COIT20262 Assignment 1 Term 1, 2018
Advanced Network Security Page 1 of 7
COIT20262 - Advanced Network Security, Term 1, 2018
Assignment 1
Due date: 5pm Friday 20 April 2018 (Week 6) ASSESSMENT
Weighting: 40% 1 Length: N/A
Instructions
Attempt all questions.
Submit the following on Moodle:
• Answers: A Microsoft Word document containing answers to the questions.
• File for Question 1: netcat.pcap
• Files for Question 2: screenshot-attack.png, screenshot-success.png
This is an individual assignment, and it is expected students answer the questions themselves.
Discussion of approaches to solving questions is allowed (and encouraged), however each
student should develop and write-up their own answers. See CQUniversity resources on
Referencing and Plagiarism. Guidelines for this assignment include:
• Do not exchange files (reports, captures, diagrams) with other students.
• Complete tasks with virtnet yourself – do not use results from another student.
• Draw your own diagrams. Do not use diagrams from other sources (Internet, textbooks)
or from other students.
• Write your own explanations. In some cases, students may arrive at the same numerical
answer, however their explanation of the answer should always be their own.
• Do not copy text from websites or textbooks. During research you should read and
understand what others have written, and then write in your own words.
Marking Scheme
Each sub-question is allocated marks in [square brackets].
Questions which require a specific answer will be marked on correctness.
Questions which require explanations will be marked on correctness, depth and clarity of the
answer. To receive full marks, the explanation must be correct, must include significant depth
to demonstrate understanding of the topic (but does not include irrelevant information), and
must be clear to the intended audience. Unless otherwise stated, assume the audience has a
background similar to Master of IT students that have successfully completed 1st year of study.
Questions which require diagrams will be marked on the correctness and clarity of the diagram.
Submitted files will be marked on correctness of the information included.
https://www.cqu.edu.au/student-life/services-and-facilities/referencing
COIT20262 Assignment 1 Term 1, 2018
Advanced Network Security Page 2 of 7
Question 1. Analysis of Protocols with Wireshark [11 marks]
For this question you must use virtnet (as used in the workshops) to study Internet
applications with Wireshark. This assumes you have already setup and are familiar with
virtnet. See Moodle and workshop instructions for information on setting up and using
virtnet, deploying the website, and performing the attack.
Your task is to:
• Create topology 5 in virtnet where:
o node1 will be referred to as the client
o node2 will be the router
o node3 will be the server
• Start capturing packets using tcpdump on the router (node2)
• W ...
COIT20262 Assignment 1 Term 1, 2018 Advanced Network Secur.docx
1. COIT20262 Assignment 1 Term 1, 2018
Advanced Network Security Page 1 of 7
COIT20262 - Advanced Network Security, Term 1, 2018
Assignment 1
Due date: 5pm Friday 20 April 2018 (Week 6) ASSESSMENT
Weighting: 40% 1 Length: N/A
Instructions
Attempt all questions.
Submit the following on Moodle:
• Answers: A Microsoft Word document containing answers to
the questions.
• File for Question 1: netcat.pcap
• Files for Question 2: screenshot-attack.png, screenshot-
success.png
This is an individual assignment, and it is expected students
answer the questions themselves.
Discussion of approaches to solving questions is allowed (and
encouraged), however each
student should develop and write-up their own answers. See
CQUniversity resources on
Referencing and Plagiarism. Guidelines for this assignment
include:
2. • Do not exchange files (reports, captures, diagrams) with other
students.
• Complete tasks with virtnet yourself – do not use results from
another student.
• Draw your own diagrams. Do not use diagrams from other
sources (Internet, textbooks)
or from other students.
• Write your own explanations. In some cases, students may
arrive at the same numerical
answer, however their explanation of the answer should always
be their own.
• Do not copy text from websites or textbooks. During research
you should read and
understand what others have written, and then write in your own
words.
Marking Scheme
Each sub-question is allocated marks in [square brackets].
Questions which require a specific answer will be marked on
correctness.
Questions which require explanations will be marked on
correctness, depth and clarity of the
answer. To receive full marks, the explanation must be correct,
must include significant depth
to demonstrate understanding of the topic (but does not include
irrelevant information), and
must be clear to the intended audience. Unless otherwise stated,
assume the audience has a
background similar to Master of IT students that have
successfully completed 1st year of study.
3. Questions which require diagrams will be marked on the
correctness and clarity of the diagram.
Submitted files will be marked on correctness of the
information included.
https://www.cqu.edu.au/student-life/services-and-
facilities/referencing
COIT20262 Assignment 1 Term 1, 2018
Advanced Network Security Page 2 of 7
Question 1. Analysis of Protocols with Wireshark [11 marks]
For this question you must use virtnet (as used in the
workshops) to study Internet
applications with Wireshark. This assumes you have already
setup and are familiar with
virtnet. See Moodle and workshop instructions for information
on setting up and using
virtnet, deploying the website, and performing the attack.
Your task is to:
• Create topology 5 in virtnet where:
o node1 will be referred to as the client
o node2 will be the router
o node3 will be the server
• Start capturing packets using tcpdump on the router (node2)
• While capturing, perform the following operations in order:
1. Start netcat TCP server using assigned port on the server
(node3)
2. Start netcat TCP client on the client (node1)
4. 3. On the client (node1) type:
COIT20262 Assignment 1<press ENTER>
My ID is <type in your actual student ID><press ENTER>
4. On the server (node3) type:
Hello <type in your actual student ID>. I am the server.<press
ENTER>
5. On the client (node1) type:
Goodbye server.<press ENTER>
<Ctrl-D>
You need to perform steps 3-5 in the correct sequence,
switching from client to server to client.
• Stop the capture and save the file as netcat.pcap
The netcat TCP server must use port 6xyz where xyz is the last
three (3) digits of your student
ID. For example, the netcat TCP server for student ID 12034567
would be 6567.
After performing and understanding the above steps, answer the
following sub-questions
(a) Submit your capture file as netcat.pcap on Moodle. The
single file must contain all
packets of the TCP exchange using your assigned port and using
your ID. [3 marks]
5. (b) Draw a message sequence diagram that illustrates all the
TCP packets generated by
using netcat (do not draw any packets generated by other
applications or protocols, such
as ARP, DNS or SSH). A message sequence diagram uses
vertical lines to represent
events that happen at a computer over time (time is increasing
as the line goes down).
Addresses of the computers/software are given at the top of the
vertical lines.
Horizontal or sloped arrows are used to show messages
(packets) being sent between
COIT20262 Assignment 1 Term 1, 2018
Advanced Network Security Page 3 of 7
computers. Each arrow should be labelled with the protocol,
packet type and important
information of the message. Examples of message sequence
diagrams are given in
workshops. Note that you do not need to show the packet times,
and the diagram does
not have to be to scale. [3 marks]
(c) Based on your capture only, identify the following
information, and give the packet that
the information is found in. If the information is found in
multiple packets, give the first
packet from the capture. For example, if the information is
found in packet numbers 3,
5 and 7, you would give the packet as 3. [5 marks]
6. Information Value Packet
MAC address of the client
IP address of the server
Flags for 1st TCP segment containing data
Length of data for 2nd TCP segment containing
data
Absolute sequence number of 1st TCP segment
sent by server that contains data
COIT20262 Assignment 1 Term 1, 2018
Advanced Network Security Page 4 of 7
Question 2. Web Application Attacks [12 marks]
Using virtnet, perform an SQL injection attack on the demo
grading website
www.myuni.edu. The general steps for performing an SQL
injection attack with virtnet are
7. described at:
https://sandilands.info/sgordon/sql-injection-csrf-cookie-
stealing-in-a-virtual-network
However you must follow these specific steps when performing
the attack:
1. Before performing the attack, add two new student users to
the database with the
following details:
a. New student 1: username is your ID, password is your ID
b. New student 2: username is 12039999, password is hacker
2. For both of the new students add the following courses and
grades:
a. New student 1: coit20262, C
b. New student 1: coit20264, D
c. New student 2: coit20262, HD
d. New student 2: coit20264, F
3. Perform the SQL injection attack as new student 2, i.e.
logged in as 12039999
4. Take a screenshot of the attacker web browser showing the
web form the attacker uses
to perform the attack. Make sure the screenshot clearly shows
the fields/data entered by
the attacker. Save the screenshot as screenshot-attack.png.
5. Take a screenshot of the attacker web browser showing a
successful attack, i.e. the
grades of other students. Save the screenshot as screenshot-
success.png.
8. Answer the following questions.
(a) Give a general explanation of an SQL injection attack. (This
explanation should NOT
reference the attack you performed in virtnet; it should be for
any SQL injection
attack). [1 marks]
(b) Explain two general approaches that can be used to avoid or
minimise SQL injection
attacks. (This explanation should NOT reference the attack you
performed in virtnet; it
should be for any SQL injection attack). [2 marks]
For this specific attack on www.myuni.edu:
(c) Explain the limitation/weakness in the MyUni website that
allowed the SQL injection
attack to be successful. In your explanation refer to the file(s)
and line(s) of code, and
give samples of the code in your answer. [2 marks]
(d) Explain what the attacker, 12039999, had to do in their web
browser to perform the
attack. In your explanation include the screenshot screenshot-
attack.png and refer
to the information shown in that screenshot. [2 marks]
http://www.myuni.edu/
https://sandilands.info/sgordon/sql-injection-csrf-cookie-
stealing-in-a-virtual-network
9. COIT20262 Assignment 1 Term 1, 2018
Advanced Network Security Page 5 of 7
(e) Submit your screenshot screenshot-attack.png as a separate
file. That is, you must
both embed the screenshot in the report AND submit the file
separately. The reason for
this is that it makes it easier for the marker in reading the report
to have an embedded
image, but sometimes the quality is hard to read (hence the
additional file submission).
[1 mark]
(f) Explain what the attacker, 12039999, could learn or gain
from performing the SQL
injection attack. In your explanation include the screenshot
screenshot-success.png
and refer to the information shown in that screenshot. [1 mark]
(g) Submit your screenshot screenshot-success.png as a separate
file. [1 mark]
(h) Explain what the website developer could do to prevent this
SQL injection attack. In
your explanation, give exact code and steps the developer
should use. [2 marks]
10. COIT20262 Assignment 1 Term 1, 2018
Advanced Network Security Page 6 of 7
Question 3. Cryptography Concepts [9 marks]
Assume you are advising a small legal business on aspects of
computer and network security.
The business stores many confidential documents, and many of
the communications with its
clients contain confidential information. The business wants to
go paper-less; that is, no paper
documents stored or paper-based communications. As they have
only a small number (but quite
valuable and loyal) clients, the clients have agreed to
participate in the paper-less
communications (so long as it doesn’t introduce any significant
extra cost to them).
In the following questions provide an answer that is
understandable by employees of the
company, and also provides technical depth such that their IT
manager can implement any
recommended technologies (e.g. refer to standards, protocols,
algorithms or software). You are
allowed to use dot points, lists and diagrams in your answers,
however you should keep the
answer of each part shorter than ½ a page (in some cases, the
answers may be just a paragraph
or two).
The company has a file server, with sufficient space to store
their documents for the foreseeable
future.
11. (a) Provide a general explanation of how symmetric key
encryption of files or disks work.
[1 mark]
(b) With respect to the file server, explain to the company what
is full-disk encryption and
file-based encryption, and explain the tradeoffs between the two
approaches. Include
recommended technologies. [2 marks]
The company is considering backing up the file server to a
cloud storage provider.
(c) Explain to the company any security ramifications of this
approach to backup. Include
reasons why or why not there are security ramifications. (Note
that you should not
explain about the issues of backups or costs of cloud storage;
focus only on the security
ramifications). [2 marks]
The company, as well as all clients, use email software and
document editing software that
supports digital signatures.
(d) Provide a general explanation of how digital signatures
work, and what problems they
solve for the company. [2 marks]
(e) Regarding both encryption on the file server and use of
digital signatures, explain to
the company what keys will be in use (e.g. types of keys, who
12. will have keys) and
provide recommendations on managing, sharing and changing
keys. [2 marks]
COIT20262 Assignment 1 Term 1, 2018
Advanced Network Security Page 7 of 7
Question 4. Trojan Downloads Research [8 marks]
Many people download free or paid software from reputable
sources for use on their computers
and mobile devices. The sources include: app stores (Google
Play, Apple App Store); software
distribution sites (e.g. SourceForge, GitHub, CNET Download)
and individual websites of
software developers. However, there have been cases when
reputable sources hosting popular
software have been compromised, resulting in people
downloading infected software (e.g.
Trojans). For example, see stories about HandBrake video
converter, Transmission BitTorrent,
and Google taking down potentially harmful apps from the Play
Store. Your task is to study
how such reputable software sources can host malicious
software, and what measures software
developers and hosting sites can take to reduce infection.
Note this question refers to reputable sources of software. The
question is NOT about sites or
systems that often host illegal or copyrighted software (e.g.
torrents, file lockers).
13. You must write a short report that answers the following
questions:
(a) What are the motivations and goals of malicious users in
using the above mentioned
attacks? Include in your answer examples of negative impact of
such attacks on users
and software developers. [1 mark]
(b) Select two examples of real Trojans or malware distributed
via reputable sources, and
describe those examples. [2 marks]
(c) What role can file hashes, digests or signatures play in
securing downloads? What are
the limitations of these techniques? [2 marks]
(d) List and explain recommendations should be given to
software developers in
distributing software. [1.5 marks]
(e) List and explain recommendations should be given to users
who download software.
[1.5 marks]
You should structure your report into a section for each of the
above parts.
There is no minimum/maximum length of the report. As a guide
1/3 to 1/4 pages of text for
each of the above parts may be appropriate. You may draw
diagrams if needed. Including
pictures from other sources, or including pictures that do not
help with the explanation will not
14. gain marks and may lead to reduced marks.
You may assume the audience of the report has similar
background on network security as you.
You should refer to techniques and concepts covered in the unit,
and give sufficient technical
detail to demonstrate you understand the issues.
InstructionsMarking SchemeQuestion 1. Analysis of Protocols
with Wireshark [11 marks]Question 2. Web Application Attacks
[12 marks]Question 3. Cryptography Concepts [9
marks]Question 4. Trojan Downloads Research [8 marks]