COIT20262 Assignment 1 

Description

COIT20262 Assignment 1

Advanced Network Security Page 1 of 9
COIT20262 – Advanced Network Security, Term 1, 2023
Assignment 1 Questions
Weighting: 35%
Length: N/A 1

Instructions
Attempt all questions. This is an individual assignment, and it is expected students answer the
questions themselves. Discussion of approaches to solving questions is allowed (and
encouraged), however each student should develop and write-up their own answers. See
CQUniversity resources on Referencing and Plagiarism. Guidelines for this assignment
include:
 Do not exchange files (reports, captures, diagrams) with other students.
 Complete tasks with virtnet yourself – do not use results from another student.
 Draw your own diagrams. Do not use diagrams from other sources (Internet, textbooks)
or from other students.
 Write your own explanations. In some cases, students may arrive at the same numerical
answer, however their explanation of the answer should always be their own.
 Do not copy text from websites or textbooks. During research you should read and
understand what others have written, and then write in your own words.
 Perform the tasks using the correct values listed in the question and using the correct
file names.
File Names and Parameters
Where you see [StudentID] in the text, replace it with your actual student ID. If your student
ID contains a letter (e.g. “s1234567”), make sure the letter is in lowercase.
Where you see [FirstName] in the text, replace it with your actual first name. If you do not

have a first name, then use your last name. Do NOT include any spaces or other non-
alphabetical characters (e.g. “-“).

Submission
Submit two files on Moodle only:
1. The report, based on the answer template, called [StudentID]-report.docx.
2. A ZIP file, called to [StudentID]-files.zip, containing all other files. Do not
include your report in this ZIP file, and do not include any directories. Only include
those files named in the questions. Do not use rar, 7z, tgz or other formats – only ZIP.
Marking Scheme
A separate spreadsheet lists the detailed marking criteria.

COIT20262 Assignment 1 Term 1, 2023

Advanced Network Security Page 2 of 9
Discuss, Explain, Design Style Questions
A number of questions in this assignment require short, specific answers. These will normally
be marked on correctness. That is, if the answer given is correct, then full marks, otherwise 0
marks. In some cases, partial marks may be given.
Other questions require more elaborate answers. They typically include words such as discuss,
explain, design, compare or propose. For such questions, to achieve full marks your answer
should not only be correct, but also clear and detailed. While your answers don’t necessarily
have to be long (many paragraphs), the level of detail should be similar to that covered in
lectures. Some hints on writing your answers to these style of questions include:
 Use terminology that has been used throughout the lectures. Using non-standard
terminology, or terminology that significantly differs from that in this topic, is an
example of unclear writing.
 Be specific, referring to files, algorithms, keys or other relevant data elements.
 When relevant, use examples to assist your explanation (although don’t use just
examples; give a general explanation as well).
 Including wrong or irrelevant information in your answer will result in low marks. An
answer with multiple wrong/irrelevant statements as well as a correct statement, may
receive 0 marks.
 Don’t rely heavily on images (unless they are asked for). If you do include images, then
draw them yourself – don’t take images from the Internet, textbook or lecture notes.
Scenario
You are a cyber security analyst for an educational institution (e.g., university). You are to
conduct tasks and analyse issues impacting the university.
virtnet
You must use virtnet (as used in the tutorials) to perform tasks. This assumes you have
already setup and are familiar with virtnet. See Moodle and tutorial instructions for
information on setting up and using virtnet. Specifically, you must setup:
 virtnet topology 5, with node1 as a client, node2 as a router and node3 as a server.
 MyUni grading website is running on node3.
 Set the domain of the MyUni grading website to be www.[StudentID].edu. (you can
change the domain by editing /etc/hosts file on node1 – see NSL 16.2.3).
 For the cryptography tasks, openssl must be used.

COIT20262 Assignment 1 Term 1, 2023

Advanced Network Security Page 3 of 9
Question 1. HTTP Interception [6 marks]
Aim
Your aim is to demonstrate the weakness of communicating in networks without encryption,
in particular when web browsing. To do this, you will demonstrate how easy it is to intercept
traffic in a network, and explain what information can be extracted from interception of HTTP
traffic.
Complete the following phases, in order.
Phase 1: Setup
1. Add a new student user to the MyUni grading system (see NSL 16.3.6). The user
must have:
 Username: [StudentID]
 Password: [FirstName]
2. Add a grade for the new student user for unit/course ‘COIT20262’ with a grade of
whatyou expect to receive this term, e.g. HD, D, C, P or F.
3. Change the domain of the MyUni website to www.[StudentID].edu by editing the
/etc/hosts files.
4. Test that the existing users and new student can access the grading website.
Phase 2: Intercept HTTP Traffic
1. Start capturing on node2 using tcpdump.
2. The new student user must do the following on node1:
a. Visit the MyUni grading website, e.g.:
lynx http://www.[StudentID].edu/grades/
b. Follow the “Login” link and login
c. Follow the “View grades” link and enter their username and ‘COIT20262’ to
viewthe course/unit grade, and submit.
d. Follow the “Logout” link.
e. Exit lynx by pressing q for quit.
3. Stop capturing on node2. Note that it is important that the start of the TCP connection
(i.e. 3-way handshake), as well as all HTTP requests/responses are included in the
capture.
4. Save the capture file as [StudentID]-http.pcap.
Phase 3: Analysis
Answer the following sub-questions regarding the previous phases.
(a) Submit the capture file. [0.5 marks]

COIT20262 Assignment 1 Term 1, 2023

Advanced Network Security Page 4 of 9
(b) Draw a message sequence diagram that illustrates all the HTTP messages for the new
student user viewing the grades (i.e. the HTTP messages from [StudentID]-
http.pcap from phase 2 above). Do not draw any packets generated by other
applications or protocols, such as ARP, DNS or SSH, and do not draw TCP connection
setup or ACKS. Only draw HTTP messages. A message sequence diagram uses vertical
lines to represent events that happen at a computer over time (time is increasing as the
line goes down). Addresses of the computers/software are given at the top of the vertical
lines. Horizontal or sloped arrows are used to show messages (packets) being sent
between computers. Each arrow should be labelled with the protocol, packet type and
important information of the message. Examples of message sequence diagrams are
given in workshops. Note that you do not need to show the packet times, and the
diagram does not have to be to scale. Draw the diagram yourself (e.g. using drawing
software or by hand) – do NOT use Wireshark to generate the diagram. [2.5 marks]
Reflection:
(c) As the attacker you can learn information from intercepting the packets. Based on the
packet capture file, what useful information can you learn from the interception? You
must refer to specific values and packet numbers, as well as give a brief explanation
of how the information may be useful for the attacker. [3 marks]

COIT20262 Assignment 1 Term 1, 2023

Advanced Network Security Page 5 of 9
Question 2. Vulnerability analysis using Nessus [8 marks]
Set up Nessus on Kali. Then perform a scan on the metasploitable2 (ms2) using Nessus.
a. Login using your Nessus username and password.
b. Select New Scan > Basic Scan. Name the scan, for example, ms2, and target
172.16.1.35.
c. Identify the critical vulnerabilities of the ms2 machine. [2 marks]
Reflections:
d. Search for vulnerabilities on two of your own private devices (e.g., your router,
computer, and mobile devices) using the tools such as Nessus or Nikto. Submit evidence
of your searches including screenshots. [4 marks]
e. Identify the top 3 vulnerabilities from your search and provide recommendations of how
to manage those vulnerabilities. [2 marks]

COIT20262 Assignment 1 Term 1, 2023

Advanced Network Security Page 6 of 9
Question 3. Encryption and Signing [7 marks]
Aim
Your aim is to demonstrate skills and knowledge in cryptographic operations, especially key
management. You will do this in pairs (that is, with a partner student).
When performing cryptographic operations you must be very careful, as a small mistake (such
as a typo) may mean the result is an insecure system. Read the instructions carefully,understand
the examples, and where possible, test your approach (e.g. if you encrypt a file, testit by
decrypting it and comparing the original to the decrypted). It is recommended you use virtnet
to perform the operations.
Phase 1: Key Generation
1. Generate your own RSA 2048-bit public/private key pair and upload your public key
to the Public Key Directory on Moodle. (If you have already done this in the tutorial,
you do not need to do it again). Save your keypair as [StudentID]-keypair.pem.
2. Generate a secret key to be used with AES-256-CBC, saving it in the file [StudentID]-
key.txt.
3. Generate an IV to be used with AES-256-CBC, saving it in the file [StudentID]-
iv.txt.
Phase 2: Message Creation and Signing
1. Create a message file [StudentID]-message.txt that is a plain text file containing
your full name and student ID inside.
2. Digitally sign [StudentID]-message.txt using RSA and SHA256, saving the
signature in the file [StudentID]-message.sgn.
Phase 3: Encryption
1. Encrypt [StudentID]-message.txt using symmetric key encryption, saving the
ciphertext in the file [StudentID]-message.enc.
2. Encrypt [StudentID]-key.txt using public key encryption (RSA), saving the
ciphertext in the file [StudentID]-key.enc.
3. Encrypt [StudentID]-iv.txt using public key encryption (RSA), saving the
ciphertext in the file [StudentID]-iv.enc.
Phase 4: Upload to your Partner
1. To send files to your partner, you must upload them to the Encrypted Files database on
Moodle. Your partner can then download from the database.
Phase 5: Decryption and Verification
1. Download the files from your partner from the Encrypted Files database.
2. Decrypt to obtain the message, saving it in the file [StudentID]-received.txt.
3. Verify the signed message.

COIT20262 Assignment 1 Term 1, 2023

Advanced Network Security Page 7 of 9
Phase 6: File Submission
a) Submit the files on Moodle. As output from these phases, you should have the following
files for submission on Moodle:
 [StudentID]-message.txt
 [StudentID]-keypair.pem
 [StudentID]-pubkey.pem
 [StudentID]-key.txt
 [StudentID]-iv.txt
 [StudentID]-message.sgn
 [StudentID]-message.enc
 [StudentID]-key.enc
 [StudentID]-iv.enc
 [StudentID]-received.txt (this will contain the message you received from your
partner)
Even though the encrypted files and public keys must be available on the Moodle databases,
you should also include a copy of the files in your assessment submission. Ensure the files in
the database and your submission are the same – the marker may use either version.
Phase 7: Reflection
Think about the tasks you performed in this question and write a brief reflection. You should
address:
(a) Submit your files on Moodle as listed above. Also take a screenshot showing the
OpenSSL verification command and the message contents. That is, the single screenshot
should show the output of two commands:
openssl dgst …
cat [StudentID]-received.txt
Include the screenshot on your assignment answer template. [3 marks]
b) Which parts were the most challenging or lead to mistakes, and why were there
mistakes? [2 marks]

c) Find the potential security vulnerability in the process/the steps you took. [2 marks]

COIT20262 Assignment 1 Term 1, 2023

Advanced Network Security Page 8 of 9
Question 4. Ransomware Research [9 marks]
Read the research article on Ransomware attack (2022) from the below link:
https://www.sciencedirect.com/science/article/pii/S0957417421015141
You need to perform the following tasks:
(a) Write a short overview of Ransomware [2 marks]
Approximately 1⁄2 page of text explaining what ransomware is and how it works. Assume the
audience of this section is the non-technical. You must include real examples of ransomware
and/or ransomware attacks.
(b) Describe the technical details of Ransomware [4 marks]
Approximately 1⁄2 to 1 page of text explaining the technical aspects of ransomware, including:
 What are the common methods of infection?
 What cryptographic techniques are commonly used?
 What technologies are used to obtain ransoms?
 Why are some ransomwares very hard to break?
Assume the audience of this section is technical, i.e., have similar background on network
security as you. You should refer to techniques and concepts covered in the unit and give
sufficient technical detail to demonstrate you understand the issues.
(c) Write some Recommendations to prevent the Ransomware [3 marks]
List and explain recommendations for end-users and/or organizations to avoid ransomware
and/or handle ransomware infections.

COIT20262 Assignment 1 Term 1, 2023

Advanced Network Security Page 9 of 9
Maintaining Journal [5 marks]
Whenever you perform tasks, you should be recording important information in your online
journal. This may include notes, commands you have run, parts of files you edited, and
screenshots. You will be marked on how well you have maintained your journal (including
technical depth) and how accurately it captures your tutorial and assignment practical activities
from Week 1 to Week 5. Your online journal may be also referred to when marking your
submission. For example, if the marker sees two student submissions with very similar answers,
they may refer to the journal to review the entries