If you do not successfully complete this coursework at the first opportunity, you will have an opportunity to resubmit it during the Summer resit period. In this case, you may resubmit your original coursework with revisions or you may submit an entirely new piece of coursework.
You will have had an opportunity to gain some initial experience of network security tools during the lab sessions in this module. However, you will need to spend a considerable amount of time, outside of lab sessions, conducting additional research in preparation for this coursework.
The following resources are available to you to help you prepare for this coursework:
• The Kali Linux penetration testing distribution, available from www.kali.org, and which contains a wide range of network security tools which are suitable for this assignment. If you wish to use Kali Linux, you should install it inside a virtual machine using virtualisation software (details below). Ready-made virtual machines are available for download via the Kali website.
• Freeware and / or evaluation copies of network security tools for Windows are available and can be downloaded from the Internet. The easiest way to locate them is to search for them using terms such as vulnerability scanners, honeypots or network protocol analysers. See the section below entitled Suitable types of network security tools for further examples of possible search terms.
• Virtualisation software is available from a number of sources including
o An evaluation copy of VMware Workstation (available from vmware.com). This is a paid-for product but the free, evaluation lasts for a sufficient amount of time to enable you to complete this assignment.
o VMWare Workstation Player, a cut-down version of VMWare Workstation but one which is completely free and not time-limited.
o Oracle’s VirtualBox, available from www.virtualbox.org. VirtualBox provides a similar level of functionality to VMWare Workstation but is completely free and not time limited.
All three tools above enable you to create a virtual network within a single PC and, thereby, safely conduct experiments with network security tools 3 which, if used on a public network, might be dangerous or deemed unacceptable.
Queries regarding this coursework should be posted in the Announcements forum on the Moodle site for this module.
You are required to choose TWO security software tools and conduct a comparison of them. The two tools must satisfy the following criteria:
a. They must be of a similar type. Otherwise, a comparison would be unfair and of limited purpose.
b. They must be of a type listed on page 5 below. Other types are not acceptable unless explicitly agreed by the module leader.
c. They must be agreed with your module leader. The means of reaching this agreement are described below. If you are in any doubt, pleasediscuss your choice of tools with your tutor, prior to the deadline specified below.
d. You must be capable of installing, configuring and running your chosen tools using systems that are available to you off-campus. You cannot rely upon access to on-campus facilities. You must submit a report of NOT more than 2,500 words (excluding the title page, screenshots and reference list) which contains the following:
1. A brief description of the two tools that you have chosen to compare.
2. A brief explanation and justification of the criteria that you used to compare the two tools.
3. A brief summary of the outcome of the comparison based on the criteria that you have selected. The outcome should be presented in the form of
a table with three columns; Column 1 – the evaluation criteria, Column 2 – an assessment of tool 1 against the criteria and Column 3 – an assessment of tool 2 against the criteria. Your summary should also include an overall assessment i.e. which of the two tools would you recommend and why.
4. A reference list indicating the sources of information that you have used
i) to develop your understanding of the purpose and function of your chosen tools and ii) to select your evaluation criteria. Please avoid the inclusion of large numbers of screenshots. Include only those that are necessary to illustrate the application of your evaluation criteria. Your report should be submitted as a single document in either pdf or docx format and uploaded via the Turnitin link on the Moodle site for this module. You will be able upload your document multiple times prior to the deadline and thereby ensure that your work is properly referenced and written in your own words. Please note that it is only the final submission that will be assessed.
If you do not obtain your tutor’s agreement by the above deadline, you will not be able to submit your work at the first opportunity and therefore your mark will be capped subsequently at a maximum of 40%. Your report will be marked against the following criteria:
i) Depth of investigation/research Have you consulted a range of sources of information including books and journals or have you relied upon a single source i.e. the documentation that accompanies the tools themselves? The primary source of evidence for this criterion will be your list of references and in-report citations.
ii) Level of understanding Have you demonstrated an understanding of your chosen tools or is your understanding superficial? Does your report link practice to theory? Have you shown that you understand, in principle, the purpose of the type of tool that you have chosen for your evaluation?
iii) Quality of the evaluation Are your evaluation criteria sensible/relevant? Have you assessed your tools against your criteria? Have you reached some useful conclusions about the relative strengths and weaknesses of your chosen tools?
iv) Quality of the documentation Does your documentation contain all the necessary components or are some elements missing? Is the documentation professionally presented, well-structured and concise?