User Account

All Pages

Differences between remote-access and site-to-site VPN

Assignment Help Other Subject
Reference no: EM133011656

Assessment Task 1: Short Answer Questions

Implement network security infrastructure for an organisation

Question 1: Explain the main differences between the following network devices; a Switch, a Router and a Hub. For each provide:
1. A brief description of their OSI layer(s) the device operates in.
2. The device main function(s)
3. and methods to secure access to the device?

Question 2: What's next-generation firewall (NGFW)? List one example of the technology it uses that was not available in classic firewall technologies.

Question 3: Use the Cisco command line Interface to configure two routers to communicate over a serial link.

Note. Please provide screenshots of configuration below with your name and student id visible in a notepad document.
( Use Packet Tracer Or hardware appliances)

Question 4: What is the differences between remote-access and site-to-site VPN? describe the two main IPsec protocols? What OSI layer(s) IPsec framework can protect?

Question 5: You were assigned the IPv6 address range 2001:db8:acad:a::/64. Answer the following questions:
A device (host) with an IP address 2001:db8:acad:a::aefd/64 wants to send a Ping packet to another host with a destination IP address 2001:db8:acad:b::aefd/64.
Explain the communication process describing the interaction process between Network (Internet) layer and Data-link layer and the two network addressing types.

Question 6: What is RADIUS, TACACS+? What is their benefits to secure networking traffic? What are differences between Local AAA Authentication vs Server-Based AAA Authentication methods?

Question 7: What is ACL? List types of ACL that can be used in Cisco routers? Give an example of each type with configuration commands.

Note. Please provide screenshots of configuration below including your name and student id visible in a notepad document.
( Use Packet Tracer Or hardware appliances)

Question 8: List three modern cyber security threats and provide Tools and procedures to mitigate the effects of those threats.

Question 9: Based on the article below article identify and describe 2 network security design architectures (chapter 6.4)

Question 10: Briefly explain the following:
• Security authentication standards for WLANs.
• IEEE 802.11 standards.
• ISM bands
• WPA3
• WPS

Question 11: Talk About strengths and weaknesses of RC4 comparing to AES as a WLAN encryption systems.

Question 12: In Cryptology, explain the differences between Cryptography and Cryptanalysis providing one protocol for each and list the three primary objectives of securing communications.

Question 13: List and briefly describe:
• Four asymmetric public-key algorithms used today
• Four protocols that use asymmetric key algorithms.

Question 14: For network-based Intrusion Prevention System (NIPS):
• Describe IPS & IDS functions?
• Describe how you can update the Signature Database file?
• Compare between IPS & IDS from weakness and strength view?

Question 15: What's the Plaintext resulted from deciphering using Vigenere Cipher that produced the following Ciphertext?
"k tgxs vq ftmfg fghyqek kgkmtwva nt zqtegginrn apalkhwvr"
Note. Use the below information:
Cipher code: CISCOCCNAS
Alphabet: abcdefghijklmnopqrstuvwxyz
Use repeat mode.
No case sensitive.
Note. This process should be done manually by each student

Question 16: Why is it important to keep your anti-virus (AV) updates for defending against new cyberattacks?

Question 17: Identify at least two (2) security vulnerabilities of a proxy server and what methods used to mitigate them?

Question 18: When considering WLAN, describe the relationship between the OSI Physical & Data link layers

Question 19: Develop WLAN security checklist that can be deployed for a small business.

Question 20: In order to manage Cisco networking devices, you need to access CLI of the appliances, list Three methods to access those devices and describe how you restrict and secure them.

Question 21: Explain in 50 to 100 words what a zone-based firewall is and provide an example of configuration commands.

Assessment Task 2: Skills Assessment

Task instructions:
This assessment is a portfolio of evidence and has 4 parts. You need to provide answers to knowledge questions and configure the network devices.

Part 1: Identifying the project requirements
Each response is about 50-100 words long (this is an average only; some questions will require longer responses, some shorter).

Part 2: Configure Basic Device Settings
Implement and demonstrate your solution to the give brief in the Supporting document section of this assessment. You will be required to take screenshots of your work as you implement and secure devices

Part 3: Control Administrative Access Routers and secure devices
Implement and demonstrate your solution to the give brief in the Supporting document section of this assessment. You will be required to take screenshots of your work as you implement and secure devices.

Part 4: Implemented firewall technologies
Implement and demonstrate your solution to the give brief in the Supporting document section of this assessment. You will be required to take screenshots of your work as you implement and secure devices

• You can appeal an assessment decision according to the Holmesglen Assessment Complaints and Appeals Procedure.
• If you feel you require special allowance or adjustment to this task, please decide with your assessor within one week of commencing this assessment.
• The learner may use the internet research answers for this assessment.

Part 1 - Identifying the project requirements
Based on the information you have gathered from the brief complete the following:

1. Identify the network security architecture required by the client.

2. After reading and interpreting the brief, list 3 of the client's core needs.
3. Identify at least three modern cyber security threats and attacks the client has been experiencing.
4. Describe is a sentence the (2) network security testing methodologies that could be used to test for vulnerabilities based on the brief.

Part 2 - Configure Basic Device Settings
Based on the information you have gathered from the brief configure network devices.

The following questions are to be answered in relation to the scenario outlined in the instruction

Question 1: Use the IP addressing table provided to configure basic IP addressing for routers and PCs and allocate privileges.
Note. Please provide screenshots of configuration below including your name and student id visible in a notepad document.
( Use Cisco Packet Tracer)

Question 2: Take a screenshot of the verifying the connectivity between hosts and routers. (Use Ping and traceroute commands)
Note. Please provide screenshots of configuration below including your name and student id visible in a notepad document.
( Use Cisco Packet Tracer)

Part 3: Questions
Refer to part 3 requirements of the Supporting document (Please provide screenshots of configuration below including your name and student id visible in a notepad document)

Question 1: Secure and control administrative access for Routers.

Question 2: Configure local authentication, authorization, and accounting (AAA) user authentication.

Part 4 - Implemented firewall technologies

The following questions are to be answered in relation to the scenario outlined in the instruction
1. The learner is able to Create Extended ACL as per the required specifications.
2. The learner is able to apply this ACL on the proper interface

Question 1: Create Extended ACL

Question 2: Apply this ACL on the proper interface

Assessment Task 1: Project / Portfolio - Test concepts and procedures for cyber security

Task instructions:
The learners are required to correctly answer all questions to a satisfactory level for each question of this assessment task to be given a satisfactory result by the assessor. If this is not achieved on the first attempt, then an opportunity to resubmit is allowed.

Once learners have completed all the questions, the assessment must be uploaded and submitted along with the signed assessment coversheet via Brightspace.

There are observation components which the assessor will need to observe the learner demonstrating as part of this assessment. The learner only needs to demonstrate this once. If the learner is unable to demonstrate one or more of the required Observation tasks to a satisfactory level, they will be given a second opportunity to demonstrate the unsatisfactory Observation task(s).

This assessment task is comprised of 2 main parts as follows:

Part A: Prepare the environment & Create the Virtual Machines
1. Install Required VM Machines
2. Verify if the relevant services and ports are enabled
3. Verify connectivity within the testing environment
4. Confirm Host IP Addressing
5. Port Scanning
6. Enumeration
7. Create credential lists for Hydra
8. Exploitation - Hydra

Part B: Team Configuring & Troubleshooting Processes

1. Install new Network Adapter
2. Verify & Test adapter settings for connectivity
3. Issue scripting commands - Networking
4. Troubleshooting Connections with documented steps.

Part C: Python Scripting
Auto mate at least one step in Part A using Python.

• The learners are required to correctly answer all questions to a satisfactory level for each question of this assessment task to be given a satisfactory result by the assessor. If this is not achieved on the first attempt, then a resubmission is required.
• Once learners have completed all the questions, the assessment must be uploaded and submitted along with the signed assessment coversheet via Brightspace.

This is an individual task and must be submitted to Brightspace.

• If a supplied answer is incorrect or requires further information the learner will be requested to correct the issues and resubmit the assessment via Brightspace.?
• Learners must contribute to and abide by organisational standards including intellectual property and privacy

The Print Screen (PRT SCREEN) function MUST be used to produce your screenshots, or learners are to use notepad with their Student number and name within the screenshot.

Although VMWare Workstation is the virtualization software of choice, it is acceptable to use Oracle VirtualBox if the student feels the software functions better with their device.

Assessment Task 2 - Practical

Assessment Task 2 comprises of TWO (2) Parts with several steps to each part. To be satisfactory you must complete both Part A and Part B. Screenshots of your work are required. Students will use the PRT SCRN function ONLY.
All the questions in this assessment should only be completed in order.

You are required prepare the virtual environment, create & install a Kali Linux and a Broken Virtual Machine, configure & test connectivity, complete maintenance tasks and troubleshoot.

Both your Virtual Machines should be on the HOST ONLY network adapter. The network adapter should be enabled with DHCP.

Part A: Prepare the environment & Create the Virtual Machines

Step 1: Install Broken VM machine and Kali Linux. Provide screenshot of each machine.

Step 2: Build a virtual VM network
2.1 Create a virtual network that is "host only" and with DHCP enabled. You can decide the network address by yourself. Provide a screenshot of the virtual network configuration.

2.2 Attach the Kali machine and Broken machine to the virtual network above.

Step 3: Use proper Linux command to verify Kali VM is correctly configured with an ipv4 address. Provide screenshot of the result.
Note: Because the login to the Broken machine is unknown yet. You are not required to login to the Broken machine to check its IP.

Step 4: Confirm the IP address of the target VM (Broken) by issuing the netdiscover or arp-scan commands. Provide a screenshot of your results.

Step 5: Now you are required to run a scan of the target IP address (discovered in Step 4).
5.1 Discover any running services and open ports. Issue the appropriate nmap commands and screenshot your results.

5.2 You are required to identify and explain the types of service of all discovered ports. An example has been given in the answer box.

Step 6: Enumeration - the process of discovering potential attack vectors in the target system.
In step 5, you have identified that http service is running on port 80. You are required to commence the enumeration process against the host machine by examine the website. You will see a list of files within the web browser. Use Firefox ESR or Iceweasel as a web browser. There should be six (6) files in total.

6.1 Screenshot each of the file and explain your findings. One of them has been done for you as an example.

6.2 Decode "README.md" file

The content of .html and .jpg files are straight forward, while the file "README.md" is mysterious. It is a plain text file contains many hex numbers. Here is a sample of the content and you are required to decode the data.

Theory #1. These represent a serial of meaningful numbers. To verify this theory, you are required to
1. Convert the hex numbers to decimal format. You may use this online tool to perform the conversion. And Provide a screenshot of the result.

2. You are required to analyse these decimal data and explain your conclusion below

Theory #2. Each octet in this file represent a character in ascii table. To verify this theory, you are required to
What is Ascii table
1. Convert the hex numbers to ascii characters. You may use this online tool to perform the conversion. And Provide a screenshot of the result

2. You are required to analysis these decimal data and reach a conclusion. Explain your conclusion below

Theory #3. All the data in this file represent a binary file of a kind of format (ideally a video, a piece of audio or a picture). You required to
1. Convert all the hex numbers to a binary file. You may use this online tool to perform the conversion. And Provide a screenshot of the binary file in file system.

2. You are required to run Linux "file" command against the binary file and provide a screenshot of the result

3. What is the file format of the binary file?

4. Once the format of the file is determined, open this file with proper software (e.g. image viewer for image file) and provide a screenshot of the result.

5. You are required to analysis the content of this binary file. Explain your finding below?

Step 7: You have identified some key words in the previous steps (file name of the pictures, special word in the README.md picture etc..). You will now prepare a wordlists that will be used in a brute force password attack against the Broken machine. To begin, create two (2) lists of words as you see below which will act as your username and password lists.
• 5terre
• forrest
• lights
• mountains
• broken
• gallery

Step 8: Exploitation
You are now tasked with launching your brute-force password attack against Broken. The tool of choice is ‘Hydra'. You will attack on port 22 for SSH login credentials. Remember to be persistent with Hydra.

Part B: Team Configuring & Troubleshooting Processes
NB: For Part B of the assessment task, you must now add another Network Adapter to your Kali VM Machine.

Step 1 - Add another network adapter card and issue the command on CLI that will confirm the installation of the second network adapter. Screenshot your result. (The new adapter should be on Host Only also).

Step 2: Connectivity testing.
Turn on Wireshark within Kali Linux and select the eth0 interface. Ensure Kali can still connect to Broken VM. Screenshot your results here that verify connectivity. Do not stop the ping from Kali to Broken.

Step 3: Open a new terminal in Kali and then issue the following script commands:

sudo ifconfig eth0 down
sudo ifconfig eth1 192.168.231.129 netmask 255.255.255.0
sudo route add default gw 192.168.231.253 eth1

If you have stopped the ping in Step 2, re - issue the ping command from Kali to Broken Machine. Remember Kali has a continuous ping.
Can you still ping Broken VM? Screenshot your results.

Step 4: Troubleshoot the connection issues. Document your troubleshooting methods below and issue a short report to your TSD team leader. Your report should document the steps taken before and after diagnosis. (Answer in one short paragraph or two.)

Part C: Python scripting
Now you have finished all the testing procedures manually in Part A and Part B. In this part, you are required to automate at least one of the testing steps above using Python language. Below is a list of recommended testing procedures for you to select. If you would like to automate anything outside this list, you must discuss with your assessor about the idea and obtain approval from your assessor.

Assessment Task: Portfolio - Expose website security vulnerabilities

Observation task

Below are the observation components that the learner is required to demonstrate as part of this assessment. The learner only needs to demonstrate this once. If the learner is unable to demonstrate one or more of the required Observation tasks to a satisfactory level, they will be given a second opportunity to demonstrate the unsatisfactory Observation task(s).

Task 1: Detect and Exploit Website Vulnerabilities

You've studied several web application security vulnerabilities and learnt the methods to detect them in the training. In this assessment, you're going to provide evidences of your ability to detect and exploit these vulnerabilities with a given target server. Please use Web for Pentester 1 and xvwa website for this assessment.

You must include at least one example of each of the following vulnerabilities:

Q1.1: SQL Injection (you can use Web for Pentester 1, SQLi Exercises for this)

Screenshot 1: normal user operation (e.g. name=root showing only one user)

Describe how are you going to perform SQL Injection and what are the expected results

Screenshot 2: The actual results after injection (e.g. showing all users). You must screenshot shows the URL, which indicate the use of injection code.

Q1.2: Broken Authentication and Session Management weakness (you can use xvwa website, "Session Flaws")

Describe how are you going to exploit the hijacked session token and what are the expected results

Using fixed session hijacking to login as "admin" without using the username and password.

Q1.3: Cross Site Scripting (XSS) weaknesses (you can use xvwa website, "Cross Site Scripting (XSS) - Reflected")

Screenshot 1: normal user operation (e.g. type any normal text in the input and click on submit button)

Describe how are you going to exploit the Cross Site Scripting (XSS) weaknesses?

Screenshot 2: Input XSS code and submit. You must screenshot shows the URL, which indicate the use of XSS code.

Q1.4: Insecure Direct Object Reference (you can use xvwa website, "Insecure Direct Object Reference")

Screenshot 1: normal user operation (e.g. use the dropdown list to select coffee item from 1 to 5)

Describe how are you going to perform Insecure Direct Object Reference and what is the expected results

Screenshot 2: The actual results of IDOR testing. You must screenshot shows the URL, which indicate the use of testing method.

Portfolio
In Task 1, you have detected security vulnerabilities against the target website. Choose one of the vulnerabilities you find above and complete the following report using the template provided.

In Task 1, you have detected security vulnerabilities against the target website. Choose one of the vulnerabilities you find above and complete the following report using the template provided.

Q2.1 Executive summary

Q2.2 Report headings:

Q2.3 Categorization and Rating

Q2.4 Authenticated Access Required

Q2.5 External/Internal Access

Describe if you are testing the target web application from internal network or external network, or both?

Q2.6 Vulnerability Description

** Detailed description of the vulnerability. What was done, what was seen. Paste logs and screenshots in this section. **

Q2.7 Steps to Reproduce

** Describe step by step how to reproduce this issue. The instruction you documented in this section will be used by the developers of the application to test and fix the issue. **

Q2.8 Risk

** Refer to OWASP Top Ten document to identify the risk of the issue **

Q2.9 Remediation

** Refer to OWASP Top Ten document to provide remediation of the issue to the client **

Q2.10 Present your 2.1~2.9 report to a peer in the team and ask for feedback. Record the feedback you received down below

Q2.11 Review a peer's report and give feedback. Record the feedback you gave down below

Task 3: Work with a Proxy and Web Proxy Testing tools (BurpSuite)

In this task, you'll need to use BurpSuite as a proxy tool to intercept a Google query and modify it.

Q3.1 Screenshot: BurpSuite - showing web proxy is UP and interception is ON

Q3.2 Screenshot: Client - with proxy enabled and configured to use BurpSuite

Q3.3 Screenshot: Client - at Google web page, searching for apples

Q3.4 Screenshot: BurpSuite - intercepting the initial request (Google search for apples)

Q3.5 Screenshot: BurpSuite - after you alter the query (Alter the key word to oranges)

Q3.6 Screenshot: Client - results of the altered query (Google search result for oranges)

Task 4: Using Nikto to scan for common security vulnerabilities
Q4.1 Screenshot(s): Depending on your screen resolution and if you've used Nikto correctly, you may see many pages of information. If it takes more than one screen use two screenshots: screenshot the one showing you type the command for Nikto (top of output) and another one showing the end of the output.

Q4.2 Nikto may find several issues and vulnerabilities. Choose one and research it:

Task 5: Using OWASP ZAP to spider a website

Use OWASP Zap to spider either WebForPentester 1 or xvwa website on your computer.

Q5.1 Answer the following two questions about web spidering.

What is website / web application spidering?

Name at least 2 software tool that could spider website / web application.

Q5.2 Describe / screenshot how to use OWASP ZAP tool to spider a website / web application.

Q5.3 Conduct a spidering to a target website. When finished, expand and screenshot the result node tree captured

Write down the URL of the target website

Expand and screenshot the result node tree captured (You are required to FULLY expand at least 2 nodes)

Attachment:- Implement network security infrastructure for an organisation.rar

Reference no: EM133011656

Questions Cloud

What total amount should be reported : Grand Company reported the following accounts at the end of reporting period; What total amount should be reported as non - current investments
Describe the type of costing system : Describe the type of costing system that is most appropriate for each type of service organisation. Identify the key features and give an example of a service.
Prepare journal entries on insto books to record information : Prepare journal entries on Insto books to record the preceding information, including the adjusting entry at the end of the year and payment of note at maturity
Is a reasonable attitude and explain why : Is this a reasonable attitude? Explain why. Ali and Johan are best friends who used their savings and all the monetary gifts they received.
Differences between remote-access and site-to-site VPN : What is the differences between remote-access and site-to-site VPN? describe the two main IPsec protocols? What OSI layer(s) IPsec framework can protect?
What is hunter cellars break-even point in units : If Hunter Cellars has a target profit of $570,000.00 how many bottles of wine would it have to sell? What is Hunter Cellars break-even point in units
Calculate the relevant costs for harry pies : Calculate the relevant costs for Harry's Pies if it continues to make its own pies. Harry's Pies currently makes the crust in-house for the various pies.
Determine the standard material cost of ten litre container : Boysen Industries manufactures outdoor paints used. Determine the standard material cost of a 10 litre container of the new paint for Boysen Industries.
Components of a performance management appraisal system : Describe the components of a performance management appraisal system

Reviews

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd