Certificate Signature and Encryption Methods
- pem,
- pem,
- txt,
- bin,
- txt,
- bin,
- bin,
- bash
a.
cert-myuni-12050257.csr,
- cert-myuni-12050257.pem,
- cert-ca-
- pem,
- default-ssl.conf,
- pcap
b.
Figure 1: Message Sequence Diagram
(Source: Created by author)
c.
|
How many bytes is the hash value in the certificate signature? |
1686 bytes |
|
What hash algorithm is used to generate the certificate signature? |
Sha256 |
|
What encryption algorithm is used to generate the certificate signature? |
RSA Encryption |
|
How many bytes is the public key modulus in the certificate? |
1536 bits |
|
In the TLS cipher suite used between client and server, what algorithm is used for: – Encrypting session data? |
Diffie-Hellman |
|
– Hashing for the MAC? |
Diffie-Hellman |
|
– Key exchange? |
Diffie-Hellman |
|
How many bytes of random data are sent from the client to server at the start of the handshake? |
320 bytes |
d.In cryptography and computer security, a self-signed certificate is an identity certificate that is signed by the same entity whose identity it certifies. This term has nothing to do with the identity of the person or organization that actually performed the signing procedure. In technical terms a self-signed certificate is one signed with its own private key.
In typical public key infrastructure (PKI) arrangements, a digital signature from a certificate authority (CA) attests that a particular public key certificate is valid. Each CA has one or more root keys; and the certificates associated with those public keys are “trust anchors” that use a special type of self-signed certificates. Establishing trust of the CA root certificate is dependent upon procedures beyond checking its digital signature.
e.The data put away in the servers are encoded utilizing the RSA calculation and it utilizes two keys and if the private key is accessible to the noxious client it can be utilized for unscrambling and thee security of the system would be bargained. For instance, the declaration produced for the MyUni site it is utilized for the foundation of a safe association between the hubs.
a.
- txt,
- txt,
- txt,
- txt
b.
All passwords are stored in etc/shadow file in linux. In the time of storing password, linux used a hash function for storing the password. In this case $6$ is used which means SHA-512 hash function is used.
c.RBAC is a type of access control which as you said is appropriate to isolate duties in a system where numerous roles are satisfied. This is clearly valid in partnerships (frequently alongside compartmentalization e.g. Brewer and Nash or MCS) yet can likewise be utilized on a solitary client working system to actualize the rule of minimum benefit. RBAC is intended for detachment of obligations by giving users a chance to choose the roles they requirement for a particular errand. The key inquiry is whether you utilize roles to speak to errands performed on your system and allot roles in a focal specialist (in which case RBAC is a type of MAC); or on the off chance that you utilize roles to give users a chance to control consents without anyone else objects (prompting different roles per question and positively no semantics in roles, despite the fact that it’s hypothetically conceivable).
MAC in itself is obscure, there are numerous approaches to execute it for some systems. By and by, you’ll regularly utilize a mix of various standards. For example, a UNIX system generally utilizes DAC yet the root account sidesteps DAC benefits. In an organization, past isolating your distinctive offices and groups with MAC/RBAC you may permit some DAC for collaborators to share data on your corporate record system
4.Firewalls
a.
b.
|
Rule No. |
Transport |
Source IP |
Source Port |
Destination Port |
Destination IP |
Action |
|
1 |
TCP |
10.3.1.0 – 10.3.1.255 |
143 |
143 |
138.77.179.1 |
Allow |
|
2 |
TCP |
Any |
143 |
143 |
138.77.179.1 |
Deny |
|
3 |
TCP |
Any |
1433 |
1433 |
138.77.179.2 |
Allow |
|
4 |
TCP |
Any |
1023 |
Any |
138.77.178.1 |
Deny |
|
5 |
TCP |
138.77.179.1 |
1023 |
Any |
138.77.178.1 |
Allow |
|
6 |
TCP |
138.77.179.2 |
1023 |
Any |
138.77.178.1 |
Allow |
|
7 |
TCP |
31.13.75.0 |
1234 |
1234 |
10.3.3.31 |
Allow |
|
8 |
TCP |
23.63.9.0 |
1234 |
1234 |
10.3.3.31 |
Allow |
|
9 |
TCP |
10.3.3.31 |
1234 |
1234 |
Any |
Deny |
c
For allowing the professor to access the network from home we need to allow the professor computer Mac address. MAC address binding is the best possible solution for these case.
a.Five recommendations to secure a wireless network:
Understanding the work of the wireless network: It is very essential to understand the work of the wireless network. Generally an internet access point which might be including a cable or a modem to a wireless router which is associated with sending a signal through the air. Any device which is in range would get connected and would become capable of accessing the network. If certain precautions are to taken then anyone or a hacker can get easy access to the network so it is very much essential for the admin to understand the network functions.
Access Control Measures
Use pf encryption: Information that is send over the wireless network must be encrypted in order to protect the data from any kind of threats. Encryption would be associated with scrambling of the information which could be used by any malicious user. The major encryptions which are to be used includes the Wi-Fi Protected Access (WPA).
Limiting the access of the network: The IT admin must make it sure that the only specific devices can get access to the network that is to be used in the office. MAC address would be assigned to each device in order to make them capable of getting access. This would be stopping the malicious users from getting into the network and perform malicious activities.
Protection is provided to the network during mobile access: this can be done by using strong password on one of the app that is associated with accessing the network. Once the work is completed the users must logout of the app. By this way no one would become capable of accessing the app whenever the device is lost or stolen, the mobile devices should also be protected by using passwords.
Routers should be kept secure: this is to be done in order to stop the malicious hackers and this can be done by changing the name of the router, changing the preset setting of the router, turning off any of the remote management feature, logging out of the administrator account.
The SSID is to be considered as the basic wireless network setting. The usage of the of the SSID or vendor default name might be leading to cracking of the personal mode of WPA or WPA2 by anyone. This is due to the reason that the encryption algorithm is included in the SSID and the dictionaries related to the cracking of password can be used by the hackers to access the network. By using this it become very easy for the hacker to crack into the system.
b.TP Link: Model: TP-Link AC3200 Wireless Wi-Fi Tri-Band Gigabit Router (Archer C3200)
Specifications:
- Tri-Band technology creates 3 separate Wi-Fi bands for connecting more devices to your network
- Smart Connect helps devices run faster by assigning them to the best available channel
- Combined 3200Mbps Wi-Fi for lag-free 4K video streaming and gaming across multiple devices
- 6 high-performance antennas with Beamforming maximize coverage area and stability
- 1GHz dual-core CPU and 3 co-processors handle simultaneous connections without interruption
- Intuitive interface and Tether app for easy installation and network management
c.Four security feature of
Access Control – Guest Network Access provides secure Wi-Fi access for guests
Easy Bandwidth Management – IP-based Bandwidth Control has been associated with making it easier for office to manage the bandwidth of the devices connected to it.
VPN Support – Secure access to the office network from the remote devices
Encryptions for Secure Network – WPA-PSK/WPA2- PSK encryptions are associated with providing active defense from various type of security threats faced by the user networks.
Anwar, R.W., Bakhtiari, M., Zainal, A., Abdullah, A.H., Qureshi, K.N., Computing, F. and Bahru, J., 2014. Security issues and attacks in wireless sensor network. World Applied Sciences Journal, 30(10), pp.1224-1227.
Biswas, S., Bicket, J., Wong, E., Musaloiu-e, R., Bhartia, A. and Aguayo, D., 2015, August. Large-scale measurements of wireless network behavior. In ACM SIGCOMM Computer Communication Review (Vol. 45, No. 4, pp. 153-165). ACM.
Kavianpour, A. and Anderson, M.C., 2017, June. An Overview of Wireless Network Security. In Cyber Security and Cloud Computing (CSCloud), 2017 IEEE 4th International Conference on (pp. 306-309). IEEE.
Khan, S. and Pathan, A.K., 2013. Wireless networks and security. Berlin: Springer.
Kumar, V., Jain, A. and Barwal, P.N., 2014. Wireless sensor networks: security issues, challenges and solutions. International Journal of Information and Computation Technology (IJICT), 4(8), pp.859-868.
Liang, C. and Yu, F.R., 2015. Wireless network virtualization: A survey, some research issues and challenges. IEEE Communications Surveys & Tutorials, 17(1), pp.358-380.
Liu, J., Lai, Y. and Zhang, S., 2017, March. FL-GUARD: A Detection and Defense System for DDoS Attack in SDN. In Proceedings of the 2017 International Conference on Cryptography, Security and Privacy (pp. 107-111). ACM.
Mukherjee, A., Fakoorian, S.A.A., Huang, J. and Swindlehurst, A.L., 2014. Principles of physical layer security in multiuser wireless networks: A survey. IEEE Communications Surveys & Tutorials, 16(3), pp.1550-1573.
Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN, VANET. CRC press.
Prasad, N.H., Reddy, B.K., Amarnath, B. and Puthanial, M., 2016. Intervlan Routing and Various Configurations on Vlan in a Network using Cisco Packet Tracer. International Journal for Innovative Research in Science and Technology, 2(11), pp.749-758.
Stallings, W. and Tahiliani, M.P., 2014. Cryptography and network security: principles and practice (Vol. 6). London: Pearson.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
