Penetration Testing and Active Defence | My Assignment Tutor

UNIVERSITY OF CHESTER – Postgraduate Programmes Assignment SpecificationFaculty of Science and EngineeringDepartment of Computer ScienceModule NoCO7607Module TitlePenetration Testing and Active DefenceAcademic Year2020-21Assessment NoComponent 2 (30%)Submission Date26/04/2021, 5:30 pmFeedback due by24/05/2021Assignment TitleCourseworkLearning Objectives AssessedLO3: Demonstrate the use of some complex penetration testing and active defence toolsLO6: Discuss the need for and uses of active defenceLO7: Critically evaluate and analyse active defence techniquesSubmission InformationThe final submission shall be 1400 words (with ± 10% flexibility) report of all exercises, submitted as a Word or PDFdocument to Moodle via a submission link on the CO7607 Moodle page. 5 marks penalty per 1000 words excess willapply – e.g., if a 1000-word assignment, 5 marks deducted for 1101-2100 words).Permissible word count excludes the student’s name, title of module and assignment, references to sources,bibliography, graphs, tables, maps, diagrams, captions and appendices.The submitted file must be named with your assessment (J number), e.g. J123456.pdf or J123456.docx.The name for each entry on TurnItIn must also be your assessment number.Files submitted in an incorrect format will usually be marked as zero.Any late work penalties for assignments will be calculated using the latest submission date/time.ExtensionsExtensions are NOT allowed because of closeness to assessment board.Late work is penalised at the rate of 5% per day or part thereof.PlagiarismThe material you submit must be your own work. The penalties for plagiarism are severe. The minimum penalty isusually zero for that piece of work. Further information is available at Portal > Support Departments > Academic QualitySupport Services > Academic IntegrityReferencing codeCode adapted from third parties must be clearly referenced using comments to denote the start and end of the adapted code. You mustalso include an APA format reference in the PDF file.Example of referenced code//code adapted from Thomson, 2012if (someCharacter == ‘z’ || someCharacter == ‘Z’) {someCharacter -= 25;} else {someCharacter += 1;}//end of adapted codeExample of reference entry in PDF fileThomson, C. (2012). Rot-13 function in Java? Retrieved from Assignment BriefIntroductionThis assessment is to test your general knowledge of active defence and hands-on understandingof relevant offensive countermeasures tools.1. Offensive Countermeasures (OCM) and ToolsOCM generally helps us to defend ourselves against attackers and in the process, enables us to geta better understanding of who is attacking us and why. The general categories of OCM areAnnoyance, Attribution and Attack.a. Briefly research and explain, in your own words, each of these three OCM categories(Annoyance, Attribution and Attack). Your discussion should include explanation of thecategory, its goal and how it can be accomplished. You may use examples.[15 marks]Note: Avoid taking materials verbatim from source. Best practice is to read andunderstand the source and then write or paraphrase in your own words, adding value withrespect to context and then referencing the source.b. Demonstrate the use of the following three OCM tools:▪ Browser Exploitation Framework (BeEF)▪ Word Web Bug▪ Kippo or CowrieFor each tool, say which category it belongs to, what it is used for, explain how it can beused in a particular case example scenario and then demonstrate its use. For thedemonstration, set up and use any two virtual machines (VMs) in which one plays the roleof a target and the other plays the role of the attacker. Configure and execute the tool asrequired. Use relevant screenshots, from both VMs, to document and explain the exercise.Your work MUST provide evidence that you have run the tools yourself, as opposed tohaving taken images from another source. You must change your terminal prompt toinclude your J number in the host name – for example, [email protected] and all terminalscreenshots must show the command used. You must include an ifconfig screenshotshowing your IP address.[54 marks – 18 marks each]2. OCM Generala. As a defence measure, you want to set up a system that automatically blocks someinbound communications – that is, a system that will block incoming traffic to yoursystem/network. The two ways of configuring your system are to automatically blockcommunications based on traffic and/or based on IP address. Which option (blockcommunications based on traffic or based on IP address) would you recommend andwhy? Give specific examples.[11 marks]b. Research and discuss the current UK legislation or legal status relating to OCM. You areto consider any or all of the following:▪ Find whether there is/are any existing specific legislation▪ What you think is the general view on how the law on self-defence in cyberspaceshould be designed ▪What the government is currently doing concerning legislation relating to OCM[20 marks] NOTE: You must use proper APA referencing to acknowledge all your sources. The natureof this assessment means that you will be conducting brief research and using/adaptingexisting tools and materials. You are advised to present points in your ownwords/understanding and then reference as relevant.General Instructions• Format: The format should be one column, left or justified alignment, have appropriate andmeaningful headings/sections. Use a meaningful structure that ensures coherency.• Referencing: Do not just give a list of references without showing where/how you have usedthem in the text – ensure you include in-text referencing. See here for a quick guide.• Support: If you use external support, e.g., for proofreading or translation, you MUST state this.The tutor will provide adequate support to ensure that all students are very clear of what isexpected of them in this assessment. So ensure you take this opportunity to get clarificationswhere you need them.• Coverage: You are expected to address ALL aspects as identified in this brief.• Originality: It is acceptable to use direct quotes from sources. However, excessive use of directquotes (regardless of whether they are referenced or not) reduces the originality of the work.This and high level of similarity will affect the student’s mark.• Viva may be necessary to “test the student’s knowledge of the work that has been submitted”.Where this happens, it is a continuation of the assessment.• Familiarise yourself with the requirements of the University’s Academic Integrity Policy.Assessment CriteriaMarks will be affected if the above instructions are not adhered to. As stated above, specific marksare allocated to questions and the level of marks awarded will depend on the depth and quality ofanswers. Characteristics of Distinction and Pass level answers are distinguished as below:• Demonstrating in-depth knowledge of the skills tested• Coverage – attempting and getting most or all of the tasks correct• Showing excellent knowledge of the topic area• Excellent command, understanding, and usage of relevant tools• A very sophisticated critical reflection, self-evaluation and new insights informing practicalsituations.• Proper use of referencingPass marks will be awarded for:• Demonstrating extensive knowledge of the skills tested• Coverage – attempting and getting most of the tasks correct• Showing good knowledge of the topic area• Sound command, understanding, and usage of relevant tools• A sound critical reflection, self-evaluation and some new insights informing practicalsituations• Proper use of referencingAnswers that fall below the above criteria will receive a fail mark.


Leave a Reply

Your email address will not be published. Required fields are marked *