Software Security Assignment : Arizona State University

3118 Words13 Pages
SOFTWARE SECURITY ASSIGNMENT Submitted by – Mukthadir H. Choudhury ASU Id: 1207597049 In-Class (74133) 1. Arizona State University has a campus-wide 802.1X wireless network. (a) Explain the authentication techniques used by ASU, if any. Solution: Arizona State University uses the authentication technique PEAP (MSCHAP v2). The authenticated technique based on Protected Extensible Authentication Protocol Microsoft Challenge Handshake Authentication Protocol version 2 is much more secure as it uses user credentials i.e. username and password which are stored in Active Directory Domain Services (AD DS) to authenticate all the wireless access clients instead of using user and computer certificates for client authentication. For e.g., if…show more content…
This can be found by searching for the http under protocol and then post method. We will find that the cookies are always encrypted. However, if we consider the ASU network or ASU guest network then packet sniffing is possible. (c) Describe what you would consider to be a typical Internet usage session. What could a potential attacker learn by sniffing this traffic? Solution: A typical internet usage session can be defined as the period of activity between a users logging in to a network till the time he logs out of the network. It involves a sequence of network request - response transactions. All these traffic constitutes a typical internet usage system when done from a single device at one stretch with inactivity time being minimum. For e.g., if someone logs in to ASU wireless network at some time from his device and browses website of his choices for some time and then logs out of the system, then this would be considered as a internet usage system. However, user session for different websites he browsed will be different. For an instance, if he browses amazon website by logging in to his amazon account, then the time he logs out from his account will constitute one user session of the website provided inactivity period during the total time is less and session is not timed out by the website. If a potential attacker can sniff this traffic then he can know the session id, cookies etc. which he can save it somewhere and can easily gain access to the victim’s account
Open Document