this is advance network security subject i am not sure about which programming and references style... if you have any questions please let me know
Assignment 1 Submission COIT20262Assignment 1 SubmissionTerm 2, 2018 COIT20262 - Advanced Network Security, Term 2, 2018 Assignment 1 Submission Due date: 5pm Friday 24 August 2018 (Week 6) ASSESSMENT Weighting: 40% 1 Length: N/A Student Name:enter your name Student ID:id Campus:campus Tutor:tutor Cookie Stealing Attack Part (c) Message Sequence Chart Include image on single page Part (d) Information from Packets Information Answer Packet number from normal-student.pcap that contains the normal students’ password ? Packet number from normal-student.pcap in which the server originally sends the cookie to the browser ? Last 4 HEX digits of the id_hash in the cookie (give the value of the last 4 digits, not the packet number) ? Packet number from malicious-student.pcap that contains the normal students grade for coit20262. ? Packet number from malicious-student.pcap in which the client originally sends the stolen cookie ? Part (e) Write your answer here Part (f) Write your answer here Part (g) Write your answer here Part (h) Write your answer here Part (i) Write your answer here Cryptography Part (c) Write your answer here Part (d) Write your answer here Ransomware Research Overview of Ransomware Write your answer here Technical Details of Ransomware Write your answer here Recommendations Write your answer here Advanced Network SecurityPage 5 of 5 Marks QuePartItemDescriptionMaxScoreComments 1a1normal-student.pcap has correct file name and format1 1a2normal-student.pcap includes TCP connection establishment1 1a3normal-student.pcap includes all relevant HTTP messages2 1a4normal-student.pcap demonstrates correct steps used with correct values2 1b1malicious-student.pcap has correct file name and format1 1b2malicious-student.pcap includes TCP connection establishment1 1b3malicious-student.pcap includes all relevant HTTP messages2 1b4malicious-student.pcap demonstrates correct steps used with correct values2 1c1Message sequence diagram: Labelled client and server with addresses1 1c2Message sequence diagram: Shows all relevant HTTP messages2 1c3Message sequence diagram: Only HTTP messages shown (no TCP or others)1 1c4Message sequence diagram: all HTTP requests type (GET, POST) and page1 1c5Message sequence diagram: clear diagram, created by student (e.g. not generated by Wireshark)1 1d1Packet number of normal students' password1 1d2Packet number of server sends cookie1 1d3id_hash last 4 Hex digits1 1d4Packet number of grade1 1d5Packet number of stolen cookie1 1e1id_hash calculation: clear description of calculation2 1e2id_hash calculation: clear explanation of values2 1f1Explanation of id_hash providing security2 1g1Explanation of weakness of id_hash2 1h1Discussion of scheme for hash passwords at browser2 1i1Explanation of how to modify a cookie in graphical browser1 1i2Screenshot of a modified cooking including student ID1 1--Question sub-total350 2a1Summary text files are correct10 2b1Summary signature files are correct5 2c1Discussion of random secret key5 2d1Discussion of IV security issues. 5 2--Question sub-total250 3a1Overview of ransomware4 3b1Ransomware details: methods of infection2 3b2Ransomware details: payloads2 3b3Ransomware details: role of cryptography2 3b4Ransomware details: ransoms and difficulties2 3c1Recommendations on ransomware. 1 mark per recommendation. Must be relevant, clear and detailed to receive 1 mark.4 3--Question sub-total160 4a1The report is clear and contains relevant information. For example, screenshots and descriptions of steps are ONLY included when explicitly requested in questions. Few spelling mistakes4 4--Question sub-total40 ---Assignment sub-total800 ---Scaled sub-total400 ---Days late (part of)00 ---Late penalty (5% per day)00 ---Assignment total400 &A Page &P Assignment 1 Questions COIT20262 Assignment 1 Questions Term 2, 2018 Advanced Network Security Page 1 of 8 COIT20262 - Advanced Network Security, Term 2, 2018 Assignment 1 Questions Due date: 5pm Friday 24 August 2018 (Week 6) ASSESSMENT Weighting: 40% 1 Length: N/A Instructions Attempt all questions. This is an individual assignment, and it is expected students answer the questions themselves. Discussion of approaches to solving questions is allowed (and encouraged), however each student should develop and write-up their own answers. See CQUniversity resources on Referencing and Plagiarism. Guidelines for this assignment include: • Do not exchange files (reports, captures, diagrams) with other students. • Complete tasks with virtnet yourself – do not use results from another student. • Draw your own diagrams. Do not use diagrams from other sources (Internet, textbooks) or from other students. • Write your own explanations. In some cases, students may arrive at the same numerical answer, however their explanation of the answer should always be their own. • Do not copy text from websites or textbooks. During research you should read and understand what others have written, and then write in your own words. • Perform the tasks using the correct values listed in the question and using the correct file names. File Names and Parameters Where you see [StudentID] in the text, replace it with your actual student ID. If your student ID contains a letter (e.g. “s1234567”), make sure the letter is in lowercase. Where you see [FirstName] in the text, replace it with your actual first name. If you do not have a first name, then use your last name. Do NOT include any spaces or other non- alphabetical characters (e.g. “-“). Marking Scheme A separate spreadsheet lists the detailed marking criteria. https://www.cqu.edu.au/student-life/services-and-facilities/referencing COIT20262 Assignment 1 Questions Term 2, 2018 Advanced Network Security Page 2 of 8 Question 1. Cookie Stealing Attack For this question you must use virtnet (as used in the workshops) to perform a cookie stealing attack. This assumes you have already setup and are familiar with virtnet. See Moodle and workshop instructions for information on setting up and using virtnet, deploying the website, and performing the attack. The tasks and sub-questions are grouped into multiple phases. You must complete all phases, in order. Phase 1: Setup 1. Create topology 7 in virtnet. 2. Add a new normal student user to the MyUni grading system. The user must have: a. Username: [StudentID] b. Password: [FirstName] 3. Add a new malicious student user to the MyUni grading system. The user must have: a. Username: 12345678 b. Password: [StudentID] 4. Add a grade for the normal student user for unit/course ‘coit20262’ with a grade of what you expect to receive this term, e.g. HD, D, C, P or F. 5. Change the title of the MyUni website by editing header_footer.php and changing the Grades line to: Grades:[StudentID] 6. Change the domain of the MyUni website to www.[StudentID].edu by editing the /etc/hosts files. 7. Test that the existing users and new student can access the grading website. The roles of nodes in topology 7 are: • node1: Web browser (lynx) of normal student user. • node2: Web browser (lynx) of malicious student user. • node3: Capture of packets with tcpdump. • node4: MyUni grading website. • node5: not used in this question. Phase 2: Capture Cookies 8. Start capturing on node3 using tcpdump. 9. The normal student user must do the following on node1: a. Visit the MyUni grading website, e.g. as below or with any options: lynx http://www.[StudentID].edu/grades/ b. Follow the “Login” link and login c. Follow the “View grades” link and enter their username and ‘coit20262’ to view the course/unit grade, and submit. d. Follow the “Logout” link. e. Exit lynx by pressing q for quit. http://www.%5Bstudentid%5D.edu/ http://www.%5Bstudentid%5D.edu/grades/ COIT20262 Assignment 1 Questions Term 2, 2018 Advanced Network Security Page 3 of 8 10. Stop capturing on node3. Note that it is important that the start of the TCP connection (i.e. 3 way handshake), as well as all HTTP requests/responses are included in the capture. Save the capture file as normal-student.pcap. Phase 3: Masquerade Attack Using information from the capture in part 2, the malicious student user must now perform a cookie stealing attack to masquerade as the normal student user. Although the capture may have recorded the normal student users’ password, you MUST NOT use it in the cookie stealing attack (e.g. assume the password was encrypted). Your cookie stealing attack must only use the cookie information (not the password). 11. Setup for the cookie stealing attack on node2. 12. Start capturing on node 3 using tcpdump. 13. The malicious student user must do the following on node2: a. Visit the MyUni grading website, e.g. lynx http://www.[StudentID].edu/grades/ b. Follow the “View grades” link and enter the username of the normal user, leaving the course/unit field empty (see you see all grades), and submit. c. Follow the “Logout” link. d. Exit lynx by pressing q for quit. 14. Stop capturing on node3. Note that it is important that the start of the TCP connection (i.e. 3 way handshake), as well as all HTTP requests/responses are included in the capture. Save the capture file as malicious-student.pcap. Phase 4: Analysis Answer the following sub-questions regarding the previous phases and cookie stealing attack. (a) Submit normal-student.pcap. (b) Submit malicious-student.pcap. (c) Draw a message sequence diagram that illustrates all the HTTP messages for the normal student user viewing the grades (i.e. the HTTP messages from normal-student.pcap from step 7 above). Do not draw any packets generated by other applications or protocols, such as ARP, DNS or SSH, and do not draw TCP connection setup or ACKS. Only draw HTTP messages. A message sequence diagram uses vertical lines to represent events that happen at a computer over time (time is increasing as the line goes down). Addresses of the computers/software are given at the top of the vertical lines. Horizontal or sloped arrows are used to show messages (packets) being sent between computers. Each arrow should be labelled with the protocol, packet type and important information of the message. Examples of message sequence diagrams are given in http://www.%5Bstudentid%5D.edu/grades/ COIT20262 Assignment 1 Questions Term 2, 2018 Advanced Network Security Page 4 of 8 workshops. Note that you do not need to show the packet times, and the diagram does not have to be to scale. (d) Based on your captures only, identify the following information. If the information is found in multiple packets, give the first packet from the capture. For example, if the information is found in packet numbers 3, 5 and 7, you would give the packet number as 3. a. Packet number from normal-student.pcap that contains the normal students’ password b. Packet number from normal-student.pcap in which the server originally sends the cookie to the browser c. Last 4 HEX digits of the id_hash