COIT20262 – Advanced Network Security, Term 2, 2019
|Assignment 2 Questions Due date:||10am Monday 14 October 2019||ASSESSMENT|
Attempt all questions.
This is an individual assignment, and it is expected students answer the questions themselves. Discussion of approaches to solving questions is allowed (and encouraged), however each student should develop and write-up their own answers. See CQUniversity resources on Referencing and Plagiarism. Guidelines for this assignment include:
- Do not exchange files (reports, captures, diagrams) with other students.
- Complete tasks with virtnet yourself – do not use results from another student.
- Draw your own diagrams. Do not use diagrams from other sources (Internet, textbooks) or from other students.
- Write your own explanations. In some cases, students may arrive at the same numerical answer, however their explanation of the answer should always be their own.
- Do not copy text from websites or textbooks. During research you should read and understand what others have written, and then write in your own words.
- Perform the tasks using the correct values listed in the question and using the correct file names.
File Names and Parameters
Where you see [StudentID] in the text, replace it with your actual student ID. If your student ID contains a letter (e.g. “s1234567”), make sure the letter is in lowercase.
Where you see [FirstName] in the text, replace it with your actual first name. If you do not have a first name, then use your last name. Do NOT include any spaces or other non-alphabetical characters (e.g. “-“).
Submit two files on Moodle only:
- The report, based on the answer template, called [StudentID]-report.docx.
- A ZIP file, called to [StudentID]-files.zip, containing all other files. Do not include your report in this ZIP file, and do not include any directories. Only include those files named in the questions. Do not use rar, 7z, tgz or other formats – only ZIP.
A separate spreadsheet lists the detailed marking criteria.
Discuss, Explain, Design Style Questions
A number of questions in this assignment require short, specific answers. These will normally be marked on correctness. That is, if the answer given is correct, then full marks, otherwise 0 marks. In some cases, partial marks may be given.
Other questions require more elaborate answers. They typically include words such as discuss, explain, design, compare or propose. For such questions, to achieve full marks your answer should not only be correct, but also clear and detailed. While your answers don’t necessarily have to be long (many paragraphs), the level of detail should be similar to that covered in lectures. Some hints on writing your answers to these style of questions include:
- Use terminology that has been used throughout the lectures. Using non-standard terminology, or terminology that significantly differs from that in this topic, is an example of unclear writing.
- Be specific, referring to files, algorithms, keys or other relevant data elements.
- When relevant, use examples to assist your explanation (although don’t use just examples; give a general explanation as well).
- Including wrong or irrelevant information in your answer will result in low marks. An answer with multiple wrong/irrelevant statements as well as a correct statement, may receive 0 marks.
- Don’t rely heavily on images (unless they are asked for). If you do include images, then draw them yourself – don’t take images from the Internet, textbook or lecture notes.
Questions 1 and 2 require you to use virtnet topology 5. The questions are related, so you must use the same nodes for all three questions.
- node1: client; assumed to be external from the perspective of the firewall.
- node2: router; gateway between the internal network and external network. Also runs the firewall.
- node3: server; assumed to be internal from the perspective of the firewall. Runs a web server with HTTPS and a SSH server for external users (e.g. on node1) to login to.Will contain accounts for multiple users.
Question 1. HTTPS and Certificates
For this question you must use virtnet to study HTTPS and certificates. This assumes you have already setup and are familiar with virtnet. See Moodle and tutorial instructions for information on setting up and using virtnet, deploying the website, and testing the website.
Your task is to setup a web server that supports HTTPS. The tasks and sub-questions are grouped into multiple phases.
Phase 1: Setup Topology
- Create topology 5 in virtnet.
- Deploy the MyUni demo website, with node3 being the real web server.
- Change the domain name from www.myuni.edu to www.[StudentID].edu by editing the /etc/hosts file on node1.
Phase 2: Certificate Signing Request
You will need to use the files made available to you for download from Assignment 1.
- Using [StudentID]-keypair.pem you must create a Certificate Signing Request called [StudentID]-csr.pem. The CSR must contain these field values: • State: state of your campus
- Locality: city of your campus
- Organisation Name: your full name
- Common Name: www.[StudentID].edu
- Email address: your @cqumail address
- Other field values must be selected appropriately.
Phase 3: Certificate from CA
Send your Certificate Signing Request file to your Certificate Authority. The method of contacting your CA will be published on Moodle. You will be issued with a certificate called [StudentID]-cert.pem from CA (or in the case of an error, a response indicating the CSR is not valid).
Note that there may be a delay of up to 24 hours during weekdays (and 48 hours over the weekend) for the CA to respond to your CSR. Further details of the process can be found on Moodle.
Phase 3: HTTPs Configuration
- Configure Apache web server on node3 to use HTTPS. Remember the domain name must be www.[StudentID].edu where [StudentID] is replace with your actual student ID.
- Load the CA certificate into the client on node1. The CA certificate can be downloaded from Moodle.
Phase 4: Testing
- Start capturing on node2 using tcpdump.
- On node1, use lynx to visit https://www.[StudentID].edu/grades/ and login to view some grades.
- Exit lynx.
- Stop capturing and save the file as [StudentID]-https.pcap.
Phase 5: Analysis
(a) Add the CSR [StudentID]-csr.pem to [StudentID]-files.zip.
(b) Add the issued certificate [StudentID]-cert.pem to [StudentID]-files.zip.
(c) Add the packet capture [StudentID]-https.pcap to [StudentID]-files.zip.
Assuming an attacker only has access to the packet capture (i.e. traffic between web browser and web server – they don’t know about the network structure or that there are only three nodes), for the following, discuss what the attacker learns and how, or what they cannot learn and why not. For example, if the attacker can learn the information, explain what is the value they learn, what packet(s) they learn it from and how. If the attacker cannot learn the information, then explain why they cannot learn it.
What does the attacker know about the:
(d) domain of the website that the client visited
(e) IP address of the client’s computer
(f) application layer protocol being used between client and server
(g) specific web page a client requested
(h) size of a web page sent by server to client
(i) username and password the client uses to login to the grading system
(j) browsing behaviour of the web browser user, with regards to when they navigate between pages
(k) encryption algorithm(s) used, if any
(l) CA that the web server uses.
Now consider the role of certificates in this question.
(m)There were two different certificates exchanged between server and browser. For each certificate complete the following information.
|Information||Certificate 1||Certificate 2|
|Whose public key is included?|
|What hash algorithm was used in signing?|
|Whose private key was used when creating the certificate?|