COM00188M Network Coursework
Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: daixieit
COM00188M
Question 1: Network Analysis (40 Marks)
Background
The system shown in Figure 1 belongs to a company known as DevCo. It provides a public Internet-facing website hosted in the machine ‘Web Server’. The website content is developed and managed on the ‘Website Development & Management Machine’. The purpose of the website is to advertise a small software development business, which is carried out in-house on the software ‘Development’ machine. The other computers in this system (W7 and the wireless notebooks) are used for office functions. The file server and printer provide shared services across the system, and the wireless network is WEP encrypted.
Figure 1: Diagram of the system in Question 1
The switch which hosts the Web Server and the associated management machine is provided with a spanning port which outputs all switch traffic to a dedicated packet monitor.
Maintaining the integrity and confidentiality of business data within the Development machine is critical to the business. Temporary non-availability of the webserver is not regarded as a problem, but corruption of the website may harm the reputation of the company whose business is software-related.
At approximately 15:45 on 20 November, the user of the Development machine (192.168.0.27) was alerted by the host firewall by a generic alert which might suggest an abnormally high packet rate.
A packet capture at the network interface of the Development machine was saved in the file:
A-01-packet_capture_Dev.pcap
Another packet trace from the DMZ monitor was also secured, and was saved in the file:
A-02-packet_capture_DMZ.pcap
Both files can be downloaded from the module VLE.
Questions
You have been asked to carry out a technical investigation of the attack. One approach would be first to analyse A-01-packet_capture_Dev.pcap for any evidence relating to the incident and to develop a set of key questions to guide the subsequent examination, then to analyse A-02-packet_capture_DMZ.pcap to supplement the results and to resolve the questions developed during the initial analysis. However, you are free to choose any other approach that you see fit.
(i) [Total: 35 Marks] Please answer the following questions by providing technical analysis intended for experts. Your answer for each question MUST be supported by evidence.:
(a) [10 Marks] From which host did the attack originate?
(b) [7 Marks] Does the pattern of access suggest scanning or denial of service?
(c) [7 Marks] Which parts of the network traffic are related to the attack?
(d) [5 Marks] What did the attacker discover about the system?
(e) [3 Marks] How did the attacker enter the system?
(f) [3 Marks] What is the algorithm used by the attacker? Is it published in the literature?
You have also been asked to prepare a short management summary.
(ii) [5 Marks] Provide a short management summary accessible to non-experts which describes the nature of the attack and how it was carried out. Your summary must be supported by citing evidence identified in part (i).
Page Limit
You can use up to 7 sides of A4 in total for this question, of which your answer to part (ii) must be no more than 1 side of A4. These limits do include any visual aids, e.g. tables, figures.
Specific Guidance
Your answers in part (i) may be in the form of expanded notes, provided your documentation is sufficiently detailed for another analyst to understand and repeat your work, and provided it can be readily cross-referenced in support of part (ii).
Questions of interest to management, including ‘who, what, when, and how’, need to be covered in part (ii).
You do not need to analyse network behaviours or features that are not associated with the attack.
Good marks will be given to succinct and properly supported analytic conclusions; assertions without clear justification will not be regarded as adequate. In other words, you must find specific evidence to support your theory about the incident.
The quality and clarity of communication, citation (e.g. cross-referencing identified evidence, reference to external material if required), and content will betaken into account in the marking of part (ii).
Question 2: (30 Marks)
Background
The Government of Freedonia wishes to implement a national eID system which can be used to allow citizens to access government services and, eventually, financial and commercial services too. The primary requirement is for the system to allow citizens to prove their identity to authorised agencies. Since the country offers eResidency to digital nomads (i.e., people in largely service-based industries who can provide their services remotely and thus work anywhere there is an Internet connection), the system must be capable of operating remotely, which means that users must not need to visit a particular location in order to use it, but it should be possible to use wherever it is needed (e.g., at home, in a hotel room, at the premises of any authorised organisation). A secondary requirement is for the system to be capable of digitally signing. As an expert in identification and identity authentication mechanisms, you have been engaged to propose an initial design for a suitable system
Freedonia has embassies or consulates in all countries whose citizens are eligible to apply for eResidency.
Question
(a) [10 Marks] Propose a mechanism which can be used by citizens and eResidents enrolled in the system to prove their identity on demand, satisfying the primary and secondary requirements stated above.
(b) [10 Marks] Give details of the credential management lifecycle of the credentials used in your proposal for part (a).
(c) [Total: 10 Marks] The government is aware that, no matter how stringent their checks are, an eID system could be open to abuse by individuals and by companies which are permitted to use it. Suggest how your proposal could be strengthened to allow the following in a trustworthy manner which is as automated as possible
(i) [6 Marks] Detection and removal or restriction of bad actors or abusers in the system, whether individuals or organisation, and
(ii) [4 Marks] Restoration and/or elevation of rights and privileges to users of the system.
Page Limit
Maximum length for each part (a,b, and c): 1 side of A4, including diagrams, figures and tables.
Question 3: Network Design and Evaluation (30 Marks)
Background
The following extract is part of the report1 on the reason for the collapse of Barings, an international investment bank.
Assumptions
From this article we can identify a number of banking roles as follows. You may assume that each will be supported by a software application and related data.
a. Dealer (i.e. selling and buying)
b. Accountant (‘settling trades’ - actually moving the money, verifying trading partners, recording transactions in the bank ledgers)
c. Compliance Officer (reviewing the risk associated with ‘error’ trades)
d. Reporter (reporting to management)
You may ignore other roles, such as system management.
Questions
You are tasked with designing a networked system for a business with the roles listed above. You are required to answer the following questions, and provide a clear explanation that justifies your answers:
(i) [12 Marks] Provide an analysis of the business system described in the above report. You MUST include a system diagram of your designed network that clearly shows different
roles, assets, and their interaction in the system with explanation.
(ii) [12 Marks] Apply a structured security design process to the above analysis to describe the primary security features and functions of your resulting network design including the function of each subnet and justification for the controls that you propose.
(iii) [6 Marks] Evaluate how your design would have successfully prevented the problems described in the above report.
Page Limit
You can use up to 3 sides of A4 in total for this question. Unlike in Q1, this limit does not include any visual aids, e.g. tables, figures.
Specific Guidance
You must use a structured process with clear objectives to each step; for example, you may adopt the process for secure network design discussed in lectures.
The emphasis in this question is on explanation and justification, and the extent to which you analyse the problem and communicate that analysis. Answers that are fully justified from the evidence given in the extract above, and what can reasonably deduced or proposed about the system, will earn corresponding marks; answers that provide a brief solution without justification or evidence of analysis will not be well rewarded.
2024-01-10