This template is intended to be a guide for you to complete the report for assessment task 1. The headings for each section have been provided to help you structure your report. Report Title Authors...

1 answer below »
Cyber security


This template is intended to be a guide for you to complete the report for assessment task 1. The headings for each section have been provided to help you structure your report. Report Title Authors Executive Summary · Identification of cybersecurity problems and recommendations: Add content here. Table of contents Add content here. Introduction Add content here. System Environment · Overview of networked IT infrastructure: Add content here. · Description of machines: Add content here. · Access to Website on client machine: Add content here. Locate and analyse system information · Website description: Add content here. · Access and analyse network logs: Add content here. · Identify access credentials: Add content here. · Identify the attack vector and target: Add content here. Establish Remote Access · Perform attack to access Web server remotely using tool(s) located on the attack machine: Add content here. Privilege escalation attack · Identification of path to Web folders and files on server: Add content here. · File listing: Add content here. · Identify file vulnerability: Add content here. · File transfer procedure: Add content here. · Modification of file to escalate privileges: Add content here. · Execute script: Add content here. · Login to Website interface: Add content here. Social Engineering attack Design · Spear-phishing email design: Add content here. Perform Social Engineering attack · Execute attack on CTO: Add content here. · Demonstration of attack success: Add content here. · Access to administration login: Add content here. Conclusion Add content here. References Add content here. NOTE: once your report is ready, you should get feedback from your teacher before you submit the final copy. Assessment Summary Title: Assignment 1 Group:☒ Individual:☐ Group Report Graded out of: 40 Marks Individual Report Graded out of: 10 Marks Group Report Weight: 30% Individual Report Weight: 10% Due date: Week 3 To submit your team members information to your lecturer via email (Max. 3 team members in a group) 19th of July 2020 Week 6 To submit the final assessment group report and individual report via Moodle dropbox 9th of August 2020 Submission: Online:☒ Hardcopy:☐ Instructions: Students submit using the submission tool located under the week 6 section of Moodle. Summary: • Cybersecurity Scenario: A research and development company called ‘NETsec’ is a defense contractor providing hardware and software solutions for the federal government. They want to ensure their web system is appropriately secured and protected from potential cybersecurity attacks. This is of upmost importance for maintaining an exemplary reputation and business relationships with their client. The CIA of cybersecurity is critical to maintaining the information and infrastructure of NETsec. A successful breach of their system or leak of product design could result in the collapse of the company. To ensure this does not happen NETsec has requested the services of your team to apply the necessary knowledge and skills to identify any security vulnerabilities, attempt to infiltrate their system by performing an attack(s) and providing appropriate recommendations so countermeasures can be applied. Key Criteria • Please use the ‘Teamwork Report’ and ‘Individual Contribution’ TEMPLATE provided on Moodle to complete this assessment. • NO EXTENSIONS allowed without medical or other certification. • LATE ASSIGNMENTS will automatically lose 5% per day up to a maximum of five days, including weekends and holidays. Assignments submitted 6 or more days late will not be marked and are given zero. • You MUST use the SIT182 Assessment Task – SIT182 Custom Pod to complete this assessment available from the VmLab system. • NO work is saved or backed up on the pod – if your pod reservation expires, and you make a new reservation, where you were previously will not be saved and you will need to perform the steps again. • Ensure you take screenshots of your work for evidence and that these are legible in your report. • To complete this assessment, you will need to do research, read your textbook and complete the practicals for weeks 1-5. • Your submission must be in a form readable by Microsoft Word. • Each group must submit their team members details (name, Deakin College ID and Deakin College email address) to your lecturer via email before the end of week 3. • Each group is only required to submit 1 teamwork report. The team report submission must not be more than 35 pages, each page must have margins no less than 2cm, and font size 12 point. • It is the student’s responsibility to communicate and work regularly with your team members and report immediately to your lecturer if your team member(s) fail to contribute to the teamwork according to the timeline below: o Bruteforce password attack: before the end of week 4 o Privilege escalation attack: before the end of week 5 o Social engineering attack: before the end of week 5 o Report writing: before the end of week 6 • Each student must submit an individual contribution of 2 pages maximum with the same formatting guidelines as the team report. • Ensure you keep a backup copy of your work. • Plagiarism is not tolerated. For information on Plagiarism and Collusion including penalties please refer to the link: http://www.deakin.edu.au/students/clouddeakin/help-guides/assessment/plagiarism • The Harvard Referencing Style is to be used for this assignment where appropriate. https://www.deakin.edu.au/students/studying/study-support/referencing/harvard Relevant Content Weeks & ULOs ☒ Week 1 ☒ Week 2 ☒ Week 3 ☒ Week 4 ☒ Week 5 ☐ Week 6 ☐ Week 7 ☐ Week 8 ☐ Week 9 ☐ Week 10 ☐ Week 11 ☐ Week 12 ☒ ULO1 ☒ ULO2 ☒ ULO3 ☒ ULO4 Describe approaches to computer security including access control, identity verification and authentication in order to minimise the cyber-attacks on a system. Work as a team to assess the impact of social engineering attacks in various organisations and analyse the effectiveness of its countermeasures. Improve the level of security of systems with remote control by using proper access control, authentication, privilege management and encryption methods. Apply the appropriate use of tools to facilitate network security to prevent various types of computer and network attacks, and malicious software that exists. Please read the full assignment details that follow. Help with the assessment This solution for this assessment cannot be directly found using a ‘Google’ search. You must understand this is a challenge and need to work as a team and apply your knowledge and skills learned to a real-world scenario. Also, make sure you don’t share your progress or solutions with other groups. If you require assistance, please ask your lecturer. http://www.deakin.edu.au/students/clouddeakin/help-guides/assessment/plagiarism https://www.deakin.edu.au/students/studying/study-support/referencing/harvard Cybersecurity Scenario A research and development company called ‘NETsec’ is a defense contractor providing hardware and software solutions for the federal government. They want to ensure their web system is appropriately secured and protected from potential cybersecurity attacks. This is of upmost importance for maintaining an exemplary reputation and business relationships with their client. The CIA of cybersecurity is critical to maintaining the information and infrastructure of NETsec. A successful breach of their system or leak of product design could result in the collapse of the company. To ensure this does not happen NETsec has requested the services of your team to apply the necessary knowledge and skills to identify any security vulnerabilities, attempt to infiltrate their system by performing an attack(s) and providing appropriate recommendations so countermeasures can be applied. • Teamwork report Each group is to work as a team and submit a report of approximately 2000 words and exhibits following the Teamwork Rubric provided. The report MUST include descriptions and evidence of results of the steps performed in order to be eligible to be awarded maximum marks for each rubric criterion. Your team is required to perform the following cybersecurity attacks in an attempt to subvert the security of the NETsec Web system and ultimately gain access to the restricted administration page of the website: Perform a brute-force password attack; Perform a privilege escalation attack; Perform a social engineering attack. • Individual contribution Each student is to submit a reflection of their individual contribution to teamwork and independent problem solving following the Individual Rubric provided. TEAMWORK RUBRIC TOTAL AVAILABLE MARKS 40 Executive Summary 0 marks 3 marks 6 marks Identification of cybersecurity problems and recommendations related to the scenario Missing Missing description of 3 major security problems or recommendations List and description of 3 major security problems and recommendations provided Report Structure 0 marks 0.5 marks 1 mark (each) Table of contents Missing Incomplete TOC or poor report layout or poor report cohesion Complete TOC and good report layout and good report cohesion Introduction Missing Overview of scenario and objective(s) lacking in detail A comprehensive overview of the scenario and objective(s) provided Conclusion Missing Missing description of cybersecurity information related to the case or analysis and presentation of solutions Description of cybersecurity information related to the case and analysis and presentation of solutions provided System Environment 0 marks 0.5 marks 1 mark (each) Overview of networked IT infrastructure Missing/incorrect Missing Topology Image, or description or how the machines are linked together Topology Image and description including how the machines are linked together provided Description of machines Missing/incorrect Missing description or screenshots of machines Description and screenshots of Machines provided Access to Website on client machine Missing/incorrect Missing description or screenshot of access to Website on client machine Description and screenshot of access to Website on client machine provided Locate and analyse system information 0 marks 0.5 marks 1 mark (each) Website description Missing/incorrect Missing description of the website or what you can/cannot get access to or screenshots Describe the website and what you can/cannot get access to with screenshots Access and analyse network logs Missing/incorrect Missing Description of process used to analyse logs or distinguishing between protocols and traffic Describe process used to analyse logs Distinguish between protocols and traffic Identify access credentials Missing/incorrect Missing identification of access credentials or description or screenshot Access credentials identified, described and screenshot provided Identify the attack vector and target Missing/incorrect Missing identification of attack vector or target of attack Identification of attack vector and target of
Answered Same DaySep 17, 2021SIT182Deakin University

Answer To: This template is intended to be a guide for you to complete the report for assessment task 1. The...

Amit answered on Sep 21 2021
165 Votes
Report Title: Assignment -1 (Cyber security based attack (Privilege escalation attack : Using VNC as Backdoor)
Authors: Student name
Course:
Executive Summary
The identification of possible bugs an
d configuration flaws for determining the protection of application access is mainly carried out in privilege escalation attacks. The protection from unauthorized accesses is mainly obtained by doing this analysis. The tight VNC based penetration testing is performed on virtual network for completing this attack. Any possible flaw in the application design can identified with tight VNC. The RBP (remote Buffer Protocol) and reverse connections with VNC are mainly examined for perfoming the penetration testing. The possible issues with sharing of desktop are also analyzed with this penetration testing. The ethical standards of perfoming hacking or do the penetration testing are mainly followed for reaching the required results. The structural implementation of Tight VNC is carried out to perform privilege escalation attack on virtual environment. All the possible adversity and related vulnerabilities are identified by using Tight VNC for completing privilege escalation attack. The flaw of possible backdoor entries to the system is mainly identified by performing privilege escalation attack with Tight VNC.
Table of Contents
Introduction    4
System Environment    4
Establish Remote Access    4
Privilege escalation attack    5
Conclusion    8
References    9
Introduction
The privilege escalation attack with Tight VNC is mainly carried out in the presented report. The segmentation based aspects of virtual network are determined by using Tight VNC for perfroming this penetration testing. The unauthorized backdoor entries to system are mainly performed to complete the required privilege escalation attack. The set structure of internal network is mainly used by Tight VNC to perform this required attack on the target system (Virtual system). The vulnerabilities caused because of not placing firewall on the network are...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here