Network Security and Cryptography

2 March 2016

Marking Scheme
This marking scheme has been prepared as a guide only to markers. This is not a set of
model answers, or the exclusive answers to the questions, and there will frequently be
alternative responses which will provide a valid answer. Markers are advised that, unless a
question specifies that an answer be provided in a particular form, then an answer that is
correct (factually or in practical terms) must be given the available marks.

If there is doubt as to the correctness of an answer, the relevant NCC Education materials
should be the first authority.

Throughout the marking, please credit any valid alternative point.

Where markers award half marks in any part of a question, they should ensure that
the total mark recorded for the question is rounded up to a whole mark.
 Answer ALL questions

Marks
Question 1

a) Briefly explain what is meant by the term encryption with reference to key and 3
algorithm.
Encryption is the process of converting readable clear-text/plain-text using
an algorithm and a key (1 mark) to cipher-text (1 mark) which is an
obscured / unrecognisable form (1 mark).

b) ‘For successful encryption, it is important that the key and algorithm must be kept 2
secret’. Is this statement valid or misleading?
The Algorithm does not have to be kept secret, (1 mark) but in symmetric-
key cryptography the key must be kept secret (1 mark)

c) Cryptanalysis is the art or process of deciphering coded messages without being

told the key. A form of Cryptanalysis is the Brute Force Attack.

i. Briefly explain how a Brute Force Attack works. 2

In a Brute Force Attack every possible key is tried until correct
translation (1 mark) of the encrypted text into plaintext is obtained (1
mark)
ii. With the use of an example, outline the effect of different key sizes in 3
relation to a Brute Force Attack.
The length of the key is a factor in determining how difficult it will be
to decrypt the text in a given message as longer keys have more
combinations (1 mark), and thus takes more time (1 mark). Award 1
mark for an appropriate example (example should provide time given
a decryption rate to illustrate difference).

Total: 10 Marks

Page 2 of 13
Network Security and Cryptography © NCC Education Limited 2016
 Marks
Question 2

a) Public Key Infrastructure (PKI) is a security architecture that has been introduced 5
to provide an increased level of confidence for exchanging information. E-
Commerce makes use of Public Key Infrastructure using TLS when you make a
purchase.

Spell out the acronym TLS and explain how a browser uses TLS to ensure that
the E-commerce server is authentic and not a spoof website.

Award 1 mark for each bullet point up to a maximum of 5 marks:

 TLS: Transport Layer Security.

 The browser makes an HTTPS connection to the web server
 The web server sends its Digital Certificate to the browser.
 The browser checks the validity of the Digital Certificate.
 This is with trusted 3rd party (Certificate Authority) that the DC was
issued to an identity that the issuing CA is willing to vouch for.

b) PKI uses ‘Public Key Cryptography’ rather than ‘Symmetric Key Cryptography’. 1
Explain the weakness of Symmetric Key cryptography that Public Key
Cryptography overcomes.
The problem of securely distributing the secret (Symmetric Key).

c) Alice wants to send a secure message to James. Describe how Alice would use 2
Public Key Infrastructure to send a send a secure message to James.
Alice encrypts her message with James’s Public Key and transmits it to
James. (1 mark). James decrypt with his Private Key. (1 mark)

d) Public Key encryption has limitations. What is the disadvantage of Public Key 1
encryption compared to Symmetric Key encryption?
PK is much slower than Symmetric

e) How can Public and Symmetric Key encryption be combined to overcome the 1
disadvantage you identified in part (d)?
Overcome by using PK to exchange Symmetric Key then use Symmetric
encryption for speed.

Total: 10 Marks

Page 3 of 13
Network Security and Cryptography © NCC Education Limited 2016
 Marks
Question 3

a) You are the IT manager of a company that provides laptop PCs to its sales 4
employees. You are concerned about the security implications. This is because
the sales staff can store sensitive data on their laptop PCs and then use them for
email.

Identify TWO (2) risks to data on a laptop PC and briefly explain how each risk
can compromise the confidentiality, integrity or availability of the data.
The maximum number of marks awarded to this question is 4. Award 1
mark for identifying a threat and 1 mark for a correct explanation of the CIS
issue. Examples include:

 Malware (Such as viruses and Trojans) can collect and transmit

company confidential data, contacts etc. Malware can modify data on
the PC (integrity).
 Loss of the PC through theft or carelessness can impact availability
of the PC, and confidentiality of data on the PC
 Vulnerabilities in the OS or application.

b) You decide to address these security issues. State THREE (3) methods that you 6
can use to secure data on the PC and explain how each of your measures can
reduce the risk of a security breach.
The maximum number of marks awarded to this question is 6. Award 1
mark for stating a method and 1 mark for a correct explanation of how it
reduces a security breach. Examples include:

 Install anti-malware and ensure it is automatically updated and

schedule of scans to reduce risk of malware infection
 Employ disk encryption such as Bitlocker which uses AES to encrypt
the volume, so loss of the PC does not compromise confidentiality of
data.
 Employ file encryption or file passwords to reduce the risk of
confidentiality / integrity compromise.
 Ensure automatic updates for Windows/ Application software to
remove vulnerabilities when patched.

Total: 10 Marks

Page 4 of 13
Network Security and Cryptography © NCC Education Limited 2016
 Marks
Question 4

a) When you are receiving important information over email, non-repudiation is 1

essential. Briefly explain what is meant by the term non-repudiation.
Non-repudiation is the assurance that someone cannot deny something.

b) Explain in detail how non-repudiation is achieved in email systems that employ 7

OPenPGP.

It is achieved using a Digital Signature (1 mark) A digital code (generated

and authenticated by public key encryption) which is attached to an
electronically transmitted document to verify its contents and the sender's
identity. (1 mark) The message is hashed with agreed algorithm) to form a
message digest. (1 mark) The message digest is encrypted with the
sender’s private key. (1 mark) The encrypted message digest is the
signature which is added to the message and sent. (1 mark) The recipient
computes the message digest and also decrypts the signature with the
sender’s public key. (1 mark) The recipient compares the MD with the
decrypted signature if they match the message has not been tampered
with. (1 mark)

c) Digital Certificates are important in this process. Explain the purpose of a Digital 2
Certificate and outline how you would obtain this certificate.

A Digital Certificate is a document that binds your public key to an identity

that the issuing Certification Authority (CA) is willing to vouch for. (1 mark)

Award a further mark for any of the following points:

Digital certificates can be self-generated, but these do not provide

authentication. (1 mark). Most commonly you will have to approach a
Certificate Authority (CA) (1 mark)

Total: 10 Marks

Page 5 of 13
Network Security and Cryptography © NCC Education Limited 2016
 Marks
Question 5

a) Passwords are still the most common method of user authentication. State FOUR 4
(4) problems of using passwords.

Award 1 mark for each bullet point up to a maximum of 3 marks:

• Short passwords
• Predictable passwords
• Reuse of passwords
• Writing down passwords
 Key loggers

b) Multi-factor authentication is now becoming more common. Briefly explain what is 4

meant by multi-factor authentication and provide ONE (1) example of it.

Award up to 2 marks for the explanation:

An identity is verified and authenticated using more than one verification

method. It typically involves something you possess (1 mark) and
something that you know (1 mark).

Award up to 2 marks for the example:

An example is a bank card (something that you possess) (1 mark) and a

PIN (something you know) (1 mark)

c) A social networking site has introduced additional security to its accounts called 2
login approvals. It requires you to enter a code that the social network sends to
your mobile phone via text message whenever you log into the social network
from a new or unrecognized computer.

Is this multi-factor authentication? You should justify your answer with ONE (1)
point.

Award 1 mark for each valid point with justification

 Yes, (1 very easy mark) it requires you to know your Password and
have your mobile phone. (1 mark)

Total: 10 Marks

Page 6 of 13
Network Security and Cryptography © NCC Education Limited 2016
 Marks
Question 6

a) Explain what is meant by vulnerability in the context of network security and 5

provide THREE (3) examples of vulnerabilities in a network.
The maximum number of marks awarded to this question is 5. Award 2
marks for the explanation of vulnerability.

ISO27000 defines vulnerability as a weakness of an asset or control (1

mark) that can be exploited by one or more threats. (1 mark)
Award 1 mark for each bullet point up to a maximum of 3 marks:

• Open ports that should be closed

• Unprotected sensitive traffic
• Lack of id and authentication of sender/receiver
• Insecure network architecture
• Poor password mgt
• Lack of effective change control
• Uncontrolled downloading / use of software
• Single point of failure
• Lack of back-up copies
• Unprotected password tables
• Immature or new software
• Incomplete or unclear spec for developers

b) Explain what is meant by the term password audit and briefly discuss why it is 2
important.
An organisation regularly attempts to crack users’ passwords using
techniques such as a dictionary attack (1 mark). Passwords are still the
most widely used authentication mechanism and weak passwords are
common (1 mark)

Other points that should be credited include: Passwords unchanged for a

long period can be identified (though this should be controlled by technical
security policy); and Password audits identifies weak passwords which are
reported.

c) Explain what is meant by the term port scan and describe its role in a 3
vulnerability assessment and how the results should be used.
Award 1 mark for each bullet point up to a maximum of 3 marks:
• A port scan or port scanner attempts to connect to all 65536 ports on
a server to see whether there are services listening (that is, waiting
for connections) on those ports.
• The purpose of a port scan is to audit network computers for likely
vulnerabilities or exploits. Attackers can use open ports as a means
of exploiting known vulnerabilities in applications that use the ports.
• Unused ports should always be closed.
Total: 10 Marks

Page 7 of 13
Network Security and Cryptography © NCC Education Limited 2016
 Marks
Question 7

a) Explain what is meant by the term Network Firewall. 4

Award 1 mark for each bullet point up to a maximum of 4 marks:

 A Firewall examines traffic sent between two networks to determine

if it meets rules for acceptance.
 A firewall is the first line of defense for your network, the purpose of
a firewall is to keep intruders from gaining access to your network.
 Usually placed at the perimeter of network to act as a gatekeeper for
incoming and outgoing traffic.
 It protects your computer from Internet threats by erecting a virtual
barrier between your network or computer and the Internet. (1 mark)

Note: Don’t give marks for personal firewall.

b) Draw a diagram which shows how a single network firewall could be used with a 4
Demilitarized Zone, Internal network and Internet. Show where a Web Server and
Domain Controller would be positioned.

Award 1 mark for each bullet point up to a maximum of 4 marks:

 Firewall at perimeter of LAN/DMZ (1 mark)

 Firewall at perimeter of LAN /Internet (1 mark)
 DC in LAN (1 mark)
 Web Server in DMZ (1 mark)

PC
PC
Network Firewall
PC

switch
Internet
DC
Internal LAN
DMZ, Mail,
DNS,Web server
etc

c) Provide TWO (2) examples of Access (Firewall) rules for your network in part (b). 2
Award 1 mark for each valid example up to a maximum of 2 marks:

• Expected rules to show source, destination networks, Access

(Deny/Allow), Port/ protocol, possibly users.
• E.g. Allow Port80/HTTP from All networks to DMZ

Total: 10 Marks

Page 8 of 13
Network Security and Cryptography © NCC Education Limited 2016
 Marks
Question 8
a) Companies are increasingly enabling their employees to connect to corporate
networks from home or mobile devices. A VPN is often used for this purpose.

i. Explain what is meant by VPN. 3

A Virtual Private Network (1 mark) is a secure private network (1
mark) that uses public telecommunication, such as the Internet,
instead of leased lines to communicate (1 mark).
ii. Outline FOUR (4) security features that are provided by a VPN. 4

Award 1 mark for each bullet point up to a maximum of 4 marks:

 Confidentiality via encryption

 Authentication of the source of the data
 Access control – only authorized users can access
 Integrity – ensuring data not modified

b) Draw a diagram to show how a home user could connect their home laptop PC to 3
the corporate network using a VPN. Explain the components on your diagram.

Award 1 mark for each valid point up to 3 marks:

 Showing and labelling the encrypted tunnel between FW/routers

 Showing the tunnel starts at the (VPN device – typically client on PC)
 Showing the tunnel terminates at the FW/router (VPN device)

Total: 10 Marks

Page 9 of 13
Network Security and Cryptography © NCC Education Limited 2016
 Marks
Question 9

a) Wireless LANs are frequently connected to corporate networks.

i. Name the device that connects the wireless devices to the network and 3
briefly describe how it works.
Wireless Access Point (1 mark) It acts as a switch (1 mark), identified
by SSID (1 mark)

ii. Draw a diagram to show how wireless devices (e.g. Laptop PC, Tablet) can 2
be connected to a corporate LAN. You should label the components.
Diagram showing WAP connected to a LAN switch or Firewall (i.e. in a
DMZ). (1 mark) with some representation of a corporate network (1
mark). An example diagram is:

Corporate LAN

PC
PC
Network Firewall
PC

switch

DC
Internet

Wireless Access Point

Note: Firewall/ Internet is not required for full marks unless DMZ is
discussed.

b) Wireless networking is inherently less secure than a wired LAN. This is because
the wireless network broadcasts its existence and the signal can be received by
devices not authorised to join the network.

i) How can you protect the confidentiality of traffic across the network? 1
Encryption for confidentiality

ii) How can you make sure unknown devices cannot be connected to the 1
network?
Authentication (1 mark) or MAC address filtering

iii) How can you ‘hide’ the network from public view? 1
SSID should not be broadcast

iv) Two protocols used for securing Wi-Fi are WEP and WPA-2. Which is best 2
and why?
WPA-2 is best (1 mark), Since WEP can be broken in a very short time
(1 mark)

Total: 10 Marks

Page 10 of 13
Network Security and Cryptography © NCC Education Limited 2016
 Marks
Question 10

a) Bob has just read CYREN’s 2015 Cyberthreat Yearbook report which begins: 10
“Enterprises of all sizes are now besieged by cybercrime at an alarming rate”.
This report found that successful cyber-attacks on businesses of all sizes
increased by 144% over a four-year period.

Bob believes that there is a simple answer: the way to deal with this problem is to
invest more in powerful firewalls. Do you agree with Bob? You should explain
and justify your answer in detail.
The aim here is to see security in context of the business and to provide
students with more opportunity to elaborate an argument rather than recall
knowledge and facts.

Award 1 mark for stating that Bob is wrong. Award up to 9 marks for the
explanation. Points should include:

 A firewall is part of the solution, but a holistic approach is needed

 Many threats and vulnerabilities are non-technical
 A risk-based approach is needed
 This approach examines the likelihood and impact of potential
security incidents
 It determines the highest risks.
 Those identified as low risk can be accepted.
 High risk can be controlled or transferred.
 Estimating the cost of an incident against the cost of controlling it is
one way of deciding.

Note: Credit alternative valid points

Total: 10 Marks

End of Examination Paper

Page 11 of 13
Network Security and Cryptography © NCC Education Limited 2016
Learning Outcomes matrix

Question Learning Outcomes Marker can differentiate

assessed between varying levels of
achievement
1 1 Yes
2 2 Yes
3 3 Yes
4 4 Yes
5 5 Yes
6 6 Yes
7 7 Yes
8 8 Yes
9 9 Yes
10 5, 7, 6, 3 Yes

Page 12 of 13
Network Security and Cryptography © NCC Education Limited 2016
Grade descriptors

Learning Outcome Pass Merit Distinction

Understand the most Demonstrate Demonstrate robust Demonstrate highly
common types of adequate understanding of comprehensive
cryptographic understanding of common types of understanding of
algorithm common types of cryptographic common types of
cryptographic algorithm cryptographic
algorithm algorithm
Understand the Demonstrate Demonstrate robust Demonstrate highly
Public-key adequate level of level of comprehensive level
Infrastructure understanding understanding of understanding
Understand security Demonstrate Demonstrate robust Demonstrate highly
protocols for adequate understanding of comprehensive
protecting data on understanding of security protocols understanding of
networks security protocols security protocols
Be able to digitally Demonstrate ability Demonstrate ability Demonstrate ability to
sign emails and files to perform the task to perform the task perform the task to
consistently well the highest standard
Understand Demonstrate Demonstrate robust Demonstrate highly
Vulnerability adequate level of level of comprehensive level
Assessments and understanding understanding of understanding
the weakness of
using passwords for
authentication
Be able to perform Demonstrate ability Demonstrate ability Demonstrate ability to
simple vulnerability to perform the task to perform the task perform the task to
assessments and consistently well the highest standard
password audits
Be able to configure Demonstrate Demonstrate robust Demonstrate highly
simple firewall adequate level of level of comprehensive level
architectures understanding and understanding and of understanding and
ability ability ability
Understand Virtual Demonstrate Demonstrate robust Demonstrate highly
Private Networks adequate level of level of comprehensive level
understanding understanding of understanding
Be able to deploy Demonstrate ability Demonstrate ability Demonstrate ability to
wireless security to perform the task to perform the task perform the task to
consistently well the highest standard

Page 13 of 13
Network Security and Cryptography © NCC Education Limited 2016