| 1) To evaluate critically how services are delivered to one another in a secure manner and performsecurity management and configuration of a network and a distributed system; 2) To analyse, evaluate and synthesise methods by which computers within a distributed systemcommunicate and appraise the threats and vulnerabilities that exists in a distributed system. |
Task
You are acting in the role of a Network Security Analyst for an organization, It has been brought to your attention suspicious activity has occured on the network and a vulnerable machined may have been attacked.
Based on the network traffic that has been captured, you are expected to write a 6000 word report on your findings including a full analysis of the PCAP file provided.
A PCAP file is provided, that can be found on Blackboard.
Topics to be discussed:
- Identify if any reconnaisance has occured on the network
- Identify if any tool(s) or suspected tool(s) were used
- Identify if an exploit was used and if so, how the vulnerability for the exploit works? including evidence of findings
- Identify if any data was exfiltrated from the machine
- Based on your findings identify if there was any motiviations behind the suspected attack and any future motiviations
- If a vulnerability was identified, how would you secure against this and/or potentially a future attack(s)?
Please see the grading criteria for further details.
Marking Scheme
| Fail (0/29) | Narrow Fail (30/39) | 3rd Class / Pass (40/49) | Lower 2nd Class / Pass (50/59) | Upper 2nd Class / Merit (60/69) | 1st Class / Distinction (70/100) | |
| Introduction, aims and objectives (5%) | ☐ No introduction or clear understanding demonstrated |
☐ Very brief introduction but no aims or objectives set | ☐ Brief introduction but aims and, or objectives are unclear or missing | ☐ Fairly good introduction with some aims and objectives set | ☐ A very good introduction with aims and objectives evident and well thought out | ☐ An excellent introduction with clearly evidenced aims and objectives and an excellent insight into the report subject |
| Identification and Critical analysis of Port Scanning method used and tools utilised (15%) | ☐ Key concepts and ideas missing |
☐ Method identified with no evidence of functionality and utility |
☐ Method identified with some evidence of functionality and | ☐ Method identified with an fairly good/good amount evidence of functionality and utility | ☐ Method identified with clearly documented evidence of port scanning technique used | ☐ A Systematic explanation of method used with clear and documented evidence of origin of the port scan(s), along with worked examples of technique(s) used |
| Identification and Critical analysis of vulnerabilities, exploitation techniques and securing methodology (30%) |
☐ Key concepts and ideas missing |
☐ Method identified with no evidence of functionality and utility |
☐ Method identified with some evidence of functionality and utility | ☐ Method identified with an fairly good/good amount evidence of functionality and utility | ☐ Method identified with clearly documented evidence of any data exfiltration method, including how and to where | ☐ A Systematic explanation of method used and any information exfiltrated, with worked examples of techniques used |
| Identification and Critical analysis of Data exfiltration methods used and analysis of attack reasoning (20%) | ☐ Key concepts and ideas missing |
☐ Method identified with no evidence of functionality and utility |
☐ Method identified with some evidence of functionality and utility | ☐ Method identified with an fairly good/good amount evidence of functionality and utility | ☐ Method identified with clearly documented evidence of any data exfiltration method, including how and to where | ☐ A Systematic explanation of method used and any information exfiltrated, with worked examples of techniques used |
| Evidence of Research and Knowledge (10%) | ☐ No evidence of research and knowledge |
☐ Little or no research and knowledge is evident | ☐ The document contains some evidence of knowledge and research but references are limited | ☐ The document contains an adequate/good level of knowledge and research but wider research is needed to warrant higher marks | ☐ There is evidence of a very good level of wider reading, research and knowledge throughout the document | ☐ There is evidence of an excellent standard level of wider reading, research and knowledge within the document which has been used well to support findings |
| Clarity in presentation of report. Appropriate format, punctuation and grammar 5% (5%) |
☐ Report format is poor with spelling and punctuation errors |
☐ Little or no clarity in report/Report contains poor punctuation & grammar | ☐ Some evidence of clarity and logical thought but insufficient for level |
☐ Adequate/fairly good level of report clarity is evident. Grammar and punctuation has been mostly used appropriately |
☐ A very good level of report clarity is evident. Grammar and punctuation has been appropriately used | ☐ An excellent level of report clarity is evident. Sections are clearly defined and flow. Grammar and punctuation has been appropriately used |
| Conclusion (10%) | ☐ No conclusion is present |
☐ Very poor conclusion | ☐ Conclusion is brief and does not correlate to the outlined problem(s) | ☐ Good conclusion, but further detail or links to problem(s) is needed |
☐ A very good conclusion is evidenced with clear links to problem(s) | ☐ An excellent conclusion which naturally flows and summises the document well. strong links to the problem(s) |
| Bibliography and references to USW Harvard Standard (5%) |
☐ There is no referencing or bibliography in the document |
☐ Little or no referencing has been used | ☐ Some evidence of in text referencing is evident but standard is poor or non Harvard | ☐ An adequate/fairly good level of in text referencing is evident. Full adherence to Harvard would glean higher marks | ☐ In text referencing and Bibliography is to USW Harvard standard |
☐ Referencing and Bibliography is to USW Harvard standard. A good range of wider reading is evident |
| Global: | ||||||