Question

Answer the following questions and submit as a PDF on Webcourses. The assignment is worth 5% of your grade .

1. For the TCP/IP model, describe 2 types of vulnerabilities commonly attacked for each layer. (40 points)

2. Can two network interfaces have the same MAC address? Why or why not? Also, can two network interfaces have the same IP address? Why or why not? (10 points)

3. Most modern TCP implementations use pseudo-random number generators (PRNG) to determine starting sequence numbers for TCP sessions. With such generators, it is difficult to compute the i^th number generated, given only the (i - 1)^st number generated. Explain what network security risks are created if an attacker is able to break such a PRNG so that he can in fact easily compute the i^th number generated, given only the (i - 1) ^st number generated. (10 points)

4. Explain how a stateless firewall would block all incoming and outgoing HTTP requests. (5 points)

5. What is the main difference between WEP and WPA? (5 points)

6. Give three different techniques that an attacker can use to make a victim send DNS requests to domains chosen by the attacker. (5 points)

7. Which is worse for an intrusion detection system, false positives or false negatives? Why? (5 points)

8. How does a honeypot fit in with the security provided by a firewall and intrusion detection system? (5 points)

9. What is a distributed denial of service attack and how is it possible for a single person to orchestrate one? (5 points)

Answer 1

Can two network interfaces have the same MAC address? Why or why not? Also, can two network interfaces have the same IP address? Why or why not?

Answer:-------
Yes, two network interfaces can have the same MAC address. By manufacturing error or spoofing but it's not supposed to happen. Every network interface should have its own MAC address. If the MAC address is duplicated then the sender of information won't be able to recognize the network of the person who should be receiving the information.
No, two network interfaces can not have the same IP address it can confuse the computer that sent a message, it won't know if the message was received.

Explain how a stateless firewall would block all incoming and outgoing HTTP requests.
Answer:-------
User first sends request to SYN flag, which is a TCP packet flag used to initiate a TCP connection. If there is a response with a SYN-ACK packet then the connection is verified and the user gets granted access to the web site.

What is the main difference between WEP and WPA?
Answer:-------
WEP (Wired Equivalent Privacy) an encryption algorithm designed to provide wireless security, confidentiality, access control and data integrity, while WPA (WiFi Protected Access) Provides message integrity, and Temporal key integrity(TKIP). WEP Uses RC4 stream cipher. and Uses 40 bit key and 24 bit random numbers while WPA(WiFi Protected Access) use Temporal key integrity(TKIP), it's 256-bit key.
The main difference is also that WEP is an older form of encryption. Thus,WPA is a stronger form of encryption because it uses a longer key forencryption that is randomly generated.

Give three different techniques that an attacker can use to make a victim send DNS requests to domains chosen by the attacker.
Answer:-------

1. Pharming: guides user to a fake website
2. Phishing: steal data
3. DNS cache poisoning

Which is worse for an intrusion detection system, false positives or false negatives? Why?
Answer:-------
False negative because it means there is a problem that hasn't been detected yet and no one is doing anything to fix the problem. False positive is annoying but at least it forces everyone to double check security.

How does a honeypot fit in with the security provided by a firewall and intrusion detection system?
Answer:-------
Honey Pots can be setup inside, outside or in the DMZ, it is used as bait to gather information when an intruder tries to break into the system. Honey Pots learn as much as it can from the intruder by monitoring and saving evidence of their attack.

Q:- What is a distributed denial of service attack and how is it possible for a single person to orchestrate one?

Answer:-------
Malicious users leverage the power of many machines to direct traffic against a single web site in an attempt to create denial of service conditions. A single person can orchestrate this by using botnets, large networks of machines that have been compromised and are controllable remotely.