Assessment Details and Submission Guidelines Unit Code MN502 Unit Title Overview of Network Security Assessment Type Individual Assessment Assessment Title Demonstration of a network security tool Purpose of the assessment (with ULO Mapping) a) Discuss common threats and attacks on networked information systems b) Identify most common intrusion detection attacks, and discuss how to prevent them c) Apply skills to analyse complex problems in network security under supervision Weight 15% Total Marks 20 Word limit Not Applicable Due Date W Week 7 Submission Guidelines • All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page. • The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings. • Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using IEEE referencing style. Extension • If an extension of time to submit work is required, a Special Consideration Application must be submitted directly to the School's Administration Officer, in Melbourne on Level 6 or in Sydney on Level 7. You must submit this application three working days prior to the due date of the assignment. Further information is available at: http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/specialconsiderationdeferment Academic Misconduct • Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at: http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure. For further information, please refer to the Academic Integrity Section in your Unit Description.   Assignment Description For this assignment you will evaluate a Network Security Software. Marks will be awarded based on the sophistication and the difficulties the demonstration explored. Your task is to complete and make a 4-5 min video presentation on the following: 1. Download and install (on your computer or on MIT Virtual box) a Network Security Software assigned to you from Table 1. 2. Demonstrate (narration of your actions recorded by video) 4 tasks the software can perform. (4 * 2.5 = 10 Marks) 3. Outline of your presentation (3 Marks) 4. Summarize your findings. (3 Marks). 5. Present the results in a video presentation. 6. You should appear in the video at the first and last 30 secs to introduce yourself and draw a conclusion on your experience with the Security Software. (2 + 2 = 4) Length of Video: Introduction (30 secs approximately, your appearance should be in the video) + Outline of the presentation (30 secs approximately) + Demonstration of the task (210 seconds approximately) + Summary (15 seconds approximately) + Conclusion (15 secs approximately, with appearance) [You can choose a network security tool for your demonstration with your tutor’s consent]. Table 1 Network Security Tools Serial # Name of the Software Description 1 Nmap Nmap is an open source security scanner. The scanner runs on all the major operating systems including: Windows, Linux and Mac. Nmap enables users to map networks and ports. Nmap may also be used for network inventory, managing service upgrade schedules, and monitoring host or service uptime. 2 Metasploit Framework Metasploit framework is an open source network penetration software. The framework tests all aspects of your security with an offensive focus. Metasploit uses a modular approach, allowing the combination of any exploit with any payload. 3 OpenSSH Open SSH enables users to remotely login, using the SSH protocol. The security software uses encryption to secure the connection from various attacks including, eavesdropping and connection hijacking. The users can also benefit from the tunneling capabilities of Open SSH. 4 BackTrack BackTrack is a Linux based penetration testing software. BackTrack provides users with a range of security tools including, port scanners and Security Audit. 5 Nikto Nikto is an open source web server scanner. Nikto enables users to find known vulnerable scripts, configuration mistakes and related security problems. Nikto also checks for multiple index files, HTTP server options. You may use any of the available open source software for screen capture. Please find the following as an example. • Software:- http://camstudio.org/ • Tutorial:- https://www.youtube.com/watch?v=jVnBnvXJw00 The following resources may be of use: • Textbooks • Youtube Videos: CBT Nuggets, HakTip, etc Due Date & Submission The report is due at Week 7 Submission Guidelines: 1. Name your video with your student number and name. 2. Upload Video on your Youtube account 3. Copy the Video Link to a file and 4. Upload it into the MOODLE To upload on Youtube, you must create your account on youtube. If you have a google account (gmail), you already have one on youtube. Videos must be of one of the following formats: .MOV, .MPEG4, MP4, .AVI, .WMV, .MPEGPS, .FLV, .3GPP, and .WebM. Once you have an account, to upload your video, click on the 'upload' button located at the top right-hand corner of your youtube.com webpage. To keep your uploaded video unsearchable by people so that random people cannot view your video(s), you have to select the privacy mode from the drop-down menu on the upload screen to be ‘Unlisted’. This way, your video is viewable by only those who have got the URL of your video. Make sure you copy+paste your video URL in MOODLE for your marker to be able to watch and mark it! Late submission of assignments will be penalised as follows: • For assignments 1 to 5 days late, a penalty of 10% (of total available marks) per day. • For assignments after 5 working days, a penalty of 100% will apply. Your submission must be compatible with the software (PDF/Word/Video) in MIT, Computer Laboratories/Classrooms. Extensions: Under normal circumstances extensions will not be granted. In case of extenuating circumstances— such as illness—a Special Consideration form, accompanied by supporting documentation, must be received before 3 working days from the due date. If granted, an extension will be only granted only by the time period stated on the documentation; that is, if the illness medical certificate was for one day, an extension will be granted for one day only. Accordingly the student must submit within that time limit. Penalties may apply for late submission without an approved extension. Penalties: Academic misconduct such as cheating and plagiarism incur penalties ranging from a zero result to program exclusion. Marking criteria: Example of marking criteria is shown in following table. Marks are allocated as follows: Section to be included in the report Description of the section Marks Introduction Student should introduce with his/her physical appearance in the video. (2 Marks) 2 Outline Outline of the whole presentation (3 Marks) 3 Demonstration Demonstrate (narration of your actions recorded by video) all steps from the respective project (10 Marks) 4*2.5 = 10 Summary Summarise your findings. (3 Marks) 3 Conclusion With appearance, draw a conclusion on your experience with the Security Software. (2 Marks) 2 Total 20 Example Marking Rubric for Assignment #: Total Marks 20 Grade Mark HD 16-20 DI 14-15 CR 12-13 P 10-11 Fail <10 Excellent Very Good Good Satisfactory Unsatisfactory Introduction/2 Appearance is clear, easy to follow, well prepared and professional Appearance is clear and easy to follow. Appearance is clear and understandable Makes an appearance and provides an introduction. Does not make an appearance in the video at the start of video Overview/3 Create a very nice bullet point outline and well presented it before the demonstration started A bullet point outline is provided and presented before the start of the presentation Explained but no screen showing a written outline Very difficult to understand overview. The overview is hardly there, missing explanation Demonstration/10 Very profession-al, clear and easy to follow. Professional, clear and easy to follow Clear and easy to follow but lacks professionalism Difficult to follow Tasks have not been demonstrated Summary/3 Clear, professional summary and easy to follow Clear professional summary Well written summary Summary provided The summary is hard to understand. Conclusion/2 A very powerful conclusion with full confidence. Very Good Conclusion Appearance made and good conclusion provided Appearance made and conclusion provided. Barely appear at the end of the video.