Home‎ > ‎CIS 75‎ > ‎

Final - Fall 2015

Certificates

Part 1: Use of Certificates

The HTTPS protocol uses digital certificates to protect what critical attributes of information? Be specific and justify your answer.

Part 2: Certificate Signing

Describe the process used to sign a certificate. Be specific. Where a key is used say who the key belongs to and whether it’s a public or a private key. 

Part 3: Certificate Validation

Describe the process used to verify a certificate. Be specific. Where a key is used say who the key belongs to and whether it’s a public or a private key. 

IDPS

The diagram shows a typical network with a DMZ, a server network and a wireless network. Each switch in the network has a SPAN port configured.
 

[Network Description] There are two routers, R1 and R2, and three switches, S1, S2 and S3. Router R1 connects the Internet to the DMZ. The DMZ network uses IP address range 1.0.0.0 slash 16 and is plugged into switch S1. Router R2 connects the DMZ network to the server network and the wireless network. The server network uses IP address range 2.0.0.0 slash 16 and is plugged into switch S2. The wireless network uses IP address range 3.0.0.0 slash 16 and is plugged into switch S3.

Part 1: Where to Watch

You are asked to install an IDPS on the network to monitor threats from the Internet. You can plug into a port on any router (R1 or R2) or any SPAN port (S1, S2 or S3). Where is the best place to plug in your IDPS? What networks will you see packets between? (e.g. Server Network to/from Wireless Network) 

Part 2: Prevention

You plug an IDPS into the SPAN port on S3 so you can more closely monitor the wireless network. In this configuration can the IDPS prevent attacks in progress?

Firewalls

Use the same network from the previous question. The routers R1 and R2 have the ability to be a firewall. Write firewall rules to implement the following policies:
  • The DMZ host 1.0.1.1 has a webserver that can be reached from the Internet.
  • The DMZ host 1.0.2.2 has an SSH server that can be reached from the Internet.
  • DMZ hosts are allowed to make any connection to the server network.
  • Wireless hosts are allowed to make any connection to the internet, DMZ and server networks. 
 
Assume that the firewall is stateful and that the default policy is to drop a packet. Rules are specific to each router. Some requirements may take rules on both routers. Each rule should be in the form:
 
Router - Source IP - Source Port - Destination IP - Destination Port  
 
For example, a rule that allows any connection from the wireless network to the server network looks like this:
 
R2 - 3.0.0.0/16 - Any - 2.0.0.0/16 - Any 
 
You can use wildcards for networks (e.g. 3.0.* or Any) if you like.  

Secure Protocols Redux

Your IDPS from the question 2, part 2 records every packet it sees so that you can examine them later with Wireshark. Name a network protocol that, if used, would cause unencrypted passwords to appear in your packet logs. 
 
If an insecure protocol is used on a network with an IDPS it presents a dilemma. The IDPS packet log contains passwords giving security personnel the ability to see other people’s passwords and making the IDPS a valuable target for attackers. 
 
What controls could you implement to lessen the risk?
Comments