COIT12202 Network Security Concepts, Assignment 2, Term 2 2013

COT12202 – Network Security Concepts
Assessment Item 1 — Assignment 2
Due date: Weighting: Length: Thursday (5:00pm AEST), Week 10 25% N/A
ASSESSMENT

2

Note: Please answer all questions.

Assignment Submission
Submit your assignment electronically as a Microsoft Word file by the due date. Please do not zip the file.

Question 1:

[8 marks]

Using a web browser go to http://md5deep.sourceforge.net download and install md5deep as described in Project 11-2, Page 440 - Ciampa’s textbook. For this, you may find useful the Getting Started with md5deep document localised at http://md5deep.sourceforge.net/startmd5deep.html Download the Zip file for question 1 from the course Moodle site. In this file, you will find a number of unrelated files and a text file labelled as known-hashes.txt containing five md5deep hashes as follows: 4b3feae200f1eda0bcb81d4ef3924f45 6651d7f75e6234795448c3c0ca45e7c7 9e2b501cada079550d638b845e6dcfd6 593cfa914d868421482719a546bb487b c9ab59aa490a26ff83838f6ac0b670ae a) Your task is to match each of these five md5deep hashes with its respective file in the zip file. In doing so, fill in the following table with the names of the files:

Page 1 of 7

Assignment 2.COIT12202 Network Security Concepts. then you do not get marks. Filename whirlpooldeep hash [1/2 mark for each hash generated] Contrast these whirlpool hashes with the md5deep hashes. answer the following questions: Which are the differences / similarities? (100 words) [1. If you do not explain. [1/2 mark for each correct filename identified] b) Instead of the md5deep program.5 marks] Page 2 of 7 . Hint: You do not have to run the md5deep program for each of the files in the zip file.5 marks] Which one is more secure and why? Give some example applications where both md5deep and whirlpool hashes are used in (100 words) [1. Term 2 2013 md5deep Hash 4b3feae200f1eda0bcb81d4ef3924f45 6651d7f75e6234795448c3c0ca45e7c7 9e2b501cada079550d638b845e6dcfd6 593cfa914d868421482719a546bb487b c9ab59aa490a26ff83838f6ac0b670ae Filename To gain marks. you need to explain the process used to match the hashes with the files including the md5deep command line with the correct options (switches or flags) and screenshots as evidence. In doing so. use the whirlpooldeep program (included in the download of the md5deep) to generate the hashes of the five file files you found above.

Page 3 of 7 .full backups – tapes are stored offsite (“grandfather” backups occur on the last working day of the month regardless of what day it is – Grandfather backups over-ride father or son backups) – tapes are re-used every 3 months o Four (4) ‘weekly’ tapes (labeled as Week1. Term 2 2013 Question 2: Backup Strategy (7 marks) Consider the “grandfather-father-son” data backup system presented below: The system uses the following backup tapes: o Three (3) ‘monthly’ tapes (labeled by their month name)– these are used for “grandfather” backups .COIT12202 Network Security Concepts. Week 2. Week 4) – these are used for “father” backups – differential backups – tapes are stored offsite . Wed. Week3.incremental backups – tapes are re-used on a weekly basis Backups are performed at the end of each business day. Assignment 2. Tues.tapes are re-used on a monthly basis o Four (4) ‘daily’ tapes (labeled as Mon. Thu) – these are used for “son” backups .

[1. Page 4 of 7 .5 mark] In your answer. Your company’s server was broken into by an attacker and an unknown number of system files have been tampered with. provide short answers for each to the following questions: 1. Term 2 2013 The following calendar shows the data backup schedule for June of a year: Sun Mon Tue Wed Thu Fri Sat 30 May 31 May May Tape Grandfather 1 June Tues Tape Son 2 June Wed Tape Son 3 June Thu Tape Son 4 June Week 1 Tape Father 5 June 6 June 7 June Mon Tape Son 8 June Tues Tape Son 9 June Wed Tape Son 10 June Thu Tape Son 11 June Week 2 Tape Father 12 June 13 June 14 June Mon Tape Son 15 June Tues Tape Son 16 June Wed Tape Son 17 June Thu Tape Son 18 June Week 3 Tape Father 19 June 20 June 21 June Mon Tape Son 22 June Tues Tape Son 23 June Wed Tape Son 24 June Thu Tape Son 25 June Week 4 Tape Father 26 June 27 June 28 June Mon Tape Son 29 June Tues Tape Son 30 June June Tape Grandfather 1 July Thu Tape Son 2 July Week 1 Tape Father 3 July Given this scenario. Which backup tapes were required to restore the system to its most recent backup? [1 mark] In what order should they be restored? [1 mark] Explain the purpose of each step in your system restore process. Assignment 2. The system logs indicated that the break-in occurred on the Thursday 3rd June during the middle of the day. identify each tape by the tape label and date in the calendar above (for example: “Week 2 Tape 11 June“ ).COIT12202 Network Security Concepts.

5 mark] In your answer.pdf Question 3: SNORT Rule [10 marks] Please refer to page 8 of the Snort Project (question 3) found in the Moodle Site .23. identify each tape by the tape label and date in the calendar above (for example: “Week 2 Tape 11 June“ ). [1.doc” from any other host using the TFTP protocol. As above.exabyte.0/16 var EXTERNAL_NET !138.0/16 Your explanation of the above in italics drop udp $EXTERNAL_NET any -> $HOME_NET 993 Your explanation of the above. Test your rule making sure that a single packet is detected. Assignment 2.Week 8. An example of how to layout your solution follows: var HOME_NET 138. Term 2 2013 2.77. The system logs indicated that it occurred Wednesday 23rd June during the middle of the day.g.23. your task is to do the same thing but rather write a rule that generates an alert when any host attempts to transfer the file “/tftpboot/secretary.com/support/online/documentation/whitepapers/basicbackup. In this assignment question. pages 501-504) and research data backup systems using the Web (Full Backups/Differential Backups/Incremental Backups and Grandfather/Father/Son backups) e. Note that this attempt is captured in packet 154 of the PCAP file. your company’s server was broken into by the same attacker a second time.COIT12202 Network Security Concepts. For this second break-in: Which backup tapes were required to restore the system to its most recent backup? [1 mark] In what order should they be restored? [1 mark] Explain the purpose of each step in your system restore process. you are asked to write a rule that generates an alert when any host attempts to transfer the file “/tftpboot/secret” from any other host using the TFTP protocol. In the project.77. Hint: Refer to your textbook (Ciampa 4th edition.: http://www. and so on… An example explanation for a SNORT rule option: Page 5 of 7 .

and 5 marks for rule correctness as explained below: Commenting criteria: • 2. Term 2 2013 content: “USER root”. it will match that string whether in upper. Furthermore. the nocase option specifies that the string “USER root” should be matched case insensitively. has false positives/false negatives.5 – 2 marks A few mistakes but still essentially correct and does not contain syntax errors • 0 . Does not demonstrate a good understanding of the material or solution is very vague • 0 marks Essentially nothing correct or solutions have been copied verbatim from other sources SNORT rule correctness criteria: • 2.5 marks A very good. Shows good understanding of the material • 2 marks Has a few misunderstandings or explanations • 1 – 1. a few mistakes. and adheres to the assignment specification fully • 1. In other words.5 marks A correct. without false positives or false negatives. some major and not very descriptive • 0.1 marks Does not meet the specifications. nocase.COIT12202 Network Security Concepts.5 marks Major problems. concise SNORT rule that identifies malicious packets. Marking criteria: 5 marks for explaining/commenting. or syntax errors Please note Page 6 of 7 . lower or mixed capitalisation. Assignment 2. in depth explanation of the SNORT Rule. The content of the packet must contain the string “USER root” to be matched.5 marks Passable explanations.

COIT12202 Network Security Concepts. Please remember that your assignment will be sent to Turnitin for academic integrity. Plagiarism will be referred to CQU authorities for investigation and possible academic penalty. Assignment 2. consequently it is your responsibility to answer your questions on your own words. Page 7 of 7 . Term 2 2013 Your answers need to be thoroughly documented using in-text reference (Harvard or APA style).

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer: Get 4 months of Scribd and The New York Times for just $1.87 per week!

Master Your Semester with a Special Offer from Scribd & The New York Times