CSCD 434/539 Network Security
Takehome Midterm - Spring 2014
Due: Monday May 12th     Worth: 100 points
This is a takehome exam which means that you can take it home or work on it here
at school, but please do the work individually. You can ask me for help in order to
clarify what I am asking or for suggestions on places to look for references.
If the question asks you to provide a reference, please provide one. Actually
look up a reference for the answer.
Answer all the questions to the best of your ability. That means, don't skip
a question. This test is not supposed to be time limited which means you can
take your time and look up information you don't know. Never leave an answer
blank ... bad strategy on a test. Even if you guess, you will likely get some
points for the answer. And, if you are really, really confused as to what I am
asking, just email me and I will answer ... in a reasonable time.
- We discussed in class how the laws seem to be out of balance with the crime of hacking. This
was brought to a head with the tragic death of Aaron Swartz the creator if RSS 1.0. Find at least two
examples of this problem where unfortunate hackers/teenagers not the corporate hackers have
experienced the wrath of the law. What do you think can be done to change the
direction of these unfair laws?
- We touched on rootkits. Research the current trend in rootkits. Are they being
better defended against with current OS defenses in Windows and Linux? Find at least
two rootkits, describe what they do and if there are defenses against them.
- Hardening is one of the defenses mentioned in the text for this class, Chapter
4. Find one good paper on hardening for the system you typically use. Read it and describe
or list how well you have done all of the things recommended to harden your system. Provide
the url of the paper too.
- Describe one problem with the way cryptography is used for network security. Provide
- Darknet. What is it? What is found on the Darknet? Can you access it safely?
- Buffer overflows are still common after all these years. What are current recommendations
for combating these flaws in Windows machines? Find at least one reference for this question.
- Many of the scanning techniques we discussed, nmap, nessus, openvas work on
known services and vulnerabilities. What is the current recommended advice for
zero day exploits? Is there a solution to this problem? Provide a reference.
- Find your own 3 best security sites on the Internet. They can be on the hacker side
or the defender side or both. Provide the url and describe them a bit and why you
Type your answers to the above questions and turn them
in during class. I really want them printed out.