Question 1: Certificates
A) Because there are multiple certificate authorities (CAs) for the Web PKI it is possible to buy multiple certificates for the same domain signed by different CAs. How would a browser treat these different certificates?
B) Suppose that an imposter is able to obtain a certificate for a domain that the imposter doesn't own. (For example, in January 2001, an imposter tricked VeriSign into signing two certificates for "Microsoft Corporation" to be used for signing new software to be installed.) What sorts of attacks could an imposter pull off once in possession of such "fake" certificates for
i. installing software.
ii. Viewing Web pages
C) Typically the public SSH keys used by servers are not signed by any certificate authority, but the SSH protocol does support checking certificates.
i. Why, in practice, are server certificates rarely signed?
ii. What is the benefit of checking server certificates?
Question 2: Firewall Rules
Assume you have the following firewall rules:
|
Rule No.
|
Transport Protocol
|
Source IP
|
Source Port
|
Destination IP
|
Destination Port
|
Action
|
|
1
|
UDP
|
0.0.0.0/0
|
any
|
129.174.17.180
|
53
|
allow
|
|
2
|
TCP
|
55.66.77.0/24
|
any
|
129.174.17/180
|
22
|
allow
|
|
3
|
TCP
|
55.66.77.12
|
4500
|
129.174.17/180
|
22
|
deny
|
|
4
|
TCP
|
127.0.0.1
|
443
|
129.174.17/180
|
6000
|
allow
|
|
5
|
TCP
|
0.0.0.0/0
|
any
|
129.174.17/180
|
6000
|
deny
|
|
6
|
UDP
|
0.0.0.0/0
|
any
|
129.174.17/180
|
32768
|
deny
|
|
7
|
TCP
|
0.0.0.0/0
|
any
|
129.174.17/180
|
32769
|
deny
|
|
8
|
TCP
|
0.0.0.0/0
|
any
|
129.174.17/180
|
32768
|
deny
|
|
9
|
TCP
|
0.0.0.0/0
|
any
|
129.174.17/180
|
80
|
allow
|
|
10
|
UDP
|
129.174.16.20
|
1025
|
0.0.0.0/0
|
65535
|
allow
|
|
11
|
UDP
|
129.174.20.100
|
1025
|
0.0.0.0/0
|
65535
|
allow
|
|
12
|
UDP
|
129.174.18.100
|
1025
|
0.0.0.0/0
|
65535
|
allow
|
|
13
|
any
|
0.0.0.0/0
|
any
|
0.0.0.0/0
|
any
|
allow
|
|
14
|
TCP
|
0.0.0.0/0
|
any
|
0.0.0.0/0
|
any
|
deny
|
|
15
|
UDP
|
0.0.0.0/0
|
any
|
0.0.0.0/0
|
any
|
deny
|
|
16
|
TCP
|
0.0.0.0/0
|
any
|
129.57.17.180
|
6000:6010
|
deny
|
|
17
|
TCP
|
0.0.0.0/0
|
any
|
129.174.17.180
|
0:1024
|
deny
|
|
18
|
any
|
0.0.0.0/0
|
any
|
129.174.17.180
|
any
|
deny
|
a) Define what a rule conflict is and Identify any conflicts.
b) Identify any redundancies and explain which rule would be applied using each of the following 3 matching strategies:
1. FIRST
2. BEST
3. LAST
Question 3: Firewalls
a) What is a proxy firewall and how is it different from a network (or transparent) firewall?
b) What does NAT stand for, and how does the mechanism work? Describe what, if any, security NAT provides (or fails to provide).
c) Where would you place a web server in an organization assuming that you can use a network firewall and why?