Computer Forensics & Security Fundamentals
Student Agreement
Computer Forensics & Security Fundamentals
I understand that the skills I learn in this unit can be dangerous if used improperly, and I agree to use them only in ethical ways. I understand that unauthorized hacking is a crime and could get me into serious legal trouble which neither the lecturer nor the University will be held responsible for.
Student’s Name (please print):
Student’s Signature:
Phone Number (optional):
E-mail Address (optional):
Contents
Task 1 – Case Study – (Approx. 1 Page per Component) 4
Web Server 4
Purpose 4
Security Requirements 4
Threats & Risks 4
Mitigation 4
Task 2 – System Audit 5
Task 3 – Research 6
Update the table by right clicking, this will use the headings from the document
Task 1 – Case Study – (Approx. 1 Page per Component)
Write a brief into here describing what this section of the report contains, refer to the coursework spec for more details.
Web Server
Provide examples of web servers e.g. Apache, describe each.
Purpose
Describe what a web server is used for, state any assumptions you make about how the company use the web server.
Security Requirements
Explain why CIA are important for the web server
Threats & Risks
Describe threat which may threaten each principle of the CIA triad, in the context of the web server. Explain what risks are posed by the threats.
Mitigation
Briefly describe how each of the threats may be mitigated. You will be required to carry out some online research to answer this question.
Repeat the above headings for each system component, please use the same heading styles and update the table of contents using the reference menu from within word.
Task 2 – System Audit
Complete the following table, extend if necessary:
Item Audit Methodology Vulnerability (e.g. CVE) Possible Countermeasure
OS Version Commands used, research carried out about results (e.g. CVE search) What vulnerabilities are present? How do they affect the CIA of the system? Try and provide a different answers for each item. How could the vulnerabilities be mitigated or prevented? Try and use difference answers for each item.
Usernames
Passwords
Open Ports / Services
FTP Server Version
SSH Server Version
Web Server Version
Task 3 – Research (1-3 pages)
Introduction
Briefly describe the name of the breach, what risk was the system exposed to, reference CIA here.
Breach Methodology
How was the breach carried out, which vulnerability was exploited? (e.g. CVE, poor policy, phishing, etc)
Impact
The impact of the breach (e.g. number of systems, users, records stolen etc)
Countermeasures
How could the breach have been mitigated/prevented, how could similar breaches in the future be mitigated/prevented
FACULTY OF SCIENCE AND ENGINEERING
SCHOOL OF COMPUTING MATHEMATICS AND DIGITAL
TECHNOLOGY
COURSEWORK TEMPLATE 2014/15
UNIT CODE:
6G4Z1104
UNIT TITLE:
Computer Forensics and Security Fundamentals
ASSESSMENT ID:
1
ASSESSMENT DESCRIPTION:
Report
WEIGHTING:
50%
Submission Date: 18th March 2016
1.1 The aim of this assignment
This assignment aims to measure the unit specific learning outcomes of
Computer Security & Forensics Fundamentals. Specifically through this
assignments students will learn to:
1. Investigate the security of a fictitious system. Using a broad spectrum
of skills to provide holistic appraisal of the system’s security. A report
will be generated; relating the findings to the principles of security.
Furthermore the report will provide details on the risks present and
potential countermeasures.
2. Forensic task – develop software capable of identifying files of interest,
by matching hash values generated from files with a library of preexisting
hash values.
Part 1
Audit and document the security practices of a fictitious company, by
analysing the computer system and security policy. Create a risk assessment
describing the security practices of the company and explain how you would
deploy or improve existing countermeasures to enhance the security of the
system.
You have been tasked with auditing the security of ACME computers limited.
ACME are a small online only company, their main business is the sale and
repair of laptop computers. ACME host their own website on a Linux server.
Carry out and document each of the tasks below, each task counts towards
33.3% of part one of the coursework;
Task 1 – Case Study
You have been tasked with reviewing the security of ACME’s computer
system that consists of:
? Server providing
o Web server – Hosts the company e-commerce website.
o Email server – Stores and forwards emails between staff and
customers.
o FTP server – Used to backup customer data.
? Two laptop computers – Used by staff for day to day business, may
contain customer data.
Explain why Confidentiality, Integrity, and Availability are important to the
fictitious business, making reference to each systems components. Provide an
example of how each security principle may be threatened, the potential
impact of the threat and how the threat may be mitigated.
Task 2 – System Audit
You have been granted access to ACME’s web server (A virtual machine
image has been provided). Audit the system gathering the following
information:
? OS Version
? Usernames
? Passwords
? Open Ports / Services
? FTP Server Version
? SSH Server Version
? Web Server Version
Describe how the information from the audit relates to the security principles.
Detail any vulnerabilities you find, and describe the countermeasures you
would employ to mitigate them.
Tip. – Look up CVE’s for the Operating System, FTP, SSH, & Web Servers,
describe one CVE and its potential impact for each, remember to explain what
each service is used for.
Task 3 – Research
Research a recent security breach and describe:
? What risk the system was exposed to.
? How the system was compromised.
? What the impact of the breach was.
? How the breach may have been prevented.
Use online sources such as www.arstechnica.com www.theregister.co.uk
https://www.schneier.com/.
Create a poster, which could be used aid a brief presentation on the breach.
Part 2
Assignment description
The assignment task is to write a report (up to a max 1,000 words excluding
the references) that summarises your development
Development task:
Develop a hashing program to illustrate the concept of hashing to identify
identical data (step by step approach). You can start by hashing plain text and
then hashing files and comparing new hashes of files with stored hashes.
Note: You can utilise data sets of files on the following websites:
http://kahlan.eps.surrey.ac.uk/featurespace/web/data.htm
http://www.vision.caltech.edu/html-files/archive.html
The report should include the following subsections:
1) Report title and your name
2) Introduction
3) Report Body (methods and developments stages)
4) Reflection and Conclusion
5) References
6) Appendix (your code!)
In terms of formatting, the report should follow font “Times New Roman,
size 11 or 12” and the citations should follow the Harvard reference
format.
Assignment Marking Scheme
a. Report structure, approach and references 30%
b. Product 70%
40+ hashing product for simple text
50+ file hashing product
60+ managing hashes within the product (storage, e.g. file, array, etc)
70+ signature detection, comparison of new hashes with the library
80+ innovation, additional features etc.
What to hand in
You will need to submit your report through Moodle submission inbox, which is
highlighted at the top of the unit Moodle area. You will need to submit your
report as one PDF file if possible. In addition please use the following naming
structure for your report before uploading it to Moodle (“your lastnamefirstname-studentID.pdf”).
)
Submission Date: 18th March 2016
NAME OF STAFF SETTING ASSIGNMENT: Rob Hegarty
DOCUMENT UPDATED: 09/10/2015