4P14

Lab 9
SSL and Cables


We will be working in the Windows environment. You will be required to create a joint lab report concerning certificate analysis. As well show the lab instructor your prowess in creating a 1GbaseT drop cable.

Part A: (Taken from https://info.cis.uab.edu/saxena/teaching/csx36-netsec-f14/labs/HW3.pdf)
  1. Go to https://www.wellsfargo.com
  2. From Firefox (if you don't have it down load it), go into preferences Privacy/Security -> Manage Certificates
  3. Who has signed the certificate, the CA, and is it trusted by your browser?
  4. What is the certification authority hierarchy for the certificate?
  5. Has the certificate expired? If not when will it?
  6. What is the CRL Distribution Point, ( the URL from which the CRL can be downloaded) w.r.t. this certificate.
  7. What crypto system is used to generate the public and private keys.
  8. What signature scheme is used to sign the certificate?
  9. What is the public key that is being certified, paste it into the report.

Part B:

Do a wireshark trace for establishing a connection to https://google.com. Provide snapshots of your trace to support your answer. You may find snipping tool useful to capture screen shots or parts if copy/paste is giving you difficulty.

View the document below to get a handle on what is happening with an SSL handshake.

http://www.cisco.com/c/en/us/support/docs/security-vpn/secure-socket-layer-ssl/116181-technote-product-00.html#anc2

Use google if your not sure about what some of the below means.
  1. What number identifies the SSL Handshake content type?
  2. What number identifies the SSL Application Data content type?
  3. What number identifies the SSL change Cipher Spec content type?
  4. In your Wireshark trace, what sets of messages are bundled together into single frames?
  5. What is the cipher suite selected for this session?
  6. What are the first 5 cipher suites suggested by the client machine?
  7. What is the ClientRandomValue included in the Client hello message?
  8. Is it possible for you to learn the pre-master secret from this trace? If yes, provide the pre-master secret. If not, explain your answer.
  9. Establish another (fresh) session with google, (close the browser and start a new session from the same browser), and identify whether the answers to each of the above questions has changed or not? Explain, why each is either changed or not changed.


Part C:

Go to http://pinoutguide.com/Net/ethernet1000baset_pinout.shtml. This describes how an RJ45 end is to be wired for gigabit ethernet. The lab TA will demonstrate.

You are to create a cable which correctly verifies on the supplied cable tester. The cable is to be of professional quality. I.e. make it look good, else you try again. There are a limited number of crimpers in the lab so you will have to share.


Reward 4%

    A word processed report (joint - both members of the team) to be submitted to the instructor the following week. Must show the lab demonstrator a working gigabit ethernet cable.