(Review Questions) Netowrk Security

TLS and Certificates

Which of the following security goals are addressed by the HTTPS protocol: (a) integrity, (b) conﬁdentiality, (c) authenticity?
Can I get a certificate for visa.com from VeriSign? How do signing authorities verify identity?
OCSP stapling is to get signed timestamp for a certificate from the CA, Sign_sk(CertSerial#, ts), where sk is the CA's secret key. How should the browser verify a OCSP stapled certiticate?
TLS is said to be a one-way autnetication because the client does not authenticate to the server. How does two-way authenticate works in the internet?
Certificate is a signature over the public key and a domain name. $LaTeX: s_0 = \left(n_0, pk_0, \text{Sign}_{sk_0}(n_0\|pk_0)\right)\;\; \text{Certificate of } C_0 \text{, Trusted CA}\\ s_1 = \left(n_1, pk_1, \text{Sign}_{sk_0}(n_1\|pk_1)\right)\;\; \text{Certificate of } C_1 \text{, Subsidiary CA}\\ s_2 = \left(n_2, pk_2, \text{Sign}_{sk_1}(n_2\|pk_2)\right)\;\; \text{Domain certificate}\\$
How will a domain verifices the ceritficate chain ? Assume there is a function Verify. Which key --- private or public --- do you need to create a certificate?
Why do certificates have expiry? What is the point of having additional information (Country, address, street, etc.) in certificate?

DNS, BGP, ARP

What capabilities of the attacker is required to mount a DNS cache poisoning attack? How does it work? To mount DNS cache poisoning the attacker has to get two things right. What are they?
BGP and ARP what are the differences?
Can SYN flood attack be reflective?
DDoS occur when a large pool of compromised devices attack a target.

Rubric

Title:

Title

Title
Criteria	Ratings	Pts
Description of criterion threshold: 5 pts Edit criterion description Delete criterion row	5 to >0 pts Full Marks blank 0 to >0 pts No Marks blank_2 This area will be used by the assessor to leave comments related to this criterion.	pts / 5 pts --