William Slater's CYBR 515 Blog

William Slater's CYBR 515 Blog
CYBR 515 - Security Architecture and Design

Friday, October 7, 2011

Post 018 - CYBR 515


Week 5 Assignments

Theme for the Week - Security using Transport Layer Services
Learning Objectives:
Differentiate between Secure Socket Layer (SSL), Transport Layer Security (TLS), Hypertext Transfer Protocol Secure (HTTPS), and Secure Shell (SSH).
Create a model that depicts the four phases of the handshake protocol for SSL.
Describe how SSL/TLS is used to encrypt Web traffic for HTTPS.
Explain how the key exchange process is implemented in SSH.

Readings:
Chapter 5 in your textbook.
This week:
This week's lesson continues our exploration of protocols that implement symmetric and asymmetric encryption techniques. We will examine four protocols that operate in the Transport layer of the protocol stack: Secure Socket Layer (SSL), Transport Layer Security (TLS), Hypertext Transfer Protocol Secure (HTTPS), and Secure Shell (SSH). SSL/TLS is a means of providing end-to-end encryption using certificates and key exchanges. HTTPS makes use of SSL/TLS to secure Web-based traffic from browser to server. SSH was originally designed to replace telnet for remote access, but has taken on a wider role, including file transfer and email. As part of our reading assignment, we will study descriptions and models that show in great detail how these protocols work. Now let's get started.
Assignment 5_1 (On-line Quiz)
Take this ten question true/false and multiple choice chapter quiz over the reading assignment. Quizzes are a "participation grade," which means that you can retake them as many times as necessary. However, please be aware that low scores are a sign that you need to go back to the reading assignment, slow down, and read more carefully.

You need to take the quiz by the end of the week to earn credit.

Assignment 5_2 (Post to this week's discussion forum)
Post a substantive answer to one of the following questions. Please select a question that has not been previously answered by one of your classmates, until all questions have been answered at least once. Once that has been done, you may select any question that has only been answered once. Once you have submitted your initial post, read each initial post and respond to at least three. Remember to cite your sources.

1. Which one of the big three transport-level security protocols (SSL/TLS, HTTPS, and SSH) is the most vulnerable to attack and why? Provide an example of how someone might attack it.

2. In most secure Web sessions, SSH authenticates the Web server using certificates. How does this process work?
Hint: You might start by opening Internet Explorer and navigating to Tools->Internet Options->Content->Certificates.

3. What are the primary differences between SSL version 3 and TLS as defined in RFC 5246.

4. What does hash (ClientHello.random || ServerHello.random || ServerParams) mean? In your answer, you should include an explanation of the symbols that are used.

5. How are the keys protected during key exchange in an SSH packet exchange? In your answer, provide specific examples of how it is done, and state your opinion as to why or why not the key exchange process adequately protects the keys.

6. In SSH, what is the difference between local forwarding and remote forwarding. Provide an example of where you might use each type of forwarding that is not in your book.

7. As a network designer, where would these protocols (SSL, HTTPS, and SSH) be implemented and why? If you wish, you may propose a hypothetical secure network to use as a framework for your answer.

8. Why was it necessary to develop SSH to replace telnet? Use the Internet and other appropriate sources to locate information on this question. Be specific, and remember to cite your sources. As part of your answer, explain what is better about SSH.

9. Most network administrators agree that the TCP/IP protocol stack doesn't implement the Session layer from the Open Systems Interconnect (OSI) model. However, in the explanation of how Transport layer protocols work, our author uses the term "session" frequently. Are the network administrator wrong, or is it just a misunderstanding? Elaborate.

10. What is an SSH tunnel and how does it work?
Our trivia question for the week: What is the Star Property and why is it called the Star Property?

General Posting Guidelines (for participation): Postings are counted as participation for the week. Make sure all postings for this week's assignments are posted to this week's discussion forum. You must post at least two substantive messages to get minimum credit for participation (a 'C' grade). Two messages on different days gets a 'B' for participation - more postings (including answering other questions) get more credit. To qualify for an 'A' grade, you must post at least three critical thinking messages on three different days. Postings on the last day of the lesson will not count for credit since other students will not have sufficient time to respond or participate in your discussion. Post early and often. Don't wait until the last minute!

Assignment 5_3
Implementing SSL/TLS, HTTPS, and SSH is a matter of configuring clients, servers, and network infrastructure. For this assignment, select one of the three protocols and create a one page plan for implementing it for a generic organization. For example, you could choose installation of a SonicWall Virtual Private Network (VPN) server that implements an HTTPS tunnel. Your plan would include general instructions for installing the SonicWall security appliance, configuring it to access authentication information from an existing LDAP database (Windows Active Directory would work), defining authorized users, and setting permissions to allow them to use the VPN. Include a simple network diagram showing notional IP addresses and port numbers (an HTTPS VPN would use TCP port 443.) Please note that your plan doesn't have to be a highly detailed, step by step checklist. All I am looking for is a general explanation of the work that needs to be done to implement the protocol for a particular application.
Save your work to a Word document as CYBR515 Assignment 5_3 and attach it to this assignment.

Assignment 5.4 Milestone 2 (Due next week)
You should devote some time to the Milestone 2 submission for your semester project this week. The next set of deliverables are due on the last day of Week 6. Get started as soon as you can to avoid the last minute rush.

No comments:

Post a Comment