CS 450/650 Fundamentals of Integrated Computer Security

Fall 2014

Homework 4

Due on Tuesday, Nov 4 at 1:00 pm

The following problems are from the text book (Stallings and Brown, 3rd edition):

Chapter 9

4 -Table 9.5 shows a sample of a packet filter firewall ruleset for an imaginary network of IP address that range from 192.168.1.0 to 192.168.1.254. Describe the effect of each rule.

7 -A hacker uses port 25 as the client port on his or her end to attempt to open a connection to your Web proxy server. a. The following packets might be generated:

Explain why this attack will succeed, using the rule set of the preceding problem (see below).

b. When a TCP connection is initiated, the ACK bit in the TCP header is not set. Subsequently, all TCP headers sent over the TCP connection have the ACK bit set. Use this information to modify the rule set of the preceding problem to prevent the attack just described.

Chapter 10

3 - Rewrite the program shown in Figure 10.1a so that it is no longer vulnerable to a stack buffer overflow.

10 - Rewrite the program shown in Figure 10.10a so that it is no longer vulnerable to a buffer overflow attack.

Chapter 11

4 - You are asked to improve the security in the CGI handler script used to send comments to the Web master of your server. The current script in use is shown in Figure 11.10a, with the associated form shown in Figure 11.10b. Identify some security deficiencies present in this script. (!!! Shortened !!!)

What to turn in: A softcopy of your solutions (could be a scanned version of the hard copy) to be uploaded as a single file to WebCampus.