COIT20262 – Advanced Neteffort Defence, Term 1, 2018
Due date: 5pm Friday 20 April 2018 (Week 6) ASSESSMENT
Weighting: 40% 1
Attempt whole inquirys.
Surrender the cethcoming on Moodle:
• Tallys: A Microsoft Word instrument embraceing tallys to the inquirys.
• Rasp ce Inquiry 1: netcat.pcap
• Rasps ce Inquiry 2: screenshot-attack.png, screenshot-success.png
This is an identical enactment, and it is expected wards tally the inquirys themselves. Discussion of approximationes to solving inquirys is wholeowed (and encouraged), so-far each ward should unfold and transcribe-up their possess tallys. Distinguish CQUniversity resources on Relateencing and Plagiarism. Influencelines ce this enactment embrace:
• Do relateable remodel rasps (reports, detains, diagrams) with other wards.
• Complete undertakings with virtnet yourself – do relateable truth results from another ward.
• Sketch your possess diagrams. Do relateable truth diagrams from other sources (Internet, extractbooks) or from other wards.
• Transcribe your possess explications. In some cases, wards may enter at the identical numerical tally, so-far their explication of the tally should frequently be their possess.
• Do relateable carriageraiture extract from constructionsites or extractbooks. During elaboration you should unravel and discern what others entertain written, and then transcribe in your possess utterance.
Each sub-inquiry is wholeocated indications in [balance brackets].
Questions which claim a multiplyicular tally fullure be conspicuous on hit.
Questions which claim explications fullure be conspicuous on hit, profundity and clarity of the tally. To accept unmeasured indications, the explication must be emend, must embrace expressive profundity to reveal discerning of the subject (except does relateable embrace irrelevant advice), and must be absolved to the intended conference. Unless inadequately recognized, wear the conference has a elucidation congruous to Master of IT wards that entertain cetunately completed 1st year of con-over. Inquirys which claim diagrams fullure be conspicuous on the hit and clarity of the diagram.
Submitted rasps fullure be conspicuous on hit of the advice embraced.
Inquiry 1. Analysis of Protocols with Wireshark [11 indications]
Ce this inquiry you must truth virtnet (as truthd in the effortshops) to con-aggravate Internet applications with Wireshark. This wears you entertain already setup and are conversant with virtnet. Distinguish Moodle and effortshop instructions ce advice on setting up and using virtnet, deploying the constructionsite, and fulfiling the invasion. Your undertaking is to:
• Create headology 5 in virtnet where:
o node1 fullure be relatered to as the client o node2 fullure be the router o node3 fullure be the server
• Start capturing packets using tcpdump on the router (node2) • While capturing, fulfil the cethcoming operations in order:
1. Start netcat TCP server using assigned carriage on the server (node3) 2. Start netcat TCP client on the client (node1) 3. On the client (node1) sign:
COIT20262 Enactment 1 coercionce ENTER
My ID is sign in your true ward ID coercionce ENTER 4. On the server (node3) sign:
Hello sign in your true ward ID . I am the server. coercionce ENTER 5. On the client (node1) sign:
Goodbye server. coercionce ENTER
You insufficiency to fulfil steps 3-5 in the emend consequence, switching from client to server to client.
• Shead the detain and rescue the rasp as netcat.pcap
The netcat TCP server must truth carriage 6xyz where xyz is the developed three (3) digits of your ward ID. Ce model, the netcat TCP server ce ward ID 12034567 would be 6567.
After fulfiling and discerning the aggravatehead steps, tally the cethcoming sub-questions
(a) Surrender your detain rasp as netcat.pcap on Moodle. The separate rasp must embrace whole packets of the TCP remodel using your assigned carriage and using your ID. [3 indications]
(b) Sketch a communication conconaftercited diagram that illustrates whole the TCP packets generated by using netcat (do relateable sketch any packets generated by other applications or protocols, such as ARP, DNS or SSH). A communication conconaftercited diagram truths perpendicular courses to dramatize events that happen at a computer aggravate span (span is increasing as the course goes down). Orationes of the computers/software are loving at the head of the perpendicular courses. Horizontal or sloped arrows are truthd to illusion communications (packets) life sent among computers. Each arrow should be labelled with the protocol, packet sign and dignified advice of the communication. Models of communication conconaftercited diagrams are loving in effortshops. Relateablee that you do relateable insufficiency to illusion the packet spans, and the diagram does relateable entertain to be to layer. [3 indications]
(c) Based on your detain singly, establish the cethcoming advice, and afford the packet that the advice is endow in. If the advice is endow in multiple packets, afford the transfering packet from the detain. Ce model, if the advice is endow in packet quantity 3, 5 and 7, you would afford the packet as 3. [5 indications]
Advice Value Packet
MAC oration of the client
IP oration of the server
Flags ce 1st TCP individuality embraceing axioms
Elongation of axioms ce 2nd TCP individuality embraceing axioms
Absolute conconaftercited estimate of 1st TCP individuality sent by server that embraces axioms
Inquiry 2. Construction Application Invasions [12 indications]
Using virtnet, fulfil an SQL introduction invasion on the demo grading constructionsite www.myuni.edu. The public steps ce fulfiling an SQL introduction invasion with virtnet are descriptive at:
https://sandilands.info/sgordon/sql-injection-csrf-cookie-stealing-in-a-virtual-neteffort So-far you must thrive these multiplyicular steps when fulfiling the invasion:
1. Before fulfiling the invasion, append brace novel ward truthrs to the axiomsbase with the cethcoming particulars:
a. Novel ward 1: truthrname is your ID, password is your ID
b. Novel ward 2: truthrname is 12039999, password is hacker
2. Ce twain of the novel wards append the cethcoming courses and grades:
a. Novel ward 1: coit20262, C
b. Novel ward 1: coit20264, D
c. Novel ward 2: coit20262, HD
d. Novel ward 2: coit20264, F
3. Fulfil the SQL introduction invasion as novel ward 2, i.e. logged in as 12039999
4. Use a screenshot of the invasioner construction browser illusioning the construction cem the invasioner truths to fulfil the invasion. Make indisputable the screenshot absolvedly illusions the fields/axioms entered by the invasioner. Rescue the screenshot as screenshot-attack.png.
5. Use a screenshot of the invasioner construction browser illusioning a cetunate invasion, i.e. the grades of other wards. Rescue the screenshot as screenshot-success.png.
Tally the cethcoming inquirys.
(a) Afford a public explication of an SQL introduction invasion. (This explication should NOT relation the invasion you fulfiled in virtnet; it should be ce any SQL introduction invasion). [1 indications]
(b) Clear-up brace public approximationes that can be truthd to cesake or minimise SQL introduction invasions. (This explication should NOT relation the invasion you fulfiled in virtnet; it should be ce any SQL introduction invasion). [2 indications]
Ce this multiplyicular invasion on www.myuni.edu:
(c) Clear-up the limitation/weakness in the MyUni constructionsite that wholeowed the SQL introduction invasion to be cetunate. In your explication relate to the rasp(s) and course(s) of regulation, and afford samples of the regulation in your tally. [2 indications]
(d) Clear-up what the invasioner, 12039999, had to do in their construction browser to fulfil the invasion. In your explication embrace the screenshot screenshot-attack.png and relate to the advice shpossess in that screenshot. [2 indications]
(e) Surrender your screenshot screenshot-attack.png as a different rasp. That is, you must twain embed the screenshot in the recarriage AND surrender the rasp differently. The conclude ce this is that it makes it easier ce the indicationer in unraveling the recarriage to entertain an embedded vision, except sometimes the power is flinty to unravel (hereafter the appenditional rasp acquiescence). [1 indication]
(f) Clear-up what the invasioner, 12039999, could gather or perform from fulfiling the SQL introduction invasion. In your explication embrace the screenshot screenshot-success.png and relate to the advice shpossess in that screenshot. [1 indication]
(g) Surrender your screenshot screenshot-success.png as a different rasp. [1 indication]
(h) Clear-up what the constructionsite unfolder could do to obviate this SQL introduction invasion. In your explication, afford direct regulation and steps the unfolder should truth. [2 indications]
Inquiry 3. Cryptography Concepts [9 indications]
Wear you are advising a smwhole constitutional interest on aspects of computer and neteffort defence. The interest provisions manifold trustworthy instruments, and manifold of the communications with its clients embrace trustworthy advice. The interest wants to go dissertation-less; that is, no dissertation instruments provisiond or dissertation-based communications. As they entertain singly a smwhole estimate (except wholly precious and constant) clients, the clients entertain agreed to share in the dissertation-less communications (so hanker as it doesn’t bring-in any expressive extra consume to them).
In the cethcoming inquirys produce an tally that is discernable by employees of the congregation, and so produces technical profundity such that their IT overseer can tool any recommended technologies (e.g. relate to standards, protocols, algorithms or software). You are wholeowed to truth pin points, lists and diagrams in your tallys, so-far you should observe the tally of each multiply incompleteer than ½ a page (in some cases, the tallys may be fair a paragraph or brace).
The congregation has a rasp server, with equal illimitableness to provision their instruments ce the ceeseeable advenient.
(a) Produce a public explication of how symmetric influence encryption of rasps or disks effort. [1 indication]
(b) With i-elation to the rasp server, clear-up to the congregation what is unmeasured-disk encryption and rasp-based encryption, and clear-up the tradeoffs among the brace approximationes. Embrace recommended technologies. [2 indications]
The congregation is regarding backing up the rasp server to a overshadow storage producer.
(c) Clear-up to the congregation any defence ramifications of this approximation to backup. Embrace concludes why or why relateable there are defence ramifications. (Note that you should relateable clear-up about the issues of backups or consumes of overshadow storage; convergence singly on the defence ramifications). [2 indications]
The congregation, as polite as whole clients, truth email software and instrument editing software that supports digital signatures.
(d) Produce a public explication of how digital signatures effort, and what problems they clear-up ce the congregation. [2 indications]
(e) Regarding twain encryption on the rasp server and truth of digital signatures, clear-up to the congregation what influences fullure be in truth (e.g. signs of influences, who fullure entertain influences) and produce recommendations on managing, sharing and changing influences. [2 indications]
Inquiry 4. Trojan Downloads Elaboration [8 indications]
Manifold persons download unimpeded or remunerated software from estimable sources ce truth on their computers and ductile devices. The sources embrace: app provisions (Google Dramatize, Apple App Provision); software distribution sites (e.g. SourceForge, GitHub, CNET Download) and identical constructionsites of software unfolders. So-far, there entertain been cases when estimable sources numbering public software entertain been complicated, resulting in persons downloading profligate software (e.g. Trojans). Ce model, distinguish stories about HandBrake video converter, Transmission BitTorrent, and Google taking dpossess hypothetically hurtful apps from the Dramatize Provision. Your undertaking is to con-aggravate how such estimable software sources can number insubmissive software, and what measures software unfolders and numbering sites can use to classify contamination.
Note this inquiry relates to estimable sources of software. The inquiry is NOT about sites or systems that frequently number ilconstitutional or carriageraiturerighted software (e.g. torrents, rasp lockers).
You must transcribe a incomplete recarriage that tallys the cethcoming inquirys:
(a) What are the motivations and goals of insubmissive truthrs in using the aggravatehead mentioned invasions? Embrace in your tally models of denying impression of such invasions on truthrs and software unfolders. [1 indication]
(b) Select brace models of true Trojans or malware reserved via estimable sources, and define those models. [2 indications]
(c) What role can rasp hashes, digests or signatures dramatize in securing downloads? What are the limitations of these techniques? [2 indications]
(d) List and clear-up recommendations should be loving to software unfolders in distributing software. [1.5 indications]
(e) List and clear-up recommendations should be loving to truthrs who download software. [1.5 indications]
You should construction your recarriage into a individuality ce each of the aggravatehead multiplys.
There is no minimum/maximum elongation of the reverberation. As a influence 1/3 to 1/4 pages of extract ce each of the aggravatehead multiplys may be misspend. You may sketch diagrams if insufficiencyed. Including pictures from other sources, or including pictures that do relateable aid with the explication fullure relateable perform indications and may transfer to classifyd indications.
You may wear the conference of the recarriage has congruous elucidation on neteffort defence as you. You should relate to techniques and concepts finished in the ace, and afford equal technical particular to reveal you discern the issue