Coursework 1: Wireless Network Security Threats and Vulnerability Assessment

This Assignment assesses the following module Learning Outcomes (Take these from the module DMD):

1. Knowledge and Understanding

Successful students will typically …

• understand some of the main features of prevalent operating systems;

• have a knowledge and understanding of how and why different networking functions are separated in the layers of a protocol stack;

• have a knowledge and understanding of different security threats to networks and how they might be encountered.

2. Skills and Attributes

Successful students will typically …

• be able to write simple scripts to solve problems relevant to different aspects of operating systems and computer networks.

Coursework 1 - Threats to Operating Systems

In this coursework, you will study and investigate one of the wireless network security threats using relevant mechanisms and tools. This should include literature review, practical experiments, setting up and configuring necessary tools such as Dagah to develop your security scenario. With Dagah, you can design attacks against targets, launch them, and review the security threats and testing results. Smartphone attacks can be simulated using various exploitations such as phishing, harvesting, iOS profile, and malicious application exploitations.

SMS attack

NFC attack

QR Code attack

Messaging Apps attack

Basic phishing

Harvester phishing

Android Agent post exploitation

iOS Agent post exploitation

You will use the penetration testing lifecycle to gather information through several means and sources for footprinting. This is to allow an ethical hacker to identify the target smartphone such as Android or iPhone App, give him/her a better understanding of the target’s mobile device and application services, plan its remote attack and create malicious app. To scan the wireless target systems for vulnerabilities identification and analysis you may use Airmon, Wireshark etc.

You will perform an experiment to demonstrate one of the above listed attacks on a simulated smartphone. This is to perform vulnerability risk threat assessment and to review the security requirements, design and implementation. The final outcomes and results are intended to provide a list of recommendations and any necessary justifications to improve the security of the wireless target. The implementation of any recommendations contained in your report should not guarantee the elimination of all security threats but should allow keeping the risks as minimum as possible. To achieve this, you will need to identify and clarify security issues for the core smartphone system, technical review and assessment of system architecture.

Your report should attempt to provide a clear, unambiguous statement of the application and system configuration. This should include a review of the current service protocol(s), mechanism(s), tools and toprovide an architectural diagram of the system and/or network. You will perform comparisons with relevant standards and be able to identify the major security risks and threats in the selected service. In your report, the chosen security attack through its mechanism should be evaluated in terms of its operations, techniques, settings, security threats etc. This is to allow you to propose the necessary mechanisms and solutions to meet the service needs. These efforts will highlight the good practices and findings about the threat and to consider various technical reports and relevant documents. You will need to study and specify the requirement details and evaluation of tools in terms of meeting the necessary services requirements.