Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
1
Weighting: 40%
Length: N/A
Instructions
Attempt all questions.
Submit the following on Moodle:
Answers: A Microsoft Word document containing answers to the questions.
Files for Question 3: keypair.pem,pubkey.pem, commands.bash,
signature.bin, key.txt, ciphertext.bin, secretkey.bin
This is an individual assignment, and it is expected students answer the questions themselves.
Discussion of approaches to solving questions is allowed (and encouraged), however each
student should develop and write-up their own answers. See CQUniversity resources on
Referencing and Plagiarism. Guidelines for this assignment include:
Do not exchange files (reports, captures, diagrams) with other students.
Complete tasks with virtnet yourself do not use results from another student.
Draw your own diagrams. Do not use diagrams from other sources (Internet,
textbooks) or from other students.
Write your own explanations. In some cases, students may arrive at the same numerical
answer, however their explanation of the answer should always be their own.
Do not copy text from websites or textbooks. During research you should read and
understand what others have written, and then write in your own words.
Advanced Network Security Page 1 of 8
COIT20262 Assignment 1 Term 1, 2017
Use the file and the above information to answer the following sub-questions. Do not try to
guess answers; use only the above information, the capture file and your knowledge of
networking and security to find the answers.
(a) Several applications were used on several different computers. Complete the table to
summarise the applications in use in the network. The columns are:
Application name or protocol, e.g. Web, SSH, ?, where ? means cannot
determine from the capture.
Transport protocol. TCP, UDP, ICMP or other.
Client Port(s). Use a range, e.g. 1-10, if the client changes ports for each
connection.
Server Port, Client IP, Server IP.
Time of use. The time when the application is in use. Round to the nearest
second. Use a range, e.g. 0-4 seconds.
The first row includes example values of selected columns. Complete (or edit) and
add further rows as necessary. [4 marks]
Advanced Network Security Page 2 of 8
COIT20262 Assignment 1 Term 1, 2017
Application Table
App. Tra. Client Server Client Server Time
Port(s) Port IP IP of use
Web 48158- 0-4
48170
(b) Complete the address table below to show known address information of
computers/interfaces in the network. Some information in the table may not be known
(e.g. cannot be determined from the capture). Use a question mark ? in the table if
the information is not known. Use only the information in the question and the
capture file to determine the answers (do not guess). [2 marks]
Address Table
Computer Interface MAC IP
1 1 08:00:27:cc:71:35 192.168.1.1
1 2 08:00:27:1c:6d:33 192.168.4.1
1 3 08:00:27:61:fc:c4 192.168.5.1
2
(c) Some of the computers in the network have domain names as well as IP addresses.
List the IP address and domain name of each computer with a domain name, and give
the packet number where you found the domain name. [2 marks]
st
(d) Consider the 1 TCP connection in the capture (which starts at packet number 3 in the
capture file). Draw a message sequence diagram that illustrates all packets in that TCP
connection. A message sequence diagram uses vertical lines to represent events that
happen at a computer over time (time is increasing as the line goes down). Addresses
of the computers/software are given at the top of the vertical lines. Horizontal or
sloped arrows are used to show messages (packets) being sent between computers.
Each arrow should be labelled with the protocol, packet type and important
information of the message. Examples of message sequence diagrams are given in
workshops. Note that you do not need to show the packet times, and the diagram does
not have to be to scale. [2 marks]
(e) Briefly explain how a TCP connection starts (or opens), and how it completes (or
st
closes), using the 1 TCP connection from the capture (and your message sequence
diagram above) as an example. [2 marks]
(f) Some of the computers in the network are running a web server. Choose one of the
computers and then list which files exist on the web server, and which files do not
exist on the web server. Explain how you know the files (that is, refer to the packet
number(s) in the capture). [2 marks]
(g) What is the password? [0 marks this is challenge, but worth no marks. Dont tell
other students the answer if you find it.]
Marking Scheme
(a) All connections are listed correctly: 4 marks. Minor mistakes in few connections: 3
marks. Missing few connections and/or multiple mistakes: 2 marks. Missing multiple
connections and/or many mistakes: 1 marks. Most connections wrong: 0 marks.
(b) 2 marks for service table; 2 marks for address table. All entries included: 2 marks.
Some entries missing or wrong: 1 mark. Most entries missing or wrong: 0 marks.
(c) All packets clearly shown: 2 marks: Minor mistakes: 1 mark. Multiple packets wrong
and/or multiple mistakes: 0 marks.
(d) All computers/domains listed: 2 marks. One mistake: 1 mark. More than one mistake:
0 marks.
(e) Clear explanation of connection open and close: 2 marks. Mistakes or wrong
explanation of one of the steps: 1 mark. Multiple mistakes or wrong explanation of
both steps: 0 marks.
(f) All files (both those that exist and those that dont exist) listed with packet numbers
referenced: 2 mark. Some minor mistakes or missing file: 1 mark. Multiple mistakes
or multiple missing files: 0 marks.
(g) This sub-question is worth 0 marks. It has no impact on your total marks.
After performing and understanding the attack, answer the following sub-questions.
(a) Give a short description of an unvalidated redirect attack, referring to the steps you
performed in the attack and the vulnerability your attack exploited. [2 marks]
(b) Assuming a website must use redirects, recommend a technique that can be used to
minimise the impact of unvalidated redirect attacks. [1 mark]
(c) In the attack you performed in virtnet, describe what methods the attacker used (other
than an unvalidated redirect) and how the attacker benefits from the attack (that is,
what do they gain and how?). [3 marks]
(d) Include the screenshot of the stolen username/password obtained during the attack. [2
marks]
Marking Scheme
(a) Clear description, demonstrating understanding of the attack: 2 marks. Some mistakes
or misunderstandings: 1 mark. Many mistakes and/or lack of understanding: 0 marks.
(b) One relevant techniques clearly described: 1 mark. No relevant techniques or lack of
understanding of techniques: 0 marks.
(c) Clear description of methods and benefits: 3 marks. Minor mistakes or
misunderstandings in description: 2 marks. Missing methods or benefits; major
mistakes: 1 mark. Lack of understanding of both methods and benefits, or no relevant
methods/benefits: 0 marks.
(d) Screenshot showing relevant information: 2 marks. No screenshot or not showing
relevant information: 0 marks.
(g) Encrypt your key.txt file using RSA so that only the Unit Coordinator can view the
contents. Save the encrypted key as secretkey.bin.
Multiple files are output from the above steps. You must submit the following on Moodle:
keypair.pem
pubkey.pem
commands.bash
signature.bin
key.txt
ciphertext.bin
secretkey.bin
The file names must be exactly as listed above. Use lowercase for all files and double-check
the extensions (be careful that Windows doesnt change the extension).
Examples of the OpenSSL operations needed to complete this task, as well as a Bash script,
are on Moodle.
Marking Scheme
Once files are submitted, they will be decrypted/verified using the reverse operations of what
you were expected to do.
If your files successfully decrypt/verify, and the commands (commands.bash)
submitted are correct, then you will receive 9 marks.
If your files successfully decrypt/verify, but the commands contain errors, then you
will receive between 6 and 8 marks, depending on the severity of the errors (e.g. small
typo vs wrong command).
If your files do NOT successfully decrypt/verify, then your commands will be
reviewed to determine what mistakes you made. You will receive between 0 and 7
marks, depending on the severity of the errors.
Up to 6 marks may be deducted for incorrect submissions (e.g. not all files submitted,
additional files submitted, wrong files submitted, wrong filenames).