Homework #2

*REMINDER* You must do your own work. You may not collaborate
with each other on homework assignments.

Due: 9 a.m. in class 3/21.


1. Compare the security of placing a web server in front of the
   firewall versus behind the firewall. What are the benefits and
   dangers of each configuration?

2. Why do clients often have to be rewritten when application level 
   gateways are used as firewalls between the clients and their servers?

3. What would you do to determine if someone was sniffing on your
   network? Describe a tool that can be used to do this, and explain
   how it works.
   
4. Why is digest auth better than basic auth?

5. Network Address Translation (NAT) is often used when someone needs
   more IP addresses than they are assigned. If you are unfamiliar with
   NAT, and missed class on 3/7, then read up on it. You can easily find 
   an explanation on the Net. Why is it that IPsec is often incompatible 
   with NAT?

[If you did not do problem 2 of homework #1, please answer the following.]
 
6. Assume that you control a computer outside of the firewall of an organization.
   The firewall implements a policy that internal users can open TCP connections
   out, and they can ping hosts on the outside, but TCP connections from the outside
   and ping originating from the outside are not allowed in. Also, most UDP is blocked
   in both directions, but DNS lookup and response packets are allowed in both directions.
   This is a pretty standard policy.

   Design an attack whereby you can count the number of hosts that are behind the firewall.
   Describe your algorithm in detail.  
   (Hint: consider using traceroute as a tool.)