2023 COIS23001 Network Security Term 2 2015 Assessment Item1 Assignment1 Due date | Assignment Collections

Computer Science 2023 COIS23001 – Network Security

2023 COIS23001 Network Security Term 2 2015 Assessment Item1 Assignment1 Due date | Assignment Collections

COIS23001 – Network Security Term 2 2015 Assessment Item1— Assignment1

Due date:

Friday 5pm, Week 6

ASSESSMENT

Weighting:

40%

1

Length:

N/A

Note: Attempt all questions

Assignment Submission

Your assignment must be in Microsoft Word format, and must be submitted electronically by the due date via the Moodle website

 

Question 1 Protocol Analysis with Wireshark (10 Marks)

 

This assignment question requires that you analyse a packet capture dump file and provide comments explaining each packet. See assignment 1 page of the course website. This pcap file contains a SMTP transaction between a client and server. Your task is to annotate each packet commenting on the following characteristics.

 

· Comment on any significant TCP flags and what they mean in the context of the packet capture. Significant flags include SYN, FIN, RST, and URG. You must explain why the flag has been set and what it means for this TCP connection.

· Comment on the direction of each packet (ie. client -> server or server -> client). Be clear to explain in which direction the interaction is occurring.

· Comment on each SMTP command and response between the client and the server. You must explain what each command does. You should also explain the data that is exchanged. This will require that you study the SMTP RFC or other Internet documents relating to SMTP to understand what the commands mean.

 

You should also comment on the 2 port numbers used in this connection and their significance. For example, is it an ephemeral or reserved port? If it is a reserved port, what protocol does it relate to?

 

On the following page is an example of the template to use to complete this question. It provides a brief summary of each packet and has been formatted to include an “explanation” field underneath each packet. You are to write your comments in this “explanation” field addressing the packet immediately above, based on your analysis of the packet using Wireshark. Be specific and detailed. Any vague or limited responses will not attract any marks. Note, that the table is only a summary of the information provided in the pcap file. Be sure to comment in relation to information provided in the pcap file using Wireshark, not just the summary table.

 

For examples of how to complete the table, be sure to have completed all 3 parts of the Packet Capture Exercises. They are available from the Lectures and Tutorials page of the course website. Your solution must of course be in your own words. Do not copy directly from any examples or you will get zero marks

 

No.

Time

Source

Destination

Protocol

Info

1

2006-10-03 14:50:19.628169

138.77.36.105

138.77.36.46

TCP

41640 > smtp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=34790 TSER=0 WS=2

Explanation:

2

2006-10-03 14:50:19.632551

138.77.36.46

138.77.36.105

TCP

smtp > 41640 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=285859166 TSER=34790 WS=5

Explanation:

3

2006-10-03 14:50:19.633273

138.77.36.105

138.77.36.46

TCP

41640 > smtp [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=34792 TSER=285859166

Explanation:

4

2006-10-03 14:50:19.641368

138.77.36.46

138.77.36.105

SMTP

Response: 220 basil.cqu.edu.au ESMTP Sendmail 8.13.7/8.13.7; Tue, 3 Oct 2006 14:50:19 +1000

Explanation

5

2006-10-03 14:50:19.642024

138.77.36.105

138.77.36.46

TCP

41640 > smtp [ACK] Seq=1 Ack=84 Win=5840 Len=0 TSV=34794 TSER=285859169

Explanation:

6

2006-10-03 14:50:19.643019

138.77.36.105

138.77.36.46

SMTP

Command: EHLO localhost.localdomain

Explanation:

7

2006-10-03 14:50:19.643032

138.77.36.46

138.77.36.105

TCP

smtp > 41640 [ACK] Seq=84 Ack=29 Win=5792 Len=0 TSV=285859169 TSER=34794

Explanation:

8

2006-10-03 14:50:19.643157

138.77.36.46

138.77.36.105

SMTP

Response: 250-basil.cqu.edu.au Hello [138.77.36.105], pleased to meet you

Explanation:

9

2006-10-03 14:50:19.649160

138.77.36.105

138.77.36.46

SMTP

Command: MAIL From: SIZE=2893

Explanation

10

2006-10-03 14:50:19.653374

138.77.36.46

138.77.36.105

SMTP

Response: 250 2.1.0 … Sender ok

Explanation:

11

2006-10-03 14:50:19.656209

138.77.36.105

138.77.36.46

SMTP

Command: RCPT To:

Explanation:

12

2006-10-03 14:50:19.660963

138.77.36.46

138.77.36.105

SMTP

Response: 250 2.1.5 … Recipient ok

Explanation:

13

2006-10-03 14:50:19.663490

138.77.36.105

138.77.36.46

SMTP

Message Body

Explanation:

14

2006-10-03 14:50:19.664861

138.77.36.105

138.77.36.46

SMTP

Message Body

Explanation:

15

2006-10-03 14:50:19.664894

138.77.36.46

138.77.36.105

TCP

smtp > 41640 [ACK] Seq=411 Ack=2589 Win=10752 Len=0 TSV=285859175 TSER=34802

Explanation:

16

2006-10-03 14:50:19.665627

138.77.36.105

138.77.36.46

SMTP

Message Body

Explanation:

17

2006-10-03 14:50:19.703495

138.77.36.46

138.77.36.105

TCP

smtp > 41640 [ACK] Seq=411 Ack=3096 Win=13632 Len=0 TSV=285859185 TSER=34803

Explanation:

18

2006-10-03 14:50:19.704150

138.77.36.105

138.77.36.46

SMTP

Message Body

Explanation:

19

2006-10-03 14:50:19.704211

138.77.36.46

138.77.36.105

TCP

smtp > 41640 [ACK] Seq=411 Ack=3099 Win=13632 Len=0 TSV=285859185 TSER=34807

Explanation:

20

2006-10-03 14:50:19.732248

138.77.36.46

138.77.36.105

SMTP

Response: 250 2.0.0 k934oJPY003485 Message accepted for delivery

Explanation:.

21

2006-10-03 14:50:19.767562

138.77.36.105

138.77.36.46

SMTP

Command: QUIT

Explanation:

22

2006-10-03 14:50:19.767778

138.77.36.46

138.77.36.105

SMTP

Response: 221 2.0.0 basil.cqu.edu.au closing connection

Explanation:

23

2006-10-03 14:50:19.768005

138.77.36.46

138.77.36.105

TCP

smtp > 41640 [FIN, ACK] Seq=514 Ack=3105 Win=13632 Len=0 TSV=285859201 TSER=34819

Explanation:

24

2006-10-03 14:50:19.769023

138.77.36.105

138.77.36.46

TCP

41640 > smtp [FIN, ACK] Seq=3105 Ack=515 Win=6912 Len=0 TSV=34820 TSER=285859201

Explanation:

25

2006-10-03 14:50:19.769089

138.77.36.46

138.77.36.105

TCP

smtp > 41640 [ACK] Seq=515 Ack=3106 Win=13632 Len=0 TSV=285859201 TSER=34820

Explanation:

Question 1 Marking Criteria

 

· 8 -10 marks

A very good, in-depth explanation of the packet capture. Shows good understanding of the material

· 6 – 7 marks

Has a few misunderstandings or explanations

· 5 marks

Passable solutions, a few mistakes, some major and vague in explanations

· 1 – 4 marks

Major problems. Does not demonstrate a good understanding of the material or solution is very vague in explanations

· 0 marks

Essentially nothing correct or solutions have been copied verbatim from other sources

 

Question 2: Firewall and Proxy Services Configurations (10 marks)

 

The following diagram shows the topology of the network of a small company. There are three servers located in a DMZ (Demilitarised Zone).

 

The web server can directly accept requests (HTTP or HTTPS) from the Internet or from the internal network (192.168.1.0/25).

 

The DNS server can directly accept requests from the Internet. The DNS server can also directly accept requests from the internal network (192.168.1.0/25). However, if the DNS server can not resolve a domain name requested by the internal network (192.168.1.0/25), it will contact the DNS servers on the Internet directly for the name resolution.

 

On behalf of the users on the internal network (192.168.1.0/25), the email server sends emails to and receives emails from the Internet. The users on the internal network (192.168.1.0/25) use IMAP (Internet E-mail Access Protocol) to read and organise their emails on the email server.

 

The users on the internal network (192.168.1.0/25) are allowed to access the Internet only for HTTP, HTTPS and FTP services. However, the users of the internal network are never allowed to connect to the Internet directly.

 

 

 

 

 

 

 

 

Based on the above network configuration and application scenarios, answer the following three questions.

 

A. The firewall services are installed on the router. Create the firewall rules to implement the packet filtering and only allow the specified traffic. The firewall rules are to be created in the following format.

 

Rule No.

Application Protocol

Transport Protocol

Source IP

Source Port

Destination IP

Destination Port

Action

1

             

2

             

:

             

:

             

:

             

 

B. Briefly explain each rule in the rule base that you have created.

 

C. The proxy services are also installed on the router to conceal the users of the internal network (192.168.1.0/25) from the Internet. Suppose that users on the internal computers send the following requests to the Internet. The proxy services perform the Port Address Translation (PAT). Complete the following connection table to show how PAT is working for requests from the users on the internal network.

 

Packet Addressing on internal network

Packet Addressing on external network

Source IP

Source Port

Destination IP

Destination Port

Source IP

Source Port

Destination IP

Destination Port

192.168.1.2

1033

203.206.209.77

80

       

192.168.1.2

1035

210.10.102.196

443

       

192.168.1.5

2301

203.206.209.55

21

       

192.168.1.5

2302

202.2.59.40

443

       

192.168.1.5

4123

72.5.124.55

80

       

192.168.1.8

4128

72.5.124.35

21

       

192.168.1.8

1033

150.101.16.250

80

       

192.168.1.9

1035

150.101.16.250

443

       

Question 2 Marking Criteria

 

Parts A & B (6 Marks)

· 6 Marks:

All rules present and in appropriate order; explanations clear and correct

· 4-5 Marks:

· A few rules missing or incorrect however the explanations justify the intent.

· 3 Marks:
Passable solution but with a number of missing rules and/or incorrect explanations

· 1-2 Marks
Most rules missing/incorrect and/or explanations are not correct.

· 0 Marks
Essentially noting is correct

 

Part C (4 Marks)

· 1/2 mark per correct table entry

 

 

Question 3: Network Attack Research [10 marks]

 

Although the course textbook and other resources discuss several specific network attack vulnerabilities, it is not feasible to cover all of them. New vulnerabilities are being discovered all of the time, and there are hundreds of currently known vulnerabilities. Professional network administrators have to keep themselves current with all possible threat possibilities. One way of doing this is by performing personal research. In this hypothetical case study, you should use the Internet to assist you in developing responses to the three questions. Use of the course textbook and supplied resources only is not sufficient to award full marks. You should use your research skills and go beyond these resources.

 

PHP is a popular scripting language commonly used to implement dynamic web pages. Unlike JavaScript, which is a web client-side scripting language, PHP is a web server-side scripting language. At the web server, PHP scripts are used to dynamically generate the HTML pages that are then sent to the client. At the client end these HTML pages are displayed in the web browser.

 

James has just completed his first year at university in a Bachelor of Information Technology degree. One of the courses that James studied was Web Programming 101. In that course James learnt the basics of using HTML, CSS and PHP to create dynamic web pages.

 

As a favour to James’ good friend Kirandeep, he designed and implemented a simple dynamic blog site using the skills he had gained in Web Programming 101. After testing the web site on a local secure network, and fixing a number of scripting errors. James delivered the implementation files to Kirandeep, who uploaded them to an ISP web hosting site. Both James and Kirandeep were ecstatic to see people from across the Globe using the web site to share their personal experiences.

 

Within a few hours of the blog site going live, Kirandeep received an urgent email from the ISP Manager informing her that the blog site had to be closed down because it had been used by unknown hackers to send spam emails to thousands of addresses around the world. The Manager told Kirandeep that she could only reactivate the blog site when the problem had been fixed and it could be guaranteed that it would not happen again.

 

Kirandeep quickly phoned James and told him of the dilemma. James spent the rest of the day and most of the next night examining his PHP scripts and doing research on the Internet to find out what might have caused the problem. After many hours James tracked the problem down to the simple web page contact form that he had used so that people could send emails to Kirandeep without letting them know what Kirandeep’s email address was.

(See Figure 1)

 

 

 

Users fill out the form by supplying their email addresses, a brief subject line, followed by the message to be sent to Kirandeep. When the submit button is clicked, the contents of the form fields are sent to the web server, where a PHP script receives the field information and uses it to initiate an email to Kirandeep. Kirandeep’s email address is stored in the PHP script, so the form user never gets to see it. That way Kirandeep’s email address is kept secret. Unknown to James, the use of simple contact forms is a well-known vulnerability that threat agents can exploit. He also discovered that it is not only PHP scripts that are vulnerable to this type of exploitation – all of the several available server-side scripting languages are vulnerable.

 

You are required to answer the following questions. Please reference all sources – do not copy directly from sources.

 

a) Based on the information provided, what type of attack has been performed by the hackers using Kirandeep’s blog? You need to fully justify your answer, not just state the type of attack.

 

b) Describe in detail how the attack may have occurred – you will need to provide sample form field data such as:

 

Your Email Address: [email protected] .com

 

Subject: Thank you

 

Message: Thank you for providing such a useful blog site for me to use. I have learnt a lot from reading the blogs left by other people.

 

You don’t need to provide a detailed explanation of how PHP or other server-side scripting languages work; but you need to provide sufficient information to explain how malicious field data entered by a hacker could trick the web server into generating multiple spam emails.

c) How would James need to change the PHP script to prevent such attacks? You don’t need to provide the actual PHP code – just describe what measures James would have to implement to ensure that malicious field data could not be used to generating multiple spam emails.

 

d) What limitations does this form of attack have?
Hint: Would this attack only have to be performed once to generate thousands of spam emails?

Marking Criteria

 

a) 3 marks (1 mark correct identification, 2 marks for justification)

b) 4 marks for description (allocated based on quality and correctness)

c) 2 marks for prevention (allocated based on quality and correctness)

d) 1 mark for limitation (allocated based on quality and correctness)

 

 

Question 4: (10 marks)

 

In this hypothetical case study, you should use the Internet to assist you in developing responses to three questions. Use of the text only is not sufficient to attract full marks.

 

SafeBank recently received a series of reports from customers concerning security breaches in online banking. Customers reported having money transferred from their accounts, usually after they have found that their password has changed. A full security audit revealed that the money transfers and changes to user passwords all originated from an Eastern European country on servers within the domain of crazyhackers.com – however – the question remained: how did the hackers undertake the attack?

 

Given that legitimate account numbers and passwords were used, it was initially assumed that it could be some form of phishing attack. However, no evidence of such emails was found. The only commonality between the victims was that they all used the same ISP.

 

You are required to answer the following questions. Please reference all sources – do not copy directly from sources.

 

A. Based on the information provided, what type of attack has been performed? Justify your answer.
Hint: In order to capture account numbers and passwords, how would a hacker “redirect” users to their servers instead of SafeBank’s?

 

B. Describe in detail how the attack occurred – you may wish to include one or more diagrams. You will need to make assumptions about host names, domains and IP addresses – document these. You need not concern yourself with the technical details of the capture and reuse of SafeBank’s customer details (eg. Fake web sites/malware) – you are documenting how it was possible from a network perspective.

 

C. What steps would you advise to prevent such attacks? What limitations does this form of attack have?
Hint: Would this attack only have to be performed once?

 

Marking Criteria

 

Part A – 3 Marks(1 mark correct identification, 2 marks justification)

Part B – 4 Marks (variable on quality, correctness)

Part C – 3 Mark (2 marks correct prevention, 1 limitations)

 

We give our students 100% satisfaction with their assignments, which is one of the most important reasons students prefer us to other helpers. Our professional group and planners have more than ten years of rich experience. The only reason is that we have successfully helped more than 100000 students with their assignments on our inception days. Our expert group has more than 2200 professionals in different topics, and that is not all; we get more than 300 jobs every day more than 90% of the assignment get the conversion for payment.

Place Order Now

#write essay #research paper #blog writing #article writing #academic writer #reflective paper #essay pro #types of essays #write my essay #reflective essay #paper writer #essay writing service #essay writer free #essay helper #write my paper #assignment writer #write my essay for me #write an essay for me #uk essay #thesis writer #dissertation writing services #writing a research paper #academic essay #dissertation help #easy essay #do my essay #paper writing service #buy essay #essay writing help #essay service #dissertation writing #online essay writer #write my paper for me #types of essay writing #essay writing website #write my essay for free #reflective report #type my essay #thesis writing services #write paper for me #research paper writing service #essay paper #professional essay writers #write my essay online #essay help online #write my research paper #dissertation writing help #websites that write papers for you for free #write my essay for me cheap #pay someone to write my paper #pay someone to write my research paper #Essaywriting #Academicwriting #Assignmenthelp #Nursingassignment #Nursinghomework #Psychologyassignment #Physicsassignment #Philosophyassignment #Religionassignment #History #Writing #writingtips #Students #universityassignment #onlinewriting #savvyessaywriters #onlineprowriters #assignmentcollection #excelsiorwriters #writinghub #study #exclusivewritings #myassignmentgeek #expertwriters #art #transcription #grammer #college #highschool #StudentsHelpingStudents #studentshirt #StudentShoe #StudentShoes #studentshoponline #studentshopping #studentshouse #StudentShoutout #studentshowcase2017 #StudentsHub #studentsieuczy #StudentsIn #studentsinberlin #studentsinbusiness #StudentsInDubai #studentsininternational