Question

Your answer should be short and not exceed more than 10 lines in each section.

1.  TCP/IP: Unlike IP fragmentation (which can be done by intermediate devices), IP reassembly can be done only at the final destination. What could be the major problem if IP reassembly is done in intermediate devices like routers? Can you think of one major problem?

2. ARP: Describe or propose way to detect ARP spoofing attack.

3. Remote Access: Suppose you have a computer with Internet connection at home. Files with sensitive information are stored on that computer and you often read and retrieve those files remotely.    For security reason, describe one technology that you can use to access that computer and ensure the data transmission is encrypted.

1. What is the name of the technology? What is the server port number?
2. What is the encrypting method or algorithm used in that technology?

Answer 1

1)

Intermediate routers can fragment an IP datagram or perform additional fragmentation on a fragmented IP datagram but cannot perform IP reassembly (UMUC, 2012). There are a number of reasons for this. Firstly, if router or any other intermediate device were to perform IP reassembly, this would heighten its complexity. Routers, for instance, are dedicated devices that are designed to process a high volume of packets rapidly and since they do not perform reassembly, they can instantly pass on all fragments to their final destination. Attempting to perform IP reassembly in an intermediate device such as a router would require more processing and increase the complexity of the device’s responsibilities. It would also require the device to have to wait for all fragments to be reassembled before the reassembled message can be sent on. This would slow down the device and could lead to a traffic jam. This means that these devices would need more processing resources and storage space in order to handle the fragmentation and reassembly of IP datagrams.

2)

The Address Resolution Protocol is one of the most essential protocols for LAN communication n and is used to resolve a MAC address for a host given its IP address. Because ARP doesn’t use authentication and is stateless, it is easy to spoof ARP packets by impersonating another host on the network. ARP spoofing detection can be accomplished by monitoring ARP Request/Responses on the network and constructing a MAC address to IP address database. If an unauthorized change occurs in the database, an alarm should trigger alerting administrators that an ARP spoofing attack may be underway. ARPWATCH and WireShark are popular tools that can detect ARP spoofing. This passive method of ARP spoofing detection has weaknesses. The time lag between address mappings and subsequent attack detection is a major drawback. If an ARP spoofing attack occurs before the tools starts detecting, the mapping tool will learn the spoofed MAC/IP in the table. The only way to remove a spoofed entry is manually undo it in the MAC/IP database. While effective, this method relies heavily on manual intervention by the network administrator which becomes unreasonable wen talking about thousands of systems, thus impossible to use for large networks.

NOTE: As per Chegg policy, I am allowed to answer only 2 questions (including sub-parts) on a single post. Kindly post the remaining questions separately and I will try to answer them. Sorry for the inconvenience caused.