Chapter 1 Answers, Guide to Network Defense Countermeasures, 3e

Chapter 1 Answers, Guide to Network Defense & Countermeasures, 3e Review Questions

• inside the company
• all of the above
• nonrepudiation
• their own subnet
• a DMZ
• a network perimeter
• port number
• IP address
• cyberterrorist
• socket
• rule base
• nonrepudiation, confidentiality, integrity, availability
• c. physical
• b. disrupt computer-controlled industrial operations
• False
• a. worm
• virus
• d. block all traffic
• a. signatures

Case Projects

Case Project 1-1: Determining Legal Requirements for Penetration Testing

Answers may vary, but students should address the need to obtain written permission for the penetration tests. State laws include Hawaii Rev. Stat. § 708-892, § 708-891.5, § 708-895.5, § 708-892.5. Federal laws include Criminal Code, Title 18, Sections § 1029, § 1030, § 1362, § 2510, § 2701.

Case Project 1-2: Understanding the Rules of Engagement for Security Testers

The OSSTMM's rules of engagement are available at www.isecom.org/osstmm/rules.shtml.(Guide to Network Defense and Countermeasures, 3e Randy Weaver, Dawn Weaver, Dean Farwood) (Solution Manual, For Complete Chapter, Download link at the end of this File) 1 / 3

Chapter 2 Answers, Guide to Network Defense & Countermeasures, 3e Review Questions

• IPv6 uses a 128-bit address space.
• IPv6 incorporates IPsec.
• 192, 223
• Network Address Translation (NAT)
• proxy servers
• testing the local TCP/IP software implementation
• It is connectionless.
• 191.9.205.22/18
• Routers break packets into smaller pieces called fragments.
• Multicast Listener Discovery
• Neighbor Discovery
• FQDNs, IP addresses
• b. Fragments numbered 1 or higher are passed through filters.
• a. multicast
• b. sliding window size
• a. SYN
• c. 58
• b. 1080::8:800:200C:417A

Hands-on Projects

Hands-on Project 2-3: Examining Individual ARP and Ping Packets

• Expand the Internet Control Message Protocol section. What is the pattern in the content of the 32 bytes of data

that are sent in a Windows ping?

Answer: The partial alphabet.

Hands-on Project 2-4: Examining IPv6 Ping Packets

• This chapter included a number of figures that show header structures, including Figures 2-2, 2-3, 2-5, 2-8, and

2-9. In the space below, create a figure that shows the structure of this Neighbor Solicitation message.Answer: A solution is included in HOP 2-4 solution.vsd and HOP 2-4 solution.docx.

Hands-on Project 2-5: A Challenge

The –l indicates that the data size of the ping request and reply will be specified in bytes. Because the maximum transmission unit size of Ethernet is 1500 bytes, a 5000-byte ping needs to be fragmented by IP. As a result, while the first packet of each echo request or reply is an ICMPv6 packet, the remaining fragments are IP protocol packets.In these packets the IPv6 option header, Fragmentation Header, is added to the IPv6 header. The More Fragment field in the fragmentation header indicates whether more packets are associated with this ping; it also includes an offset that indicates which byte of the 5000-byte ping is the first byte in the current fragment. 2 / 3

Case Projects

Case Project 2-1: The Differences between IPv4 and IPv6

Answers may vary, but a correct answer would include references to the following: • Available addresses expanded from 32 bits to 128 bits in IPv6.• There is no likelihood that addresses will be exhausted in the foreseeable future.• Native IPsec support is provided in IPv6.• Native support for flow control Quality of Service is provided in IPv6 to improve performance of multimedia transmissions.• ARP broadcasts are no longer required with IPv6 because ND performs this function.• Multicasting is more efficient in IPv6.• IPv6 does not require static or DHCP configuration; it can use autoconfiguration.

• / 3