Sample COIT20262 Advanced Network Security Assignment

COIT20262 Advanced Network Security Assignment Sample

Instructions

Attempt all questions.

This is an individual assignment, and it is expected students answer the questions themselves. Discussion of approaches to solving questions is allowed (and encouraged), however each student should develop and write-up their own answers. See CQUniversity resources on Referencing and Plagiarism. Guidelines for this assignment include:

• Do not exchange files (reports, captures, diagrams) with other students.

• Complete tasks with virtnet yourself – do not use results from another student.

• Draw your own diagrams. Do not use diagrams from other sources (Internet, textbooks) or from other students.

• Write your own explanations. In some cases, students may arrive at the same numerical answer; however their explanation of the answer should always be their own.

• do not copy text from websites or textbooks. During research you should read and understand what others have written, and then write in your own words.

• Perform the tasks using the correct values listed in the question and using the correct file names.

File Names and Parameters Where you see [StudentID] in the text, replace it with your actual student ID. If your student ID contains a letter (e.g. “s1234567”), make sure the letter is in lowercase.

Where you see [FirstName] in the text, replace it with your actual first name. If you do not have a first name, then use your last name. Do NOT include any spaces or other non-alphabetical characters (e.g. “-“).

Submission

Submit two files on Moodle only:

1. The report, based on the answer template, called [StudentID]-report.docx.

2. Submit the packet capture [StudentID]-https.pcap on Moodle Marking Scheme

A separate spreadsheet lists the detailed marking criteria. Virtnet Questions 1 and 3 require you to use virtnet topology 5. The questions are related, so you must use the same nodes for all three questions.

• node1: client; assumed to be external from the perspective of the firewall.

• node2: router; gateway between the internal network and external network. Also runs the firewall.

• node3: server; assumed to be internal from the perspective of the firewall. Runs a web server with HTTPS and a SSH server for external users (e.g. on node1) to login to. Will contain accounts for multiple users.

Question 1. HTTPS and Certificates [10]

For this question you must use virtnet (as used in the Tutorials) to study HTTPS and certificates. This assumes you have already setup and are familiar with virtnet. See Moodle and workshop instructions for information on setting up and using virtnet, deploying the website, and testing the website.

Your task is to setup a web server that supports HTTPS. The tasks and sub-questions are grouped into multiple phases.

Phase 1: Setup

1. Ensure your MyUni grading system, including new student user and domain of are setup. See the instructions in Assignment 1. You can continue to use the setup from
Assignment 1.

Phase 2: Certificate Creation

1. Using [StudentID]-keypair.pem from Assignment 1, create a
Certificate Signing Request called [StudentID]-csr.pem. The CSR must contain thesefield values:
o State: state of your campus
o Locality: city of your campus
o Organisation Name: your full name
o Common Name: www.[StudentID].edu
o Email address: your @cqumail address
o Other field values must be selected appropriately.

2. Now you will change role to be a CA. A different public/private key pair has been created for your CA as [StudentID]-ca-keypair.pem. As the CA you must:

3. Setup the files/directories for a demoCA

4. Create a self-signed certificate for the CA called [StudentID]-ca-cert.pem.

5. Using the CSR from step 1 issue a certificate for www.[StudentID].edu called [StudentID]-cert.pem.

Question 2. Attack Detection from Real Intrusion Dataset

For this question you need to implement three meta-classifiers to identify attack and normal behaviour from the UNSW-NB15 intrusion dataset. You are required to read the data from training set (175,341records) and test set (82,332 records).

You are required to implement it by using the publicly available machine learning software WEKA. For this task you will need two files available on Moodle:

• training.arff and test.arff.

You need to perform the following steps:

• Import training data.

• For each classifier:
- Select an appropriate classifier
- Specify test option
- Supply test data set
- Evaluate the classifier.

You need to repeat for at least 3 classifiers, and eventually select the results from the best 2 classifiers.

You need to include in your report the following:

(a) Screenshot of the performance details for 3 classifiers [1.5 marks]

(b) Compare the results of the selected best 2 classifiers, evaluating with the metrics:Accuracy, precision, recall, F1-Score and false positive rate.

Question 3. Firewalls and iptables [8]

You are tasked with designing a network upgrade for an educational institute which has a single router, referred to as the gateway router, connecting its internal network to the Internet. The institute has the public address range 100.50.0.0/17 and the gateway router has address 100.50.170.1 on its external interface (referred to as interface ifext). The internal network consists of four subnets:

A DMZ, which is attached to interface ifdmz of the gateway router and uses address range 100.50.171.0/25.

• A small network, referred to as shared, with interface ifint of the gateway router connected to three other routers, referred to as staff_router, student_router, and research_router. This network has no hosts attached (only four routers) and uses network address 10.5.0.0/18.

• A staff subnet, which is for use by staff members only, that is attached to the staff_router router and uses network address 10.5.1.0/23.

• A student subnet, which is for use by students only, that is attached to the student_router router and uses network address 10.5.2.0/23.

• A research subnet, which is for use by research staff, that is attached to the research_router router and uses network address 10.5.3.0/23.

Question 4. Wireless security [10]

Read the research article on Wi-Fi Security Analysis (2021) from the below link:

You need to perform the following tasks:

(a) Write an interesting, engaging, and informative summary of the provided article. You must use your own words and you should highlight aspects of the article you think are particularly interesting. It is important that you simplify it into common, easily understood language. Your summary MUST NOT exceed 400 words. [3 marks]

(b) Find an Internet (online) resource (e.g., research article or link) that provides additional information and/or a different perspective on the central theme of the article you summarised in (a). Like you did in (a), summarise the resource, in your own words and the summary should focus on highlighting how the resource you selected expands upon and adds to the original prescribed resource. You must also provide a full Harvard reference to the resource. This includes a URL and access date. [4 marks]

(c) Reflect on the concepts and topics discussed in the prescribed article and the resource you found and summarised and how you think they could potentially impact us in future.

Solution

Question 1- HTTPS and Certificates

HTTPS is the shorter format of Hyper Text Transfer Protocol Secure. HTTPS appears in the Uniform Resource Locator when the SSL certification barricades the website. The overall details of the credential and the website proprietor's corporate standing can be considered by clicking on the specific safety symbol on the browser streak.

Part (a)

The ala data of the student's Id and the user's details are added with the help of the MyUni system (Aas et al. 2019). Follow the basic information of Assignment 1. The setup is being processed in that way.

Part (b)

Certificate creation follows an essential process where one must send a signing request to the Certificate Authority.

1. Run the necessary Command to can make a certificate signing request (CSR) file: openssl.exe req-new-key certaname. Key-out certname. CSR.
2. The promotion time is needed information like the common name, Tableau Server name, etc.

The use of HTTPS with the specific Domain name requires an SSL certificate, which has to be installed on the website.

Figure 1: Kali Linux cmd server
(Source: Created on Kali Linux)

Figure 2: Creating CSR

(Source: Created on Kali Linux)

In this figure, a key pair file is used to construct a Certificate Signing Request (CSR). Specific field values seen in the CSR include email address, organization name, common name, state, and locale. The CSR is created with the name [StudentID]-csr.pem with the intention of getting a certificate for the student website.

Figure 3: Details of Certificate
(Source: Created on Kali Linux)

Part (c)

Write your answer here

The HTTPS on Apache is followed in several steps.

- Discover the Apache format file and unlock it with the text editor. The name of the Apache Configuration File has to depend on the system outlet.
- Demonstrate the Apache SSL structure file and save it. Open the Apache SSL layout file.
- Restart the Apache Web Server in the Linux OS System.

Part (d)

The testing process of the HTTPS certificate is done in basic simple steps. These are 1. First of all, check the Uniform Resource Locator of the specified website starting with HTTPS, where the SSL certificate has been created.2. Tab on the Padlock icon on the valuable address bar to can check all the specific details and information which is related to the Certificate.

Part (e)

The SSL is known as the Secure Sockets Layer. The SSL is a basic protocol that has the ability to can create an encipher link between the Web browser and Web Server (Gerhardt et al. 2023). Any data that can be swapped between a website and a specific visitor will be protected. Holding an SSL certificate for the WordPress website is a must for running an Ecommerce Store.

Question-2

Attack Detection from Real Intrusion Dataset

Part (a)

Training.arff

Classifier 1

Figure 1: Run Information of Rules Classifier 1

Figure 2: Rules Classifier in Test Model

Figure 3: Summary of Rules Classifier

Figure 4: Accuracy of Rules Classifier

Figure 5: Confusion Matrix of Rules Classifier

Classifier 2

Figure 6: Run Information of Bayes Classifier 2

Figure 7: Classification Model in Bayes Classifier

Figure 8: Evaluation Test and Summary of Rules Classifier

Figure 9: Accuracy of the Rules Classifier

Figure 10: Confusion Matrix in Rules Classifier

Classifier 3

Figure 11: Run Information of Trees Classifier 3

Figure 12: Classification Model in Trees Classifier

Figure 13: Summary of Trees Classifier

Figure 14: Accuracy of the Trees Classifier

Figure 15: Confusion Matrix of Trees classifier

Test.arff

Classifier 1

Figure 16: Run Information Test of Rules Classifier 1

Figure 17: Test Model in Rules Classifier

Figure 18: Summary Test of Rules Classifier

Figure 19: Accuracy of the Rules Classifier

Figure 20: Confusion Matrix of Rules Classifier

Classifier 2

Figure 21: Run Information of Bayes Classifier 2

Figure 22: Test model of Bayes Classifier

Figure 23: Build Model in Test.arff Bayes Classifier

Figure 24: Accuracy of Bayes Classifier

Figure 25: Confusion Matrix of Bayes Classifier

Classifier 3

Figure 26: Run Information of the Trees classifier 3

Figure 27: Classification Model in Trees

Figure 28: Summary of the Tress Classifier

Figure 29: Accuracy of the Trees Classifier

Figure 30: Confusion Matrix of Trees Classifier

Part (b)

Test.arff

The run information of Classification 1 is needed a shorter type scheme and very long attributes, but Classification 2 is specified a different scheme. The accuracy of classification 1 is presented in a more elaborate way but in the case of classification 2, there is a little much short about the accuracy. The F1 score and the false positive rate are better in Classification 2 than the Classification 1 (Ahmad et al. 2022).

Train.arff

The run information of the Classification 1 is very detailed in the primary part but the portion of Classification 2 is not specified in a proper way. The accuracy is less in classification 1 in the Train.arff but classification 2 is more accurate from the matrix perspective. The F1 score in the machine learning process is more specified in Classification 2 than in Classification 1 in the Train.arff (Alduailij et al. 2022).

Part (c)

Based on the specific comparison between classification1 and Classification 2, Classification 2 is better than Classification 1 because the scheme is more evaluated in Classification 2. The accuracy in Classification 1 is little much less appropriate than in Classification 1. The F1 score and the false positive rate are always better in Classification 2 than in Classification 1 of the bother test.arff and train.arff (Ceragioli et al. 2022).

Part (d)

The UNSW-NB15 is a process of the network Instruction sheets. It basically contains nine types of different attacks. The whole dataset contains ideal network packets. The number of possible records in the training set is primarily 175,341. Records. Of these nine attacks, the normal and the Generic are the most powerful. Because the training set and testing are best in these two category.
 

Question 3- Firewalls

Part (a)

Wireless networks utilize radio swells to transfer data into machines, similar to laptops, smartphones, and tablets, or entry points, that have attached to the “Wired Network”. “Wired Networks” utilize cables, similar to Ethernet, to secure machines, similar to routers, buttons, and wait people, to individually different or to the internet. The “Virtual Private Network” has an encrypted association up the Internet from the device to the web. The encrypted association supports guarantees that exposed data has been safely transferred. This precludes unauthorized somebody from eavesdropping on the gridlock or permits the user to execute a career remotely.

Figure 34: Diagram of wired Network
(Source: Created on Draw.io)

The network diagram in the example would show a wired network, a wireless network, and a VPN. One to three devices each would be used to represent the staff, student, and research subnets. The IP addresses of each machine and router interface would be noted. The areas of the network where data is encrypted, either by WIFI encryption or the VPN, would be prominently marked on the diagram as encrypted using red or similar easily recognizable label.

Part (b)

The firewall rules have the entry authority mechanism utilized by a firewall to protect the network from the contaminated application or unauthorized entrance. Fire3wall rules determine the variety of gridlock the firewall takes or that have rejected. The exhibition of the firewall rules creates the firewall entrance procedure. The firewall has network security that maintains getaway unauthorized users or hackers. Virtual software support saving files from viruses. Firewall support to maintain intruders by obstructing them from accessing the system in the rather residence. The firewall has a technique planned to control undesirable data from reaching and leaving the personal network. The learner will utilize either hardware or software to execute the firewall or an assortment of the two. In the company environment, or association can have an intranet that they save utilizing the network.

Part (c)

The Rules of the tables are primarily:

- Flare the concluding app or log in with the use of the sash command: $ sash user @server- name.
- List all of the IPv4 rules: $ sudo iptables -S.
- Find the valuable list of all IPv6tables -S.
- List all the special section table rules: $ sudo ip6tables -L -v -n | more.
- Lat List all the rules for the specified INPUT tables.

To add some new rule as the special section of the existing rule, merely use the index numeral of that current rule (Ruzomberka et al. 2023).

Figure 34: Network of educational institute
(Source: Created on Cisco)

The gateway router that connects the internal network to the Internet makes up the network architecture of the educational institution. The gateway router's external interface has the address 100.50.170.1, and the institute's public address range is “100.50.0.0/17”. A shared network with four routers, a DMZ subnet linked to the gateway router, a staff subnet is 10.5.1.0/23, a student subnet (10.5.2.0/23), and a research staff subnet (10.5.3.0/23) connected to their respective routers are all included in the internal network.

Figure 35: Server Configuration
(Source: Created on Cisco)

A web server that supports “HTTP” and “HTTPS”, an “SMTP” email server, and an SSH server would be included in the server setup for the educational institution's DMZ using Cisco Packet Tracer. On the gateway router, access control lists (ACLs) would be set up to permit access from the staff, student, and research subnets to the web server, staff members exclusively to the IMAP email server, and staff and research members to the SSH server from outside the network.

Figure 36: DHCP Server
(Source: Created on Cisco)

Question- 4- Wireless security

Part (a)

Advanced network security is the set of valuable technologies that have the ability to can protect the whole usability and also the goodness of the company’s framework by the process of containing the entry or the accumulation within the web of the wide range of variety of possible threats. The Hypertext Protocol Secure is a specific kind of combination of the HTTP with the Secure Socket Layer (SSL) or the Transport Layer Security which is the longer format of TLS. The TLS is an authentication and also security system that is widely connected in Web browsers and Web servers. The second portion is made on the Instruction detection system.

An instruction on the Detection of suspicious activities generates the alert when the detected system has been proceeding. Connected to the specific process of a security operation Center, the longer format of the SOC or incident responder has the capability to investigate the obstacles and also take proper actions to remediate the threat. The real instruction Database includes the classification matrix and classification them in a proper manner. The process is described on the VMware Kali Linux. The tables which are in the third section allow the specific system administrator to define the actual table and draw the diagram which can illustrate the wired network and also the firewall rules mentioned here.

Part (b)

Wireless Network Security is the stage for patterns or instruments utilized to watch WLAN infrastructure or the gridlock crosses them. Extensively communicating, wireless security of articulates that endpoints have or exist allowed on the Wi-Fi network via network entrance or security policies. Resource Allocation has given time, distance, and Commonness environment in the scope established on the technique that categorized CDMA, TDMA, SDMA, and FDMA.

Part (c)

This essential security significant to details on the internet has confidentiality, integrity, or availability. Ideas connecting to the somebody who utilized the statement have authentication, permission, or nonrepudiation. Wireless security has the precluding of unauthorized entrance and impairment to computer data utilizing wireless networks that process Wi-Fi networks. The duration can again guide to confidentiality, integrity, and availability of the web.