MN623 Cyber Security and Analytics
|Assessment Details and Submission Guidelines|
|Unit Title||Cyber Security and Analytics|
|Assessment Type||Individual Assessment (Assignment one)|
|Assessment Title||Demonstration of penetration testing tools|
|Purpose of the assessment (with ULO Mapping)||Students should be able to demonstrate their achievements in the following unit learning outcomes: a. Implement and evaluate security testing tools in a realistic computing environment|
|Word limit||1000 – 1500 words for the report and the length of the video should be no more than 8 minutes|
|Due Date||11:55 PM, Wednesday Week 8 (4/9/2019)|
|Submission Guidelines||All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page.The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2.54 cm margins on all four sides of your page with appropriate section headings.Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using IEEE referencing style.|
|Extension||If an extension of time to submit work is required, a Special Consideration Application must be submitted directly on AMS. You must submit this application three working days prior to the due date of the assignment. Further information is available at: http://www.mit.edu.au/about–mit/institute–publications/policies– procedures–and–guidelines/specialconsiderationdeferment|
|Academic Misconduct||Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at: http://www.mit.edu.au/about-mit/institute-publications/policies- procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy- Procedure. For further information, please refer to the Academic Integrity Section in your Unit Description.|
For this assignment, you will evaluate two password cracking tools and write a report with video presentation on how you will perform penetration testing on the eCommerce platform and Linux-based FTP webserver to identify their security vulnerabilities and breaches.
Marks will be awarded based on the sophistication and the difficulties the demonstration explored.
Your task is to complete and make a video presentation and writing a report on the following:
- Download and install (on your computer or on MIT Virtual box) any two of the password cracking tools from Table 1.
- Outline of your presentation should include description of the tools.
- Demonstrate how to use these tools
to crack the password. Your demonstration should include:
- Discussion on the password cracking counter Measures, and
- Explanation of how to use these tools to crack the password.
- Comparison of the tools that you used in this work. Your comparison could include:
- Time is taken to crack the password
- Ease of usage
- Analyse the following scenarios and give your opinion on which of the tools that you investigated could be more suitable for these scenarios. In your analysis, please consider the following:
- Discuss how you will perform penetration testing on the eCommerce platform and Linux-based FTP webserver to identify their security vulnerabilities and breaches.
- You should appear in the video at the first and last 30 secs to introduce yourself and draw a conclusion on your experience with the security tool.
Case Scenario: Your client is Mr. Daniel Gromer who runs a chain of clothing shops in Australia. Mr Gromer runs over 50 clothing shops in Sydney and Melbourne targeting female customers in their early twenties with moderate budget. Mr. Gromer has recently taken an interest in online business as he realized that many of his competitions have moved onto the online platforms reducing their expenditure significantly. Mr. Gromer has hired a team of web developers (located overseas) to develop and their new online shop is ready to launch in May 2019. Mr. Gromer has no IT background but he is aware of many cases where the websites were hijacked and lost fortunes alongside ruining their digital reputations.
Mr. Gromer has approached the PureHacking.com to assess his new
eCommerce website and
report any vulnerabilities ahead of its launch as Mr. Gromer is aware that he may get only one chance at the online success and if the website security is breached, he can face major loss in his investment.
Mr. Gromer informs: his eCommerce website is using WooCommerce plugin implemented on the WordPress website platform and the entire website is running on Linux webserver. The website developers have been using FTP to upload the website contents to the Linux webserver.
Length of Video: Introduction (30 secs approximately, your appearance should be in the video) + Outline of the presentation (30 secs approximately) + Demonstration of the task (260 seconds approximately) + Comparison of the Tools (30 seconds approximately) +Analysis of the scenario (40 secs approximately) + Conclusion (30 secs approximately, with appearance). The total length of the presentation should not more than 8 minutes (mark would be deducted for over-length presentation).
Table 1: Password cracking tools
|Serial #||Name of the password cracking tool|
|1||John the Ripper|
|3||Cain & Abel|
You may use any of the available open source software for screen capture. Please find the following as an example.
- Software:- http://camstudio.org/
- Name your video with your student number and name.
- Upload Video on your Youtube account
- Copy the Video Link to a file (word document) and
- Upload it into the MOODLE
To upload on Youtube, you must create your account on youtube. If you have a google account (gmail), you already have one on youtube. Videos must be of one of the following formats: .MOV, .MPEG4, MP4, .AVI, .WMV, .MPEGPS, .FLV, .3GPP, and
.WebM. Once you have an account, to upload your video, click on the ‘upload’ button located at the top right-hand corner of your youtube.com webpage. To keep your uploaded video unsearchable by people so that random people cannot view your video(s), you have to select the privacy mode from the drop-down menu on the upload screen to be ‘Unlisted’. This way, your video is viewable by only those who have got the URL of your video. Make sure you copy and paste your video URL in the file submitted on MOODLE for your marker to be able to watch and mark it!
marking criteria is shown in following table. Marks are allocated as follows:
|Section to be included in the report||Description of the section||Marks|
|Introduction||Student should introduce with his/her physical appearance in the video.||10|
|Outline||Outline of the whole presentation including tool description.||5|
|Demonstration||Demonstrate (narration of your actions recorded by video) all steps from the respective project.||30|
|Comparison||Compare the two tools investigated.||10|
|Analysis||Analysis of the scenario.||15|
|Penetration test||Identifying vulnerabilities in Web and FTP server||15|
|Conclusion||Draw a conclusion on your experience with the Security Software.||10|
Example Marking Rubric for Assignment #: Total Marks 100
|Grade Mark||HD 16-20||DI 14-15||CR 12-13||P 10-11||Fail <10|
|Introduction||Appearance is||Appearance is clear and easy to follow.||Appearance is clear and understandable||Makes an appearance and provides an introduction.||Does not make an appearance in the video at the start of video|
|/10||clear, easy to follow, well|
|Outline||Create a very||A bullet point||Explained and there is screen showing a written outline but there is room for improvement.||Explained but no screen showing a written outline.||The outline is not|
|/5||nice bullet point||outline is provided||done properly.|
|outline and well||and presented|
|presented it||before the start of|
|before the||the presentation|
|Demonstrati on /30||Very profession- al, clear and easy to follow.||Professional, clear and easy to follow||Clear and easy to follow but lacks professionalism||Demonstration is done but there is Difficult to follow||Tasks have not been demonstrated properly (difficult to follow)|
|Comparison||Clear||Clear comparison||Clear comparison||Some comparison is||The comparison is|
|/10||comparison with||with some||with little||there but there is||very poorly done.|
|valid||justification and||justification.||room for|
|justification and||easy to follow||improvement.|
|very easy to|
|Analysis||Clear analysis||Clear analysis with||Clear analysis with||Some analysis is||The analysis is very|
|/15||with valid||some justification||little justification.||there but there is||poorly done.|
|justification and||and easy to follow||room for|
|very easy to||improvement.|
|Penetration test /15||Penetration test is fully performed.||Penetration test is partially performed.||Not Clear||Very little||Not done|
|Grade Mark||HD 16-20||DI 14-15||CR 12-13||P 10-11||Fail <10|
|Conclusion /10||A very powerful conclusion with full confidence.||Very Good Conclusion||Appearance made and good conclusion provided||Appearance made and conclusion provided.||Barely appear at the end of the video.|
|Reference /5||Reference list is complete and has been formatted||Reference list is complete and generally follows a set of formatting guidelines but there are some minor errors||Reference list is complete and generally follows a set of formatting guidelines but there are many minor errors or omissions||Reference list is inadequate||Reference list is inadequate because of one or more of the following: It is incomplete, or contains sources not cited.References lack detail required to locate the source.Formatting is inappropriate or inconsistent.References are fabricated.|