?
Solved

Past exam questions (network trace)

Posted on 2006-05-10
1
Medium Priority
?
361 Views
Last Modified: 2010-08-05
Please answerv the following questions:-

http://www.dkeirle.com/images/etheral.jpg

a) The screen shot shown in figure Q4 (see link) depicts a trace of network activity of a web based connection to the University e-mail service. Discuss whether you think this is a secure method of accessing messages, through consideration of the trace.

......

b) Part of the trace shows a Change Cipher Spec activity taking place.    Discuss this and describe what you think further analysis would show if the “Client Hello” information was analysed.

......

c) Discuss the “Server Hello” and subsequent operations, including the contents of the “Application Data”.

......



0
Comment
Question by:lukegriffiths110
1 Comment
 
LVL 5

Accepted Solution

by:
kevinf40 earned 2000 total points
ID: 16649227
Hi

A: I see no reason why using sslv3 is would not be a secure method for retrieving messages - it is acceptable for online banking etc (https).
BUT the trace shows no exchange of certificates thus the client and server have not authenticated themselves with each other.  From the trace I'm not sure it is possible to confirm if the use has had to supply any credentials (such as username and password).  This could just be a trace of accessing an https website without authentication - thus the traffic would be encrypted from someone trying to sniff the connection.  I would say that this is probably not secure enough if the messages are strictly for a specific recipient.  Certainly before ratifying it you would want more information about the process used.

B: Change Cipher Spec is just indicating that the following packets will be sent in the cipher suite that has just been negotiated.
Client Hello provides details of the client Random, which versions of ssl / tls the client supports, requested cipher suite.

C: Server Hello is basically the same as the client hello - accepts the connection and states the server has chosen this version of ssl and this cipher suite.
You then have the encrypted handshake,
change cipher spec - basically saying next message(s) will be encrypted.
Then an encrypted transfer of application data....


This web page has a good explanation and a nice diagram of the process:

http://www.securityfocus.com/infocus/1818

you could also recommend the look to move to using TLS (also known as SSLv3.1).

cheers

K
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question