Q1) Show what part of SSL that protects against the following attacks :- a. Replay Attack: Earlier SSL handshake messages are replayed. b. Man-in-the-Middle Attack: An attacker interposes during key exchange, acting as the client to the server and as the server to the client. c. IP Spoofing: Uses forged IP addresses to fool a host into accepting bogus data. Q2) Describe the port forwarding operation. Using an example, describe the cases when it is very useful, and the cases when it is very dangerous. Solution The secure socket layer (SSL) is a computer networking protocol that manages server authentication, client authentication and encrypted communication between servers ant client . PROTACTION FROM REPLAY ATTACK- The SSL itself is protected againsts replay attack using Medium Access Control ( MAC ). By using MAC secret and the sequence number it ensures the communication integrity. ssl handshake protocol PROTECTION AGAINSTS MAN-IN-THE MIDDLE ATACK- SSL is based on public/ private key cryptography. This basically means that there is a key pair. The public key is used for encryption and secret key is used for decryption . A certificate is basically a public key with a label identifying the owner. So when your browser connects to an https server , the server will answer with its certificate. The browser checks if the certificate is valid- 1: The owner information needs to match the server name that the user requested. 2: The certificate needs to be signed by a trusted certification authority. if one of these condition is not met, the user is informed about the problem. PROTECTION AGAINSTS IP SPOOFING- An SSL certificate is specific to the particular domain for which it was created regardless of the IP address of the doimain. So if a malicious entity want to attempt to redirect trafiic for a certain website to their own malicious site through IP spoofing techniques. The fake site would not have a SSL certificate that was accurately registerd to the real website.This can be varified through a browser by viewing the certificate information and if the wrong address is shown, then the user will know that they are not on the site they think they are on.Secure Socket Layer Architecture ssl handshake protocolssl change cipher protocalssl alert protocolHTTPSSL record protocolTCPIP.