Aims

This assignment aims to establish a basic familiarity with network security topics via analysing, designing, and implementing solutions.

Questions

1. Network Security

A bank system, including the internal and external sub-systems, is used by different users. Based on the security requirements, these accesses should be protected in different ways depending on access methods. We will focus on network security for internal and external access to the bank system in this task.

• There are two types of users: bank customers and bank employees.

• The bank system provides a range of services, such as personal savings, bank statements, money transfer, internal message management, and account management.

• As a customer, it is allowed to use web browsers to access the bank website and make transactions.

• A customer can also use the mobile app to access the services. In this case, the customer is likely to use a mobile network or WiFi connection.

• As a bank employee, it is allowed to access the bank system via the website or desktop application.

• When an employee is travelling for business, it may need to connect the bank servers via a secure connection. 

Your task.

a. Consider the security of the above system, discuss two potential security issues and provide countermeasures. For each of the issues, specify the related security service(s), attack(s) and mechanism(s). The demonstrated issues must not relate to the same security service(s).

b. Consider that a bank employee requests to modify a bank customer’s daily cash transfer limit. Briefly describe the essential security-related step(s) that demonstrate the security checks for the operation. For each step, specify the aimed security service(s).

c. An employee accesses the internal system with proper authentication and authorisation. Consider Kerberos, SAML, and OAuth, which one is better for internal system authentication and authorisation? Justify your answer.

d. To provide secure connection services for the travelling employees, which of IPSec, SSL/TLS, and SSH, would be a better option? Justify your answer.