23.1 What are the principal elements of a Kerberos System?
23.3 What are the differences between versions 4 and 5 of Kerberos?
23.6 What is the role of a CA in X.509?
23.9 What is a public key infrastructure?
Chapter 24
Review questions:
24.2 Define the extended service set.
24.3 List and Briefly define IEEE 802.11 services
24.6 What security areas are addressed by IEEE 802.11i?
24.7 Briefly describe the four IEEE 802.11i phases of operation.
Problems:
24.1 In IEEE 802.11, open system authentication simply consists of two communications. An authentication is requested by the client, which contains the station ID (typically the MAC address). This is followed by an authentication response from the AP/router containing a success or failure message. An example of when a failure may occur is if the client’s MAC address is explicitly excluded in the AP/router configuration.
a. What are the benefits of this authentication scheme?
b. What are the security vulnerabilities of this authentication scheme?
Chapter 25
Review questions:
25.5 What do the permissions “read,” “write” and “execute” mean when applied to directories?
25.8 What effect does “setgid” have on directories? On files?
25.12 What is a rootkit? Why are they hard to detect?
Problems:
25.2 Why are system permissions so important in the Linux DAC model? How do they relate or map to the concept of “subject-action-object” transactions?
Chapter 26
Review questions:
26.1 What are the two kinds of ACLs in Windows, and what does each do?
26.2 On Windows, which privilege overrides all ACL checks, and why?
26.8 Why does XBox Live use only IPSec and not IPv4?
Problems:
26.1 Paig’s (simplified) token looks like this:
User: FOOCorpPaigeH
Groups: Everyone
Authenticated Users
Developers
Her word processor attempts to open a file for RWX access, and the file has the following ACL: Administrators: Full Control
Authenticated Users: RW
Developers: RWD
Will Paige be granted access to the object? Why or why not?
3. Practical Assignment:
3.1 Use your web browser and visit the following website: https://nova.zoom.us/. Examine the details of the digital certificate used by the website. This is usually accessible by selecting the padlock symbol. Referring to Figure 23.3 (“X.509 Formats”) of the textbook, answer the following questions with details.
3.1.1 Identify the key elements in the certificate, including the owner’s name and public key, its validity dates, the name of the CA that signed it, and the type and value of signature.
3.1.2 State whether this is a CA or end-user certificate, and why.
3.1.3 Indicate whether the certificate is valid or not, and why.
3.1.4 State whether there are any other obvious problems with the algorithms used in the certificate.
Repeat the same process and answer the same set of questions shown above by visiting https://revoked-ecc-ev.ssl.com/.
(10 points)