Srm - Odbrana

The given configuration shows that the firewall rules are set to accept traffic from the source address 10.10.10.0/24 to the destination address 192.168.1.0/24. However, rule 20 is set to reject traffic from the same source address to the same destination address. Therefore, the message will be discarded due to rule 20.

The correct answer is a) because it states that we are monitoring if anyone (Everyone) tries to do anything (Full Control) and fails (Fall). This aligns with the goal of monitoring directory access for security reasons, as we want to track any unsuccessful attempts made by anyone.

Snort je sistem za detekciju i sprečavanje upada. Ova vrsta sistema se koristi za praćenje mrežnog saobraćaja i otkrivanje sumnjivih aktivnosti ili pokušaja neovlašćenog pristupa. Snort analizira mrežni saobraćaj i upoređuje ga sa unapred definisanim pravilima kako bi identifikovao potencijalne napade ili nepravilnosti. Kada se detektuje sumnjiva aktivnost, Snort može preduzeti odgovarajuće mere za sprečavanje upada, kao što je blokiranje IP adrese ili slanje upozorenja administratoru sistema.

In the default state on Windows OS, monitoring is not enabled.

The wireless station knows that the access point uses WPA/WPA2 based on the shared key (PSK) that was set by the administrator.

The correct answer is a) In the "CertificateVerify" message, the client digitally signs all exchanged messages, demonstrating that it possesses the private key. This ensures the authenticity of the client during the establishment of the TLS session.

The correct answer is c) Po tri na svakom interfejsu (in, out, local). This means that for each interface, there can be three named rule sets: one for incoming traffic (in), one for outgoing traffic (out), and one for locally-generated traffic (local). This allows for more granular control and customization of the firewall rules based on the direction and source of the traffic.

To obtain a digital certificate, the end-user needs to create a pair of RSA keys (private and public) and a request, and then submit the request for signing to the certification authority. This process ensures that the end-user has a unique pair of keys and requests the certification authority to sign their certificate, providing authentication and ensuring the integrity of the certificate.

When Snort is used as an Intrusion Detection System (IDS), it is connected to a mirrored port on a switch. This allows Snort to monitor and analyze network traffic on the entire network segment. By connecting to the mirrored port, Snort can detect and alert on any suspicious or malicious activity occurring within the network, providing a comprehensive view of potential attacks on the network. This setup ensures that Snort functions effectively as an IDS by monitoring all network traffic and detecting any intrusion attempts.

It is possible for different websites to coexist on the same Apache server and use different TLS configurations because they can be accessed through different ports. Each website can be configured to listen on a specific port, and the TLS settings can be configured individually for each port. Therefore, websites can use TLS or not use TLS independently of each other based on the port they are accessed through.

The given configuration specifies that the virtual host web server requires client certificate verification, which means that the client's certificate needs to be authenticated. Additionally, the certificate must be directly signed by the root certificate authority. This ensures that only clients with a valid and trusted certificate are allowed access to the specified directory ("/var/www/poverljivo2").

A subordinate certification authority is part of the trust chain and signs certificates for end users, with its certificate being signed by the root certification authority.

The problem is caused by a) incorrectly entered source address. The firewall rule is set to allow traffic from the source address 192.168.1.0/24, which represents the local network, to the destination address 10.10.10.0/24 in the DMZ network. However, if the source address is entered incorrectly, the firewall will not match any incoming traffic from the local network, resulting in the clients being unable to access the servers.

The correct answer is "Asimtericna kriptografija je sporija od simetricne." This statement is true because asymmetric cryptography, which uses public and private keys, is generally slower than symmetric cryptography, which uses the same key for both encryption and decryption. This is because asymmetric encryption involves more complex mathematical operations and larger key sizes, which require more computational resources and time.

The correct answer is b) because it sets the rules to allow only packets that are part of established HTTP connections to reach the client in the local network. By enabling the "state established" and "state related" options, the firewall will only accept packets that are part of an established connection or related to an established connection. This ensures that only valid HTTP traffic is allowed through the firewall. The other options (a and c) do not specify the state of the connection and do not provide the necessary filtering for HTTP traffic.

In order to verify a digital signature, Bob needs Alice's public key. The public key is used to verify the signature, while the private key is used to create the signature. Therefore, Bob does not need his own private key or public key, nor does he need Alice's private key. The correct answer is d) Alice's public key.

When a digital certificate is issued to a user, it can be used until its expiration date and for the purposes specified in the "baseConstrains" and "Extended Key Usage" fields. This means that the certificate can be used for the specified purposes, such as encryption, authentication, or signing, until it expires. The expiration date ensures that the certificate remains valid for a certain period of time, after which it needs to be renewed or replaced. The "baseConstrains" and "Extended Key Usage" fields define the specific purposes for which the certificate can be used, ensuring that it is only used for authorized activities.

The expected features of the EAP method used in wireless networks include mutual authentication and derivation of the master key.

When attaching a set of rules to the interface on the Protective Barrier, it is necessary to choose the appropriate direction of the interface. This means selecting the direction that aligns with the desired flow of traffic or communication. Choosing the correct direction ensures that the rules are applied effectively and the interface functions efficiently in managing network traffic.

When using WPA or WPA2, the keys used for encrypting traffic are agreed upon during a four-way handshake between the client and the access point. This handshake involves multiple steps to establish a secure connection and exchange the necessary encryption keys.

The correct answer is a) public disclosure of the list of revoked certificates signed by the certification authority. This means that when a certificate is compromised or no longer valid, the certification authority will publicly announce and publish a list of revoked certificates. This allows users and systems to check the list and ensure that any compromised or revoked certificates are no longer trusted. The other options listed do not involve the public disclosure of a revoked certificate list.

RSA is a commonly used encryption algorithm in computer security. It is a public-key encryption system that uses two keys, a public key for encryption and a private key for decryption. The RSA algorithm is based on the difficulty of factoring large numbers, making it secure against attacks. The other options, RC4, DES, IDEA, and AES, are also encryption algorithms, but they are not specifically designed for public-key encryption like RSA. Therefore, RSA is the correct answer in this case.

The correct answer is c) Gleda se isključivo redosled pravila u skupu. Prvo pravilo koje opiše paket odredi mu i sudbinu. This means that the fate of the packet is determined solely by the order of the rules in the set. The first rule that describes the packet will determine its fate.

The correct answer is "za potvrdu necijeg javnog kljuca" because a certificate is used to verify someone's public key. Public key certificates are used in public key cryptography, where each user has a pair of keys - a public key and a private key. The certificate includes the user's public key and is digitally signed by a trusted third party, known as a Certificate Authority (CA), to verify the authenticity of the public key. This allows users to trust that the public key belongs to the intended user and has not been tampered with.

The given configuration sets up a firewall on the router to drop TCP connections to port 22 (SSH) from the LAN network. The rule is configured to enable the tracking of recent connections, allowing a maximum of 3 connections within a 30-second time frame. This effectively restricts frequent connections to the SSH port on the router itself.

To authenticate clients during the establishment of a TLS session, it is necessary to include the location of a file with usernames (UserNameFile) in the server configuration. This file contains the usernames that the server will use to verify the identity of the clients. By including this file location in the configuration, the Apache server will be able to authenticate clients during the TLS session.

WPA2 uses CCMP and AES. CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) is an encryption protocol that provides confidentiality, integrity, and authentication. AES (Advanced Encryption Standard) is a symmetric encryption algorithm that is widely used for securing sensitive data. Both CCMP and AES are strong encryption mechanisms that enhance the security of wireless networks.

Alisa treba da kreira izvod poruke i šifruje ga sopstvenim privatnim ključem kako bi Bob mogao da proveri autentičnost poruke. Korišćenje sopstvenog privatnog ključa omogućava Alisi da potpiše poruku na način koji samo ona može da uradi, jer samo ona ima pristup svom privatnom ključu. Bob će zatim moći da dešifruje poruku koristeći Alisin javni ključ i tako proveri da je poruka zaista potpisana od strane Alise.

A digital certificate contains the public key, information about the owner's identity, and a digital signature of the mentioned information created by the trusted authority's private key.

In a stateful firewall, packets can be treated differently if they are part of an already established connection. This means that the firewall keeps track of the state of the connection and can make decisions based on the previous packets exchanged between the client and the server. This allows for more granular control and better security as the firewall can analyze the context of the packets and apply specific rules or policies based on the established connection.

The client can be sure that they are communicating with an authentic server during the establishment of a TLS session based on the server's digital certificate with which the negotiation is being done. The digital certificate serves as a form of identification for the server, verifying its authenticity and ensuring secure communication between the client and the server.

The correct answer is "Spisak dozvoljenih brojeva portova" because Snort rules contain a list of allowed port numbers. Snort is an intrusion detection system that monitors network traffic and compares it against a set of rules to detect and prevent malicious activity. By having a list of allowed port numbers, Snort can filter out any traffic that does not match the specified ports, ensuring that only legitimate network traffic is allowed through.

The explanation for the given correct answer is that when monitoring access to a directory on the Windows operating system, it is necessary to set the auditing on the object itself. This means enabling the appropriate category of auditing and configuring it specifically for the object in question. By doing so, any access to the directory will be tracked and recorded for monitoring and security purposes.

In wireless networks, according to the new version of the standard from 2007, 802.1x is used as a framework for negotiating the authentication mechanism and as a mechanism for controlling access to ports. It is not used as an encryption algorithm or for calculating authenticity check values.

The correct answer is c) because individual traffic filtering rules in a security barrier router typically include a description of the traffic and the action to be taken on it. This allows the router to determine how to handle specific types of traffic based on their description and perform the appropriate action, such as allowing or blocking the traffic. The DNS name and address of server clients (option a) and the direction of traffic and interface name (option b) may be considered in some filtering rules, but they are not the primary factors in determining the action to be taken on the traffic.

To solve the problem, it is necessary to introduce the certificates of the internal certification authority on the problematic workstations. This will allow the workstations to verify the certificates of the two web servers and establish a TLS session.

The weakness of WPA-WPA2 protection is that the messages of association and disassociation are not protected or verified as authentic. Additionally, if a quadruple handshake is captured, a dictionary attack on a simple PSK (Pre-Shared Key) is possible.

To set up a TLS virtual host on an Apache server, the correct steps are as follows:
a) Enable the Apache server to listen on port 443.
e) Create a virtual host that listens on port 443 and has the directive SSLEngine on.
f) Enable the mod_ssl module.

In order to establish a TLS (Transport Layer Security) virtual host, the Apache server needs to listen on port 443, which is the default port for HTTPS connections. Additionally, a virtual host needs to be created specifically for port 443 and configured with the SSLEngine directive to enable SSL/TLS encryption. Lastly, the mod_ssl module must be enabled to provide the necessary SSL functionality.

The given answer is correct because the items listed in a), c), e), g), and i) are not part of a certificate. The certificate typically includes information such as the public key, validity period, issuer and subject, version, and serial number. The items mentioned in the correct answer, such as username and password, IP address and hostname of the certification authority, signature of the information, IP address and hostname of the subject of the certificate, and version and serial number, are not included in a certificate.

The correct answer choices for creating a protective barrier on a router are:
a) Naming the created rule set after a specific interface direction. This helps in organizing and identifying the rules based on the interface they are associated with.
e) Creating individual rules within the rule set to filter traffic. This allows for specific filtering of traffic based on different criteria.
f) Determining the interfaces that allow all traffic and the interfaces that block it. This helps in controlling the flow of traffic through the router.