Question

In: Computer Science

1. A Client-side digital signature can be used to authenticate to a web server through SSL,...

1. A Client-side digital signature can be used to authenticate to a web server through SSL, but confidentiality can still be vulnerable to attack. Identify a type of attack to which the use of SSL is vulnerable and justify your answer.

2. Discuss the benefits of MPLS LSP (multiprotocol label switching label switched path) to support high availability of service with illustration of use for Push, Swap and Pop.

3. The manager wishes to access confidential company data while travelling to meet high profile clients across Australia and overseas. Recommend a security solution using case examples with external reference(s).

4. You want to assist customers in building trust with your company. Discuss with your manager three VPN deployment trust building measures that can be used to support these customers, and comment on the related cost to achieve them.

Solutions

Expert Solution

1

Heartbleed vulnerability

Heartbleed bug is a vulnerability in the OpenSSL, a popular open source cryptographic library that helps in the implementation of SSL and TLS protocols. This bug allows attackers to steal private keys attached to SSL certificates, usernames, passwords and other sensitive data without leaving a trace.

Poodle SSL

The POODLE is a form of a man-in-the-middle attack that exploits the vulnerability in the CBC encryption scheme as implemented in the SSL 3.0 protocol. Though POODLE is not as serious as the Heatbleed vulnerability, best practices recommend you discover and mitigate the problem as quickly as possible.

SSL 3.0 enabled

It has been discovered that SSL 3.0 protocol has a flaw in its design that makes it vulnerable to man-in-the-middle attacks. If you have a public facing website dealing with payments, you should immediately discover all servers that exploit SSL 3.0 and upgrade to TLS version.

Weak cipher suites

Many organizations knowingly or unknowingly exploit weak SSL protocols and cipher suites in their domain servers which makes their website vulnerable to various MITM attacks. To play safe, they have to identify those weak ciphers, disable them and re-configure the domain servers. By default, SSL 3.0 is disabled on Key Manager Plus server, which is a weak SSL protocol. In addition, Key Manager Plus scans the end-point servers and flags the weak ciphers used in the TLS (1.0,1.1 and 1.2) protocol.

2

Multi-protocol label switching (MPLS), that venerable WAN workhorse launched at the turn of the century, addresses this problem by establishing pre-determined, highly efficient routes.

MPLS supports traffic engineering thus allowing network organizations to associate a Label-Switched Path (LSP) with whatever physical path they choose. MPLS also supports constraint-based routing, which ensures that an LSP can meet specific performance requirements.

Pushing is the act of applying an additional label to a packet. The packet might already have a label on it, since MPLS can support multiple stacked labels. This pushing is normally done at the ingress LER, at the edge of the network. The LER requires a mapping so that it knows what data to put on an LSP. It might also be performed in the core of a network where multiple LSPs are aggregated or encapsulated inside another LSP.

Popping is the act of removing the outermost label from the packet. One or more labels might still be inside. Popping is normally done at the egress LER. LERs must do an additional lookup to decide how to forward the encapsulated packet. Penultimate routers will pop the label but will only forward the unencapsulated packet according to the lookup table for the LSP.

Swapping is the act of replacing a label. The inside of the labeled packet is never inspected. The swapping is done by LSRs. The EXP field is used to define how the packet should be queued, and the TTL is decremented. If TTL equals zero, the packet will be discarded.


Related Solutions

In the provided client and server code, the server can serve to single client at a...
In the provided client and server code, the server can serve to single client at a time. You have to change server.java code so that it can connect and serve multiple clients at the same time. Use multithreading. =============================================================================== import java.io.*; import java.net.*; public class Client { public static void main(String[] args) throws IOException { String serverHostname = new String ("127.0.0.1"); if (args.length > 0) { //pass the hsotname through cmd argument serverHostname = args[0]; } System.out.println ("Attemping to connect...
How does the addition of computation on the server side and client side alter Sir Tim...
How does the addition of computation on the server side and client side alter Sir Tim Berners Lee’s original computational model?
Q10. Describe the concept of the digital signature? What are the security properties that can be...
Q10. Describe the concept of the digital signature? What are the security properties that can be gained when using digital signature? Q11. Describe the concept of the message authentication code. Why it cannot be used to provide the property non-repudiation. Q12. In RSA algorithm, what is the relationship between the private key d and the value e from the public key? Explain the condition that must be held when finding the value e. Q13. Why authentication based on symmetric keys...
How do I make a simple TCP python web client and web server using only "import...
How do I make a simple TCP python web client and web server using only "import socket"? Basically, the client connects to the server, and sends a HTTP GET request for a specific file (like a text file, HTML page, jpeg, png etc), the server checks for the file and sends a copy of the data to the client along with the response headers (like 404 if not found, or 200 if okay etc). The process would be: You first...
There are many factors that can influence such decision for cloud server and client server. security,...
There are many factors that can influence such decision for cloud server and client server. security, cost, training and more. which would you choose and why ? there are many factors that influenced the decision on a cloud server or client server such as cost, security, training and more. which one would you choose, cost, security,training etc. and why ? cancel that answer
Explain the key difference between a web service application and a general client/server application
Explain the key difference between a web service application and a general client/server application
1. How does TLS provide authentication? Does it provide mutual authentication (both client and server-side)? Is...
1. How does TLS provide authentication? Does it provide mutual authentication (both client and server-side)? Is that required? 2.What is the purpose of padding, Message Authentication Code (MAC), handshake protocol, change cyber suite (CCS) protocol? 3.How does TLS provide: confidentiality, availability, integrity, non-repudiation?
From the security aspect of client/browser, connecting to a secure web site/server, Mention the importance of...
From the security aspect of client/browser, connecting to a secure web site/server, Mention the importance of web certificates. Mention 4 certificate issuing companies Mention a security incident (or case study) of exploiting web certificates. From the cyber security perspective, what browser features should be examined for valid certificates. What are the risks of using expired web certificates?
Web Programming: Explain how a session actually works in PHP, including how the client and server...
Web Programming: Explain how a session actually works in PHP, including how the client and server use the session ID to identify the session Then, compare and contrast cookies and sessions as a means of storing state information for a given user. Thank you
What e-commerce security requirements the work principle of digital signature can provide?
What e-commerce security requirements the work principle of digital signature can provide?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT