Assignment 7, due Apr 8

Part of the homework for 22C:169, Spring 2005
by Douglas W. Jones
THE UNIVERSITY OF IOWA Department of Computer Science

Always, on every assignment, please write your name legibly as it appears on your University ID and on the class list! All assignments will be due at the start of class on the day indicated, and unless there is what insurance companies call "an act of God" - something outside your control; the only exceptions to this rule will be by advance arrangement.

For those taking the course by video link, assignments may be submitted electronically by E-mail to Rajiv Raman. Please do not use obscure attachment formats! Plaintext E-mail is preferred to HTML, Word, RTF or other even more obscure formats!

  1. Consider the ISO-OSI protocol hierarchy. If one connects two networks through a gateway that serves as an address mapping mechanism, assigning "virtual network addresses" to all machines seen through this gateway, what possible security consequences are there?

  2. When you establish a ssh connection to a remote machine, you and the remote machine must exchange keys somehow. Commonly, when you make your first contact with a remote machine, ssh says "unknown host, add key to public key database?" What vulnerabilities are there in the activity this implies? Would they be any more vulnerable if symmetric key cryptography were used?

  3. When you connecto to a "secure web site", your web browser opens a little dialog box saying that a secure connection has been established, and when you move on to another site, another dialog box tells you that you are leaving the security of that web page. For the sake of example, assume that the web site is an E-commerce site. List two very different classes of attacks that this web site is probably unable to protect you from.

  4. In a directory structure, a "blind path" is a path name of a readable file where where some directories on that path are not readable. For example, on the departmental file server,
      ~/jones/.public-html/security/hw/07.html
    is a blind path. You can open and read the file at the end of that path, but you cannot read most of the directories along the path.

    a) What security benefit is there to creating blind paths?

    b) How can the equivalent of a blind path be created in the context of an internet. Hint: Firewalls are involved.