(a) Distinguish between a passive attack and an active attack, giving two (2) examples of each. [6 marks]
(b) List four (4) fundamental security design principles and briefly explain each in one sentence. [6 marks]
(c) According to the model for network security, name the four (4) design tasks required to achieve a security service. [3 marks]
(a) A passive attack attempts to learn or make use of information from the system but does not affect system resources — it involves eavesdropping only, with no alteration of data, and is hard to detect (best countered by encryption). Examples: release of message contents; traffic analysis.
An active attack attempts to alter system resources or affect their operation. Examples (any two): masquerade — pretending to be a different entity; replay — capturing and retransmitting data later; modification of messages; denial of service.
(b) Any four of:
- Economy of mechanism — keep the design as simple and small as possible.
- Fail-safe defaults — base access decisions on permission rather than exclusion.
- Complete mediation — every access to every object must be checked, not cached.
- Least privilege — every process should operate using the minimum privileges necessary.
- Separation of privilege — multiple privilege attributes should be required to access a restricted resource.
- Psychological acceptability — security mechanisms should not make the resource harder to use.
(c) 1. Design an algorithm for the security transformation the opponent cannot defeat. 2. Generate the secret information to be used with the algorithm. 3. Develop methods for the distribution and sharing of the secret information. 4. Specify a protocol using the algorithm and secret information to achieve the security service.
Ref: Topic 1.3, 1.6, 1.8 — Stallings 7th ed. pp. 21–43
Transport Layer Security (TLS) is not a single protocol but rather two layers of protocols above TCP.
(a) Write the four (4) phases of the TLS Handshake Protocol, in order. [4 marks]
(b) Explain what happens during Phase III of the Handshake Protocol. [6 marks]
(c) Given the cipher suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, name what each component represents. [4 marks]
(d) State the currently recommended version of TLS. [2 marks]
(a) Phase I — Establish security capabilities; Phase II — Server authentication and key exchange; Phase III — Client authentication and key exchange; Phase IV — Finish.
(b) Phase III = Client authentication and key exchange. If the server requested a certificate, the client begins by sending a certificate message. Next the client sends the client key exchange message (its content depends on the type of key exchange in use). Finally, the client may optionally send a certificate verify message to provide explicit verification of a client certificate.
| Component | Meaning |
|---|---|
| TLS | Protocol |
| ECDHE | Key exchange algorithm (Elliptic Curve Diffie–Hellman Ephemeral) |
| RSA | Authentication algorithm |
| AES_128_GCM | Encryption algorithm |
| SHA256 | Hash (MAC) algorithm |
(d) TLS 1.3.
Ref: Topic 2.2.5, 2.2.8 — 2024 & 2022 past paper style questions
Consider the simple authentication protocol below:
C → AS : IDC || PC || IDV
AS → C : Ticket
C → V : IDC || Ticket
Ticket = E(KV, [IDC || ADC || IDV])
(a) Draw / describe the message flow, labelling each arrow with its content. [4 marks]
(b) List three (3) security issues with this protocol. [6 marks]
(c) Describe the technique Kerberos uses to distribute session keys securely. [7 marks]
(a) Three labelled messages, in sequence:
1. C → AS : IDC || PC || IDV
2. AS → C : Ticket
3. C → V : IDC || Ticket
(b) Any three:
- We would like to minimise the number of times a user has to enter a password.
- The password is transmitted in the clear — an eavesdropper could capture it and use any service accessible to the victim.
- The ticket itself could be captured and used later in a replay attack.
(c) Kerberos uses a trusted third party (the Authentication Server / Ticket-Granting Server) to establish session keys between two parties without ever exposing the key in the clear. Each session key is encrypted using the corresponding party's own secret key before transmission, so only the intended holder of that secret key can recover it — e.g. in the AS exchange, Tickettgs = E(Ktgs, [Kc,tgs||IDC||ADC||IDtgs||TS2||Lifetime2]) is encrypted with the TGS's own key, while the client receives its copy of Kc,tgs encrypted under its own key Kc. This means the KDC distributes the same session key to both parties without either party (or an eavesdropper) ever seeing it in plaintext.
Ref: Topic 3.3.1, 3.3.3 — 2023 & 2024 past papers
(a) Explain, step by step, the flow of processing an outbound IP packet under IPSec (SPD → SAD → forwarding). [8 marks]
(b) In IP Security, what is the purpose of the Security Parameter Index (SPI)? [3 marks]
(c) Name the two (2) protocols defined under IP Security and describe each in one sentence. [4 marks]
(d) Name three (3) VPN implementation technologies that do not provide confidentiality on their own. [3 marks]
(a) An outbound IP packet first triggers a search of the Security Policy Database (SPD) using the packet's selectors. If no match is found, the packet is discarded. If a match is found, the policy determines the action: DISCARD (drop the packet), BYPASS (forward without IPSec processing), or PROTECT. If PROTECT, the Security Association Database (SAD) is searched for a matching SA. If a matching SA is found, the packet is processed using AH/ESP and forwarded via IP. If no matching SA exists, IKE is invoked to negotiate a new SA before processing continues.
(b) The SPI is used to identify a Security Association (SA), together with the destination IP address and the security protocol identifier.
(c) AH (Authentication Header) — an authentication-only protocol, identified by its own header. ESP (Encapsulating Security Payload) — a combined encryption and authentication protocol, identified by the packet format for that protocol.
(d) MPLS, GRE tunnels, L2TP (L2TP requires IPSec to add security).
Ref: Topic 4.2–4.3 — 2024 past paper Q4(a)/(b), 2022 Q4(b)(iii)
(a) List the four (4) types of firewalls and describe the core functionality of the Packet Filtering Firewall. [6 marks]
(b) Briefly describe the role of a Bastion Host in a DMZ. [4 marks]
(c) In a standard DMZ diagram, traffic flows: Internet → A → B → C → (DMZ servers) → D → E → internal network. Identify components A–E. [5 marks]
(d) Give the Ubuntu (UFW) command to allow traffic through port 443. [1 mark]
(a) Packet Filtering Firewall, Stateful Inspection Firewall, Application-Level Gateway, Circuit-Level Gateway. The Packet Filtering Firewall applies a set of rules to each incoming and outgoing IP packet (based on source/destination IP, protocol, port number) and forwards or discards the packet accordingly.
(b) A bastion host is a system identified by the firewall administrator as a critical strong point in the network's security. It serves as the platform for an application-level or circuit-level gateway, and is hardened against attack since it is directly exposed.
(c) A = Boundary router, B = External firewall, C = LAN switch (leading into the DMZ), D = Internal firewall, E = LAN switch (leading into the internal protected network).
(d) sudo ufw allow 443
Ref: Topic 5.6–5.8 — 2022 Q1(a)(b)(c)(d), 2024 Q1(d)
(a) List the five (5) main components of the Internet Mail Architecture. [5 marks]
(b) Describe the flow of an email from author to recipient through these components. [6 marks]
(c) Explain how DKIM verifies the authenticity of an email, naming the key parties involved (Signer, Verifier, DNS). [6 marks]
(a) Message User Agent (MUA), Mail Submission Agent (MSA), Message Transfer Agent (MTA), Mail Delivery Agent (MDA), Message Store (MS).
(b) The message author's MUA submits the message via ESMTP to the MSA, which passes it to an MTA. The message may hop across one or more MTAs (via SMTP) until it reaches the recipient's MTA, which hands it to the MDA. The MDA deposits the message in the Message Store (MS), from which the recipient's MUA retrieves it using IMAP or POP.
(c) DKIM lets the sending domain cryptographically sign outgoing mail using its private key — this is done by the Signer (typically at the MSA/MTA of the mail origination network). The signed message travels via SMTP through MTA(s) to the recipient's Verifier (at the MDA). The Verifier performs a DNS public-key query to the sending domain to fetch the corresponding public key, and uses it to check the signature before the mail is delivered (via POP/IMAP) to the recipient's MUA. This confirms the message genuinely originated from the claimed domain and was not altered in transit.
Ref: Topic 6 — 2023 Q2(a)(b), 2024 Q1(e)
(a) Accidental association is one wireless security threat. List four (4) other wireless security threats. [4 marks]
(b) Explain why an ad hoc network poses a security risk. [4 marks]
(c) Mention three (3) measures that can be used to reduce threats to wireless networks. [3 marks]
(d) List the five (5) phases of 802.11i (RSN) operation, in order. [4 marks]
(a) Any four of: Malicious association, Ad hoc networks, Nontraditional networks, Identity theft (MAC spoofing), Man-in-the-middle attacks, Denial of service (DoS), Network injection, Eavesdropping, Unauthorized access.
(b) An ad hoc network is a peer-to-peer wireless network formed between devices with no access point between them. Because there is no central point of control, such networks can pose a security threat — there is no central authority enforcing authentication or monitoring the connections between devices.
(c) Any three of: use encryption; use antivirus/antispyware software and a firewall; turn off SSID broadcasting; change the router's default administrative password; reduce signal strength to the minimum needed coverage; allow only specific (authorized) devices via MAC address filtering.
(d) 1. Discovery — AP advertises its 802.11i security policy via Beacon/Probe Response. 2. Authentication — station and authentication server mutually prove identity. 3. Key generation and distribution. 4. Protected data transfer. 5. Connection termination.
Ref: Topic 7.1, 7.4 — 2022 Q1(a)(b)(c)
(a) Name three (3) essential characteristics of cloud computing. [3 marks]
(b) List and briefly describe the four (4) deployment models of cloud computing. [6 marks]
(c) "Abuse and nefarious use" is a threat to cloud security. Briefly describe it and give two (2) countermeasures. [6 marks]
(d) Describe how encryption can be used in a cloud environment to protect a database, in terms of who holds the keys. [3 marks]
(a) Any three of: Broad network access, Rapid elasticity, Measured service, On-demand self-service, Resource pooling.
(b)
- Public cloud — available to the general public or a large industry group, owned by a cloud service provider; the provider controls both the infrastructure and the data/operations.
- Private cloud — operated solely for one organization, on- or off-premise; the provider is responsible only for the infrastructure, not the control.
- Community cloud — shared by several organizations with common concerns (mission, security, compliance).
- Hybrid cloud — a composition of two or more clouds (private/community/public) bound together by technology enabling data and application portability (e.g., cloud bursting).
(c) Because registration for many cloud services is easy and sometimes free, attackers can get inside the cloud to conduct attacks such as spamming, malicious code distribution, or denial of service. Countermeasures (any two): stricter initial registration and validation processes; enhanced credit-card fraud monitoring/coordination; comprehensive introspection of customer network traffic; monitoring public blacklists for one's own network blocks.
(d) The cloud user performs data encryption/decryption through the data owner's APIs, and the cryptographic keys are maintained at the data owner's own infrastructure — not within the cloud itself — so the cloud provider never has access to the key or the plaintext data.
Ref: Topic 8.1–8.3 — 2022 Q2(a)–(e)
(a) Distinguish between an audit and an assessment (any three points of difference). [6 marks]
(b) COBIT5 is a widely used IT governance framework. Write the five (5) COBIT5 principles. [5 marks]
(c) List four (4) activities relating to security-control improvement that require the information provided by a security assessment. [6 marks]
(a) Any three contrasts:
| Audit | Assessment |
|---|---|
| Independent evaluation (mandatory) | May or may not be independent |
| Rigorous, standardized approach; auditors must be qualified | Flexible approach |
| Can lead to certification | No certification |
| Concerned with past performance | Considers past and expected performance |
(b) 1. Meeting stakeholder needs. 2. Covering the enterprise end-to-end. 3. Applying a single integrated framework. 4. Enabling a holistic approach. 5. Separating governance from management.
(c) Any four of:
- Identify weaknesses within the controls implemented on information systems.
- Confirm that previously identified weaknesses have been remediated or mitigated.
- Prioritize further decisions to mitigate risks.
- Provide assurance / confidence that effective controls are in place and associated risks are accepted and authorized.
- Provide support and planning for future budgetary requirements.
Ref: Topic 9.1.4, 9.2 — 2023 Q3(d), Q4(c)
(a) IT infrastructure can be categorised into seven (7) domains. Name all seven. [5 marks]
(b) Briefly explain the User Domain. [3 marks]
(c) List the six (6) stages of the Vulnerability Assessment (VA) process, in order. [6 marks]
(d) Name two (2) network auditing/assessment tools and state what each is used for. [3 marks]
(a) User Domain, Workstation Domain, LAN Domain, LAN-to-WAN Domain, WAN Domain, Remote Access Domain, System/Application Domain.
(b) The User Domain covers the end users of the systems, including how they authenticate into the systems, and controls such as separation of duties, privilege levels, confidentiality agreements, background checks, and security training.
(c) Scoping → Reconnaissance → Scanning → Vulnerability Analysis → Filtering False Positives → Scoring, Categorization & Reporting.
(d) Nmap — network exploration and security auditing (port/service discovery). Wireshark — packet analyzer used for troubleshooting, security checks, and protocol debugging.
Ref: Topic 10.1.2, 10.3 — 2023 Q2(d)(e)