User Account

All Pages

Design a set of firewall rules for the institute

Assignment Help Computer Network Security
Reference no: EM132896027

COIT20262 Advanced Network Security - Central Queensland University

Question 1. HTTPS and Certificates

For this question you must use virtnet (as used in the Tutorials) to study HTTPS and certificates. This assumes you have already setup and are familiar with virtnet. See Moodle and workshop instructions for information on setting up and using virtnet, deploying the website, and testing the website.

Your task is to setup a web server that supports HTTPS. The tasks and sub-questions are grouped into multiple phases.

Phase 1: Setup Topology
1. Create topology 5 in virtnet.
2. Deploy the MyUni demo website, with node3 being the real web server.

Phase 2: Certificate Creation
1. Generate your own RSA 2048-bit key pair. Use the public exponent of 65537. Save your key pair as [studentID]-keypair.pem. Use your RSA key pair to generate a Certificate Signing Request called [StudentID]-csr.pem. The CSR must contain these field values:
• State: state of your campus
• Locality: city of your campus
• Organisation Name: your full name
• Common Name: myuni
• Email address: your @cqumail address
• Other field values must be selected appropriately.

Now you will change role to be a CA. A different public/private key pair has been created for your CA as [StudentID]-ca-keypair.pem. As the CA you must:

2. Setup the files/directories for a demoCA
3. Create a self-signed certificate for the CA called [StudentID]-ca-cert.pem.
4. Using the CSR from step 1 issue a certificate for www.myuni.edu called [StudentID]-
cert.pem.

Phase 3: HTTPS Configuration
1. Configure Apache web server on node3 to use HTTPS where the domain name is myuni
2. Load the CA certificate into the client on node1.

Phase 4: Testing
1. Start capturing on node2 using tcpdump.

2. On node1, use lynx to visit myuni and login to view some grades.

3. Demonstrate to your tutor that your secure website is operating correctly.
3. Exit lynx.
4. Stop the capturing and save the file as [StudentID]-https.pcap.

When capturing, make sure you capture a full HTTPS session, and avoiding capturing multiple sessions.
For on-campus students: Step 3 of above should be demonstrated in your allocated Week 9, 10, 11 or Week 12 tutorial class. Your local tutor will be informed you when your demonstration is passed.
For distance students: Unit Coordinator will organise a time for you to demonstrate step 3.

Phase 5: Analysis

(a) Demonstration of secure web site

(b) Submit the following packet capture [StudentID]-https.pcap on Moodle

(c) Draw a message sequence diagram that illustrates the TLS/SSL packets belonging to the first HTTPS session in the file. Refer to the instructions in assignment 1 for drawing a message sequence diagram, as well as these additional requirements:

• Only draw the TLS/SSL packets; do not draw the 3-way handshake, TCP ACKs or connection close. Hint: identify which packets belong to the first TCP connection and then filter with "ssl" in Wireshark. Depending on your Wireshark version, the protocol may show as "TLSv1.2".
• A single TCP packet may contain one or more SSL messages (in Wireshark look inside the packet for each "Record Layer" entry to find the SSL message names). Make sure you draw each SSL message. If a TCP packet contains multiple SSL messages, then draw multiple arrows, one for each SSL message, and clearly label each with SSL message name.

• Clearly mark which packets/messages are encrypted.

(d) Generally, Certificate Authorities must keep their private keys very secure by storing them offline in special hardware devices. Explain an attack a malicious user could be perform if they could compromise the CA private key. Use your MyUni website as an example.

Question 2. Attack Detection from Real Intrusion Dataset

This task is the continuation of the question 2 Assignment 1 where you have evaluated the UNSW-NB15 dataset with three different classifiers where you did not apply any feature selection techniques. Feature selection is one of the key principles that greatly impacts the model's efficacy by selecting only those features that are most relevant and thereby, reduces over-fitting, improves accuracy and reduces training time. Here you need to explore different built-in feature selection techniques (at least three) in WEKA and identify the best features for each classifier.

For this task you will need two files available on Moodle:

• train.arff and test.arff.
You need to follow the following steps:
• Step 1: Import data in the train.arff into WEKA (explorer).
• Step 2: Select the attributes by using Attribute evaluator (at least 3) and search method in WEKA and update your datasets accordingly.
• Step 2: Choose a classifier (That you already used in Question 2 Assignment 1).
• Step 3: Specify the test option as Use training set and the column of class.
• Step 4: After the training, supply the test dataset (test.arff) to evaluate the classifier.
• Step 5: Re-evaluate model on current test set to perform the evaluation.
• Repeat the step 2 to 7 for other two classifiers.

You need to include in your report the following:

(a) Screenshot of the selected attributes and evaluation result for each classifier.
(b) Compare your current outcomes with the outcomes of Question 2 Assignment 1 in term of Accuracy, precision, recall, F1-Score and false positive rate.
Reflections:

(c) Have you achieved better performance after applying the feature selection technique for each classifier? If yes, why you have achieved that. If no, what is reason you think for that.
(d) In the UNSW-NB15 dataset, there are nine types of network attacks available. Among these nine attacks which three attacks are highly detected by the classifiers? Please give a short explanation of these three attacks.

Question 3. Firewalls and iptables

You are tasked with designing a network upgrade for an educational institute which has a single router, referred to as the gateway router, connecting its internal network to the Internet. The institute has the public address range 120.50.0.0/17 and the gateway router has address 120.50.170.1 on its external interface (referred to as interface ifext). The internal network consists of four subnets:
A DMZ, which is attached to interface ifdmz of the gateway router and uses address range 120.50.171.0/25.

• A small network, referred to as shared, with interface ifint of the gateway router connected to three other routers, referred to as staff_router, student_router, and research_router. This network has no hosts attached (only four routers) and uses network address 10.5.0.0/18.
• A staff subnet, which is for use by staff members only, that is attached to the
staff_router router and uses network address 10.5.1.0/23.
• A student subnet, which is for use by students only, that is attached to the
student_router router and uses network address 10.5.2.0/23.
• A research subnet, which is for use by research staff, that is attached to the
research_router router and uses network address 10.5.3.0/23.

There are three servers in the DMZ that all can accept requests from the Internet: a web server supporting HTTP and HTTPS, a SMTP email server and a SSH server. Members of the staff, student and research subnets can access the web server; members of the staff subnet only can access the email server but using IMAP; members of the staff and research subnet can access the SSH server when they are outside of the network.

The network upgrade has two main components:

• A wireless LAN to allow all subnets access to the internal network from within the office, outside and in the workshop. Customers of the business may also be granted guest access to the wireless LAN. The wireless LAN will most likely need more than 20 APs and have 150 to 200 clients.
• A VPN to allow staff and research subnet members to access the internal network from home or other locations.

(a) Draw a diagram that illustrates the wired network, wireless network, and VPN. Although there may be many devices in the staff, student, and research subnets, for simplicity you must draw one to three devices in these subnets. Label all computers and router interfaces with IP addresses. Also, clearly indicate which portions of the network have data encrypted due to either WiFi encryption or the VPN (for example, mark those paths that have encryption in red or some other clear label).

(b) Explain where you would locate the firewall and justify that location.

(c) Design a set of firewall rules for the institute. For each rule, give a short justification for that rule.

(d) Implement the firewall rules in virtnet on node2 in topology 5 using iptables. If there are any rules from your design that you cannot implement in the limited virtnet environment with iptables, then explain why you cannot. Include the iptables rules in your report.

Question 4. Wireless security
Read the research article on Wi-Fi Security Analysis (2020)

You need to perform the following tasks:

(a) Write an interesting, engaging, and informative summary of the provided article. You must use your own words and you should highlight aspects of the article you think are particularly interesting. It is important that you simplify it into common, easily understood language. Your summary MUST NOT exceed 400 words.

(b) Find an Internet (online) resource (e.g., research article or link) that provides additional information and/or a different perspective on the central theme of the article you summarised in (a). Like you did in (a), summarise the resource, in your own words and the summary should focus on highlighting how the resource you selected expands upon and adds to the original prescribed resource. You must also provide a full Harvard reference to the resource. This includes a URL and access date.

(c) Reflect on the concepts and topics discussed in the prescribed article and the resource you found and summarised and how you think they could potentially impact us in future.

Attachment:- Advanced Network Security.rar

Reference no: EM132896027

Questions Cloud

Determine the total loss on realization : Profits and loss are shared 3:3:4 for Andres, Tomas and Moises. All partners are solvent. Determine the total loss on realization
What is the total value of game : There are three firms, labeled A, B, and C, each able to produce a single unit of a product. There are numerous suppliers, each of which can supply
Calculate the three products should be produced in the order : If direct machine hours (MH) are the constraint, then calculate the three products should be produced in the order
Find two company or organization that does gene sequencing : Provide a background. of the two companies. Find out how the two companies differ. from. each other and their competitive advantages.
Design a set of firewall rules for the institute : Design a set of firewall rules for the institute. For each rule, give a short justification for that rule and Explain where you would locate the firewall
Describe the root cause for the problem : Identify the problem: Is the problem internal, external, or both? Please describe each problem with research information found outside the case study.
Make a comparison between three courier services companies : Make a comparison between three courier services companies which are ( Poslaju, JNT, DHL) it contains their history, services, advantages and disadvantages, and
What are the budgeted sales for July : The direct labor wage rate is $14 per hour. Each unit of finished goods requires two direct labor-hours. What are the budgeted sales for July
Control and dispute management in procurement : 1. (a) Assess the dispute resolution methods as used in procurement.

Reviews

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd