1) In conducting security testing on the Alexander Rocco network, you have found that the company configured one of its Windows Server 2016 computers as an enterprise root CA server. You have also determined that Ronnie Jones, the administrator of the CA server, selected MD5 as the hashing algorithm for creating digital signatures.Based on this information, write a one-page report explaining possible vulnerabilities caused by signing certificates with MD5. The report should cite articles about MD5 weaknesses and include recommendations from Microsoft about using MD5 in its software.

Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
icon
Related questions
Question

1) In conducting security testing on the Alexander Rocco network, you have found that the company configured one of its Windows Server 2016 computers as an enterprise root CA server. You have also determined that Ronnie Jones, the administrator of the CA server, selected MD5 as the hashing algorithm for creating digital signatures.Based on this information, write a one-page report explaining possible vulnerabilities caused by signing certificates with MD5. The report should cite articles about MD5 weaknesses and include recommendations from Microsoft about using MD5 in its software.

2) After conducting research for Case Project 12-1, you have gathered a lot of background about the release of information on hashing algorithms. Articles on vulnerabilities of SHA-1, MD4, and MD5 abound. The proliferation of programs for breaking DVD encryption codes and the recent imprisonment of an attacker who broke Japan’s encryption method for blocking certain images from pornographic movies have raised many questions on what’s moral or legal in releasing information about hashing algorithms.Based on this information, write a one- to two-page report addressing moral and legal issues of releasing software or code for breaking these algorithms. Your paper should also answer these questions:Should people who are able to break a hashing algorithm be allowed to post their findings on the Internet?Do you think the reporters of the DVD (DeCSS) crack were exercising their First Amendment rights when including the source code for breaking the DVD encryption key in an article? What about displaying the source code on a T-shirt? As a security professional, do you think you have to abide by a higher standard when sharing or disseminating source code that breaks hashing algorithms? Explain.

3) After a security breach in which important corporate secrets were lost, the Alexander Rocco Corporation hired you to conduct a security test and offer recommendations for preventing future attacks. Computer forensics specialist Nathan Rosswog has informed you that the hackers got in by compromising a Web site many employees visit; this attack installed Trojan code on users’ workstations by using a drive-by download. Because the company’s antivirus software didn’t detect the code on workstations, attackers were able to launch reverse Telnet command shells and upload confidential documents to hacker-controlled Web sites. To do this, they used a port that allowed outbound HTTPS traffic through the company firewall.Based on this information, write a brief report on your recommendations for configuring or revamping the network to defend against these types of threats. The report should give specific examples of how to secure the network, but not rely on a single type of network protection system, and make hardware recommendations, if needed.

4)You receive a frantic call from the system administrator of the Alexander Rocco network, JW Tabacchi. He tells you he has identified several intrusion attempts from sources over the Internet. You’re not sure if the hackers have gained access to the internal network. First, based on the tools described in this chapter and some of the techniques you’ve learned in this book, write a one-page report about the things you might look for to identify an attacker or a compromised host on your network.Second, make some recommendations on how you might instrument the network with network protection systems to better detect and prevent compromises in the future.

Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 2 steps

Blurred answer
Knowledge Booster
Encryption and Decryption
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education