UFCFLC-30-2- Secure Computer Networks_Assessment Specification 23-24 -Written Report-version 3

pdf

School

Bahauddin Zakaria University, Multan *

*We aren’t endorsed by this school

Course

MISC

Subject

Information Systems

Date

Nov 24, 2024

Type

pdf

Pages

12

Uploaded by CaptainReindeer2364

Report
1 MODULAR PROGRAMME COURSEWORK ASSESSMENT SPECIFICATION Module Details Module Code UFCFLC-30-2 Module Title Secure Computer Networks Module Leader Mr. Syed Imran Module Tutors Mr. Syed Imran and Ms. Buthaina Year 2023-24 Assessment Number Practical Skills Assessment - Total number of assessments for this module 1 Weighting 100% of the overall mark for the module. Type of assessment Individual work Dates Date issued to students 12-11-2023 Date to be returned to students 25-12-2023 Submission Date 25-12-2023 Submission Place Moodle GCET Online Platform Submission Time 23:59:59 Submission Notes Submit a report online Moodle. Feedback Feedback provision will be Online feedback
Secure Computer Networks 2 of 12 UFCFLC-30-2 Page 2 Contents Module Details ................................................................................................................................................................ 1 Dates ............................................................................................................................................................................... 1 Feedback ......................................................................................................................................................................... 1 Contents .......................................................................................................................................................................... 2 Section 1: Overview of Assessment ......................................................................................................................... 3 Section 2: Tasks to be completed ............................................................................................................................. 4 Section 3: Deliverables ............................................................................................................................................. 5 Section 4: Plagiarism ................................................................................................................................................ 6 Section 5: Feedback mechanisms ........................................................................................................................... 10
Secure Computer Networks 3 of 12 UFCFLC-30-2 Page 3 The Coursework for this module must be completed by the date specified and uploaded on the GCET Moodle. Keep an eye on the Moodle. Discussion area as questions and clarification are posted regularly. Section 1: Overview of Assessment This assignment assesses the following module learning outcomes: Demonstrate an understanding of a range of protocols employed at various network layers. Appreciate the significance of end-to-end security in network communication. Communicate the nature and potential threats to the security of computer networks, systems, and operating systems. Analyse a typical business/application for security threats, using appropriate models and leading to proposed solutions. Discuss the relative merits of different solutions to these threats for a given system, business, or application. Analyse a typical business/application for security threats, using appropriate models and leading to proposed solutions. The marks are as follows: 1. Summarizing a Research Paper on Ten IT Security Vulnerabilities ”. 20% Select a Paper: Pick a paper from ACM-DL or IEEE-CSDL on the top ten vulnerabilities in 2023. Summarize Content: Briefly summarize key findings, methodologies, and insights. Critical Evaluation: Critique the research, highlighting strengths, weaknesses, and relevance. 2. Penetration Testing on Damn Vulnerable Web Application (DVWA). 50% The primary objective of this penetration test is to assess the security of the DVWA platform and identify vulnerabilities and weaknesses that could be exploited by malicious actors. The test aims to mimic real- world attack scenarios to evaluate the effectiveness of security controls and incident response procedures. Conduct a Penetration Test: Simulate real-world attacks, identify vulnerabilities, and assess security measures. Submit a Report: Detail findings, potential impacts, and provide actionable security recommendations.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Secure Computer Networks 4 of 12 UFCFLC-30-2 Page 4 3. Examination of Seed Lab - Android Rooting Process. 30% Seed Lab: Follow the provided link to the Seed Security Labs Android Rooting lab. Conduct Examination: Go through the Android rooting process, understanding steps and potential risks. Write a Report: Discuss the process, highlight security concerns, and provide recommendations. Working on this assignment will help you to individually assess and understand how to identify if a system is secure or not. It will also enable you to develop the required practical skills to be able to secure a vulnerable system and advise relevant parties on ways forward. These skills will enhance your employability and improve your ability to get placements or undertake the task of network analysis and penetration testing. If you have questions about this assignment, please post them to the discussion board Discussion Area on Moodle. Section 2: Tasks to be completed. There are three parts to be completed for this coursework: Part I: Summary of Research Paper 20% Select a research paper from reputable sources such as ACM-DL or IEEE-CSDL that delves into the topic of "Ten IT Security Vulnerabilities." Your objective is to conduct a thorough critical evaluation of the chosen paper within a concise essay, limiting your analysis to a maximum of 500 words. It is imperative that the paper you opt for has not been previously discussed with any other student. This ensures the uniqueness and independence of your assessment. Part II: Penetration Testing 50% As the Chief Information Security Officer (CISO) tasked with enhancing the security posture of your organization, you have decided to implement a penetration test using Damn Vulnerable Web Application (DVWA). The primary objective of this penetration test is to assess the security of the DVWA platform and identify vulnerabilities and weaknesses that could be exploited by malicious actors. The test aims to mimic real-world attack scenarios to evaluate the effectiveness of security controls and incident response procedures. Scenario Details Scope: The penetration test will focus on the following areas within DVWA: Web Application Security: Assess the security of DVWA, including its front-end and back-end components, databases, and APIs. Network Infrastructure: Evaluate the security of the internal and external network architecture used by DVWA.
Secure Computer Networks 5 of 12 UFCFLC-30-2 Page 5 Employee Awareness: Test the effectiveness of security awareness training and social engineering risks within the context of DVWA. Wireless Security: Assess the security of wireless networks used by DVWA and their potential vulnerabilities. Cloud Security: Examine the security of any cloud infrastructure supporting DVWA. Objectives: Identify Vulnerabilities: Discover and document any vulnerabilities in DVWA, such as SQL injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF). Evaluate Network Security: Assess the strength of network defenses by attempting to gain unauthorized access to internal resources used by DVWA. Test Employee Awareness: Gauge the ability of users to recognize and respond to social engineering attacks within DVWA. Assess Wireless Security: Identify potential weaknesses in wireless network security related to DVWA that could be exploited. Cloud Security Evaluation: Review the security settings and configurations of any cloud infrastructure supporting DVWA, identifying misconfigurations or vulnerabilities. Methodology: The penetration test will employ a mix of automated tools and manual testing techniques, specifically tailored to DVWA, including: Vulnerability Scanning: Automated scanning tools to identify common vulnerabilities within DVWA. Manual Testing: Ethical hackers will manually attempt to exploit identified vulnerabilities in DVWA. Social Engineering: Simulate phishing attacks, phone calls, or physical security assessments within the context of DVWA to test user awareness. Wireless Assessment: Evaluate the security of wireless networks used by DVWA by attempting unauthorized access. Cloud Configuration Review: Examine cloud service configurations supporting DVWA to ensure they follow security best practices. Testing Environment: The penetration test will be conducted on a simulated environment hosting DVWA, ensuring a controlled and secure testing environment. Reporting: Upon completion of the penetration test on DVWA, a detailed report will be generated, including: A summary of findings within DVWA, categorized by risk level. Recommendations for remediation and improving security controls specific to DVWA. Evidence of successful exploits (if any) within DVWA to demonstrate the impact of vulnerabilities. Suggested updates to security policies and procedures applicable to DVWA. Follow-up actions for further testing or security enhancements specific to DVWA.
Secure Computer Networks 6 of 12 UFCFLC-30-2 Page 6 Penetration testing, using DVWA as a target, is a critical part of your organization's security strategy to proactively identify and address vulnerabilities before they can be exploited. Ethical and responsible testing practices will be followed in the simulated environment to minimize potential risks. Part III: Examination of Seed Lab 30% Perform an in-depth analysis of the Android rooting procedure, with a focus on technical and security aspects. Explore the primary motivations behind users opting for rooting, outline the advantages arising from root privileges, and pinpoint security hazards associated with elevated access. Additionally, delve into the ethical dimensions relevant to security professionals engaging in rooting activities, underscoring the imperative for responsible and lawful use of these techniques to balance customization opportunities with security concerns. Conduct an examination of the Android rooting process through the seed lab, providing a comprehensive report on the completed lab available at: https://seedsecuritylabs.org/Labs_20.04/Mobile/Android_Rooting/ Lab Tasks Breakdown: 1. Pre-Lab Preparation (10%) Clarify the concept of rooting and elucidate reasons prompting users to root their Android devices. Identify and expound on two potential risks linked to rooting Android devices. 2. Rooting Process (40%) Execute the rooting process on the designated virtual Android device. Document the sequential steps involved in installing a custom recovery. Include screenshots at pivotal stages of the rooting process. Explain the significance of custom recovery in the rooting procedure. 3. Flashing Custom ROM (30%) Choose a custom ROM from the provided list in the lab guide. Perform the flashing process utilizing custom recovery. Articulate the potential benefits associated with using a custom ROM. Discuss any encountered challenges during the flashing process and detail the strategies employed to overcome them. 4. Backup and Restore (10%) Describe the significance of data backup before initiating the rooting process. Demonstrate the process of conducting a full back up using custom recovery. Explain the steps involved in restoring the device from a backup. 5. Post-Lab Reflection (10%) Reflect on the overall experience of rooting and customizing the Android device.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Secure Computer Networks 7 of 12 UFCFLC-30-2 Page 7 Discuss ethical considerations related to rooting Android devices, emphasizing the responsible and lawful utilization of these techniques. Section 3: Deliverables Only one report file is to be submitted with section numbers. You need to submit a detailed report, with screenshots needs to be clear and readable, to describe what you have done and observed. You also need to explain the observations that are interesting or surprising. Please also list the important code snippets and screenshots that need to be readable and explained. Simply attaching code or screenshots - need to be clear and readable- without any explanation. or demonstration of your understanding of the Learning Outcomes will not receive credits. All screenshots in the report must have your student number and date and time in the user prompt, need to be clear and readable. Note: Please note that the report should encompass screenshots, testing details, findings, and references. Section 4: Plagiarism In submitting this assignment, you make the following declaration: not fact-checking and providing citations for any of the work included information obtained from using AI tools will result in an Assessment Offence or mark of zero for that part. I declare that I am the sole author of this work. I have not copied work from any source (including my own previously submitted work for which credit has been/is due to be awarded at UWE or elsewhere). I have not shared any versions of my work being submitted with other students. I have not viewed any versions of the work being submitted by other students. I have fully acknowledged/referenced all sources of information used. I am aware that failure to comply with the above may constitute an assessment offence. Section 5: Marking Criteria
Secure Computer Networks 8 of 12 UFCFLC-30-2 Page 8 Deliverables Aspects 0 1-4 5-8 9-12 13-16 17-20 Marks Part 1 Summarizi ng a Research Paper on “Ten IT Security Vulnerabili ties No attempt Poor attempt- Incomplete answer with weak references and improper explanation. The analysis is incomplete, lacking sufficient depth in addressing the top ten security vulnerabilities. The paper fails to establish clear connections between machine learning applications and security vulnerability mitigation. Evidence, including code snippets and observations, is scarce, leading to an unsuccessful investigation. Acceptable Attempt-Little knowledge about the question with a smaller number of references. The report offers minimal details on applying machine learning to address security vulnerabilities . The connection between machine learning and the top ten security vulnerabilities lacks clarity, and the analysis is superficial. The use of inappropriate terminology and a subpar writing style hinders effective communicati on. Insufficient code snippets weaken the evidence, impacting the overall analysis. Satisfactory Attempt- Adequate use of analytical skills and reflective practice demonstratin g with adequate referencing. The paper covers necessary details for machine learning application and security vulnerability mitigation, but deeper analysis and context are required. The terminology is appropriate, maintaining an acceptable structure. While evidence, including code snippets, is present, it lacks comprehensiv e support for the investigation. Basic validation for machine learning tools is evident. Good to very Good Attempt- Use of references skills and reflective practical knowledge was acceptable. The report addresses required tasks with clear and documented code snippets, but it falls short in contextualizing machine learning applications with other resources. Partial evidence of implementing machine learning in security vulnerability mitigation is present. The terminology is accurate, and the report is well-structured. Detailed lab reports and evidence, such as screen captures, are available, but the analysis and validation could be more extensive Excellent Commendable Attempt- Strong skills and professional knowledge. Accurate referencing & bibliography correctly using appropriate referencing style. The report excels, presenting excellent evidence of machine learning implementatio n to mitigate security vulnerabilities effectively. It includes an outstanding review paper covering all requirements. The report is exceptionally well- structured, organized, and professionally presented. Grammar and language meet the highest standards. A deep and insightful analysis, supported by strong citations, enhances the validity of the machine learning tool results. Deliverables Aspects 0 1-10 11-20 21-30 31-40 41-50 Marks Part 2 Penetratio n Testing on Damn Vulnerable Web Application (DVWA). No attempt Weak Penetration testing without evidence. The report lacks clarity and coherence, presenting an incomplete Acceptable Discuss two steps completed out of five penetration steps. The report provides Satisfactory Discuss three steps completed out of five penetration steps with limited evidence. The Very Good Discuss four steps completed out of five penetration steps with Very good explanation. The report Commendable Complete discuss All five Penetration Steps with Commendable explanation. The report excels in all
Secure Computer Networks 9 of 12 UFCFLC-30-2 Page 9 assessment of DVWA's security. The scope, objectives, and methodology is poorly defined. There is minimal coverage of the specified areas, and findings are unclear or missing. The report lacks evidence, screenshots, and fails to effectively identify vulnerabilities or weaknesses. Recommendati ons and follow-up actions are absent or inadequate. The structure of the report is disorganized, and references are lacking. minimal coverage of the penetration test areas but lacks depth and structure. The methodology and objectives are partially defined. The findings are present but may be disorganized. Screenshots and evidence are limited. Recommenda tions for remediation are provided but lack detail. The report could be more comprehensiv e, and references are lacking or insufficient. report covers all the defined penetration test areas with a clear scope, methodology, and objectives. It identifies vulnerabilities and weaknesses effectively and provides recommendat ions for remediation. Screenshots and evidence are included, but they could be more extensive. The report is well- structured and follows a logical flow. However, references are limited, and there is room for more detailed analysis and follow-up actions. thoroughly covers the defined penetration test areas, providing a comprehensive scope, well- defined methodology, and clear objectives. It effectively identifies vulnerabilities and weaknesses, offering detailed recommendatio ns for remediation. Screenshots and evidence are included, supporting the findings. The report is well- structured and logically organized. References are present but may benefit from more depth and breadth. It demonstrates a strong understanding of the subject matter. aspects, covering the penetration test areas comprehensive ly with a clear scope, well- defined methodology, and precise objectives. It effectively identifies vulnerabilities and weaknesses and provides detailed recommendati ons for remediation. Screenshots and evidence are extensive, enhancing the findings. The report is exceptionally well-structured and organized. References are comprehensive and well- integrated. It reflects a deep understanding of penetration testing and its implications for the company's security strategy. The report effectively communicates the results and their impact on the e- commerce platform's security. This guideline outlines the expectations for a penetration testing report for the given scenario, covering areas such as scope, methodology, objectives,
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Secure Computer Networks 10 of 12 UFCFLC-30-2 Page 10 findings, evidence, recommendati ons, structure, and references. Deliverables Aspects 0 1 2 3 Marks Part 3 Pre-Lab Preparatio n No attempt Discuss only one steps completed out of three steps with weak explanation Discuss only two steps completed out of three steps with satisfactory to good explanation. Commendable Complete discuss All three Steps with Commendable explanation Aspects 0 1-3 4-6 7-9 10-12 Marks Rooting Process No attempt Discuss only one accept completed out of four accepts with weak to adequate explanation Discuss only two accepts completed out of four accepts with satisfactory explanation Acceptable Only discuss three accepts completed out of four accepts with acceptable explanation. Commendable Complete discuss All four accepts with Commendable explanation Aspects 0 1-2 3-4 5-6 7-8 9 Marks Flashing Custom ROM No attempt Discuss only one step implementatio n completed out of five steps implementatio n Discuss only two steps implementati on completed out of five steps implementati on Discuss only three steps implementati on completed out of five steps implementati on Discuss only four steps implementation completed out of five steps implementation Commendable Complete discuss All five steps with Commendable implementatio n Aspects 0 1 2 3 Marks Backup and restore No attempt Discuss only one steps completed out of three steps with weak explanation Discuss only two steps completed out of three steps with satisfactory to good explanation. Commendable Complete discuss All three Steps with Commendable explanation Aspects 0 1 2 3 Marks Post-Lab Reflection No attempt Discuss Reflection with weak explanation Discuss Reflection with satisfactory to good explanation. Discuss Reflection with Commendable explanation
Secure Computer Networks 11 of 12 UFCFLC-30-2 Page 11 Performance Level Criteria Part1 Part2 Part3 Fail (< 40%) The analysis is incomplete, lacking sufficient depth in addressing the top ten security vulnerabilities. The paper fails to establish clear connections between machine learning applications and security vulnerability mitigation. Evidence, including code snippets and observations, is scarce, leading to an unsuccessful investigation. The report lacks clarity and coherence, presenting an incomplete assessment of DVWA's security. The scope, objectives, and methodology is poorly defined. There is minimal coverage of the specified areas, and findings are unclear or missing. The report lacks evidence, screenshots, and fails to effectively identify vulnerabilities or weaknesses. Recommendations and follow-up actions are absent or inadequate. The structure of the report is disorganized, and references are lacking. The report presents an incomplete and disorganized review of the lab from the provided link. It lacks coverage of essential lab details and may not follow the lab instructions accurately. The findings are limited, and there is a lack of evidence and screenshots. T 3rd Class (40% - 49%) The report offers minimal details on applying machine learning to address security vulnerabilities. The connection between machine learning and the top ten security vulnerabilities lacks clarity, and the analysis is superficial. The use of inappropriate terminology and a subpar writing style hinders effective communication. Insufficient code snippets weaken the evidence, impacting the overall analysis. The report provides a basic assessment of DVWA's security with limited depth and structure. While the scope, objectives, and methodology are partially defined, there are notable gaps. Findings are present but may lack organization, and evidence is limited. Recommendations for remediation are provided but lack detail. The report could be more comprehensive, and references are lacking or insufficient. The report provides a minimal review of the lab from the provided link but lacks depth and structure. It may not fully follow the lab instructions or cover all essential details. The findings are present but may be disorganized. Screenshots and evidence are limited. The report may mention race conditions but without thorough analysis. Lower 2nd Class (50% - 59%) The paper covers necessary details for machine learning application and security vulnerability mitigation, but deeper analysis and context are required. The terminology is appropriate, maintaining an acceptable structure. While evidence, including code snippets, is present, it lacks comprehensive support for the investigation. Basic validation for machine learning tools is evident. The report covers the defined penetration test areas with a clear scope, methodology, and objectives. It effectively identifies vulnerabilities and weaknesses and provides recommendations for remediation. Screenshots and evidence are included but could be more extensive. The report is well- structured and follows a logical flow. However, references are limited, and there is room for more detailed analysis and follow-up actions. The report reviews the lab from the provided link, covering essential details and following the lab instructions. It identifies race conditions and their implications effectively and provides some recommendations or solutions. Screenshots and evidence are included, but they could be more extensive.
Secure Computer Networks 12 of 12 UFCFLC-30-2 Page 12 Upper 2nd Class (60% - 69%) The report addresses required tasks with clear and documented code snippets, but it falls short in contextualizing machine learning applications with other resources. Partial evidence of implementing machine learning in security vulnerability mitigation is present. The terminology is accurate, and the report is well-structured. Detailed lab reports and evidence, such as screen captures, are available, but the analysis and validation could be more extensive The report thoroughly covers the defined penetration test areas, providing a comprehensive scope, well-defined methodology, and clear objectives. It effectively identifies vulnerabilities and weaknesses, offering detailed recommendations for remediation. Screenshots and evidence are included, supporting the findings. The report is well-structured and logically organized. References are present but may benefit from more depth and breadth. It demonstrates a strong understanding of DVWA and penetration testing concepts. The report thoroughly reviews the lab from the provided link, providing a comprehensive summary of essential details and following the lab instructions accurately. It effectively identifies race conditions and their implications, offering detailed recommendations or solutions. Screenshots and evidence are included, supporting the findings. 1st Class (70% +) The report excels, presenting excellent evidence of machine learning implementation to mitigate security vulnerabilities effectively. It includes an outstanding review paper covering all requirements. The report is exceptionally well-structured, organized, and professionally presented. Grammar and language meet the highest standards. A deep and insightful analysis, supported by strong citations, enhances the validity of the machine learning tool results. The report excels in all aspects, covering DVWA comprehensively with a clear scope, well-defined methodology, and precise objectives. It effectively identifies vulnerabilities and weaknesses, providing detailed recommendations for remediation. Screenshots and evidence are extensive, enhancing the findings. The report is exceptionally well- structured and organized. References are comprehensive and well-integrated. It reflects a deep understanding of penetration testing and its implications for the organization's security strategy. The report effectively communicates the results and their impact on DVWA's security. Ethical and responsible testing practices are evident, minimizing potential risks in the simulated environment. The report excels in all aspects, covering the lab from the provided link comprehensively with a clear summary of essential details and precise adherence to the lab instructions. It effectively identifies race conditions and their implications and provides detailed recommendations and solutions. Screenshots and evidence are extensive, enhancing the findings. The report is exceptionally well- structured and organized. Section 6: Feedback mechanisms Final feedback will be provided with the marks online. If you need any help during the process, use the discussion area, or email me to arrange an online meeting.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

System Development or Application Assurance.docx
Cardinality Estimation Feedback in SQL Server 2022.docx
Assessment 4 (page 4 of 15).pdf
ARIF OE ASdfsdS.docx
EXAMEN II PARCIAL_ELAB.P_ Revisión del intento.pdf
20230526165403answer_4.docx
Best Digital Business Card.docx
Malware Attack.docx
ttyest-13.pdf
Assessment guideline - BSBOPS504.pdf
_wgu_c838_ (10).pdf
BSBWRT301.docx