执行文档中指定的安全漏洞,并设计战略计划以提高远程系统的系统安全性

SIT382 System Security Assignment 2 Trimester 2/2019
Objectives:
– To apply skills and knowledge acquired throughout the semester in exploiting web application security loopholes and the techniques to fix such loopholes.
– To demonstrate the ability to use familiarised platforms, VMs and other attack tools (available in BackTrack or Kali or other open-sourced tools) to test security exploits on web applications and the victim OS.
– To gain experience to understand a given set of specifications (this document)
– To gain experience in documenting every application exploit that was tested.
This is an individual assignment. You are not permitted to work as a part of a group when writing this assignment.
• Due Date: 11:59pm, Tuesday, October 1st, 2019

SIT382 System Security Assignment 2 Trimester 2/2019
Introduction
In this assignment, you are expected to perform security exploits specified in this document and design a strategic plan to improve the system security for a remote system, firstly using the available tools from BackTrack/Kali and GNU/Linux distribution, and a deliberately insecure web application – WebGoat v8(https://github.com/WebGoat/WebGoat). The JDK v11 with Java Virtual Machine (https://www.java.com/en/download/) is required to run WebGoat.Meanwhile, you can download BackTrack and any appropriate (free and open-source) tools (e.g. Wireshark) provided by practical labs or from the tools vendor’s official website to complete this assignment. The only difference is the official websites will provide the latest released version with some new features and revision but maybe not stable. It is your choice to work on which version that is suited for your computer OS and hardware environments. There are no limitations on either Mac, Linux or Windows etc.
NOTE: You are not to use any commercial security-related or hacking products for this assignment.
There are two parts to this assignment:
• Part A will require you finish the “Challenges” in the WebGoat, while it is to
test your understanding of a particular adversary attack and how to counter that
exploit.
• Part B will require the research work on IDS/IPS, Firewall & Honeypot.
In Part A, you are required to answer the questions with justifiable implementations. These implementations need to be documented in detail. The document must have step- by-step details on what you did to solve the question, including any script codes used to answer the requirements. You are also required to provide images (screen dumps) to show the key steps leading to your solution. These images can be taken using print- screen or any other screen capture method. These images must be embedded in the document with appropriate labelling and descriptions.
In Part B, you need to address the given research questions on the IDS, Firewalls and Honeypot.
In addition, the document format shall be neatly organised and have the proper heading and subheading for the marker’s easy marking process. It is suggested to clearly indicate which part and what question you are attempting to complete. It is suggested to clearly indicate the stage your solution is used for.
This overall document will be graded as the main source of your marks. This assignment will be 30% of your final mark. You are required to submit this document via CloudDeakin submission portal (linked with Turnitini) in MS Word format (.doc and .docx). The file must not be password protected.
NOTE: Failure to meet any of these requirements will result in loss of marks. The omission of script codes or images showing the key steps leading to the completion of the given tasks will result in severe loss of marks.
2

SIT382 System Security Assignment 2 Trimester 2/2019
Part A (70%)
You are required to complete the WebGoat Challenge questions. The tasks to be completed is provided in WebGoat. You need to click on the Challenges menu item and solve all challenges within the WebGoat challenge (CTF) as you can see. This part of the assignment requires you to know different application penetration testing techniques to complete successfully.
An important note to remember is that you are attacking the WebGoat web server from a client (web browser). This means that the attacker does not have any write access to the server, thus you will not be able to modify the java source files to complete the Challenge questions. Any modification of the WebGoat source code to complete the Challenge questions will result in loss of marks.
Once you have finalised the challenges, it is time for you to launch a different attack to WebGoat page or other local or networked systems. Two options provided here for you to finalise this section, you can take either one of the options:
Option 1: If you select to attack the WebGoat page, your WebScarab with the tampering process works in your computer, then, this will suffice.
Option 2: Alternatively, in some occasions, if your WebGoat does not work in your computer, you are given the option to attack other web system, however, you need to select and choose ONE (1) of the many tools available in the open-sourced domain, including tools which we have not covered but you may find useful, for example, Nmap (http://sectools.org/tag/port-scanners/ ). Once chosen, a detailed description should be attached, including the reason for selecting this tool, the applied scenario, and supporting theory in behind. You will also provide a complete run through the activity by providing screenshots of how the attack was launched and also an evaluation of the data collected from the victim machine, such as the traffic packet data from the Wireshark.
In Part A, you are required to include the following two sections:
Section 1: For the WebGoat challenges –
• Description of the scenarios in each stage, including the comparison and
analysis against real-world cases.
• Theoretical description of the possible methods on launching attacks. You may
list the possible methods that you may use to test the problems posed by the
question of each stage?
• A brief explanation of the method used (a couple of paragraphs) followed by
details on how you used that method to test the problem. What are the results of those methods that you actually tested the problems posed by the question of each stage? (Analyse either successful or unsuccessful methods).
• Any script codes and images (screen captures) showing the successful completion of the tasks in this part of the assignment.
Section 2: Launch a different attack (other than the attacks in Section 1) for the remote system –
3

SIT382 System Security Assignment 2 Trimester 2/2019
• A theoretical description of the attack. For example, a spear phishing attack, you will provide around 300-500 words describing the attack in detail.
• A complete, beginning to end, tutorial-like presentation of the attack, without omitting any variables, including screenshots, this could look like a manual or a journal.
• An evaluation of the data if collected from Wireshark, in any given case, you will be able to find some pattern, like a redirection or uncommon data between clients in social network attacks, or the effect of a spoofing mechanism, you should describe in a fairly simplistic way, what has happened.
• Provide a short evaluation and considerations of the attack, this can and should also include defence mechanisms which can be used to defend from such an attack. Please note, this should be done thoroughly and present various mechanisms and description of which you consider to be better and why. For example, for a DoS attack where the attacker has spoofed the IP address, there are mechanisms to trace back the attacker, you should include most of them.
Part B (30%)
Part B provides 30% of assignment marks.
Since this is your third year of undergraduate education in Deakin University. It is highly recommended to learn to conduct a certain level of research work and explore a topic for a project. This is valuable as you can use the way when you do your final year’s project next year.
In Part B, we will provide three research questions about the Intrusion Detection System (IDS), Firewall and Honeypot you need to investigate and answer the following questions with proper literature citations:
1. Research Question 1 (15%):
Can an integrated system with IDS, IPS, Firewall & Honeypot together to improve the real-time system security?
Discuss how and provide one real-world example (e.g., in the context of smart city) with network topology and illustrate the relevant tools/techniques in use. Minimum 5 references are required. (State your own understanding after you have done some research works, cannot use the direct quotation, no more than 600 words)
2. Research Question 2 (10%):
Describe the IDS and Honeypot development history based on the timeline (e.g., in a chronological order in year)? Minimum 5 references are required. (no more than 400 words)
3. Research Question 3 (5%):
Discuss the main differences (minimum 3) between the firewall and IDS?
Using the diagram to illustrate the components for the types of IDS vs firewall. Use two or three sentences to discuss the differences based on your understanding? (no more than 300 words)
4

SIT382 System Security Assignment 2 Trimester 2/2019
Note: All materials from sources must be properly referenced. It is necessary to paraphrase and summarize sources, statistics, diagrams, images, experiment results and laboratory data – anything taken from sources. When misconduct is detected, the penalty is very strict. The University’s policy on plagiarism can be viewed, online, at http://www.deakin.edu.au/students/studysupport/referencing/plagiarism .
Additional Requirements and Notes
1. Your report must contain the following information.
o Your name and student ID number
o Which assignment question you attempted.
o A detailed explanation of how you arrive at the solution, including
embedded images and any scripting code to show the completeness of your
solution.
2. Any text or code adapted from any source must be clearly labelled and referenced.
You should clearly indicate the start and end of any such text/code.
3. All assignments must be submitted through CloudDeakin. Assignments will not be accepted through any other manner without prior approval. Students should note
that this means that email and paper-based submissions will ordinarily be rejected.
4. Submissions received after the due date are penalised at a rate of 5% (out of the full mark) per day for 5 days. Late submission after 5 days would be penalised at a rate of 100% out of the full mark. Close of submissions on the due date and each day thereafter for penalties will occur at 5 pm Australian Eastern Time (UTC +10 hours). Students outside of Victoria should note that the normal time zone in
Victoria is UTC+10 hours.
5. No extension will be granted unless further approved by the Unit Chair.
6. Assignments are normally marked and returned within two weeks of the due date.
Assignments that are submitted after the due date will normally take longer to mark and return.
5

SIT382 System Security Assignment 2 Trimester 2/2019
111
Marking Scheme
Part A: 70%
Weight
a
Successful completion of all challenges (Partial marks will be given for successful efforts in proportion)
20%
b
Adequate description of the problem/scenario identified/selected
5%
c
Appropriate usage of scripting language and explanations in the correct place
5%
d
Description of the technique used to attack the victim via the attack you launched (Either on WebGoat or other local host or networked system)
10%
e
Description of technique used to provide the detection/mitigation against the attack/adversary
10%
f
At least 6 relevant screenshots of steps taken to detect/mitigate the attack/adversary (These screenshots should be on your own work, e.g., scripts/commands or the constructed system)
6%
g
At least 6 relevant screenshots of steps taken to attack the victim (These screenshots should be your own work, e.g., scripts/commands or the constructed system)
6%
h
Evaluation and analysis on the collected data if there are any
8%
Part B: 30%
a
For question 1, no direct quotations, using your own understanding, no more than 600 words, minimum 5 references are required.
15%
b
For question 2, discussion based on the timeline, no more than 400 words, minimum 5 references are required.
10%
c
For question 3, brief discussion, three differences, no more than 300 words
5%
6