COIT20262 – Advanced Network Security, Term 1, 2018 Assignment 1

COIT20262 – Advanced Netcomposition Warranty, Term 1, 2018
Ordinance 1
Due date: 5pm Friday 20 April 2018 (Week 6) ASSESSMENT
Weighting: 40% 1
Length: N/A
Instructions
Attempt total headics.
Suggest the aftercited on Moodle:
• Confutations: A Microsoft Word instrument incloseing confutations to the headics.
• Rasp restraint Headic 1: netcat.pcap
• Rasps restraint Headic 2: screenshot-attack.png, screenshot-success.png
This is an different ordinance, and it is expected tyros confutation the headics themselves. Discussion of admissiones to solving headics is totalowed (and encouraged), eventually each tyro should disclose and transcribe-up their admit confutations. Visit CQUniversity resources on Applyencing and Plagiarism. Superintendlines restraint this ordinance involve:
• Do applyable attributable attributable attributable attributable attributable attributable remodel rasps (reports, accepts, diagrams) with other tyros.
• Complete lessons with virtnet yourself – do applyable attributable attributable attributable attributable attributable attributable airraiture results from another tyro.
• Delineate your admit diagrams. Do applyable attributable attributable attributable attributable attributable attributable airraiture diagrams from other sources (Internet, quotationbooks) or from other tyros.
• Transcribe your admit senses. In some cases, tyros may land at the selfselfsame numerical confutation, eventually their sense of the confutation should regularly be their admit.
• Do applyable attributable attributable attributable attributable attributable attributable observation quotation from edificesites or quotationbooks. During elimination you should unravel and recognize what others avow written, and then transcribe in your admit tone.
Marking Scheme
Each sub-topic is totalocated symptoms in [plain brackets].
Questions which insist-upon a local confutation earn be applyableiceable on ceesight.
Questions which insist-upon senses earn be applyableiceable on ceesight, profundity and clarity of the confutation. To assent-to bountiful symptoms, the sense must be rectify, must involve expressive profundity to manifest recognizeing of the theme (still does applyable attributable attributable attributable attributable attributable attributable involve adverse instruction), and must be plain to the calculated auditory. Unless inadequately systematic, usurp the auditory has a contrast homogeneous to Master of IT tyros that avow auspiciously completed 1st year of con-over. Headics which insist-upon diagrams earn be applyableiceable on the ceesight and clarity of the diagram.
Submitted rasps earn be applyableiceable on ceesight of the instruction involved.
Topic 1. Analysis of Protocols with Wireshark [11 symptoms]
Restraint this headic you must airraiture virtnet (as airraitured in the compositionshops) to con-aggravate Internet applications with Wireshark. This usurps you avow already setup and are conversant with virtnet. Visit Moodle and compositionshop instructions restraint instruction on contrast up and using virtnet, deploying the edificesite, and enacting the aggression. Your lesson is to:
• Create headology 5 in virtnet where:
o node1 earn be applyred to as the client o node2 earn be the router o node3 earn be the server
• Start capturing packets using tcpdump on the router (node2) • While capturing, enact the aftercited operations in order:
1. Start netcat TCP server using assigned air on the server (node3) 2. Start netcat TCP client on the client (node1) 3. On the client (node1) emblem:
COIT20262 Ordinance 1 hurry ENTER
My ID is emblem in your exlean tyro ID hurry ENTER 4. On the server (node3) emblem:
Hello emblem in your exlean tyro ID . I am the server. hurry ENTER 5. On the client (node1) emblem:
Goodbye server. hurry ENTER
Ctrl-D
You deficiency to enact steps 3-5 in the rectify continuity, switching from client to server to client.
• Shead the accept and frustrate the rasp as netcat.pcap
The netcat TCP server must airraiture air 6xyz where xyz is the ultimate three (3) digits of your tyro ID. Restraint stance, the netcat TCP server restraint tyro ID 12034567 would be 6567.
After enacting and recognizeing the aggravatehead steps, confutation the aftercited sub-questions
(a) Suggest your accept rasp as netcat.pcap on Moodle. The one rasp must inclose total packets of the TCP remodel using your assigned air and using your ID. [3 symptoms]
(b) Delineate a intimation continuity diagram that illustrates total the TCP packets generated by using netcat (do applyable attributable attributable attributable attributable attributable attributable delineate any packets generated by other applications or protocols, such as ARP, DNS or SSH). A intimation continuity diagram airraitures upright elongations to reproduce-exhibit events that betide at a computer aggravate period (period is increasing as the elongation goes down). Haranguees of the computers/software are abandoned at the head of the upright elongations. Horizontal or sloped arrows are airraitured to profession intimations (packets) being sent among computers. Each arrow should be labelled with the protocol, packet emblem and dignified instruction of the intimation. Stances of intimation continuity diagrams are abandoned in compositionshops. Applyable attributable attributable attributable attributable attributablee that you do applyable attributable attributable attributable attributable attributable attributable deficiency to profession the packet periods, and the diagram does applyable attributable attributable attributable attributable attributable attributable avow to be to flake. [3 symptoms]
(c) Based on your accept solely, confirm the aftercited instruction, and present the packet that the instruction is build in. If the instruction is build in multiple packets, present the administering packet from the accept. Restraint stance, if the instruction is build in packet collection 3, 5 and 7, you would present the packet as 3. [5 symptoms]
Instruction Value Packet
MAC harangue of the client
IP harangue of the server
Flags restraint 1st TCP sever incloseing grounds
Elongation of grounds restraint 2nd TCP sever incloseing grounds
Absolute continuity compute of 1st TCP sever sent by server that incloses grounds
Topic 2. Edifice Application Aggressions [12 symptoms]
Using virtnet, enact an SQL insertion aggression on the demo grading edificesite www.myuni.edu. The public steps restraint enacting an SQL insertion aggression with virtnet are feeling at:
https://sandilands.info/sgordon/sql-injection-csrf-cookie-stealing-in-a-virtual-netcomposition Eventually you must ensue these local steps when enacting the aggression:
1. Before enacting the aggression, infer couple strange tyro airraiturers to the groundsbase with the aftercited particulars:
a. Strange tyro 1: airraiturername is your ID, password is your ID
b. Strange tyro 2: airraiturername is 12039999, password is hacker
2. Restraint twain of the strange tyros infer the aftercited courses and grades:
a. Strange tyro 1: coit20262, C
b. Strange tyro 1: coit20264, D
c. Strange tyro 2: coit20262, HD
d. Strange tyro 2: coit20264, F
3. Enact the SQL insertion aggression as strange tyro 2, i.e. logged in as 12039999
4. Accept a screenshot of the aggressioner edifice browser professioning the edifice restraintm the aggressioner airraitures to enact the aggression. Make believing the screenshot plainly professions the fields/grounds entered by the aggressioner. Frustrate the screenshot as screenshot-attack.png.
5. Accept a screenshot of the aggressioner edifice browser professioning a auspicious aggression, i.e. the grades of other tyros. Frustrate the screenshot as screenshot-success.png.
Confutation the aftercited headics.
(a) Present a public sense of an SQL insertion aggression. (This sense should NOT regard the aggression you enacted in virtnet; it should be restraint any SQL insertion aggression). [1 symptoms]
(b) Illustrate couple public admissiones that can be airraitured to escape or minimise SQL insertion aggressions. (This sense should NOT regard the aggression you enacted in virtnet; it should be restraint any SQL insertion aggression). [2 symptoms]
Restraint this local aggression on www.myuni.edu:
(c) Illustrate the limitation/weakness in the MyUni edificesite that totalowed the SQL insertion aggression to be auspicious. In your sense apply to the rasp(s) and elongation(s) of command, and present samples of the command in your confutation. [2 symptoms]
(d) Illustrate what the aggressioner, 12039999, had to do in their edifice browser to enact the aggression. In your sense involve the screenshot screenshot-attack.png and apply to the instruction shadmit in that screenshot. [2 symptoms]
(e) Suggest your screenshot screenshot-attack.png as a different rasp. That is, you must twain embed the screenshot in the reair AND suggest the rasp differently. The infer restraint this is that it makes it easier restraint the symptomer in unraveling the reair to avow an embedded shadow, still sometimes the capacity is grievous to unravel (hereafter the inferitional rasp acquiescence). [1 symptom]
(f) Illustrate what the aggressioner, 12039999, could comprehend or create from enacting the SQL insertion aggression. In your sense involve the screenshot screenshot-success.png and apply to the instruction shadmit in that screenshot. [1 symptom]
(g) Suggest your screenshot screenshot-success.png as a different rasp. [1 symptom]
(h) Illustrate what the edificesite discloseer could do to frustrate this SQL insertion aggression. In your sense, present lawful command and steps the discloseer should airraiture. [2 symptoms]

Topic 3. Cryptography Concepts [9 symptoms]
Usurp you are advising a smtotal juridical calling on aspects of computer and netcomposition warranty. The calling treasures sundry private instruments, and sundry of the communications with its clients inclose private instruction. The calling wants to go essay-less; that is, no essay instruments treasured or essay-based communications. As they avow solely a smtotal compute (still wholly requirely and submissive) clients, the clients avow agreed to join-in in the essay-less communications (so hanker as it doesn’t begin any expressive extra require to them).
In the aftercited headics procure an confutation that is recognizeable by employees of the aggregation, and too procures technical profundity such that their IT supervisor can appliance any recommended technologies (e.g. apply to standards, protocols, algorithms or software). You are totalowed to airraiture trifle points, lists and diagrams in your confutations, eventually you should haunt the confutation of each sever imperfecter than ½ a page (in some cases, the confutations may be fitting a minority or couple).
The aggregation has a rasp server, with competent intervenience to treasure their instruments restraint the restrainteseeable advenient.
(a) Procure a public sense of how symmetric superintend encryption of rasps or disks composition. [1 symptom]
(b) With i-elation to the rasp server, illustrate to the aggregation what is bountiful-disk encryption and rasp-based encryption, and illustrate the tradeoffs among the couple admissiones. Involve recommended technologies. [2 symptoms]
The aggregation is becaauthentication assistance up the rasp server to a darken storage procurer.
(c) Illustrate to the aggregation any warranty ramifications of this admission to backup. Involve infers why or why applyable attributable attributable attributable attributable attributable attributable there are warranty ramifications. (Note that you should applyable attributable attributable attributable attributable attributable attributable illustrate environing the issues of backups or requires of darken storage; rendezvous solely on the warranty ramifications). [2 symptoms]
The aggregation, as well-behaved-behaved as total clients, airraiture email software and instrument editing software that supports digital signatures.
(d) Procure a public sense of how digital signatures composition, and what problems they reresolve restraint the aggregation. [2 symptoms]
(e) Regarding twain encryption on the rasp server and airraiture of digital signatures, illustrate to the aggregation what superintends earn be in airraiture (e.g. emblems of superintends, who earn avow superintends) and procure recommendations on managing, sharing and changing superintends. [2 symptoms]
Topic 4. Trojan Downloads Elimination [8 symptoms]
Sundry fellow-creatures download loose or hired software from honorable sources restraint airraiture on their computers and variable devices. The sources involve: app treasures (Google Reproduce-exhibit, Apple App Treasure); software arrangement sites (e.g. SourceForge, GitHub, CNET Download) and different edificesites of software discloseers. Eventually, there avow been cases when honorable sources armying approved software avow been concerned, resulting in fellow-creatures downloading profligate software (e.g. Trojans). Restraint stance, visit stories environing HandBrake video converter, Transmission BitTorrent, and Google importation dadmit theoretically injurious apps from the Reproduce-exhibit Treasure. Your lesson is to con-aggravate how such honorable software sources can army intolerant software, and what measures software discloseers and armying sites can accept to classify poison.
Note this headic applys to honorable sources of software. The headic is NOT environing sites or systems that frequently army iljuridical or observationrighted software (e.g. torrents, rasp lockers).
You must transcribe a imperfect reair that confutations the aftercited headics:
(a) What are the motivations and goals of intolerant airraiturers in using the aggravatehead mentioned aggressions? Involve in your confutation stances of privative collision of such aggressions on airraiturers and software discloseers. [1 symptom]
(b) Select couple stances of genuine Trojans or malware exclusive via honorable sources, and portray those stances. [2 symptoms]
(c) What role can rasp hashes, digests or signatures reproduce-exhibit in securing downloads? What are the limitations of these techniques? [2 symptoms]
(d) List and illustrate recommendations should be abandoned to software discloseers in distributing software. [1.5 symptoms]
(e) List and illustrate recommendations should be abandoned to airraiturers who download software. [1.5 symptoms]
You should organization your reair into a minority restraint each of the aggravatehead severs.
There is no minimum/maximum elongation of the repute. As a superintend 1/3 to 1/4 pages of quotation restraint each of the aggravatehead severs may be divert. You may delineate diagrams if deficiencyed. Including pictures from other sources, or including pictures that do applyable attributable attributable attributable attributable attributable attributable aid with the sense earn applyable attributable attributable attributable attributable attributable attributable create symptoms and may administer to classifyd symptoms.
You may usurp the auditory of the reair has homogeneous contrast on netcomposition warranty as you. You should apply to techniques and concepts trained in the part, and present competent technical particular to manifest you recognize the issue