Reference no: EM133106836
4064CEM Foundations of Cyber Security - Coventry University
Assignment 1:
Learning Outcome 1: Relate current events in cybersecurity to the technological and theoretical aspects of their course.
Learning Outcome 2: Use common tools to enumerate networks and hosts.
Task 1 :
You are required to investigate a real security incident that has been reported in English-speaking online public media since January 2022, and produce a report (up to 1000 words) that should consist of:
• Description of the incident, including the possible techniques and tools employed.
• Analysis of the incident including the following:
o Value of the assets at risk
(If necessary make reasonable assumptions and state them clearly.)
• Identification of the CIA properties of the valuable assets that were reduced as a result of the incident.
• Describe two (2) countermeasures, either existing or proposed by you, that would reduce the risks associated with the threats and assets.
Task 2:
When people log on to the system (Unix/Linux/Windows) and create their files, they want to protect those files: some of them may be public, and some are only intended for a restricted audience, and some are private.
For stage-two 5064CEM (Networking) module, the following materials will be onto a Linux (Debian) server:
• Documents such as MID (module information), lecture notes, and portfolio reports that are group projects.
• Some tools/applications.
All these documents and tools may be grouped into various directories. Below are the access policies:
Policy 1: Everyone can read 5064CEM MID;
Policy 2: For the module lecturers, in addition to Policy 1, they can also:
o write 5064CEM MID,
o read and write all the lecture notes,
o read, write and run the tools/applications;
Policy 3: For students enrolled on the module, in addition to Policy 1, they can
o read all the lecture notes,
o run the tools/applications;
o read and write their own portfolio reports (group projects).
To simplify the scenario, suppose there are four students that are enrolled on this module, there is one module leader, and there is one student who is not enrolled. Table 2 gives the user names (accounts) for these users.
Table 2: user names for Task 2
|
Roles
|
Name
|
User name
|
|
module leader
|
John
|
john
|
|
group 1 student1
|
Roy
|
roy
|
|
group 1 student2
|
Randy
|
randy
|
|
group 2 student1
|
Mark
|
mark
|
|
group 2 student2
|
Mike
|
mike
|
|
student that is not enrolled onto 5064CEM
|
Luke
|
Luke
|
Please complete the following sub-tasks for Task 2. Apart from Task 2-3, please provide your solutions (e.g. commands) together with the screenshots of the output of your solutions.
Task 2-1: Assuming you log in as root, create an account for Mark:
Task 2-2: Assuming you log in as root, provide a weak password for Mark, and then employ an offline dictionary-based tool to crack Mark's password. You may use the wordlist provided by your Linux system, or download from the Internet, or create your own wordlist.
Task 2-3: Construct an Access Control Matrix to express the access control policies for users and 5064CEM materials as shown in Table 3:
Table 3: Access Control Matrix
|
|
5064CEM MID
|
Lecture3 Note
|
Group1 Report
|
Group2 Report
|
Tool
|
|
John
|
|
|
|
|
|
|
Roy
|
|
|
|
|
|
|
Randy
|
|
|
|
|
|
|
Mark
|
|
|
|
|
|
|
Mike
|
|
|
|
|
|
|
Luke
|
|
|
|
|
|
Task 2-4: Assuming you log in as john, create 5064CEM MID (the content of 5064CEM MID is not essential and can be any content constructed by you), and then implement the access rights for 5064CEM MID.
Task 2-5: Assuming you log in as mark, create Group2 Report (the content of Group2 Report is not essential and can be any content constructed by you), and put it in the directory of /home/mark/group2/; and then implement the access rights for Group2 Report.
Task 2-6: Further to Task 2-5, assuming you log in as mark who is the group leader of Group2 Report. Configure appropriate directories and/or files to avoid careless deletion of Group2 Report by his group members (e.g. Mike).
Assignment 2:
Learning Outcome 1: Identify well-known security issues
Learning Outcome 2: Demonstrate how well-known security vulnerabilities can be both exploited and corrected
Tasks Description:
Task 1: Linux commands: all the tasks in Task 1 should be fulfilled via the Command Line Interface (CLI).
As a root, create a user with the username being ehcs2022. You chose your own password for this account. Then login as ehcs2022
Provide a command to go to your home directory. For the rest of the tasks, unless specified otherwise, you are supposed to be in your own home directory before you fulfil the tasks.
If for some reasons you failed to fulfil Task 1-(1), you can fulfil the rest of the tasks under any existing home directory on your Linux system.
Provide a command to show the current date.
Provide a command to display one-line description of df.
(i) Create a directory named myDir
(ii) Within myDir directory, create an empty file named myFile
(iii) Within myDir directory, use only one command to create the following empty files:
myFile1, myFile11, file2, file6, file12, file22, file33, file42
(iv) Within myDir directory, use an appropriate wildcard to copy all the files whose file names start with myFile to the parent directory
(v) Within myDir directory, use an appropriate wildcard to delete the following files in an interactive way (i.e. a confirmation is required before a file is deleted):
file12, file22, file42
(6) Display the kernel name and the kernel version of your Linux system.
(7) Create an alias called 'myhost' that echoes the hostname of your Linux system
(8) (i) Display the first 3 lines of /etc/passwd
(ii) Create a file named passwd.txt that stores the last 2 lines of /etc/passwd
Task 2: Information Gathering
(1) Use Google Advanced Operators to form a query that returns the following results:
(i) Web pages with "index of" in the title and "COVID-19" in the text
(ii) Web pages from www.indeed.co.uk that contain "cyber security" in their titles.
(iii) Web pages with "webcam" in the title and "login" in the URL link
(2) List two (2) Linux commands for obtaining IPv4 address of www.coventry.ac.uk
(3) List a Linux command that starts Apache HTTP Web server
(4) List a Linux command that display the running service(s) and the OS details of the local host.
Task 3: Use Wireshark to fulfil the tasks relevant to the traffic captured in in traffic-ResitDeferral.pcapng (available on material)
(1) What is the display filter expression so that only the HTTP traffic containing the IP address of 5.134.4.207 is shown?
(2) What is the client-side browser type?
(3) What is the web server name (Host) of 5.134.4.207?
(4) What Portable Document Format (PDF) document on the web server was accessed by the client?
Task 4: Hashing, symmetric cryptography and asymmetric cryptography are the techniques used for secure communication in the presence of third parties.
(1) explain how message integrity is provided, and list three existing algorithms for message integrity.
(2) provide the advantages and disadvantages of using symmetric cryptography and asymmetric cryptography for confidentiality, and explain how these two techniques can be combined in order to provide confidentiality with high performance
Attachment:- Foundations of cyber security.rar