Students who successfully complete this module will be able to:
1.Identify and critically analyse information security threats to computer networks and management information systems. (management of information systems | Managing information systems)
2.Critically evaluate the range of effective security controls used to protect system and user data.
3.Synthesize solutions to security problems through effective information security governance.
4.Create understanding of professional, social, ethical and legal issues associated with cyber security.
Scenario:
You are working as certified junior ethical hacker in a company called “TechTex”. Your company wants you to train and create an awareness on cyber threats to some of the non-IT members of staff. For this awareness program, you need to setup a Metasploit system (preferably a Kali installed System) and another system (such as Windows or Linux) that will act as Metasploitable to use as part of your training/awareness program.
Task 1
You need to create/develop a virtual environment such as Virtual Box or VMWare. Use virtual machine images such as Kali VMware to create a Metasploit system and create another virtual machine as Metasploitable system (i.e. either Windows or Linux environment).
Task 2
Your developed system should be able to perform different ethical hacking methods to demonstrate how hackers generally carry out different steps in order to find vulnerabilities in companies’ network systems.
A. The easiest way for hackers to get into an organisation’s network is by scanning WiFi network and getting WiFi password. You are required to demonstrate the steps hackers perform in order to get the Wi-Fi password.
B. After getting successful in finding Wi-Fi password, demonstrate the steps hacker can perform network scanning using any appropriate tools (such as Namp/Zenmap) and analyse their results.
C. Perform a Man in the Middle attack to demonstrate how hackers can sniff, analyse, and steal sensitive data from HTTP packets.
D. If your organisation’s systems are using HTTPS for internet communication, to what extend is it possible for hackers to penetrate the system and get sensitive data? Demonstrate the process and provide solutions to counteract those threats.
E. Demonstrate how hackers can use social-engineering tools to carry out their attacks.
Task 3
Your Company’s managers are now worried about the Covid-19 fraud and scams within the organisation with the use of social engineering tools. To that end, you are required to develop a security policy for your company that will address the use of wireless network within the premises for employees and visitors.
Task 4
·Overall recommendations:
-On implementations on potential solutions in task 2
-On how task 3 can be implemented
Task 1:
Set up a virtual environment (such as VMWire or Virutal box) and create one instance of Metasploit (such as Kali) and one instance of Metasploitable.
Task 2:
A. You have managed to use appropriate tools (airmon-ng, airodump-ng, aircrack-ng or any other tools) to scan WiFi network and managed to crack WiFi password. (You can demonstrate with any known password)
B. You have managed to perform network scanning using any appropriate tools (such as Namp/Zenmap) and analyse the results.
C. and D. You have managed to perform a Man in the Middle attack and analysed data HTTP and HTTPS packets. You also managed to provide some solutions
E. You have managed to demonstrate the use of any social-engineering tools to perform any kind of social-engineering attack.