MN502 Overview of Network Security
[ad_1]
Prepared by: Dr Wanod Kumar Moderated by: Dr SM Farhad March, 2020
Assessment Details and Submission Guidelines | |
Trimester | T1, 2020 |
Unit Code | MN502 |
Unit Title | Overview of Network Security |
Assessment Type |
Group Assignment (Maximum 4 Students in a group) |
Assessment Title |
Security in Networked Systems (Assignment 2) |
Purpose of the assessment (with ULO Mapping) |
The purpose of this assignment is to develop skills to independently think of innovation. Students will be able to complete the following ULOs: c. Explain the major methodologies for secure networks and what threats they address; d. Identify and report network threats, select and implement appropriate countermeasures for network security. |
Weight | 30% |
Total Marks | 80 |
Word limit | 2500-3000 |
Video length | 5-7 Minutes |
Due Date | Thursday 4/06/2020 |
Submission Guidelines |
All work must be submitted on Moodle by the due date along with a title Page. The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2.54 cm margins on all four sides of your page with appropriate section headings. Demonstration video must include presenters’ video. It must be created using Zoom app. Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using IEEE referencing style. |
Extension | If an extension of time to submit work is required, a Special Consideration Application must be submitted directly to the School’s Administration Officer, in Melbourne on Level 6 or in Sydney on Level 7. You must submit this application three working days prior to the due date of the assignment. Further information is available at: https://www.mit.edu.au/about-us/governance/institute-rules-policies-and plans/policies-procedures-and-guidelines/assessment-policy |
Academic Misconduct |
Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at: http://www.mit.edu.au/about-mit/institute-publications/policies procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy Procedure. For further information, please refer to the Academic Integrity Section in your Unit Description. |
Unit Code: MN502 Unit Name: Overview of Network Security Page#2 of 4
Prepared by: Dr Wanod Kumar Moderated by: Dr SM Farhad March, 2020
Assignment Description
Blue Ridge Consulting Services (BRCS) provides security consulting and services to over 1000 clients
across a wide range of enterprises in Australia. A new initiative at BRCS is for its two offices in Sydney
and Melbourne to provide internships to groups of students who are pursuing their postgraduate
studies in reputed institutes in Sydney and Melbourne in the Networking and Cyber Security domains.
Student groups are required to demonstrate outstanding writing and presentation skills about thier
theoretical as well as practical knowledge related to information security. Further, groups must
demonstrate excellent teamwork and collaboration skills.
To evaluate suitable candidates/groups for this prestigious internship program, BRCS has advised
student groups from multiple institutes to prepare a detailed report and a video demonstration of
two penetration tools. Detailed description of these two parts is given in following sections.
Part I: Report (2500-3000 Words)
The report must include following sections:
A. Preventing Vishing Attacks (700 Words)
Vishing, or voice phishing, continues to increase as an attack against users. What would you
do to help prevent users from becoming victims? First, access the online SoundCloud
repository by NumberCop that contains five different recordings for vishing attacks
(https://soundcloud.com/numbercop). After listening to several of the recordings, based on
your analysis address following:
1. What attackers typically ask and how they craft their attacks?
2. What messages do the attacker commonly use?
3. How do they trick users into entering the information?
4. Write your recommendations that would help users resist these attacks.
B. Block Cipher Modes of Operations (700 Words)
A block cipher manipulates an entire block of plaintext at one time. Block cipher mode of
operation specifies how block ciphers should handle these blocks. Most common modes are
Electronic Code Book (ECB), Cipher Block Chaining (CBC), Counter (CTR), and Galois/Counter
(GCM). Research block cipher modes of operation. Based on your research and analysis
1. Explain the working mechanism of ECB. How ECB can be compromised.
2. Discuss in detail two modes of operation (CBC, CRT, and GCM). With the help of
diagrams, explain how these modes convert plaintext into ciphertext.
3. Which mode would you recommend for encryption? Justify your recommendation.
C. Terminal Access Control Access Control Systems+ (700 Words)
A user accessing a computer system must present credentials or identification when logging
in to the system. Different services can be used to provide identity and access services.
Terminal Access Control Access Control Systems+ (TACACS+) is one such important service.
Unit Code: MN502 Unit Name: Overview of Network Security Page#3 of 4
Prepared by: Dr Wanod Kumar Moderated by: Dr SM Farhad March, 2020
1. With the help of a diagram, discuss how does TACACS+ work?
2. In what settings it is most likely to be found? How widespread is its usage?
3. What are its advantages and disadvantages?
4. When would you recommend using TACACS+ over Kerberos? Justify your
recommendation by comparing different features supported by both services.
D. Cyber Physical System: Smart Grid (700 Words)
Smart Grid is one of the Cyber Physical System technologies, which develops and implements
measurement science underpinning modernisation of the Nation’s electrical power system
(electric grid) in order to improve system efficiency, reliability and sustainability, by
incorporating distributed intelligence, bi-directional communications and power flows, and
additional advancements. Based on your research
1. Discuss smart Grid network architecture (System Component and Network Components),
Recent developments in Smart Grid networks.
2. Analyse the importance of cybersecurity in Smart Grid networks
3. Analyse critically, two current or possible future security issues in Smart Grid networks.
4. Propose a possible solution for one of the threats identified
E. References
Must consider at least 10 current references from journal/conference papers and books. Must
follow IEEE style.
Part II: Video Demonstration (5-7 Minutes)
A Penetration testing, also called pen testing or ethical hacking, is a mechanism of testing a computer
system, network or web application to determine security vulnerabilities that an attacker could
exploit. Burp Suite and OWASP Zed Attack Proxy (ZAP) are two penetration testing tools for web
applications having similar features.
As a team of four, create a 5-7 minutes video demo using Zoom application (along with presenters’
video) addressing following tasks.
1. Analyse and compare features of these tools.
2. Download and install each selected tool on your personal /lab computer using Virtual
machine (Kali Linux /Windows) in Virtual Box. Perform and explain penetration testing
against two vulnerable web applications.
3. Which tool among these two would you recommend? Justify your recommendation.
NOTE: To complete a shared goal, both teamwork and collaboration play important role. Therefore,
for this complete task, excellent teamwork and collaboration sills must be demonstrated.
Unit Code: MN502 Unit Name: Overview of Network Security Page#4 of 4
Prepared by: Dr Wanod Kumar Moderated by: Dr SM Farhad March, 2020
Submission Guidelines
| The assignment should be submitted on the Moodle in two separate files: o The report should be submitted as a Word file |
o The demonstration should be submitted as a video file
|
Demonstration video must include presenters’ video. It must be created using Zoom app. Do not use Wikipedia as a source or a reference. Make sure you properly reference any diagram/graphics used in the assignment. |
Marking criteria for Assignment #2
Part I: Report | Description of the section | Marks |
A. Preventing Vishing Attacks |
Based on your analysis address following: 1. What attackers typically ask and how they craft their attacks? [3 Marks] 2. What messages do the attacker commonly use? [3 Marks] 3. How do they trick users into entering the information? [3 Marks] 4. Write your recommendations that would help users resist these attacks. [3 Marks] |
12 |
B. Block Cipher Modes of Operations |
1. Explain the working mechanism of ECB. How ECB can be compromised. [3 Marks] 2. Discuss in detail two modes of operation (CBC, CRT, and GCM). With the help of diagrams, explain how these modes convert plaintext into ciphertext. [6 Marks] 3. Which mode would you recommend for encryption? Justify your recommendation. [3 Marks] |
12 |
C. Terminal Access Control Access Control Systems+ (TACACS+) |
1. With the help of a diagram, discuss how does TACACS+ work? [3 Marks] 2. In what settings it is most likely to be found? How widespread is its usage? [3 Marks] 3. What are its advantages and disadvantages? [3 Marks] 4. When would you recommend using TACACS+ over Kerberos? Justify your recommendation by comparing different features supported by both services. [3 Marks] |
12 |
D. Cyber Physical System: Smart Grid |
1. Smart Grid network architecture (System Component and Network Components), |
12 |
Unit Code: MN502 Unit Name: Overview of Network Security Page#5 of 4
Prepared by: Dr Wanod Kumar Moderated by: Dr SM Farhad March, 2020
Recent developments in Smart Grid networks. [3 Marks] 2. The importance of cybersecurity in Smart Grid networks [3 Marks] 3. Analyse critically, two current or possible future security issues in Smart Grid networks. [3 Marks] 4. Propose a possible solution for one of the threats identified. [3 Marks] |
||
E. References | Must consider at least 10 current references from journal/conference papers and books. Must follow IEEE style. |
5 |
Part II: Video Demonstration |
Description of the section | Marks |
Penetration Tools | Burp Suite and OWASP Zed Attack Proxy (ZAP) are two penetration testing tools for web applications having similar features. 1. Analyse and compare features of these tools. [4 Marks] 2. Download and install each selected tool on your personal /lab computer using Virtual machine (Kali Linux /Windows) in Virtual Box. Perform and explain penetration testing against two vulnerable web applications (Include snapshots). [10 Marks] 3. Which tool among these two would you recommend? Justify your recommendation. [3 Marks] |
17 |
Presentation | The information and technical knowledge are presented clearly and effectively. |
5 |
Teamwork and Collaboration |
Excellent teamwork and collaboration skills must be demonstrated |
5 |
Total Assignment Marks | 80 |
Unit Code: MN502 Unit Name: Overview of Network Security Page#6 of 4
Prepared by: Dr Wanod Kumar Moderated by: Dr SM Farhad March, 2020
Marking Rubric for Assignment #2
Grade Mark |
HD 80% + |
D 70%-79% |
CR 60%-69% |
P 50%-59% |
Fail <50% |
Excellent | Very Good | Good | Satisfactory | Unsatisfactory | |
Preventing Vishing Attacks /12 |
A very detailed and very clear discussion |
A well written and clear discussion . |
Generally good discussion . |
Very brief discussion. |
Poor discussion with irrelevant details |
Block Cipher Modes of Operations /12 |
A very clear and in-depth discussion about Block Cipher Modes of Operations |
Very clear discussion about Block Cipher Modes of Operations |
Generally good discussion about Block Cipher Modes of Operations |
Brief discussion about the Block Cipher Modes of Operations |
Poor discussion about Block Cipher Modes of Operations with irrelevant information |
Terminal Access Control Access Control Systems+ (TACACS+) /12 |
A very detailed and very clear discussion about TACACS+ |
Very clear discussion about TACACS+ |
Generally good discussion about TACACS+ |
Brief discussion about TACACS+ |
Poor discussion with irrelevant information |
Cyber Physical System: Smart Grid /12 |
Analysis and discussion are covered in depth. |
Analysis and discussion are relevant and soundly analysed. |
Analysis and discussion are generally relevant and analysed. |
information presented is somewhat relevant and brief. |
Topics presented are not relevant to the assignment topic. |
References /5 |
Clear styles with excellent source of references. |
Clear referencing style |
Generally good referencing style |
Unclear referencing style |
Lacks consistency with many errors. |
Penetration Tools /17 |
An in-depth and very clear discussion about the Penetration Tools |
Very clear discussion about the Penetration Tools |
Generally good discussion about the Penetration Tools |
Brief discussion about the Penetration Tools |
Irrelevant discussion about the Penetration Tools |
Presentation /5 |
Excellent delivery, easy to follow and good interaction |
Delivered, easy to follow and provided a level of interaction |
Delivered and provided a level of interaction |
Delivered | Unsatisfactory |
Teamwork and Collaboration /5 |
Excellent | Very good | good | satisfactory | Unsatisfactory |
[Button id=”1″]
[ad_2]
Source link