System & Network Administration Page 1 of 6

Question 1 [30 marks]

a) The first phase of DHCP involves the client sending out a DHCPDISCOVER
message. Why is this message sent out as a broadcast message, rather than a normal
unicast message? List and briefly describe the other 3 messages that are exchanged.
[12 marks]

Answer:

Normally, DHCP servers relay agents attempt to deliver DHCPOFFER, DHCPACK and
DHCPNAK messages directly to the client using uicast delivery. The IP destination
address (in the IP header) is set to the DHCP 'yiaddr' address and the link-layer
destination address is set to the DHCP 'chaddr' address. Unfortunately, some client
implementations are unable to receive such unicast IP datagrams until the implementation
has been configured with a valid IP address (leading to a deadlock in which the client's IP
address cannot be delivered until the client has been configured with an IP address).

A client that cannot receive unicast IP datagrams until its protocol software has been
configured with an IP address SHOULD set the BROADCAST bit in the 'flags' field to 1
in any DHCPDISCOVER or DHCPREQUEST messages that client sends. The
BROADCAST bit will provide a hint to the DHCP server and BOOTP relay agent to
broadcast any messages to the client on the client's subnet. A client that can receive
unicast IP datagrams before its protocol software has been configured SHOULD clear the
BROADCAST bit to 0. The BOOTP clarifications document discusses the ramifications
of the use of the BROADCAST bit.

A server or relay agent sending or relaying a DHCP message directly to a DHCP client
(i.e., not to a relay agent specified in the 'giaddr' field) SHOULD examine the
BROADCAST bit in the 'flags' field. If this bit is set to 1, the DHCP message SHOULD
be sent as an IP broadcast using an IP broadcast address (preferably 0xffffffff) as the IP
destination address and the link-layer broadcast address as the link-layer destination
address. If the BROADCAST bit is cleared to 0, the message SHOULD be sent as an IP
unicast to the IP address specified in the 'yiaddr' field and the link-layer address specified
in the 'chaddr' field. If unicasting is not possible, the message MAY be sent as an IP
broadcast using an IP broadcast address (preferably 0xffffffff) as the IP destination
address and the link- layer broadcast address as the link-layer destination address.

Level 2 Asia Pacific University of Technology & Innovation 202108

System & Network Administration Page 2 of 6

b) Why does the Gateway in our network need several network interfaces? Why is it
necessary to assign the IP addresses for these interfaces permanently in /etc/hosts
rather than dynamically through DHCP? [8 marks]

Answer:

Level 2 Asia Pacific University of Technology & Innovation 202108

System & Network Administration Page 3 of 6

c) 1. In the Unix/Linux operating system, what do we expect to find in /etc and in

/etc/rc.d? [4 marks]

Answer:

/etc/ is the nerve center of your system, it contains all system related configuration files in
here or in its sub-directories. A "configuration file" is defined as a local file used to
control the operation of a program; it must be static and cannot be an executable binary.

The scripts in /etc/rc.d directory are executed once when booting the system, even when
booting directly into single user mode. The files are all symbolic links, the real files are
located in /etc/init.d/.

Level 2 Asia Pacific University of Technology & Innovation 202108

System & Network Administration Page 4 of 6

2. Explain three differences between /etc/passwd and /etc/shadow [6 marks]

Answer:

/etc/passwd -->

passwd is the file where the user information (like username, user ID, group ID, location
of home directory, login shell, …) is stored when a new user is created.

Passwords stored in /etc/passwd is readable by everyone

/etc/shadow -->

shadow is the file where important information (like an encrypted form of the password
of a user, the day the password expires, whether or not the passwd has to be changed, the
minimum and maximum time between password changes, …) is stored when a new user
is created.

passwords are stored in /etc/shadow, are only readable only under root account. They are
encoded with MD5 for better security.

Level 2 Asia Pacific University of Technology & Innovation 202108

System & Network Administration Page 5 of 6

Question 2 [35 marks]

a) OpenVPN and stunnel both use the concept of “encapsulation” to provide secure
network communications, but one uses the concept of “port forwarding” while the
other one uses the concept of “virtual devices”. Describe these 3 key concepts and
how they work. [15 marks]

b) Compare a CNAME record and a VirtualHost directive. What is their common

purpose? How are they different? [10 marks]

c) What does ACL stand for? What is the relationship between an ACL and a firewall?
[10 marks]

Answer:

ACL stands for Access Control List. Access control lists and firewalls are used in file
organization systems. Both are essential parts of network security and hence are very
much necessary for a computing system. ACL can also be called as a type of stateless
firewall, while firewall has its own set of properties. While both of them have the
fundamental purpose of ensuring the security of a file or a network, their working
procedures, and type of security provided by them.

Differences between ACL and Firewall -

The primary purpose of using ACL and a firewall is the same: to ensure that traffic flow
within and outside the system is regulated. While the purpose of a firewall is to monitor
the traffic in a network, ACL can have many other applications apart from monitoring
access. ACL carries out the stateless inspection, where it allows a packet of data. While
the firewall also carries out inspections of the data, it is a different type of inspection
where it checks the packet of data for proper encapsulation. It also checks multiple
variations of the same data packet if available.

Similarities between ACL and Firewall -

Similar to ACL, a firewall is a device that checks traffic going inside and outside a
network. Both are used by networking systems to monitor traffic coming in and going out.
ACL can be viewed as a first version of the firewall, with limited functions over the
network. Both firewall and ACL compare the data coming in or going out with a set of
predefined statements that are already programmed into them. Both ACL and firewall
inspect data by quantifying them in packets, which are coming in or going out of the
network. The absence of a firewall or ACL can lead to unwarranted traffic inflow and
outflow in system.

Level 2 Asia Pacific University of Technology & Innovation 202108

System & Network Administration Page 6 of 6

Question 3 [35 marks]

a) AAA (Accounting, Authentication, Authorisation) is a framework for configuring

three independent security functions consistently. Which one of the "3As" is each of
these most closely related to? Why? [1] Intrusion detection system [2] Packet filter
[3] Username + password [15 marks]

b) Alice is thinking of making all users change their password every month. Why would
she think this is a good idea? Bob is trying to convince her not to do this. What are his
arguments against this policy? [8 marks]

c) Bob wants to protect a plaintext file of user information (like Dovecot's

/home/vmail/mail-pwd). Alice suggests this can be done with a special owner
and particular permissions on the file and the directory where it is stored. How would
this be done? How does each of these measures help restrict access? [12 marks]

Level 2 Asia Pacific University of Technology & Innovation 202108