Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: daixieit

INTE2625 Introduction to Cyber Security

Assessment 2: Industry-focused security report and network traffic analysis

Due date: Sunday of 11^th June 2023 23:59 (Melbourne time)

Weighting: 40%

Word limit: Report: 10 pages (+/-10%); Network traffic analysis: 5 pages (+/-10%)

Assessment type: Report / Reflection

Group or individual assessment: Individual

Overview

During this course, you’ve learned about the architectures of firewalls and have experimented with iptables firewalls using Kali Linux. In this assessment, you’ll utilise the tools in Kali Linux VM to work through a set of tasks using packet filtering firewalls with iptables. You’ll follow the detailed instructions and document your work in a report. After completing the report, you’ll write a short reflection about current issues in cyber security.

Purpose

Incidents of cybercrime are growing exponentially every year. In 2021, the Australian Cyber Security Centre received 67,500 cybercrime reports, up almost 13% from the previous year. To coup with the high volume of cyber-attacks, industry has developed a mechanism which is called deep defence, which uses multiple layers of the defence to safeguard cyber assets. Firewalls are one of the important defence layer. Firewalls are tools that can be used to regulate access to organisations’ critical cyber assets. When working as a cyber security professional, you need to consider ethical behaviour, especially when having access to sensitive or personal data. In this assessment, you’ll demonstrate your knowledge on firewall configurations.

What do you need to deliver?

· 1 x Report (10 pages with screenshots)

· 1 x Network traffic analysis (5 pages)

Tools

· Kali Linux

· Lab manual

Course learning outcomes

This assessment is linked to the following course learning outcomes:

CLO 3	Identify and evaluate attack prevention and protection methods to safeguard networks, enterprise systems and Cloud applications.
CLO 4	Describe the design of secure systems for large enterprise applications.

Marking criteria

This assessment will measure your ability to:

Part 1: Report (30 points)

· Respond to prompts and complete tasks accurately (12 points)

· Describe details of task execution clearly (10 points)

· Explain key issues in the use of packet filtering firewalls (8 points)

Part 2: Reflection (10 points)

· Demonstrate an understanding of network traffic analysis for cyber security assurance (5 points)

· Communicate ideas clearly and reference appropriately (5 points)

Assessment details

To complete this assessment, you’ll need to use Kali Linux (refer to Week 1 for more information if required). Each step in Part 1 must be included in your report, along with screenshots documenting your work and the results.

Part 1: Report

Securing a system using a packet filtering firewall

In this part, you’ll configure and test the packet filtering firewall iptables. You should test that the following services are installed on your machines: SSH and HTTP servers. Start the services and ensure that they are available for you to complete the tasks with iptables.

1. Configure your firewall to do the following:

a. Reject all SSH packets.

b. Allow SSH remote connections.

c. Deny ping.

d. Reject all traffic coming to port 80.

e. Block incoming traffic connection to the IP address of your virtual machine.

f. Allow traffic coming to port 80 (inbound) but reject traffic going out (outbound) through port 80.

2. Record all firewall rules and results in the report.

3. Describe in detail how you tested all configurations with real practical tests and/or with your gathered information in the report.

4. Discuss the advantages and disadvantages of firewalls with iptables and make suggestions to overcome the disadvantages in your report.

5. Discuss the roles and significance of packet filtering, circuit relay and application layer firewalls in building multilayer firewalls. Comment on how the use of multilayer firewalls impacts on the network traffic delivery time.

Part 2: Network traffic analysis

: Packet analysis using Wireshark (5 marks)

You are required to experiment with Wireshark, record your findings with screenshots and explanations and respond all questions in the report. Start Wireshark first and perform the following actions.

1. Start packet capture. Start up a browser and type your favourite website (e.g., www.google.com). After your browser has displayed the web page, stop Wireshark packet capture. Answer the following questions.

a. List 3 different protocols that appear in the protocol column in the unfiltered packet-listing window. (5 marks)

b. How long did it take from when the HTTP GET message was sent until the HTTP OK reply was received? (5 marks)

c. What is the IP address of the website? What is the IP address of your Kali Linux VM? (5 marks)

2. Start packet capture. Open the default shell and use the ping command to test the reachability of a host. For example, you can use the following command to send five probes to Google.

ping -c 5 www.google.com

After ping terminates, stop Wireshark packet capture. Answer the following questions.

a. Examine one of the ping request packets sent by your VM. What are the ICMP type and code numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields? (5 marks)

b. Examine the corresponding ping reply packet. What are the ICMP type and code numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields? (5 marks)

c. Examine the consecutive ICMP packets. Verify the RTT time reported in the command window is the same as the timestamps you observe via Wireshark. (5 marks)

3. Start packet capture. Open the default shell and use the nslookup command to query the DNS (domain name) server to obtain the IP address of a domain name. For example, you can use the following command to obtain the IP address of Google.

nslookup www.google.com

After you receive the result, stop Wireshark packet capture. Answer the following questions.

a. Select one packet. Determine how many fields there are in the UDP header. Name these fields. You can find the UDP packet format in the following link, which is the RFC for UDP (http://www.faqs.org/rfcs/rfc768.html) (5 marks)

b. From the packet content field, determine the length (in bytes) of each of the UDP header fields. (5 marks)

Recommended length and structure

Please use headers to clearly identify Part 1 (Report) and Part 2 (Network traffic analysis). Please structure Assessment 2 as follows:

· Part 1: Report (10) pages with screenshots)

· Part 2: Network traffic analysis (5) pages with screenshots

Required references

You may use your course textbook or other books, journals, websites or news articles accessed within or outside of the course, as you work through your tasks.

Referencing guidelines

Use Harvard referencing style for this assessment. If you are using secondary sources, include these as a reference list in your report.

You must acknowledge all the sources of information you have used in your assessments.

Refer to the RMIT Easy Cite referencing tool to see examples and tips on how to reference in the appropriate style. You can also refer to the Library referencing page for other tools such as EndNote, referencing tutorials and referencing guides for printing.

Submission instructions

The assessment will be submitted in Canvas as an MS Word upload.

Academic integrity and plagiarism information

Academic integrity is about the honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge, and ideas.

You should take extreme care that you have:

· acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e., directly copied), summarised, paraphrased, discussed, or mentioned in your assessment through the appropriate referencing methods

· provided a reference list and /or bibliography of the publication details so your reader can locate the source if necessary. This includes material used from Internet sites.

If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off the work and ideas of another person without appropriate referencing, as if they were your own.

RMIT University treats plagiarism as a very serious offence constituting misconduct.

Plagiarism covers a variety of inappropriate behaviours, including:

· failure to properly document a source

· copyright material from the internet or databases

· collusion between students.

For further information on our policies and procedures, please refer to the University website.

Assessment declaration

When you submit work electronically, you agree to the assessment declaration.

Part 1 (30 points)

Below is the rubric for Part 1 of this assessment showing the grading criteria and describing the levels of achievement for each of these criteria.

Criterion 1 Respond to prompts and complete tasks accurately.					Total pts: 12
HD 12 to > 9.60 pts All tasks are fully completed. High technical skill level is demonstrated across all three areas. Task outcomes are highly accurate and precise.	D 9.59 to > 8.40 pts All tasks are completed. Good technical skill level is demonstrated across all three areas. Task outcomes are mostly accurate.	C 8.39 to > 7.20 pts Most tasks are completed. Generally good technical skill level is demonstrated across all three areas, though some areas might be less successful. Task outcomes are generally accurate.	P 7.19 to > 6.00 pts All tasks are attempted, though some may be incomplete. Some technical skill level is demonstrated across two or more areas, though some areas might be less successful. At least 60% of task outcomes are accurate.	N 5.99 to > 0 pts At least 70% of the tasks are attempted. Technical skill level is demonstrated in at least one area. At least 50% of task outcomes are accurate.	DNS 0 pts The majority of tasks are not complete or attempted. Little technical skill level is shown. Task outcomes are generally inaccurate.

Criterion 2 Describe details of task execution clearly.					Total pts: 10
HD 10 to > 8.00 pts Details of task execution are described clearly, concisely and comprehensively. Report is clearly organised and easy to follow. Use of headers and screenshots is highly relevant and supports understanding.	D 7.99 to > 7.00 pts Details of task execution are described clearly and concisely. Report is clearly organised. Use of headers and screenshots is appropriate and supports understanding.	C 6.99 to > 6.00 pts Details of task execution are described clearly. Report is generally logically organised. Use of headers and screenshots is generally appropriate and supports understanding.	P 5.99 to > 5.00 pts Task execution is described, though some minor details may be lacking. Report is logically organised, though may be unclear in some areas. Some use of headers and screenshots is present, though this could be used more consistently or logically.	N 4.99 to > 0 pts Task execution is described though some key details may be lacking. May be unclear or difficult to follow. Ineffective use of headers and screenshots at times.	DNS 0 pts Ineffective or no description of task execution is given.

Criterion 3 Explain key issues in the use of packet filtering firewalls.					Total pts: 8
HD 8.00 to > 6.40 pts Discussion of key issues of packet filtering firewalls is clear, concise and comprehensive. Answers demonstrate insight.	D 6.39 to > 5.60 pts Discussion of key issues of packet filtering firewalls is clear and concise. Answers demonstrate good understanding.	C 5.59 to > 4.80 pts Discussion of key issues of packet filtering firewalls is clear. Answers demonstrate an understanding.	P 4.79 to > 4.00 pts Discussion of key issues of packet filtering firewalls is present though some details may be lacking. Answers demonstrate some understanding.	N 3.99 to > 0 pts Presents some key issues of packet filtering firewalls though information is not always clear or relevant. Answers demonstrate some basic understanding.	DNS 0 pts Discussion of key issues of packet filtering firewalls is missing or not accurate or relevant.

Part 2 (10 points)

Below is the rubric for Part 2 of this assessment showing the grading criteria and describing the levels of achievement for each of these criteria.

Criterion 1 Demonstrate an understanding of ethics as it relates to cyber security.					Total pts: 5
HD 5.00 to > 4.00 pts Demonstrates a clear, understanding of current issues in cyber security. Answers are highly relevant and demonstrate insight.	D 3.99 to > 3.50 pts Demonstrates a clear, understanding of current issues in cyber security. Answers are relevant.	C 4.49 to > 3.00 pts Demonstrates an understanding of current issues in cyber security. Answers are generally relevant.	P 2.99 to > 2.50 pts Demonstrates some understanding of current issues in cyber security though some points may be missing. Answers are somewhat relevant.	N 2.49 to > 0 pts Demonstrates some basic understanding of current issues in cyber security though some key points may be missing. Answers are not that relevant.	DNS 0 pts The answer demonstrates little or no understanding of current issues in cyber security.

Criterion 2 Communicate ideas clearly and reference appropriately.					Total pts: 5
HD 5.00 to > 4.00 pts Consistently communicates meaning effectively through clear, unambiguous language and appropriate tone. Consistently uses appropriate, accurately positioned references; all in-text citations, references and formatting are fully to Harvard style.	D 3.99 to > 3.50 pts Communicates meaning effectively through mostly clear, accurate language and appropriate tone. Uses mostly appropriate, accurately positioned and formatted references; in-text citations, references and formatting are to Harvard style.	C 3.49 to > 3.00 pts Generally communicates clearly, though some instances of incorrect language use or tone may be evident. However, they do not obstruct meaning. Uses generally appropriate references, accurately positioned; most in-text citations, referencing and formatting are to Harvard style	P 2.99 to > 2.50 pts Generally communicates clearly, though some instances of incorrect language use may obstruct meaning at times; tone may be inappropriate. References are generally accurately formatted to Harvard style, though minor omissions may be present.	N 2.49 to > 0 pts Communicates, though instances of incorrect language use obstruct meaning; tone may be largely inappropriate. References are positioned incorrectly or used inappropriately; major omissions in in-text citations and references are not in Harvard style.	DNS 0 pts Language fails to communicate any real meaning. Failure to provide evidence of research or referencing.