User Account

All Pages

Describe the technical details of ransomware

Assignment Help Computer Network Security
Reference no: EM133674410

Advanced Network Security

Discuss, Explain, Design Style Questions

A number of questions in this assignment require short, specific answers. These will normally be marked on correctness. That is, if the answer given is correct, then full marks, otherwise 0 marks. In some cases, partial marks may be given.

Other questions require more elaborate answers. They typically include words such as discuss, explain, design, compare or propose. For such questions, to achieve full marks your answer should not only be correct, but also clear and detailed. While your answers don't necessarily have to be long (many paragraphs), the level of detail should be similar to that covered in lectures. Some hints on writing your answers to these style of questions include:

Use terminology that has been used throughout the lectures. Using non-standard terminology, or terminology that significantly differs from that in this topic, is an example of unclear writing.

Be specific, referring to files, algorithms, keys or other relevant data elements.

When relevant, use examples to assist your explanation (although don't use just examples; give a general explanation as well).
Including wrong or irrelevant information in your answer will result in low marks. An answer with multiple wrong/irrelevant statements as well as a correct statement, may receive 0 marks.
Don't rely heavily on images (unless they are asked for). If you do include images, then draw them yourself - don't take images from the Internet, textbook or lecture notes.
Scenario
You are a cyber security analyst for an educational institution (e.g., university). You are to conduct tasks and analyse issues impacting the university.
virtnet
You must use virtnet (as used in the tutorials) to perform tasks. This assumes you have already setup and are familiar with virtnet. See Moodle and tutorial instructions for information on setting up and using virtnet. Specifically, you must setup:
virtnet topology 5, with node1 as a client, node2 as a router and node3 as a server.
MyUni grading website is running on node3.
Set the domain of the MyUni grading website to be www.[StudentID].edu. (you can change the domain by editing /etc/hosts file on node1 - see NSL 16.2.3).
For the cryptography tasks, openssl must be used.

Question 1. HTTP Interception

Aim
Your aim is to demonstrate the weakness of communicating in networks without encryption, in particular when web browsing. To do this, you will demonstrate how easy it is to intercept traffic in a network, and explain what information can be extracted from interception of HTTP traffic.
Complete the following phases, in order.
Phase 1: Setup
Add a new student user to the MyUni grading system (see NSL 16.3.6). The user must have:
Username: [StudentID]
Password: [FirstName]
Add a grade for the new student user for unit/course ‘coit20262' with a grade of whatyou expect to receive this term, e.g. HD, D, C, P or F.
Change the domain of the MyUni website to www.[StudentID].edu by editing the
/etc/hosts files.
Test that the existing users and new student can access the grading website.
Phase 2: Intercept HTTP Traffic
Start capturing on node2 using tcpdump.
The new student user must do the following on node1:
Visit the MyUni grading website, e.g.:
lynx https://www.[StudentID].edu/grades/
Follow the "Login" link and login
Follow the "View grades" link and enter their username and ‘coit20262' to viewthe course/unit grade, and submit.
Follow the "Logout" link.
Exit lynx by pressing q for quit.
Stop capturing on node2. Note that it is important that the start of the TCP connection (i.e. 3-way handshake), as well as all HTTP requests/responses are included in the capture.
Save the capture file as [StudentID]-http.pcap.
Phase 3: Analysis
Answer the following sub-questions regarding the previous phases.
Submit the capture file.

Draw a message sequence diagram that illustrates all the HTTP messages for the new student user viewing the grades (i.e. the HTTP messages from [StudentID]- http.pcap from phase 2 above). Do not draw any packets generated by other applications or protocols, such as ARP, DNS or SSH, and do not draw TCP connection setup or ACKS. Only draw HTTP messages. A message sequence diagram uses vertical lines to represent events that happen at a computer over time (time is increasing as the line goes down). Addresses of the computers/software are given at the top of the vertical lines. Horizontal or sloped arrows are used to show messages (packets) being sent between computers. Each arrow should be labelled with the protocol, packet type and important information of the message. Examples of message sequence diagrams are given in workshops. Note that you do not need to show the packet times, and the diagram does not have to be to scale. Draw the diagram yourself (e.g. using drawing software or by hand) - do NOT use Wireshark to generate the diagram. [2.5 marks]
Reflection:

As the attacker you can learn information from intercepting the packets. Based on the packet capture file, what useful information can you learn from the interception? You must refer to specific values and packet numbers, as well as give a brief explanation of how the information may be useful for the attacker.

Question 2. Vulnerability analysis using Nessus

Set up Nessus on Kali. Then perform a scan on the metasploitable2 (ms2) using Nessus.

Login using your Nessus username - your first name and password - any combination.
Select New Scan > Basic Scan. Name the scan, for example, ms2, and target 172.16.1.35.
Identify the critical vulnerabilities of the ms2 machine. Reflections:
Search for vulnerabilities on three of your own private devices (e.g., your router, computer, and mobile devices) using the tools such as Nessus or Nikto. Submit evidence of your searches including screenshots.
Identify the top 3 vulnerabilities from your search and provide recommendations of how to manage those vulnerabilities.

Question 3. Encryption and Signing
Aim
Your aim is to demonstrate skills and knowledge in cryptographic operations, especially key management. You will do this in pairs (that is, with a partner student).
When performing cryptographic operations you must be very careful, as a small mistake (such as a typo) may mean the result is an insecure system. Read the instructions carefully,understand the examples, and where possible, test your approach (e.g. if you encrypt a file, test it by decrypting it and comparing the original to the decrypted). It is recommended you use virtnet to perform the operations.
Phase 1: Key Generation
Generate your own RSA 2048-bit public/private key pair and upload your public key to the Public Key Directory on Moodle. (If you have already done this in the tutorial, you do not need to do it again). Save your keypair as [StudentID]-keypair.pem.
Generate a secret key to be used with AES-256-CBC, saving it in the file [StudentID]- key.txt.
Generate an IV to be used with AES-256-CBC, saving it in the file [StudentID]- iv.txt.
Phase 2: Message Creation and Signing
Create a message file [StudentID]-message.txt that is a plain text file containing your full name and student ID inside.
Digitally sign [StudentID]-message.txt using RSA and SHA256, saving the signature in the file [StudentID]-message.sgn.
Phase 3: Encryption
Encrypt [StudentID]-message.txt using symmetric key encryption, saving the ciphertext in the file [StudentID]-message.enc.
Encrypt [StudentID]-key.txt using public key encryption (RSA), saving the ciphertext in the file [StudentID]-key.enc.
Encrypt [StudentID]-iv.txt using public key encryption (RSA), saving the ciphertext in the file [StudentID]-iv.enc.
Phase 4: Upload to your Partner
To send files to your partner, you must upload them to the Encrypted Files database on Moodle. Your partner can then download from the database.
Phase 5: Decryption and Verification
Download the files from your partner from the Encrypted Files database.
Decrypt to obtain the message, saving it in the file [StudentID]-received.txt.
Verify the signed message.

Phase 6: File Submission
Submit the files on Moodle. As output from these phases, you should have the following files for submission on Moodle:
[StudentID]-message.txt
[StudentID]-keypair.pem
[StudentID]-pubkey.pem
[StudentID]-key.txt
[StudentID]-iv.txt
[StudentID]-message.sgn
[StudentID]-message.enc
[StudentID]-key.enc
[StudentID]-iv.enc
[StudentID]-received.txt (this will contain the message you received from your partner)
Even though the encrypted files and public keys must be available on the Moodle databases, you should also include a copy of the files in your assessment submission. Ensure the files in the database and your submission are the same - the marker may use either version.

Phase 7: Reflection
Think about the tasks you performed in this question and write a brief reflection. You should address:
(a) Submit your files on Moodle as listed above. Also take a screenshot showing the OpenSSL verification command and the message contents. That is, the single screenshot should show the output of two commands:
openssl dgst ...
cat [StudentID]-received.txt

Include the screenshot on your assignment answer template.

Which parts were the most challenging or lead to mistakes, and why were there mistakes?

Find the potential security vulnerability in the process/the steps you took.

Question 4. Ransomware Research

Read the details of the Ransomware attack

You need to perform the following tasks:

Write a short overview of Ransomware
Approximately ½ page of text explaining what ransomware is and how it works. Assume the audience of this section is the non-technical. You must include real examples of ransomware and/or ransomware attacks.

Describe the technical details of Ransomware
Approximately ½ to 1 page of text explaining the technical aspects of ransomware, including:
What are the common methods of infection?
What cryptographic techniques are commonly used?
What technologies are used to obtain ransoms?
Assume the audience of this section is technical, i.e., have similar background on network security as you. You should refer to techniques and concepts covered in the unit and give sufficient technical detail to demonstrate you understand the issues.

Write some Recommendations to prevent the Ransomware
List and explain recommendations for end-users and/or organizations to avoid ransomware and/or handle ransomware infections.

Reference no: EM133674410

Questions Cloud

What you found through your investigations : MBA 5006 Organisational Behaviour, Victorian Institute of Technology - Describe what you found through your investigations, e.g. the main themes that came out
What do you find interesting and relevant in your example : What, specifically, do YOU find interesting and relevant in your example, as a ‘narration of the human experience', and WHY?
What are the implication of white trash being labeled a race : How did the terminology for poor southern Whites change after the Civil War? What are the implications of white trash being labeled a race?
What were the goals of the movement : What were the goals of the movement? What were the concerns raised in the letter to the editor? Does the editorial address any of these concerns?
Describe the technical details of ransomware : Describe the technical details of Ransomware Approximately ½ to 1 page of text explaining the technical aspects of ransomware, including: What are the common
Assess the effects on the pain : What is study design of a quasi-experimental study that utilizes two independent variables (restraints-behavioral interventions) to assess the effects on pain?
Concepts of personality-freud-ne-freud : There are three broad concepts of personality - Freud, Ne-Freud (specifically Karen Horney) and Trait based.
Write a reflection paper about your reactions to her stories : You will write a 1-page reflection paper about your reactions to her stories. Include things such as: What stood out to you? What did you learn?
Concept of implicit bias : Watch this Global News video segment which will provide you with an explanation about the concept of implicit bias.

Reviews

Write a Review

Computer Network Security Questions & Answers

  The work mentions several limitations

The work mentions several limitations. Pick one of them, describe it in your own words, and discuss whether you think the limitation is fundamental

  Analyze the provided memory file for malicious activity

Analyze the provided memory file for malicious activity - What operating system is the computer using? What version - How much RAM is included in the analysis

  Case study- network infrastructure vulnerabilities

Case Study- Network Infrastructure Vulnerabilities, You are the Information Security Officer at a medium-sized company (1,500 employees)

  Desktop publishing system

Consider a desktop publishing system used to produce documents for various organizations. a. Give an example of a type of publication for which confidentiality of the stored data is the most important requirement

  Create the disaster recovery plan

You have been asked to create the disaster recovery plan for a small neighborhood veterinary clinic.

  After the 911 attacks there has been an increased demand

after the 911 attacks there has been an increased demand for private security services. post to the discussion board

  Why do you feel as though you operate in a secure manner

Do you feel as though you operate in a secure manner? Why or Why not? What ways could you improve your security?

  Establish political stability

Explain what Africans have been able to do to establish political stability in West Africa in the 21st century

  Datagram packet and virtual circuit packet switching

Differentiate between Datagram Packet switching and Virtual Circuit Packet Switching. What is the principal application that has driven the design

  Explain threats related to operating systems and networks

Threats related to operating systems and networks. Risk related to different database deployment models in a distributed environment.

  What kinds of things do you think the administrator will see

A network administrator views the output from the "show ip route" command. What kinds of things do you think the administrator will see on the output?

  Discusses the guidelines for managing information security

You arerequired to analyse the given scenario 2 and produce a report that discusses the guidelines for managing the information security risks of organisation.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd