Write My Paper Button

LAB Scenarios MidTown IT employs you as a Cyber Security Analyst/Consultant. Your task is to test cyber security vulnerabilities and propose adequate mitigation strategies for two different scenarios.

by

Assessment 3: Cyber security vulnerabilities testing procedures and mitigation strategies portfolio written assessment

Assessment Task Instructions for Students

You are required to complete the week 6 – 14 labs of this unit before you attempt Assessment 3.  MidTown IT employs you as a Cyber Security Analyst/Consultant. Your task is to test cyber security vulnerabilities and propose adequate mitigation strategies for the given scenario.

  • Scenario 1 LAB Virtualised testing environment
  • Scenario 2 Use Ethical Hacking to conduct a passive reconnaissance

This assessment portfolio is divided into Three (3) parts:

  • PART 1 LAB: Scenario 1 Cyber security common threats and mitigation strategies
    • Activity 1: Performing denial of service attacks
    • Activity 2: Performing Man in the Middle attacks
    • Activity 3: Attacking Metasploitable-2
  • PART 2 Scenario 2: Demonstrating ethical hacking principles and procedures
    • Activity 4: Ethical hacking information gathering stage
    • Activity 5: Demonstrating ethical hacking
  • PART 3 Scripting for cyber security environments using Python

 

Assessment range and conditions:

  • You will need to have access to
    • MidTown IT Scenario
    • Assessment file: VU23215_LAB_Scenario2.zip
  • You are allowed to ask the assessor to rephrase a question however they will not give you the answers
  • This is an open book assessment
  • No mobile phone usage during the assessment
  • No eating is permitted in the labs
  • This assessment will be undertaken in a CIT computer lab during class time
  • You will work in groups to complete this assessment, your teacher will assist in assigning groups of 2 to 4 students
  • To be assessed as Satisfactory in this assessment task, all questions must be answered correctly.

Materials provided:

  • Computer Access
  • Access to eLearn and learning resources
  • Internet
  • MS Word
  • Printer or e-printer
  • You will need to have access to
    • MidTown IT Scenario
    • Assessment 3 files: zip

 Materials you may need:

  • Assessment documentation
  • BYOD
  • Internet

Information for students: You may have two (2) attempts for this assessment.

  • If your first attempt is not successful, your teacher will discuss your results with you and will arrange a second attempt.
  • If your second attempt is not successful, you will be required to re-enrol in this unit.

Only one re-assessment attempt will be granted for each assessment item.

LAB Scenarios

MidTown IT employs you as a Cyber Security Analyst/Consultant. Your task is to test cyber security vulnerabilities and propose adequate mitigation strategies for two different scenarios.

LAB Virtualised testing environment

In this scenario, you will configure three VMs: Kali Linux, Metasploitable-2, and Ubuntu 14.04 Desktop and run a number of monitoring tools and attacks to identify vulnerabilities and propose mitigation strategies.

The monitoring/sniffing/analysing tools include:

  • nmap and amap – vulnerability checking, port scanning and network mapping.
  • Wireshark – analyse HTTP conversation, network traffic, DoS attacks
  • arpspoof and dsniff – defence tools, test with Man in the Middle attack
  • Metasploitable-2 – used to test Samba Command Execution attack

Use Ethical Hacking to conduct a passive reconnaissance

In this scenario, you need to select a dummy website and carry out reconnaissance.

Your task is to gather as much information about the selected dummy website network as you can using, for example, kali tools, and other possible sources. Your task include:

  • Search for CVEs
  • Identify WLAN hardware/software vulnerabilities
  • Identify zero-day attacks on DNS servers
  • Determine heuristics-based string analysis toolsets

Assessment Tasks

Cybersecurity common threats and mitigation strategies

Configure the Lab Environment (Use Assessment 2 environment) Perform the activities in the first set of lab notes in Assessment 2 to configure the lab environment and configure the network settings for three of the five virtual machines (VMs) in the lab environment. The three VMs that you must configure are Kali Linux, Metasploitable and Ubuntu 14.04 Desktop.

They should be configured to have the logical network connectivity as shown in this diagram:

Activity 1: Performing denial of service attacks

1 Perform the activities in the fifth set of lab notes for this unit to use the Wireshark tool to capture and analyse Telnet conversations and denial of service attacks.

  1. Paste a screenshot of the Telnet Application Layer conversation between Kali Linux and your Windows 7 system.
  2. Answer these two questions. What sensitive information has been sent by the Telnet client to the server in plain text (i.e. not encrypted)? Explain why this is a security risk if a third party was able to sniff the network traffic.
  3. After you have captured the SSH conversation on your Kali Linux system with Wireshark, answer these questions below. Can you see the username being sent by the SSH client to the SSH server in the clear? Can you see the user’s password being sent by the SSH client to the SSH server in the clear? Explain how this makes the SSH protocol a lower security risk than the Telnet protocol.
  4. Paste a screenshot showing the open TCP ports on your Windows 7 system, with your name in the screenshot.
  5. Paste a screenshot of the output of the “dos.py” denial of service script as it attacks your Windows 7 system, with your name in the screenshot.
  6. Paste a screenshot of the ten TCP SYN packets that were sent in the DoS attack, with the details of the TCP fields shown.
  7. Answer these questions. What are the values for the Sequence number, the Windows size, and the TCP segment length in the packet in the above screenshot?
  8. After you have run the “ettercap” denial of service attack against your Windows 7 system, paste a screenshot of some of the attack packets which are SYN packets sent from the fake IP address.
  9. Describe at least three ways you could mitigate TCP SYN denial of service attacks against a system. Write at least one paragraph for each mitigation technique.
  10. Write the meaning of the terms “RFC documents” and “BCP documents”.
  11. Identify one RFC document and one BCP document that deals with DoS mitigation.

Activity 2: Performing Man in the Middle attacks.

2 Perform the activities in the sixth set of lab notes for this unit to use the arpspoof and dsniff tools to perform a man in the middle attack.

  1. Answer the following question in your own words. Explain how arpspoof convinces a client and server that they are still communicating directly with each other when they are not. In your answer, identify which layer of the OSI model is in action here.
  2. Once you have arpspoof targeting both your Ubuntu 14.04 and Windows 7 systems, paste a screenshot that shows a successful ping from Ubuntu 14.04 to Windows 7, a successful ping from Ubuntu 14.04 to Kali Linux, and the ARP table on Ubuntu 14.04.
  3. Explain how the information in the above ARP table indicates that an ARP spoofing attack is in progress.
  4. Paste a screenshot that shows a successful ping from Windows 7 to Ubuntu 14.04, a successful ping from Windows 7 to Kali Linux, and the ARP table on Windows 7.
  5. Once you have captured HTTP packets on the man-in-the-middle system, paste a screenshot of some of these HTTP packets involved in the conversation between Ubuntu 14.04 and Windows 7 to confirm that Kali Linux is the man-in-the-middle of the conversation. The screenshot must show HTTP packets with the IP addresses of both Ubuntu 14.04 and Windows 7 systems.
  6. In your own words, explain what dsniff can do, and which Application Layer protocols it understands.
  7. Paste a screenshot of the output from the dsniff command where it has captured sensitive information via a man in the middle attack and write an explanation of what you see in this output.
  8. Explain how DDOS attack differs from DOS attacks.

Activity 3: Attacking Metasploitable-2

3 Perform the activities in the seventh set of lab notes for this unit to carry out a Samba Command Execution attack on the Metasploitable-2 system.

  1. Provide a screenshot of the output from the nmap command that you have run on your Metasploitable-2 system. Please ensure you have your name and student number on the image.
  2. Provide a screenshot of the options that are necessary for the usermap_script exploit.
  3. Provide a screenshot of the shell acquired from exploiting the samba vulnerability on the Metasploitable-2 system.

Demonstrating ethical hacking principles and procedures

In this section of the portfolio, you need to demonstrate ethical hacking by detecting security vulnerabilities that a hacker could use to gain unauthorised access. You will also identify a number of mitigation strategies for the organisation.

Activity 4 Ethical hacking information gathering stage.

4.1 Using resources on the web or in journals, find all Trojans, viruses and worms that have been spreading in the last 90 days. 

4.2 Explain at least three (3) legal implications of illegal hacking and their consequences. Please refer to Australian Cyber Crime legislation to answer this question.

4.3 Describe at least two (2) system hacking methodologies that can be used in ethical hacking activity in Activity 2 (Man in the Middle attack).

4.4 Describe, in detail, the fundamentals of penetration testing.

4.5 Explain the process involved in footprinting an organisation’s computer system.

4.6 Describe at least two (2) enumeration methodologies that can be used to acquire usernames.

Demonstrating ethical hacking

5.1 Consider DVWA website hosted at msf machine, access it from the browser in Kali VM. Make sure both Kali and msf should be on internal network. After establishing above answer the following: 

  1. Describe the ethical hacking process and procedures you have used.
  2. Outline and demonstrate at least two (2) base-level troubleshooting procedures.
  3. Outline and demonstrate the enumeration techniques that you used to acquire usernames.
  4. Outline the footprinting information that you have collected from the organisation.
  5. Identify the tools that have been used to port scan the network.
  6. Identify the sniffing tools used and outline the purpose.
  7. Explain what CVEs are and how can be used in this activity.

5.2 Research WLAN vulnerabilities and explain how any organisation or home can be resistant against WLAN risks. Also explain how leaving the WPS ON on a wireless router could be exploited.

5.3 Research “zero-day attacks and DNS servers” using cyber security news and explain some of the potential vulnerabilities and mitigation plans. Also describe that how any organization can enhance its current policies to minimize the “application layer vulnerabilities” and list at least three policy statements that you would include.

5.4 Using the knowledge acquired from this course and other resources, develop a strategy specifically for securing any organisation’s web server. This strategy should include the security of the server itself as endpoint as well as securing the network of the webserver.

5.5 Research and explain what heuristics-based string analysis is and identify the toolsets that could be used for this. Also explain that what relevant threats can be addressed using heuristics-based string analysis

5.6 For DVWA website identify at least three (3) security vulnerabilities. For each vulnerability, outline adequate mitigation strategies. 

Scripting for cyber security environments using Python

  • The following Python script pings each host on a given network twice, modify the script to output only those hosts that are active. Please include a screenshot after the execution of the modified python script.
  • Write a program to conduct a passive attack on the network associated with the local organization that you have carried out reconnaissance in 5.1. The passive attack should reveal the open ports on the various host servers in the organization’s network. Please include a screenshot after the execution of the modified python script.
  • Write another program to retrieve information from one of the open ports that you have identified above. Use appropriate protocols associated with the port to access it. Please include a screenshot after the execution of the modified python script.
  • Identify three (3) Python’s third-party libraries for ethical hacking. For each library, provide a description and describe its best security features and suitability.

 

Cyber security common threats and mitigation strategies

Configure the Lab Environment

Activity 1: Performing denial of service attacks

Performed the activities in the fifth set of lab notes for this unit to use the Wireshark tool to capture and analyse Telnet conversations and denial of service attacks.

1 Pasted a screenshot of the Telnet Application Layer conversation between Kali Linux and your Windows 7 system.

  • a) Questions answered. What sensitive information has been sent by the Telnet client to the server in plain text (i.e. not encrypted)? Explain why this is a security risk if a third party was able to sniff the network traffic.
  • b) Questions answered after you have captured the SSH conversation on your Kali Linux system with Wireshark. Can you see the username being sent by the SSH client to the SSH server in the clear? Can you see the user’s password being sent by the SSH client to the SSH server in the clear? Explain how this makes the SSH protocol a lower security risk than the Telnet protocol.
  • c) Pasted a screenshot showing the open TCP ports on your Windows 7 system, with your name in the screenshot.
  • d) Paste a screenshot of the output of the “dos.py” denial of service script as it attacks your Windows 7 system, with your name in the screenshot.
  • e) Pasted a screenshot of the ten TCP SYN packets that were sent in the DoS attack, with the details of the TCP fields shown.
  • f) Questions answered. What are the values for the Sequence number, the Windows size, and the TCP segment length in the packet in the above screenshot?
  • g) Pasted a screenshot of some of the attack packets which are SYN packets sent from the fake IP address – After running “ettercap” denial of service attack against your Windows 7 system,
  • h) Described at least three ways you could mitigate TCP SYN denial of service attacks against a system. Write at least one paragraph for each mitigation technique.
  • i) Written the meaning of the terms “RFC documents” and “BCP documents”.
  • j) Identified one RFC document and one BCP document that deals with DoS mitigation.

Activity 2: Performing Man in the Middle attacks

  • a) Perform the activities in the sixth set of lab notes for this unit to use the arpspoof and dsniff tools to perform a man in the middle attack.
  • b) Questions answered. Explain how arpspoof convinces a client and server that they are still communicating directly with each other when they are not. In your answer, identify which layer of the OSI model is in action here.
  • c) Pasted a screenshot that shows a successful ping from Ubuntu 14.04 to Windows 7, a successful ping from Ubuntu 14.04 to Kali Linux, and the ARP table on Ubuntu 14.04. After arpspoof targeting both your Ubuntu 14.04 and Windows 7 have been completed.
  • d) Explained how the information in the above ARP table indicates that an ARP spoofing attack is in progress.
  • e) Pasted a screenshot that shows a successful ping from Windows 7 to Ubuntu 14.04, a successful ping from Windows 7 to Kali Linux, and the ARP table on Windows 7.
  • f) Pasted a screenshot of some of these HTTP packets involved in the conversation between Ubuntu 14.04 and Windows 7 to confirm that Kali Linux is the man-in-the-middle of the conversation. The screenshot must show HTTP packets with the IP addresses of both Ubuntu 14.04 and Windows 7 systems.
  • g) Explained what dsniff can do, and which Application Layer protocols it understands.
  • h) Paste a screenshot of the output from the dsniff command where it has captured sensitive information via a man in the middle attack and write an explanation of what you see in this output.
  • i) Explained how DDOS attack differs from DOS attacks.

Activity 3: Attacking Metasploitable-2

Performed the activities in the seventh set of lab notes for this unit to carry out a Samba Command Execution attack on the Metasploitable-2 system.

  • a) Provided a screenshot of the output from the nmap command that you have run on your Metasploitable-2 system. Name and student number included on the image provided
  • b) Provided a screenshot of the options that are necessary for the usermap_script exploit.
  • c) Provided a screenshot of the shell acquired from exploiting the samba vulnerability on the Metasploitable-2 system.

Demonstrating ethical hacking principles and procedures

Activity 4 Ethical hacking information gathering stage

  • 4.1 Using resources on the web or in journals, find all Trojans, viruses and worms that have been spreading in the last 90 days. You may find that https://www.akamai.com/security-research and Microsoft’s security intelligence service at https://www.microsoft.com/en-us/wdsi/threats are helpful in this section.
  • 4.2 Explained at least three (3) legal implications of illegal hacking and their consequences. Please refer to Australian Cyber Crime legislation to answer this question.
  • 4.3 Described at least two (2) system hacking methodologies that can be used in ethical hacking activity in Task 2.
  • 4.4 Described, in detail, the fundamentals of penetration testing.
  • 4.5 Explained the process involved in footprinting an organisation’s computer system.
  • 4.6 Described at least two (2) enumeration methodologies that can be used to acquire usernames.

Activity 5 Demonstrating ethical hacking

5.1 Passive reconnaissance conducted on selected organisation. It includes searching common vulnerabilities and exposures (CVEs), job boards, the organisation’s own website, user groups/bulletin social networking sites, and so on. Provide screenshots of the process.

  • a) Described the ethical hacking process and procedures you have used
  • b) Outlined and demonstrated at least two (2) base-level troubleshooting procedures
  • c) Outlined and demonstrated the enumeration techniques that you used to acquire usernames
  • d) Outlined the footprinting information that you have collected from the organisation
  • e) Identified the tools that have been used to port scan the network
  • f) Identified the sniffing tools used and outline the purpose
  • g) Explained what CVEs are and how can be used in this activity.

5.2 Provided a summary of WLAN hardware/software vulnerabilities and explain how the organisation has addressed those issues. Explained how leaving the WPS ON on a wireless router could be exploited.

5.3 Listed some zero-day attacks on DNS servers and the potential vulnerabilities and mitigation plans explained. Described how you would enhance the current policies to minimize the identified application layer vulnerabilities.

5.4 Using the knowledge acquired from this course and other resources, a strategy specifically for securing the organisation’s web server has been developed and includes the security of the server itself as well as securing the network from the server.

5.5 Explained what heuristics-based string analysis is and identify the toolsets that could be used in this scenario to determine the susceptibility towards particular threats.

5.6 With the information gathered from the passive hacking reconnaissance, at least three (3) security vulnerabilities have been identified. For each vulnerability, adequate mitigation strategies have been outlined.

PART 3 Scripting for cyber security environments using Python

6.1 Python script that pings each host on a given network twice, modified to output only those hosts that are active.

6.2 Written a program to conduct a passive attack on the network associated with the local organization that you have carried out reconnaissance in 5.1. The passive attack should reveal the open ports on the various host servers in the organization’s network.

6.3 Written another program to retrieve information from one of the open ports that you have identified above. Used appropriate protocols associated with the port to access it.

6.4 Identified three (3) Python’s third-party libraries for ethical hacking. For each library, a description and its best security features and suitability provided.

WeCreativez WhatsApp Support
Our customer support team is here to answer your questions. Ask us anything!
👋 Hi, how can I help?
Hi, how can I help?