country
$20 Bonus + 25% OFF
Securing Higher Grades Costing Your Pocket? Book Your Assignment at The Lowest Price Now!
Add File

Error goes here

COIT20262 Advanced Network Security

tag 0 Download6 Pages / 1,499 Words tag Add in library Click this icon and make it bookmark in your library to refer it later. GOT IT
  • Course Code: COIT20262
  • University: Central Queensland University
  • Country: Australia

Question:

For this question you must use virtnet (as used in the workshops) to perform a cookie stealing attack. This assumes you have already setup and are familiar with virtnet. See Moodle and workshop instructions for information on setting up and using virtnet, deploying the website, and performing the attack. The tasks and sub-questions are grouped into multiple phases. You must complete all phases, in order. Phase 1: Setup 1. Create topology 7 in virtnet. 2. Add a new normal student user to the MyUni grading system. The user must have: a. Username: [StudentID] b. Password:
 
Add a new malicious student user to the MyUni grading system. The user must have: a. Username: 12345678 b. Password: [StudentID] 4. Add a grade for the normal student user for unit/course ‘coit20262’ with a grade of what you expect to receive this term, e.g. HD, D, C, P or F. 5. Change the title of the MyUni website by editing header_footer.php and changing theline to:6. Change the domain of the MyUni website to  Test that the existing users and new student can access the grading website. The roles of nodes in topology 7 are: • node1: Web browser (lynx) of normal student user.
 
node2: Web browser (lynx) of malicious student user. • node3: Capture of packets with tcpdump. • node4: MyUni grading website. • node5: not used in this question. Phase 2: Capture Cookies 8. Start capturing on node3 using tcpdump. 9. The normal student user must do the following on node1: a. Visit the MyUni grading website, e.g. as below or with any options: lynx b. Follow the “Login” link and login c. Follow the “View grades” link and enter their username and ‘coit20262’ to view the course/unit grade, and submit. d. Follow the “Logout” link. e. Exit lynx by pressing q for quit. COIT20262 Assignment 1 Questions Term 2, 2018 Advanced Network Security Page 3 of 8 10. Stop capturing on node3. Note that it is important that the start of the TCP connection (i.e. 3 way handshake), as well as all HTTP requests/responses are included in the capture. 
 
Masquerade Attack Using information from the capture in part 2, the malicious student user must now perform a cookie stealing attack to masquerade as the normal student user. Although the capture may have recorded the normal student users’ password, you MUST NOT use it in the cookie stealing attack (e.g. assume the password was encrypted). Your cookie stealing attack must only use the cookie information (not the password). 11. Setup for the cookie stealing attack on node2. 12. Start capturing on node 3 using tcpdump. 13. The malicious student user must do the following on node2: a. Visit the MyUni grading website Follow the “View grades” link and enter the username of the normal user, leaving the course/unit field empty (see you see all grades), and submit. c. Follow the “Logout” link. d. Exit lynx by pressing q for quit.
 
14. Stop capturing on node3. Note that it is important that the start of the TCP connection (i.e. 3 way handshake), as well as all HTTP requests/responses are included in the capture. Save the capture file as malicious-student.pcap. Phase 4: Analysis Answer the following sub-questions regarding the previous phases and cookie stealing attack. (a) Submit normal-student.pcap. (b) Submit malicious-student.pcap. (c) Draw a message sequence diagram that illustrates all the HTTP messages for the normal student user viewing the grades (i.e. the HTTP messages from normal-student.pcap from step 7 above). Do not draw any packets generated by other applications or protocols, such as ARP, DNS or SSH, and do not draw TCP connection setup or ACKS. Only draw HTTP messages. A message sequence diagram uses vertical lines to represent events that happen at a computer over time (time is increasing as the line goes down).
 
Addresses of the computers/software are given at the top of the vertical lines. Horizontal or sloped arrows are used to show messages (packets) being sent between computers. Each arrow should be labelled with the protocol, packet type and important information of the message. Examples of message sequence diagrams are given in COIT20262 Assignment 1 Questions Term 2, 2018 Advanced Network Security Page 4 of 8 workshops. Note that you do not need to show the packet times, and the diagram does not have to be to scale. (d) Based on your captures only, identify the following information. If the information is found in multiple packets, give the first packet from the capture. For example, if the information is found in packet numbers 3, 5 and 7, you would give the packet number as 3.
 
a. Packet number from normal-student.pcap that contains the normal students’ password b. Packet number from normal-student.pcap in which the server originally sends the cookie to the browser c. Last 4 HEX digits of the id_hash in the cookie (give the value of the last 4 digits, not the packet number) d. Packet number from malicious-student.pcap that contains the normal students grade for coit20262. e. Packet number from malicious-student.pcap in which the client originally sends the stolen cookie (e) Explain how the id_hash is calculated, giving both the equation/algorithm for calculating it, as well as a description of the values used in calculating it (for example, where do the values come from? How are they set?). (f) Explain how the id_hash provides security on the context that it is used in the grading web application. (g) Explain a weakness or vulnerability of how the id_hash is calculated or used.
 
For example, how could the security it provides be broken? (h) In this question, the username and password of the normal student user are sent as plaintext from browser to server. This is an obvious weakness, as an attacker that intercepts the packets between browser and server immediately learns the password. A possible solution is for the client browser to calculate a hash of the password using JavaScript, and sending the hash of the password to the server, instead of the actual password. Discuss the strengths or weaknesses of such a scheme with respect to preventing an attacker from logging in using the normal student users’ password.
 
(i) In this question, the malicious student performing the cookie stealing attack uses lynx as a web browser. Explore how to edit or create cookies in common graphical web browsers (Firefox, Chrome, IE, Edge or Safari). Give a brief explanation of what you need to do to modify/create cookies (e.g. which options of the browser, or what software needs to be installed) and take a screenshot of a cookie you modified or created. The cookie in the screenshot MUST include your [StudentID] (e.g. put your [StudentID] in any field of the cookie). COIT20262 Assignment 1 Questions Term 2, 2018 Advanced Network Security Page 5 of 8 Question 2. Cryptography For this question you must use openssl to perform a set of cryptographic operations. When performing cryptographic operations you must be very careful, as a small mistake (such as a typo) may mean the result is an insecure system.
 
Read the instructions carefully, understand the examples, and where possible, test your approach (e.g. if you encrypt a file, test it by decrypting it and comparing the original to the decrypted). It is recommended you use virtnet to perform the operations. The tasks and sub-questions are grouped into multiple phases. You must complete all phases. Phase 1: Download Normally in public key cryptography you generate your own public/private key pair. However in this assignment to simplify the tasks, the Unit Coordinator has generated a key pair for you.
 
Your key pair will be available to you on Moodle to download, with filename: • [StudentID]-keypair.pem In addition to your key pair, a number of files will be available to all students on Moodle to download. Each file starting with [StudentID] must be downloaded by you. You may also need to download files with other student’s IDs (see the next phase). The download URL will be published on Moodle.
 
Phase 2: Read the Messages The files for download have been created by another student, denoted as the sender: 1. Sender student created a message to you [StudentID]-message[N].txt, where [N] is an integer, e.g. 1, 2, 3, … 2. The sender signed the message to produce [StudentID]-message[N].sgn. 3. The sender wrote their student ID into a text file [StudentID]-sender[N].txt. 4. The sender signed the sender file to produce [StudentID]-sender[N].sgn.
 
5. The sender used openssl to generate a random 256-bit secret key, in Hex, and saved it in [StudentID]-key[N].txt. 6. The sender generated a random Initialisation Value (IV), in Hex, and saved it in [StudentID]-iv[N].txt. 7. The sender encrypted the message using symmetric key encryption, the random secret key, and the random IV, producing [StudentID]-message[N].enc. 8. The sender encrypted the random secret key file using public key encryption, producing [StudentID]-key[N].enc.
 
The sender then sends to you the necessary files from above. Note that the files were actually created by the Unit Coordinator, but in this assignment you can assume they were created by a student. The “sending” of files to you is performed by the sender (Unit Coordinator) uploading them to Moodle, and you downloading them from Moodle. COIT20262 Assignment 1 Questions Term 2, 2018 Advanced Network Security Page 6 of 8 Your task is, for every message, decrypt and verify the files. Be careful: there may have been attacks on some messages! The algorithms used in this question are: • Public key: RSA, 2048 bit • Symmetric key: AES-256-CBC • Hash: SHA256 Phase 3: Report Your Results After downloading, decrypting and verifying all messages, you need to create a summary of the results for each message.
 
The summary must be in a text file called [StudentID]- summary[N].txt. The summary must contain exactly two lines, of the format: ResultType Message where ResultType is one of the following strings: • Success – means all files successfully decrypted and successfully verified. • FailDecryptKey – means the decryption of secret key was unsuccessful. • FailDecryptMessage – means the decryption of message was unsuccessful. • FailVerifySender – means the verification of sender file was unsuccessful.
 
• FailVerifyMessage – means the verification of message was unsuccessful. If ResultType is Success, then include the contents of the message on the next line. If ResultType is another value, then include “NoMessage” on the next line. Examples of possible summary files are: Example 1: Success 12345678-3-hello Example 2: FailDecryptMessage NoMessage Example 3: FailVerifySender NoMessage You must sign each summary file, producing [StudentID]-summary[N].sgn. 
 
Phase 4: Analysis (a) Submit all summary text files, e.g. [StudentID]-summary1.txt, [StudentID]- summary2.txt, [StudentID]-summary3.txt, ... . (b) Submit all summary signature files, e.g. [StudentID]-summary1.sgn, [StudentID]- summary2.sgn, [StudentID]-summary3.sgn, … . (c) The sender generated a random 256-bit secret key to be used for encryption. Consider if the sender instead used the following approach: generate a random password of 12 uppercase or lowercase English letters (the password only contains letters; no numbers or other characters), and then apply SHA256 on that password, using the hash value as the encryption key. Discussion the security issues with such an approach of generating a secret key for AES-256-CBC encryption. (d) The sender encrypted the random secret key, but not the IV. Discuss the security issues with not encrypting the IV.
 
Question 3. Ransomware Research Ransomware attacks are increasingly publicised. In addition it is estimated there are many more ransomware attacks not being made public, e.g. companies and users paying a ransom but not disclosing the attack. The prevalence of ransomware, and the impact it has on organisations, has led to the discussion of ransomware insurance. Your task is to study what is ransomware, what are the challenges and possible countermeasures, and report on it in an easy-to-understand manner. You must write a short report on ransomware, covering the following sections.
Download Sample Now

Earn back the money you have spent on the downloaded sample by uploading a unique assignment/study material/research material you have. After we assess the authenticity of the uploaded content, you will get 100% money back in your wallet within 7 days.

Upload
Unique Document

Document
Under Evaluation

Get Money
into Your Wallet

Total 6 pages, 1 USD Per Page

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2021). Advanced Network Security. Retrieved from https://myassignmenthelp.com/free-samples/coit20262-advanced-network-security/grading-web-application.html.

My Assignment Help (2021) Advanced Network Security [Online]. Available from: https://myassignmenthelp.com/free-samples/coit20262-advanced-network-security/grading-web-application.html
[Accessed 25 February 2021].

My Assignment Help. 'Advanced Network Security' (My Assignment Help, 2021) <https://myassignmenthelp.com/free-samples/coit20262-advanced-network-security/grading-web-application.html> accessed 25 February 2021.

My Assignment Help. Advanced Network Security [Internet]. My Assignment Help. 2021 [cited 25 February 2021]. Available from: https://myassignmenthelp.com/free-samples/coit20262-advanced-network-security/grading-web-application.html.


MyAssignmenthelp.com delivers assignment help to millions of students of USA. We have in-house teams of assignment writers who are experts on wide ranges of subjects. We have appointed teams of native writers who provide assignment help to students in New York City and all over the USA. They are skilled assignment writers who successfully cater to search terms like do my assignment in the USA

Latest Networking Samples

COMP SCI 4092 Mobile And Wireless Networks

Download : 0 | Pages : 6
  • Course Code: COMPSCI4092
  • University: The University Of Adelaide
  • Country: Australia

Answer: Introduction: A transducer that converts radio frequency field into alternating current is known as antenna. An antenna acts as an interface between the propagating radio waves through space. It is a metallic structure mainly used for capturing and transmitting the electromagnetic waves and the radio waves (Han et al., 2015). In basic words, it can be described as a conductor used for sending and receiving the signals that include mic...

Read More arrow

COMP5349 Cloud Computing

Download : 0 | Pages : 5
  • Course Code: COMP5349
  • University: The University Of Sydney
  • Country: Australia

Answers: 1. Risks and Controls Associated with Hybrid Cloud and Micro services Strategy Meta Soft Ltd is the software development company that is working n New Zealand and Australia. They have decided to update and replace their old infrastructure. There is existing data as well as services within the data centre that is to be moved to the respective data centre in Sydney (Arora, Parashar & Transforming, 2013). The flexibility as well as ...

Read More arrow

SIT202 Secure Networking

Download : 0 | Pages : 6

Answers: 1. How data flows from sender to the receiver Network communications require particular protocols and components for a communication to be complete. Some of the main components include but are not limited to recipient, sender, message to be delivered and medium of communication (Odom, 2013). List of activities that take place at the sender’s side in preparation of a message to be delivered are: Application layer is the ...

Read More arrow

IT375M4 Network Services And Components

Download : 0 | Pages : 6

Answers: 1.Discuss your technical knowledge and background which qualifies you for this job and how you stay up to date on current technologies in use at your company. I have CCNA certification I am certified from Security+ CE certification I have Effective communication skills for mailing I am able to managing Cisco switches and routers with tools I am also good in troubleshooting Ethernet  and Wi-Fi problems I have good knowledg...

Read More arrow

5BUIS003W Information Technology Security

Download : 0 | Pages : 7
  • Course Code: 5BUIS003W
  • University: University Of Westminster
  • Country: United Kingdom

Answer:  Information Security Management Program for a Shipping Agency Database Owing to the current awareness and cyber security profile in sipping agencies, threats to shipping is the reality that should be given immediate attention. In the year 2015, shipping was one of the top most cyber-attacked industry. Futurenautics (2015) cites that sipping agencies should use the wakeup call in securing its critical infrastructures (both data a...

Read More arrow
Next

Save Time & improve Grade

Just share requirement and get customized Solution.

watch
question
We will use e-mail only for:

arrow Communication regarding your orders

arrow To send you invoices, and other billing info

arrow To provide you with information of offers and other benefits

Add File

Error goes here

1,581,894

Orders

4.9/5

Overall Rating

5,114

Experts

Our Amazing Features

delivery

On Time Delivery

Our writers make sure that all orders are submitted, prior to the deadline.

work

Plagiarism Free Work

Using reliable plagiarism detection software, Turnitin.com.We only provide customized 100 percent original papers.

time

24 X 7 Live Help

Feel free to contact our assignment writing services any time via phone, email or live chat. If you are unable to calculate word count online, ask our customer executives.

subject

Services For All Subjects

Our writers can provide you professional writing assistance on any subject at any level.

price

Best Price Guarantee

Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.

Our Experts

Assignment writing guide
student rating student rating student rating student rating student rating 4/5

1309 Order Completed

100% Response Time

Gemmie Chen

MSc in Nursing

Singapore, Singapore

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

752 Order Completed

100% Response Time

Hugh Cleave

Masters in Human Resource Management (MMgt, HRM)

Wellington, New Zealand

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

440 Order Completed

99% Response Time

Jack Arens

MBA in HRM

London, United Kingdom

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

755 Order Completed

95% Response Time

Douglas Cowley

Masters in Finance with Specialization in Audit

Wellington, New Zealand

Hire Me

FREE Tools

plagiarism

Plagiarism Checker

Get all your documents checked for plagiarism or duplicacy with us.

essay

Essay Typer

Get different kinds of essays typed in minutes with clicks.

edit

GPA Calculator

Calculate your semester grades and cumulative GPa with our GPA Calculator.

referencing

Chemical Equation Balancer

Balance any chemical equation in minutes just by entering the formula.

calculator

Word Counter & Page Calculator

Calculate the number of words and number of pages of all your academic documents.

Refer Just 5 Friends to Earn More than $2000

Check your estimated earning as per your ability

1

1

1

Your Approx Earning

Live Review

Our Mission Client Satisfaction

I\'m very satisfied with my results. Really wasn\'t expecting my result would get almost a full mark. Would come back for ur service again in the future. Thanks for the help guys

flag

User Id: 475203 - 25 Feb 2021

Australia

student rating student rating student rating student rating student rating

I must appreciate the work as it has met all the requirement criteria as described in the order. Hope to score good marks??

flag

User Id: 565362 - 25 Feb 2021

Australia

student rating student rating student rating student rating student rating

the experts did a great job as usual. I was very pleased with the outcome and will use again

flag

User Id: 377488 - 25 Feb 2021

Australia

student rating student rating student rating student rating student rating

I love this I got a perfect score on my essay. Will for sure be using this again

flag

User Id: 618170 - 25 Feb 2021

Australia

student rating student rating student rating student rating student rating
callback request mobile
Have any Query?