1

School of Science and Technology

Referral COURSEWORK ASSESSMENT SPECIFICATION (PG)

Details of Module and Team

What Learning Outcomes are assessed?
What are my Deadlines and how much does this
assessment contribute to my Module Grade?

What am I required to do in the assessment?

What are my assessment criteria? (What do I
have to achieve for each grade?)
Can I get formative feedback before submitting ?
If so, how?
What extra support could I look for myself?

How and when do I submit this assessment?

How and when will I get summative feedback?
What skills might this work evidence to
employers?
2
MODULE CODE COMP40461

MODULE TITLE Network and Cloud Security

MODULE LEADER Dr Waleed Bul’ajoul
TUTOR(S) Dr Waleed Bul’ajoul
COURSEWORK TITLE Securing and testing a network &
cloud system performance
LEARNING OUTCOMES K1, K2, K3, K4, S1, S2, S3
ASSESSED
CONTRIBUTION TO ELEMENT 100% of the total coursework mark
100% of the total module mark
DATE SET 18th May 2020
DATE OF SUBMISSIION 19th June 2020 – midnight
METHOD OF SUBMISSION Module Dropbox in NOW
DATE OF FEEDBACK 10th July 2020
METHOD OF FEEDBACK Via Module Dropbox
Work handed in up to five working days late will be given a maximum
Grade of Low Third whilst work that arrives more than five working days
will be given a mark of zero.
Work will only be accepted beyond the five working day deadline if
satisfactory evidence, for example, an NEC is provided. Any issues
requiring NEC
https://ntu.ac.uk/current_students/resources/student_handbook/app
eals/index.html

The University views plagiarism and collusion as serious academic

irregularities and there are a number of different penalties which may be
applied to such offences. The Student Handbook has a section on
Academic Irregularities, which outlines the penalties and states that
plagiarism includes:
'The incorporation of material (including text, graph, diagrams,
videos etc.) derived from the work (published or unpublished) of
another, by unacknowledged quotation, paraphrased imitation or other
device in any work submitted for progression towards or for the
completion of an award, which in any way suggests that it is the
student's own original work. Such work may include printed material in
textbooks, journals and material accessible electronically for example
from web pages.'
Whereas collusion includes:
“Unauthorised and unacknowledged copying or use of material prepared
by another person for use in submitted work. This may be with or without
their consent or agreement to the copying or use of their work.”
If copied with the agreement of the other candidate both parties are
considered guilty of Academic Irregularity.
3
Penalties for Academic irregularities range from capped marks and zero
marks to dismissal from the course and termination of studies.

To ensure that you are not accused of plagiarism, look at the sections
on Plagiarism Support and Turnitin support.

I. Assessment Requirements
Network and cloud security aim to ensure the confidentiality, integrity and
availability of interconnected systems and information. Due to the wide-ranging
environments and platforms that are in use, and the lack of security awareness by
many users, network security is a complex task. This has resulted in a high level of
traffic/data loss or theft amongst business users, particularly in relation to
information or networked systems accessed via physical or virtual networks and
systems interfaces. This assignment allows you to build your knowledge and
understanding of the theoretical and practical issues in network and cloud security.
In particular, you will demonstrate the threats to networked computers and ways
in which these threats may be mitigated by the deployment of appropriate security
countermeasures.

With the interconnected nature of technology today, securing our networked

systems and data against attack is a major concern for organisations.
Understanding attacks on our data, computers, and networks enable us to put in
place technical countermeasures to mitigate such attacks. In addition, the ability to
effectively test the security of our networked systems can facilitate understanding
to prevent further security issues.

To pass the coursework you must

• demonstrate your understanding of securing Networks including cloud, web

application, or servers based on security technologies (e.g., Intrusion
Detection and Prevention System (IDPS), Firewall, or others such as
antivirus, malware, etc) using a virtual operating system (Ubuntu 18.04”);
• demonstrate your understanding of securing a network and system by
building on work conducted in lecture and lab sessions.
• test security performance for your network (which consists of local hosts,
vulnerable web application or servers) when it faces different attacks
techniques e.g., SQLi attacks, Backdoor attacks, flood attacks (TCP, UDP,
ICMP, HTTP), high-speed malicious traffic, Mitigate attacks (PacketTracer),
etc.
• Use various proactive and reactive security tools and techniques to test
security performance of your network and system implementation. This
builds on experience gained in lab sessions to provide a practical
demonstration of securing computer networks and cloud systems in general.

• This is an individual coursework.

4
II. Assessment Scenario/Problem
You are required to

1. Research and report on security challenges for networked systems including

web applications, computer networks and cloud servers. This section should
be approximately 600 words long.
2. You will then set up a prototype network. Here, you can choose one of 3
(three) following options:
a. The prototype network consisted of 3 (three) virtual stations including
(e.g., Ubuntu Mate 18.04, Kali, Vulnerable web application) connected
together in one internal network.
b. The prototype network consisted of 2 (two) virtual stations including (e.g.,
kali and Vulnerable web application) connected in one internal network.
c. The prototype system consisted of one virtual station including e.g.,
internal web application.

Equal marks will be given whichever option is chosen because there are different
challenges involved in each option. Some options may be more suitable for
computers with limited capacity.

Several tools and hackers’ techniques (which were introduced in the lab sessions
and should find out more by your research) can be used to test your network or
system security performance. You should use Snort IDPS to test your system’s
security (analysis, detection and prevention performance). The result should be
reported and discussed.

3. You must detail your testing strategy, for example, discussing the
implementation of tools and techniques (introduced in lab sessions and
identified by your research) that would aid you in this task.
4. Then you should implement your security testing strategy for your system
(VM) security, detail the results obtained, and evaluate the security of
system.
You are encouraged to make recommendations on (a) how the networking
and systems may have its security improved. (b) how to raise the level of
security of OS to meet the needs for Internet readiness and to demonstrate
that the system is secure by employing appropriate tools and techniques
introduced in the lab sessions and identified by your research. This section
should consider 2 or 3 issues such as access control, remote access
applications, OS, network interfaces, network security architecture and
maybe others. The level of security required is ‘medium’, i.e. it provides an
appropriate level of security (ensuring confidentiality, integrity and
availability) for systems providing services over networks. You will
demonstrate that the required level of security of your Ubuntu IDPS has been
achieved by employing appropriate tools and techniques. This part of the
coursework will use screenshots and textual descriptions to illustrate any
practical work undertaken. This section will be supported with references to
papers in journals, conference proceedings, Web sites or books on securing
computer systems.
5
5. You are required to write a reflective statement based on skills learned from
the module and coursework. Your reflective statements should be
approximately 200 words. It will reflect on the skills learned in completing
this coursework.
6. You must give a demonstration of your overall system and its network
security. This part of the coursework should use screenshots and textual
descriptions to illustrate any practical work undertaken.

Your report including your reflective statement should not exceed 3000 words
(excluding references and appendices).

You are encouraged to link any references in the practical elements of the
assignment to relevant and related academic literature. Particular care should be
made to ensure that the report contains correct references to all cited work in an
appropriate style, e.g., the Harvard Referencing System.

You should submit your final report including your reflective statements to the
Dropbox in NOW before the submission deadline.
6

III. Assessment Criteria

Grading Descriptors
Class/grade Exceptional Distinction Commendation PASS Fail Zero
distinction
( (Very good) (Good) (insufficient) 0-1.4
15.5-16.0 E
Assessment x
criteria c
DHigh DMid
e DLow CHigh CMid CLow PHigh PMid PLow FMARG FMid FLow
l
14.5- 13.5-
l 12.5- 11.5- 10.5- 9.5- 8.5- 7.5- 6.5- 4.5-6.4 2.5-4.4 1.5-2.4
15.4 14.4
e 13.4 12.4 11.4 10.4 9.4 8.4 7.4
n
t
Security Fully contextualises (Excellent)
Contextualises work with Attempt at contextualising Good Knowledge and Attempt but marginally Absent or no merit.
challenges: work with appropriate, relevant, the work with appropriate understanding insufficient meaningful
research on appropriate, accurate background; background information sufficient to deal with content; reliant on use of Fails to add
security relevant, accurate excellent knowledge and perhaps with some errors or terminology, basic facts limited sources to advance meaningful content;
challenges for background; understanding of the omissions; very good and concepts; pass to work (FMARG). Fails to add highly insufficient
Networks and excellent knowledge requirements relating knowledge and make meaningful meaningful content; highly knowledge,
systems. and understanding facts/concepts together understanding of the synthesis; descriptive insufficient knowledge, understanding, and
of requirements as with some ability to apply requirements analytical; and limited attempt at understanding, and application of the
the student is to taught contexts; evidence of appropriate requirements analysis application of the area of area of study.
typically able to go evidence of critical selection and evaluation of and identification of study.
beyond what has evaluation/ synthesis/ background information but appropriate tools and
been taught; research with some generally reliant on set techniques; strong
evidence of beyond the prescribed sources to advance reliance on available
extensive and range; very good arguments; very good support set sources to
critical evaluation/ demonstration of the attempt with some notable advance work;
synthesis/ research requirements from inaccuracies, errors, or adequate attempt in
beyond the breadth of research. omissions. Very good general, with notable
prescribed range; demonstration of the inaccuracies, errors,
excellent requirements from breadth limitations, or
demonstration of of research but may rely on omissions.
requirements with some set sources.
breadth, focus, and
critical analysis and
is well supported by
7

reference to the
wider literature.

Design and Exceptional Excellent demonstration Very Good demonstration of Competent Attempt but marginally Absent or no merit.
implementati demonstration of of security security countermeasures demonstration of insufficient meaningful no understanding,
on: Set up security countermeasures related related to confidentiality, security tools and content; demonstration of and application of
prototype countermeasures to confidentiality, integrity or availability techniques sufficient to relevant skills over a reduced the area of study;
network and related to integrity and availability applied to the OS focusing on deal with basic facts or range (FMARG). Highly weak technical and
system confidentiality, applied to the OS some the taught with notable concepts; pass to make insufficient knowledge, practical competence
security integrity and going beyond the taught limitations; evidence of meaningful synthesis or understanding, and hampers ability to
architecture availability applied with minor limitations or appropriate selection and related to the OS with application of the area of demonstrate
VM. to the OS going omissions; evidence of evaluation of background notable limitations or study; weak technical and achievement of
beyond what has appropriate selection and information but generally omissions; some ability practical competence outcomes.
been taught; critical evaluation/ reliant on set sources to to select and evaluate hampers ability to
evidence of synthesis/ research with advance arguments; very tools but application is demonstrate achievement of
extensive and some beyond the good demonstration of very general or outcomes.
appropriate prescribed range; security implementation with incomplete but
selection and critical Excellent demonstration some notable inaccuracies, sufficient; adequate
evaluation/ of security errors, or omissions; very demonstration of
synthesis/ research implementation with good demonstration of security
beyond the breadth, focus, and relevant skills although implementation with
prescribed range; critical analysis but may limited in range. some notable
excellent rely on some set sources; inaccuracies, errors, or
demonstration of very good demonstration omissions; adequate
security of relevant skills. demonstration of
implementation relevant skills over a
with breadth, focus, limited range.
and critical analysis;
excellent
demonstration of
relevant skills.

Reflective Excellent written Very good written Mostly very well presented Good presented but Marginally inadequate Absent or no merit.
statement: language and language and but notable omissions; good notable omissions or (FMARG). Very Weak Very Weak
Contribution presentation with presentation with few written language and errors; adequate competence hampers ability competence
to task, skills few very minor minor structural or presentation with some attempt at evaluation of to communicate hampers ability to
achieved. structural or typographical errors; structural or maybe minor performance and skills; achievement of outcomes. communicate
typographical very good critical typographical errors; very good detail and/or achievement of
errors; excellent evaluation of good evaluation of incomplete or notable outcomes.
critical evaluation of performance and skills performance and skills and inaccuracies but
performance and with some awareness of some awareness of otherwise sufficient;
skills whilst limitations with some notable written communication
recognising
8

limitations; concise, limitations; well inaccuracies, errors, or is generally competent

clear, accurate, and presented. omissions. with some weaknesses.
complete.

Demonstrati Fully contextualises Contextualises work with Attempt at contextualising Good Knowledge and Attempt but marginally Absent or no merit.
on of work with appropriate, relevant, the work with appropriate understanding insufficient meaningful
network and appropriate, accurate background; background information sufficient to deal with content; demonstration of No understanding,
cloud relevant, accurate excellent knowledge and perhaps with some errors or terminology, good facts relevant skills over a reduced and application of
security and background; understanding of threats omissions; very good and concepts; pass to range (FMARG). Highly the area of study;
overall Exceptional and vulnerabilities knowledge and make meaningful insufficient knowledge, very weak technical
system: knowledge and relating facts/concepts understanding of threats and synthesis; descriptive understanding, and and practical
understanding of together with ability to vulnerabilities analytical; and limited attempt at application of the area of competence
Demonstration threats and apply to taught contexts; evidence of appropriate analysis of threats and study; weak technical and hampers ability to
of security vulnerabilities as evidence of critical selection and evaluation of vulnerabilities, and practical competence demonstrate
tools the student is evaluation/ synthesis/ background information but application of hampers ability to achievement of
implementatio typically able to go research with some generally reliant on set appropriate tools; demonstrate achievement of outcomes.
n. beyond what has beyond the prescribed sources to advance strong reliance on outcomes.
Demonstration been taught; range; excellent arguments; very good available support set
that the evidence of demonstration of the attempt to demonstrate the sources to advance
desired level extensive and security of network and security of overall systems work; adequate
of security is critical evaluation/ overall systems from with some notable attempt to demonstrate
achieved. synthesis/ research breadth of research but inaccuracies, errors, or the security of overall
beyond the may rely on some set omissions; very good systems in general,
prescribed range; sources; very good demonstration of relevant with notable
outstanding demonstration of skills although limited in inaccuracies, errors,
demonstration of relevant skills. range. limitations, or
the security of the omissions; adequate
network and overall demonstration of
systems with relevant skills over a
breadth, focus, and limited range.
critical analysis and
is well supported by
reference to the
wider literature;
excellent
demonstration of
relevant skills.

Testing Exceptional Excellent knowledge of Demonstrates a very good Good Knowledge and Attempt but marginally Absent or no merit.
strategy: knowledge of the the range of options knowledge of the range of understanding insufficient meaningful Highly insufficient
Discussion of range of options available to test security options to test security; sufficient to deal with content; demonstration of knowledge and
appropriate available to test with some minor evidence of appropriate terminology, basic facts relevant skills over a reduced understanding of the
security; evidence omissions or errors; selection and evaluation of and concepts; pass to range (FMARG). Insufficient area of study to
9

tools and of extensive and evidence of critical background information but make meaningful knowledge and produce meaningful
techniques. critical evaluation/ synthesis/ generally reliant on set strategy; strong understanding of the area of strategy.
evaluation/synthesi research some beyond sources to advance reliance of available study to produce meaningful
s/research beyond the prescribed range; arguments; provides support set sources to strategy.
the prescribed recommendations to test recommendations to test advance work;
range; security have breadth, security for potential issues arguments for
recommendations focus, evaluation and but have some limitations or recommendations to
to test security of some critical analysis and inaccuracies. test security have
systems have are well supported. notable weaknesses,
excellent breadth, limitations and/or are
focus, evaluation poorly constructed.
and critical analysis
and are well
supported by
reference to the
wider literature.

Test and Exceptional excellent knowledge and Demonstrates a very good Good Knowledge and Attempt but marginally Absent or no merit.
evaluation of knowledge and application of the range knowledge and application of understanding insufficient meaningful Highly insufficient
results: application of the of options available to the range of options to test sufficient to deal with content; demonstration of knowledge and
Discussion of range of options test security; evidence of security with some terminology, basic facts relevant skills over a reduced understanding of the
test results available to test critical limitations; evidence of and concepts; Pass to range (FMARG). Insufficient area of study to
and security; evidence evaluation/synthesis/ appropriate selection and make meaningful knowledge and produce meaningful
recommendati of extensive and research some beyond evaluation of background application; strong understanding of the area of results and
ons to raise critical the prescribed range; information but generally reliance of available study to produce meaningful evaluation; very
the level of evaluation/synthesi recommendations to reliant on set sources to support set sources to results and evaluation; weak weak or no technical
network and s/research beyond improve security have advance arguments; results, advance work; results, technical and practical and practical
cloud security the prescribed breadth, focus, and some evaluation, and evaluation, and competence hampers ability competence
for internet range; results and critical analysis; excellent recommendations have recommendations have to demonstrate achievement hampers ability to
readiness. evaluation have demonstration of described and discussed notable weaknesses, of outcomes. demonstrate
excellent breadth, relevant skills. well; very good limitations and/or are achievement of
focus, and critical demonstration of relevant poorly constructed; outcomes.
analysis; excellent skills although limited in adequate
demonstration of range. demonstration of
relevant skills. relevant skills over a
limited range.
10
IV. Assessment Criteria

Assessment criteria:

• Research for security challenges (20%)

• Design and implementation (15%)
• Reflective statement (5%)
• Demonstration of network security and overall system (20%)
• Testing strategy (10%)
• Test and evaluation of results (30%)

V. Feedback Opportunities
Formative (Whilst you’re working on the coursework)
You will be given the opportunity to book appointments to discuss the
assessment outside of class time.

Summative (After you’ve submitted the coursework)

You will receive specific feedback regarding your coursework
submission together with your awarded grade when it is returned to
you. Clearly, feedback provided with your coursework is only for
developmental purposes so that you can improve for the next
assessment or subject-related module.

VI. Resources that may be useful

Referencing styles please use Harvard as detailed here
Guidance for presentations as detailed here and think about what
lectures you have liked and why
Guide to planning your time here and an automated planner here
Guidance for revision is here
Guidance on avoiding cheating is here

Remember to use Outlook or physical calendars to block out time

between lectures and labs to work on this coursework.

VII. Moderation

The Moderation Process

All assessments are subject to a two-stage moderation process. Firstly, any
details related to the assessment (e.g., clarity of information and the
assessment criteria) are considered by an independent person (usually a
member of the module team). Secondly, the grades awarded are considered
by the module team to check for consistency and fairness across the cohort
for the piece of work submitted.
11

VIII. Aspects for Professional Development

Employability skills
Digital skills
Transferable skills

All the Best ,,,,,,

Waleed Bul’ajoul
Module Leader