SlideShare une entreprise Scribd logo

COIT20262 Assignment 1 Term 1, 2018 Advanced Network Secur.docx

Télécharger en tant que DOCX, PDF
C
clarebernice

COIT20262 Assignment 1 Term 1, 2018 Advanced Network Security Page 1 of 7 COIT20262 - Advanced Network Security, Term 1, 2018 Assignment 1 Due date: 5pm Friday 20 April 2018 (Week 6) ASSESSMENT Weighting: 40% 1 Length: N/A Instructions Attempt all questions. Submit the following on Moodle: • Answers: A Microsoft Word document containing answers to the questions. • File for Question 1: netcat.pcap • Files for Question 2: screenshot-attack.png, screenshot-success.png This is an individual assignment, and it is expected students answer the questions themselves. Discussion of approaches to solving questions is allowed (and encouraged), however each student should develop and write-up their own answers. See CQUniversity resources on Referencing and Plagiarism. Guidelines for this assignment include: • Do not exchange files (reports, captures, diagrams) with other students. • Complete tasks with virtnet yourself – do not use results from another student. • Draw your own diagrams. Do not use diagrams from other sources (Internet, textbooks) or from other students. • Write your own explanations. In some cases, students may arrive at the same numerical answer, however their explanation of the answer should always be their own. • Do not copy text from websites or textbooks. During research you should read and understand what others have written, and then write in your own words. Marking Scheme Each sub-question is allocated marks in [square brackets]. Questions which require a specific answer will be marked on correctness. Questions which require explanations will be marked on correctness, depth and clarity of the answer. To receive full marks, the explanation must be correct, must include significant depth to demonstrate understanding of the topic (but does not include irrelevant information), and must be clear to the intended audience. Unless otherwise stated, assume the audience has a background similar to Master of IT students that have successfully completed 1st year of study. Questions which require diagrams will be marked on the correctness and clarity of the diagram. Submitted files will be marked on correctness of the information included. https://www.cqu.edu.au/student-life/services-and-facilities/referencing COIT20262 Assignment 1 Term 1, 2018 Advanced Network Security Page 2 of 7 Question 1. Analysis of Protocols with Wireshark [11 marks] For this question you must use virtnet (as used in the workshops) to study Internet applications with Wireshark. This assumes you have already setup and are familiar with virtnet. See Moodle and workshop instructions for information on setting up and using virtnet, deploying the website, and performing the attack. Your task is to: • Create topology 5 in virtnet where: o node1 will be referred to as the client o node2 will be the router o node3 will be the server • Start capturing packets using tcpdump on the router (node2) • W ...

Formation
1  sur  14
COIT20262 Assignment 1 Term 1, 2018 Advanced Network Security Page 1 of 7 COIT20262 - Advanced Network Security, Term 1, 2018 Assignment 1 Due date: 5pm Friday 20 April 2018 (Week 6) ASSESSMENT Weighting: 40% 1 Length: N/A Instructions Attempt all questions. Submit the following on Moodle: • Answers: A Microsoft Word document containing answers to the questions. • File for Question 1: netcat.pcap • Files for Question 2: screenshot-attack.png, screenshot- success.png This is an individual assignment, and it is expected students answer the questions themselves. Discussion of approaches to solving questions is allowed (and encouraged), however each student should develop and write-up their own answers. See CQUniversity resources on Referencing and Plagiarism. Guidelines for this assignment include:
• Do not exchange files (reports, captures, diagrams) with other students. • Complete tasks with virtnet yourself – do not use results from another student. • Draw your own diagrams. Do not use diagrams from other sources (Internet, textbooks) or from other students. • Write your own explanations. In some cases, students may arrive at the same numerical answer, however their explanation of the answer should always be their own. • Do not copy text from websites or textbooks. During research you should read and understand what others have written, and then write in your own words. Marking Scheme Each sub-question is allocated marks in [square brackets]. Questions which require a specific answer will be marked on correctness. Questions which require explanations will be marked on correctness, depth and clarity of the answer. To receive full marks, the explanation must be correct, must include significant depth to demonstrate understanding of the topic (but does not include irrelevant information), and must be clear to the intended audience. Unless otherwise stated, assume the audience has a background similar to Master of IT students that have successfully completed 1st year of study.
Questions which require diagrams will be marked on the correctness and clarity of the diagram. Submitted files will be marked on correctness of the information included. https://www.cqu.edu.au/student-life/services-and- facilities/referencing COIT20262 Assignment 1 Term 1, 2018 Advanced Network Security Page 2 of 7 Question 1. Analysis of Protocols with Wireshark [11 marks] For this question you must use virtnet (as used in the workshops) to study Internet applications with Wireshark. This assumes you have already setup and are familiar with virtnet. See Moodle and workshop instructions for information on setting up and using virtnet, deploying the website, and performing the attack. Your task is to: • Create topology 5 in virtnet where: o node1 will be referred to as the client o node2 will be the router o node3 will be the server • Start capturing packets using tcpdump on the router (node2) • While capturing, perform the following operations in order: 1. Start netcat TCP server using assigned port on the server (node3) 2. Start netcat TCP client on the client (node1)
3. On the client (node1) type: COIT20262 Assignment 1<press ENTER> My ID is <type in your actual student ID><press ENTER> 4. On the server (node3) type: Hello <type in your actual student ID>. I am the server.<press ENTER> 5. On the client (node1) type: Goodbye server.<press ENTER> <Ctrl-D> You need to perform steps 3-5 in the correct sequence, switching from client to server to client. • Stop the capture and save the file as netcat.pcap The netcat TCP server must use port 6xyz where xyz is the last three (3) digits of your student ID. For example, the netcat TCP server for student ID 12034567 would be 6567. After performing and understanding the above steps, answer the following sub-questions (a) Submit your capture file as netcat.pcap on Moodle. The single file must contain all packets of the TCP exchange using your assigned port and using your ID. [3 marks]
(b) Draw a message sequence diagram that illustrates all the TCP packets generated by using netcat (do not draw any packets generated by other applications or protocols, such as ARP, DNS or SSH). A message sequence diagram uses vertical lines to represent events that happen at a computer over time (time is increasing as the line goes down). Addresses of the computers/software are given at the top of the vertical lines. Horizontal or sloped arrows are used to show messages (packets) being sent between COIT20262 Assignment 1 Term 1, 2018 Advanced Network Security Page 3 of 7 computers. Each arrow should be labelled with the protocol, packet type and important information of the message. Examples of message sequence diagrams are given in workshops. Note that you do not need to show the packet times, and the diagram does not have to be to scale. [3 marks] (c) Based on your capture only, identify the following information, and give the packet that the information is found in. If the information is found in multiple packets, give the first packet from the capture. For example, if the information is found in packet numbers 3, 5 and 7, you would give the packet as 3. [5 marks]
Information Value Packet MAC address of the client IP address of the server Flags for 1st TCP segment containing data Length of data for 2nd TCP segment containing data Absolute sequence number of 1st TCP segment sent by server that contains data COIT20262 Assignment 1 Term 1, 2018 Advanced Network Security Page 4 of 7 Question 2. Web Application Attacks [12 marks] Using virtnet, perform an SQL injection attack on the demo grading website www.myuni.edu. The general steps for performing an SQL injection attack with virtnet are
described at: https://sandilands.info/sgordon/sql-injection-csrf-cookie- stealing-in-a-virtual-network However you must follow these specific steps when performing the attack: 1. Before performing the attack, add two new student users to the database with the following details: a. New student 1: username is your ID, password is your ID b. New student 2: username is 12039999, password is hacker 2. For both of the new students add the following courses and grades: a. New student 1: coit20262, C b. New student 1: coit20264, D c. New student 2: coit20262, HD d. New student 2: coit20264, F 3. Perform the SQL injection attack as new student 2, i.e. logged in as 12039999 4. Take a screenshot of the attacker web browser showing the web form the attacker uses to perform the attack. Make sure the screenshot clearly shows the fields/data entered by the attacker. Save the screenshot as screenshot-attack.png. 5. Take a screenshot of the attacker web browser showing a successful attack, i.e. the grades of other students. Save the screenshot as screenshot- success.png.
Answer the following questions. (a) Give a general explanation of an SQL injection attack. (This explanation should NOT reference the attack you performed in virtnet; it should be for any SQL injection attack). [1 marks] (b) Explain two general approaches that can be used to avoid or minimise SQL injection attacks. (This explanation should NOT reference the attack you performed in virtnet; it should be for any SQL injection attack). [2 marks] For this specific attack on www.myuni.edu: (c) Explain the limitation/weakness in the MyUni website that allowed the SQL injection attack to be successful. In your explanation refer to the file(s) and line(s) of code, and give samples of the code in your answer. [2 marks] (d) Explain what the attacker, 12039999, had to do in their web browser to perform the attack. In your explanation include the screenshot screenshot- attack.png and refer to the information shown in that screenshot. [2 marks] http://www.myuni.edu/ https://sandilands.info/sgordon/sql-injection-csrf-cookie- stealing-in-a-virtual-network
COIT20262 Assignment 1 Term 1, 2018 Advanced Network Security Page 5 of 7 (e) Submit your screenshot screenshot-attack.png as a separate file. That is, you must both embed the screenshot in the report AND submit the file separately. The reason for this is that it makes it easier for the marker in reading the report to have an embedded image, but sometimes the quality is hard to read (hence the additional file submission). [1 mark] (f) Explain what the attacker, 12039999, could learn or gain from performing the SQL injection attack. In your explanation include the screenshot screenshot-success.png and refer to the information shown in that screenshot. [1 mark] (g) Submit your screenshot screenshot-success.png as a separate file. [1 mark] (h) Explain what the website developer could do to prevent this SQL injection attack. In your explanation, give exact code and steps the developer should use. [2 marks]
COIT20262 Assignment 1 Term 1, 2018 Advanced Network Security Page 6 of 7 Question 3. Cryptography Concepts [9 marks] Assume you are advising a small legal business on aspects of computer and network security. The business stores many confidential documents, and many of the communications with its clients contain confidential information. The business wants to go paper-less; that is, no paper documents stored or paper-based communications. As they have only a small number (but quite valuable and loyal) clients, the clients have agreed to participate in the paper-less communications (so long as it doesn’t introduce any significant extra cost to them). In the following questions provide an answer that is understandable by employees of the company, and also provides technical depth such that their IT manager can implement any recommended technologies (e.g. refer to standards, protocols, algorithms or software). You are allowed to use dot points, lists and diagrams in your answers, however you should keep the answer of each part shorter than ½ a page (in some cases, the answers may be just a paragraph or two). The company has a file server, with sufficient space to store their documents for the foreseeable future.
(a) Provide a general explanation of how symmetric key encryption of files or disks work. [1 mark] (b) With respect to the file server, explain to the company what is full-disk encryption and file-based encryption, and explain the tradeoffs between the two approaches. Include recommended technologies. [2 marks] The company is considering backing up the file server to a cloud storage provider. (c) Explain to the company any security ramifications of this approach to backup. Include reasons why or why not there are security ramifications. (Note that you should not explain about the issues of backups or costs of cloud storage; focus only on the security ramifications). [2 marks] The company, as well as all clients, use email software and document editing software that supports digital signatures. (d) Provide a general explanation of how digital signatures work, and what problems they solve for the company. [2 marks] (e) Regarding both encryption on the file server and use of digital signatures, explain to the company what keys will be in use (e.g. types of keys, who
will have keys) and provide recommendations on managing, sharing and changing keys. [2 marks] COIT20262 Assignment 1 Term 1, 2018 Advanced Network Security Page 7 of 7 Question 4. Trojan Downloads Research [8 marks] Many people download free or paid software from reputable sources for use on their computers and mobile devices. The sources include: app stores (Google Play, Apple App Store); software distribution sites (e.g. SourceForge, GitHub, CNET Download) and individual websites of software developers. However, there have been cases when reputable sources hosting popular software have been compromised, resulting in people downloading infected software (e.g. Trojans). For example, see stories about HandBrake video converter, Transmission BitTorrent, and Google taking down potentially harmful apps from the Play Store. Your task is to study how such reputable software sources can host malicious software, and what measures software developers and hosting sites can take to reduce infection. Note this question refers to reputable sources of software. The question is NOT about sites or systems that often host illegal or copyrighted software (e.g. torrents, file lockers).
You must write a short report that answers the following questions: (a) What are the motivations and goals of malicious users in using the above mentioned attacks? Include in your answer examples of negative impact of such attacks on users and software developers. [1 mark] (b) Select two examples of real Trojans or malware distributed via reputable sources, and describe those examples. [2 marks] (c) What role can file hashes, digests or signatures play in securing downloads? What are the limitations of these techniques? [2 marks] (d) List and explain recommendations should be given to software developers in distributing software. [1.5 marks] (e) List and explain recommendations should be given to users who download software. [1.5 marks] You should structure your report into a section for each of the above parts. There is no minimum/maximum length of the report. As a guide 1/3 to 1/4 pages of text for each of the above parts may be appropriate. You may draw diagrams if needed. Including pictures from other sources, or including pictures that do not help with the explanation will not
gain marks and may lead to reduced marks. You may assume the audience of the report has similar background on network security as you. You should refer to techniques and concepts covered in the unit, and give sufficient technical detail to demonstrate you understand the issues. InstructionsMarking SchemeQuestion 1. Analysis of Protocols with Wireshark [11 marks]Question 2. Web Application Attacks [12 marks]Question 3. Cryptography Concepts [9 marks]Question 4. Trojan Downloads Research [8 marks]

Recommandé

A01 assignment-1
A01 assignment-1A01 assignment-1
A01 assignment-1Sandeep Ratnam
 
COIT20262 Assignment 2 Questions Term 2, 2018 Advanced Net.docx
COIT20262 Assignment 2 Questions Term 2, 2018 Advanced Net.docxCOIT20262 Assignment 2 Questions Term 2, 2018 Advanced Net.docx
COIT20262 Assignment 2 Questions Term 2, 2018 Advanced Net.docxmary772
 
COMP1609 (202223)Network and Internet Technologyand DesignF.docx
COMP1609 (202223)Network and Internet Technologyand DesignF.docxCOMP1609 (202223)Network and Internet Technologyand DesignF.docx
COMP1609 (202223)Network and Internet Technologyand DesignF.docxrobert345678
 
COMP1609(2022-23)Network and Internet Technologyand DesignFaculty Head.docx
COMP1609(2022-23)Network and Internet Technologyand DesignFaculty Head.docxCOMP1609(2022-23)Network and Internet Technologyand DesignFaculty Head.docx
COMP1609(2022-23)Network and Internet Technologyand DesignFaculty Head.docxnoel23456789
 
Cis 534 Education Organization -- snaptutorial.com
Cis 534 Education Organization -- snaptutorial.comCis 534 Education Organization -- snaptutorial.com
Cis 534 Education Organization -- snaptutorial.comDavisMurphyB71
 
CIS 534 Education Specialist / snaptutorial.com
CIS 534 Education Specialist / snaptutorial.com CIS 534 Education Specialist / snaptutorial.com
CIS 534 Education Specialist / snaptutorial.comstevesonz129
 
Mis 589 Success Begins / snaptutorial.com
Mis 589 Success Begins / snaptutorial.comMis 589 Success Begins / snaptutorial.com
Mis 589 Success Begins / snaptutorial.comWilliamsTaylor44
 
Mis 589 Massive Success / snaptutorial.com
Mis 589 Massive Success / snaptutorial.comMis 589 Massive Success / snaptutorial.com
Mis 589 Massive Success / snaptutorial.comStephenson185
 

Recommandé

A01 assignment-1
A01 assignment-1A01 assignment-1
A01 assignment-1Sandeep Ratnam
 
COIT20262 Assignment 2 Questions Term 2, 2018 Advanced Net.docx
COIT20262 Assignment 2 Questions Term 2, 2018 Advanced Net.docxCOIT20262 Assignment 2 Questions Term 2, 2018 Advanced Net.docx
COIT20262 Assignment 2 Questions Term 2, 2018 Advanced Net.docxmary772
 
COMP1609 (202223)Network and Internet Technologyand DesignF.docx
COMP1609 (202223)Network and Internet Technologyand DesignF.docxCOMP1609 (202223)Network and Internet Technologyand DesignF.docx
COMP1609 (202223)Network and Internet Technologyand DesignF.docxrobert345678
 
COMP1609(2022-23)Network and Internet Technologyand DesignFaculty Head.docx
COMP1609(2022-23)Network and Internet Technologyand DesignFaculty Head.docxCOMP1609(2022-23)Network and Internet Technologyand DesignFaculty Head.docx
COMP1609(2022-23)Network and Internet Technologyand DesignFaculty Head.docxnoel23456789
 
Cis 534 Education Organization -- snaptutorial.com
Cis 534 Education Organization -- snaptutorial.comCis 534 Education Organization -- snaptutorial.com
Cis 534 Education Organization -- snaptutorial.comDavisMurphyB71
 
CIS 534 Education Specialist / snaptutorial.com
CIS 534 Education Specialist / snaptutorial.com CIS 534 Education Specialist / snaptutorial.com
CIS 534 Education Specialist / snaptutorial.comstevesonz129
 
Mis 589 Success Begins / snaptutorial.com
Mis 589 Success Begins / snaptutorial.comMis 589 Success Begins / snaptutorial.com
Mis 589 Success Begins / snaptutorial.comWilliamsTaylor44
 
Mis 589 Massive Success / snaptutorial.com
Mis 589 Massive Success / snaptutorial.comMis 589 Massive Success / snaptutorial.com
Mis 589 Massive Success / snaptutorial.comStephenson185
 
UDP Report
UDP ReportUDP Report
UDP ReportJames Dianics
 
Cis 534 Technology levels--snaptutorial.com
Cis 534 Technology levels--snaptutorial.comCis 534 Technology levels--snaptutorial.com
Cis 534 Technology levels--snaptutorial.comsholingarjosh62
 
Cis 534 Enthusiastic Study / snaptutorial.com
Cis 534 Enthusiastic Study / snaptutorial.comCis 534 Enthusiastic Study / snaptutorial.com
Cis 534 Enthusiastic Study / snaptutorial.comStephenson05
 
A02 assignment-2
A02 assignment-2A02 assignment-2
A02 assignment-2Sandeep Ratnam
 
Cis 534 Effective Communication / snaptutorial.com
Cis 534 Effective Communication / snaptutorial.comCis 534 Effective Communication / snaptutorial.com
Cis 534 Effective Communication / snaptutorial.comStokesCope34
 
Assistant Programmer, Bangladesh Bank
Assistant Programmer, Bangladesh BankAssistant Programmer, Bangladesh Bank
Assistant Programmer, Bangladesh BankEngr. Md. Jamal Uddin Rayhan
 
IRJET- Enhancing Network Security by Modified Secure Dynamic Path Identifiers
IRJET- Enhancing Network Security by Modified Secure Dynamic Path IdentifiersIRJET- Enhancing Network Security by Modified Secure Dynamic Path Identifiers
IRJET- Enhancing Network Security by Modified Secure Dynamic Path IdentifiersIRJET Journal
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsIRJET Journal
 
NSA Capstone Project III final pp
NSA Capstone Project III final ppNSA Capstone Project III final pp
NSA Capstone Project III final ppAlfonso Zamorano
 
Kumar cscl final
Kumar cscl finalKumar cscl final
Kumar cscl finalKumar Gaurav
 
Didiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Kusumadihardja
 
Semester ii
Semester iiSemester ii
Semester iismumbahelp
 
IT6511 Networks Laboratory
IT6511 Networks LaboratoryIT6511 Networks Laboratory
IT6511 Networks Laboratorygayathridevprasad
 
Consider introducing the overall objective of the network design/tutorialoutlet
Consider introducing the overall objective of the network design/tutorialoutletConsider introducing the overall objective of the network design/tutorialoutlet
Consider introducing the overall objective of the network design/tutorialoutletPittock
 
Cerita
CeritaCerita
CeritaLakeisha Jones
 
Kota tinggi-scheme
Kota tinggi-schemeKota tinggi-scheme
Kota tinggi-schemeAyuMohamad
 
Networking Issues and Challenges In Cloud Computing
Networking Issues and Challenges In Cloud ComputingNetworking Issues and Challenges In Cloud Computing
Networking Issues and Challenges In Cloud ComputingIOSR Journals
 
G017214849
G017214849G017214849
G017214849IOSR Journals
 
CIS 599 Education guide/Tutorialrank.com
CIS 599 Education guide/Tutorialrank.comCIS 599 Education guide/Tutorialrank.com
CIS 599 Education guide/Tutorialrank.comnummaju
 
Cis 599 Education Redefined - snaptutorial.com
Cis 599 Education Redefined - snaptutorial.comCis 599 Education Redefined - snaptutorial.com
Cis 599 Education Redefined - snaptutorial.comDavisMurphyC77
 
Consider the vision for a successful Southwest Transit marketing tea.docx
Consider the vision for a successful Southwest Transit marketing tea.docxConsider the vision for a successful Southwest Transit marketing tea.docx
Consider the vision for a successful Southwest Transit marketing tea.docxclarebernice
 
Consider the various ways to create effective communication in teams.docx
Consider the various ways to create effective communication in teams.docxConsider the various ways to create effective communication in teams.docx
Consider the various ways to create effective communication in teams.docxclarebernice
 

Contenu connexe

Similaire à COIT20262 Assignment 1 Term 1, 2018 Advanced Network Secur.docx

Cis 534 Technology levels--snaptutorial.com
Cis 534 Technology levels--snaptutorial.comCis 534 Technology levels--snaptutorial.com
Cis 534 Technology levels--snaptutorial.comsholingarjosh62
 
Cis 534 Enthusiastic Study / snaptutorial.com
Cis 534 Enthusiastic Study / snaptutorial.comCis 534 Enthusiastic Study / snaptutorial.com
Cis 534 Enthusiastic Study / snaptutorial.comStephenson05
 
Cis 534 Effective Communication / snaptutorial.com
Cis 534 Effective Communication / snaptutorial.comCis 534 Effective Communication / snaptutorial.com
Cis 534 Effective Communication / snaptutorial.comStokesCope34
 
IRJET- Enhancing Network Security by Modified Secure Dynamic Path Identifiers
IRJET- Enhancing Network Security by Modified Secure Dynamic Path IdentifiersIRJET- Enhancing Network Security by Modified Secure Dynamic Path Identifiers
IRJET- Enhancing Network Security by Modified Secure Dynamic Path IdentifiersIRJET Journal
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsIRJET Journal
 
NSA Capstone Project III final pp
NSA Capstone Project III final ppNSA Capstone Project III final pp
NSA Capstone Project III final ppAlfonso Zamorano
 
Didiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Kusumadihardja
 
Consider introducing the overall objective of the network design/tutorialoutlet
Consider introducing the overall objective of the network design/tutorialoutletConsider introducing the overall objective of the network design/tutorialoutlet
Consider introducing the overall objective of the network design/tutorialoutletPittock
 
Kota tinggi-scheme
Kota tinggi-schemeKota tinggi-scheme
Kota tinggi-schemeAyuMohamad
 
Networking Issues and Challenges In Cloud Computing
Networking Issues and Challenges In Cloud ComputingNetworking Issues and Challenges In Cloud Computing
Networking Issues and Challenges In Cloud ComputingIOSR Journals
 
CIS 599 Education guide/Tutorialrank.com
CIS 599 Education guide/Tutorialrank.comCIS 599 Education guide/Tutorialrank.com
CIS 599 Education guide/Tutorialrank.comnummaju
 
Cis 599 Education Redefined - snaptutorial.com
Cis 599 Education Redefined - snaptutorial.comCis 599 Education Redefined - snaptutorial.com
Cis 599 Education Redefined - snaptutorial.comDavisMurphyC77
 

Similaire à COIT20262 Assignment 1 Term 1, 2018 Advanced Network Secur.docx (20)

UDP Report
UDP ReportUDP Report
UDP Report
 
Cis 534 Technology levels--snaptutorial.com
Cis 534 Technology levels--snaptutorial.comCis 534 Technology levels--snaptutorial.com
Cis 534 Technology levels--snaptutorial.com
 
Cis 534 Enthusiastic Study / snaptutorial.com
Cis 534 Enthusiastic Study / snaptutorial.comCis 534 Enthusiastic Study / snaptutorial.com
Cis 534 Enthusiastic Study / snaptutorial.com
 
A02 assignment-2
A02 assignment-2A02 assignment-2
A02 assignment-2
 
Cis 534 Effective Communication / snaptutorial.com
Cis 534 Effective Communication / snaptutorial.comCis 534 Effective Communication / snaptutorial.com
Cis 534 Effective Communication / snaptutorial.com
 
Assistant Programmer, Bangladesh Bank
Assistant Programmer, Bangladesh BankAssistant Programmer, Bangladesh Bank
Assistant Programmer, Bangladesh Bank
 
IRJET- Enhancing Network Security by Modified Secure Dynamic Path Identifiers
IRJET- Enhancing Network Security by Modified Secure Dynamic Path IdentifiersIRJET- Enhancing Network Security by Modified Secure Dynamic Path Identifiers
IRJET- Enhancing Network Security by Modified Secure Dynamic Path Identifiers
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weapons
 
NSA Capstone Project III final pp
NSA Capstone Project III final ppNSA Capstone Project III final pp
NSA Capstone Project III final pp
 
Kumar cscl final
Kumar cscl finalKumar cscl final
Kumar cscl final
 
Didiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - English
 
Semester ii
Semester iiSemester ii
Semester ii
 
IT6511 Networks Laboratory
IT6511 Networks LaboratoryIT6511 Networks Laboratory
IT6511 Networks Laboratory
 
Consider introducing the overall objective of the network design/tutorialoutlet
Consider introducing the overall objective of the network design/tutorialoutletConsider introducing the overall objective of the network design/tutorialoutlet
Consider introducing the overall objective of the network design/tutorialoutlet
 
Cerita
CeritaCerita
Cerita
 
Kota tinggi-scheme
Kota tinggi-schemeKota tinggi-scheme
Kota tinggi-scheme
 
Networking Issues and Challenges In Cloud Computing
Networking Issues and Challenges In Cloud ComputingNetworking Issues and Challenges In Cloud Computing
Networking Issues and Challenges In Cloud Computing
 
G017214849
G017214849G017214849
G017214849
 
CIS 599 Education guide/Tutorialrank.com
CIS 599 Education guide/Tutorialrank.comCIS 599 Education guide/Tutorialrank.com
CIS 599 Education guide/Tutorialrank.com
 
Cis 599 Education Redefined - snaptutorial.com
Cis 599 Education Redefined - snaptutorial.comCis 599 Education Redefined - snaptutorial.com
Cis 599 Education Redefined - snaptutorial.com
 

Plus de clarebernice

Consider the vision for a successful Southwest Transit marketing tea.docx
Consider the vision for a successful Southwest Transit marketing tea.docxConsider the vision for a successful Southwest Transit marketing tea.docx
Consider the vision for a successful Southwest Transit marketing tea.docxclarebernice
 
Consider the various ways to create effective communication in teams.docx
Consider the various ways to create effective communication in teams.docxConsider the various ways to create effective communication in teams.docx
Consider the various ways to create effective communication in teams.docxclarebernice
 
consider the unique and varied forms of slaveryenslavement in Afric.docx
consider the unique and varied forms of slaveryenslavement in Afric.docxconsider the unique and varied forms of slaveryenslavement in Afric.docx
consider the unique and varied forms of slaveryenslavement in Afric.docxclarebernice
 
Consider the types of digital technology advances that exist and how.docx
Consider the types of digital technology advances that exist and how.docxConsider the types of digital technology advances that exist and how.docx
Consider the types of digital technology advances that exist and how.docxclarebernice
 
Consider the two following statements Photosynthesis and cellular .docx
Consider the two following statements Photosynthesis and cellular .docxConsider the two following statements Photosynthesis and cellular .docx
Consider the two following statements Photosynthesis and cellular .docxclarebernice
 
Consider the study on Ethnography you described last week, Remind us.docx
Consider the study on Ethnography you described last week, Remind us.docxConsider the study on Ethnography you described last week, Remind us.docx
Consider the study on Ethnography you described last week, Remind us.docxclarebernice
 
Consider the role of HR in a rapidly-changing world. What cha.docx
Consider the role of HR in a rapidly-changing world. What cha.docxConsider the role of HR in a rapidly-changing world. What cha.docx
Consider the role of HR in a rapidly-changing world. What cha.docxclarebernice
 
Consider the scenarios involving the unwilling moral agents of J.docx
Consider the scenarios involving the unwilling moral agents of J.docxConsider the scenarios involving the unwilling moral agents of J.docx
Consider the scenarios involving the unwilling moral agents of J.docxclarebernice
 
Consider the scenario below.A toxic waste dump company wants to .docx
Consider the scenario below.A toxic waste dump company wants to .docxConsider the scenario below.A toxic waste dump company wants to .docx
Consider the scenario below.A toxic waste dump company wants to .docxclarebernice
 
Consider the role of interest groups in the policy-making process, w.docx
Consider the role of interest groups in the policy-making process, w.docxConsider the role of interest groups in the policy-making process, w.docx
Consider the role of interest groups in the policy-making process, w.docxclarebernice
 
Consider the role of stakeholders in addressing a health problem a.docx
Consider the role of stakeholders in addressing a health problem a.docxConsider the role of stakeholders in addressing a health problem a.docx
Consider the role of stakeholders in addressing a health problem a.docxclarebernice
 
Consider the quote by Adam Fuss in this module in which he describes.docx
Consider the quote by Adam Fuss in this module in which he describes.docxConsider the quote by Adam Fuss in this module in which he describes.docx
Consider the quote by Adam Fuss in this module in which he describes.docxclarebernice
 
Consider the obstacles that Phoenix Jackson had to overcome on h.docx
Consider the obstacles that Phoenix Jackson had to overcome on h.docxConsider the obstacles that Phoenix Jackson had to overcome on h.docx
Consider the obstacles that Phoenix Jackson had to overcome on h.docxclarebernice
 
Consider the nurse leader’s role in achieving the IHI Quadruple Ai.docx
Consider the nurse leader’s role in achieving the IHI Quadruple Ai.docxConsider the nurse leader’s role in achieving the IHI Quadruple Ai.docx
Consider the nurse leader’s role in achieving the IHI Quadruple Ai.docxclarebernice
 
Consider the music business as a supply network. How has music d.docx
Consider the music business as a supply network. How has music d.docxConsider the music business as a supply network. How has music d.docx
Consider the music business as a supply network. How has music d.docxclarebernice
 
Consider the mean of a cluster of objects from a binary transact.docx
Consider the mean of a cluster of objects from a binary transact.docxConsider the mean of a cluster of objects from a binary transact.docx
Consider the mean of a cluster of objects from a binary transact.docxclarebernice
 
Consider the importance of using a variety of assessments in the.docx
Consider the importance of using a variety of assessments in the.docxConsider the importance of using a variety of assessments in the.docx
Consider the importance of using a variety of assessments in the.docxclarebernice
 
Consider the importance of visuals in connecting with an audienc.docx
Consider the importance of visuals in connecting with an audienc.docxConsider the importance of visuals in connecting with an audienc.docx
Consider the importance of visuals in connecting with an audienc.docxclarebernice
 
Consider the imagery you created in your mind as you interacted with.docx
Consider the imagery you created in your mind as you interacted with.docxConsider the imagery you created in your mind as you interacted with.docx
Consider the imagery you created in your mind as you interacted with.docxclarebernice
 
Consider the followingContrast Soviet and post-Soviet migration.docx
Consider the followingContrast Soviet and post-Soviet migration.docxConsider the followingContrast Soviet and post-Soviet migration.docx
Consider the followingContrast Soviet and post-Soviet migration.docxclarebernice
 

Plus de clarebernice (20)

Consider the vision for a successful Southwest Transit marketing tea.docx
Consider the vision for a successful Southwest Transit marketing tea.docxConsider the vision for a successful Southwest Transit marketing tea.docx
Consider the vision for a successful Southwest Transit marketing tea.docx
 
Consider the various ways to create effective communication in teams.docx
Consider the various ways to create effective communication in teams.docxConsider the various ways to create effective communication in teams.docx
Consider the various ways to create effective communication in teams.docx
 
consider the unique and varied forms of slaveryenslavement in Afric.docx
consider the unique and varied forms of slaveryenslavement in Afric.docxconsider the unique and varied forms of slaveryenslavement in Afric.docx
consider the unique and varied forms of slaveryenslavement in Afric.docx
 
Consider the types of digital technology advances that exist and how.docx
Consider the types of digital technology advances that exist and how.docxConsider the types of digital technology advances that exist and how.docx
Consider the types of digital technology advances that exist and how.docx
 
Consider the two following statements Photosynthesis and cellular .docx
Consider the two following statements Photosynthesis and cellular .docxConsider the two following statements Photosynthesis and cellular .docx
Consider the two following statements Photosynthesis and cellular .docx
 
Consider the study on Ethnography you described last week, Remind us.docx
Consider the study on Ethnography you described last week, Remind us.docxConsider the study on Ethnography you described last week, Remind us.docx
Consider the study on Ethnography you described last week, Remind us.docx
 
Consider the role of HR in a rapidly-changing world. What cha.docx
Consider the role of HR in a rapidly-changing world. What cha.docxConsider the role of HR in a rapidly-changing world. What cha.docx
Consider the role of HR in a rapidly-changing world. What cha.docx
 
Consider the scenarios involving the unwilling moral agents of J.docx
Consider the scenarios involving the unwilling moral agents of J.docxConsider the scenarios involving the unwilling moral agents of J.docx
Consider the scenarios involving the unwilling moral agents of J.docx
 
Consider the scenario below.A toxic waste dump company wants to .docx
Consider the scenario below.A toxic waste dump company wants to .docxConsider the scenario below.A toxic waste dump company wants to .docx
Consider the scenario below.A toxic waste dump company wants to .docx
 
Consider the role of interest groups in the policy-making process, w.docx
Consider the role of interest groups in the policy-making process, w.docxConsider the role of interest groups in the policy-making process, w.docx
Consider the role of interest groups in the policy-making process, w.docx
 
Consider the role of stakeholders in addressing a health problem a.docx
Consider the role of stakeholders in addressing a health problem a.docxConsider the role of stakeholders in addressing a health problem a.docx
Consider the role of stakeholders in addressing a health problem a.docx
 
Consider the quote by Adam Fuss in this module in which he describes.docx
Consider the quote by Adam Fuss in this module in which he describes.docxConsider the quote by Adam Fuss in this module in which he describes.docx
Consider the quote by Adam Fuss in this module in which he describes.docx
 
Consider the obstacles that Phoenix Jackson had to overcome on h.docx
Consider the obstacles that Phoenix Jackson had to overcome on h.docxConsider the obstacles that Phoenix Jackson had to overcome on h.docx
Consider the obstacles that Phoenix Jackson had to overcome on h.docx
 
Consider the nurse leader’s role in achieving the IHI Quadruple Ai.docx
Consider the nurse leader’s role in achieving the IHI Quadruple Ai.docxConsider the nurse leader’s role in achieving the IHI Quadruple Ai.docx
Consider the nurse leader’s role in achieving the IHI Quadruple Ai.docx
 
Consider the music business as a supply network. How has music d.docx
Consider the music business as a supply network. How has music d.docxConsider the music business as a supply network. How has music d.docx
Consider the music business as a supply network. How has music d.docx
 
Consider the mean of a cluster of objects from a binary transact.docx
Consider the mean of a cluster of objects from a binary transact.docxConsider the mean of a cluster of objects from a binary transact.docx
Consider the mean of a cluster of objects from a binary transact.docx
 
Consider the importance of using a variety of assessments in the.docx
Consider the importance of using a variety of assessments in the.docxConsider the importance of using a variety of assessments in the.docx
Consider the importance of using a variety of assessments in the.docx
 
Consider the importance of visuals in connecting with an audienc.docx
Consider the importance of visuals in connecting with an audienc.docxConsider the importance of visuals in connecting with an audienc.docx
Consider the importance of visuals in connecting with an audienc.docx
 
Consider the imagery you created in your mind as you interacted with.docx
Consider the imagery you created in your mind as you interacted with.docxConsider the imagery you created in your mind as you interacted with.docx
Consider the imagery you created in your mind as you interacted with.docx
 
Consider the followingContrast Soviet and post-Soviet migration.docx
Consider the followingContrast Soviet and post-Soviet migration.docxConsider the followingContrast Soviet and post-Soviet migration.docx
Consider the followingContrast Soviet and post-Soviet migration.docx
 

Dernier

Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersChitralekhaTherkar
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 

Dernier (20)

Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of Powders
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 

COIT20262 Assignment 1 Term 1, 2018 Advanced Network Secur.docx

  • 1. COIT20262 Assignment 1 Term 1, 2018 Advanced Network Security Page 1 of 7 COIT20262 - Advanced Network Security, Term 1, 2018 Assignment 1 Due date: 5pm Friday 20 April 2018 (Week 6) ASSESSMENT Weighting: 40% 1 Length: N/A Instructions Attempt all questions. Submit the following on Moodle: • Answers: A Microsoft Word document containing answers to the questions. • File for Question 1: netcat.pcap • Files for Question 2: screenshot-attack.png, screenshot- success.png This is an individual assignment, and it is expected students answer the questions themselves. Discussion of approaches to solving questions is allowed (and encouraged), however each student should develop and write-up their own answers. See CQUniversity resources on Referencing and Plagiarism. Guidelines for this assignment include:
  • 2. • Do not exchange files (reports, captures, diagrams) with other students. • Complete tasks with virtnet yourself – do not use results from another student. • Draw your own diagrams. Do not use diagrams from other sources (Internet, textbooks) or from other students. • Write your own explanations. In some cases, students may arrive at the same numerical answer, however their explanation of the answer should always be their own. • Do not copy text from websites or textbooks. During research you should read and understand what others have written, and then write in your own words. Marking Scheme Each sub-question is allocated marks in [square brackets]. Questions which require a specific answer will be marked on correctness. Questions which require explanations will be marked on correctness, depth and clarity of the answer. To receive full marks, the explanation must be correct, must include significant depth to demonstrate understanding of the topic (but does not include irrelevant information), and must be clear to the intended audience. Unless otherwise stated, assume the audience has a background similar to Master of IT students that have successfully completed 1st year of study.
  • 3. Questions which require diagrams will be marked on the correctness and clarity of the diagram. Submitted files will be marked on correctness of the information included. https://www.cqu.edu.au/student-life/services-and- facilities/referencing COIT20262 Assignment 1 Term 1, 2018 Advanced Network Security Page 2 of 7 Question 1. Analysis of Protocols with Wireshark [11 marks] For this question you must use virtnet (as used in the workshops) to study Internet applications with Wireshark. This assumes you have already setup and are familiar with virtnet. See Moodle and workshop instructions for information on setting up and using virtnet, deploying the website, and performing the attack. Your task is to: • Create topology 5 in virtnet where: o node1 will be referred to as the client o node2 will be the router o node3 will be the server • Start capturing packets using tcpdump on the router (node2) • While capturing, perform the following operations in order: 1. Start netcat TCP server using assigned port on the server (node3) 2. Start netcat TCP client on the client (node1)
  • 4. 3. On the client (node1) type: COIT20262 Assignment 1<press ENTER> My ID is <type in your actual student ID><press ENTER> 4. On the server (node3) type: Hello <type in your actual student ID>. I am the server.<press ENTER> 5. On the client (node1) type: Goodbye server.<press ENTER> <Ctrl-D> You need to perform steps 3-5 in the correct sequence, switching from client to server to client. • Stop the capture and save the file as netcat.pcap The netcat TCP server must use port 6xyz where xyz is the last three (3) digits of your student ID. For example, the netcat TCP server for student ID 12034567 would be 6567. After performing and understanding the above steps, answer the following sub-questions (a) Submit your capture file as netcat.pcap on Moodle. The single file must contain all packets of the TCP exchange using your assigned port and using your ID. [3 marks]
  • 5. (b) Draw a message sequence diagram that illustrates all the TCP packets generated by using netcat (do not draw any packets generated by other applications or protocols, such as ARP, DNS or SSH). A message sequence diagram uses vertical lines to represent events that happen at a computer over time (time is increasing as the line goes down). Addresses of the computers/software are given at the top of the vertical lines. Horizontal or sloped arrows are used to show messages (packets) being sent between COIT20262 Assignment 1 Term 1, 2018 Advanced Network Security Page 3 of 7 computers. Each arrow should be labelled with the protocol, packet type and important information of the message. Examples of message sequence diagrams are given in workshops. Note that you do not need to show the packet times, and the diagram does not have to be to scale. [3 marks] (c) Based on your capture only, identify the following information, and give the packet that the information is found in. If the information is found in multiple packets, give the first packet from the capture. For example, if the information is found in packet numbers 3, 5 and 7, you would give the packet as 3. [5 marks]
  • 6. Information Value Packet MAC address of the client IP address of the server Flags for 1st TCP segment containing data Length of data for 2nd TCP segment containing data Absolute sequence number of 1st TCP segment sent by server that contains data COIT20262 Assignment 1 Term 1, 2018 Advanced Network Security Page 4 of 7 Question 2. Web Application Attacks [12 marks] Using virtnet, perform an SQL injection attack on the demo grading website www.myuni.edu. The general steps for performing an SQL injection attack with virtnet are
  • 7. described at: https://sandilands.info/sgordon/sql-injection-csrf-cookie- stealing-in-a-virtual-network However you must follow these specific steps when performing the attack: 1. Before performing the attack, add two new student users to the database with the following details: a. New student 1: username is your ID, password is your ID b. New student 2: username is 12039999, password is hacker 2. For both of the new students add the following courses and grades: a. New student 1: coit20262, C b. New student 1: coit20264, D c. New student 2: coit20262, HD d. New student 2: coit20264, F 3. Perform the SQL injection attack as new student 2, i.e. logged in as 12039999 4. Take a screenshot of the attacker web browser showing the web form the attacker uses to perform the attack. Make sure the screenshot clearly shows the fields/data entered by the attacker. Save the screenshot as screenshot-attack.png. 5. Take a screenshot of the attacker web browser showing a successful attack, i.e. the grades of other students. Save the screenshot as screenshot- success.png.
  • 8. Answer the following questions. (a) Give a general explanation of an SQL injection attack. (This explanation should NOT reference the attack you performed in virtnet; it should be for any SQL injection attack). [1 marks] (b) Explain two general approaches that can be used to avoid or minimise SQL injection attacks. (This explanation should NOT reference the attack you performed in virtnet; it should be for any SQL injection attack). [2 marks] For this specific attack on www.myuni.edu: (c) Explain the limitation/weakness in the MyUni website that allowed the SQL injection attack to be successful. In your explanation refer to the file(s) and line(s) of code, and give samples of the code in your answer. [2 marks] (d) Explain what the attacker, 12039999, had to do in their web browser to perform the attack. In your explanation include the screenshot screenshot- attack.png and refer to the information shown in that screenshot. [2 marks] http://www.myuni.edu/ https://sandilands.info/sgordon/sql-injection-csrf-cookie- stealing-in-a-virtual-network
  • 9. COIT20262 Assignment 1 Term 1, 2018 Advanced Network Security Page 5 of 7 (e) Submit your screenshot screenshot-attack.png as a separate file. That is, you must both embed the screenshot in the report AND submit the file separately. The reason for this is that it makes it easier for the marker in reading the report to have an embedded image, but sometimes the quality is hard to read (hence the additional file submission). [1 mark] (f) Explain what the attacker, 12039999, could learn or gain from performing the SQL injection attack. In your explanation include the screenshot screenshot-success.png and refer to the information shown in that screenshot. [1 mark] (g) Submit your screenshot screenshot-success.png as a separate file. [1 mark] (h) Explain what the website developer could do to prevent this SQL injection attack. In your explanation, give exact code and steps the developer should use. [2 marks]
  • 10. COIT20262 Assignment 1 Term 1, 2018 Advanced Network Security Page 6 of 7 Question 3. Cryptography Concepts [9 marks] Assume you are advising a small legal business on aspects of computer and network security. The business stores many confidential documents, and many of the communications with its clients contain confidential information. The business wants to go paper-less; that is, no paper documents stored or paper-based communications. As they have only a small number (but quite valuable and loyal) clients, the clients have agreed to participate in the paper-less communications (so long as it doesn’t introduce any significant extra cost to them). In the following questions provide an answer that is understandable by employees of the company, and also provides technical depth such that their IT manager can implement any recommended technologies (e.g. refer to standards, protocols, algorithms or software). You are allowed to use dot points, lists and diagrams in your answers, however you should keep the answer of each part shorter than ½ a page (in some cases, the answers may be just a paragraph or two). The company has a file server, with sufficient space to store their documents for the foreseeable future.
  • 11. (a) Provide a general explanation of how symmetric key encryption of files or disks work. [1 mark] (b) With respect to the file server, explain to the company what is full-disk encryption and file-based encryption, and explain the tradeoffs between the two approaches. Include recommended technologies. [2 marks] The company is considering backing up the file server to a cloud storage provider. (c) Explain to the company any security ramifications of this approach to backup. Include reasons why or why not there are security ramifications. (Note that you should not explain about the issues of backups or costs of cloud storage; focus only on the security ramifications). [2 marks] The company, as well as all clients, use email software and document editing software that supports digital signatures. (d) Provide a general explanation of how digital signatures work, and what problems they solve for the company. [2 marks] (e) Regarding both encryption on the file server and use of digital signatures, explain to the company what keys will be in use (e.g. types of keys, who
  • 12. will have keys) and provide recommendations on managing, sharing and changing keys. [2 marks] COIT20262 Assignment 1 Term 1, 2018 Advanced Network Security Page 7 of 7 Question 4. Trojan Downloads Research [8 marks] Many people download free or paid software from reputable sources for use on their computers and mobile devices. The sources include: app stores (Google Play, Apple App Store); software distribution sites (e.g. SourceForge, GitHub, CNET Download) and individual websites of software developers. However, there have been cases when reputable sources hosting popular software have been compromised, resulting in people downloading infected software (e.g. Trojans). For example, see stories about HandBrake video converter, Transmission BitTorrent, and Google taking down potentially harmful apps from the Play Store. Your task is to study how such reputable software sources can host malicious software, and what measures software developers and hosting sites can take to reduce infection. Note this question refers to reputable sources of software. The question is NOT about sites or systems that often host illegal or copyrighted software (e.g. torrents, file lockers).
  • 13. You must write a short report that answers the following questions: (a) What are the motivations and goals of malicious users in using the above mentioned attacks? Include in your answer examples of negative impact of such attacks on users and software developers. [1 mark] (b) Select two examples of real Trojans or malware distributed via reputable sources, and describe those examples. [2 marks] (c) What role can file hashes, digests or signatures play in securing downloads? What are the limitations of these techniques? [2 marks] (d) List and explain recommendations should be given to software developers in distributing software. [1.5 marks] (e) List and explain recommendations should be given to users who download software. [1.5 marks] You should structure your report into a section for each of the above parts. There is no minimum/maximum length of the report. As a guide 1/3 to 1/4 pages of text for each of the above parts may be appropriate. You may draw diagrams if needed. Including pictures from other sources, or including pictures that do not help with the explanation will not
  • 14. gain marks and may lead to reduced marks. You may assume the audience of the report has similar background on network security as you. You should refer to techniques and concepts covered in the unit, and give sufficient technical detail to demonstrate you understand the issues. InstructionsMarking SchemeQuestion 1. Analysis of Protocols with Wireshark [11 marks]Question 2. Web Application Attacks [12 marks]Question 3. Cryptography Concepts [9 marks]Question 4. Trojan Downloads Research [8 marks]