Reference no: EM132886874
LD7010 Ethical Hacking for Cyber Security - Northumbria University
Ethical Hacking as a proactive and adversarial approach to secure systems.
Learning Outcome 1: Assess computer systems, information systems and networks to identify their vulnerabilities and weaknesses.
Learning Outcome 2: Evaluate and understand the principles of ethical hacking and appreciate where and in what situations these principles should be applied
Learning Outcome 3: Critically evaluate the core concepts, knowledge and practice of computer security have developed through research
Learning Outcome 4: Appreciate the legal and ethical issues associated with ethical hacking and be able to apply them appropriately.
Assessment Overview
For this module, summative assessment worth 100% of the total mark will be viathis singleindividual assignment; to support evidencing achievement of all learning outcomes for the module, a written critical analysis report forms the basis of the module assessment. It is an individual assessment and should therefore be all your own work. Students should not collude or plagiarise work. Appropriate action will be taken, according to Northumbria University regulations, if collusion or plagiarism is suspected. Please see the section on academic integrity for clarification.
The purpose of this assignment is to perform and document a penetration testing phase as part of a practical ‘offensive security' approach against a known network topology with distinguished characteristics and services. Furthermore, the report incorporates state-of-the-art research to demonstrate in-depth theoretical knowledge of a network security auditing paradigm regarding application and network layer attacks. You will learn how to defend a system and provide a better set of services in terms of security and availability and to further understand how planning and executing a set of steps and methods can seriously affect the security of a network.
Important Information on possible Ethical and Legal Implications
Due to the nature of this module, you MUST ensure that ALL the attacks performed during the coursework are carefully contained within a controlled laboratory environment. The expectedapproach is to utilise virtual technology (e.g. VMware, Hyper-V and VirtualBox) to build your own lab.
Performing attacks on the virtual machines within the dedicated University laboratory is permitted, but it is very important to note that attacking the rest of the university network is NOT allowed. A full monitoring process will be in place and offenders could be prosecuted. Ask your module tutor to clarify any doubts shall you have further inquiries. Overall, make sure you comply with UK-legislation and all associated professional and ethical behaviour.
The purpose of this assignment is NOT to teach you how to break computer system but rather to understand how the countermeasures are applied to protect your potentially vulnerable infrastructure.
Requirements
For the practical part of this assignment, you will have to build three Virtual Machines (VM):
• A Linux Server
• You could use CentOS or Ubuntu Server
• Minimum configuration required
• DNS
• An additional service of your own choice (e.g. DHCP, FTP, SMTP, SNMP etc)
• A Client
• Could be either Windows (Visa, 7, 8, 10 etc) or Linux (Fedora, Ubuntu etc)
• You could create multiple copies of the client's VM if you require more clients to demonstrate an attack
• Attacker machine
• Kali Linux (the most recent version is highly recommended)
Assignment Tasks and Deliverables
The main submission is a singleindividual report consisting of two parts as follows:
Part A
In this first part of the assignment, you are required to:
• Provide a summary of the configuration steps on the server and client. Include screenshots to evident functionality at the client-side. Discuss the rationale behind service selection and configuration. (10%)
• Demonstrate a minimum of 2 attacks against each of the two services configured. Any further and complex attacks will attract more marks. Log all the important and offensive events against your target including attacks detected, services' logs nature, origin of the attack and damage caused.Support your demonstration with screenshots. (35%)
• Criticallyreflect on countermeasures and prevention mechanisms applied to mitigate against your attacks.(15%)
Part B
In the second part of the report, you are required to write a short position paper to critically analyse andreflect on recent state-of-the-art attacks and hacking techniques, followed bya discussion on possible countermeasures.(weights 40%)
Your paper should consider the following guidance and contain the following subtitles as a minimum:
• Title page and Abstract
• Introduction
• The nature of the brief/commission and the topic should be briefly outlined and defined alongside details of how the paper is organised.
• Scope: how did you select the attacks/techniques in this paper? E.g. most recent attacks, wireless attacks, VoIP attacks, DNS attacks etc
• Main body
• Critical discussion, reflection and analysis
• Conclusions
• A brief summary of the key findings established from your research.
• References.
• A full list of references used within the paper should be provided. The Harvard Style of referencing should be applied throughout the assignment.
Attachment:- Ethical Hacking for Cyber Security.rar