UNIVERSITY EXAMINATIONS: 2021/2022
EXAMINATIONS FOR THE DEGREE OF BACHELOR OF SCIENCE IN
APPLIED COMPUTING
BAC 3118: NETWORK SECURITY
FULL TIME/PART TIME
DATE: DECEMBER, 2021 TIME: 2 HOURS
INSTRUCTIONS: Answer QUESTION ONE AND ANY OTHER TWO questions.
QUESTION ONE – COMPULSORY [20 MARKS]
a) Discuss any five countermeasures to footprinting. 5 Marks
b) Discuss any five recent OWASP Top Ten Web Application Security Risks. 5 Marks
c) Discuss in detail the phases involved in Vulnerability Management. 6 Marks
d) Discuss any four characteristics of Advanced Persistent Threats. 4 Marks
QUESTION TWO [15 MARKS]
a) Describe any indications of:
(i) Network intrusion 2 Marks
(ii) System intrusion 2 Marks
b) (i) What is a honeypot? 1 Mark
(ii) Describe any three types of honeypot. 3 Marks
c) Discuss how you can defend against firewall evasion. 7 Marks
QUESTION THREE [15 MARKS]
a) Explain any four ways in which cryptographic algorithms are compromised.
4 Marks
b) The use of cryptography facilitates the provision of a secure service. Many of the disjointed
situations represent scenarios that the man in the street encounters almost every day, but probably
does not appreciate either the security risks or the role played by encryption. In this particular case
we focus on a cash withdrawal from an ATM machine.
(i) When someone makes a cash withdrawal from an Automated Telling Machine
(ATM), they need to produce a plastic, magnetic stripe card and have knowledge of the
associated PIN. The customer places their card in the ATM slot and enters their PIN. They
then enter the amount requested for withdrawal. In a typical transaction, what does the
system need to check? 2 Marks
(ii) The ATM sends the card details and PIN to the host computer, and the response
message either authorizes the transaction or refuses it. Clearly these communications need
protection. Although the amount of a withdrawal may not be secret, what is important about
the amount dispensed at the machine? 1 Mark
(iii) Banks are understandably nervous about the possibility of an ATM paying out on
the same positive response message more than once. What is required in this regard?
1 Mark
(iv) All banks instruct their customers to keep their PINs secret as anyone who knows
the correct PIN can use a stolen or lost card. Clearly the banks must ensure that the PIN is
not compromised within their system and so the PIN is encrypted during transmission and
on the database that is used for checking the validity of the PIN. The algorithm used for
this process is DES in ECB mode. Since DES encrypts 64-bit blocks and PINs are,
typically, only four digits, how do they ensure that the block is properly encrypted?
1 Mark
(v) How do they ensure that anyone who gains access to encrypted PIN blocks would
be able to identify customers who share the same PINs? 2 Marks
c) Explain how the Key Distribution Centre (KDC) works. 4 Marks
QUESTION FOUR [15 MARKS]
a) Discuss any six Wireless LAN (WLAN) attacks. 6 Marks
b) Discuss how you would defend against wireless attacks in terms of best practices for
configuration, SSID settings and authentication. 9 Marks