Task 1.1 (25 marks)Using your skills learnt in lab 2, select a recent (not older than two months) vulnerabilityfrom the National Vulnerability Database and analyse it from the following aspects:i. Criticality level (Check Secunia, Screenshot Accepted)ii. Impact including CVSS Score. (Screenshot Accepted)iii. Explain the purpose of using CVSS scores. (Two valid bullet points expected.)iv. Proposed Solution (Screenshot Accepted)v. Indicate which of the Australian DSD '35 Strategies can be applied to mitigate thevulnerability. Include valid explanations for your answer. (At least two if possible,one will suffice only in rare cases.)Ensure that you also provide a detailed description of the vulnerability.Task 1.2 (20 marks)Search a number of antivirus companies' (e.g. Symantec, McAfee, Kaspersky, F-Secure, AVG,Bit Defender, Webroot, ESET, G-Data, Avira) websites. Find at least four sites that publishmalware listings, and compare the latest malware lists. As different companies may usedifferent names for the same malware, you also need to find a site that has cross-references,i.e. lists the alternative names.i. List the four sites and the cross-reference site.ii. Discuss how descriptive and informative the sites are.iii. Discuss the time difference between the listings.Hint: Take a subset of malware listings and compare the time difference. Thisinformation should be presented in a tabular grid and a small paragraph at theend that summarises your findings. (Here you select specific malware issues andcheck the different sites to see when they are listed.) As different companies mayuse different names for the same malware, first you will need to find a site thatlists the aliases for malware.4 / 7iv. Which site is the most up-to-date and why?Hint: Over a two week period compare the malware listings that are reported.Statistically analyse the data set, possibly by giving the malware a weight basedon the criticality and the date/time of the listing. This information should bepresented in a tabular grid and a small paragraph at the end that summariseswhich site is the most up-to-date. Data in your grid should serve as proof of yourstatement. (This date is different from the previous question as here you select aspecific time period instead of looking exclusively for specific malware.)Task 1.3 (20 marks)Select a recent vulnerability from an antivirus company's database, and analyse it from thesame aspects as in task 1.1. (Note: No need to explain the purpose of using CVSS scoresagain.)Select three recent, different threats from an antivirus company's database. Describe foreachi. How it spreads (attack strategy)ii. The target of malicious activity (information, resource etc)iii. The way of hiding inside the victim's computer.GuidelinesThe report should be concise, normally not longer than 900 words (excluding pictures). Youmust start each answer on a new page. Please use the template specified athttp://titan.csit.rmit.edu.au/~e51577/SIC/Assign/SICReportTemplate.docxTo support your arguments Provide screen-dumps for each question (Maximum four screen dumps per question;each screen dump must be large enough to read the text). Feel free to format the pageto accommodate larger screenshots. Provide references (URLs) when you use information from different sources.5 / 7Part 2Symmetric and asymmetric ciphersIn this part you will practice encrypting and digitally signing documents.Task(15 marks)The Enigma machine was a piece of encryption hardware used by the Germans to protectcommercial, diplomatic and military communication before and during World War Two. Although ithad some cryptographic weaknesses, it was procedural flaws, operator mistakes and the capture ofkey tables and hardware by the Allies that enabled the successful breaking of messages encrypted byEnigma machines.For this assignment you are required to use the following Enigma Machine Simulator[http://enigma.louisedade.co.uk/enigma.html] using the parameters specified below:Enigma Type: M4Reflector Wheel (Umkehrwalze): CWheel Order (Walzenlage): Gamma IV III IIRing Setting (Ringstellung): DGAFGround Setting (Grundstellung): YPWQPlugs: AV CN FG IY WJ METhe task is to encrypt the following with the Enigma emulator: your family name followed by tenletters of 'L'.In your answer you must state:- The plain text.- The cipher text.- The final ground setting after encryption.You have to write down your answer, a screenshot alone is not sufficient.6 / 7Part 3Defence MechanismsFor this task you will first practice modulo operation that is the basis for most encryption methods. Ifyou are not familiar with it, there are many explanations on the web. Then you will have to answerthe question that the result of the operation points to.The task(20 marks)You have to calculate xxxxxxx mod 3 (where xxxxxxx is your seven-digit student number), and showthe result. Then, if the result is 0 you need to answer question 3.0, if the result is 1 you need toanswer question 3.1 and if the result is 2 your question is 3.2.Below is a list of security mechanisms and threats. For each security mechanism, indicate whether itis very effective, partially effective or not effective against the listed threats. Provide a briefexplanation for each answer.Question 3.0Security mechanisms: Embedded Firewalls, TLS / SSL , two-factor authentication, signaturebasedintrusion detectionThreats: viruses, worms, root kits, spyware, impersonation (including theft ofpasswords/credentials), denial of service attacks, network eavesdroppers, insider abuse(includes misuse of data to which one is allowed limited access), or penetration attempts byoutside attackers.Question 3.1Security mechanisms: Network Firewalls, PGP , one-time passwords, anomaly-basedintrusion detectionThreats: viruses, worms, root kits, spyware, impersonation (including theft ofpasswords/credentials), denial of service attacks, network eavesdroppers, insider abuse(includes misuse of data to which one is allowed limited access), or penetration attempts byoutside attackers.Question 3.2Security mechanisms: Proxy servers, TLS / SSL , electronic certificates, application-basedintrusion detectionThreats: viruses, worms, root kits, spyware, impersonation (including theft ofpasswords/credentials), denial of service attacks, network eavesdroppers, insider abuse(includes misuse of data to which one is allowed limited access), or penetration attempts byoutside attackers.7 / 7You should organize your answer in a table, the rows representing the threats and the columnsrepresenting the methods.E.g.Mechanism 1 Mechanism 2 Mechanism 3 Mechanism 4Threat 1 Noteffective,because …Veryeffective,because …Partially effective, as itcan address … but cannotaddress …Very effective, because …