polimd/Computer Security/lesson_16.md

Computer Security - lesson 16

Federico Maggi

9 June 2016

Network Security / SSL

exercize: Try to write the firewall rules for a DMZ multizone architecture

VPN Networks

A VPN can act in two modes:

• Full tunnelling: all the traffic of the client is tunnelled through the VPN
• Split tunnelling: only the connections towards the corporate network are routed through the VPN.

The full tunnelling wastes more bandwidth but instead the split tunnelling creates a bridge between an unprotected network and a protected one.

Exam Preparation

Ex. 1 True or False statements

• RSA 2048 is more robust to bruteforcing than 256 AES False, we can not compare directly an asymmetric RSA and symmetric AES

• No encryption algorithm is perfect, as they are all vulnerable to bruteforcing False, because OneTimePad is invulnerable to bruteforcing because every cyphertext decrypts to every possible plaintext

• An encryption algorithm is broken if there is a way to get the secret by using the cyphertext False, an algorithm is broken if there is an attack significantly faster than bruteforcing.

Ex. 2 To avoid Buffer overflow we can

• Use a secured version of the gets() like read() specifying number of bytes to read
• Use a for cycle to read char by char
• Use a scanf() specifying %15c

Ex.3 Assuning IA-32, why must we split the content to be written in the target cell in 2, 2-bytes chunks? Because %c allows to print up to 64K chars (16bits)

The printf is vulnerable only in the case that the format string is variable and can be used to write an exploit, if it is fixed in the source code, it cannot be exploited.

Ex.4 on SQL injections

Ex.5 ICMP Smurf attack