SETUP THE WEBSERVER TO SUPPORT HTTPS INCLUDING OBTAINING A CERTIFICATE

Qualified Writers
Rated 4.9/5 based on 2480 reviews

100% Plagiarism Free & Custom Written - Tailored to Your Instructions

For this question you must use virtnet (as used in the workshops) to study HTTPS and certificates. This assumes you have already setup and are familiar with virtnet. See Moodle and workshop instructions for information on setting up and using virtnet, deploying the website, and testing the website.

Your task is to:

Create topology 5 in virtnet

Deploy the MyUni demo website on the nodes

Setup the webserver to support HTTPS, including obtaining a certificate

certificate.pem.

Capture traffic from the web browser on node1 to the web server that includes a HTTPS session. Save the file as https.pcap.

Test and analyse the HTTPS connection.

Answer the following sub-questions based on above test and analysis.

(a)Submit your certificate certificate.pem and HTTPS traffic capture https.pcap on Moodle. [3 marks]

(b)Draw a message sequence diagram that illustrates the SSL packets belonging to the first TCP connection in the file. Refer to the instructions in assignment 1 for drawing a message sequence diagram, as well as these additional requirements:

Only draw the SSL packets; do not draw the 3-way handshake, TCP ACKs or connection close. Hint: identify which packets belong to the first TCP connection and then filter with “ssl” in Wireshark. Depending on your

Wireshark version, the protocol may show as “TLSv1.2”.

A single TCP packet may contain one or more SSL messages (in Wireshark look inside the packet for each “Record Layer” entry to find the SSL message names). Make sure you draw each SSL message. If a TCP packet contains multiple SSL messages, then draw multiple arrows, one for each SSL message, and clearly label each with SSL message name.

Clearly mark which packets/messages are encrypted. [3 marks]

(c)Based on the capture and your understanding of HTTPS: [0.5 mark each]

a.What port number does the web server use with HTTPS?

b.What symmetric key cipher was used for encrypting the data?

c.What public key cipher was used for exchanging a secret?

d.What cipher and what hash algorithm are used in signing the web servers certificate?

(d)In this task you needed to manually load the CA certificate into the client (lynx web browser). In real networks, this step is not necessary (that is, the web browser user does not have to load the CA certificate – it normally is already loaded). Explain how the

Advanced Network Security

Page 7 of 10

COIT20262

Assignment 2

Term 1, 2017

web browser already knows the CA certificate and what limitations there are of this approach? [2 marks]

Marking Scheme

(a)3 marks if all required files are submitted and in correct format. 1.5 marks if only 1 file is correct. 0 marks if neither of the files correct.

(b)The diagram must have all packets clearly labelled to obtain full marks. Missed messages, incorrect messages or unclear diagram will result in loss of marks.

(c)0.5 mark for each correct answer.

(d)1 mark for explaining how the web browser knows certificate, and 1 mark for explaining a limitation of this approach.

Price: £109

100% Plagiarism Free & Custom Written - Tailored to Your Instructions