This homework is due at
the beginning of class 7 on September 26, 2000. Note: K2/3
denotes homework problem 3 from chapter 2 of the class text.
- Compare the advantages and disadvantages of an application-layer
firewall, a filtering router, a stateful firewall and a NAT.
Use the following services as examples:
Name attacks that each type of firewall cannot prevent. Be sure to
justify your answers.
- ftp (active or passive)
- exporting an X session from a server to a client outside the firewall
- Internet telephony
- Find out whether Solaris, HP/UX, AIX, the OS used by Security First Network Bank or NT 4.0
(pick one) are classified according to an Orange Book label. If you
cannot find this information explicitly, use the guidelines in the text
book for an educated guess.
- (K2/1) Random J. Programmer discovers a much faster method of
generating a 64-bit signature for a message using secret key technology.
The idea is to simply encrypt the first 64 bits of the message and use
that as a signature. What's wrong with this idea?
- (K2/2) What's wrong with adding up the words of a message (by
treating each character as an integer) and using the result as a hash of
- (K3/1) Come up with as (space) efficient an encoding as you can to
specify a completely general one-to-one mapping between 64-bit input
values and 64-bit output values.
- (K3/2) Security Dynamics makes
a device that displays a number that changes every 60 seconds. Each
such device has a unique secret key. A human can prove posession of a
particular such device by entering the displayed number into a computer
system. The computer system knows the secret key of each authorized
device. How would you design such a device? (The device should offer
replay prevention and should not allow anybody that happens to glance at
the number or capture it off the Ethernet to gain access.) (10 pts.)
by Henning Schulzrinne