MN603 Wireless Networks and Security, Semester 1, 2010

Master of Networking
MN603 Wireless Networks and Security
Sample Final Exam
Semester-3, 2009/2010

Date : 26/06/2010
Begin Reading Time: 9.20 am
Begin Writing Time : 9.30 am
Duration : Three (3) hours
Venue : MIT Melbourne
Lecturer : Biplob Rakshit Ray
Total Marks : 100 (40% for the Total Subject Grade)

___________________________________________________________

Instructions to the candidates:

Full marks are only awarded for correct answers with detailed explanation and justification, and
they will not be awarded for incomplete/or incorrect answer. Answer all questions on this exam
paper according to given instruction. Use the exam booklets for your answers.

This exam consists of two parts:

1. Router Specific question =20 Marks

2. Descriptive Questions = 50 Marks
3. Case study = 30 Marks

Complete the following details:

Student Name: _________________________

Student ID : _________________________

Subject Code: __________________________

DO NOT REMOVE ANY PART OF THIS EXAM

PAPER FROM THE EXAMINATION ROOM

Page 1 of 6
MN603 Wireless Networks and Security, Semester 1, 2010

Part I - Managing router security [20 Marks]

a) ICMP (Internet message control protocol) is a very handy protocol for network
professionals.
- What layer of the OSI model does ICMP belong to? Identify three uses of
the ICMP protocol for troubleshooting network problems. (7 marks)

b) Write Extended ACL that will accomplish the following (13 marks)

- Router A will deny all FTP communication (FTP packets) from sales
network to 172.16.10.2/24 workstation.

- All other traffic is permitted.

Page 2 of 6
MN603 Wireless Networks and Security, Semester 1, 2010

Part II–Application, database and wireless security (50 marks)

Select Eight QUESTIONS out of this section.

1. Identify the 802.11 protocol layers and provide two functionalities of

each layer. Explain how WEP (Wired equivalent privacy) provides
security to wireless networking and identify three security vulnerabilities
of WEP. (10 marks)

2. Identify the layers of the WAP (Wireless Application protocol). Define

Wireless Transport Layer Security (WTLS) and explain the architecture
of WTLS. (10 marks)

3. Define and identify the differences between an active system and a

passive system in terms of Intrusion Detection. Define the following terms
in relation to Cisco IOS Firewall IDS signatures. (10 marks)

a) Info Atomic
b) Info Compound
c) Attack Atomic

3. Identify and define two QoS parameters. Identify and explain three
challenges for QoS services in wireless network. (10 marks)

1 page 41

Page 3 of 6
MN603 Wireless Networks and Security, Semester 1, 2010

5. Identify two security levels and security modes we have in our Bluetooth
technology (802.15.1). Explain the elements of Bluetooth security for
protection. (10 marks)

2 page 41

6. Explain 802.1 x frameworks and identify the security property it is

protecting in a wireless network environment. (10 marks)

7. Define anomaly detection and misuse detection in context of intrusion

detection system. Identify two shortcomings for each of them and how can
we mitigate those shortcoming to protect our network. (10 marks)

8. Identify two best firewall technologies and explain with example to support
you selection ‘why they are the best comparing with others?’. (10 marks)

10

9. Identify two physical layer features and one advantage of each feature in
WiMAX (80216). Explain one of them in details. (10 marks)

Lecture 6

Part III- Case study [20+10 = 30 Marks]

GEAP Pty. wireless network upgrade

Wireless network cards are becoming quite common at GEAP especially in notebook
computers. With this proliferation of wireless network cards, there are requests from the users
of these computers to access the corporate network using a wireless connection. In 2001 and
Page 4 of 6
MN603 Wireless Networks and Security, Semester 1, 2010

2002 an 802.11b system was implemented on a limited scale for the GEAP Pty Ltd Company.
This used Wireless Encryption Protocol (WEP) encryption as the sole security mechanism.

Demand for wireless service has steadily increased since then, and in July of 2010 a
consultant was asked to implement a wireless network for GEAP Pty. Ltd. on a larger scale.
The consultant explained to the management team at GEAP the many shortcomings of the
WEP encryption protocol, and they agreed that any upgrade of the wireless network should
include better security.

The 802.1x authentication is based on authentication methods that are already in use at GEAP
Pty Ltd by remote users. This is important to GEAP because any upgrades need to integrate to
the current network infrastructure. During the past year, the Wi-Fi Protected Access (WPA)
components of the upcoming 802.1i standard have been released. The consultant then chose
the Cisco ‘WAP4410N Wireless-N Access Point - PoE/Advanced Security’ Access Point for the
GEAP wireless upgrade.

The consultant also explained that aside from the Cisco access point, Windows 2003 server
edition and network interface card (NIC), no additional hardware and software was needed.

GEAP management wants this upgrade to be done with minimal configuration and with best
possible security.

GEAP has the following servers:

1. Database server ( 3)
2. Web server (1)
3. Authentication server (1)
GEAP has the following staff:
1. Service consultants(20)
2. Database management staff( 3)
3. IT manager(1)
4. Web administration(3)
5. Fraud and security surveillance(2)
6. IT engineer(1)

Page 5 of 6
MN603 Wireless Networks and Security, Semester 1, 2010

You are working as a system analyst. Analyze the above case and answer the following
questions:

1. Select few security measures to upgrade GEAP’s security and give

reason for your choice.

Page 6 of 6