Can you help me in my assignment?
Assessment Summary Title: Deakin Wargames Group:☐ Individual:☒ Graded out of: 100 Weight: 30% Due date: Week 11 20th of September 2020 Submission: Online:☒ Hardcopy:☐ Instructions: Students submit using the submission tool located under the week 11 section of Moodle. Summary: Welcome to Deakin Wargames, an interactive assessment of your knowledge and understanding of vulnerabilities relating to computer security, internet security and privacy. This challenge requires you to work through ten levels, each of which contains a vulnerability. In order to progress to the next level, you must exploit this vulnerability to obtain a password which will grant you access to the next level. Marks are allocated based on your ability to progress through each level as well as your understanding of the vulnerability and the recommendations you make on how to fix the issue. That is, you are expected to fully understand how you completed each level; this will be assessed through the problem solving task report. Key Criteria • Please use the REPORT TEMPLATE provided in on Moodle to complete this assessment. • NO EXTENSIONS allowed without medical or other certification. • LATE ASSIGNMENTS will automatically lose 5% per day up to a maximum of five days, including weekends and holidays. Assignments submitted 6 or more days late will not be marked and are given zero. • You MUST use the SIT182 Assessment Task – Deakin Wargames Custom Website to complete this assessment (Link: http://ec2-3-14-88-12.us-east-2.compute.amazonaws.com/) • NO work is saved or backed up on the Website – Make sure you keep a record of your steps and findings! • Ensure you take screenshots of your work for evidence and that these are legible in your report. • To complete this assessment you will need to do research, read the information provided on the Website and covered the theory and practical material for weeks 5-10. • Your submission must be in a form readable by Microsoft Word. • Each student is required to submit 1 problem-solving task report. The report must not be more than 25 pages, each page must have margins no less than 2cm, and font size 12 point. Oversized assignments will be penalised. • Ensure you keep a backup copy of your work. • Plagiarism is not tolerated. For information on Plagiarism and Collusion including penalties please refer to the link: http://www.deakin.edu.au/students/clouddeakin/help-guides/assessment/plagiarism • The Harvard Referencing Style is to be used for this assignment where appropriate. https://www.deakin.edu.au/students/studying/study-support/referencing/harvard http://www.deakin.edu.au/students/clouddeakin/help-guides/assessment/plagiarism https://www.deakin.edu.au/students/studying/study-support/referencing/harvard Relevant Content Weeks & ULOs ☒ Week 1 ☒ Week 2 ☒ Week 3 ☒ Week 4 ☒ Week 5 ☒ Week 6 ☒ Week 7 ☒ Week 8 ☒ Week 9 ☒ Week 10 ☐ Week 11 ☐ Week 12 ☒ ULO1 ☒ ULO2 Describe approaches to computer security including access control, identity verification and authentication in order to minimize the cyber attacks on a system. Apply the appropriate use of tools to facilitate network security to prevent various types of computer and network attacks and malicious software that exists. Please read the full assignment details that follow. Help with the assessment This solution for this assessment cannot be directly found using a ‘Google’ search. You must understand this is a challenge and need to apply your knowledge and problem-solving skills to a series of cyber security concepts. Also, make sure you don’t share your progress or solutions with others. A guide has been provided as part of the resources for this assessment. It is important to understand that the assessment has been designed for everyone to pass. To achieve a higher grade is going to require a concerted effort by you. Cybersecurity Scenario Welcome to Deakin Wargames, an interactive assessment of your knowledge and understanding of vulnerabilities relating to computer security, internet security and privacy. This challenge requires you to work through ten levels, each of which contains a vulnerability. In order to progress to the next level, you must exploit this vulnerability to obtain a password which will grant you access to the next level. Marks are allocated based on your ability to progress through each level as well as your understanding of the vulnerability and the recommendations you make on how to fix the issue. That is, you are expected to fully understand how you completed each level; this will be assessed through the problem solving task report. Problem solving task report Each student is to submit a report of approximately 2000 words and exhibits following the rubric provided. The report MUST include descriptions and evidence of results of the steps performed in order to be eligible to be awarded maximum marks for each rubric criterion. You will note that the weighting is higher for levels 0-3 to enable everyone to pass. The levels then get more complex enabling you to decide what grade you want to achieve. You are required to identify vulnerabilities and perform associated attacks to ultimately gain access to level 10 of the website. There are 5 vulnerabilities listed below covered by the 10 levels. The name of the vulnerability that corresponds to each level is provided for you! • Information Leakage • Directory Traversal • Weak Encryption • Cookie Manipulation • SQL Injection The following table provides guidelines on the information to be included for each vulnerability. There needs to be 1 table completed per level. Vulnerability Name Level No(s) War Game Level No. Affected resources: Copy and Paste the URL here (which is affected by vulnerability) corresponding to the level. Description of Vulnerability Describe the weakness or flaw of the War game level. Observation This is the main section of your report, so make sure that you provide enough information(which reflects basic questions such as why, what and how). 1. Provide sufficient information about the vulnerability/weakness in the level which reflects your understanding of the vulnerability you have found. This observation would give a reader a clear idea about what is the vulnerability. 2. Provide detailed steps you performed to exploit the vulnerability(you can specify step-by-step process you followed to exploit the vulnerability). 3. Furthermore, you need to provide the relationship between the vulnerability, and the steps you have performed to exploit the vulnerability(which reflects why you have performed the specified steps to exploit the vulnerability). Be sure to include a screenshot showing the level of the ‘War Game’ the vulnerability relates to. No more than 2 screenshots(except level 6) per vulnerability, and make sure to provide a description for the screenshots. Focus on demonstrating your understanding of the vulnerability and importantly, your understanding of the exploit you used. Screenshot Add relevant screenshots in the observation section which shows the evidence that the vulnerability exists and/or how vulnerability can be exploited Level Credentials – here you list the credentials to be used to gain access to the ‘War Game’ level(s) relating to the vulnerability. Level 0 Password: Impact Analysis What is the threat? What can an attacker do through exploiting this vulnerability? If nothing, could they use this as an entry point to pivot and perform further attacks? Recommendation What are your recommendation(s) to mitigate this issue/vulnerability? Report Title SIT182 - Real-World Practices for Cyber Security Assessment Task 2 Problem Solving Task Student Name Student ID Information Leakage Level No(s) War Game Level 0 Affected resources: Description: Observation: Screenshot: Level Credentials: Level 1 Password: Impact Analysis: Recommendation: Information Leakage Level No(s) War Game Level 1 Affected resources: Description: Observation: Screenshot: Level Credentials: Level 2 Password: Impact Analysis: Recommendation: Directory Traversal Level No(s) War Game Level 2 Affected resources: Description: Observation: Screenshot: Level Credentials: Level 3 Password: Impact Analysis: Recommendation: Directory Traversal Level No(s) War Game Level 3 Affected resources: Description: Observation: Screenshot: Level Credentials: Level 4 Password: Impact Analysis: Recommendation: Weak Encryption Level No(s) War Game Level 4 Affected resources: Description: Observation: Screenshot: Level Credentials: Level 5 Password: Impact Analysis: Recommendation: Weak Encryption Level No(s) War Game Level 5 Affected resources: Description: Observation: Screenshot: Level Credentials: Level 6 Password: Impact Analysis: Recommendation: Weak Encryption Level No(s) War Game Level 6 Affected resources: Description: Observation: Screenshot: Level Credentials: Level 7 Password: Impact Analysis: Recommendation: Cookie Manipulation Level No(s) War Game Level 7 Affected resources: Description: Observation: Screenshot: Level Credentials: Level 8 Password: Impact Analysis: Recommendation: SQL Injection Level No(s) War Game Level 8 Affected resources: Description: Observation: Screenshot: Level Credentials: Level 9 Password: Impact Analysis: Recommendation: SQL Injection Level No(s) War Game Level 9 Affected resources: Description: Observation: Screenshot: Level Credentials: Level 10 Password: Impact Analysis: Recommendation: References Any research, citations, or work which is not your own should go here. NOTE: once your report is ready, you should get feedback from your teacher before you submit the final copy. SIT182 Assessment Task 2 Marking Rubric You will notice that there are a range of marks awarded for the 'observation' criterion for each level of the War Games. I have provided an example using 'level 0' to demonstrate what is required to achieve the corresponding marks for developing, accomplished and exemplary. NOTE: To achieve exemplary answers that meet the requirements for all 3 examples need to be included for each level. Level 0: Information Leakage - Observation - Developing Detail of observation lists and describes the steps performed to exploit the vulnerability Example: Right clicked on the War Games home page and selected “View Page Source”, which displayed the “hidden” credentials for Level 1 in plain text. Level 0: Information Leakage - Observation - Accomplished Detail of observation enables the recreation of steps performed to exploit the vulnerability Example: Step 1: Right-click on the War Games home page Step 2: Select: “View Page Source” Step 3: View HTML code and look for credentials Step 4: Credentials are highlighted in bold and coloured text Step 5: Use credentials to test login to level 1 Level 0: Information Leakage - Observation - Exemplary Detail of observation demonstrates the method of attack and relationship to vulnerability Example: Through simple inspection of the page source code, it was determined that any client (user) could find access credentials for level 0. The observation showed the authentication details were not really hidden at all. The attacker is simply able to right-click on the page and select “View Page Source” which displayed the “hidden” credentials for Level 1 in plain text. Pass Standard (levels 0-3) Missing Incomplete Developing Accomplished Exemplary Description Missing (0 points) Not all levels have been given a description (1