COIT20262 Advanced Network Security Editing Service

COIT20262 Advanced Network Security Editing Service

Below mentioned solutions starts from third part, as first two parts are purely practical based.

Question 3 Access Control

The solution of the given problem is given below with brief description and snapshot of the possible practical output.

1.The topology 1 in virtnet will look like in the given below snapshot.

2.According to the given task, we need to create five users in the host machine with the realistic username. So the name of the user which we are creating is given below. And also the user creation screenshot gave for each user.

User 1 – peter

User 2 – mary

User 3 – gal

User 4 – lucy

User 5 – Katherine

3.The information stored in passwordand shadowfiles inside the etc directory are given below in the snapshot.

The passwd file contains the user related information like User Full Name, Room, Mobile Number and etc. But it doesn’t contain the password information. And this information can be easily edited here according to the requirement. But the privileged access to this file is required. Given below is the snapshot of the passwd file.

Figure2:  The snapshot of the shadow file content

The shadow file contains all the password of all the users including the root user also. Now given below is the snapshot of it.

Figure3: The snapshot of the shadow file inside the etc director

4.Three groups need to be created i.e. student, teacher, and coord. The snapshot of the group creation is given below.

Figure4: The group creation snapshot

All the newly created are needed to be assigned according to the given instruction and they are as follows.

1.User 1: primary group student

2.User 2: primary group student

3.User 3: primary group teacher

4.User 4: primary group coord, also in teacher

5.User 5: primary group is their own (No change needed)

5.There is multiple tasks given for the directory and file creation purpose. So all the task are done according to the requirement. And each of them is given below one by one and also the screenshot is given

1.Three directories will be created for user 1 and 2 these directory names are personal, shared, and security in the users home directory location. The teacher has read-only access to each students security directory. All users have read/write access to each student's shared directory. Only the user can access the personal directory.

i.User 1

ii.User 2

2.User 4 will have directory name security, and it will have inside other two directory name content and marking. Content is read-only by all teacher and marking is only accessible by the user.

3.Now,user3 has directories security and personal. security is editable by teachers and coordinators, while personally is only accessible by the user.

4.The files are created according to the instruction and their results are as follows.

5.The schedule.txt named file need to be created in newly created user home directory. Given below is the snapshot of the work done.

6.Now create the file named submit.bash in the users whose group are a student. Given below is the snapshot of the work done.

7.d

6.Now all the task are done according to the instruction. And all the user have all permission on their directories and files inside their home directories. The other requirements of the task are done according to the instruction.

7.All above task is completed according to the specific requirements. Now given below are the test result of the work done till now.

1.User 1 access other users file

2.User 2 access another user file

3.User 3 access other users file

Question

(a)All the files are copied according to the instruction and are attached with this assignment.

(b)The etc/passwd file contains all the password information of all the user who is available in this system. The password information is stored in the hashed format. The hashed format is necessary because the hashed product can’t be reversed. So it will become harder for the attacker to try and get the password using the brute force or dictionary attack. If he still gets the password then it also becomes more difficult as the password is now hashed with the random value. So the actual password and salt string are almost impossible to detect. Because each password will use different salt value.

(c)It is difficult to know that the two users has the same password is because of the hashing mechanism. The two hash result is same. But in today’s system, the password is hashed by attaching a salt variable. The salt variable is a randomly generated value. So when the hashing is done this salt is attached to the original password text. So it will make different hash result for the same password.

(d)If the malicious user obtains the files where password information is stored and if tries the brute force attack on it. It will become difficult to find the actual password for the attacker even if the attacker knows the actual hash string. Because the salt value makes it harder for them to know the actual password.

Question 4 HTTPS and Certificates

The certificate.pem and https.pcap are attached with this document.

(a)Now when we try to access the destination server using the normal HTTP it will work but the connection is not secure as we already know. But when we try to connect using the https it will show the untrusted certificate. To ensure that the certificate is genuine we have to obtain the certificate and install it in our system.

For installing the certificate first of all we need to do the following steps

1.Download the certificate using the following command

$ scp 192.168.2.21:/home/network/CERT_SHIVANGAMIN9.crt .

2.It will download the certificate in the current working directory. Now we need to create a new directory inside the ca certificate folder and copy the certificate into that directory. Using the following command.

$ sudo mkdir /usr/share/ca-certificate/certificate

$ sudo cp cert-on.cut /usr/share/ca-certificate/certificate

(b)For verifying the certificate we have to first download the certificate from the website after downloading it copy it inside the ca-certificate directory. We have to do the following things in order to verify it.

1.Now we have to configure the certificate in the system and browser. For this use the following command and follow the instruction.

$ sudo dpkg-reconfigure ca-certificates

2.Now all is done we can test the site using the following command

$ OpenSSL s_client –connect www.myuni.edu:443

(c) The digital certificate is the backbone of the internet in today’s world. The client machine (browser) rely on this signature to verify the authenticity of the website. And it is using the real certificate with a valid signature. Now the digital signature is generated by the CA servers. This signature is a mathematical scheme for verifying the authenticity of the message or data transferred over the internet between client and server machine.

Now the digital signature consists of the 3 main algorithm

1.A key generation process algorithm that contains create the private key and also provides us the public key for the client.

2.A signing algorithm, it is created by the combining message and the private key.

3.A signature algorithm which will validate the authenticity of each data. It can accept or reject the data which is received from the server or client.

(d)The private key is the most important part of the Cryptographic infrastructure. As everybody knows that the private keys are used to decrypt the data of the actual communication. So the secure communication which is happening can be compromised by the attacker using the private key and it can easily manipulate the data in the actual transmission.

Now assume the private key of a website is compromised. Now the only work is left here is to install it the system to decrypt the each traffic which is passing between the server and the client. Or the attacker can create its own fake site by deploying the public and private key of the server. The user may think that this is a genuine website but it turned out that the user data is being hijacked by the malicious user.