This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Uncategorized

COIT20262 – Advanced Network Security, Term 2, 2020

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

COIT20262 – Advanced Network Security, Term 2, 2020

Assignment 1 Submission

Due date:10am Monday 24 August 2020 (Week 6)ASSESSMENT
Weighting:35%1
Length:N/A

 

Student Name:                        Rukshad Alaparthi

Student ID:                 12102810

Campus:                      campus

Tutor:                          tutor

 

 

Part (a) Message Sequence Diagram

Include image on single page

Student
Website
Webserver
Database
1. Clock log-in tab ()
2. Fetch log-in page ()
3. Return log-in page ()
4. Display log-in page ()
5. Fill in student details ()
6. Click log-in button ()
7. Send Student log-in details ()
8. Verify Student log-in details ()
9. Invalid Student log-in details ()
10. Send errors ()
11. ReEnter correct log-ins ()
12. Valid Student log-in details ()
13. Click view grades button ()
14. Fetch grades page ()
15. Student grades ordered by Student names and Student Id ()
16. Return individual student grades page ()
17. Display grades page ()

 

 

Part (b) Information Learnt

Keep this answer to less than 1 page. Going over 1 page a little bit will not be a problem, but it is not necessary. A good answer may be given in about ½ page.

“The port number used by the server was 8080, as seen in packet 15 in the capture file. The port number is useful for the attacker because from this port, it is easy to intercept all HTTP requests and communication between the server and the client workstation. The most potential cybersecurity attacker for this kind of HTTP communications and intercepts is known as Man-in-the-middle. This is an attacker who eavesdrops on the student’s communication with the server over a legal matter as the above interchange for grades request. However, this attacker is not allowed to listen to this communication due to the sensitive matter of students’ grades.

The man-in-the-middle has the capability of manipulating the student grades while masquerading as a real student. This attacker can also manipulate the student grades to represent falls records or can at worst delete the student records from the database or fetch the records, download the records and use it for blackmail.”

 

 

  • Vulnerability Assessment

Vulnerability, Likelihood and Risk Levels

Define the scales you are using for vulnerability impact, likelihood, and risk.

 

Threat 1

 

 

 

 

 

 

Vulnerability

The University database is vulnerable to cybercriminals attacks using malicious software such as Spywares.

Vulnerability Impact Level: critical level

Vulnerability Impact Explanation

Student attackers can use spyware software to intrude into the University’s Moodle questions bank, download the questions and answers from the database, say for the end of the semester, and then disseminate them to fellow students if not detected will course integrity lose on the students’ performances.

Likelihood Level: low

Likelihood Explanation

Student spyware attacker and its likelihood of occurrence are very low since the university’s network administrators, and the database managers have put measures to counter and prevent any possible intrusion in that, the students have no idea about the location of the university’s database. However, this is not the main measure, but as per the ICT regulations, access to the database is prohibited, and access is only allowed to specific personnel.

Risk Level: High

Risk Mitigation

Should the likelihood of occurrence be realized, the university has put measures of back-up and recovery. There is also the use of highly encrypted access codes and firewalls to protect against unauthorized access.

Threat 2

 

 

 

 

 

 

Vulnerability

The WIFI network is vulnerable to the individual’s temperament since they are located in open and accessible areas to anyone. This attacker can, therefore, decide to switch off the entire WIFI network coverage or steal the network gadgets hence may affect some students who rely on this to access the internet while doing their researches.

Vulnerability Impact Level: Critical.

Vulnerability Impact Explanation

Stealing or switching of the WIFI network will affect both students and staff from undertaking their various transactions over the internet and hence crippling the day-to-day operations of the university ranging from access to Moodle and class resource materials and other important researches.

Likelihood Level: High

Likelihood Explanation

The likelihood of this vulnerability to occur is high because of the ease of access to the WIFI network installations. It is also difficult to locate and is expensive to purchase the networking gadgets should the case be theft.

Risk Level: high

Risk Mitigation

The best and possible way to prevent theft and temperament from occurring is that the WIFI network gadgets should be located at points that security personal can monitor, and any operations on them are visible.

Threat 3

 

 

 

 

 

Vulnerability

Student personal information in the database is vulnerable to SQL injection that may cause the database to reveal or send out files of student records that may be used by brokers on the network to sell personal student records, including financial records.

Vulnerability Impact Level: Critical

Vulnerability Impact Explanation

Should an SQL injection occur, a lot of student records will be lost and tampered with. Also, it may affect the university reputation. It may lead to likely and indefinite closure that necessitates investigating agencies to step in and assist in tracking down the perpetrators and recover the files before they are used for malicious purposes.

Write your explanation here

Likelihood Level: High

Likelihood Explanation

Every institution is always a target for potential attackers. Therefore, should an institution has weak defensive mechanisms, this attacker is very likely to occur.

Risk Level: High

Risk Mitigation

With best mechanisms in place, SQL injection attackers can easily be detected and possibly blocked within an application traffic flow within a network.

The defense mechanisms that the institution should implement to fight off potential attacks is by way of validation on all data supplied by the users by best approaches of blacklisting and whitelisting. The institution should also construct an SQL statement that cannot be influenced by using data on the logic statements.

 

 

 

 

 

  • Ransomware

What is ransomware?

Ransomware is a form of malicious software developed to block access to personal computer systems and files until some stated amounts of money are paid out for the lock to be removed.

Examples of Ransomware

WannaCry Ransomware attack on UK’s National Health Services in 2017. Several operations of the organization were crippled due to this attack. NHS staff were reduced to writing using pen and paper and also use of their mobile phones due to attacks even on the organization’s telephones.

Eurofins Scientific, UK’s leading forensic investigations and services providers, was attacked and infected by Ryuk ransomware. This attack leads to total disruptions on the Company’s IT systems that lead to a backlog of more than 20,000 samples of blood and DNA data.

Role of Cryptography

Cryptography is mainly used in achieving the goals of information security which are;

Confidentiality: Cryptography is used in the protection of confidentiality of secrets. Whenever stored data or data on transit is manipulated, the encrypted information will lack meaning to unauthorized individuals without decryption keys.

Integrity: Cryptography is used to ensure accuracy in the integrity of information through hashed algorithms and message digests.

Authentication: Cryptography is used for authentication and non-repudiation by using digital signatures and digital certificates or using Public Key Infrastructure.

 

 

Recommendations

Do not click unverified links

Individuals using the university IT technologies should not click any links within the spam mails or avoid a visit to unfamiliar websites. Any automatic downloads from possible malicious links can lead to a computer infection.

Never open unverified email attachments.

Any email attachments from unverified senders should not be opened. Confirm the sender and the correctness of the email. Validate the authenticity of the mail attachment before opening or also contact the sender and double-check on them.

Never give out personal information.

Should you get a call email alert or text message requesting your credentials, do not give them out.

  • Encryption and Signing

Screenshot

Include just one screenshot showing the verification command and result and the message using a cat.

Reflection – Challenges in the Task

The challenging part is to get the recipient’s public to use for encryption, which was difficultly necessitated by the distance apart.

Reflection – Potential Weaknesses

Encryption keys are generated mathematically, and this possesses a challenge of how complex they are to implement, which is confusing to the users. Therefore, University staff and employees tend to disable these measures and may also share the decryption keys insecurely hence making this system invalid.

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask