Code – COIT12202

Subject – Network Security Concepts

Instructions:
This short-answer question template contains a tabular marking criteria and your answers will be assessed in regards to accuracy, clarity and detail. Please note:

• Use the provided template to insert your responses for each question;
• You should submit the completed templates online;
• Please do not delete the marking criteria page in each template;
• Harvard reference format is acceptable;
• Late penalties will be applied (5% of the total scores per day late);
• Use your own words to answer the questions;
• Plagiarism detection will be used in this assignment;
• To reduce similarity, the assignment questions can be deleted before submission;
• Please don’t forget to update the template’s table of contents before you submit.

Short-answer questions

Question 1:
Information security is used to describe the tasks of protecting information in a digital form. To better understand the concepts of information security, you should be familiar with the key characteristics of information, which are expressed in the C.I.A triad characteristics, as shown in the follow figure:
 

• Explain these three key objectives of information security.
• Given examples of integrity, confidentiality and availability requirements associated with an automated cash deposit machine in which users provide a card or an account number to deposit cash.

 
Question 2
Security experts have discovered that many Internet of Things (IoT) devices including routers, DVRs and cameras could be potentially recruited into botnet because of a malicious software program Mirai, which emerged in 2016 and possibly becomes one of the biggest IoT-based malware threats. Hackers could use such malware to scan insecure Linux-based connected devices, enslave them into a botnet network, and used that to launch massive DDoS attacks to make internet outage, such as  an attack on 20 September 2016 on computer security journalist Brian Krebs’s website, an attack on French web host OVH and the October 2016 Dyn cyberattack.

• Explain what a DDoS attack is and give basic steps to launch such a DDoS attack in this case study;
• Research the Mirai malware to indicate possible issues of vulnerable devices and provide at least two strategies to prevent such botnet from spreading;
• Discuss types of hackers/attackers (such as white/black hat hackers) playing different roles in this case.

Question 3
Integrity protection is used to guard against improper information modification or destruction, including ensuring information nonrepudiation and authenticity.

• Calculate message-digest fingerprints (checksum) for the provided files shattered-1&2.pdf:

• Explain why the Hash algorithm SHA256 is more secure than MD5 and SHA1;
• Based on the derived results in (1), explain why the Google Company announced that they achieved successful SHA-1 collision attack in the early of last year (2017).

Question 4:
RSA is an algorithm to encrypt and decrypt messages. RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described RSA in 1978. A user of RSA creates and then publishes the product of two large prime numbers along with an auxiliary value as their public key. The prime factors must be kept secret. Anyone can use the public key to encrypt a message. However, with currently published methods, if the public key is large enough, only someone with knowledge of the prime factors can feasibly decode the message.
Complete the following tasks:

• Explain how RSA can be used to achieve the cryptography (encryption and decryption) and digital signatures;
• If two prime numbers, p = 3 and q = 11, are given, use RSA algorithm to generate a public key and a private key;
• Explain the main weakness of digital signatures and how this weakness can be compensated for.

 
Question 5:
Moving toward a more secure web from HTTP to HTTPS is a well-known Google initiative. Early 2018, a proposal was posted by Emily Schechter (product manager of Chrome Security) to mark all HTTP pages as definitively “not secure” and remove secure indicators for HTTPS pages.
 
HTTPS usage on the web has taken off as Chrome security indicators have been evolved. Later this year (2018), several more steps will be taken along this path.
Previously, HTTP usage was too high to mark all HTTP pages with a strong red warning, but in October 2018 (Chrome 70), Chrome will starts showing the red “not secure” warning when users enter data on HTTP pages.
These changes continue to pave the way for a web that’s easy to use safely, by default.
 
Complete the following tasks:

• Differentiate between HTTP and HTTPS;
• Discuss advantages and disadvantages of migration form HTTP to HTTPS;
• Explain how to enable HTTPS on servers.

Marking Criteria
 
Assessment Item 1, Short-Answer Question Marking Criteria