--------------------------------------------
               Homework 4
  Introduction to Networking and Security
      Due by class on June 11, 2007
 Applied Networks and Security (IT 263 901)
Lewis 1513, Mondays, 5:45 p.m. to 9:00 p.m.
     April 2, 2007 to June 11, 2007
--------------------------------------------

Student Name:


Assigned Reading:
  The Internet Book, Chapters 16, 17, 19, 21, 23, 28, 29, 31, 32

  Transmission Control Protocol (TCP)
  http://condor.depaul.edu/~jkristof/technotes/tcp.html

  TCP Congestion Control
  http://condor.depaul.edu/~jkristof/technotes/congestion.pdf

  Internet Security: Then and Now, Steve Bellovin
  http://www.nanog.org/mtg-0402/anniversary.html

Homework Questions:

1. In your own words, describe how the Internet is inherently a different
   architecture than the traditional telephone network.




2. Analyze the fallacy or weaknesses of the following statement:
   "I always ensure that I am visiting the 'https/ssl/tls' version
   of web pages that require authentication, therefore my credentials
   are safe."



3. What is one advantage and one disadvantage that a simple per-packet
   firewall has in comparison to a stateful inspection firewall.



4. How many packets are exchanged between a sender and a receiver
   before data can flow in a TCP session?



5. In your own words, describe how TCP can achieve reliability?



6. Two mechanisms that control the flow of TCP data between senders
   and receivers is the congestion avoidance algorithms used by the
   sender and the sliding __________________ used by the receiver.
   Fil in the blank.



7. What is one potential problem in using blacklists as part of a
   security policy that rejects certain messages or packets?



8. Download the following file and save it a temporary location on your
   system:

     http://condor.depaul.edu/~jkristof/it263/notepad.exe

   Note, this file is a harmless Microsoft Windows application simply
   called Notepad, you may have used it many times before.  Nevertheless,
   you should never trust nor run arbitrary code from just anyone so
   you shouldn't run it.  Instead, go here:

      http://www.virustotal.com/vt/

   And use the 'Browse' button, upload it to this site.  Paste the
   results of the upload/scan to your homework.




9. If you'e not heard of it, go find out what Joost is.  What is it?
   From a networking and security perspective, what makes it interesting
   and potentially a technology worth keeping an eye on?



10. If you're using a real-time multimedia application, such as watching
    a live sports broadcast via the Internet, explain what layer 4
    protocol (e.g. TCP, UDP) you're apt to use and why.