1)      To evaluate critically how services are delivered to one another in a secure manner and performsecurity management and configuration of a network and a distributed system;
2)      To analyse, evaluate and synthesise methods by which computers within a distributed systemcommunicate and appraise the threats and vulnerabilities that exists in a distributed system.

Task
You are acting in the role of a Network Security Analyst for an organization, It has been brought to your attention suspicious activity has occured on the network and a vulnerable machined may have been attacked.
Based on the network traffic that has been captured, you are expected to write a 6000 word report on your findings including a full analysis of the PCAP file provided.
A PCAP file is provided, that can be found on Blackboard.
Topics to be discussed:

  1. Identify if any reconnaisance has occured on the network
  2. Identify if any tool(s) or suspected tool(s) were used
  3. Identify if an exploit was used and if so, how the vulnerability for the exploit works? including evidence of findings
  4. Identify if any data was exfiltrated from the machine
  5. Based on your findings identify if there was any motiviations behind the suspected attack and any future motiviations
  6. If a vulnerability was identified, how would you secure against this and/or potentially a future attack(s)?

Please see the grading criteria for further details.
Marking Scheme

  Fail (0/29) Narrow Fail (30/39) 3rd Class / Pass (40/49) Lower 2nd Class / Pass (50/59) Upper 2nd Class / Merit (60/69) 1st Class / Distinction (70/100)
Introduction, aims and objectives (5%) ☐ No
introduction or clear understanding demonstrated
☐ Very brief introduction but no aims or objectives set ☐ Brief introduction but aims and, or objectives are unclear or missing ☐ Fairly good introduction with some aims and objectives set ☐ A very good introduction with aims and objectives evident and well thought out ☐ An excellent introduction with clearly evidenced aims and objectives and an excellent insight into the report subject
Identification and Critical analysis of Port Scanning method used and tools utilised (15%) ☐ Key
concepts and ideas missing
☐ Method
identified with no evidence of functionality and utility
☐ Method identified with some evidence of functionality and ☐ Method identified with an fairly good/good amount evidence of functionality and utility ☐ Method identified with clearly documented evidence of port scanning technique used ☐ A Systematic explanation of method used with clear and documented evidence of origin of the port scan(s), along with worked examples of technique(s) used
Identification and Critical analysis of vulnerabilities, exploitation techniques and securing methodology
(30%)
☐ Key
concepts and ideas missing
☐ Method
identified with no evidence of functionality and utility
☐ Method identified with some evidence of functionality and utility ☐ Method identified with an fairly good/good amount evidence of functionality and utility ☐ Method identified with clearly documented evidence of any data exfiltration method, including how and to where ☐ A Systematic explanation of method used and any information exfiltrated, with worked examples of techniques used
Identification and Critical analysis of Data exfiltration methods used and analysis of attack reasoning (20%) ☐ Key
concepts and ideas missing
☐ Method
identified with no evidence of functionality and utility
☐ Method identified with some evidence of functionality and utility ☐ Method identified with an fairly good/good amount evidence of functionality and utility ☐ Method identified with clearly documented evidence of any data exfiltration method, including how and to where ☐ A Systematic explanation of method used and any information exfiltrated, with worked examples of techniques used
Evidence of Research and Knowledge (10%) ☐ No
evidence of research and knowledge
☐ Little or no research and knowledge is evident ☐ The document contains some evidence of knowledge and research but references are limited ☐ The document contains an adequate/good level of knowledge and research but wider research is needed to warrant higher marks ☐ There is evidence of a very good level of wider reading, research and knowledge throughout the document ☐ There is evidence of an excellent standard level of wider reading, research and knowledge within the document which has been used well to support findings
Clarity in presentation of report. Appropriate format, punctuation and grammar
5% (5%)
☐ Report format is poor
with spelling and punctuation errors
☐ Little or no clarity in report/Report contains poor punctuation & grammar ☐ Some evidence of
clarity and logical thought but insufficient for level
☐ Adequate/fairly good level of report clarity is evident.
Grammar and punctuation has been mostly used appropriately
☐ A very good level of report clarity is evident. Grammar and punctuation has been appropriately used ☐ An excellent level of report clarity is evident. Sections are clearly defined and flow. Grammar and punctuation has been appropriately used
Conclusion (10%) ☐ No
conclusion is present
☐ Very poor conclusion ☐ Conclusion is brief and does not correlate to the outlined problem(s) ☐ Good conclusion, but further
detail or links to problem(s) is
needed
☐ A very good conclusion is evidenced with clear links to problem(s) ☐ An excellent conclusion which naturally flows and summises the document well. strong links to the problem(s)
Bibliography and
references to USW Harvard
Standard (5%)
☐ There is no referencing or bibliography in the
document
☐ Little or no referencing has been used ☐ Some evidence of in text referencing is evident but standard is poor or non Harvard ☐ An adequate/fairly good level of in text referencing is evident. Full adherence to Harvard would glean higher marks ☐ In text referencing and
Bibliography is to USW
Harvard standard
☐ Referencing and Bibliography is to USW Harvard standard. A good range of wider reading is evident
Global: