微信客服:xiaoxionga100
微信客服:ITCS521
S2-无代写-Assignment 2
时间:2024-10-11
Business Information Security: Assignment 2 – Semester 2, 2024 1
Business Information Security
Assignment 2 worth 60% of overall course marks
Dr Alex Pudmenzky – 2024 S2
Assignment overview
This assignment must be completed individually by each student. This assignment requires a student
to answer 6 questions (each with sub-parts) that focus on the course material covered across all weeks
of the course. Assignment 2 is worth 60% of the overall course marks and will be marked as per the
rubric in Table 1. A student’s answer to each of the 6 questions (that is, each question and all its sub-
parts) must not exceed 300 words (+10% tolerance per UQ policy). This word limit per question requires
a student to soundly analyse/research each question and then structure a response in a concise,
business informative fashion. There is no need to reference an answer unless referencing is specifically
requested in the question. A student must construct each answer in her/his own words and in ‘plain
English’ business language. Please note that each question in this assignment may well span work
covered across all weeks (and not simply relate to one specific week).
This assignment assumes that a student is capable to assimilate information from not only this course,
but also many other courses and reputable sources on the Internet as would be required in a business
setting. Students are advised that the use of AI technologies to develop responses is strictly prohibited
and may constitute student misconduct under the student code of conduct. Each assessment question
evaluates students’ abilities, skills and knowledge without the aid of AI.
Submission and formatting instructions
• Create and upload a single PDF document containing all answers to Turnitin on Blackboard.
• Use the file naming convention described in the submission link when it becomes available
closer to the submission deadline (you may receive a deduction for incorrectly named files).
• Please ensure your student details (name & student number) are contained on each page of the
submission in a suitably designed footer.
• Clearly label which question and if relevant sub-question you answer (e.g., Question 6a). You
don't have to repeat the question.
• Answer in full sentences but you may want to use bullet points, numbering, or headers to help
structuring your answer.
• Read each question carefully for additional formatting requirements specific to the question.
Business Information Security: Assignment 2 – Semester 2, 2024 2
Table 1 - Marking rubric for Assignment 1.
Criteria
High distinction
(10) Distinction (8) Credit (6) Pass (5) Marginal fail (4) Fail (2) Low fail (0)
Question 1
(10 marks)
You will receive the full mark assigned to the individual part-questions for the correct answer or zero for an incorrect or only
partially correct answer for each part-question, i.e. no part-marks will be assigned for each part-question.
Question 2
(10 marks)
a,b) Correct
number shown
and all steps
leading to it
correctly
documented.
a,b) Each correctly documented step leading towards the answer will receive part marks.
c,d) No part marks, i.e. only 0 or 1 mark.
a,b) No attempt
or wrong
number or no
step
documentation.
Question 3
(10 marks)
No part marks for sub-questions a,b,c,etc., i.e. only the mark indicated if the answer addresses the question correctly in its
entirety or zero.
Question 4
(10 marks)
Half-marks can be given to sub-questions a,b & f only. Sub-questions c,d & e can only receive 0 or 1 mark.
Question 5
(10 marks)
For sub-question a, you earn 0.35 marks for each correct row out of a possible 17 rows. The total marks are then rounded up to
the next integer. Sub-questions b & c can only receive integer marks.
Business Information Security: Assignment 2 – Semester 2, 2024 3
Question 1
a) You have found a treasure map at the Pizza Café (see Figure 1) containing an encrypted
message that describes the coordinates of where a treasure is hidden on campus. Break the
code using cryptanalysis and draw either a red X in the square where you think the treasure is
or, alternatively, just note down the coordinates as In [letter;number] but that is less fun.
b) What is the name of the cipher used?
c) What is the KEY?
The encrypted message is:
Tsi qsmseuci zbv tq fzyke il fhp jlmtgiiyk zpwjpiyeqfa:
s9r51566bo6705j7bb6iv54nb9oiy449g795582l6529s0q22207b8981233pg58 ;
jpl(qauc_wqvlwzt_yyjcmj,10).
Figure 1 - Treasure Map with encrypted message.
(2%)
Business Information Security: Assignment 2 – Semester 2, 2024 4
d) You have forgotten your login password but your friendly database administrator in your
company has provided you with the hash of your password from the database which is:
694430bed946b0330e4d15e9bc3931123c122166da6d353bad32d4c09da3788c
What is your password?
e) What improvement suggestion do you have regarding database password storage in your
company?
(2%)
f) Answer the following question:
57 68 61 74 20 69 73 20 69 74 20 63 61 6C 6C 65 64 20 77 68
65 6E 20 32 20 73 74 72 69 6E 67 73 20 68 61 76 65 20 74 68
65 20 73 61 6D 65 20 68 61 73 68 20 64 69 67 65 73 74 3F
(2%)
g) What is the image located here https://alexpudmenzky.com/BISM3205/number.gif
displaying?
(1%)
h) Download the following zip file containing two images
https://alexpudmenzky.com/BISM3205/shipPlane.zip. What do you notice when calculating
the MD5 hash of each image (include the calculated MD5 hash in your answer)?
i) What does it tell you about MD5?
(2%)
j) Here is my encrypted message encrypted with my public key also supplied below. What does
the message say?
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucU+u7phfIspqebNE+LR0pZYb0Waa
NaX5WNTamO41MdSExiSuG7vTVIb+P4Vw0+BE+ElYFE7oYxyr+BPmsnNA986D3+RwrrELkfohL
UDkhETGzE7hwl4FHTgQ0o3RLDFsjjAqiqoQVQpItWAo4JYWi09C0MvfaclZLll3wL20FnZc867Tnd
Mhr11qw68HB9daW0BLkZk/loJy0FFjl1nU/ujBhVPkOvCCrZOLT0ZUXZnIST4kV5bVJ5kniIEOAmZ
VMo893gDAXTkrCJrPwYGheTSNwzbyXtbuSvPV/C+YBhBTV2sdTA0WTYckFE6FYxLzjt9OMehIy
MeXWFmT/TLKQIDAQAB
-----END PUBLIC KEY-----
BASE64 encrypted message using my public key above:
iE0E5eO/QYgiTuYiiHlTv60nxr1Q6gKV2LjVWca4Qbp4uw98qjpdxJV+trQO+ZRG2WZBGDQg/kR
MVShVy/AEaG4TGK9SZL1elbmLrVn0+AXCAwJaPovYhV7c62eg67XKO/Fk+ThQc/0PnulIJgu7AL
OXr3aULuvIVGUm5u030fi2vwrjaCFfQl4QtxlfhFSP1/p0ftDsJPuj3NNx7ylIuAkTmcSc8fZ3/12xyz1
a72y+ASG3OTLwNACci/mZcr2gq7p/LkNFeHAYmUMh+ty5cijH9m+hgNWfw3TL0p2GMhLjNsD
MdjTonqBKZhFLsnCRj2z+ggBF88ay4L/XVlMjzA==
(1%)
Business Information Security: Assignment 2 – Semester 2, 2024 5
Question 2
Your friend works at the Australian Security Intelligence Organisation (ASIO) and has found out you
are completing a cyber security course at The University of Queensland. She wants to test your
abilities and sends you an email reading "Follow the trail of hints given in the hidden message to
arrive at a single two-digit integer, greater than 0, in decimal notation" followed by the text below.
lxxtw://epibtyhqirdoc.gsq/FMWQ3205/UVgshi.dmt
a) What is the two-digit integer number in decimal notation that is greater than 0?
b) Explain the steps you took to get to your result.
(8%)
c) How does the segmentation of IP addresses, which contain identifiers for both the computer and
the network it belongs to, facilitate data routing across networks by identifying the specific
location of the target computer? Provide an example of this segmentation by determining the
host and network portion of the IP address 192.168.5.2, given a subnet mask of 255.255.128.0?
(1%)
d) You know that the following is either an encrypted message or a salted and hashed password,
which one is it and why?
1mnsBzaua8EPXaZXuY29id45V0HaqRw1XLkSx5aVS5bEKi0Gco8V8VIqOY9P6Ekxo1UafNX9klsQMyMZU
EWdsVV5mVaRVEq74RJxxRb6FpnaCeSkqnNcTuA9bVk8sMN
(1%)
Business Information Security: Assignment 2 – Semester 2, 2024 6
Question 3
a) In Kerberos, what are the main similarities between a client's request for a Ticket-Granting
Ticket (TGT) and a Service Ticket from the KDC, and how do the credentials involved in each
process differ?
(2%)
b) Both the Ticket-Granting Ticket (TGT) and the Service Ticket are encrypted in a way that
prevents the client from reading them, but the client can still use them to access services.
Why can't the client decrypt these tickets, and how do they still use them for authentication?
(2%)
c) In a Kerberos environment, if an attacker retrieves a user's Ticket-Granting Ticket (TGT) from
a compromised workstation, can the attacker authenticate to services on the network? Why
or why not?
(1%)
d) You work at your dream company, you go to have lunch and find a USB stick in the cafeteria,
what do you do and why?
1. Plug the USB stick into your computer to check for any files.
2. Leave the USB stick where you found it.
3. Hand the USB stick to your IT department or security team.
4. Take the USB stick home to investigate it further.
5. Throw the USB stick in the trash to dispose of it.
(1%)
e) An Intrusion Detection System (IDS) raises alarms when it detects suspicious activity or policy
violations, how does a false positive alarm differ from a false negative one? From a security
perspective, which is least desirable?
(1%)
f) What would an attacker input into an authentication form asking for a username and a
password, if they wanted to perform an SQL injection attack that would allow them to log in
using the username admin without specifying the correct password?
Explain how each of the tokens they have to enter contributes to success using the full back-
end SQL statement that is executed as an example. Which layer of the OSI model is this
attack targeting?
(2%)
g) Can I access the "deep web" using a normal browser like Chrome or Firefox, or do I need the
Tor browser? Why or why not, explain in a few sentences?
(1%)
Business Information Security: Assignment 2 – Semester 2, 2024 7
Question 4
a) Secure/Multipurpose Internet Mail Extensions (S/MIME) provides a secure and reliable way to
send and receive emails over the internet, protecting against eavesdropping, tampering, and
impersonation.
Here's a breakdown of the steps how S/MIME works to secure email communication:
1. Compose email text and attachments.
2. Create a symmetric session key and encrypt the email text and attachments with this key.
This ensures that only the intended recipient(s) can read the email content.
3. Encrypt the session key with the recipient’s public key and add this to the email using
asymmetric encryption. This ensures that only the intended recipient(s) can decrypt the
symmetric session key and read the email content.
4. Hash the total email (text, attachments, and encrypted session key). Encrypt the resulting
digest with the sender’s private key. Add this encrypted hash to the email package as a
digital signature. Send the lot to the recipient.
What keys/certificates are needed A) at the sender’s end, and B) at the receiver’s end. Explain
what each is used for.
(3%)
b) What major change would you make to the network design shown in this image to improve
network security?
(2%)
c) Can Kerberos be used in web-based e-commerce solutions on the Internet? Explain your
answer.
(1%)
d) Both S/MIME and TLS use a combination of public key and symmetric key encryption to ensure
security. At which layer of the communication stack do these protocols operate?
(1%)
Business Information Security: Assignment 2 – Semester 2, 2024 8
e) Quantum computers are not yet capable of breaking modern symmetric encryption algorithms
like AES. Why are companies like Signal, Apple, Google, and Zoom already implementing
quantum-resistant encryption algorithms today, even before quantum computers become a
practical threat? Justify your answer.
(1%)
f) What are the primary objectives of conducting a security audit in an organization? In your
answer, briefly explain how security auditing contributes to identifying vulnerabilities and
improving overall security posture.
(2%)
Business Information Security: Assignment 2 – Semester 2, 2024 9
Question 5
a) The diagram in shows a typical network configuration of an office connected to the Internet.
Areas are labeled with numbers 1-4 and network devices are labeled with letters A-M. In the
list below, assign the correct number and letter to each area and device. Numbers and letters
must only appear once (insert any missing device name). It does not matter where a device is
located in a work area. (6%)
Figure 2 - Typical office network diagram.
Work areas:
Number (1-4) Area name
DMZ
General Staff
Cardholder Environment
Sales Hot Desks
Devices:
Letter (A-M) Device name
File Server
Stateful Inspection Firewall
Wireless Access Point
Email Server
Web Proxy
NIDS
Database Server
VPN Server
Border Router
Print Server
Dynamic Filtering Firewall
Web Server
Business Information Security: Assignment 2 – Semester 2, 2024 10
b) Explain the similarity between creating a vanity onion address and finding the golden nonce in
blockchain mining. In your answer, briefly describe what each process entails.
(2%)
c) In Bitcoin’s Proof of Work (PoW) mining process, what is the role of the "Golden Nonce", and
how does it relate to the target difficulty?
(2%)
Business Information Security
Assignment 2 worth 60% of overall course marks
Dr Alex Pudmenzky – 2024 S2
Assignment overview
This assignment must be completed individually by each student. This assignment requires a student
to answer 6 questions (each with sub-parts) that focus on the course material covered across all weeks
of the course. Assignment 2 is worth 60% of the overall course marks and will be marked as per the
rubric in Table 1. A student’s answer to each of the 6 questions (that is, each question and all its sub-
parts) must not exceed 300 words (+10% tolerance per UQ policy). This word limit per question requires
a student to soundly analyse/research each question and then structure a response in a concise,
business informative fashion. There is no need to reference an answer unless referencing is specifically
requested in the question. A student must construct each answer in her/his own words and in ‘plain
English’ business language. Please note that each question in this assignment may well span work
covered across all weeks (and not simply relate to one specific week).
This assignment assumes that a student is capable to assimilate information from not only this course,
but also many other courses and reputable sources on the Internet as would be required in a business
setting. Students are advised that the use of AI technologies to develop responses is strictly prohibited
and may constitute student misconduct under the student code of conduct. Each assessment question
evaluates students’ abilities, skills and knowledge without the aid of AI.
Submission and formatting instructions
• Create and upload a single PDF document containing all answers to Turnitin on Blackboard.
• Use the file naming convention described in the submission link when it becomes available
closer to the submission deadline (you may receive a deduction for incorrectly named files).
• Please ensure your student details (name & student number) are contained on each page of the
submission in a suitably designed footer.
• Clearly label which question and if relevant sub-question you answer (e.g., Question 6a). You
don't have to repeat the question.
• Answer in full sentences but you may want to use bullet points, numbering, or headers to help
structuring your answer.
• Read each question carefully for additional formatting requirements specific to the question.
Business Information Security: Assignment 2 – Semester 2, 2024 2
Table 1 - Marking rubric for Assignment 1.
Criteria
High distinction
(10) Distinction (8) Credit (6) Pass (5) Marginal fail (4) Fail (2) Low fail (0)
Question 1
(10 marks)
You will receive the full mark assigned to the individual part-questions for the correct answer or zero for an incorrect or only
partially correct answer for each part-question, i.e. no part-marks will be assigned for each part-question.
Question 2
(10 marks)
a,b) Correct
number shown
and all steps
leading to it
correctly
documented.
a,b) Each correctly documented step leading towards the answer will receive part marks.
c,d) No part marks, i.e. only 0 or 1 mark.
a,b) No attempt
or wrong
number or no
step
documentation.
Question 3
(10 marks)
No part marks for sub-questions a,b,c,etc., i.e. only the mark indicated if the answer addresses the question correctly in its
entirety or zero.
Question 4
(10 marks)
Half-marks can be given to sub-questions a,b & f only. Sub-questions c,d & e can only receive 0 or 1 mark.
Question 5
(10 marks)
For sub-question a, you earn 0.35 marks for each correct row out of a possible 17 rows. The total marks are then rounded up to
the next integer. Sub-questions b & c can only receive integer marks.
Business Information Security: Assignment 2 – Semester 2, 2024 3
Question 1
a) You have found a treasure map at the Pizza Café (see Figure 1) containing an encrypted
message that describes the coordinates of where a treasure is hidden on campus. Break the
code using cryptanalysis and draw either a red X in the square where you think the treasure is
or, alternatively, just note down the coordinates as In [letter;number] but that is less fun.
b) What is the name of the cipher used?
c) What is the KEY?
The encrypted message is:
Tsi qsmseuci zbv tq fzyke il fhp jlmtgiiyk zpwjpiyeqfa:
s9r51566bo6705j7bb6iv54nb9oiy449g795582l6529s0q22207b8981233pg58 ;
jpl(qauc_wqvlwzt_yyjcmj,10).
Figure 1 - Treasure Map with encrypted message.
(2%)
Business Information Security: Assignment 2 – Semester 2, 2024 4
d) You have forgotten your login password but your friendly database administrator in your
company has provided you with the hash of your password from the database which is:
694430bed946b0330e4d15e9bc3931123c122166da6d353bad32d4c09da3788c
What is your password?
e) What improvement suggestion do you have regarding database password storage in your
company?
(2%)
f) Answer the following question:
57 68 61 74 20 69 73 20 69 74 20 63 61 6C 6C 65 64 20 77 68
65 6E 20 32 20 73 74 72 69 6E 67 73 20 68 61 76 65 20 74 68
65 20 73 61 6D 65 20 68 61 73 68 20 64 69 67 65 73 74 3F
(2%)
g) What is the image located here https://alexpudmenzky.com/BISM3205/number.gif
displaying?
(1%)
h) Download the following zip file containing two images
https://alexpudmenzky.com/BISM3205/shipPlane.zip. What do you notice when calculating
the MD5 hash of each image (include the calculated MD5 hash in your answer)?
i) What does it tell you about MD5?
(2%)
j) Here is my encrypted message encrypted with my public key also supplied below. What does
the message say?
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucU+u7phfIspqebNE+LR0pZYb0Waa
NaX5WNTamO41MdSExiSuG7vTVIb+P4Vw0+BE+ElYFE7oYxyr+BPmsnNA986D3+RwrrELkfohL
UDkhETGzE7hwl4FHTgQ0o3RLDFsjjAqiqoQVQpItWAo4JYWi09C0MvfaclZLll3wL20FnZc867Tnd
Mhr11qw68HB9daW0BLkZk/loJy0FFjl1nU/ujBhVPkOvCCrZOLT0ZUXZnIST4kV5bVJ5kniIEOAmZ
VMo893gDAXTkrCJrPwYGheTSNwzbyXtbuSvPV/C+YBhBTV2sdTA0WTYckFE6FYxLzjt9OMehIy
MeXWFmT/TLKQIDAQAB
-----END PUBLIC KEY-----
BASE64 encrypted message using my public key above:
iE0E5eO/QYgiTuYiiHlTv60nxr1Q6gKV2LjVWca4Qbp4uw98qjpdxJV+trQO+ZRG2WZBGDQg/kR
MVShVy/AEaG4TGK9SZL1elbmLrVn0+AXCAwJaPovYhV7c62eg67XKO/Fk+ThQc/0PnulIJgu7AL
OXr3aULuvIVGUm5u030fi2vwrjaCFfQl4QtxlfhFSP1/p0ftDsJPuj3NNx7ylIuAkTmcSc8fZ3/12xyz1
a72y+ASG3OTLwNACci/mZcr2gq7p/LkNFeHAYmUMh+ty5cijH9m+hgNWfw3TL0p2GMhLjNsD
MdjTonqBKZhFLsnCRj2z+ggBF88ay4L/XVlMjzA==
(1%)
Business Information Security: Assignment 2 – Semester 2, 2024 5
Question 2
Your friend works at the Australian Security Intelligence Organisation (ASIO) and has found out you
are completing a cyber security course at The University of Queensland. She wants to test your
abilities and sends you an email reading "Follow the trail of hints given in the hidden message to
arrive at a single two-digit integer, greater than 0, in decimal notation" followed by the text below.
lxxtw://epibtyhqirdoc.gsq/FMWQ3205/UVgshi.dmt
a) What is the two-digit integer number in decimal notation that is greater than 0?
b) Explain the steps you took to get to your result.
(8%)
c) How does the segmentation of IP addresses, which contain identifiers for both the computer and
the network it belongs to, facilitate data routing across networks by identifying the specific
location of the target computer? Provide an example of this segmentation by determining the
host and network portion of the IP address 192.168.5.2, given a subnet mask of 255.255.128.0?
(1%)
d) You know that the following is either an encrypted message or a salted and hashed password,
which one is it and why?
1mnsBzaua8EPXaZXuY29id45V0HaqRw1XLkSx5aVS5bEKi0Gco8V8VIqOY9P6Ekxo1UafNX9klsQMyMZU
EWdsVV5mVaRVEq74RJxxRb6FpnaCeSkqnNcTuA9bVk8sMN
(1%)
Business Information Security: Assignment 2 – Semester 2, 2024 6
Question 3
a) In Kerberos, what are the main similarities between a client's request for a Ticket-Granting
Ticket (TGT) and a Service Ticket from the KDC, and how do the credentials involved in each
process differ?
(2%)
b) Both the Ticket-Granting Ticket (TGT) and the Service Ticket are encrypted in a way that
prevents the client from reading them, but the client can still use them to access services.
Why can't the client decrypt these tickets, and how do they still use them for authentication?
(2%)
c) In a Kerberos environment, if an attacker retrieves a user's Ticket-Granting Ticket (TGT) from
a compromised workstation, can the attacker authenticate to services on the network? Why
or why not?
(1%)
d) You work at your dream company, you go to have lunch and find a USB stick in the cafeteria,
what do you do and why?
1. Plug the USB stick into your computer to check for any files.
2. Leave the USB stick where you found it.
3. Hand the USB stick to your IT department or security team.
4. Take the USB stick home to investigate it further.
5. Throw the USB stick in the trash to dispose of it.
(1%)
e) An Intrusion Detection System (IDS) raises alarms when it detects suspicious activity or policy
violations, how does a false positive alarm differ from a false negative one? From a security
perspective, which is least desirable?
(1%)
f) What would an attacker input into an authentication form asking for a username and a
password, if they wanted to perform an SQL injection attack that would allow them to log in
using the username admin without specifying the correct password?
Explain how each of the tokens they have to enter contributes to success using the full back-
end SQL statement that is executed as an example. Which layer of the OSI model is this
attack targeting?
(2%)
g) Can I access the "deep web" using a normal browser like Chrome or Firefox, or do I need the
Tor browser? Why or why not, explain in a few sentences?
(1%)
Business Information Security: Assignment 2 – Semester 2, 2024 7
Question 4
a) Secure/Multipurpose Internet Mail Extensions (S/MIME) provides a secure and reliable way to
send and receive emails over the internet, protecting against eavesdropping, tampering, and
impersonation.
Here's a breakdown of the steps how S/MIME works to secure email communication:
1. Compose email text and attachments.
2. Create a symmetric session key and encrypt the email text and attachments with this key.
This ensures that only the intended recipient(s) can read the email content.
3. Encrypt the session key with the recipient’s public key and add this to the email using
asymmetric encryption. This ensures that only the intended recipient(s) can decrypt the
symmetric session key and read the email content.
4. Hash the total email (text, attachments, and encrypted session key). Encrypt the resulting
digest with the sender’s private key. Add this encrypted hash to the email package as a
digital signature. Send the lot to the recipient.
What keys/certificates are needed A) at the sender’s end, and B) at the receiver’s end. Explain
what each is used for.
(3%)
b) What major change would you make to the network design shown in this image to improve
network security?
(2%)
c) Can Kerberos be used in web-based e-commerce solutions on the Internet? Explain your
answer.
(1%)
d) Both S/MIME and TLS use a combination of public key and symmetric key encryption to ensure
security. At which layer of the communication stack do these protocols operate?
(1%)
Business Information Security: Assignment 2 – Semester 2, 2024 8
e) Quantum computers are not yet capable of breaking modern symmetric encryption algorithms
like AES. Why are companies like Signal, Apple, Google, and Zoom already implementing
quantum-resistant encryption algorithms today, even before quantum computers become a
practical threat? Justify your answer.
(1%)
f) What are the primary objectives of conducting a security audit in an organization? In your
answer, briefly explain how security auditing contributes to identifying vulnerabilities and
improving overall security posture.
(2%)
Business Information Security: Assignment 2 – Semester 2, 2024 9
Question 5
a) The diagram in shows a typical network configuration of an office connected to the Internet.
Areas are labeled with numbers 1-4 and network devices are labeled with letters A-M. In the
list below, assign the correct number and letter to each area and device. Numbers and letters
must only appear once (insert any missing device name). It does not matter where a device is
located in a work area. (6%)
Figure 2 - Typical office network diagram.
Work areas:
Number (1-4) Area name
DMZ
General Staff
Cardholder Environment
Sales Hot Desks
Devices:
Letter (A-M) Device name
File Server
Stateful Inspection Firewall
Wireless Access Point
Email Server
Web Proxy
NIDS
Database Server
VPN Server
Border Router
Print Server
Dynamic Filtering Firewall
Web Server
Business Information Security: Assignment 2 – Semester 2, 2024 10
b) Explain the similarity between creating a vanity onion address and finding the golden nonce in
blockchain mining. In your answer, briefly describe what each process entails.
(2%)
c) In Bitcoin’s Proof of Work (PoW) mining process, what is the role of the "Golden Nonce", and
how does it relate to the target difficulty?
(2%)
