploit a legitimate user’s account. [3]
Software that is intentionally included or inserted in a system for a harmful
purpose. [3]
@owmli Lulu