COIT20262 Advanced Network Security Assignment-CQ University Australia.

Instructions:
Attempt all questions. This is an individual assignment, and it is expected students answer the questions themselves. Discussion of approaches to solving questions is allowed (and encouraged), however each student should develop and write-up their own answers. See CQ University resources on Referencing and Plagiarism. Guidelines for this assignment
COIT20262 Advanced Network Security Assignment-CQ University Australia.

COIT20262 Advanced Network Security Assignment-CQ University Australia.

Include:

  • Do not exchange files (reports, captures, diagrams) with other students.
  • Complete tasks with virtnet yourself – do not use results from another student.
  • Draw your own diagrams. Do not use diagrams from other sources (Internet, textbooks) or from other students.
  • Write your own explanations. In some cases, students may arrive at the same numerical answer, however their explanation of the answer should always be their own.
  • Do not copy text from websites or textbooks. During research you should read and understand what others have written, and then write in your own words.
  • Perform the tasks using the correct values listed in the question and using the correct file names.

File Names and Parameters

Where you see [Student ID] in the text, replace it with your actual student ID. If your student ID contains a letter (e.g. “s 1234567”), make sure the letter is in lowercase.Where you see [First Name] in the text, replace it with your actual first name. If you do not have a first name, then use your last name. Do NOT include any spaces or other non- alphabetical characters (e.g. “-“).

Discuss, Explain, Design Style Questions

A number of questions in this assignment require short, specific answers. These will normally be marked on correctness. That is, if the answer given is correct, then full marks, otherwise 0 marks. In some cases, partial marks may be given.Other questions require more elaborate answers. They typically include words such as discuss, explain, design, compare or propose. For such questions, to achieve full marks your answer should not only be correct, but also clear and detailed. While your answers don’t necessarily have to be long (many paragraphs), the level of detail should be similar to that covered in lectures. Some hints on writing your answers to these style of questions include:

  • Use terminology that has been used throughout the lectures. Using non-standard terminology, or terminology that significantly differs from that in this topic, is an example of unclear writing.
  • Be specific, referring to files, algorithms, keys or other relevant data elements.
  • When relevant, use examples to assist your explanation (although don’t use just examples; give a general explanation as well).
  • Including wrong or irrelevant information in your answer will result in low marks. An answer with multiple wrong/irrelevant statements as well as a correct statement, may receive 0 marks.
  • Don’t rely heavily on images (unless they are asked for). If you do include images, then draw them yourself – don’t take images from the Internet, textbook or lecture notes.

Scenario:
You are a cyber security analyst for an educational institution (e.g. university). You are to conduct tasks and perform on issues impacting the university.

COIT20262 Advanced Network Security Assignment-CQ University Australia.

COIT20262 Advanced Network Security Assignment-CQ University Australia.

virtnet :

You must use virtnet (as used in the tutorials) to perform tasks. This assumes you have already setup and are familiar with virtnet. See Moodle and tutorial instructions for information on setting up and using virtnet. Specifically, you must setup:

  • virtnet topology 5, with node1 as a client, node2 as a router and node3 as a server.
  • My Uni grading website is running on node3.
  • Set the domain of the My Uni grading (you can change the domain by editing /etc/hosts file on node1
  • For the cryptography tasks, openssl must be used.

Journal:

Whenever you perform tasks you should be recording important information in your online journal. This may include notes, parts of files you edited and screenshots. While your online journal is not submitted or marked for this assessment, it may be referred to when marking your submission. For example, if the marker sees two student submissions with very similar answers, they may refer to the journal to review the entries that indicate that both students performed the tasks independently. Therefore, it is in your best interest to maintain your journal as you complete tutorial and assessment tasks.

Question 1. HTTP Interception
Aim
Your aim is to demonstrate the weakness of communicating in networks without encryption, in particular when web browsing. To do this, you will demonstrate how easy it is to intercept traffic in a network, and explain what information can be extracted from interception of HTTP traffic. Complete the following phases, in order.


Phase 1: Setup
1. Add a new student user to the My Uni grading system The user must have:

  • Username: [Student ID]
  • Password: [First Name]

2. Add a grade for the new student user for unit/course ‘coit20262’ with a grade of what you expect to receive this term, e.g. HD, D, C, P or F.

3.Change the domain of the My Uni by editing the /etc/hosts files.
4.Test that the existing users and new student can access the grading website.

Phase 2: Intercept HTTP Traffic
1. Start capturing on node2 using tcpdump.
2. The new student user must do the following on node1:
a. Visit the My Uni grading website, e.g.: lynx
b. Follow the “Login” link and login
c. Follow the “View grades” link and enter their username and ‘coit20262’ to view the course/unit grade, and submit.
d. Follow the “Logout” link.
e. Exit lynx by pressing q for quit.
3. Stop capturing on node 2. Note that it is important that the start of the TCP connection (i.e. 3-way handshake), as well as all HTTP requests/responses are included in the capture.
4. Save the capture file as [Student ID]-http.pcap.

Phase 3: Analysis
Answer the following sub-questions regarding the previous phases.
(a) Submit the capture file.
(b) Draw a message sequence diagram that illustrates all the HTTP messages for the new student user viewing the grades (i.e. the HTTP messages from [Student ID]- http.pcap from phase 2 above). Do not draw any packets generated by other applications or protocols, such as ARP, DNS or SSH, and do not draw TCP connection setup or ACKS. Only draw HTTP messages. A message sequence diagram uses vertical lines to represent events that happen at a computer over time (time is increasing as the line goes down). Addresses of the computers/software are given at the top of the vertical lines. Horizontal or sloped arrows are used to show messages (packets) being sent between computers. Each arrow should be labelled with the protocol, packet type and important information of the message. Examples of message sequence diagrams are given in workshops. Note that you do not need to show the packet times, and the diagram does not have to be to scale. Draw the diagram yourself (e.g. using drawing software or by hand) – do NOT use Wire shark to generate the diagram.
(c) As the attacker you can learn information from intercepting the packets. Based on the packet capture file, write a brief report on what useful information you can learn from the interception. The report, no longer than 1 page, must refer to specific values and packet numbers, as well as give a brief explanation of how the information may be useful for the attacker. For example, if you think the server port number is useful, then your report may say: “The port number used by the web server was 80, as seen in packet 13 in the capture file. The port number is useful for the attacker because …”.
(d) On the message sequence diagram from part (a), identify any messages that contain information you discussed in part (b). For example, if the first message on the message sequence diagram contains the server port number, then include the value of the port number on or next to the first message in part (a).

COIT20262 Advanced Network Security Assignment-CQ University Australia.

COIT20262 Advanced Network Security Assignment-CQ University Australia.

Question 2. Vulnerability Assessment
Aim
Your aim is to conduct a (partial) vulnerability assessment on the educational institution. (It is only a partial assessment, rather than complete, as you will only assessment a small number of threats). You are to produce a brief report that could be presented to non-technical management (e.g. the university vice-chancellor or academic board).

Phase 1: Asset and Threat Identification

Identify three (3) different threats on assets relevant to the educational institution. These must come from the Attacks on a university database on Moodle. At least two (2) of the threats must be from you (i.e. have your name and not copied directly from others), and none (0) of the threats can be from staff (e.g. Unit Coordinator, Lecturers, Tutors). If you are not sure which entry in the database is from a student or staff, click on the link to their name. Include screenshots of each of the threats from the database in your report.

Phase 2: Vulnerability Appraisal

For each of the three (3) threats, provide a detailed explanation of a vulnerability that can lead to the threat. This should be a specific vulnerability, and refer to computer and network technologies, but still should be understandable by non-technical management.

Phase 3: Risk Assessment

For each of the three (3) threats, assign a vulnerability impact level, likelihood level and risk level, and explain why they are those vulnerability and likelihood levels. You may choose your own scale for impact and likelihood.

Phase 4: Risk Mitigation

Recommend actions to take or countermeasures for each of the three (3) threats.

Question 3. Ransomware

Aim
Your aim is to write a brief report to university staff (including management) as follow up to a ransomware attack on the university.

Phase 1: Research and Report

Your university has been infected by ransomware, affecting primarily their grading system (e.g. My Uni style grading system or Moodle Grade book). You know that the ransomware encrypted files containing grade information using AES, and the AES secret key was encrypted and saved on the system with RSA public key encryption. The RSA public key is stored on the ransomware code (which you have access to). The university was able to restore some parts of the grading system from backup and manually enter any missing grades.

COIT20262 Advanced Network Security Assignment-CQ University Australia.

Write a report addressing the following:
(a) What is ransomware? Give a short introduction/overview so that management can understand.
(b) Briefly describe real ransomware that has infected other organisations recently. Indicate the name of the ransomware, the organisations(s) it impacted, and what impact it had.
(c) Explain the role of the cryptographic mechanisms and why you cannot simply decrypt the files. This should be explained for a technical audience, that is, the IT staff in the university. Refer to types of algorithms used and how they are used.
(d) Recommend methods the university should take in the future to avoid becoming infected.

Your report must have four (4) sections, each section addressing a point above. While there is no page limit, each section should be less than half a page, and a good answer could be given in 1 to 3 paragraphs. Do NOT include pictures or tables in the report. Use text only. While you may use numbered lists and dot points, the report cannot entirely be lists. References are not necessary (although the normal rules of academic integrity are expected).

COIT20262 Advanced Network Security Assignment-CQ University Australia.

Question 4. Encryption and Signing
Aim
Your aim is to demonstrate skills and knowledge in cryptographic operations, especially key management. You will do this in pairs (that is, with a partner student).When performing cryptographic operations you must be very careful, as a small mistake (such as a typo) may mean the result is an insecure system. Read the instructions carefully, understand the examples, and where possible, test your approach (e.g. if you encrypt a file, test it by decrypting it and comparing the original to the decrypted). It is recommended you use virtnet to perform the operations.

Phase 1: Key Generation
1. Generate your own RSA 2048-bit public/private key pair and upload your public key to the public key directory on Moodle. (If you have already done this in the tutorial, you do not need to do it again). Save your keypair as [Student ID]-key pair.pem.
2. Generate a secret key to be used with AES-256-CBC, saving it in the file [Student ID]- key.txt.
3. Generate an IV to be used with AES-256-CBC, saving it in the file [Student ID]- iv.txt.

Phase 2: Message Creation and Signing
1. Create a message file [Student ID]-message.txt that is a plain text file containing your full name and student ID inside.
2. Digitally sign [Student ID]-message.txt using RSA and SHA256, saving the signature in the file [Student ID]-message.sgn.

Phase 3: Encryption
1. Encrypt [Student ID]-message.txt using symmetric key encryption, saving the cipher text in the file [Student ID]-message.enc.
2. Encrypt [Student ID]-key.txt using public key encryption (RSA), saving the cipher text in the file [Student ID]-key.enc.
3. Encrypt [Student ID]-iv.txt using public key encryption (RSA), saving the cipher text in the file [Student ID]-iv.enc.

Phase 4: Upload to your Partner
1. To send files to your partner, you must upload them to the Encrypted Files database on Moodle. Your partner can then download from the database.

Phase 5: Decryption and Verification
1. Download the files from your partner from the Encrypted Files database.
2. Decrypt to obtain the message, saving it in the file [Student ID]-received.txt.
3. Verify the signed message.
4. Take a single screenshot showing the Open SSL verification command and the contents of the message. That is, the single screenshot should show the output of two commands: openssl dgst … cat [Student ID]-received.txt

Phase 6: File Submission
a) Submit the files on Moodle. As output from these phases you should have the following files for submission on Moodle:

  • [StudentID]-message.txt
  • [StudentID]-keypair.pem
  • [StudentID]-pubkey.pem
  • [StudentID]-key.txt
  • [StudentID]-iv.txt
  • [StudentID]-message.sgn
  • [StudentID]-message.enc
  • [StudentID]-key.enc
  • [StudentID]-iv.enc
  • [StudentID]-received.txt (this will contain the message you received from your partner)
COIT20262 Advanced Network Security Assignment-CQ University Australia.

COIT20262 Advanced Network Security Assignment-CQ University Australia.

Even though the encrypted files and public keys must be available on the Moodle databases, you should also include a copy of the files in your assessment submission. Ensure the files in the database and your submission are the same – the marker may use either version.

Phase 7: Reflection
Think about the tasks you performed in this question and write a brief reflection. You should address:
b) Which parts were most challenging or lead to mistakes, and why there were mistakes. What could be changed to make it easier and/or reduce mistakes. Consider Open SSL as well as the method for sharing files via Moodle databases.
c) Identify potential security weaknesses in the process and/or the steps you took.

ORDER Now This COIT20262 Advanced Network Security Assignment And Get Instant Discount

Order Your Assignment