Q1. You are asked to add SMTP mail to the system shown below. Assume:
Mail to the outside world has never previously been used directly from this
system. It has always passed over IPSEC VPN to a corporate data centre.
Users will need to send mail to and receive mail from the outside world.
Firewall rules are currently very tight and only allow VPN connections from
the core systems to remote offices and Internet access to the WebServers.
Mail will be critical to the operation of the organization.
(a) How would you configure the mail servers themselves?
(b) How would you approach virus scanning and spam filtering?
(c) Outline how you would approach modifying the firewall configuration.
(a) Why is additional security from MAC address filtering on wireless LAN
(b) Discuss what forms of security might be appropriate to secure a corporate
(c) You have a WLAN and a broadband connection in your apartment in a large
building. What level of protection is appropriate to reduce the risk of your
neighbours using your bandwidth?
Q3 The use of emails purporting to be from financial institutions and attempting to get
users to visit web sites and enter various personal details (including card and PIN
numbers is increasing.
(a) How would you go about tracing the origin of such messages?
(b) Having traced the origin can anything useful be done to reduce the volume of
(c) How might you attempt to filter out a large proportion of such messages?
(d) Assume that you are working in the information security department of one of
the victim financial institutions. Write a short email to explain to all of your
Internet banking users how such frauds work and how to avoid them.
(a) Why is a personal firewall essential for “road warriors” using dial up internet
access and VPN to gain access to corporate networks?
(b) Outline appropriate firewall rules for such a firewall.
(c) Outline the relative advantages and disadvantages of SSL/VPN and IPSEC
VPN for such systems.
(a) Outline the potential benefits to a purchaser of a third party security
accreditation, such as FIPS140, on a product
(b) You are asked to select a digital signing device to be used to sign high value
contracts. The device will be housed in a secure computer room with 24 hour
guards on the both the entrance to the building and on the entrance to the
computer room. There are two competing products available as follows:
Product A Product B
Overall FIPS140-2 Level 3 Level 2
Hardware FIPS140-2 Level 3 Level 2
Software FIPS140-2 Level 3 Level 4
All other features are presumed to be identical. Discuss which of these devices
you would select and why.
Either one or two questions on viruses and malware from Michael Ryan