Case 1: Determining Vulnerabilities of Wireless Networks
Case 1: Determining Vulnerabilities of Wireless Networks
After conducting a security test on the Alexander Rocco network, you discover that the company has a wireless router configured to issue IP addresses to connecting stations. Vistumbler indicates that channel 6 is active, the SSID is linksys, and WEP is enabled.
Question
a. Based on this information, write a one-page report listing possible vulnerabilities of the WLAN’s current configuration. Your report should include recommendations for improving wireless security.
==============================================================================
Case 2: Maintaining Security on Wireless Systems
Bob Smith, the IT manager at Alexander Rocco, has just purchased a laptop computer. The company has asked you to ensure that privacy and security are maintained on this wireless system.
Question
a. Based on this information, write a one-page report using the information in the OSSTMM, Section E, Wireless Security available at http://www.isecom.org/mirror/OSSTMM.3.pdf. Your report should outline guidelines for ensuring the laptop’s security.
==============================================================================
Case 3: Determining Possible Vulnerabilities of Microsoft CA Root Server
In conducting security testing on the Alexander Rocco network, you have found that the company configured one of its Windows Server 2016 computers as an enterprise root CA server. You have also determined that Ronnie Jones, the administrator of the CA server, selected MD5 as the hashing algorithm for creating digital signatures.
Question
a. Based on this information, write a one-page report explaining possible vulnerabilities caused by signing certificates with MD5. The report should cite articles about MD5 weaknesses and include recommendations from Microsoft about using MD5 in its software.
==============================================================================
Case 4: Exploring Moral and Legal Issues
After conducting research for Case Project 12-1, you have gathered a lot of background about the release of information on hashing algorithms. Articles on vulnerabilities of SHA-1, MD4, and MD5 abound. The proliferation of programs for breaking DVD encryption codes and the recent imprisonment of an attacker who broke Japan’s encryption method for blocking certain images from pornographic movies have raised many questions on what’s moral or legal in releasing information about hashing algorithms.
Question
a. Based on this information, write a one- to two-page report addressing moral and legal issues of releasing software or code for breaking these algorithms. Your paper should also answer these questions:
1. Should people who are able to break a hashing algorithm be allowed to post their findings on the Internet?
2. Do you think the reporters of the DVD (DeCSS) crack were exercising their First Amendment rights when including the source code for breaking the DVD encryption key in an article? What about displaying the source code on a T-shirt?
3. As a security professional, do you think you have to abide by a higher standard when sharing or disseminating source code that breaks hashing algorithms? Explain.