Reference no: EM132218529
This is an individual assignment, and it is expected students answer the questions themselves. Discussion of approaches to solving questions is allowed (and encouraged), however each student should develop and write-up their own answers. See CQUniversity resources on Referencing and Plagiarism. Guidelines for this assignment include:
• Do not exchange files (reports, captures, diagrams) with other students.
• Complete tasks with virtnet yourself - do not use results from another student.
• Draw your own diagrams. Do not use diagrams from other sources (Internet, textbooks) or from other students.
• Write your own explanations. In some cases, students may arrive at the same numerical answer, however their explanation of the answer should always be their own.
• Do not copy text from websites or textbooks. During research you should read and understand what others have written, and then write in your own words.
• Perform the tasks using the correct values listed in the question and using the correct file names.
File Names and Parameters
Where you see [StudentID] in the text, replace it with your actual student ID. If your student ID contains a letter (e.g. "s1234567"), make sure the letter is in lowercase.
Where you see [FirstName] in the text, replace it with your actual first name. If you do not have a first name, then use your last name. Do NOT include any spaces or other non-alphabetical characters (e.g. "-").
Marking Scheme
A separate spreadsheet lists the detailed marking criteria.
Assignment : Advanced Network Security
Question 1. Cookie Stealing Attack
For this question you must use virtnet (as used in the workshops) to perform a cookie stealing attack. This assumes you have already setup and are familiar with virtnet. See Moodle and workshop instructions for information on setting up and using virtnet, deploying the website, and performing the attack. The tasks and sub-questions are grouped into multiple phases. You must complete all phases, in order.
Phase 1: Setup
1. Create topology 7 in virtnet.
2. Add a new normal student user to the MyUni grading system. The user must have:
a. Username: [StudentID]
b. Password: [FirstName]
3. Add a new malicious student user to the MyUni grading system. The user must have:
a. Username: 12345678
b. Password: [StudentID]
4. Add a grade for the normal student user for unit/course ‘coit20262' with a grade of what you expect to receive this term, e.g. HD, D, C, P or F.
5. Change the title of the MyUni website by editing header_footer.php and changing the Grades line to:
Grades:[StudentID]
6. Change the domain of the MyUni website to www.[StudentID].edu by editing the /etc/hosts files.
7. Test that the existing users and new student can access the grading website.
The roles of nodes in topology 7 are:
• node1: Web browser (lynx) of normal student user.
• node2: Web browser (lynx) of malicious student user.
• node3: Capture of packets with tcpdump.
• node4: MyUni grading website.
• node5: not used in this question.
Phase 2: Capture Cookies
8. Start capturing on node3 using tcpdump.
9. The normal student user must do the following on node1:
a. Visit the MyUni grading website, e.g. as below or with any options: lynx
b. Follow the "Login" link and login
c. Follow the "View grades" link and enter their username and ‘coit20262' to view the course/unit grade, and submit.
d. Follow the "Logout" link.
e. Exit lynx by pressing q for quit.