Reference no: EM132381605
SIT382 System Security Assignment - Trimester 2/2019 - Deakin University, Australia
Objectives -
- To apply skills and knowledge acquired throughout the semester in exploiting web application security loopholes and the techniques to fix such loopholes.
- To demonstrate the ability to use familiarised platforms, VMs and other attack tools (available in BackTrack or Kali or other open-sourced tools) to test security exploits on web applications and the victim OS.
- To gain experience to understand a given set of specifications (this document)
- To gain experience in documenting every application exploit that was tested.
Introduction -
In this assignment, you are expected to perform security exploits specified in this document and design a strategic plan to improve the system security for a remote system, firstly using the available tools from BackTrack/Kali and GNU/Linux distribution, and a deliberately insecure web application - WebGoat v8. The JDK v11 with Java Virtual Machine is required to run WebGoat.Meanwhile, you can download BackTrack and any appropriate (free and open-source) tools (e.g. Wireshark) provided by practical labs or from the tools vendor's official website to complete this assignment. The only difference is the official websites will provide the latest released version with some new features and revision but maybe not stable. It is your choice to work on which version that is suited for your computer OS and hardware environments. There are no limitations on either Mac, Linux or Windows etc.
NOTE: You are not to use any commercial security-related or hacking products for this assignment.
There are two parts to this assignment:
- Part A will require you finish the "Challenges" in the WebGoat, while it is to test your understanding of a particular adversary attack and how to counter that exploit.
- Part B will require the research work on IDS/IPS, Firewall & Honeypot.
In Part A, you are required to answer the questions with justifiable implementations. These implementations need to be documented in detail. The document must have step- by-step details on what you did to solve the question, including any script codes used to answer the requirements. You are also required to provide images (screen dumps) to show the key steps leading to your solution. These images can be taken using print- screen or any other screen capture method. These images must be embedded in the document with appropriate labelling and descriptions.
In Part B, you need to address the given research questions on the IDS, Firewalls and Honeypot.
In addition, the document format shall be neatly organised and have the proper heading and subheading for the marker's easy marking process. It is suggested to clearly indicate which part and what question you are attempting to complete. It is suggested to clearly indicate the stage your solution is used for.
This overall document will be graded as the main source of your marks. This assignment will be 30% of your final mark. You are required to submit this document via CloudDeakin submission portal (linked with Turnitini) in MS Word format (.doc and .docx). The file must not be password protected.
Part A -
You are required to complete the WebGoat Challenge questions. The tasks to be completed is provided in WebGoat. You need to click on the Challenges menu item and solve all challenges within the WebGoat challenge (CTF) as you can see. This part of the assignment requires you to know different application penetration testing techniques to complete successfully.
An important note to remember is that you are attacking the WebGoat web server from a client (web browser). This means that the attacker does not have any write access to the server, thus you will not be able to modify the java source files to complete the Challenge questions. Any modification of the WebGoat source code to complete the Challenge questions will result in loss of marks.
Once you have finalised the challenges as specified in Section 1 below, it is time for you to launch a different attack to WebGoat page or other local or networked systems as specified in Section 2. However, if you cannot work on the WebGoat for Section 2, there is a second option, in sum, you can take either one of the following two options to accomplish the Section 2:
Option 1: If you select to attack the WebGoat page, your WebScarab with the tampering process works in your computer, then, this will suffice.
Option 2: Alternatively, in some occasions, if your WebGoat does not work in your computer, you are given the option to attack other web system, however, you need to select and choose ONE (1) of the many tools available in the open-sourced domain, including tools which we have not covered but you may find useful, for example, Nmap. Once chosen, a detailed description should be attached, including the reason for selecting this tool, the applied scenario, and supporting theory in behind. You will also provide a complete run through the activity by providing screenshots of how the attack was launched and also an evaluation of the data collected from the victim machine, such as the traffic packet data from the Wireshark.
In Part A, you are required to include the following two sections:
Section 1: For the WebGoat challenges -
- Description of the scenarios in each stage, including the comparison and analysis against real-world cases.
- Theoretical description of the possible methods on launching attacks. You may list the possible methods that you may use to test the problems posed by the question of each stage?
- A brief explanation of the method used (a couple of paragraphs) followed by details on how you used that method to test the problem. What are the results of those methods that you actually tested the problems posed by the question of each stage? (Analyse either successful or unsuccessful methods).
- Any script codes and images (screen captures) showing the successful completion of the tasks in this part of the assignment.
Section 2: Launch a different attack (other than the attacks in Section 1) for the remote system -
- A theoretical description of the attack. For example, a spear phishing attack, you will provide around 300-500 words describing the attack in detail.
- A complete, beginning to end, tutorial-like presentation of the attack, without omitting any variables, including screenshots, this could look like a manual or a journal.
- An evaluation of the data if collected from Wireshark, in any given case, you will be able to find some pattern, like a redirection or uncommon data between clients in social network attacks, or the effect of a spoofing mechanism, you should describe in a fairly simplistic way, what has happened.
- Provide a short evaluation and consideration of the attack, this can and should also include defence mechanisms which can be used to defend from such an attack. Please note, this should be done thoroughly and present various mechanisms and description of which you consider to be better and why. For example, for a DoS attack where the attacker has spoofed the IP address, there are mechanisms to trace back the attacker, you should include most of them.
Part B -
Since this is your third year of undergraduate education in Deakin University. It is highly recommended to learn to conduct a certain level of research work and explore a topic for a project. This is valuable as you can use the way when you do your final year's project next year.
In Part B, we will provide three research questions about the Intrusion Detection System (IDS), Firewall and Honeypot you need to investigate and answer the following questions with proper literature citations:
1. Research Question 1:
Can an integrated system with IDS, IPS, Firewall & Honeypot together to improve the real-time system security?
Discuss how and provide one real-world example (e.g., in the context of smart city) with network topology and illustrate the relevant tools/techniques in use. Minimum 5 references are required. (State your own understanding after you have done some research works, cannot use the direct quotation, no more than 600 words)
2. Research Question 2:
Describe the IDS and Honeypot development history based on the timeline (e.g., in a chronological order in year)? Minimum 5 references are required. (no more than 400 words)
3. Research Question 3:
Discuss the main differences (minimum 3) between the firewall and IDS?
Using the diagram to illustrate the components for the types of IDS vs firewall. Use two or three sentences to discuss the differences based on your understanding? (no more than 300 words).
Additional Requirements and Notes -
1. Your report must contain the following information.
- Your name and student ID number
- Which assignment question you attempted.
- A detailed explanation of how you arrive at the solution, including embedded images and any scripting code to show the completeness of your solution.
2. Any text or code adapted from any source must be clearly labelled and referenced. You should clearly indicate the start and end of any such text/code.
Attachment:- System Security Assignment File.rar