User Account

All Pages

Analyse and evaluate specific business security issues

Assignment Help Computer Engineering
Reference no: EM132307304

Network Security

Purpose of the assessment

The learning objective of this assignment is to extend your knowledge of networks and network attacks and to gain first-hand experience on vulnerabilities, as well as on attacks against these vulnerabilities. Using vulnerabilities as case studies, students can learn the principles of secure design, secure programming, and security testing.

1. Analyse and evaluate specific business security issues and risks relating to different business applications

2. Apply and justify basic security mechanisms utilized in business environments and explain to business the current business security' issues

3. Demonstrate an understanding of security theory, practical experience and security standards to analyse and to generate business solutions.

4. Understand the ICT profession and professional expectations in strategic information systems management

5. Communicate using effective oral and written communication tools, act in a professional manner, be an effective team member or team leader

6. Review and describe the major privacy, legal, ethical and societal issues with respect to managing digital information and information systems

Assignment Specification

Purpose:

The goal of these assignments is to gain hands-on experience in variety of threats in computer and network security. DNS attack, Firewall evasion, VPN, Buffer overflow, Packet Sniffing and Spoofing and TCP attacks.


If you are not familiar with Linux, find a source to learn common commands.

Each group member must perform the tasks involving the virtual machine on their own computer and submit the required screenshots and output files as generated from their own computer.

Description:

You are given different cases related to:
• Network security
• Software security
• Web security
• Cryptography


Each group will work on different security threat scenario assigned by your lecturer.

You will test your security case in a Virtual Box environment. To do this, you will need to download the pre- built virtual machine (VM) image for UbuntuLinux (version 16.04) which can be used for all our Linux-based labs. The VM is based on UbuntuLinux OS 16.04 (32 bit). The Linux kernel version in the VM is v4.8.0-36- generic. The VM is built based the LTS (long-term support) OS version released by Ubuntu.

Two accounts been created. The usernames and passwords are listed below:

1. User ID: root, Password: seedubuntu. Note: Ubuntu does not allow root to login directly from the login window. You have to login as a normal user, and then use the command su to login to the root account.
2. User ID: seed, Password: dees. This account is already given the root privilege, but to use the privilege, you need to use the sudo command.

The provided UbuntuLinux image contains some of the most commonly used tools and server software for security activities. Three tools to assist in the network security labs (all tools are installed in /usr/bin/):

1. Netwox: This is a network toolbox which is useful for generating different types of packets. It contains 222 network features. netwag is a graphical front-end of netwox. It should be noted that running netwox/netwag requires the root privilege.
2. Wireshark: This tool is a popular network protocol analyzer. It is useful in inspecting network packets.
3. Scapy: This tool is an interactive packet manipulation program.

On the other hand, Ubuntu operating system contains many tools that are useful for security evaluation testing.

CORE is a network emulator aimed at allowing users to generate network topologies in order to test performance of various communication protocols.

For this assignment, you can use CORE for network simulations (Bonus Task), executing and analyzing impacts of attacks. The simulated networks can include many simulated computers, and the CORE software allows you to open a terminal on each of the computers, in effect having several virtual computer on the virtual machine.

Server Software:
All services mentioned in this section are auto-started by the VM:

• Bind9 DNS Server
Bind9 is an open source implementation of components of the domain name system. It is primarily used in the DNS network security lab. The main configuration file of Bind9 is located in /etc/bind/ named.conf.options. You also need to be aware of the file /var/cache/bind/dump.db, which is the currently configured dump file.

• Apache HTTP Server
• MySQL Server

Other Servers:
ftp server (vsftpd), a telnet server (openbsd-inetd) and a ssh server (ssh).

Two text editors: gedit and sublime. gedit is the default text editor that comes with the Ubuntu OS.

The virtual machine is configured to use NAT (Network Address Translation) for networking. From the virtual machine, you can type ifconfig as root to see the IP address of the virtual machine.

The virtual machine also has an ssh server. You can ssh into the vm from the your machine, using theIP address produced by ifconfig (as above) as the destination. You can also use this to transfer files onto the virtual machine using scp or an sftp client like SecureFX

Tasks:

You are the company IT Manager. It has come to your notice that a company employee has set up a rogue web server on the internal network, using a personal laptop. The employee is using that web site to provide undesirable material to a small clique of employees, to whom the web server address has been provided secretly.

The company CEO has requested you to:

1. Obtain hard evidence that an employee is in fact using a personal laptop to set up a rogue web server.
2. Find out what other employees are accessing the rogue web site.

Take the role of a security evaluator on a penetration test. Your goal is to determine the security posture of the network. You will provide your results to management, and management will give your results to the engineers and/or network architects that can fix the security issues. This means that you must convince management of the severity of the security issues (with evidence) and you must also provide your detailed steps (for reproducibility).

Write a report that includes:

1. The problem that you are solving?

2. Approach: This section will vary highly based on the type of project you are proposing, but should convince me that you know what you're doing and that you have a plan for attacking the problem.
a. The plan to go about solving this problem?
b. Techniques are involved?

3. Your findings, the steps in your process (include tools used and commands executed including IP addresses, etc.).

4. For any security issues you find, you must provide evidence (tool outputs, Wireshark captures and timestamps of packets of interest). For more details related to timestamps https://www.elvidence.com.au/understanding-time-stamps-in-packet-capture-data-pcap-files/

5. Potential impacts and possible remediation for each finding.

6. Milestones: How will you get the work done? Present a timeline of what and when various work will be accomplished. Working in a group, discuss how the work will be divided. Obviously, you do not actually have to stick to this, but you should have a plausible plan for how you would accomplish the work.

7. Bibliography: containing the references cited in your proposal

Presentation
Each group will present their work on the final day of class (in the form of an uploaded presentation of 10 minutes). This is your opportunity to show off the work that you did. The presentation should be clear, engaging, and demonstrate your contributions.

Attachment:- Network Security.rar

Verified Expert

In this assignment, we have done analysis of different security. Here,we have done analysis of network security, website security. We have also done analysis of the web security and cryptography.Here,we have used virtual machines to perform this operation.

Reference no: EM132307304

Questions Cloud

During which stage of the entrepreneurial process : During which stage of the entrepreneurial process does an entrepreneur conduct primary or secondary research specific to the industry environment for the produc
Write an argumentative or persuasive essay : Write an argumentative or persuasive essay focusing on the topic you chose earlier in the quarter. It is recommended that you formulate your argument using.
Policyholders through wearable tech : Should health insurance companies be able to do the same to policyholders through wearable tech? Defend your answer.
Relevant legislation for disciplinary meetings : What steps would you take to counsel the employee in accordance with organisational policy and relevant legislation for disciplinary meetings?
Analyse and evaluate specific business security issues : HS3011 - Information Security - Holmes Institute -Network Security - Analyse and evaluate specific business security issues and risks relating
How we should respond to the issue presented : How we should respond to the issue presented. Think about how the issue affects not just you and your community, but other groups as well.
Competitive advantage potential of cross-business strategic : Assessing the competitive advantage potential of cross-business strategic fit among the company's various business units involves
Identify the supply chain organisation used by haier : Identify the supply chain organisation used by Haier.
How does author respond to the theories of cosmopolitanism : How does the author respond to the theories of cosmopolitanism and anti-cosmopolitalism (discussed in Chapter 7)? Do you agree or disagree with Dalrymple's.

Reviews

len2307304

5/16/2019 3:33:22 AM

Submit a zip file with the unit [IS HS3011] Group Assignment. The zip file must contain the following: • The Wireshark capture named task1.pcapng • A file named task1.txt with the timestamp of the packet containing your names • A report named Report.doc (or appropriate extension.). Make sure this document includes issues found, steps taken, potential impacts, and remediation. Also make sure this document references tool outputs, timestamps, screenshots. In tool outputs, identify lines or packet of interest.

len2307304

5/16/2019 3:33:11 AM

Due Date Week 10 Friday 5pm. Submission Guidelines • All work must be submitted on Blackboard by the due date along with a completed Assignment Cover Page. • The assignment must be in MS Word format, no spacing, 11-pt Times New Roman font and 2 cm margins on all four sides of your page with appropriate section headings. • Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using Harvard style.

Write a Review

Computer Engineering Questions & Answers

  Mathematics in computing

Binary search tree, and postorder and preorder traversal Determine the shortest path in Graph

  Ict governance

ICT is defined as the term of Information and communication technologies, it is diverse set of technical tools and resources used by the government agencies to communicate and produce, circulate, store, and manage all information.

  Implementation of memory management

Assignment covers the following eight topics and explore the implementation of memory management, processes and threads.

  Realize business and organizational data storage

Realize business and organizational data storage and fast access times are much more important than they have ever been. Compare and contrast magnetic tapes, magnetic disks, optical discs

  What is the protocol overhead

What are the advantages of using a compiled language over an interpreted one? Under what circumstances would you select to use an interpreted language?

  Implementation of memory management

Paper describes about memory management. How memory is used in executing programs and its critical support for applications.

  Define open and closed loop control systems

Define open and closed loop cotrol systems.Explain difference between time varying and time invariant control system wth suitable example.

  Prepare a proposal to deploy windows server

Prepare a proposal to deploy Windows Server onto an existing network based on the provided scenario.

  Security policy document project

Analyze security requirements and develop a security policy

  Write a procedure that produces independent stack objects

Write a procedure (make-stack) that produces independent stack objects, using a message-passing style, e.g.

  Define a suitable functional unit

Define a suitable functional unit for a comparative study between two different types of paint.

  Calculate yield to maturity and bond prices

Calculate yield to maturity (YTM) and bond prices

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd