1.      Provide an overview of the SNMPvl protocol and its security. In your answer, focus on: the purpose of SNMP; the SNMPvl architectural model; access control and authentication mechanisms in SNMPvl; the degree of security provided by SNMPvl. (10/33)


2.      Describe at least two attacks that are possible in networks managed via SNMPv1. (6/33)


3.      To what extent are the security issues that arise in SNMPv1 solved in SNMPv3? (3/33)


4.      What inherent security is offered to the users of TCP/IP networks? Explain your answer. (3/25)


5.      Define the following elements in the OSI reference model:
(1) Layer (2) Peer process and peer entity (3) Service (4) Protocol
Draw a diagram to illustrate these concepts. (8/33)


6.      Describe the distinction and interrelationship between security services and security mechanisms. Provide examples for each. Why does ISO standard specify which security service can be provided at each layer in the OSI model? (8/33)


7.      Peer entities in the OSI model communicate via virtual communication. Explain how this is disguised from actual communication.  (6/33)


8.      What security services and mechanisms might you use to prevent traffic monitoring on a network? What attacks will these not prevent? (6/33)


9.      What characteristics must a biometric have to make it usable in practice? For each characteristic, give a brief explanation of its importance. (7/33)
(The first question answers are persistence, distinctness, universality, detectability, fraud resistance in my handout, I need to know the importance.)


10.  Explain the meaning of the terms identification and verification in the context of biometrics. In general, which of these tasks is harder for a biometric system to perform accurately? Why? (6/33)


11.  Describe the concepts of biometric system architecture and their interactions for both the enrolment and a subsequent verification step. (10/33)


12.  Define the different types of error that arise in biometric systems. (4/33)


13.  Explain (using a diagram if you wish) how these types of error relate to each other and to the tolerance threshold in a typical biometric system. (4/33)


14.  Give a short overview of tunnel and transport modes in IPSec. (6/33)


15.  Using diagrams, show how the ESP protocol modifies IP (version 4) datagrams in tunnel and transport modes. Show the scope of the ESP encryption and MAC algorithms in your diagrams. (6/33)


16.  Compare and contrast the security services that AH and ESP protocols in IPSec provide in Tunnel and transport modes. Describe the mechanisms that IPSec uses to provide these services. (18/33)


17.  Describe the mechanisms used by the AH and ESP protocols to provide an anti-replay service. (3/25)


18.  In the AH protocol, why is the MAC not applied to the full packet (i.e. both payload and header)? (4/33)


19.  To what extent does use of AH prevent the spoofing of IP addresses in IPSec? (5/33)


20.  To what extent does use of authentication in ESP prevent the spoofing of IP addresses in IPSec? (4/33)


21.  Describe how IPSec can be used to build a virtual private network (VPN) connecting two physically remote sites using the public Internet. Which modes and protocols of IPSec would you use in this application and why? You may use a diagram to help explain your answer. (4/25)


22.  What purpose does IKE serve in the context of IPSec, and what are the security goals of IKE? (5/25)


23.  Define the following IPSec concepts: Security Policy Database (SPD) and Security Association (SA). (4/33)


24.  Describe the respective content and interconnection between the Security Policy Database (SPD) and Security Association Database (SADB) in IPSec. (7/33)


25.  Explain how an IPSec implementation uses an SPD and SAs to perform IPSec out-bound and in-bound processing. Use a diagram (or diagrams) to illustrate your answer if you wish. (8/33)


26.  What role does the Security Parameter Index (SPI)? (4/33)


27.  What purpose does IKE serve in the context of IPSec, and what are the security goals of IKE? (5/33)


28.  What were the security design goals of the GSM system and what motivated them? (4/33)


29.  Briefly describe the key features of the GSM security architecture and their usage. You may wish to illustrate your answer with a diagram. (8/33)


30.  Describe the entity authentication protocol used in GSM, explaining who the protocol participants are, which mechanisms are used in the protocol, what the protocol is designed to achieve and how the protocol contributes to the goals? (6/25)


31.  UMTS makes use of an entity authentication and key establishment protocol. Describe this protocol, explaining who the protocol participants are, what the protocol is designed to achieve, and which mechanisms are used in the protocol. (9/33)


32.  Describe the main changes in security features that were made to the GSM standard in developing the UMTS standard. What motivated these changes? (8/33)


33.  Write a brief introduction to what e-mail is and how e-mail systems work. (4/25)


34.  PGP and S/MIME are two popular methods for securing e-mail. Describe these two methods, paying particular attention to the security services that they offer and the different approaches to key management that they take. (22/33)


35.  Describe two contrasting scenarios in which the use of the PGP web of trust or that of a PKI for S/MIME is the most appropriate. (7/33)


36.  Make a list of the security threats associated with e-mail. Provide a brief – description for each threat and what threats are not addressed by PGP and s/MIME . (8/25)


37.  What additional measures might you take to reduce the impacts of these threats? (11/33)


38.  Explain in detail how an ARP spoofing attack works and what effect it has. (7/25)


39.  Explain how an attacker can combine weaknesses in the TCP and IP protocols to produce a SYN flood DoS attack. (4/25)


40.  How might an attacker use the attack to mount a distributed DoS attack? (2/25)


41.  Explain how an attacker can combine the use of ICMP messages with broadcast addressing to produce a second DoS attack. (4/25)


42.  What countermeasures can be used to limit the effectiveness of DoS attacks? (5/25)


43.  Networks of many different sizes are in common use, including workgroup Local Area Networks (LANs), building-level networks, Metropolitan Area Networks (MANs), Wide Area Networks (WANs) and the Intemet. Give a short overview of the security issues that arise as the scale of the network increases across these different network types. (8/25)


44.  Describe and evaluate the security features made available for WLANs in the IEEE 802.11b standard (10/25)


45.  What additional measures might you take to enhance the security of your network when developing an IEEE 802.11 WLAN in a commercial environment, and why? (10/25)


46.  How are the security weaknesses in the IEEE 802.11b standard addressed in the IEEE 802.1x and IEEE 802.11i standards? (6/25)


47.  GSM and UMTS systems also use wireless as the communications medium and as such can compared to systems based on the IEEE 802.11b standard. Why do you think the security offered by GSM and UMTS systems has turned out to be so much better than that in IEEE 802.11b systems? (4/25)


48.  Write a short overview of the Kerberos system, giving attention to at least the following topics: the principals and their roles; the security properties; application scenarios and weaknesses and what extent are Kerberos systems vulnerable to dictionary attacks. (12/25)


49.  Describe the simple challenge-response protocol. (5/33)



Credit:ivythesis.typepad.com


0 comments:

Post a Comment

 
Top