​​ 1 / 7 RMIT Computer Science Security in Computing and Information Technology (COSC2536/2537) Assignment, Semester 1, 2016 Aims  To learn how to stay up-to-date with security threats  To illustrate a practical aspect of security, such as vulnerabilities, threats and attack techniques, familiarise students with some basic security infrastructure, such as software vulnerability and virus databases  To illustrate the process of encrypting with mechanical devices Method This assignment will be attempted by students individually. Time frame Time allocated for this assignment: 4 weeks Due date: Week 11 (Friday, 20 May, 2016, 1:00pm) Special Consideration With the exception of dire circumstances, no extension requests will be considered within 5 working days of the submission date. ("Dire Circumstances" means things like hospitalisation of you or a close relative, etc.) Persons requesting a late extension may be required to prove that a significant body of the work has already been completed. Submission What to submit A zip file named S< Your Student Number >.zip. (Replace with your own student number). The zip file should contain all your answer files. Each answer file must be in pdf format and named after the question number, i.e. Task_1_1.pdf, Task_1_2.pdf, Task_1_3.pdf, Task_2.pdf and Task_3.pdf (no need to specify 3.0, 3.1 or 3.2). As the files will automatically be distributed to markers by a script, wrongly named files may not be assigned to any marker (i.e. will not be marked). Submission method Submission is via Blackboard. If you are not familiar with submitting assignments via Blackboard, please visit http://goo.gl/YEo4U5 2 / 7 Marking This assignment contributes 35% towards your final mark in the course, and will be marked out of 100. Students are reminded that cheating, whether by fabrication, falsification of data, or plagiarism, is an offence subject to University disciplinary procedures. In particular, students should acknowledge any material that is not their own work and is submitted as part of an assignment. Students should be aware of their rights and responsibilities regarding the use of copyright material. If you need help referencing, have a look at RMIT's Referencing Guide. 3 / 7 Part 1 Vulnerabilities and Malware Background Your company is re-evaluating its operations. It uses a very large number of applications running on different computers. You are given the task of providing information about vulnerabilities in applications so that IT management can consider which applications should be disabled, disconnected from the network or restricted to special workstations in order to reduce the possibility of attacks. Your manager thinks the company relies on outdated protection and wants an update on recent malware, and also asks you to recommend a new antivirus program for the Windows desktop machines. You need to support your proposal with facts and arguments. Tasks Task 1.1 (25 marks) Using your skills learnt in lab 2, select a recent (not older than two months) vulnerability from the National Vulnerability Database and analyse it from the following aspects: i. Criticality level (Check Secunia, Screenshot Accepted) ii. Impact including CVSS Score. (Screenshot Accepted) iii. Explain the purpose of using CVSS scores. (Two valid bullet points expected.) iv. Proposed Solution (Screenshot Accepted) v. Indicate which of the Australian DSD '35 Strategies can be applied to mitigate the vulnerability. Include valid explanations for your answer. (At least two if possible, one will suffice only in rare cases.) Ensure that you also provide a detailed description of the vulnerability. Task 1.2 (20 marks) Search a number of antivirus companies' (e.g. Symantec, McAfee, Kaspersky, F-Secure, AVG, Bit Defender, Webroot, ESET, G-Data, Avira) websites. Find at least four sites that publish malware listings, and compare the latest malware lists. As different companies may use different names for the same malware, you also need to find a site that has cross-references, i.e. lists the alternative names. i. List the four sites and the cross-reference site. ii. Discuss how descriptive and informative the sites are. iii. Discuss the time difference between the listings. Hint: Take a subset of malware listings and compare the time difference. This information should be presented in a tabular grid and a small paragraph at the end that summarises your findings. (Here you select specific malware issues and check the different sites to see when they are listed.) As different companies may use different names for the same malware, first you will need to find a site that lists the aliases for malware. 4 / 7 iv. Which site is the most up-to-date and why? Hint: Over a two week period compare the malware listings that are reported. Statistically analyse the data set, possibly by giving the malware a weight based on the criticality and the date/time of the listing. This information should be presented in a tabular grid and a small paragraph at the end that summarises which site is the most up-to-date. Data in your grid should serve as proof of your statement. (This date is different from the previous question as here you select a specific time period instead of looking exclusively for specific malware.) Task 1.3 (20 marks) Select a recent vulnerability from an antivirus company's database, and analyse it from the same aspects as in task 1.1. (Note: No need to explain the purpose of using CVSS scores again.) Select three recent, different threats from an antivirus company's database. Describe for each i.How it spreads (attack strategy) ii.The target of malicious activity (information, resource etc) iii.The way of hiding inside the victim's computer. Guidelines The report should be concise, normally not longer than 900 words (excluding pictures). You must start each answer on a new page. Please use the template specified at http://titan.csit.rmit.edu.au/~e51577/SIC/Assign/SICReportTemplate.docx To support your arguments  Provide screen-dumps for each question (Maximum four screen dumps per question; each screen dump must be large enough to read the text). Feel free to format the page to accommodate larger screenshots.  Provide references (URLs) when you use information from different sources. 5 / 7 Part 2 Symmetric and asymmetric ciphers In this part you will practice encrypting and digitally signing documents. Task (15 marks) The Enigma machine was a piece of encryption hardware used by the Germans to protect commercial, diplomatic and military communication before and during World War Two. Although it had some cryptographic weaknesses, it was procedural flaws, operator mistakes and the capture of key tables and hardware by the Allies that enabled the successful breaking of messages encrypted by Enigma machines. For this assignment you are required to use the following Enigma Machine Simulator [http://enigma.louisedade.co.uk/enigma.html] using the parameters specified below: Enigma Type: M4 Reflector Wheel (Umkehrwalze): C Wheel Order (Walzenlage): Gamma IV III II Ring Setting (Ringstellung): DGAF Ground Setting (Grundstellung): YPWQ Plugs: AV CN FG IY WJ ME The task is to encrypt the following with the Enigma emulator: your family name followed by ten letters of 'L'. In your answer you must state: - The plain text. - The cipher text. - The final ground setting after encryption. You have to write down your answer, a screenshot alone is not sufficient. 6 / 7 Part 3 Defence Mechanisms For this task you will first practice modulo operation that is the basis for most encryption methods. If you are not familiar with it, there are many explanations on the web. Then you will have to answer the question that the result of the operation points to. The task (20 marks) You have to calculate xxxxxxx mod 3 (where xxxxxxx is your seven-digit student number), and show the result. Then, if the result is 0 you need to answer question 3.0, if the result is 1 you need to answer question 3.1 and if the result is 2 your question is 3.2. Below is a list of security mechanisms and threats. For each security mechanism, indicate whether it is very effective, partially effective or not effective against the listed threats. Provide a brief explanation for each answer. Question 3.0 Security mechanisms: Embedded Firewalls, TLS / SSL , two-factor authentication, signaturebased intrusion detection Threats: viruses, worms, root kits, spyware, impersonation (including theft of passwords/credentials), denial of service attacks, network eavesdroppers, insider abuse (includes misuse of data to which one is allowed limited access), or penetration attempts by outside attackers. Question 3.1 Security mechanisms: Network Firewalls, PGP , one-time passwords, anomaly-based intrusion detection Threats: viruses, worms, root kits, spyware, impersonation (including theft of passwords/credentials), denial of service attacks, network eavesdroppers, insider abuse (includes misuse of data to which one is allowed limited access), or penetration attempts by outside attackers. Question 3.2 Security mechanisms: Proxy servers, TLS / SSL , electronic certificates, application-based intrusion detection Threats: viruses, worms, root kits, spyware, impersonation (including theft of passwords/credentials), denial of service attacks, network eavesdroppers, insider abuse (includes misuse of data to which one is allowed limited access), or penetration attempts by outside attackers. 7 / 7 You should organize your answer in a table, the rows representing the threats and the columns representing the methods. E.g. Mechanism 1 Mechanism 2 Mechanism 3 Mechanism 4 Threat 1 Not effective, because … Very effective, because … Partially effective, as it can address … but cannot address … Very effective, because … The End