Melbourne Institute of Technology MN502 Assignment 1 2 MN502: Overview of Network Security Assignment 1 (15%, Total – 20 Marks) Due Date: Week 7 Assignment Overview For this assignment you will evaluate a Network Security Software. Marks will be awarded based on the sophistication and the difficulties the demonstration explored. Your task is to complete and make a 4-5 min video presentation on the following: 1. Download and install (on your computer or on MIT Virtual box) a Network Security Software assigned to you from Table 1. 2. Demonstrate (narration of your actions recorded by video) 4 tasks the software can perform.(4 * 2.5 = 10 Marks) 3. Overview of your presentation (3 Marks) 4. Summarize your findings. (3 Marks) 5. Present the results in a video presentation. 6. You should appear in the video at the first and last 30 secs to introduce yourself and draw a conclusion (2 + 2 = 4) [A separate excel file has been uploaded in the Assignment 1 Folder where you can find the security software that has been allocated to you]. Table 1 List of Software Serial # Name of the Software Description 1 Nmap map your network and ports with the number one port scanning tool. Nmap now features powerful NSE scripts that can detect vulnerabilities, misconfiguration and security related information around network services. After you have nmap installed be sure to look at the features of the included ncat - its netcat on steroids 2 OpenVAS Open source vulnerability scanning suite that grew from a fork of the Nessus engine when it went commercial. Manage all aspects of a security vulnerability management system from web based dashboards. For a fast and easy external scan with OpenVAS try our online OpenVAS scanner. 3 OSSEC Host based intrusion detection system or HIDS, easy to setup and configure. OSSEC has far reaching benefits for both security and operations staff. 4 Security Onion A network security monitoring distribution that canMelbourne Institute of Technology MN502 Assignment 1 3 replace expensive commercial grey boxes with blinking lights. Security Onion is easy to setup and configure. With minimal effort you will start to detect security related events on your network. Detect everything from brute force scanning kids to those nasty APT's. 5 Metasploit Framework Test all aspects of your security with an offensive focus. Primarily a penetration testing tool, Metasploit has modules that not only include exploits but also scanning and auditing. 6 OpenSSH Secure all your traffic between two points by tunnelling insecure protocols through an SSH tunnel. Includes scp providing easy access to copy files securely. Can be used as poor mans VPN for Open Wireless Access points (airports, coffee shops). Tunnel back through your home computer and the traffic is then secured in transit. Access internal network services through SSH tunnels using only one point of access. From Windows, you will probably want to have putty as a client and winscp for copying files. Under Linux just use the command line ssh and scp. 7 BackTrack an Ubuntu based Linux distribution that is configured with hundreds of security testing tools and scripts. Backtrack is well known with penetration testers and hobbyists alike. 8 Nikto A web server testing tool that has been kicking around for over 10 years. Nikto is great for firing at a web server to find known vulnerable scripts, configuration mistakes and related security problems. It won't find your XSS and SQL web application bugs, but it does find many things that other tools miss. To get started try the Nikto Tutorial or the online hosted version. 9 Truecrypt Encrypt all the things. Truecrypt is a strong encryption utility that can encrypt entire volumes or create an encrypted container within a file system. Use Truecrypt to protect your flash drives. If it gets lost, even the NSA will have trouble reading the data. You may use any of the available open source software for screen capture. Please find the following as an example. • Software:- http://camstudio.org/ • Tutorial:- https://www.youtube.com/watch?v=jVnBnvXJw00Melbourne Institute of Technology MN502 Assignment 1 4 The following resources may be of use: · Textbooks · Youtube Videos: CBT Nuggets, HakTip, etc Plagiarism All used sources must be properly acknowledged with references and citations, if you did not create it. Quotations and paraphrasing are allowed but the sources must be acknowledged. Failure to do so is regarded as plagiarism and the minimum penalty for plagiarism is failure for the assignment. The act of given your assignment to another student is classified as a plagiarism offence. Copying large chucks and supplying a reference will result in zero marks as you have not contributed to the report. Copying from Youtube or other videos is also plagiarism (including transcripts). Citation in a video can be included as credits at the end. Due Date & Submission The report is due at Week 7 By the due date, you must submit: 1. Name your file with your student number and name. 2. Upload Video on Youtube. 3. Video Link to MOODLE. 4. Fail to submit the video will result in a fail. To upload on Youtube, you must create your account on youtube. If you have a google account (gmail), you already have one on youtube. Videos must be of one of the following formats: .MOV, .MPEG4, MP4, .AVI, .WMV, .MPEGPS, .FLV, .3GPP, and .WebM. Once you have an account, to upload your video, click on the 'upload' button located at the top right-hand corner of your youtube.com webpage. To keep your uploaded video unsearchable by people so that random people cannot view your video(s), you have to select the privacy mode from the drop-down menu on the upload screen to be 'Unlisted'. This way, your video is viewable by only those who have got the URL of your video. Make sure you copy+paste your video URL in MOODLE for your marker to be able to watch and mark it! Late submission of assignments will be penalised as follows: • For assignments 1 to 5 days late, a penalty of 10% (of total available marks) per day. • For assignments more than 5 days late, a penalty of 100% will apply. Your submission must be compatible with the software (PDF/Word/Video) in MIT, Computer Laboratories/Classrooms. Extensions: Under normal circumstances extensions will not be granted. In case of extenuating circumstances— such as illness—a Special Consideration form, accompanied by supporting documentation, must be received before 3 working days from the due date. If granted, an extension will be only granted only by the time period stated on the documentation; that is, if the illness medical certificate was for one day, an extension will be granted for one day only. Accordingly the student must submit within that time limit. Penalties may apply for late submission without an approved extension. Penalties: Academic misconduct such as cheating and plagiarism incur penalties ranging from a zero result to program exclusion.Melbourne Institute of Technology MN502 Assignment 1 5 Marking criteria: Marks are allocated as indicated on each question, taking the following aspects into account: Aspects Description Analysis (if appropriate) Investigation, comparison, discussion Explanation/justification Description/answer to the question Presentation Inadequate structure, careless presentation, poor writing Reference style Proper referencing if required Plagiarism Copy from another student, copy from internet source/textbook, copy from other sources without proper acknowledgement Marking Rubric for Exercise Answers Grade Mark HD 80%+ D 70%-79% CR 60%-69% P 50%-59% Fail < 50% Excellent Very Good Good Satisfactory Unsatisfactory Analysis Logic is clear and easy to follow with strong arguments Consistency logical and convincing Mostly consistent and convincing Adequate cohesion and conviction Argument is confused and disjointed Effort/Difficulties/ Challenges The presented solution demonstrated an extreme degree of difficulty that would require an expert to implement. The presented solution demonstrated a high degree of difficulty that would be an advance professional to implement. The presented solution demonstrated an average degree of difficulty that would be an average professional to implement. The presented solution demonstrated a low degree of difficulty that would be easy to implement. The presented solution demonstrated a poor degree of difficulty that would be too easy to implement. Explanation/ justification All elements are present and well integrated. Components present with good cohesion Components present and mostly well integrated Most components present Lacks structure. Reference style Clear styles with excellent source of references. Clear referencing/ style Generally good referencing/style Unclear referencing/style Lacks consistency with many errors Presentation Proper writing. Professionally presented Properly spoken, with some minor deficiencies Mostly good, but some structure or presentation problems Acceptable presentation Poor structure, careless presentation