1)Research and define a complex and realistic network setup, including specific devices that would make part of the network.
2) Research 2 vectors, that hackers could use to gain access to the network (or parts of it), as well as mitigation solutions to protect against such attacks.
3) Write a report to document the research carried out.
A 5-page IEEE double column format report including all figures, tables and references.
1. Executive Summary
• Brief description of the scope and objectives.
• Brief description of the network and justification why you chose this network type.
• Summary of key findings and recommendations.
2. Network Setup
• Describe the process you followed to define the network setup (e.g., researched network types, researched specific devices, etc.).
• Discuss the aspects that make this a realistic and complex network setup. Page 1 of 3
• Draw and include a diagram of your network setup. Note that if you choose a large network you should only draw its main components and devices (e.g., do not draw tens or hundreds of clients but draw a client device from different categories such as HR, IT, lecturer, student, etc.).
• Describe the network characteristics, its type (e.g., LAN, WAN, etc.), its purpose (e.g., home network, SME network with only company devices or both company and BYOD devices, campus network, hospital network, etc.).
• Include a summary table of the main devices making up the network (e.g., client devices, servers, routers, switches, appliance firewalls, IoT devices, etc.). For each specific device or device class include the main hardware (e.g., manufacturer, model), and software details (e.g., OS, main service application like Apache/IIS web server, main client application, etc.). Do not include too many details, but include details that are important for the attack vector (e.g., mention your network card chip and firmware if you will discuss some vulnerability with them, mention the vulnerable client application that can be exploited such as MS Word, Chrome, or Zoom, etc.).
• Assumptions that you make related to your network setup (e.g., if client devices run older OS version like Windows 7 or Android 8, provide some market share statistics or estimates to show the percentage of devices using this version globally or in specific context, e.g., hospitals). Your main assumption is that the network and devices are quite secure, so focus on recent vulnerabilities and attacks (e.g., from the past 2-3 years).
• The idea is not to just have a generic diagram but a personalised network. For example, if you choose to focus on a home network, personalise it with specific devices you personally have (e.g., smartphones, laptop/desktop PCs, gateway/router, TVs, game console, IP camera or other IoT devices, etc.), and if your network would be too basic expand it by adding some more specific devices that you would like to have. If you choose to focus on a company network, connect to your work experience (if you have any) and/or do some research and exemplify with specific routers/switches/firewalls that a company may use (e.g., by Cisco, Juniper, etc.), servers and/or client desktops/laptops that a company may use (e.g., by Dell, Apple, etc.), client devices that BYOD employees would potentially use (e.g., Windows / Mac OS / Linux laptops, iPhones, Android Smartphones, etc.). Note that you may also consider that many companies use cloud services, rather than buying and maintaining their own HW servers.
• Make sure to cite all relevant sources you consult while defining your network setup.
3. Attack Vectors
• Start the section with a paragraph summarising how the attack vectors are different (e.g., in terms of techniques, targeted technologies / devices, vulnerabilities, exploits, etc.).
• It would also be good to include a table summarising the main characteristics of the attack vectors (e.g., type, techniques, vulnerability CVE and name, exploit, etc.).
• Have a separate subsection with meaningful heading for each of the attack vectors.
• In each subsection include a detailed description of the attack vector, interpretation and critical analysis
of the findings. The details can include but may not be limited to:
implanting malware, exploiting software vulnerabilities, etc.).
being targeted (e.g., wireless technologies WiFi / 4G / Bluetooth, network devices like routers /
switches / appliance firewalls, servers, client devices, IoT devices, etc.).
o Vulnerabilities (e.g., in hardware, software, protocols). Include CVE numbers and details about
specific vulnerabilities that could be exploited as part of the attack (e.g., you can search databases
such as https://cve.mitre.org/ or https://nvd.nist.gov/).
o Exploits – detail any known exploits for the vulnerabilities (e.g., you can search Google and/or
exploit databases such as https://www.exploit-db.com/).
o Reference and briefly describe real world security incidents that used this attack vector on
individuals or companies to support your answers.
Page 2 of 3
4. Mitigation Solutions
• Research and discuss mitigation solutions and provide recommendations on how individuals / organisations can protect themselves against these attacks (e.g., best practices, firewalls, IDS, anti-virus, network segregation, VLANs, etc.).
• Reference and discuss specific patches/update numbers, new guidelines (e.g., NIST SP 800-63 B (2020) for password guidance), or legislation (e.g., California bans default passwords), new standards (e.g., WPA3), and discuss what would be the consequences for the users (e.g., using stronger passwords may be cheaper than buying WPA3 access points).
• Include an overall discussion of the main findings, limitations and implications.
• Detail next steps (i.e., what else would you do if you had more time).
Hi there! Click one of our representatives below and we will get back to you as soon as possible.