DEPLOYING A SECURE WEB SERVER LIMITATIONS CHALLEN

DEPLOYING A SECURE WEB SERVER LIMITATIONS CHALLENGES OF DIGITAL CERTIFICATES

The primary theme of the paper is DEPLOYING A SECURE WEB SERVER LIMITATIONS CHALLENGES OF DIGITAL CERTIFICATES in which you are required to emphasize its aspects in detail. The cost of the paper starts from $109 and it has been purchased and rated 4.9 points on the scale of 5 points by the students. To gain deeper insights into the paper and achieve fresh information, kindly contact our support.

 HTTPS and Certificates

For this question you must use virtnet (as used in the workshops) to study HTTPS and certificates.  This assumes you have already setup and are familiar with virtnet. See Moodle and workshop instructions for information on setting up and using virtnet, deploying the website, and testing the website.

 

Your task is to:

    Create topology 5 in virtnet

    Deploy the MyUni demo website on the nodes

    Setup  the  webserver  to  support  HTTPS,  including  obtaining  a  certificate

certificate.pem.

    Capture traffic from the web browser on node1 to the web server that includes a

HTTPS session. Save the file as https.pcap.

    Test and analyse the HTTPS connection.

 

Answer the following sub-questions based on above test and analysis.

 

(a) Submit your certificate certificate.pem and HTTPS traffic capture https.pcap on

Moodle. [3 marks]

 

(b) Draw a message sequence diagram that illustrates the SSL packets belonging to the first TCP connection in the file. Refer to the instructions in assignment 1 for drawing a message sequence diagram, as well as these additional requirements:

 

      Only draw the SSL packets; do not draw the 3-way handshake, TCP ACKs or connection close. Hint: identify which packets belong to the first TCP connection and then filter with “ssl” in Wireshark. Depending on your Wireshark version, the protocol may show as “TLSv1.2”.

      A single TCP packet may contain one or more SSL messages (in Wireshark look inside the packet for each “Record Layer” entry to find the SSL message names). Make sure you draw each SSL message. If a TCP packet contains multiple SSL messages, then draw multiple arrows, one for each SSL message, and clearly label each with SSL message name.

    Clearly mark which packets/messages are encrypted. [3 marks]

 

(c) Based on the capture and your understanding of HTTPS: [0.5 mark each]

 

  1. a. What port number does the web server use with HTTPS?
  2. What symmetric key cipher was used for encrypting the data?
  3. c. What public key cipher was used for exchanging a secret?
  4. What cipher and what hash algorithm are used in signing the web servers certificate?

 

(d) In this task you needed to manually load the CA certificate into the client (lynx web browser). In real networks, this step is not necessary (that is, the web browser user does not have to load the CA certificate – it normally is already loaded). Explain how the

web browser already knows the CA certificate and what limitations there are of this approach? [2 marks]

 

Marking Scheme

 

(a) 3 marks if all required files are submitted and in correct format. 1.5 marks if only 1 file is correct. 0 marks if neither of the files correct.

 

(b) The diagram must have all packets clearly labelled to obtain full marks. Missed messages, incorrect messages or unclear diagram will result in loss of marks.

 

(c) 0.5 mark for each correct answer.

 

(d) 1  mark  for  explaining  how  the  web  browser  knows  certificate,  and  1  mark  for explaining a limitation of this approach.

100% Plagiarism Free & Custom Written, Tailored to your instructions