Questions

You have been asked to carry out a technical investigation of the attack. One approach would be first to analyse A-01-packet_capture_Dev.pcap for any evidence relating to the incident and to develop a set of key questions to guide the subsequent examination, then to analyse A-02-packet_capture_DMZ.pcap to supplement the results and to resolve the questions developed during the initial analysis. However, you are free to choose any other approach that you see fit.

(i) [Total: 35 Marks] Please answer the following questions by providing technical analysis intended for experts. Your answer for each question MUST be supported by evidence.:

(a) [10 Marks] From which host did the attack originate?

(b) [7 Marks] Does the pattern of access suggest scanning or denial of service?

(c) [7 Marks] Which parts of the network traffic are related to the attack?

(d) [5 Marks] What did the attacker discover about the system?

(e) [3 Marks] How did the attacker enter the system?

(f) [3 Marks] What is the algorithm used by the attacker? Is it published in the literature?

You have also been asked to prepare a short management summary.

(ii) [5 Marks] Provide a short management summary accessible to non-experts which describes the nature of the attack and how it was carried out. Your summary must be supported by citing evidence identified in part (i).

Page Limit

You can use up to 7 sides of A4 in total for this question, of which your answer to part (ii) must be no more than 1 side of A4. These limits do include any visual aids, e.g. tables, figures.

Specific Guidance

Your answers in part (i) may be in the form of expanded notes, provided your documentation is  sufficiently detailed for another analyst to understand and repeat your work, and provided it can be readily cross-referenced in support of part (ii).

Questions of interest to management, including ‘who, what, when, and how’, need to be covered in part (ii).

You do not need to analyse network behaviours or features that are not associated with the attack.

Good marks will be given to succinct and properly supported analytic conclusions; assertions without clear justification will not be regarded as adequate. In other words, you must find specific evidence to support your theory about the incident.

The quality and clarity of communication, citation (e.g. cross-referencing identified evidence, reference to external material if required), and content will betaken into account in the marking of part (ii).

Question 2: (30 Marks)

Background

The Government of Freedonia wishes to implement a national eID system which can be used to allow citizens to access government services and, eventually, financial and commercial services too. The primary requirement is for the system to allow citizens to prove their identity to authorised agencies. Since the country offers eResidency to digital nomads (i.e., people in largely service-based industries who can provide their services remotely and thus work anywhere there is an Internet connection), the system must be capable of operating remotely, which means that users must not need to visit a particular location in order to use it, but it should be possible to use wherever it is needed (e.g., at home, in a hotel room, at the premises of any authorised organisation). A secondary requirement is for the system to be capable of digitally signing. As an expert in identification and identity authentication mechanisms, you have been engaged to propose an initial design for a suitable system

Freedonia has embassies or consulates in all countries whose citizens are eligible to apply for eResidency.

Question

(a) [10 Marks] Propose a mechanism which can be used by citizens and eResidents enrolled in the system to prove their identity on demand, satisfying the primary and secondary requirements stated above.

(b) [10 Marks] Give details of the credential management lifecycle of the credentials used in your proposal for part (a).

(c) [Total: 10 Marks] The government is aware that, no matter how stringent their checks are, an eID system could be open to abuse by individuals and by companies which are permitted to use it. Suggest how your proposal could be strengthened to allow the following in a trustworthy manner which is as automated as possible

(i) [6 Marks] Detection and removal or restriction of bad actors or abusers in the system, whether individuals or organisation, and

(ii) [4 Marks] Restoration and/or elevation of rights and privileges to users of the system.

Page Limit

Maximum length for each part (a,b, and c): 1 side of A4, including diagrams, figures and tables.

Assumptions

From this article we can identify a number of banking roles as follows. You may assume that each will be supported by a software application and related data.

a.  Dealer (i.e. selling and buying)

b.  Accountant (‘settling trades’ - actually moving the money, verifying trading partners, recording transactions in the bank ledgers)

c.  Compliance Officer (reviewing the risk associated with ‘error’ trades)

d.  Reporter (reporting to management)

You may ignore other roles, such as system management.

Questions

You are tasked with designing a networked system for a business with the roles listed above. You are required to answer the following questions, and provide a clear explanation that justifies your answers:

(i) [12 Marks] Provide an analysis of the business system described in the above report. You MUST include a system diagram of your designed network that clearly shows different

roles, assets, and their interaction in the system with explanation.

(ii) [12 Marks] Apply a structured security design process to the above analysis to describe the primary security features and functions of your resulting network design including the function of each subnet and justification for the controls that you propose.

(iii) [6 Marks] Evaluate how your design would have successfully prevented the problems described in the above report.

Page Limit

You can use up to 3 sides of A4 in total for this question. Unlike in Q1, this limit does not include any visual aids, e.g. tables, figures.

Specific Guidance

You must use a structured process with clear objectives to each step; for example, you may adopt the process for secure network design discussed in lectures.