Hash Algorithm and Encryption Algorithm for Certificate Signature
VerifiedAdded on 2023/01/20
|9
|2432
|48
AI Summary
This document discusses the hash algorithm and encryption algorithm used for generating the certificate signature in advanced network security. It provides information on the number of bytes in the public key modulus and the algorithms used for encrypting session data, hashing for the MAC, and key exchange. Additionally, it explores the number of bytes of random data sent during the handshake process.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
COIT20262 Assignment 2 Submission Term 1, 2019
COIT20262 - Advanced Network Security, Term 1, 2019
Assignment 2 Submission
Due date: 5pm Friday 7 June 2019 (Week 12) ASSESSMENT
Weighting: 45%
2Length: N/A
Student Name: enter your name
Student ID: id
Campus: campus
Tutor: tutor
Advanced Network Security Page 1 of 9
COIT20262 - Advanced Network Security, Term 1, 2019
Assignment 2 Submission
Due date: 5pm Friday 7 June 2019 (Week 12) ASSESSMENT
Weighting: 45%
2Length: N/A
Student Name: enter your name
Student ID: id
Campus: campus
Tutor: tutor
Advanced Network Security Page 1 of 9
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
COIT20262 Assignment 2 Submission Term 1, 2019
Question 1. HTTPS and Certificates
Part (d)
What hash algorithm is used to generate the certificate
signature?
The main purpose of being
associated with the usage of
the SHA algorithm includes
the generation of the
signatures for the certificates.
What encryption algorithm is used to generate the
certificate signature?
The encryption algorithm
which is generally used of the
purpose of generating the
certificate signature is
associated with including the
RSA encryption algorithm
How many bytes is the public key modulus in the
certificate?
The number of bytes which the
public key module consists of
in the certificate is around
2048 bytes
In the TLS cipher suite used between client and server,
what algorithm is used for:
- Encrypting session data?
The key exchange algorithm
which is generally used in the
TLS cipher suite existing
between the server and the
client is the SSL
- Hashing for the MAC? The hashing for the MAC is
done by making use of the
SHA 256
- Key exchange? The Key Exchange algorithm
which is used is associated
with including the ECDHE
How many bytes of random data are sent from the client
to server at the start of the handshake?
The number of bytes which
were sent at the beginning
from the client to the server of
the handshake process was
around 128 bytes
Part (e)
The process which is associated with including the sending of the CSR to the CA along with
the process of receiving the certificate back from there are certainly considered to be the
security issue and the reason behind this is that the certificate authority would be having an
access to the server and along with this it is also seen to be dependent upon the certain
aspects such as the trust and the relationship which is seen to be existing with the certificate
authority.
During the process of receiving back, the certificate which is associated with the usage of the
communication method might be associated with facing the risks related to the man in the
middle attack which is capable of causing the certificate to become available to the hacker
and this in turn leads to compromise of the security which the web servers are having. In
Advanced Network Security Page 2 of 9
Question 1. HTTPS and Certificates
Part (d)
What hash algorithm is used to generate the certificate
signature?
The main purpose of being
associated with the usage of
the SHA algorithm includes
the generation of the
signatures for the certificates.
What encryption algorithm is used to generate the
certificate signature?
The encryption algorithm
which is generally used of the
purpose of generating the
certificate signature is
associated with including the
RSA encryption algorithm
How many bytes is the public key modulus in the
certificate?
The number of bytes which the
public key module consists of
in the certificate is around
2048 bytes
In the TLS cipher suite used between client and server,
what algorithm is used for:
- Encrypting session data?
The key exchange algorithm
which is generally used in the
TLS cipher suite existing
between the server and the
client is the SSL
- Hashing for the MAC? The hashing for the MAC is
done by making use of the
SHA 256
- Key exchange? The Key Exchange algorithm
which is used is associated
with including the ECDHE
How many bytes of random data are sent from the client
to server at the start of the handshake?
The number of bytes which
were sent at the beginning
from the client to the server of
the handshake process was
around 128 bytes
Part (e)
The process which is associated with including the sending of the CSR to the CA along with
the process of receiving the certificate back from there are certainly considered to be the
security issue and the reason behind this is that the certificate authority would be having an
access to the server and along with this it is also seen to be dependent upon the certain
aspects such as the trust and the relationship which is seen to be existing with the certificate
authority.
During the process of receiving back, the certificate which is associated with the usage of the
communication method might be associated with facing the risks related to the man in the
middle attack which is capable of causing the certificate to become available to the hacker
and this in turn leads to compromise of the security which the web servers are having. In
Advanced Network Security Page 2 of 9
COIT20262 Assignment 2 Submission Term 1, 2019
addition to this the attacker might also become capable of using the certificate file for the
purpose of conducting forgery by means of the duplicate identity of the user which in turn
would make them capable of performing various illegal activities.
Question 2. Authentication and Access Control
12063113
web13 websecret
web21 correcthorsebatteryapple
web31 T7w/P@z]6k
Group
webdev
Part (e)
Below are the listed some of the major security and convenience issues which are faced by
using the three different password which has been selected by web developers have been
listed below:
/etc/shadow –
- This is generally used for the purpose of storing the details of the password which
is being used by the user
- This is generally having a readable nature in case if it is a root account
- The passwords which are generally used are seen to be stored in an encrypted
format
- It is also possible to generate this by making use of the password file and the
command which is generally used for doing so is pwconv
- The information which are seen to be existing are associated with being changed
at a frequent rate and the main reason behind this is that the password and
password of the user can be changed in a frequent manner.
/etc/passwd –
- This is generally used for the purpose of storing the details related to the accounts
of the user.
- This is generally associated with the storing of each and every details of the users
in a format which is readable.
- This is also seen to existing in the system as a default feature.
- This is seen to be static in nature
/etc/groups –
Advanced Network Security Page 3 of 9
addition to this the attacker might also become capable of using the certificate file for the
purpose of conducting forgery by means of the duplicate identity of the user which in turn
would make them capable of performing various illegal activities.
Question 2. Authentication and Access Control
12063113
web13 websecret
web21 correcthorsebatteryapple
web31 T7w/P@z]6k
Group
webdev
Part (e)
Below are the listed some of the major security and convenience issues which are faced by
using the three different password which has been selected by web developers have been
listed below:
/etc/shadow –
- This is generally used for the purpose of storing the details of the password which
is being used by the user
- This is generally having a readable nature in case if it is a root account
- The passwords which are generally used are seen to be stored in an encrypted
format
- It is also possible to generate this by making use of the password file and the
command which is generally used for doing so is pwconv
- The information which are seen to be existing are associated with being changed
at a frequent rate and the main reason behind this is that the password and
password of the user can be changed in a frequent manner.
/etc/passwd –
- This is generally used for the purpose of storing the details related to the accounts
of the user.
- This is generally associated with the storing of each and every details of the users
in a format which is readable.
- This is also seen to existing in the system as a default feature.
- This is seen to be static in nature
/etc/groups –
Advanced Network Security Page 3 of 9
COIT20262 Assignment 2 Submission Term 1, 2019
- This is seen to readable by all the users who are seen to be existing at the top and
is seen to be consisting of the details of the entire group.
- It is also possible to use the commands for the purpose of changing the
membership existing in the group.
- It is also possible to provide additional permission and this is possible by means
of changing the group membership
Part (f)
In order to make sure of the increased chances of selecting a good password by the user, there
is need of conducting checks. This checks are to be done so as to make sure that the number
of characters which are being used of the password is minimum and searches are to be made
for the letters, digits and symbols present in the string which is used as a password. In
addition to this checking is also done for finding out the usage of common words and besides
this type of checking is also needed to be done for existing three simultaneous characters in
an alphabetic order and in case if there is a match between any one of the condition and the
password then the password would not be accepted.
Part (g)
In case of the Linux, the passwords are generally seen to be stored in the shadow file and this
storing is generally done in an encrypted format. This is generally done in such a manner that
the password is generally not available for those people who are seen to be being associated
with making attempts for breaking in to the system. The information of the user along with
the passwords are generally seen to be stored in the system file named /etc/passwd where the
passwords are stored in encrypted format.
In order to encrypt the original password, an encryption key can be used or a value which is
randomly generated and the value is seen to be existing within the value 1 to 4096. In
addition this a one way hashing functionality is also applied for the purpose of arriving at the
password which is encoded in order to help it being stored in the system file. Besides this the
key which is also known as the salt is seen to be stored along with the password which has
been encoded and this type of key is not possible to be used for the purpose of decoding the
password which has been encrypted and the reason behind this is the encryption is done in a
single way.
Advanced Network Security Page 4 of 9
- This is seen to readable by all the users who are seen to be existing at the top and
is seen to be consisting of the details of the entire group.
- It is also possible to use the commands for the purpose of changing the
membership existing in the group.
- It is also possible to provide additional permission and this is possible by means
of changing the group membership
Part (f)
In order to make sure of the increased chances of selecting a good password by the user, there
is need of conducting checks. This checks are to be done so as to make sure that the number
of characters which are being used of the password is minimum and searches are to be made
for the letters, digits and symbols present in the string which is used as a password. In
addition to this checking is also done for finding out the usage of common words and besides
this type of checking is also needed to be done for existing three simultaneous characters in
an alphabetic order and in case if there is a match between any one of the condition and the
password then the password would not be accepted.
Part (g)
In case of the Linux, the passwords are generally seen to be stored in the shadow file and this
storing is generally done in an encrypted format. This is generally done in such a manner that
the password is generally not available for those people who are seen to be being associated
with making attempts for breaking in to the system. The information of the user along with
the passwords are generally seen to be stored in the system file named /etc/passwd where the
passwords are stored in encrypted format.
In order to encrypt the original password, an encryption key can be used or a value which is
randomly generated and the value is seen to be existing within the value 1 to 4096. In
addition this a one way hashing functionality is also applied for the purpose of arriving at the
password which is encoded in order to help it being stored in the system file. Besides this the
key which is also known as the salt is seen to be stored along with the password which has
been encoded and this type of key is not possible to be used for the purpose of decoding the
password which has been encrypted and the reason behind this is the encryption is done in a
single way.
Advanced Network Security Page 4 of 9
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
COIT20262 Assignment 2 Submission Term 1, 2019
Question 3. Firewalls and iptables
Part (a)
Part (b)
Advanced Network Security Page 5 of 9
Question 3. Firewalls and iptables
Part (a)
Part (b)
Advanced Network Security Page 5 of 9
COIT20262 Assignment 2 Submission Term 1, 2019
Part (c)
Part (d)
Part (f)
For the internal SSH server it is seen to be accessible by the multiple external users, along
with this the attacker who is not having any kind of account on the SSH server might be
associated with making attempts for gaining an access which is entirely unauthorized. The
reason behind this is that most of the organizations are seen to lacking a centralized oversight
as well control over the SSH server. Besides this the inventory for the location of the SSH
keys are installing which might not be kept and additionally the establishment of the trust
relationship can also be used for the purpose of gaining an unauthorized access as well.
Accumulation of large number of SSH happens while the network administrators comes or
Advanced Network Security Page 6 of 9
Part (c)
Part (d)
Part (f)
For the internal SSH server it is seen to be accessible by the multiple external users, along
with this the attacker who is not having any kind of account on the SSH server might be
associated with making attempts for gaining an access which is entirely unauthorized. The
reason behind this is that most of the organizations are seen to lacking a centralized oversight
as well control over the SSH server. Besides this the inventory for the location of the SSH
keys are installing which might not be kept and additionally the establishment of the trust
relationship can also be used for the purpose of gaining an unauthorized access as well.
Accumulation of large number of SSH happens while the network administrators comes or
Advanced Network Security Page 6 of 9
COIT20262 Assignment 2 Submission Term 1, 2019
goes and this in turn makes it impossible to provide the visibility of access. Situations when
the employees or the other users who are seen to be having access of the SSH server, then
they needs to be updated regarding the changes in their roles so as to get an access to the
mission critical system. Cases when the attacker is seen to be having an access to the SSH
server, then the server might become capable of elevating the privileges and the users might
become capable of maintaining the persistent access to the entire system.
Being an SSH server administrator it can be stated that there exists certain countermeasures
which can be applied for the purpose of increasing the security and some of them have been
listed below:
It is possible to have an access to the administrative console by making use of the
Two layer application control.
In depth providing of the multi-layer defence strategy
Usage of ports which are standard in nature
Usage of a pair of private key.
The limits along with the negative impacts of the proper usage of the technology along with
the risks which are seen to be associated with the various type of protocols and are
responsible for causing the servers to restrict it from being connected with rest of the
network.
Part (g)
The usage of the non-standard ports which are high is capable of making the servers stay out
of reach as well as sight of the bots. However still cannot be associated with preventing the
employees in getting connected with the internal network along with the transferring of the
virus or worms or backdoors.
Part (h)
The attacker is capable of the various kind of penetration testing tools so as to identify the
hosts who are seen to be active in the network along with identifying the open ports as well as
the services which are running in the ports. For this reason, the Masscan can also be used for
the purpose of identifying the different services which are seen to be running in the ports for
a particularly targeted IT address. Additionally, the flow of traffics in the network can also be
captured for the purpose of getting the required information related to the client or the server
along with being helpful in identifying the servers which are seen to be blocked by the
firewall.
Advanced Network Security Page 7 of 9
goes and this in turn makes it impossible to provide the visibility of access. Situations when
the employees or the other users who are seen to be having access of the SSH server, then
they needs to be updated regarding the changes in their roles so as to get an access to the
mission critical system. Cases when the attacker is seen to be having an access to the SSH
server, then the server might become capable of elevating the privileges and the users might
become capable of maintaining the persistent access to the entire system.
Being an SSH server administrator it can be stated that there exists certain countermeasures
which can be applied for the purpose of increasing the security and some of them have been
listed below:
It is possible to have an access to the administrative console by making use of the
Two layer application control.
In depth providing of the multi-layer defence strategy
Usage of ports which are standard in nature
Usage of a pair of private key.
The limits along with the negative impacts of the proper usage of the technology along with
the risks which are seen to be associated with the various type of protocols and are
responsible for causing the servers to restrict it from being connected with rest of the
network.
Part (g)
The usage of the non-standard ports which are high is capable of making the servers stay out
of reach as well as sight of the bots. However still cannot be associated with preventing the
employees in getting connected with the internal network along with the transferring of the
virus or worms or backdoors.
Part (h)
The attacker is capable of the various kind of penetration testing tools so as to identify the
hosts who are seen to be active in the network along with identifying the open ports as well as
the services which are running in the ports. For this reason, the Masscan can also be used for
the purpose of identifying the different services which are seen to be running in the ports for
a particularly targeted IT address. Additionally, the flow of traffics in the network can also be
captured for the purpose of getting the required information related to the client or the server
along with being helpful in identifying the servers which are seen to be blocked by the
firewall.
Advanced Network Security Page 7 of 9
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
COIT20262 Assignment 2 Submission Term 1, 2019
Question 4. Internet Privacy
Part (a)
The web proxy server is associated with acting as a gateway which is seen to be existing
between the internet and the client and this in turn is associated with separating the clients
from the websites which are generally browsed by them. Besides this the proxy is generally
used for the purpose of providing different level of privacy as well as security and the privacy
is seen to be based upon the requirement as well as the policy of the organization. Cases
when the proxy server is used, the traffic is generally seen to be flowing by means of usage of
the proxy for the purpose of reaching the address which has been targeted. Besides this at the
time of usage of the proxy server a user is always in need of configuring the settings of the
browser along with being associated with inputting the IP address and the port number of the
proxy server under the particular option which is “Manual Proxy Configuration”.
The usage of proxy server is generally done for providing of different type of security and
some of the security provided involves the following:
Maintenance of transparency and this is generally done by making all the original IP
addresses available along with the usage of the http headers.
Maintenance of anonymity and this is generally done by means of keeping the
original IP address hidden
Maintenance of distortion by making use of the incorrect IP address which are
generally made available by making use of the http header
There is seen to be existing specific security as well as convenience limitations in the proxy
and some of the limitations have been provided below:
There exist some cases which is associated with including the secured data along with
the password which can be stored in cache system and it is generally looked after by
the service provider
Despite of the usage of the encrypted connection the information might get leaked
while the SSL and TLS encrypted connections are used.
It is possible to use the proxy servers for the purpose of accessing the websites which
are and besides this sometimes the blocked website might also turn out to be offensive
or might cause harm to the entire system.
Part (b)
There exists many benefits which can be gained by the users of VPN, some of the major
benefits have been provided below:
Staying anonymous during the process of browsing the various kind of websites
Encrypting the traffic of the Internet
Avoidance of the censorship in the internet
Securing the access to the internet and this done irrespective of the network type that
is Public or private
The bandwidth throttling is prevented.
Advanced Network Security Page 8 of 9
Question 4. Internet Privacy
Part (a)
The web proxy server is associated with acting as a gateway which is seen to be existing
between the internet and the client and this in turn is associated with separating the clients
from the websites which are generally browsed by them. Besides this the proxy is generally
used for the purpose of providing different level of privacy as well as security and the privacy
is seen to be based upon the requirement as well as the policy of the organization. Cases
when the proxy server is used, the traffic is generally seen to be flowing by means of usage of
the proxy for the purpose of reaching the address which has been targeted. Besides this at the
time of usage of the proxy server a user is always in need of configuring the settings of the
browser along with being associated with inputting the IP address and the port number of the
proxy server under the particular option which is “Manual Proxy Configuration”.
The usage of proxy server is generally done for providing of different type of security and
some of the security provided involves the following:
Maintenance of transparency and this is generally done by making all the original IP
addresses available along with the usage of the http headers.
Maintenance of anonymity and this is generally done by means of keeping the
original IP address hidden
Maintenance of distortion by making use of the incorrect IP address which are
generally made available by making use of the http header
There is seen to be existing specific security as well as convenience limitations in the proxy
and some of the limitations have been provided below:
There exist some cases which is associated with including the secured data along with
the password which can be stored in cache system and it is generally looked after by
the service provider
Despite of the usage of the encrypted connection the information might get leaked
while the SSL and TLS encrypted connections are used.
It is possible to use the proxy servers for the purpose of accessing the websites which
are and besides this sometimes the blocked website might also turn out to be offensive
or might cause harm to the entire system.
Part (b)
There exists many benefits which can be gained by the users of VPN, some of the major
benefits have been provided below:
Staying anonymous during the process of browsing the various kind of websites
Encrypting the traffic of the Internet
Avoidance of the censorship in the internet
Securing the access to the internet and this done irrespective of the network type that
is Public or private
The bandwidth throttling is prevented.
Advanced Network Security Page 8 of 9
COIT20262 Assignment 2 Submission Term 1, 2019
Along with the benefits provided by the VPN there exists certain limitations of VPN over
web proxy and some of them have been listed below:
The usage of the VPN is capable of slowing down the entire internet speed as this
generally implies to more than just a server.
There is need of paying a good amount for receiving a good VPN service.
The VPN which are absolutely free of cost might be responsible for sharing the data
with the 3rd party users.
It is possible to record the connections in a log and for this reason the VPN providers
who are having not having clear NO LOGs policy needs to be selected.
Part (c)
Below are the listed some of the major security and convenience weakness which are faced
by the home user associated with the usage of the VPN for private browsing:
The use of VPN is associated with slowing down of the
It very important to select the VPN and the reason behind this is that the wrong VPN
might be capable of causing insecurity for the privacy of the user
The VPN services which are seen to be higher Quality are generally paid service
All the devices which are generally used for the purpose of browsing might not be associated
with supporting the VPNs.
Advanced Network Security Page 9 of 9
Along with the benefits provided by the VPN there exists certain limitations of VPN over
web proxy and some of them have been listed below:
The usage of the VPN is capable of slowing down the entire internet speed as this
generally implies to more than just a server.
There is need of paying a good amount for receiving a good VPN service.
The VPN which are absolutely free of cost might be responsible for sharing the data
with the 3rd party users.
It is possible to record the connections in a log and for this reason the VPN providers
who are having not having clear NO LOGs policy needs to be selected.
Part (c)
Below are the listed some of the major security and convenience weakness which are faced
by the home user associated with the usage of the VPN for private browsing:
The use of VPN is associated with slowing down of the
It very important to select the VPN and the reason behind this is that the wrong VPN
might be capable of causing insecurity for the privacy of the user
The VPN services which are seen to be higher Quality are generally paid service
All the devices which are generally used for the purpose of browsing might not be associated
with supporting the VPNs.
Advanced Network Security Page 9 of 9
1 out of 9
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.