Perform Penetration Testing on The System, Application and Network Security For Reducing Vulnerabilities - Security Assessment

1           Overview

Operating system security plays a critical role in protecting memory, files, user authentication, and data access protection. Various attacks can be launched against operating systems such as password attacks, privilege escalation attacks, and malware attacks. Consequently, security hardening measures need to be applied to prevent and mitigate these attacks.

Seed Ubuntu v 16.04 VM will be used as a target machine for Part 2.  (You can download this VM from Canvas week 8). There are several vulnerabilities in this machine.  You must demonstrate your understanding of penetration testing.

2          Learning Outcomes

This assessment relates to the following learning outcomes:

• CLO 2: Investigate and model the possible vulnerabilities and threats for a given application system;
• CLO 3: Design, implement and produce test procedures and perform evaluation (Kali Linux, Nmap, Wireshark, Hashcat, etc.)
• CLO 4: Analyse and evaluate security related scenarios

Get Your Customize Task on any subject starting 10$/Page

Order Now Whatsapp Now

3          Tasks

Part 1: System security (40 Marks)

In Part 1, you will consider yourself a member of an organisation that has been tasked to conduct a security hardening process to secure an operating system. You are required to choose three attacks (if you have 2 members in your group you can choose 2 attacks) that could be mounted against either Windows or Linux operating systems, describe the attack mechanisms, explain the security controls you could apply to prevent or mitigate these attacks, and explain why these controls would work. You will record your findings in the report and present them to the class. (40 marks)

To complete Part 1, you will need to have functional knowledge of operating system security, which will be covered in this course. You will submit a document of your responses. Write about 3 pages (for 2 members 2 pages) same format as this file.

• This is a group assignment. You are assigned to a group of 2 or 3 students within your tutorial slot ONLY.
• You will present this work as a group in your Week 12 Tutorial Slot.
• NO MARK WILL BE GIVEN TO THE WHOLE ASSIGNMENT if you have not come to the presentation (without any acceptable reason, e.g. a medical certificate), even if you have submitted your report or your groupmate has presented the result.
• FULL MARK: 40 MARKS (Report: 20 Marks. Presentation: 20 Marks)
• 10% deduction if the given instructions are not followed

PART2 (60 Marks)

The assignment is considered as security assessments, progressions and analysis on a given Linux Virtual Machine. Perform penetration testing on the system, the application and network security for reducing vulnerabilities.

• Vulnerability Assessment

The process is used in the identification and ranking of the threats and the vulnerabilities which are found in a system. Assessments involving the identification of the threats are performed based on the following steps:

• Collecting information and accessing system vulnerabilities.
• Ranking the threats and the vulnerabilities based on risk.
• Identifying the potential threats of the vulnerabilities to the existing system.
• List of possible SQL attacks and XSS attacks which does not cover in the Lab.
• Prevention and mitigation against the attacks.

Please record your demonstration (MAX 10mins) and list all the tools used to perform analysis and scanning of the network issues and threats in each step. 

Important:

In the submission, you will be required to certify that the submitted works represent your own work only by agreeing to the following statement:

I certify that this is all my own original work. If I took any parts from elsewhere, then they were non-essential parts of the assignment, and they are clearly attributed in my submission.

Be careful: The solutions (your video demonstrations) must not be posted/shared online or any other place in any manner.

Not complying with the above rules will lead to considerable marking reduction. The solution you present must be your own and not a solution provided by others.

In case of any Academic Integrity breach, collusion, or plagiarism, the teaching team can conduct personal interviews.

The group assignment cover sheet should be included with signatures from all group members. The individual contribution to the assignment should be stated clearly.

The assignment consists of two parts, part 1 can be any of the mentioned formats and part2 MUST be video. Your demonstrations will be assessed based on the correctness, conciseness, and clarity of the descriptions, and the complexity analyses.

You need to submit 3 or 4 files that include 1 file for each part, coversheet, and 1 file for group member’s contributions, declaration and references.  

-The deadline is FIXED.

-Any Special Consideration case that results in an extended deadline two weeks or more after the due date will take an equivalent practical test and interview.

-Please don't discuss solutions or suggestions of solutions to Canvas, but feel free to ask for clarifications. 

We strongly encourage you to start working on the Assignment early to achieve the best outcome.  Please read the questions carefully and if there's anything unclear, you can post your questions on Canvas Discussion and we will answer right there or follow up in the lectorial/workshops sessions in the following week.

4          Academic integrity and plagiarism (standard warning)

Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge and ideas. You should take extreme care that you have:

• Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly copied), summarised, paraphrased, discussed or mentioned in your assessment through the appropriate referencing methods
• Provided a reference list of the publication details so your reader can locate the source if This includes material taken from Internet sites. If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off the work and ideas of another person without appropriate referencing, as if they were your own.

RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety of inappropriate behaviours, including:

• Failure to properly document a source
• Copyright material from the internet or databases
• Collusion between students

For further information on our policies and procedures, please refer to the following: https://www.rmit.edu.au/students/student-essentials/rights-and-responsibilities/ academic-integrity.

We will run both code and report similarity checks.

5               Getting Help

There are multiple venues to get help. First point of call should be Canvas, recordings about it and the discussion forum. In addition, you are encouraged to discuss any issues you have with your Tutor or Lab Demonstrator. Please refrain from posting