Scribd
Upload
19 views

Assignment 04 IS 1

The document discusses several topics related to information security including honeypot deployment locations, network intrusion detection system sensor placement, access control matrices, firewall rule configuration, hash function properties, and role-based access control. It contains multiple questions and scenarios related to these topics.

Uploaded by

muhammadshahzaibf20
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views

Assignment 04 IS 1

The document discusses several topics related to information security including honeypot deployment locations, network intrusion detection system sensor placement, access control matrices, firewall rule configuration, hash function properties, and role-based access control. It contains multiple questions and scenarios related to these topics.

Uploaded by

muhammadshahzaibf20
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

NATIONAL UNIVERSITY OF TECHNOLOGY

(Department of Computer Science)


Assignment No. 4

Course Title : Information Security Course code : CS4017


FM Name : Dr. Muhammad Iqbal Time Allowed :
---------------------------------------------------------------------------------------------------------------------------------------------------
Question No 1 (CLO3)
Honeypots can be deployed in a variety of locations. The location depends on a number of factors,
such as the type of information the organization is interested in gathering and the level of risk that
organizations can tolerate to obtain the maximum amount of data. By considering following Figure
illustrate given possibilities of Honeypots deployment

Question No 2 (CLO3)
Consider an organization with multiple sites, each of which has one or more LANs, with all of the networks
interconnected via the Internet or some other WAN technology. For a comprehensive NIDS strategy, one
or more sensors are needed at each site. Within a single site, a key decision for the security administrator

1
is the placement of the sensors. In following Figure, security administrator selected 4 locations for sensor
placement. Discuss each location in context of advantages.

Question No 3 (CLO3)
Design and explain access control matrix by considering following authorization table that contains
subject, access mod and object.

2
Question No 4 (CLO3)
Design and explain access control matrix by considering following authorization table that contains
subject, access mod and object.

Consider the diagram below where a packet filtering firewall (FW1) is running on router R2. The “internal”
networks are on the left of the firewall (that is, connected to interface 1 of router R2). Each IP network is
identified by a letter (e.g. “Network A”), and each host on a particular network is identified by a number
(e.g. “Host A.4”). You can refer to “any” value using * (e.g. “A.*” meaning all hosts on network A). Note that
although only several hosts are shown in the figure, you must assume there may be more hosts than
shown in each network.

For the following scenarios, complete the necessary firewall rules in the table provided. You do not have
to use all table rows, and you can add more rows if necessary. You must use the correct values in the
table (e.g. “*” or “A.4” or “A.*” are valid addresses; a written description is not valid). The default policy in
all cases is DROP. Treat each part independent of other parts. All application protocols in this question
use TCP. The interface numbers are written next to the router in the above figure. Assume Stateful Packet
Inspection (SPI) is used.
a) Allow all internal hosts to connect to all web servers.
b) Allow all hosts on network F to connect to the secure shell (SSH) server on C.7.
c) Allow all hosts on network C, except the two servers (C.3 and C.7), to connect to all email servers.

3
Question No 5 (CLO3)
a) Describe the one-way property of hash functions
b) Describe the weak collision resistance property of hash functions
c) Describe the strong collision resistance property of hash functions
d) The following figure shows a technique for authentication. M is a message sent by node a.
Explain the problem in this scheme if the hash function does not have the weak collision
resistance property (that is, what could a malicious user do and how could they do it?)

Note : this figure is for part d.


Question No 6
A company, TechnoBank, has implemented a Role-Based Access Control (RBAC) system to manage
access to its information systems. The company's organizational structure includes various roles such as
Clerk, Supervisor, Manager, and Director, each with specific responsibilities and access rights. The
access rights are as follows:
Clerk: Can view and process customer transactions.
Supervisor: Has all the rights of a Clerk, plus the ability to approve transactions.
Manager: Has all the rights of a Supervisor, plus the ability to generate reports and manage staff
schedules.
Director: Has all the rights of a Manager, plus access to strategic planning documents and the ability to
modify system configurations.
Scenario:
Alice is a Manager in the Finance Department, and she is responsible for generating financial reports and
managing her team's schedules. Bob is a Clerk in the same department and handles day-to-day
transaction processing. Carol, a Director, oversees the Finance Department and has strategic and
operational control.
Tasks:
Based on the given scenario, identify and describe the role hierarchy at TechnoBank.
If Alice needs temporary access to strategic planning documents for a special project, describe how this
could be managed within an RBAC system without compromising security.
What potential risks could arise if Bob, the Clerk, is mistakenly assigned Manager-level access rights?
How can these risks be mitigated in an RBAC system?
Describe a policy that TechnoBank could implement to ensure that role assignments are regularly
reviewed and updated.

You might also like