Computer Science Security Attempt Question 1 5 6 Pages

Question Description

Question 1: Attack Surface Modelling (60 marks)

The site being audited has a total of 10 full time staff and an unspecified number of casual

staff. The back-office duties are only undertaken by full time staff, but the staff common

areas and offices are not locked or physically separated. Full time staffers handle payroll, HR

and scheduling tasks. The front counter/cashier duties are sometimes taken on by full timers

but also by casual staff. You have been informed that the turnover of casual staff is quite

large, although the reasons for this are unknown.

The computer systems in the back office are all networked via a Cisco small business series

ADSL router supplied by Telstra. To permit the owner(s) to check on files from home,

remote access services are enabled on some but not all of the machines. There is no

centralized authentication server and users logon locally to all machines. All machines

contain two local user accounts “admin” and “user”. These accounts are shared by staff to

ensure that files are always accessible to fellow staff. The server that will be used for hosting

the online presence will run on Ubuntu Linux. The server will also be used as print and file

server for other Windows 7 PCs which will run office applications (payroll, HR etc.).

An image of the server machine has been supplied to you as VirtualBox VM. You can obtain

the VM from: http://www.it.murdoch.edu.au/szander/ICT287/assign…

You will require your student number to download the VM. You should download your

own specific VM as there are multiple different VMs for different people.

The network interface of the VM is set to Host-only Adapter and you should leave it

that way. For the VM to run, it is necessary to have a Host-only Network configured in

VirtualBox. This may already exist, but if it does not exist you can configure it under

File->Preferences->Network->Host-only Networks. Make sure you enable the DHCP

server.

Your task is to assess the attack surface of this machine. The scope of your analysis is

limited to (1) network level attacks and (2) physical attacks. You should NOT logon to

the machine and analyse the individual software packages that have been installed. You

only need identify and describe any vulnerable services from a network level (using

suitable tools) and identify and describe any potential physical attacks given the

scenario description above.

It is not mandatory, but you may use a vulnerability scanner (e.g. Nessus) for the

network-level analysis. However, you are not allowed to simply copy and paste output of

these tools. Like in the real world you must synthesise the output of the tools into a form

appropriate for the audience and add textual descriptions.

Your report should outline possible weaknesses and vulnerabilities in the systems. The

report should include a summary of less than 1 page that summarises the most

important findings and is understandable by a layperson. The following pages should

describe the details and should be presented in a format suitable for a general technical

audience – i.e. someone who is proficient in IT in general, but may not be a security expert. Citations should be used where appropriate.

Your report should include an overview of the potential vulnerable services and of the

physical attack points, reference specific CVE items (with brief explanations) and

demonstrate a prioritisation of the most important issues. An exhaustive list of CVEs is

not required (there are too many), but you should at least discuss the 10 most critical

and these must be relevant to the actual system and services. Based on your findings

you should also make some recommendation on how to improve the security.

The expected answer length is roughly 5-6 pages, the maximum length is 10 pages.

Get 20% Discount on The assignment
Pages (550 words)
Approximate price: -

Try it now!

Get 20% Discount on The Assignment

We'll send you the first draft for approval by at
Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

EssayBrill has stood as the world’s leading custom essay writing services providers. Once you enter all the details in the order form under the place order button, the rest is up to us.

Essays

Essay Writing Services

At EssayBrill, we prioritize on all aspects that bring about a good grade such as impeccable grammar, proper structure, zero-plagiarism and conformance to guidelines. Our experienced team of writers will help you completed your essays and other assignments.

Admissions

Admission and Business Papers

Be assured that you’ll definitely get accepted to the Master’s level program at any university once you enter all the details in the order form. We won’t leave you here; we will also help you secure a good position in your aspired workplace by creating an outstanding resume or portfolio once you place an order.

Editing

Editing and Proofreading

Our skilled editing and writing team will help you restructure you paper, paraphrase, correct grammar and replace plagiarized sections on your paper just on time. The service is geared toward eliminating any mistakes and rather enhancing better quality.

Coursework

Technical papers

We have writers in almost all fields including the most technical fields. You don’t have to worry about the complexity of your paper. Simply enter as much details as possible in the place order section.