University of XYZ - Advanced Network Security Report - Semester 2

Verified

Added on 2021/05/30

AI Summary

This report delves into various aspects of advanced network security, starting with cryptographic operations using OpenSSL, detailing commands, key generation, and encryption techniques. It then explores HTTPS and certificates, covering virtual network setups, web server configurations, certificate authority processes, and analysis of TLS cipher suites. The report further examines Linux access control and passwords within a virtual network environment, including user management, group creation, and access rule testing. Firewall configurations are analyzed through network diagrams and rule sets, emphasizing secure default policies. Finally, the report concludes with a discussion on securing wireless networks, providing recommendations for a small company's new building, including WPA encryption, MAC filtering, and D-Link access point security features. The report provides a comprehensive overview of key network security concepts and practical implementations.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

ADVANCED NETWORK SECURITY

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Table of Contents
1. Cryptographic Operations with Open SSL...............................................................................3
2. HTTPS and Certificates............................................................................................................3
3. Access Control.........................................................................................................................5
4. Firewalls...................................................................................................................................6
5. Wireless Network Security.......................................................................................................8
References........................................................................................................................................9
2

1. Cryptographic Operations with Open SSL
The cryptographic operations with Open SSL are used to perform the set of cryptographic
operation and it performs the following operations, Record the all the commands, Generate the
128 bit random value, Generate the RSA key pair, Extract user public key, Sign the created
message file, create new message or plain text, Encrypt the message file and encrypt the key text
file using RAS algorithms. These file are attached in below (Sergiienko, 2014).
2. HTTPS and Certificates
Here, we will use the virtual network to study the HTTPs and certificate. It performs the various
operations like Create topology 4 in virtual network, Setup the web server to support the HTTPS,
Capture the traffic from web server, Deploy the website, and Analyze and test HTTPS
connection (Ben-Ari and Dolev, 2011). The setup web server is used to obtaining the certificate
authority and it involves the following activities
1. Generate the Signing Request
2. Send the certificate signing request.
a)
The setup web server files are attached here.
b) Message Sequence Diagram
3

c)
How many bytes is the hash value in the certificate signature? less than 256 bytes
What hash algorithm is used to generate the certificate signature? RSA Algorithm
What encryption algorithm is used to generate the certificate
signature?
Symmetric-key encryption
algorithms
How many bytes is the public key modulus in the certificate? 270 bytes
In the TLS cipher suite used between client and server, what
algorithm is used for:
- Encrypting session data? Yes
- Hashing for the MAC? Yes
-Key exchange? Yes
4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

How many bytes of random data are sent from the client to server
at the start of the handshake?
256 bytes
d)
The certificate authorities are using the self signed certificates because the self signed
certificates are providing the trusted certificate authority and it enables the same level of
encryption. But, it has two major drawbacks like visitors connection could be hijacked and it is
allowing the attacker view all the data send and another drawbacks is to the certificate cannot be
revoked like a trusted certificate can. So, self signed certificates are needs another certificate
authority’s certificate (Cruz Zapata, 2014).
e)
The certificate authorities should be providing the security for private keys by storing then
offline in special hardware devices. But, attacker is use the certificate authority private key.
Because, it does not verifies the identity of the certificate applicant. So, malicious users are using
the private key and it creates the various issues and it needs to revoke.
3. Access Control
Here also we will use virtual network to study the Linux access control and passwords
(Carnevale, Rose and Hanson, 2012). It performs the various operations such as,
1. Create the new topology
2. Create the five new users
3. Also create the password
4. Create two new groups
5. Creates the files and directories
6. Provide the access control and rules
7. Finally, test the access control.
a)
The files are attached here.
5

b)
Basically, the Linux operating system is stored the user information in /etc/passwd. But
the encrypted password is not stored in /etc/passwd. It is stored in /etc/shadow file. The
encrypted password also stored in /etc/passwd. It is readable by the super user only (Krause,
2013).
c)
The mandatory based access control is the strictest of all levels of control. It takes the
hierarchical approach to controlling the access to resources. The role based access control is used
to takes more of a real world approach to structuring the access control. It assigns the
permissions to particular roles in an organization (Xiao, Shen and Du, 2011).
4. Firewalls
a)
Network Diagram
6

The above network diagram displays the three subnets such as DMZ, Student and Staff. It
using the three router and these are referred as DMZ, Student and staff router. The routers are
connected to the switches (Harrington, 2005). The Student subnet has the one router, switch and
three PC. The router IP address is 10.4.20.0. The DMZ subnet IP address is 10.4.0.0. The Staff
subnet IP address is 10.4.10.0. These are interconnecting with each other (Sslshopper.com,
2018).
b)
Firewall rules
Rule no. Transport Source IP Source Port Destination IP Destination Port Action
1 TCP 10.4.10.10 80 10.4.20.10 80 Allow
2 TCP 10.4.10.11 80 10.4.20.11 80 Allow
3 TCP 10.4.10.12 80 10.4.20.12 80 Allow
The Above table displays the firewall rules. It is used to block the TCP network traffic
between the client and server that is student and staff subnet. The First firewall rule Source IP
address is 10.4.10.10 and destination IP address as 10.4.20.10 that means. The Firewall allows
the action to block the TCP network traffic from the source IP address to destination address.
Similarly firewall allows the action between the staff and student subnet (Barker and Roginsky,
2011).
c)
In IP tables, the default rule is ACCEPT everything. But, this is not secure firewall. So,
set the secure firewall by using another default policies are DROP everything (Centos.org, 2017).
It is shown below (Sawant et al., 2017).
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

5. Wireless Network Security
A small company has the 50 employees and it moving into a new building. It needs to
recommendation and advice to secure a company network. The recommendation is used to
deploying a secure wireless network in the building. These are discussed in below.
a)
Secure a organization network,
 Disable remote administration
 Reduce WLAN transmitter Power
 Use MAC filtering for Access control
 Secure organization wireless router and access point administration interface
 Enable WPA encryption instead of WEP
b)
The consult recommended that to select the D - Link wireless access point because it is
used to provide the network connectivity solution to small and medium sized business. It is
easily extends the business network and providing the enough connection ports to allow not only
the inclusion of the computers on your system (Thai, 2012).
c)
Security Features for D - Link
 Web redirection
 Network access protection
 High performance connectivity
 MAC address filtering
 WLAN partition
 Internal RADIUS server
 Robust security
 ARP spoofing prevention
8

References
Barker, E. and Roginsky, A. (2011). Transitions. [Gaithersburg, MD]: U.S. Dept. of Commerce,
National Institute of Standards and Technology.
Ben-Ari, E. and Dolev, R. (2011). Microsoft Forefront UAG 2010 Administrator's Handbook.
Birmingham: Packt Pub.
Carnevale, A., Rose, S. and Hanson, A. (2012). Certificates. Washington, D.C.: Georgetown
University, Center on Education and the Workforce.
Cruz Zapata, B. (2014). Testing and securing Android Studio applications. Birmingham, UK:
Packt Pub.
Harrington, J. (2005). Network security. Amsterdam: Elsevier.
Krause, J. (2013). Microsoft DirectAccess best practices and troubleshooting. Birmingham, UK:
Packt Pub.
Sawant, U., Pelz, O., Hobson, J. and Leemans, W. (2017). Linux. Birmingham: Packt Publishing.
Sergiienko, A. (2014). WebRTC Blueprints. Packt Publishing.
Thai, M. (2012). Group testing theory in network security. New York, NY: Springer.
Xiao, Y., Shen, X. and Du, D. (2011). Wireless network security. New York: Springer.
9