• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 379
  • Last Modified:

Past exam questions (network trace)

Please answerv the following questions:-

http://www.dkeirle.com/images/etheral.jpg

a) The screen shot shown in figure Q4 (see link) depicts a trace of network activity of a web based connection to the University e-mail service. Discuss whether you think this is a secure method of accessing messages, through consideration of the trace.

......

b) Part of the trace shows a Change Cipher Spec activity taking place.    Discuss this and describe what you think further analysis would show if the “Client Hello” information was analysed.

......

c) Discuss the “Server Hello” and subsequent operations, including the contents of the “Application Data”.

......



0
lukegriffiths110
Asked:
lukegriffiths110
1 Solution
 
kevinf40Commented:
Hi

A: I see no reason why using sslv3 is would not be a secure method for retrieving messages - it is acceptable for online banking etc (https).
BUT the trace shows no exchange of certificates thus the client and server have not authenticated themselves with each other.  From the trace I'm not sure it is possible to confirm if the use has had to supply any credentials (such as username and password).  This could just be a trace of accessing an https website without authentication - thus the traffic would be encrypted from someone trying to sniff the connection.  I would say that this is probably not secure enough if the messages are strictly for a specific recipient.  Certainly before ratifying it you would want more information about the process used.

B: Change Cipher Spec is just indicating that the following packets will be sent in the cipher suite that has just been negotiated.
Client Hello provides details of the client Random, which versions of ssl / tls the client supports, requested cipher suite.

C: Server Hello is basically the same as the client hello - accepts the connection and states the server has chosen this version of ssl and this cipher suite.
You then have the encrypted handshake,
change cipher spec - basically saying next message(s) will be encrypted.
Then an encrypted transfer of application data....


This web page has a good explanation and a nice diagram of the process:

http://www.securityfocus.com/infocus/1818

you could also recommend the look to move to using TLS (also known as SSLv3.1).

cheers

K
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now