1. Text reading Chapters 23 – 26 2. Textbook questions (70 points)

1. Text reading

Chapters 23 – 26
2. Textbook questions (70 points) Chapter 23

Review questions:
23.1 What are the principal elements of a Kerberos System?
23.3 What are the differences between versions 4 and 5 of Kerberos? 23.6 What is the role of a CA in X.509?
23.9 What is a public key infrastructure?

Chapter 24

Review questions:
24.2 Define the extended service set.
24.3 List and Briefly define IEEE 802.11 services
24.6 What security areas are addressed by IEEE 802.11i?
24.7 Briefly describe the four IEEE 802.11i phases of operation.

Problems:
24.1 In IEEE 802.11, open system authentication simply consists of two communications. An authentication is requested by the client, which contains the station ID (typically the MAC address). This is followed by an authentication response from the AP/router containing a success

or failure message. An example of when a failure may occur is if the client’s MAC address is explicitly excluded in the AP/router configuration.
a. What are the benefits of this authentication scheme?
b. What are the security vulnerabilities of this authentication scheme?

Chapter 25

Review questions:
25.5 What do the permissions “read,” “write” and “execute” mean when applied to directories? 25.8 What effect does “setgid” have on directories? On files?
25.12 What is a rootkit? Why are they hard to detect?

Problems:
25.2 Why are system permissions so important in the Linux DAC model? How do they relate or map to the concept of “subject-action-object” transactions?

Chapter 26

Review questions:
26.1 What are the two kinds of ACLs in Windows, and what does each do? 26.2 On Windows, which privilege overrides all ACL checks, and why? 26.8 Why does XBox Live use only IPSec and not IPv4?

Problems:
26.1 Paig’s (simplified) token looks like this: User: FOOCorp\PaigeH
Groups: Everyone

Authenticated Users

Developers
Her word processor attempts to open a file for RWX access, and the file has the following ACL: Administrators: Full Control
Authenticated Users: RW
Developers: RWD

Will Paige be granted access to the object? Why or why not?

3. Practical Assignment:

3.1.1 Identify the key elements in the certificate, including the owner’s name and public key, its validity dates, the name of the CA that signed it, and the type and value of signature.
3.1.2 State whether this is a CA or end-user certificate, and why.
3.1.3 Indicate whether the certificate is valid or not, and why.

3.1.4 State whether there are any other obvious problems with the algorithms used in the certificate.

Repeat the same process and answer the same set of questions shown above by visiting https://revoked-ecc-ev.ssl.com/.
(10 points)

3.2 Review the following document (NIST SP 800-187, Guide to LTE Security) and briefly answer the following questions. (20 points)

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-187.pdf

Note: You don’t have to refer to additional materials to answer the following answers. If you do, please include a list of references in your submission.
The NIST special publications (SP) are a collection of body of knowledge in cybersecurity (some are very technical) that serves as guiding documents for the federal document. If you are interested in further reading, please access them through https://csrc.nist.gov/publications/sp.

3.2.1 In LTE, what are the components in the category of User Equipment (UE)?
3.2.2 What are the LTE protocols that set the foundation for TCP/IP networks?
3.2.3 How does LTE differ from f GSM and UMTS in terms of cryptographic algorithms? 3.2.4 What is a security domain in LTE networks?
3.2.5 What are the main security threats against LTE networks?
3.2.6 In LTE networks, what are rogue base stations and why they pose a security threat? 3.2.7 According to the guide, what are the recommended practices to secure LTE networks?