User Account

All Pages

Attack detection from real intrusion dataset

Assignment Help Computer Network Security
Reference no: EM133527700

Advanced Network Security

Question 1. HTTPS and Certificates

For this question you must use virtnet (as used in the Tutorials) to study HTTPS and certificates. This assumes you have already setup and are familiar with virtnet. See Moodle and workshop instructions for information on setting up and using virtnet, deploying the website, and testing the website.Your task is to setup a web server that supports HTTPS. The tasks and sub-questions are grouped into multiple phases.Phase 1: Setup Topology1. Create topology 5 in virtnet.2. Deploy the MyUni demo website, with node3 being the real web server.

Phase 2: Certificate Creation
1. Using[studentID]-keypair.pem from Assignment 1, generate a Certificate Signing Request called [StudentID]-csr.pem. CSR must contain these field values:
• State: state of your campus
• Locality: city of your campus
• Organisation Name: your full name
• Common Name: www.[StudentID].edu
• Email address: your @cqumail address
• Other field values must be selected appropriately.

Now you will change role to be a CA. A different public/private key pair has been created for your CA as [StudentID]-ca-keypair.pem. As the CA you must:

2. Setup the files/directories for a demoCA
3. Create a self-signed certificate for the CA called [StudentID]-ca-cert.pem.
4. Using the CSR from step 1 issue a certificate for www.[StudentID].edu called
[StudentID]-cert.pem.

Phase 3: HTTPS Configuration
1. Configure Apache web server on node3 to use HTTPS where the domain name is www.[StudentID].edu
2. Load the CA certificate into the client on node1.

Phase 4: Testing
1. Start capturing on node2 using tcpdump.

2. On node1, use lynx to visit https://www.[StudentID].edu/grades/ and login to view somegrades.

3. Demonstrate to your tutor that your secure website is operating correctly.
3. Exit lynx.
4. Stop the capturing and save the file as [StudentID]-https.pcap.

When capturing, make sure you capture a full HTTPS session, and avoiding capturing multiple sessions.
For on-campus students: Step 3 of above should be demonstrated in your allocated Week 9, 10, 11 or Week 12 tutorial class. Your local tutor will be informed you when your demonstration is passed.
For distance students: Unit Coordinator will organise a time for you to demonstrate step 3.

Phase 5: Analysis

(a) Demonstration of secure web site

(b) Submit the following packet capture [StudentID]-https.pcap on Moodle

(c) Draw a message sequence diagram that illustrates the TLS/SSL packets belonging to the first HTTPS session in the file. Refer to the instructions in assignment 1 for drawing a message sequence diagram, as well as these additional requirements:
• Only draw the TLS/SSL packets; do not draw the 3-way handshake, TCP ACKs or connection close. Hint: identify which packets belong to the first TCP connection and then filter with "ssl" in Wireshark. Depending on your Wireshark version, the protocol may show as "TLSv1.2".
• A single TCP packet may contain one or more SSL messages (in Wireshark look inside the packet for each "Record Layer" entry to find the SSL message names). Make sure you draw each SSL message. If a TCP packet contains multiple SSL messages, then draw multiple arrows, one for each SSL message, and clearly label each with SSL message name.

Reflection:

• Clearly mark which packets/messages are encrypted.

(d) Generally, Certificate Authorities must keep their private keys very secure by storing them offline in special hardware devices. How attackers can introduce attacks to https://www. [StudentID].edu if they able to compromise the CA private key.

Question 2. Attack Detection from Real Intrusion Dataset

This task is the continuation of the question 2 Assignment 1 where you have evaluated the UNSW-NB15 dataset with three different classifiers where you did not apply any feature selection techniques. Feature selection is one of the key principles that greatly impacts the model's efficacy by selecting only those features that are most relevant and thereby, reduces over-fitting, improves accuracy and reduces training time. Here you need to explore different built-in feature selection techniques (at least three) in WEKA and identify the best features for each classifier.

For this task you will need two files available on Moodle:

• train.arff and test.arff.

You need to follow the following steps:
• Step 1: Import data in the train.arff into WEKA (explorer).
• Step 2: Select the attributes by using Attribute evaluator (at least 2) and search method in WEKA and update your datasets accordingly.
• Step 3: Select the classifier that you used in Assignment 1 Question 2.
• Step 4: Specify the test option as Use ‘training set' and the column of class.
• Step 5: Supply the test dataset (test.arff) to evaluate the classifier.
• Step 6: Re-evaluate model on current test set to perform the evaluation.
• Repeat the step 2 to 7 for other two classifiers.

You need to include in your report the following:

(a) Screenshot of the selected attributes and evaluation result for each classifier.
(b) Compare your current outcomes with the outcomes of Question 2 Assignment 1 in term of Accuracy, precision, recall, F1-Score and false positive rate.
Reflections:

(c) Have you achieved better performance after applying the feature selection technique for each classifier? If yes, why you have achieved that. If yes, explain why you believe that was achieved. If not, explain why you believe it was not achieved.

(d) In the UNSW-NB15 dataset, there are nine types of network attacks available. Among these nine attacks which three attacks are highly detected by the classifiers? Please give a short explanation of these three attacks.

Question 3. Firewalls and Wi-Fi Security[15]

You are tasked with designing a network upgrade for a manufacturing institute. The institute currently has a wired network (Ethernet LAN) across three floors of their office building, connecting approximately 50 desktop computers, several servers and 15's of other devices (e.g., printers, payment terminals, machinery). There are currently 80 full-time and part-time employees, some working in the office while others are outside or in an external workshop. The network upgrade has two main components:
• A wireless LAN to allow all employees access to the internal network from within the office, outside and in the workshop. Customers of the business may also be granted guest access to the wireless LAN. The wireless LAN will most likely need more than 20 APs and have 120 to 170 clients.
• A VPN to allow selected employees to access the internal network from home or when visiting customers at other locations.
Assume the network has the following internal servers:
• A web server that supports HTTPS only and is accessible to the public.
• An email server accessible to the public.
• A SSH server accessible only to a small selection of employees when they are outside of the network. (The VPN is not needed for these employees to access the SSH server)
The institute has one IT employee who is capable with computer networking (e.g., they previously setup the wired LAN), but has little knowledge of security. Answer the following questions assuming that you are explaining to the IT employee (as they need to build the network).

(a) Draw a network diagram that illustrates the wired network, wireless network, and VPN. You should not draw all users and devices; only draw a sample of the users and devices. For example, several switches, several APs, several wired computers, several WiFi users, 1 or 2 VPN external users. (Several may be 2 to 5). Also, clearly indicate which portions of the network have data encrypted due to either WiFi encryption or the VPN (for example, mark those paths that have encryption in red or some other clear label).

(b) Explain where you would locate the firewall and justify that location.

(c) Design a set of firewall rules for the organisation. Implement a set of firewall rules in virtnet on node2 in topology 5 using iptables. Explain any rules that are important for the institute, but you are not able to implement it because of limited virtnet environment with iptables. Include the iptables rules in your report.

(d) The institute network included a wireless LAN component. Based on "Wi-Fi Security" research article, recommend two security mechanisms that the institute could use to reduce the risk of the threats. For each security mechanism you recommend, explain what the security mechanism does, which threat(s) it addresses, and how it reduces the threat.

Maintaining Journal

Whenever you perform tasks, you should be recording important information in your online journal. This may include notes, commands you have run, parts of files you edited, and screenshots. You will be marked on how well you have maintained your journal (including technical depth) and how accurately it captures your tutorial and assignment practical activities from Week 6 to Week 10. Your online journal may be also referred to when marking your submission. For example, if the marker sees two student submissions with very similar answers, they may refer to the journal to review the entries that indicate that both students performed the tasks independently.
To gain the full 5 marks, your journal at least has to contain evidence on the following practical tasks:
- Firewalls (week 6)
- Authentication (week 7)
- Access control (week 8)
- Wireless security (week 10)

Attachment:- Advanced Network Security.rar

 

Reference no: EM133527700

Questions Cloud

What ways could an understanding of systems theory : what ways could an understanding of systems theory and complexity science impact the role of the NP? reflect on the NP practice model that is most predominant
Explain how the terms are interconnected and how they often : Search the University Library or Google ScholarTM for definitions of the terms leading, managing,?and following. Interpret the definitions
When staff members have quick, easy access to patient record : When staff members have quick, easy access to patient records, they save time that would otherwise be spent locating paper charts. Through integrated scheduling
Explain the significance to american women of roe v. wade : Explain the significance to American women of Roe v. Wade What are some of the ethical concerns of both male and female sterilization procedures?
Attack detection from real intrusion dataset : Have you achieved better performance after applying the feature selection technique for each classifier? If yes, why you have achieved that
How prepared do you feel for your predictor exam : How prepared do you feel for your predictor exam and national certification? What activities have you undertaken the past few weeks to continue to prepare for
Discuss expected outcomes for your evidence-based practice : Discuss the expected outcomes for your evidence-based practice project proposal. Review the various data collection tools associated with your selected research
Why it is important for healthcare policymaker : Discuss the accuracy of these statements above and why it is important for healthcare policymaker/nursing leaders to address these two issues to improve nursing
Discuss the accuracy of this paragraph and explain : Discuss the accuracy of this paragraph and explain why it is important to address these mentioned problems and provide solutions to this issue of healthcare.

Reviews

Write a Review

Computer Network Security Questions & Answers

  Describe fundamental phases of the penetration testing

Describe the fundamental phases of the Penetration Testing Execution Standard and Explain any legal implications that may arise from exceeding the scope

  Critical analysis

Develop a clear thesis and use details and quotations from the text to support your arguments. Do not waste a lot of space on a long, generalized introduction

  Discuss your experiences with cyber-bullying

Discuss your experiences with cyber-bullying - either a personal experience or one you know of from peers or the media.

  Critique the transition process performed by the dms

Critique the transition process performed by the DMS in the case study. Then, recommend two (2) alternatives to the IP infrastructure or applications not already mentioned in the case study.

  What vulnerabilities is this machine suspectable to

What vulnerabilities is this machine suspectable to? List them by the port that are associated with - You will probably need to perform multiple scans

  Characteristics of information security

Select one of the three characteristics of information security (CIA) and explain its importance as related to the development of policy, education, OR technology

  Total cost of ownership return on investment

Total Cost of Ownership Return on Investment. Explain each of these approaches, state your preference, and analyze the advantages and disadvantages of each with a focus on IT investments.

  Literature review on user security behaviour

Find user security behaviour studies related to these variables. In that way you can use your (part of) searched articles for assignment

  Cyber security triad

Choose a threat that targets one of three categories of the cyber security triad: Confidentiality, Integrity or  Availability. Using the posted instructions for writing a white paper

  Explain the importance of the tcp-ip suite

Explain the importance of the TCP/IP suite in both LAN and WAN implementations. They are discussing implementing VoIP, would it be helpful for a hospital.

  Compare the cyber hacking laws between given countries

Contrast and compare the cyber hacking laws between the United States, Russian Federation, and the Peoples Republic of China.

  What type of risk treatment

Given the risks and budget below, what type of risk treatment (from the list above) would you chose for each specific risk and why?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd