7COM1012-Operating Systems and Networks
In this coursework, you will study and investigate one of the wireless network security threats using relevant mechanisms and tools. This should include literature review, practical experiments, setting up and configuring necessary tools such as Dagah to develop your security scenario. With Dagah, you can design attacks against targets, launch them, and review the security threats and testing results. Smartphone attacks can be simulated using various exploitations such as phishing, harvesting, iOS profile, and malicious application exploitations. For more information, visit the website https://www.shevirah.com/dagah/ You will only need to select one topic from the list below as follows:
QR Code attack
Messaging Apps attack
Android Agent post exploitation
iOS Agent post exploitation
You will use the penetration testing lifecycle to gather information through several means and sources for footprinting. This is to allow an ethical hacker to identify the target smartphone such as Android or iPhone App, give him/her a better understanding of the target’s mobile device and application services, plan its remote attack and create malicious app. To scan the wireless target systems for vulnerabilities identification and analysis you may use Airmon, Wireshark etc.
You will perform an experiment to demonstrate one of the above listed attacks on a simulated smartphone. This is to perform vulnerability risk threat assessment and to review the security requirements, design and implementation. The final outcomes and results are intended to provide a list of recommendations and any necessary justifications to improve the security of the wireless target. The implementation of any recommendations contained in your report should not guarantee the elimination of all security threats but should allow keeping the risks as minimum as possible. To achieve this, you will need to identify and clarify security issues for the core smartphone system, technical review and assessment of system architecture.
Your report should attempt to provide a clear, unambiguous statement of the application and system configuration. This should include a review of the current service protocol(s), mechanism(s), tools and to provide an architectural diagram of the system and/or network. You will perform comparisons with relevant standards and be able to identify the major security risks and threats in the selected service. In your report, the chosen security attack through its mechanism should be evaluated in terms of its operations, techniques, settings, security threats etc. This is to allow you to propose the necessary mechanisms and solutions to meet the service needs. These efforts will highlight the good practices and findings about the threat and to consider various technical reports and relevant documents. You will need to study and specify the requirement details and evaluation of tools in terms of meeting the necessary services requirements.