COIT20262 – Advanced Network Security, Term 2, 2020
Assignment 1 Submission
| Due date: | 10am Monday 24 August 2020 (Week 6) | ASSESSMENT |
| Weighting: | 35% | 1 |
| Length: | N/A |
Student Name: Rukshad Alaparthi
Student ID: 12102810
Campus: campus
Tutor: tutor
- HTTP Interception
Part (a) Message Sequence Diagram
Include image on single page
| Student |
| Website |
| Webserver |
| Database |
| 1. Clock log-in tab () |
| 2. Fetch log-in page () |
| 3. Return log-in page () |
| 4. Display log-in page () |
| 5. Fill in student details () |
| 6. Click log-in button () |
| 7. Send Student log-in details () |
| 8. Verify Student log-in details () |
| 9. Invalid Student log-in details () |
| 10. Send errors () |
| 11. ReEnter correct log-ins () |
| 12. Valid Student log-in details () |
| 13. Click view grades button () |
| 14. Fetch grades page () |
| 15. Student grades ordered by Student names and Student Id () |
| 16. Return individual student grades page () |
| 17. Display grades page () |
Part (b) Information Learnt
Keep this answer to less than 1 page. Going over 1 page a little bit will not be a problem, but it is not necessary. A good answer may be given in about ½ page.
“The port number used by the server was 8080, as seen in packet 15 in the capture file. The port number is useful for the attacker because from this port, it is easy to intercept all HTTP requests and communication between the server and the client workstation. The most potential cybersecurity attacker for this kind of HTTP communications and intercepts is known as Man-in-the-middle. This is an attacker who eavesdrops on the student’s communication with the server over a legal matter as the above interchange for grades request. However, this attacker is not allowed to listen to this communication due to the sensitive matter of students’ grades.
The man-in-the-middle has the capability of manipulating the student grades while masquerading as a real student. This attacker can also manipulate the student grades to represent falls records or can at worst delete the student records from the database or fetch the records, download the records and use it for blackmail.”
- Vulnerability Assessment
Vulnerability, Likelihood and Risk Levels
Define the scales you are using for vulnerability impact, likelihood, and risk.
Threat 1
Vulnerability
The University database is vulnerable to cybercriminals attacks using malicious software such as Spywares.
Vulnerability Impact Level: critical level
Vulnerability Impact Explanation
Student attackers can use spyware software to intrude into the University’s Moodle questions bank, download the questions and answers from the database, say for the end of the semester, and then disseminate them to fellow students if not detected will course integrity lose on the students’ performances.
Likelihood Level: low
Likelihood Explanation
Student spyware attacker and its likelihood of occurrence are very low since the university’s network administrators, and the database managers have put measures to counter and prevent any possible intrusion in that, the students have no idea about the location of the university’s database. However, this is not the main measure, but as per the ICT regulations, access to the database is prohibited, and access is only allowed to specific personnel.
Risk Level: High
Risk Mitigation
Should the likelihood of occurrence be realized, the university has put measures of back-up and recovery. There is also the use of highly encrypted access codes and firewalls to protect against unauthorized access.
Threat 2
Vulnerability
The WIFI network is vulnerable to the individual’s temperament since they are located in open and accessible areas to anyone. This attacker can, therefore, decide to switch off the entire WIFI network coverage or steal the network gadgets hence may affect some students who rely on this to access the internet while doing their researches.
Vulnerability Impact Level: Critical.
Vulnerability Impact Explanation
Stealing or switching of the WIFI network will affect both students and staff from undertaking their various transactions over the internet and hence crippling the day-to-day operations of the university ranging from access to Moodle and class resource materials and other important researches.
Likelihood Level: High
Likelihood Explanation
The likelihood of this vulnerability to occur is high because of the ease of access to the WIFI network installations. It is also difficult to locate and is expensive to purchase the networking gadgets should the case be theft.
Risk Level: high
Risk Mitigation
The best and possible way to prevent theft and temperament from occurring is that the WIFI network gadgets should be located at points that security personal can monitor, and any operations on them are visible.
Threat 3
Vulnerability
Student personal information in the database is vulnerable to SQL injection that may cause the database to reveal or send out files of student records that may be used by brokers on the network to sell personal student records, including financial records.
Vulnerability Impact Level: Critical
Vulnerability Impact Explanation
Should an SQL injection occur, a lot of student records will be lost and tampered with. Also, it may affect the university reputation. It may lead to likely and indefinite closure that necessitates investigating agencies to step in and assist in tracking down the perpetrators and recover the files before they are used for malicious purposes.
Write your explanation here
Likelihood Level: High
Likelihood Explanation
Every institution is always a target for potential attackers. Therefore, should an institution has weak defensive mechanisms, this attacker is very likely to occur.
Risk Level: High
Risk Mitigation
With best mechanisms in place, SQL injection attackers can easily be detected and possibly blocked within an application traffic flow within a network.
The defense mechanisms that the institution should implement to fight off potential attacks is by way of validation on all data supplied by the users by best approaches of blacklisting and whitelisting. The institution should also construct an SQL statement that cannot be influenced by using data on the logic statements.
- Ransomware
What is ransomware?
Ransomware is a form of malicious software developed to block access to personal computer systems and files until some stated amounts of money are paid out for the lock to be removed.
Examples of Ransomware
WannaCry Ransomware attack on UK’s National Health Services in 2017. Several operations of the organization were crippled due to this attack. NHS staff were reduced to writing using pen and paper and also use of their mobile phones due to attacks even on the organization’s telephones.
Eurofins Scientific, UK’s leading forensic investigations and services providers, was attacked and infected by Ryuk ransomware. This attack leads to total disruptions on the Company’s IT systems that lead to a backlog of more than 20,000 samples of blood and DNA data.
Role of Cryptography
Cryptography is mainly used in achieving the goals of information security which are;
Confidentiality: Cryptography is used in the protection of confidentiality of secrets. Whenever stored data or data on transit is manipulated, the encrypted information will lack meaning to unauthorized individuals without decryption keys.
Integrity: Cryptography is used to ensure accuracy in the integrity of information through hashed algorithms and message digests.
Authentication: Cryptography is used for authentication and non-repudiation by using digital signatures and digital certificates or using Public Key Infrastructure.
Recommendations
Do not click unverified links
Individuals using the university IT technologies should not click any links within the spam mails or avoid a visit to unfamiliar websites. Any automatic downloads from possible malicious links can lead to a computer infection.
Never open unverified email attachments.
Any email attachments from unverified senders should not be opened. Confirm the sender and the correctness of the email. Validate the authenticity of the mail attachment before opening or also contact the sender and double-check on them.
Never give out personal information.
Should you get a call email alert or text message requesting your credentials, do not give them out.
- Encryption and Signing
Screenshot
Include just one screenshot showing the verification command and result and the message using a cat.
Reflection – Challenges in the Task
The challenging part is to get the recipient’s public to use for encryption, which was difficultly necessitated by the distance apart.
Reflection – Potential Weaknesses
Encryption keys are generated mathematically, and this possesses a challenge of how complex they are to implement, which is confusing to the users. Therefore, University staff and employees tend to disable these measures and may also share the decryption keys insecurely hence making this system invalid.