User Account

All Pages

Determine an appropriate enterprise networking systems

Assignment Help Computer Engineering
Reference no: EM134001825

IT Infrastructure and Security

Assignment

Overview
The objective of Assignment 1 is to evaluate your knowledge on the topics covered by Lecture 1-5. You are required to prepare the solutions (recording if required, and reports with screenshots + explanations).

learning outcomes
This assessment is relevant to the following course learning outcomes:
Describe all of the IT Infrastructure Architecture components and the issues relating to each of them
Demonstrate knowledge of higher level aspects of data communications and network technology appropriate for the development of software applications in a networked environment and design simple computer scripts that are aware of basic aspects of networking
Analyse and determine an appropriate enterprise networking systems and secure web server configuration based on stated user needs
Describe and review emerging networking and security technologies

You must follow the following special instructions:
You must use the values provided in the questions.
Hand-written answers are not allowed and will not be assessed. Compose your answers using any word processing software (e.g. MS Word).
You are required to show all the steps and intermediate results for each question.
Upload your solution as a single ZIP file (PDF/Word Doc + demo video) in CANVAS.
This assessment will determine your ability to:
Follow requirements provided in this document and in the lessons.
Independently solve a problem by using security concepts taught over the first four weeks of the course.
Meeting deadlines. No AI shortcuts — Get genuine assignment help from experienced, real tutors.
After the due date, you will have 5 business days to submit your assignment as a late submission. Assignments received late and without prior extension approval or special consideration will be penalised by a deduction of 10% of the total score possible per calendar day late for that assessment.

Section 1: Security Principles
We discussed the following security principles in lecture.

A. Know your threat model: Know your attacker and their resources; the security assumptions originally made may no longer be valid G. Privilege separation: Segmenting a system into components with the least privilege needed can prevent an attacker from taking over the entire system
B. Consider human factors: Security systems must be usable by ordinary people H. Ensure complete mediation: Make sure to check every access to every object
C. Security is economics: Security is a cost- benefit analysis, since adding security usually costs more money I. Consider Shannon's Maxim: The security of a mechanism should not depend on the secrecy of its design or implementation
D. Detect if you can't prevent: If one cannot pre- vent an attack, one should be able to at least detect when an attack happens J. Use fail-safe defaults: If security mechanisms fail or crash, they should default to secure behavior
E. Defense in depth: Systems should be built with security protections at multiple layers K. Design in security from the start: Retrofitting security to an existing application after it has been developed is a difficult proposition
F. Principle of least privilege: Users and programs should only have access to the data and resources needed to perform routine, authorized tasks
Analysing the following five scenarios. Identify the principle(s) relevant to each scenario and provide a brief justification. (Note: there may be more than one principle that applies in some of these scenarios.)

Q1.1 New cars often come with a valet key. This key is intended to be used by valet drivers who park your car for you. The key opens the door and turns on the ignition, but it does not open the trunk or the glove compartment.

Q1.2 Warranties on cell phones do not cover accidental damage, which includes liquid damage. Unfortunately for cell phone companies, many consumers who accidentally damage their phones with liquid will wait for it to dry, then take it in to the store, claiming that "it broke by itself". To combat this threat, many companies have begun to include on the product a small sticker that turns red (and stays red) when it gets wet. No AI shortcuts — Get genuine assignment help from experienced, real tutors.

Q1.3 MyGov website often makes you answer your security questions over the phone. Answers to these questions are "low entropy", meaning that they are easy to guess. Some security-conscious people instead use a random password as the answer to the security question. For example, Q: "What is your dog's maiden name?". A: "60ba6b1c881c6b87". However, attackers can sometimes convince the phone representative by claiming "I just put in some nonsense for that question".

Q1.4 Tesla vehicles come equipped with "Sentry Mode" which records footage of any break-ins to the vehicle and alerts the vehicle owner of the incident.

Q1.5 Even if you use a password on your laptop lock screen, there is software that lets a skilled attacker with specialized equipment bypass it.

Section 2: Binary system
Binary system and bit-level operations are foundation of an IT system. In this section, you will practice your skills for calculations in binary system.
Q2.1 ASCII and Hexadecimal Convert your full name (with blank space) to ASCII codes and represent them in Hex format. For example, suppose your full name is ‘Jane Doe', the ASCII in Hex are ‘4A 61 6E 65 20 44 6F 65'. Demonstrate your steps of conversion using ASCII table.
Q2.2 Bit-level and logical De Morgan's Law enables one to distribute negation over AND and OR. Given the following expression, complete the following table to verify for the 4-bit inputs. ~(x & y) == (~x) | (~y). Demonstrate your steps of calculation.

Q2.3 Bit parity Let's determine whether a number has an even number of 1-bits or an odd number. You can use any logical operators and 8 operations at maximum. Return a 0 if there's an even number and 1 if odd. Afterwards, please use the first 4-bit hex of your first name as x to verify your logical operations. Demonstrate your steps of calculation.

Q2.4 Bit count Let's count how many bits are set in a number. You can use any operators and 8 operations at maximum. Afterwards, please use the first 4-bit hex of your first name as x to verify your logical operations. Demonstrate your steps of calculation.

Section 3: Data protection
In this task, we will play with the cryptographic techniques in different modes during data storage and transmission. Write a report for the following sub-questions with screenshots and explanations, as well as a video recording to demonstrate all processes.

Q3.1 In this task, we will generate two different files with the same MD5 hash values. using the md5collgen program (you can download from Canvas), which allows us to provide a prefix file with any arbitrary content. The way how the program works is illustrated in Figure 1. Please generates two output files, out1.bin and out2.bin, for a 64 bytes prefix file prefix.txt. Afterwards, please also use the md5sum command to check the MD5 hash of each output file. Are the data (128 bytes) generated by md5collgen completely different for the two output files? Please identify all the bytes that are different? Tips - command for using md5collgen: $ md5collgen -p prefix.txt -o out1.bin out2.bin

Q3.2 In the previous task, we have successfully created two files that have the same MD5 hash, but their contents are different. Assume the files are two different programs, a good one, and a malicious one. Assume that you have created a software which does good things. You send the software to a trusted authority to get certified. The authority conducts a comprehensive testing of your software, and concludes that your software is indeed doing good things. The authority will present you with a certificate, stating that your program is good. To prevent you from changing your program after getting the certificate, the MD5 hash value of your program is also included in the certificate. You would like to get your malicious software certified by the authority. Can you briefly discuss a scenario how to leverage the above MD5 hash collision to bypass the check and get your malicious program certified?

Q3.3 The provided file pic original.bmp contains a simple picture (you can download from Canvas). We would like to encrypt our data, so people without the encryption keys cannot know what is in the picture. Please use the openssl command with 128 bits key to encrypt and decrypt the image file original.bmp with KEY_1 and IV_1 in the AES ECB (Electronic Code Book) and AES CBC (Cipher Block Chaining) modes. To see the manuals, you can type man openssl and man enc.

An encryption key KEY_1 and initial vector IV_1 defined by your student No. Suppose your student No. is ‘s3123456', then the KEY_1 = ‘aa33112233445566aa33112233445566' and IV_1 = ‘0a030102030405060a03010203040506'.

Section 4: Network and firewall
Suppose Figure 3 depicts the environment of your home network. There are three machines (seed-attacker (no need to worry if it doesn't appear in your docker), Host A, Router) that are connected to the same LAN 10.9.0.0/24. Besides, there are three machines that are connected to the same router on the internal network 192.168.60.0/24.

Write a report for the following sub-questions with screenshots and explanations, as well as a video recording to demonstrate all processes. Note: use the command $ docker system prune when encountering the error "?Cannot create the container for service attacker: Conflict. The container name "/seed-attacker" is already in use ..."

Q4.1 Write Linux commands to show your seed router's network interface name (unique network ID) and random serial number assigned by Docker.

Q4.2 Use Wireshark to capture the telnet packets sent between Host 1 (192.168.60.5) and Host 2 (192.168.60.6). Identify and show the packets for TCP three-way handshake.

Q4.3 Draw the figure to illustrate and analyze the TCP three-way handshake protocols using the above sniffed packets.

Q4.4 Setup a stateless firewall rule to prevent the router ping outside machines with IP_1. IP_1 is defined by the last four digits of your student No. Suppose your student No. is ‘s3123456', then the IP_1 is ‘3.4.5.6' Demonstrate your protection succeeds and briefly describe your protection.

Q4.5 Setup a stateless firewall rule to prevent the outside machines with IP address 8.8.8.8 from echoing back the ping request from the router. Demonstrate your protection and briefly describe your protection.

Q4.6 Setup stateful firewall rules to 1) block internal hosts in 192.168.60.0/24 and run a telnet session that connects to outside hosts, 2) allow outside hosts only access the telnet server on 192.168.60.5, not the other internal hosts, and 3) block all other packets. Demonstrate your protection and briefly describe your protection.

Reference no: EM134001825

Questions Cloud

How do cultural beliefs and practices regarding food : How do cultural beliefs and practices regarding food, exercise, and healthcare impact cardiovascular disease management within different communities?
Describe one of the topics covered under hitech legislation : Describe one of the topics covered under the HITECH legislation. How does HITECH promote and protect the use of electronic health information?
Which lab tests will you obtain to distinguish : You receive Jerry's lab results and note that fasting glucose level is 158. Which lab tests will you obtain to distinguish between Type 1 and Type 2 diabetes?
Which medication will you begin : Linda, a 52-year-old female with a past medical history of obesity, tobacco use, and pre-diabetes, presented for a routine. Which medication will you begin?
Determine an appropriate enterprise networking systems : Describe all of the IT Infrastructure Architecture components and the issues relating to each of them Demonstrate knowledge of higher level aspects of data
Demonstrate understanding and ability to interpret : Operate effectively in a volatile, uncertain, complex, and ambiguous (VUCA) world. This task invites you to examine one such trend and critically assess
How would an slp describe global developmental delay : How would an SLP describe global developmental delay, ASD, and sensory loss to a caregiver using accurate, family-friendly terminology?
Who is required to do the monitoring in this situation : You are alone when Perry requires an EUMR for high physical aggression. Who is required to do the monitoring in this situation?
Why is her diagnosis more likely anemia than heart failure : Janessa, a 41-year-old female client, presents to the NP complaining of shortness of breath. Why is her diagnosis more likely anemia than heart failure?

Reviews

Write a Review

Computer Engineering Questions & Answers

  Mathematics in computing

Binary search tree, and postorder and preorder traversal Determine the shortest path in Graph

  Ict governance

ICT is defined as the term of Information and communication technologies, it is diverse set of technical tools and resources used by the government agencies to communicate and produce, circulate, store, and manage all information.

  Implementation of memory management

Assignment covers the following eight topics and explore the implementation of memory management, processes and threads.

  Realize business and organizational data storage

Realize business and organizational data storage and fast access times are much more important than they have ever been. Compare and contrast magnetic tapes, magnetic disks, optical discs

  What is the protocol overhead

What are the advantages of using a compiled language over an interpreted one? Under what circumstances would you select to use an interpreted language?

  Implementation of memory management

Paper describes about memory management. How memory is used in executing programs and its critical support for applications.

  Define open and closed loop control systems

Define open and closed loop cotrol systems.Explain difference between time varying and time invariant control system wth suitable example.

  Prepare a proposal to deploy windows server

Prepare a proposal to deploy Windows Server onto an existing network based on the provided scenario.

  Security policy document project

Analyze security requirements and develop a security policy

  Write a procedure that produces independent stack objects

Write a procedure (make-stack) that produces independent stack objects, using a message-passing style, e.g.

  Define a suitable functional unit

Define a suitable functional unit for a comparative study between two different types of paint.

  Calculate yield to maturity and bond prices

Calculate yield to maturity (YTM) and bond prices

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd