Scribd
Upload
47 views6 pages

COMP 455 NETWORK SECURITY AND CRYPTOGRAPHY - Kabarak University

Uploaded by

petercoolish108
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
47 views6 pages

COMP 455 NETWORK SECURITY AND CRYPTOGRAPHY - Kabarak University

Uploaded by

petercoolish108
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

KABARAK UNIVERSITY

UNIVERSITY EXAMINATIONS
MAIN CAMPUS
THIRD SEMESTER, 2022 ACADEMIC YEAR
EXAMINATION FOR THE DEGREE OF BACHELOR OF SCIENCE IN
INFORMATION TECHNOLOGY

COMP 455: NETWORK SECURITY AND CRYPTOGRAPHY

STREAM: Y4/S2 - REGULAR TIME:9:00-11:00AM


EXAMINATION SESSION: JAN. – APRIL DATE: 14/04/2022

INSTRUCTIONS TO CANDIDATES
1. Answer Question 1 and any other two questions in the answer booklet provided.
2. Do not write on your question papers. All rough work should be done in your
answer booklet.
3. Clearly indicate which question you are answering.
4. Write neatly and legibly.
5. Edit your work for language and grammar errors.
6. Follow all the instructions in the answer booklet

As members of Kabarak University family, we purpose at all times and in all places, to set apart in one’s heart,
Jesus as Lord. (1 Peter 3:15)
Kabarak University is ISO 9001:2015 Certified
Page 1 of 6
SECTION A: (COMPULSORY) TOTAL MARKS FOR THIS SECTION IS 30.

Section A Answer ALL Questions (40 Marks)


1.
a) Use the following network to answer the questions that follow
2. 2.1.1.1 C

Internet

1.1.1.3 S

A 1.1.1.1 1.1.1.2 B

i). “A claims it is B to the server S”: State TCP/IP attack in this case and explain the
vulnerability of the TCP/IP protocol exploited by the attacker (3 Marks)

ii). “C claim it is B to the server S”: state TCP/IP attack in this case and explain the
vulnerability of the TCP/IP protocol exploited by the attacker (3 Marks)
b)
i). What is the ICMP redirect message and how can it be used to perpetrate an attack
(4 Marks)
ii). Giving an example explain what a black hole is in networking and demonstrate how
in can be used to perpetrate an attack. (6 Marks)

c) Explain the following as applied in the context of network security


i). Bastion Host (2 Marks)
ii). tunneling (2 Marks)

As members of Kabarak University family, we purpose at all times and in all places, to set apart in one’s heart,
Jesus as Lord. (1 Peter 3:15)
Kabarak University is ISO 9001:2015 Certified
Page 2 of 6
d)
i). The intention of the following firewall rules was to allow TCP packets from
4.5.5.4to port 80 of 3.1.1.2 only if they come from source port1025
 deny tcp 4.5.5.4:* -> 3.1.1.2:80
 allow tcp 4.5.5.4:1025 -> 3.1.1.2:80

Explain why this rules will not achieve the intended objective and provide the correct
rules to acieve the objective. (4 Marks)
ii). What will be the result of failed login attempts if the following command is
entered into a router?
“login block-for 150 attempts 4 within 90” (2 Marks)

iii). Explain the rationale of placing web server and email server at the demilitarized
zone (4 Marks)

SECTION B. TOTAL MARKS FOR THIS SECTION IS 40.


ANSWER ANY TWO QUESTIONS FROM THIS SECTION. EACH QUESTION IN
THIS SECTION CARRIES 20 MARKS.

3.

(a)
i). Outline any FIVE common mistakes Common Firewall Configuration Mistakes
(5 Marks)
ii). “Firewalls are not Perfect” provide FIVE reasons to Justify this statement
(5 Marks)
(b)
i). Explain how a Dual homed firewall architecture is configured (4 Marks)

ii). Explain how a Screened Firewall architecture is configured (4 Marks)

As members of Kabarak University family, we purpose at all times and in all places, to set apart in one’s heart,
Jesus as Lord. (1 Peter 3:15)
Kabarak University is ISO 9001:2015 Certified
Page 3 of 6
iii). Which of the two firewall architectures in better? Explain (2 Marks)
4.
(a) Use the following firewall router with multiple internal net works to answer the
questions that follow

i). Explain what is achieved by the following rule set (5 Marks)

As members of Kabarak University family, we purpose at all times and in all places, to set apart in one’s heart,
Jesus as Lord. (1 Peter 3:15)
Kabarak University is ISO 9001:2015 Certified
Page 4 of 6
ii). Consider the following router interface rule set on NET 1. Explain what is achieved
by these rule set and demonstrate how the rule set avoids spoofing (5 Marks)

(b) Explain what is achieved by the following router configuration (3 Marks)

5.
a)
i). With aid of diagrams describe the configuration of the following types of
Demilitarized zones (DMZ)
I. Single firewall architecture (5 Marks)
II. Dual Firewall architecture (5 Marks)

ii). Outline the weakness of the single firewall architecture in designing a network
with DMZ (2 Marks)
iii). It is recommended that when designing a network with DMZ Using a Dual
Firewall architecture the firewalls be provided by two different vendors.
Explain the reason for this recommendation. (3 Marks)

As members of Kabarak University family, we purpose at all times and in all places, to set apart in one’s heart,
Jesus as Lord. (1 Peter 3:15)
Kabarak University is ISO 9001:2015 Certified
Page 5 of 6
b)
i). Describe the use of a digital signature for origin authentication (3 Marks)

ii). Y wants to send a message m = 9726 to X using RSA.


Let p=101 and q =113. Y chooses e to be 3533 . Verify if e is a correct choice. What are
the other choices for e? (2 Marks)
6.
a)
i). Identify the class of intruders that suits each of the following descriptions (2 Marks)
I. An individual who is not authorized to use the computer and who penetrates a
system's access controls to exploit a legitimate user's account
II. A legitimate user who accesses data, programs, or resources for which such access is
not authorized, or who is authorized for such access but misuses his or her privileges
III. An individual who seizes supervisory control of the system and uses this control to
evade auditing and access controls or to suppress audit collection
ii). It has been suggested that one could, with reasonable confidence, distinguish between
the behavior of a legitimate user and that of an unauthorized user who penetrates a
system's access controls to exploit a legitimate user's account. Explain how this can
be done
(2 Marks)
iii). The task of detecting a legitimate user performing in an unauthorized fashion is
difficult. Explain why this is so and how such violations may be detected (3 Marks)

iv). Distinguish between a substituting and a transposition cipher (2 Marks)


b)
i). Distinguish between Network address translation and proxy server (3 Marks)
ii). Explain how network address translation work to provide network security
(4 Marks)
iii). Outline the different types of network address translations (4 Marks)

As members of Kabarak University family, we purpose at all times and in all places, to set apart in one’s heart,
Jesus as Lord. (1 Peter 3:15)
Kabarak University is ISO 9001:2015 Certified
Page 6 of 6

You might also like