User Account

All Pages

What are the inherent flaws in using multiple packets

Assignment Help Software Engineering
Reference no: EM131999074

Instructions

This assignment consists of three questions each of equal value. They con¬sist of common tasks required of a system administrator-tasks I have had to do at some time in the past.

Clear Layout

It is vitally important that your assignment is clearly laid out with ques-tions and parts of questions clearly defined. It must be a straight for¬ward matter for the examiner to determine that you have completed each exercise satisfactorily. We want quality not quantity. Poorly or¬ganised submissions will be rejected or receive a poor mark.

A text file or PDF/A document typeset using vanilla DTEX are preferred over a document produced by a word-processor. If you must use Microsoft Word please export your document as PDF/Al not PDF.

Command Output
When answering these questions you will have to run commands under Linux-whenever a command is run you will need to:

a. explain in your own words the purpose of the command in the context of the assignment question. (Please do not just copy the "Description" section from the man page!) Also, you need to ex-plain in your own words all terminology used-as if you were ex¬plaining to an average user! (Please show you understand what you are doing!)

b. show that the command worked-either from its output or the output from another command.

c. To capture text output from programs you will have to redirect the output to a file or use the command script. If you are us-ing the command script turn off the tty escape sequences that change the colour of console text-the escape sequences will ap¬pear in output file and make it impossible to read.

Question 1
A "gateway" machine has been setup for a small business. The following "firewall" script is run on the "gateway" machine before the gateway's interfaces are brought up-

#!/bin/bash

iptables -F iptables -t nat -F

iptables -X iptables -t nat -X

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -i eth1 -p tcp -s 192.168.67.0/24 --dport 22 \

-m state --state NEW -j ACCEPT

iptables -A INPUT -i eth1 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

iptables -A OUTPUT -o eth1 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -t nat -A PREROUTING -i eth0 -p tcp -d 163.72.140.107 --dport 25 \

-  j DNAT --to-destination 192.168.67.23:25 iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.67.0/24 \

-  j SNAT --to-source 163.72.140.107

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables - A FORWARD - i ethl -p tcp -s 192.168.67.0/24 --dport 80 \

                              - m state --state NEW -j ACCEPT

iptables - A FORWARD - i eth1 -p tcp -s 192.168.67.0/24 --dport 443 \

                              - m state --state NEW -j ACCEPT

iptables - A FORWARD - i eth0 -p tcp -d 192.168.67.23 --dport 25 \

                              - m state --state NEW -j ACCEPT

iptables - A FORWARD - p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

Using the script above answer the following questions:

a. Explain, in your own words what a "gateway" machine is and what it is used for.

b. Explain the general purpose of the firewall above. Your explanation should include a description of the networks the gate¬way machine is connected to, how it is connected, and what pack¬ets are being allowed into and out of the gateway machine.

Note: this is a "general description" do not make any explicit reference to the commands above.

c. Explain in detail the reason for including lines 12 and 18.

d. Explain in detail the reason for including lines 13 and 19.

e. Explain in detail the reason for including lines 21, 32 and 34.

f. Explain in detail the reason for including lines 23, 28, 30 and 34.

Question 2

As the system administrator you would like to SSH to a gateway machine (see Exercise 1) from off-site. Unfortunately that would mean opening the SSH port to the world-and currently that is against your organisations security policy.

A friend tells you of the concepts of "port knocking" and "single packet authorization" (SPA) - a way of temporarily opening a hole in a firewall to let an authorised connection through. This sounds exactly what you need so you study up on "port knocking" and "single packet authoriza¬tion" and experiment with the software "fwknop".

To convince your supervisor that the software "fwknop" should be in-stalled to allow access to the gateway machine from the Internet you write a report on "port knocking" and SPA with examples of securely configuring and using "fwknop".

Your report will need to include the following:

a. What is "port knocking" and what are the inherent flaws in using multiple packets?

b. What is "single packet authorization" and how this addresses the flaws of multi-packet "port knocking".

c. What is the data encapsulated in an SPA packet and fwknop in particular and how is it protected?

d. The steps taken and the configuration file or files you needed to modify to open a secure temporary hole in a firewall using fwknop. Include an explanation in your own words of the purpose of every command used and every line in the configura¬tion file or files.

e. The firewall on the virtual machine. Use the output from the command ipt ables -L -v to show that the machine has been firewalled.

f. Output showing that fwknop worked. A successful SSH session and the output from the command iptables -L -v to show the hole that fwknop has created in the firewall.

Question 3

The Australian Government's "Data Retention" legislation requires ISPs to retain, for two years, the IPs of all remote systems accessed by their users. The legislation created a lot of interest in VPNs as a way to ensure Internet privacy. Most people have become aware of VPNs but have very little knowledge of the technical aspects of VPNs.

In about a page, explain in your own words what a VPN is, what it is used for and how it works. As there are a number of VPN technologies, use the popular technology OpenVPN as the basis of your explanation.

Your explanation should include:
- In general terms what a VPN is,
- examples of where a VPN may be useful explicitly ex-plaining the problem they overcome and how they overcome it (e.g. Using a VPN to access Netflix USA: what is the problem and how is it overcome using a VPN?),
- the technologies used in SSL/TLS VPNs such as Open-VPN, and
- how the technologies are used to ensure a secure Inter¬net connection between two networks or a remote machine and a network over the public insecure Internet
Hint: One way to answer this question is to describe the steps the software goes through to establish and maintain a connection.

a. We are not discussing here web browser SSL connections (though the technology is the same) this is a discussion of a VPN with all that implies.

b. This is an extremely technical topic and I do not expect you to cover all aspects of it. But you should explain all terms used in your answer (not covered in the study book), for example, VPN, SSL/TLS, certificates, HMAC, key authentication, session keys, ...

c. You do not have to implement an OpenVPN connection - though it may be helpful in understanding the underlying technologies.

d. List all resources used in answering the question.

Verified Expert

The solution file is prepared in ms word which discussed about the gateway , firewall, firewall program in Linux explanation , port knocking, single port authorization, fwknow -l -v command , virtual private network, SSL, and steps are listed to implement vpn. The screen shots of the command in linux are attached in the solution and references are included as pr ieee format.

Reference no: EM131999074

Questions Cloud

Long term impact on democrats : While Nixon was a republican, why did this public sentiment also have a long term impact on democrats, considering their philosophy of government?
Why was president richard nixon forced to resign : Why was President Richard Nixon forced to resign? Your answer should include details of the conspiracy.
What is one share of this stock worth today : What is one share of this stock worth today at a required return of 8.5 percent?
Argument in the supreme court in brown : What was the essence of Thurgood Marshall's argument in the Supreme Court in Brown vs. the Board of Education?
What are the inherent flaws in using multiple packets : csc3412 - What is port knocking and what are the inherent flaws in using multiple packets - What is single packet authorization
Percentage of your gross pay that is taken for deductions : Examine your last pay check. Determine the percentage of your gross pay that is taken for deductions.
Oxford history of south africa controversial : What made the Oxford History of South Africa controversial, and what were the major criticisms of it by the radical historians?
Estimate growth rate for your firm earnings per share : Estimate a growth rate for your firm's Dividends per Share. Estimate a growth rate for your firm's Earnings per Share (EPS).
Four pivotal elections in the twentieth century : Which one of these do you think is the most significant and why? Consider what changed (or did not change) with regards to political party lines

Reviews

len1999074

5/28/2018 6:22:08 AM

Students can apply for an extension of time to submit an assignment at any time up to the deadline. Students are advised to make a request for an extension as soon as their need becomes apparent. Delay in making a request involves the risk of losing marks if the request is refused. The examiner may grant a short extension of the deadline for submis¬sion of an assignment. Extensions are usually granted only in cases of Compassionate and Compelling Circumstances in accordance with the Assessment of Compassionate and Compelling Circumstances Proce¬dure. Generally, extensions will be limited to a maximum of five Uni¬versity Business Days. A Student requiring an extension for a period of time in excess of this should consider applying for a Deferred Assess¬ment as per section 4.4 of the assessment procedure.

Write a Review

Software Engineering Questions & Answers

  Research report on software design

Write a Research Report on software design and answer diffrent type of questions related to design. Report contain diffrent basic questions related to software design.

  A case study in c to java conversion and extensibility

A Case Study in C to Java Conversion and Extensibility

  Create a structural model

Structural modeling is a different view of the same system that you analyzed from a functional perspective. This model shows how data is organized within the system.

  Write an report on a significant software security

Write an report on a significant software security

  Development of a small software system

Analysis, design and development of a small software system.

  Systems analysis and design requirements

Systems Analysis and Design requirements

  Create a complete limited entry decision table

Create a complete limited entry decision table

  Explain flow boundaries map

Explain flow boundaries map the dfd into a software architecture using transform mapping.

  Frame diagrams

Prepare a frame diagram for the software systems.

  Identified systems and elements of the sap system

Identify computing devices, which could be used to support Your Improved Process

  Design a wireframe prototype

Design a wireframe prototype to meet the needs of the personas and requirements.

  Explain the characteristics of visual studio 2005

Explain the characteristics of Visual Studio 2005.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd