User Account

All Pages

SIT382 System Security Assignment Problem

Assignment Help Other Subject
Reference no: EM132381605

SIT382 System Security Assignment - Trimester 2/2019 - Deakin University, Australia

Objectives -

  • To apply skills and knowledge acquired throughout the semester in exploiting web application security loopholes and the techniques to fix such loopholes.
  • To demonstrate the ability to use familiarised platforms, VMs and other attack tools (available in BackTrack or Kali or other open-sourced tools) to test security exploits on web applications and the victim OS.
  • To gain experience to understand a given set of specifications (this document)
  • To gain experience in documenting every application exploit that was tested.

Introduction -

In this assignment, you are expected to perform security exploits specified in this document and design a strategic plan to improve the system security for a remote system, firstly using the available tools from BackTrack/Kali and GNU/Linux distribution, and a deliberately insecure web application - WebGoat v8. The JDK v11 with Java Virtual Machine is required to run WebGoat.Meanwhile, you can download BackTrack and any appropriate (free and open-source) tools (e.g. Wireshark) provided by practical labs or from the tools vendor's official website to complete this assignment. The only difference is the official websites will provide the latest released version with some new features and revision but maybe not stable. It is your choice to work on which version that is suited for your computer OS and hardware environments. There are no limitations on either Mac, Linux or Windows etc.

NOTE: You are not to use any commercial security-related or hacking products for this assignment.

There are two parts to this assignment:

  • Part A will require you finish the "Challenges" in the WebGoat, while it is to test your understanding of a particular adversary attack and how to counter that exploit.
  • Part B will require the research work on IDS/IPS, Firewall & Honeypot.

In Part A, you are required to answer the questions with justifiable implementations. These implementations need to be documented in detail. The document must have step- by-step details on what you did to solve the question, including any script codes used to answer the requirements. You are also required to provide images (screen dumps) to show the key steps leading to your solution. These images can be taken using print- screen or any other screen capture method. These images must be embedded in the document with appropriate labelling and descriptions.

In Part B, you need to address the given research questions on the IDS, Firewalls and Honeypot.

In addition, the document format shall be neatly organised and have the proper heading and subheading for the marker's easy marking process. It is suggested to clearly indicate which part and what question you are attempting to complete. It is suggested to clearly indicate the stage your solution is used for.

This overall document will be graded as the main source of your marks. This assignment will be 30% of your final mark. You are required to submit this document via CloudDeakin submission portal (linked with Turnitini) in MS Word format (.doc and .docx). The file must not be password protected.

Part A -

You are required to complete the WebGoat Challenge questions. The tasks to be completed is provided in WebGoat. You need to click on the Challenges menu item and solve all challenges within the WebGoat challenge (CTF) as you can see. This part of the assignment requires you to know different application penetration testing techniques to complete successfully.

An important note to remember is that you are attacking the WebGoat web server from a client (web browser). This means that the attacker does not have any write access to the server, thus you will not be able to modify the java source files to complete the Challenge questions. Any modification of the WebGoat source code to complete the Challenge questions will result in loss of marks.

Once you have finalised the challenges as specified in Section 1 below, it is time for you to launch a different attack to WebGoat page or other local or networked systems as specified in Section 2. However, if you cannot work on the WebGoat for Section 2, there is a second option, in sum, you can take either one of the following two options to accomplish the Section 2:

Option 1: If you select to attack the WebGoat page, your WebScarab with the tampering process works in your computer, then, this will suffice.

Option 2: Alternatively, in some occasions, if your WebGoat does not work in your computer, you are given the option to attack other web system, however, you need to select and choose ONE (1) of the many tools available in the open-sourced domain, including tools which we have not covered but you may find useful, for example, Nmap. Once chosen, a detailed description should be attached, including the reason for selecting this tool, the applied scenario, and supporting theory in behind. You will also provide a complete run through the activity by providing screenshots of how the attack was launched and also an evaluation of the data collected from the victim machine, such as the traffic packet data from the Wireshark.

In Part A, you are required to include the following two sections:

Section 1: For the WebGoat challenges -

  • Description of the scenarios in each stage, including the comparison and analysis against real-world cases.
  • Theoretical description of the possible methods on launching attacks. You may list the possible methods that you may use to test the problems posed by the question of each stage?
  • A brief explanation of the method used (a couple of paragraphs) followed by details on how you used that method to test the problem. What are the results of those methods that you actually tested the problems posed by the question of each stage? (Analyse either successful or unsuccessful methods).
  • Any script codes and images (screen captures) showing the successful completion of the tasks in this part of the assignment.

Section 2: Launch a different attack (other than the attacks in Section 1) for the remote system -

  • A theoretical description of the attack. For example, a spear phishing attack, you will provide around 300-500 words describing the attack in detail.
  • A complete, beginning to end, tutorial-like presentation of the attack, without omitting any variables, including screenshots, this could look like a manual or a journal.
  • An evaluation of the data if collected from Wireshark, in any given case, you will be able to find some pattern, like a redirection or uncommon data between clients in social network attacks, or the effect of a spoofing mechanism, you should describe in a fairly simplistic way, what has happened.
  • Provide a short evaluation and consideration of the attack, this can and should also include defence mechanisms which can be used to defend from such an attack. Please note, this should be done thoroughly and present various mechanisms and description of which you consider to be better and why. For example, for a DoS attack where the attacker has spoofed the IP address, there are mechanisms to trace back the attacker, you should include most of them.

Part B -

Since this is your third year of undergraduate education in Deakin University. It is highly recommended to learn to conduct a certain level of research work and explore a topic for a project. This is valuable as you can use the way when you do your final year's project next year.

In Part B, we will provide three research questions about the Intrusion Detection System (IDS), Firewall and Honeypot you need to investigate and answer the following questions with proper literature citations:

1. Research Question 1:

Can an integrated system with IDS, IPS, Firewall & Honeypot together to improve the real-time system security?

Discuss how and provide one real-world example (e.g., in the context of smart city) with network topology and illustrate the relevant tools/techniques in use. Minimum 5 references are required. (State your own understanding after you have done some research works, cannot use the direct quotation, no more than 600 words)

2. Research Question 2:

Describe the IDS and Honeypot development history based on the timeline (e.g., in a chronological order in year)? Minimum 5 references are required. (no more than 400 words)

3. Research Question 3:

Discuss the main differences (minimum 3) between the firewall and IDS?

Using the diagram to illustrate the components for the types of IDS vs firewall. Use two or three sentences to discuss the differences based on your understanding? (no more than 300 words).

Additional Requirements and Notes -

1. Your report must contain the following information.

  • Your name and student ID number
  • Which assignment question you attempted.
  • A detailed explanation of how you arrive at the solution, including embedded images and any scripting code to show the completeness of your solution.

2. Any text or code adapted from any source must be clearly labelled and referenced. You should clearly indicate the start and end of any such text/code.

Attachment:- System Security Assignment File.rar

Reference no: EM132381605

Questions Cloud

What are the levels of physical security : What is physical security? What are the levels of physical security? What are physical barriers and how they coincide with physical security?
Develop a flowchart for process of paying hourly employee : Develop a flowchart for the process of paying hourly employees. Supervisors collect time sheets from employees, review them for correctness.
Communication and collective intelligence : Sharpening the Team Mind: Communication and Collective Intelligence. what are some other examples of how team communication problems can lead to disaster?
COMP714 Advanced Network Technologies Question : COMP714 Advanced Network Technologies assignment help and solutions, Auckland University of Technology, assessment help - Develop a network model.
SIT382 System Security Assignment Problem : SIT382 System Security Assignment Help and Solution, Assessment Help, Trimester 2/2019 - Deakin University, Australia
Discussion conflict with teams : Evaluate yourself using the three indices of creativity. What strategies can you use to enhance your creativity?
What would change if scooby doo did not pay velma company : Give the general journal entries required to record the May transactions, assuming that Scooby Doo uses the perpetual inventory method.
HLTAAP001 Recognise Healthy Body Systems Assignment Problem : HLTAAP001 Recognise Healthy Body Systems Assignment help and solution, Assessment help - Describe how the body maintains body temperature
Consider the list of common roles for team members : Consider the list of common roles for team members which of these roles do you think you play in your own team or group? Why?

Reviews

len2381605

10/3/2019 11:54:45 PM

Will you be able to execute the webgoat challenges mentioned? Submission details - This is an individual assignment. You are not permitted to work as a part of a group when writing this assignment. Submission method: An electronic copy in Microsoft Word (.doc/.docx) via CloudDeakin. It's your responsibility to ensure that you understand the submission instructions. If you have ANY difficulties, ask the Tutor or unit chair for assistance (prior to the submission date). Penalties for late submission: The following marking penalties will apply for late submission without an approved extension: 5% will be deducted from available marks for each day up to five days. Work that is submitted more than five days after the due date will not be marked; you will receive 0% for the task.

len2381605

10/3/2019 11:54:38 PM

NOTE: You are not to use any commercial security-related or hacking products for this assignment. This overall document will be graded as the main source of your marks. This assignment will be 30% of your final mark. You are required to submit this document via CloudDeakin submission portal (linked with Turnitini) in MS Word format (.doc and .docx). The file must not be password protected. NOTE: Failure to meet any of these requirements will result in loss of marks. The omission of script codes or images showing the key steps leading to the completion of the given tasks will result in severe loss of marks. Note: All materials from sources must be properly referenced. It is necessary to paraphrase and summarize sources, statistics, diagrams, images, experiment results and laboratory data - anything taken from sources. When misconduct is detected, the penalty is very strict.

len2381605

10/3/2019 11:54:31 PM

Additional Requirements and Notes - Your report must contain the following information. Your name and student ID number, Which assignment question you attempted. A detailed explanation of how you arrive at the solution, including embedded images and any scripting code to show the completeness of your solution. Any text or code adapted from any source must be clearly labelled and referenced. You should clearly indicate the start and end of any such text/code. All assignments must be submitted through CloudDeakin. Assignments will not be accepted through any other manner without prior approval. Students should note that this means that email and paper-based submissions will ordinarily be rejected.

len2381605

10/3/2019 11:54:24 PM

Submissions received after the due date are penalised at a rate of 5% (out of the full mark) per day for 5 days. Late submission after 5 days would be penalised at a rate of 100% out of the full mark. Close of submissions on the due date and each day thereafter for penalties will occur at 5 pm Australian Eastern Time (UTC +10 hours). Students outside of Victoria should note that the normal time zone in Victoria is UTC+10 hours. No extension will be granted unless further approved by the Unit Chair. Assignments are normally marked and returned within two weeks of the due date. Assignments that are submitted after the due date will normally take longer to mark and return.

len2381605

10/3/2019 11:54:17 PM

Marking Scheme - Part A: 70% - Successful completion of all challenges (Partial marks will be given for successful efforts in proportion) 20%, Adequate description of the problem/scenario identified/selected 5%, Appropriate usage of scripting language and explanations in the correct place 5%, Description of the technique used to attack the victim via the attack you launched (Either on WebGoat or other local host or networked system) 10%, Description of technique used to provide the detection/mitigation against the attack/adversary 10%, At least 6 relevant screenshots of steps taken to detect/mitigate the attack/adversary (These screenshots should be on your own work, e.g., scripts/commands or the constructed system) 6%, Evaluation and analysis on the collected data if there are any 8%.

len2381605

10/3/2019 11:54:10 PM

Part B: 30% - For question 1, no direct quotations, using your own understanding, no more than 600 words, minimum 5 references are required 15%, For question 2, discussion based on the timeline, no more than 400 words, minimum 5 references are required 10% and For question 3, brief discussion, three differences, no more than 300 words - 5%.

Write a Review

Other Subject Questions & Answers

  Describe role that memory plays in classical conditioning

Describe the role that memory plays in classical conditioning, instrumental conditioning and social learning theory. The paper should have a minimum.

  Question regarding the type of introduction

Post your response to the following: What type of introduction and what type of conclusion do you plan to write for your research paper? How does the introduction draw readers into your argument, and how does the conclusion neatly tie up your pape..

  Analyze your personal and professional strengths

Describe at least three ways you would incorporate the practice of lifelong learning in your profession growth.

  Identify correct evaluation and management code forphysician

Identify the correct Evaluation and Management code for a physician who provided an initial comprehensive preventative examination to a 6 year old.

  Evaluate the credibility of the author

After deciding on the topic for your researched argumentative essay, locate at least three credible sources in the South University Online Library.

  Discuss about the prominent technological innovation

Choose one prominent technological innovation and describe how much it has affected human civilization development?

  Develop action plan for implementing intervention program

Develop an action plan for implementing the intervention program. Identify and analyze the intended or targeted audience for which the intervention program.

  When chocolate is tempered correctly it dries and sets why

When chocolate is tempered correctly it dries and sets, why? Cakes come out of the oven bigger than they went in, what is this called?

  Describe your current stage of self-regulatory ability

If you are currently in the stage of chaos, stability, or flexibility, what three things can you do to reach the next level of self-regulatory ability?

  Discuss how the application of learning theory may vary

Select an ethnic group from your textbook, or outside readings, and discuss how the application of learning theory may vary according to the cultural beliefs and values of this group. Based on the research, justify why you think specific learning..

  Intact groups-extraneous variables-subject loss

You have randomly selected 300 students to participate in your research study. In this project, 100 subjects are asked to take a placebo, another 100 will take a drug that has been shown to enhance memory, and a newer experimental drug that you be..

  Discussing policing practices and operations

Write a 1,050- to 1,750-word paper discussing policing practices and operations. Include an assessment of the following:

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd