Questions.

1. Using virtual machines in the context of hw3 has the following advantages/disadvantages:
   1. Students has root privileges to configure the server certificate.
   2. The web server can be configured to run on ports 80 and 443, which you cannot do on walrus with a normal user account.
   3. Require a large collection dedicated IP addresses for vms and creating related DNS entries.
   4. A student can install additional modules or services without interfering other students.
   5. The virtual machines can be allocated to run on one of the seven vSphere host based on the load status and certain policy set by the system admin.
   6. The virtual machines still share the computation and storage resources with others using the same hosts/networks.
      
   7. It allows a user to configure/install OS remotely which cannot be easily done on a real machine in the lab.
   
   Add two advantages and disadvantages to the above list.
   Ans:
   • Advantages:
     1. The web sites can be shutdown independently.
     2. The misconfiguration on one virtual machines will not interfere that of another.
     3. VM can be cloned again. Less concerns about damage the OS/configuration files.
   • Disadvantages:
     1. Waste a lot of storage space on the same OS libraries.
     2. The web server of a virtual machine is significant slower that that runs directly on a host machine.
     3. Managing VMs was not correctly configured, as any student can start/shut down another student VM.
     4. Wrongly configuring network IP addresses could conflict with another student VM.
     5. Since all machines were cloned from the same master VM, if a student did not change login passwords, they could be vulnerable to abuse.
   
   
2. Public Key Infrastructure (PKI) and secure web access.
   1. What are its advantages compared with login/password based authentication? Name two and discuss briefly.
      Ans: 1. The private key does not have to be exchanged during the authentication. Therefore it is more secure. 2. The certiificate presented contain more information than a simple login and can be used for the group-based access. 3. User doesn't need to memorize the password and will not need to enter it every time he tries tologin. 4. It eliminates the possibility of a hacker guessing the password .
      
   2. For PKI to work, what specific data or software modules we need to trust. List three of them from most critical to less critical and indicate who provides the data or software.
      Ans:

      1. The front end GUI interface that interacts with the users. If it is compromised, then the hacker can simply by-pass the PKI mechanism.
      2. The crypto library that is used for PKI authenticate is the most critical. It is typically installed by the system administrate on your machine or comes with the original vendors modified by the service patches. If it is compromised, a hacker can present a fake ID.
      3. The certificates of the CAs in the security database used on the browsers/system. It is typically comes with the original vendors or Linux software distribution, possibly modified the user, e.g., import a new CA certificate. A compromised CA certificate enables a fake web site to appear like a legitimate secure site.
         
      
      
   3. Why the private key of the web serve need to be decrypted? How it can be protected if the system has other "potential malicious" local users.
      Ans: If the private key is not decrypted before installing in the configuration directory, then every time it is needed that httpd will prompt the system admin for the passphrase. If the system admin is not around to enter the passphrase, the system hang and cannot proceed further.
      Once it is decrypted, it can put in a directory where only the root has accesses. Other malicious local users will not able to access the directory.
      
   4. What are contained in a .p12 file for hw3 exercise?
      Ans: The .pl2 contains both the private key and the signed certificate of a user. It is imported to a browser for client certificate based mutual authentication.
      
   5. Why the mutual authentication directives which govern the access of /var/www/html/secure cannot be inside /etc/httpd/conf.d/ssl.conf and have to be in /etc/httpd/conf/httpd.conf?
      Ans: The ssl.conf deals only with https requests. The same /var/www/html/secure directory can still be access through the plain http (port 80) requests.
      
   6. Not all personal certificates signed by CAcsnet can access your secure web site. For example the one in cs526.p12 cannot. How do you control that?
      Ans: Additional access control is enfored by requiring the subject field of all certified users to be checked against those in httpd.passwd, similar to the of .htaccess access control using the following directives:

      AuthName "UCCS CS Department"
      AuthType Basic
      AuthUserFile /etc/httpd/conf/httpd.passwd
      require valid-user
      

   7. Briefly describe how to find out a certificate is revoked. For large organizations such as DoD, how can they detect the certificates presented are still legimate? Name one protocol and describe concisely its technique.
      Ans: A web server can maintain a Certificate Revoke List (CRL) which ontain the revoked certificates. For a large organization, check sequentially on long lists of revoked certificate will not be feasible. Oline Certificate Status Protocol (OCSP) is created as an alternative to CRL. Here is what is described in OSCP wiki (http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol):
      

      Basic PKI implementation

      1. Alice and Bob have public key certificates issued by Ivan, the Certificate Authority (CA).
      2. Alice wishes to perform a transaction with Bob and sends him her public key certificate.
      3. Bob, concerned that Alice's private key may have been compromised, creates an 'OCSP request' that contains Alice's certificate serial number and sends it to Ivan.
      4. Ivan's OCSP responder reads the certificate serial number from Bob's request. The OCSP responder uses the certificate serial number to look up the revocation status of Alice's certificate. The OCSP responder looks in a CA database that Ivan maintains. In this scenario, Ivan's CA database is the only trusted location where a compromise to Alice's certificate would be recorded. (can be implemented as a bitmap)
      5. Ivan's OCSP responder confirms that Alice's certificate is still OK, and returns a signed, successful 'OCSP response' to Bob.
      6. Bob cryptographically verifies Ivan's signed response. Bob has stored Ivan's public key sometime before this transaction. Bob uses Ivan's public key to verify Ivan's response.
      7. Bob completes the transaction with Alice.
3. Htaccess.
   1. Based on part 3 exercise B, describe your observation and analysis on how apache implements the .htaccess mechanism. Is it following Unix file access model?
      
      Ans: By simply changing the require directive in the .htaccess file of confidential director to include only user staff, we observe with ceo account we can still the access to https://chowvip.csnet.uccs.edu/confidential/secret/topsecret. It shows the access to a directory is overwritten by the .htaccess file and not depending on those .htaccess files directly above. Therefore the apache .htaccess access control does not follow the Unix file access model. Note that if a subdirectory exists under topsecret but contains no .htaccess, then its access is governed by that of .htaccess in topsecret.
      
      See http://httpd.apache.org/docs/current/howto/htaccess.html#how. "The configuration directives found in a .htaccess file are applied to the directory in which the .htaccess file is found, and to all subdirectories thereof. However, it is important to also remember that there may have been .htaccess files in directories higher up. Directives are applied in the order that they are found. Therefore, a .htaccess file in a particular directory may override directives found in .htaccess files found higher up in the directory tree. And those, in turn, may have overridden directives found yet higher up, or in the main server configuration file itself. " The sub directory under http://chowvip.csnet.uccs.edu/confidential/secret/topsecret/ does not contain .htaccess. Its access is governed only by that of topsecret.
      
   2. What is the purpose of using DBM for authenticating user password?
      
      Ans: By storing the usernames and passwords in DBM type database files, it enables fast retrieval through the hashing technique, compared with the normal sequential search of the username.