ICT287 Computer Security Assignment 1 – V6 Last Updated 24/03/2021 Assignment Information You must submit your assignment online using the Assignment submission on LMS. Late submissions will be...

Report writing


ICT287 Computer Security Assignment 1 – V6 Last Updated 24/03/2021 Assignment Information You must submit your assignment online using the Assignment submission on LMS. Late submissions will be penalised at the rate of 10% of the total mark per day late or part thereof. You should submit your assignment as ONE word-processed document containing all of the required question answers. The document must have a title page indicating the assignment, student name and number and the submission date. The document must be submitted in PDF format. You must keep a copy of the final version of your assignment as submitted (PDF and source document) and be prepared to provide it on request. This is an INDIVIDUAL assignment. The University treats plagiarism, collusion, theft of other students’ work and other forms of academic misconduct in assessment seriously. Any instances of academic misconduct in this assessment will be forwarded immediately to the Faculty Dean. For guidelines on academic misconduct in assessment including avoiding plagiarism, see: http://our.murdoch.edu.au/Student-life/Study-successfully/Study-Skills/Referencing/ Murdoch University ICT287 Computer Security Due Date: LMS Planet of the grapes Planet of the Grapes, a local wine and spirit merchant currently operates in three stores around Perth. Stores are independent from one another and there is no data sharing between stores, although this is not by design but simply a by-product of faster than expected expansion. The organisation has contracted your computer security consulting company to perform an audit on their computer network. The owners have never employed any IT security staff in the past and have preferred to set up systems for themselves. However, the risks posed by inadequate cyber security have now become too great to be ignored. For this reason you are being asked to investigate the security of the system and make recommendations. http://our.murdoch.edu.au/Student-life/Study-successfully/Study-Skills/Referencing/ ICT287 Computer Security Assignment 1 – V6 Last Updated 24/03/2021 Scenario Description The site being audited has a total of 10 full time staff and an unspecified number of casual staff. The back-office duties are only undertaken by full time staff, but the staff common areas and offices are not locked or physically separated. Full time staffers handle payroll, HR and scheduling tasks. The front counter/cashier duties are sometimes taken on by full timers but also by casual staff. You have been informed that the turnover of casual staff is quite large, although the reasons for this are unknown. The computer systems in the back office are all networked via a Cisco small business series ADSL router supplied by Telstra. To permit the owner(s) to check on files from home, remote access services are enabled on some but not all of the machines. There is no centralized authentication server and users logon locally to all machines. All machines contain two local user accounts “admin” and “user”. These accounts are shared by staff to ensure that files are always accessible to fellow staff. The server used for hosting the online presence runs Ubuntu Linux and is located in one of the offices. The server will also be used as print and file server for other Windows 7 PCs which will run office applications (payroll, HR etc.). An image of the server machine has been supplied to you as VirtualBox VM. You can obtain the VM from: http://www.it.murdoch.edu.au/szander/ICT287/assignment1/form.php You will require your student number to download the VM. You should download your own specific VM as there are multiple different VMs for different people. The network interface of the VM is set to Host-only Adapter and normally you should leave it that way. For the VM to run, it is necessary to have a Host-only Network configured in VirtualBox. This may already exist, but if it does not exist you can configure it under File->Preferences->Network->Host-only Networks. Make sure you enable the DHCP server. Attack Surface Analysis Your task is to assess the attack surface. The scope of your analysis is limited to: 1. Network attacks on the server (based on the image provided); 2. Other attacks including physical attacks (based on the description of the site). You should NOT login to the server machine and analyse the individual software packages that have been installed. You only need identify and describe any vulnerable services from a network level (using suitable tools) and identify and describe any potential attacks including physical attacks given the scenario description above. It is not mandatory, but you may use a vulnerability scanner (e.g. Nessus) for the network- level analysis. However, you are not allowed to simply copy and paste output of these tools. Like in the real world you must synthesise the output of the (different) tools into a form appropriate for the audience and add textual descriptions. Your report should outline possible weaknesses and vulnerabilities. The report should start with an executive summary of 1 page that summarises the most important findings and is understandable by a layperson. The following pages should describe the details and should be http://www.it.murdoch.edu.au/szander/ICT287/assignment1/form.php ICT287 Computer Security Assignment 1 – V6 Last Updated 24/03/2021 presented in a format suitable for a general technical audience – i.e. someone who is proficient in IT in general, but may not be a security expert. Citations should be used where appropriate. Your report should enumerate all potential network accessible services with as much detail as possible (based on the viewpoint of an external attacker) and identify possible vulnerabilities for these services referencing specific CVE items (with brief explanations). An exhaustive list of CVEs is not required (there are too many), but you should at least discuss the 10 most critical and these must be relevant to the actual system and services. Your report should also discuss possible other attack points including physical attack points and how these could be potentially exploited by attackers. Your report should end with a summary of the findings which is more in-depth than the executive summary and also clearly demonstrates a prioritisation of the most important issues. Based on your findings you should also make recommendation on how to improve the security of the server as well as the site in general. Your report must have a title page and table of contents (ToC). It should be presented in a clear and concise way and should be written in your own words (simply copying CVE descriptions is not acceptable). The length of the report must not exceed 10 pages (excluding the title page, ToC and appendices if any). The overall mark allocation is as follows: Executive summary 10 Service enumeration and description 10 Vulnerability identification and description 20 Site attack surface analysis 25 Summary and prioritisation of issues 10 Recommendations / mitigations 15 Explanation in own words / clarity of presentation 10 Scenario Description You will require your student number to download the VM. You should download your own specific VM as there are multiple different VMs for different people. The length of the report must not exceed 10 pages (excluding the title page, ToC and appendices if any).