Assignment Details and Submission Guidelines
Unit Code BN203
Unit Title Network Security
Assignment Type Assignment #01 (Individual)
Assignment Title Kerberos
Purpose of the assignment (with ULO Mapping) After completing this assignment, student’s should be able to:
- Discuss common threats and attacks on networked information systems
- Identify network threats
- Explain major methodologies for secure networks and threats they address
Total Marks 30
Word limit 1000 - 1500
Due Date 7 31st August, 2017
Submission Guidelines ? All work must be submitted on Moodle by the due date along with a “Title Page”.
? The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2.54 cm margins on all four sides of your page with appropriate section headings.
? Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using IEEE referencing style.
Extension ? If an extension of time to submit work is required, a Special Consideration Application must be submitted directly to the School's Administration Officer, in Melbourne on Level 6 or in Sydney on Level 7. You must submit this application three working days prior to the due date of the assignment. Further information is available at:
? Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at: http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure For further information, please refer to the Academic Integrity Section in your Unit Description.
Kerberos is an authentication service developed as part of project Athena at MIT. Motivation behind Kerberos is that if a set of users is provided with dedicated personal computers that have no network connections, then a user's resources and files can be protected by physically securing each personal computer. When these users instead are served by a centralized time-sharing system, the time-sharing operating system must provide the security. The operating system can enforce access control policies based on user identity and use the logon procedure to identify users.
Today, neither of these scenarios is typical. More common is a distributed architecture consisting of dedicated user workstations (clients) and distributed or centralized servers. In this environment, three approaches to security can be envisioned:
? Rely on each individual client workstation to assure the identity of its user or users and rely on each server to enforce a security policy based on user identification (ID).
? Require that client systems authenticate themselves to servers, but trust the client system concerning the identity of its user.
? Require the user to prove his or her identity for each service invoked. Also require that servers prove their identity to clients.
“William Stallings, Cryptography and Network Security: Principles and Practice, Sixth Edition”
In a small, closed environment, in which all systems are owned and operated by a single organization, the first or perhaps the second strategy may suffice. But in a more open environment, in which network connections to other machines are supported, the third approach is needed to protect user information and resources housed at the server.
Prepare a report which should include the following:
1) Discuss in detail what problems was Kerberos designed to address in a network of trusted client systems.
2) Explain atleast four threats associated with user authentication over a network or internet and how Kerberos can mitigate it.
3) Using any networking diagram software, draw a full-service Kerberos environment diagram with detailed description of the architecture.
4) Justify in your own words, how this diagram satisfy security objectives of confidentiality, integrity and authentication.
5) List and explain atleast five major differences between version 4 and version 5 of Kerberos.
6) Briefly discuss, what type of organisations should use Kerberos and why?
Aspects Description of the section Marks
Identification of problems Correctly identifying, appropriateness to topis 5
Security threats Description and justification 5
Complete diagram Complete Diagram, Design, Detailed Description 10
Differences Between Version 4 and 5 5
Identification Type of Organisations 3
Reference Style Proper referencing is required 2
24 – 30 D
21 – 23.9 C
18 – 20.9 P
15 – 17.9 Fail
Excellent Very Good Good Satisfactory Unsatisfactory
Identification Identified problems and covered in depth. Problems are relevant and soundly analysed. Generally relevant and analysed. Some relevance and briefly presented. This is not relevant to the assignment topic
Security Threats Demonstrated excellent ability to justify security threats critically in detail Demonstrated excellent ability to justify security threats critically but not in detail Demonstrated good ability to justify security threats critically in general Demonstrated good ability to justify security threats but not completely related to topic Did not demonstrated ability to justify security threats critically
Complete Diagram, Design, Detailed Description
A well expressed and comprehensive explanation has been provided to justify the design. A brief explanation has been provided to justify the design. A limited explanation has been provided to justify the design. Explanation does not adequately provide justification of the design Explanation does not provide justification of the design
Excellent use of creditable sources to justify differences answer. Extremely good effort to justify answer. Good effort made but not outstanding Made some effort but not from creditable sources Lazy effort with inaccuracies of justification not related to topic
Reference style Clear styles with excellent source of references. Clear referencing style Generally good referencing style Sometimes clear referencing style Lacks consistency with many errors
Penalties for Late Submission
Late assignments will be penalised at the rate of 10% per day.
That is, an assignment is marked out of 90% for 1 day late, 80% for 2 days late, etc. and after 5 working days assignments will attract zero marks.