ICT287 Computer Security Assignment 1 – V6 Last Updated 24/03/2021 Assignment Information You must submit your assignment online using the Assignment submission on LMS. Late submissions will be...

1 answer below »
Report writing


ICT287 Computer Security Assignment 1 – V6 Last Updated 24/03/2021 Assignment Information You must submit your assignment online using the Assignment submission on LMS. Late submissions will be penalised at the rate of 10% of the total mark per day late or part thereof. You should submit your assignment as ONE word-processed document containing all of the required question answers. The document must have a title page indicating the assignment, student name and number and the submission date. The document must be submitted in PDF format. You must keep a copy of the final version of your assignment as submitted (PDF and source document) and be prepared to provide it on request. This is an INDIVIDUAL assignment. The University treats plagiarism, collusion, theft of other students’ work and other forms of academic misconduct in assessment seriously. Any instances of academic misconduct in this assessment will be forwarded immediately to the Faculty Dean. For guidelines on academic misconduct in assessment including avoiding plagiarism, see: http://our.murdoch.edu.au/Student-life/Study-successfully/Study-Skills/Referencing/ Murdoch University ICT287 Computer Security Due Date: LMS Planet of the grapes Planet of the Grapes, a local wine and spirit merchant currently operates in three stores around Perth. Stores are independent from one another and there is no data sharing between stores, although this is not by design but simply a by-product of faster than expected expansion. The organisation has contracted your computer security consulting company to perform an audit on their computer network. The owners have never employed any IT security staff in the past and have preferred to set up systems for themselves. However, the risks posed by inadequate cyber security have now become too great to be ignored. For this reason you are being asked to investigate the security of the system and make recommendations. http://our.murdoch.edu.au/Student-life/Study-successfully/Study-Skills/Referencing/ ICT287 Computer Security Assignment 1 – V6 Last Updated 24/03/2021 Scenario Description The site being audited has a total of 10 full time staff and an unspecified number of casual staff. The back-office duties are only undertaken by full time staff, but the staff common areas and offices are not locked or physically separated. Full time staffers handle payroll, HR and scheduling tasks. The front counter/cashier duties are sometimes taken on by full timers but also by casual staff. You have been informed that the turnover of casual staff is quite large, although the reasons for this are unknown. The computer systems in the back office are all networked via a Cisco small business series ADSL router supplied by Telstra. To permit the owner(s) to check on files from home, remote access services are enabled on some but not all of the machines. There is no centralized authentication server and users logon locally to all machines. All machines contain two local user accounts “admin” and “user”. These accounts are shared by staff to ensure that files are always accessible to fellow staff. The server used for hosting the online presence runs Ubuntu Linux and is located in one of the offices. The server will also be used as print and file server for other Windows 7 PCs which will run office applications (payroll, HR etc.). An image of the server machine has been supplied to you as VirtualBox VM. You can obtain the VM from: http://www.it.murdoch.edu.au/szander/ICT287/assignment1/form.php You will require your student number to download the VM. You should download your own specific VM as there are multiple different VMs for different people. The network interface of the VM is set to Host-only Adapter and normally you should leave it that way. For the VM to run, it is necessary to have a Host-only Network configured in VirtualBox. This may already exist, but if it does not exist you can configure it under File->Preferences->Network->Host-only Networks. Make sure you enable the DHCP server. Attack Surface Analysis Your task is to assess the attack surface. The scope of your analysis is limited to: 1. Network attacks on the server (based on the image provided); 2. Other attacks including physical attacks (based on the description of the site). You should NOT login to the server machine and analyse the individual software packages that have been installed. You only need identify and describe any vulnerable services from a network level (using suitable tools) and identify and describe any potential attacks including physical attacks given the scenario description above. It is not mandatory, but you may use a vulnerability scanner (e.g. Nessus) for the network- level analysis. However, you are not allowed to simply copy and paste output of these tools. Like in the real world you must synthesise the output of the (different) tools into a form appropriate for the audience and add textual descriptions. Your report should outline possible weaknesses and vulnerabilities. The report should start with an executive summary of 1 page that summarises the most important findings and is understandable by a layperson. The following pages should describe the details and should be http://www.it.murdoch.edu.au/szander/ICT287/assignment1/form.php ICT287 Computer Security Assignment 1 – V6 Last Updated 24/03/2021 presented in a format suitable for a general technical audience – i.e. someone who is proficient in IT in general, but may not be a security expert. Citations should be used where appropriate. Your report should enumerate all potential network accessible services with as much detail as possible (based on the viewpoint of an external attacker) and identify possible vulnerabilities for these services referencing specific CVE items (with brief explanations). An exhaustive list of CVEs is not required (there are too many), but you should at least discuss the 10 most critical and these must be relevant to the actual system and services. Your report should also discuss possible other attack points including physical attack points and how these could be potentially exploited by attackers. Your report should end with a summary of the findings which is more in-depth than the executive summary and also clearly demonstrates a prioritisation of the most important issues. Based on your findings you should also make recommendation on how to improve the security of the server as well as the site in general. Your report must have a title page and table of contents (ToC). It should be presented in a clear and concise way and should be written in your own words (simply copying CVE descriptions is not acceptable). The length of the report must not exceed 10 pages (excluding the title page, ToC and appendices if any). The overall mark allocation is as follows: Executive summary 10 Service enumeration and description 10 Vulnerability identification and description 20 Site attack surface analysis 25 Summary and prioritisation of issues 10 Recommendations / mitigations 15 Explanation in own words / clarity of presentation 10 Scenario Description You will require your student number to download the VM. You should download your own specific VM as there are multiple different VMs for different people. The length of the report must not exceed 10 pages (excluding the title page, ToC and appendices if any).
Answered 1 days AfterMay 30, 2021

Answer To: ICT287 Computer Security Assignment 1 – V6 Last Updated 24/03/2021 Assignment Information You must...

Jay answered on Jun 01 2021
143 Votes
Attack Surface Analysis

Table of content
S.NO Topic Page. No.
1. Assess attack surface: 3-5
2. Network attacks on the server

6
3. Other attack including physical attack 7-8
4. References 9
1. Task is to assess attack surface: -
1.1. Executive summary: -
Here
we will know the simple and pragmatic way to perform Attack Surface Analysis and
manage the “attack Surface app. It is intended to be used by developers to understand and
manage app security risks as they design and modify the application, as well as application
security experts who conduct security risk assessments.” The main focus here is to protect
the app from external attacks - it does not look at attacks by users or system operators (e.g.
malware injection, civil engineering attacks), and little attention to internal threats,
although the principles remain the same. The location of the internal attack may be
different from the location of the external attack and some users may have more access.
“Attack Area Analysis is about mapping which parts of the system need to be updated and
tested for security risks. The point of Attack Surface Analysis is to understand the risk
areas in the app, to make engineers and security experts know which parts of the app are
open to attack, to find ways to reduce this, and to consider when and how Attack Surface
changes and what this means for risk management.”
“Attack Area Analysis is usually done by security builders and pen inspectors. But
developers should understand and look at Attack Surface as they design and build and
modify the system.”
Attack Area Attack helps you to:
1. Identify the functions and components of the system you need to check for security
2. Identify high-risk areas of the code that require deep security protection - what parts of the
system do you need to protect
3. point when you have changed the location of the attack and you need to do some kind of threat
check
Modern web applications are complex; there are often many layers where errors may occur which
makes it difficult to prevent them. That’s why it’s important to understand how vectors key hackers
use to find entry points and map your attack area during the view and go back there to protect the
footprint of your web application.
1.2. Service enumeration and description

1.3. Access the attack area: -
The attack surface is an area where a number of unauthorised user arrives and
extract data from there. If our attack surface is smaller than it’s easy to protect
the data. Every Organizations should observe their attack surface to identify and
remove threats as soon as possible. They also must try and minimize the attack
surface area to reduce the risk of cyberattacks.
1.4. The attack surface area is divided into two categories:
1.4.1. Digital Attack Surface This area combines all...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here