User Account

All Pages

Demonstrate the weakness of communicating in networks

Assignment Help Other Subject
Reference no: EM133668476

Advanced Network Security

Discuss, Explain, Design Style Questions

A number of questions in this assignment require short, specific answers. These will normally be marked on correctness. That is, if the answer given is correct, then full marks, otherwise 0 marks. In some cases, partial marks may be given.

Other questions require more elaborate answers. They typically include words such as discuss, explain, design, compare or propose. For such questions, to achieve full marks your answer should not only be correct, but also clear and detailed. While your answers don't necessarily have to be long (many paragraphs), the level of detail should be similar to that covered in lectures. Some hints on writing your answers to these style of questions include:

Use terminology that has been used throughout the lectures. Using non-standard terminology, or terminology that significantly differs from that in this topic, is an example of unclear writing.

Be specific, referring to files, algorithms, keys or other relevant data elements.
When relevant, use examples to assist your explanation (although don't use just examples; give a general explanation as well).
Including wrong or irrelevant information in your answer will result in low marks. An answer with multiple wrong/irrelevant statements as well as a correct statement, may receive 0 marks.
Don't rely heavily on images (unless they are asked for). If you do include images, then draw them yourself - don't take images from the Internet, textbook or lecture notes.

Scenario
You are a cyber security analyst for an educational institution (e.g., university). You are to conduct tasks and analyse issues impacting the university.
virtnet
You must use virtnet (as used in the tutorials) to perform tasks. This assumes you have already setup and are familiar with virtnet. See Moodle and tutorial instructions for information on setting up and using virtnet. Specifically, you must setup:
virtnet topology 5, with node1 as a client, node2 as a router and node3 as a server.

Question 1. HTTP Interception

Aim
Your aim is to demonstrate the weakness of communicating in networks without encryption, in particular when web browsing. To do this, you will demonstrate how easy it is to intercept traffic in a network, and explain what information can be extracted from interception of HTTP traffic.
Complete the following phases, in order.

Phase 1: Setup
Add a new student user to the MyUni grading system (see NSL 16.3.6). The user must have:
Username: [StudentID]
Password: [FirstName]
Add a grade for the new student user for unit/course ‘coit20262' with a grade of whatyou expect to receive this term, e.g. HD, D, C, P or F.
Change the domain of the MyUni website to www.[StudentID].edu by editing the
/etc/hosts files.
Test that the existing users and new student can access the grading website.
Phase 2: Intercept HTTP Traffic
Start capturing on node2 using tcpdump.
The new student user must do the following on node1:
Visit the MyUni grading website, e.g.:
lynx https://www.[StudentID].edu/grades/
Follow the "Login" link and login
Follow the "View grades" link and enter their username and ‘coit20262' to viewthe course/unit grade, and submit.
Follow the "Logout" link.
Exit lynx by pressing q for quit.
Stop capturing on node2. Note that it is important that the start of the TCP connection (i.e. 3-way handshake), as well as all HTTP requests/responses are included in the capture.
Save the capture file as [StudentID]-http.pcap.
Phase 3: Analysis
Answer the following sub-questions regarding the previous phases.
Submit the capture file.

Draw a message sequence diagram that illustrates all the HTTP messages for the new student user viewing the grades (i.e. the HTTP messages from [StudentID]- http.pcap from phase 2 above). Do not draw any packets generated by other applications or protocols, such as ARP, DNS or SSH, and do not draw TCP connection setup or ACKS. Only draw HTTP messages. A message sequence diagram uses vertical lines to represent events that happen at a computer over time (time is increasing as the line goes down). Addresses of the computers/software are given at the top of the vertical lines. Horizontal or sloped arrows are used to show messages (packets) being sent between computers. Each arrow should be labelled with the protocol, packet type and important information of the message. Examples of message sequence diagrams are given in workshops. Note that you do not need to show the packet times, and the diagram does not have to be to scale. Draw the diagram yourself (e.g. using drawing software or by hand) - do NOT use Wireshark to generate the diagram. [2.5 marks]
Reflection:

As the attacker you can learn information from intercepting the packets. Based on the packet capture file, what useful information can you learn from the interception? You must refer to specific values and packet numbers, as well as give a brief explanation of how the information may be useful for the attacker.

Question 2. Vulnerability analysis using Nessus

Set up Nessus on Kali. Then perform a scan on the metasploitable2 (ms2) using Nessus.

Login using your Nessus username - your first name and password - any combination.
Select New Scan > Basic Scan. Name the scan, for example, ms2, and target 172.16.1.35.
Identify the critical vulnerabilities of the ms2 machine. [2 marks] Reflections:
Search for vulnerabilities on three of your own private devices (e.g., your router, computer, and mobile devices) using the tools such as Nessus or Nikto. Submit evidence of your searches including screenshots. [6 marks]
Identify the top 3 vulnerabilities from your search and provide recommendations of how to manage those vulnerabilities. [2 marks]

Question 3. Encryption and Signing
Aim
Your aim is to demonstrate skills and knowledge in cryptographic operations, especially key management. You will do this in pairs (that is, with a partner student).
When performing cryptographic operations you must be very careful, as a small mistake (such as a typo) may mean the result is an insecure system. Read the instructions carefully,understand the examples, and where possible, test your approach (e.g. if you encrypt a file, test it by decrypting it and comparing the original to the decrypted). It is recommended you use virtnet to perform the operations.

Phase 1: Key Generation
Generate your own RSA 2048-bit public/private key pair and upload your public key to the Public Key Directory on Moodle. (If you have already done this in the tutorial, you do not need to do it again). Save your keypair as [StudentID]-keypair.pem.
Generate a secret key to be used with AES-256-CBC, saving it in the file [StudentID]- key.txt.
Generate an IV to be used with AES-256-CBC, saving it in the file [StudentID]- iv.txt.

Phase 2: Message Creation and Signing
Create a message file [StudentID]-message.txt that is a plain text file containing your full name and student ID inside.
Digitally sign [StudentID]-message.txt using RSA and SHA256, saving the signature in the file [StudentID]-message.sgn.

Phase 3: Encryption
Encrypt [StudentID]-message.txt using symmetric key encryption, saving the ciphertext in the file [StudentID]-message.enc.
Encrypt [StudentID]-key.txt using public key encryption (RSA), saving the ciphertext in the file [StudentID]-key.enc.
Encrypt [StudentID]-iv.txt using public key encryption (RSA), saving the ciphertext in the file [StudentID]-iv.enc.

Phase 4: Upload to your Partner
To send files to your partner, you must upload them to the Encrypted Files database on Moodle. Your partner can then download from the database.
Phase 5: Decryption and Verification
Download the files from your partner from the Encrypted Files database.
Decrypt to obtain the message, saving it in the file [StudentID]-received.txt.
Verify the signed message.

Phase 6: File Submission
Submit the files on Moodle. As output from these phases, you should have the following files for submission on Moodle:
[StudentID]-message.txt
[StudentID]-keypair.pem
[StudentID]-pubkey.pem
[StudentID]-key.txt
[StudentID]-iv.txt
[StudentID]-message.sgn
[StudentID]-message.enc
[StudentID]-key.enc
[StudentID]-iv.enc
[StudentID]-received.txt (this will contain the message you received from your partner)
Even though the encrypted files and public keys must be available on the Moodle databases, you should also include a copy of the files in your assessment submission. Ensure the files in the database and your submission are the same - the marker may use either version.
Phase 7: Reflection
Think about the tasks you performed in this question and write a brief reflection. You should address:
(a) Submit your files on Moodle as listed above. Also take a screenshot showing the OpenSSL verification command and the message contents. That is, the single screenshot should show the output of two commands:
openssl dgst ...
cat [StudentID]-received.txt

Include the screenshot on your assignment answer template.

Which parts were the most challenging or lead to mistakes, and why were there mistakes?

Find the potential security vulnerability in the process/the steps you took.

Question 4. Ransomware Research

Read the details of the Ransomware attack from the below link
You need to perform the following tasks:

Write a short overview of Ransomware
Approximately ½ page of text explaining what ransomware is and how it works. Assume the audience of this section is the non-technical. You must include real examples of ransomware and/or ransomware attacks.

Describe the technical details of Ransomware
Approximately ½ to 1 page of text explaining the technical aspects of ransomware, including:
What are the common methods of infection?
What cryptographic techniques are commonly used?
What technologies are used to obtain ransoms?
Assume the audience of this section is technical, i.e., have similar background on network security as you. You should refer to techniques and concepts covered in the unit and give sufficient technical detail to demonstrate you understand the issues.

Write some Recommendations to prevent the Ransomware
List and explain recommendations for end-users and/or organizations to avoid ransomware and/or handle ransomware infections.

Maintaining Journal

Whenever you perform tasks, you should be recording important information in your online journal. This may include notes, commands you have run, parts of files you edited, and screenshots. You will be marked on how well you have maintained your journal (including technical depth) and how accurately it captures your tutorial and assignment practical activities from Week 1 to Week 5. Your online journal may be also referred to when marking your submission. For example, if the marker sees two student submissions with very similar answers, they may refer to the journal to review the entries that indicate that both students performed the tasks independently.

Reference no: EM133668476

Questions Cloud

Detractors of neuroscientific accounts of addition : Sally Satel is among the detractors of neuroscientific accounts of addition,
Prominent theories on sexual orientation : Identify and define two of the prominent theories on sexual orientation.
Which of the suggested ideas could be replicated : Which of the suggested ideas would present methodological hurdles, and why? Which of the suggested ideas could be replicated?
Development and prevalence of childhood obesity : To what degree do parents play a role in the development and prevalence of childhood obesity?
Demonstrate the weakness of communicating in networks : COIT20262 Advanced Network Security, CQ University - Demonstrate the weakness of communicating in networks without encryption, in particular when web browsing
Working from non-trauma informed care perspective : What are the consequences of providers working from a non-trauma informed care perspective?
Which market attributes would you rely on to support : How will you measure the demand for health care services in your community? Which market attributes would you rely on to support this assessment?
Determine the appropriateness of self-disclosure : Discuss the guidelines you would use to determine the appropriateness of self-disclosure. What are some areas you would feel hesitant about sharing?
Controversy on record keeping : There is much controversy on record keeping. What do you feel is practical and still within the psychologist's legal obligation?

Reviews

Write a Review

Other Subject Questions & Answers

  Sex or religion or other group characteristic

Do you think that it is ever justifiable to treat people differently on the basis of their race or sex or religion or other group characteristic?

  Major types of market movements

The Dow theory use _______ to follow three major types of market movements.

  What would modify to make a positive change in the life

What would you modify or improve to make a positive change in the life of a vulnerable group we have not covered in class? Justify

  How humans learn a great deal by observing others

How humans learn a great deal by observing others. Everyone in the class learned how to speak their native language by watching native speakers

  What are some ways to bring positivity

What are some ways to bring positivity during assessment results discussion?

  Compare values and beliefs of the ethnic minority

Compare and contrast the values and beliefs of the ethnic minority or racial group you chose with the majority group in the United States

  What problems in california governor be addressing right now

What problems in California should the Governor be addressing right now? Be specific and explain in detail. Offer solutions if you can.

  Why is the historical context an important consideration

Why is the historical context an important consideration? What are some the key Factors related to the historical context

  Structure of three-tiered federal court system

Describe the structure of the three-tiered federal court system, and explain the key functions of each level in the court system.

  Discuss what makes the given an ethical dilemma

Examine the case of Baby Boy Doe (Darr, 2011, p. 16.) The objective of this assignment is to get you to think critically about real-life ethical dilemmas.

  Discuss the genetic or physiological evidence

Discuss the genetic or physiological evidence that supports the notion that biology played a key role in explaining the offender's criminality.

  How cinematographer decisions affect overall storytelling

From a film of your own choosing (something you have access to), pick a scene and discuss the cinematography. How were certain shots framed? Was there camera movement? If so, what kind? Discuss lighting choices. How did the cinematographer's decis..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd