CONFIDENTIAL

MALAYSIAN INSTITUTE OF INFORMATION TECHNOLOGY

FINAL EXAMINATION
JANUARY 2014 SEMESTER
SUBJECT CODE

INB35303

SUBJECT TITLE

NETWORK SECURITY

LEVEL

BACHELOR

TIME / DURATION

(2 HOURS)

DATE

4th JUNE 2014

INSTRUCTIONS TO CANDIDATES

1. Please read the instructions given in the question paper CAREFULLY.

2. This question paper is printed on both sides of the paper.
3. Answer ALL questions.
4. Please write your answers on the answer booklet provided.

THERE ARE 4 PAGES OF QUESTIONS, EXCLUDING THIS PAGE.

JANUARY 2014

CONFIDENTIAL

INSTRUCTION: Answer ALL questions.

Please use the answer booklet provided.

QUESTION 1: Vulnerability, Threats & Attacks

a) Describe TWO (2) BENEFITS of performing WEB VULNERABILITY SCANNING. Include
TWO (2) examples of web vulnerability scanning tools that you know to support your
answer.
(8 marks)

b) What is the DIFFERENCE between a TROJAN HORSE and a TROJAN BACKDOOR?

Include some examples to support your answer.
(7 marks)
c) Discuss how a WORM spread in a network and suggest a MITIGATION PLAN to secure
networks from a worm attack. Use a diagram to support your answer.
(10 marks)

[25 MARKS]
QUESTION 2: Securing Devices and LAN Security
a) Describe the following EDGE ROUTER implementation approach listed below, used to
secure the perimeter of networks. Use a diagram to support your answer.
i.

SINGLE ROUTER APPROACH

(3 marks)

ii.

DEFENSE IN-DEPTH APPROACH

(3 marks)

iii.

DMZ APPROACH

(3 marks)

b) What does the following command will do?

i.

login block-for 300 attempts 3 within 120

(3 marks)

ii.

secure boot-config restore run-cfg-20140604-050201.ar

(2 marks)

iii.

service password encryption

(2 marks)

c) Discuss the THREE (3) common ATTACKS in Local Area Network (LAN) environment.
(9 marks)
[25 MARKS]
INB_35303 NETWORK_SECURITY

JANUARY 2014

CONFIDENTIAL

QUESTION 3: Cryptographic Systems

a) List TWO (2) examples of SYMMETRIC KEY algorithms.

(4 marks)

b) Apply SUBSTITUTION methods with KEY=4, then followed by TRANSPOSITION

methods with KEY=5 to the below CIPHERTEXT in order to reveal its secret message.

CIPHERTEXT = [ATSIVEPGHI]
(8 marks)
c) The military secret service of Malaysia has tapped into terrorist communication and
obtained an encrypted abort code to disable a bomb targeted for KLCC. The secret
random prime number believed to create the terrorist cryptosystem is p=11 and q=5 and
the public key used to lock the code is believed to be e=23. Decrypt the FOUR (4) secret
alphabets [39, 25, 20, 26] to recover this abort code. (Note: Assume A=1, B=2, C=3
Z=26 to convert your finalized answer digits, back into alphabetical plaintext.)
(13 marks)

Given are the general formulas for RSA cryptosystem:

N=p*q
r = (p-1)(q-1)
= lcm [(p-1),(q-1)]
d * e 1 (mod r)
Message = Cd mod N
Cipher = Me mod N
[25 MARKS]

INB_35303 NETWORK_SECURITY

JANUARY 2014

CONFIDENTIAL

QUESTION 4: Implementing Firewall and Virtual Private Networks (VPN)

Diagram 1: B2B Corporation Logical Topology

DEVICE
R1

INTERFACE

IP ADDRESS

SUBNET MASK

DEFAULT
GATEWAY

SWITCH
PORT

FA0/1

192.168.1.1

255.255.255.0

N/A

S1 FA0/5

S0/0/0 (DCE)

10.1.1.1

255.255.255.252

N/A

N/A

S0/0/0

10.1.1.2

255.255.255.252

N/A

N/A

S0/0/1(DCE)

10.2.2.2

255.255.255.252

N/A

N/A

FA0/1

192.168.3.1

255.255.255.0

N/A

S4 FA0/5

S0/0/1

10.2.2.1

255.255.255.252

N/A

N/A

NTP

NIC

192.168.1.5

255.255.255.0

192.168.1.1

S1 FA0/6

Syslog

NIC

192.168.1.6

255.255.255.0

192.168.1.1

S3 FA0/12

TACACS+

NIC

192.168.3.5

255.255.255.0

192.168.3.1

S4 FA0/18

PC-A

NIC

192.168.1.7

255.255.255.0

192.168.1.1

S1 FA0/10

PC-B

NIC

192.168.1.8

255.255.255.0

192.168.1.1

S2 FA0/10

PC-C

NIC

192.168.3.6

255.255.255.0

192.168.3.1

S4 FA0/10

R2
R3

Table 1: IP Addressing Scheme for Diagram 1

INB_35303 NETWORK_SECURITY

JANUARY 2014

CONFIDENTIAL

ISAKMP Phase 1 Policy Parameters

R1

R3

Key Distribution Method

ISAKMP Policy No.
Encryption Algorithm
Hash Algorithm
Authentication Method
Key Exchange
ISAKMP Key
ISAKMP Phase 2 Policy Parameters
Transform Set Name
Peer Hostname
Network To Be Encrypted
Peer IP Address
Crypto Map Name & No.
SA Establishment

ISAKMP
10
AES
SHA-1
Pre-share
DH2
myvpn4u
R1
VPN-SET, esp-sha-hmac
R3
A
C
MYVPN-MAP; 10
ipsec-isakmp

ISAKMP
10
AES
SHA-1
Pre-share
DH2
myvpn4u
R3
VPN-SET, esp-sha-hmac
R1
B
D
MYVPN-MAP; 10
ipsec-isakmp

Table 2: ISAKMP Phase 1 and ISAKMP Phase 2 Policy Parameters

SCENARIO:
B2B Corporation wishes to implement a VPN Tunnel from site A (Router R1) to
site B (Router R3), to secure their network sites communication.

Analyze Diagram 1, Table 1 and 2, and then answer the following questions:
(a)

What is the network value A and B and peer IP value C and D stated in
Table 2?

(b)

(4 marks)

Apply ACL 110 at R1, to identify the traffic from the LAN on R1 to the LAN on R3 as
interesting.

(3 marks)

(c)

Apply ISAKMP Phase 1 properties on R1.

(7 marks)

(d)

Apply ISAKMP Phase 2 properties on R1.

(9 marks)

(e)

Apply crypto map on the outgoing interface on R1.

(2 marks)
[25 MARKS]

END OF QUESTION

INB_35303 NETWORK_SECURITY