Assignment Title CSS Portfolio Submission Date 08.01.2020
Module Title Computer Systems Security Module
Tutor Gani Nashi GROUP or INDIVIDUAL Assignment Individual
FOR INDIVIDUAL ASSIGNMENTS – STUDENT TO COMPLETE
By completing BOX A below, I certify that the submitted work is entirely mine and that any material derived or quoted from the published or unpublished work of other persons has been duly acknowledged. [ref. UPR AS12, section 7 and UPR AS14 (Appendix III)]. )]. I also certify, that any work with human participants has been carried out under an approved ethics protocol in accordance with UPR RE01.
Please ONLY provide your ID (srn) number as this assignment will be anonymously marked
Student ID Number (SRN)
School of Engineering and Computer of Science
ASSIGNMENT BRIEFING SHEET (2019/20 Academic Year)
THE ASSIGNMENT TASK:
This is an individual assessment comprised of three parts. Task 1 and Task 2 will carry respectively 30% and 50% of the overall module mark. Task 1 will assess your understanding of the process of penetration testing and in particular of information gathering, target profiling and vulnerability identification and assessment. Task 2 will assess your ability to conduct a full-scale penetration test.
All parts are small academic reports and as such the following report structure is expected for each milestone report:
You are expected to demonstrate an insight into the implications of the problem introduced in each task by using clear and concise arguments. The reports should be well written (and word-processed), showing good skills in creativity and design. Sentences should be of an appropriate length and the writing style should be brief but informative.
During the teaching weeks you will have the opportunity to submit draft copies of your portfolio activities. The module team will provide general (not individualised) feedback based on your draft copies and advice regarding your progress (if it is deemed necessary). The deadline for the complete Portfolio is the 08.01.2020.
Task 1 – Standard Operating Procedure for PenTesting
Task 1 is weighted at 30% of the overall module mark. Again, you will be awarded a preliminary mark out of 100%, and the weighting will be done as part of the portfolio. It should take you approximately 15 hours to complete to complete this task. It is expected that the report for this task of the portfolio will be in the region of 1000 – 1250 words. You are expected to critique the published penetration testing methodologies and derive to a benchmark you will use for designing and developing your Standard Operating Procedure (SOP), including a decision-making tree (please put this in an appendix), to describe the phases of: intelligence gathering, target profiling, vulnerability identification, target exploitation and post exploitation. An SOP is defined as a set of step-by-step instructions compiled by an organisation to help workers carry out routine operations. The SOP should be appropriate for task 3, which is the penetration test of a single Linux target, offering several network services.
The deadline for DRAFT Task 1 is on the 22.11.2018 by electronic submission via StudyNet. You will then receive general formative feedback, allowing you the opportunity to reflect on your activities and improve your work where necessary. The final copy of Task 1 should be included in the final Portfolio. Although there are no allocated marks for references and bibliography you are expected to use appropriate peer reviewed sources for developing your arguments, and the Harvard referencing style as per the University regulations. If you fail to do so you will receive an overall fail grade for this task regardless of how well you have performed in the other assessment criteria.
Task 1, Assessment Criteria Mark Available Mark out of 100%
PenTest Methodology Discussion 6 20
SOP for PenTesting 12 40
Decision Making Tree 12 40
Total 30 100
Please note that if you fail to design an appropriately structured SOP, you will be penalised. Please note that if you fail to design an appropriately structured decision-making tree, you will be penalised. Both are very well defined notions/structures. Examples will be provided through StudyNet.
Task 2 – Penetration Test
Task 2 is weighted at 50% of the overall portfolio mark. It should take you approximately 25 hours to complete. It is expected that the report for this task of the portfolio will be in the region of 1500 words, plus the appendices. You are expected to conduct a penetration test against a target system that will be provided to you. You are required to present your findings in a factual manner to convince decision makers of a large corporation on business strategies. The target system will be accessible via the infrastructure in LB154. The PenTest rig you will have to use for this activity will also be setup in LB154. During the module, you will also receive instructions on how to setup the same PenTest rig in your home computer or laptop. Everyone will get a dedicated target which will be a clone of the same VM.
Overall Portfolio Conclusion and Reflection
The overall portfolio conclusion, offering your reflection on the undertaken activities and the encountered problems carry 5% of the overall portfolio mark.
There is no DRAFT for this Task. The FINAL deadline for Task 2 and for the WHOLE portfolio is on the 08.01.2020 by electronic submission via StudyNet.
Task 2, Assessment Criteria Mark Available Mark out of 100%
Attack Narrative 15 30
Vulnerability Detail & Mitigation 20 40
Report Structure 10 20
Portfolio Conclusion and Reflection 5 10
Total 50 100
Please note you are not required to provide an activity narrative (a narrative on your intelligence gathering activities). You are required to provide an attack narrative for each attack you will perform. During the narrative, you will have to explain your reasoning behind the attack (supported by your intelligence gathering findings), the exploit(s) that you have chosen to use and the vulnerability(s) you will be attempting to exploit. This will lead you to the vulnerability detail and mitigation discussion for each vulnerability in each attack narrative.
MODULE LEARNING OUTCOMES ASSESSED BY THIS ASSIGNMENT:
Knowledge and understanding of:
Skills and Attributes:
Students will develop the ability to:
All reports (Milestone reports and Final Portfolio report) must be submitted through StudyNet. Please make a note of the following dates on your calendars.
Milestone for Task 1 22.11.2019
Portfolio Deadline (including Task 2) 08.01.2020
You are expected to unify all of the milestone draft reports into one cohesive portfolio report. The final portfolio report is an academic report and as such the following report structure is expected:
You are required to submit the final portfolio report via StudyNet in a PDF format using your student number as the filename. This is imperative as the naming template will be used for corroborating what you claim in your reports with the log files your PenTest activities will generate. If you fail to do so you will receive an overall fail grade for this portfolio regardless of how well you have performed in the other assessment criteria.
FEEDBACK FROM THIS ASSIGNMENT
Formative feedback will be given for the portfolio milestone reports through StudyNet and during the scheduled sessions as per the module delivery plan. Individual personalised summative feedback will be given through StudyNet for the final submission. Every week, Review & Reflection questions related to the assessment activities will be posted on StudyNet. These questions will help you to reflect on the activities you will be undertaking as part of the assessed work for the module, self-assess your work as you progress through the module and help you understand the subject better. Feedback is not just the marks and the commentary at the end of the module – it is also the regular advice about your work as you undertake the practical activities. If you fail to undertake the practical activities and you fail to engage with the class and with the instructors, you will disadvantage yourself.
MARKS AWARDED FOR:
Please see next page.
DEADLINES AND ASSIGNMENT WEIGHTINGS
1 This assignment is worth 80% of the overall assessment for this module.
You are expected to spend about 40 Hours to complete this assignment to a satisfactory standard
3 Date assignment set 27.09.2019 Date completed assignment to be handed in 08.01.2020
4 Target date for return of marked assignment 01.02.2020
Criteria Fail (< 40) Pass (40 – 49) Reasonable (50 – 59) Good (60 – 69) Excellent (>70)
Task 1 Very little understanding of the different phases of the penetration test. Target VM was not interrogated. Lack of originality. Reasonably clear definitions of ‘the different phases of a PenTest but underdeveloped arguments. Basic SOP and basic decision making tree. Clear understanding of the different phases. SOP offers advice an appropriate usage of tools. Complete decision making tree but may contain some errors. The SOP demonstrates a good understanding of the processes, covering all key issues, offering a very good understanding of the implications. The decision making tree contains no errors. Excellent understanding and exposition of the penetration test issues that shows insight and draws together various techniques and tools. No errors. SOP and decision making tree can pass professional scrutiny.
Task 2 Very limited attack explanation. No vulnerability identification. Very week report structure. Lack of originality. Reasonably clear explanation of the attacks against the target VM. Five vulnerabilities have been identified but no risk mitigation. Report structure is appropriate. Clear explanation of the attacks against the target VM. Five vulnerabilities have been identified and some recommendations regarding risk mitigation are given. Report provides complete analysis of the target VM issues that leads to comprehensive recommendations about possible solutions. No errors High academic learning ability achieved with excellent understanding of the various target VM vulnerabilities, demonstrating professionalism and methodological thinking in conducting the PenTest.
This assignment has been internally moderated.
• That the assignment set, meets the requirements of the module and that the brief provides appropriate content for students to successfully complete the assignment.
• That the assessment is at an appropriate level and matches QAA level descriptors and is an appropriate form of assessment within the total range of assessments for this module.
• That the marking scheme is attached and that students can determine how marks are allocated.
• That this assessment can be completed and marked within University timeframes, and provides detailed feedback (more than just a grade) that supports learning.
Moderator name, signature and date:
Why Choose Us
ACME Homework provides the best top-grade academic writing services in compliance with our customers’ instructions. Have your paper written by a certified professional online college homework help writer to produce only high-quality essays with zero plagiarism.
Professional Academic Writers
You can now choose from a pool of online college homework help writers. Choose your writer and have them write the best content for you. ACME Homework has, over the years, secured a team of the most reliable, experienced, and qualified writers. You can, therefore, trust that your assignment is in good hands.
We know that students have very limited budgets. And for that, we always strive to provide only the best, most affordable online college homework help services to our customers. Our goal is to provide top-quality assignment help services to all customers at the lowest, most affordable prices.
At Acmehomework.com, we pay strict attention to deadlines. We recommend you to check out clients’ reviews for assurance that we will complete your assignments within the set deadlines. You can, therefore, trust that your paper will be done within and before the set deadline. Until now, we have not missed a single deadline.
Our Acmehomework.com homework helper experts write only 100% original and plagiarism-free content for all of our clients. We also have a Quality Assurance Department team that goes through all work submitted by our writers multiple times. You can, therefore, rest assured that any signs of plagiarized or unoriginal content will be rejected before it reaches your portal.
Customer Support 24/7
Acmehomework.com expert writers are always available 24/7 for customers who need assistance with using our website. You don’t have to check your watch the next time you want to have your assignment written. Our customer support is always available round the clock and ready to listen to your queries. Feel free to contact us via the Chat window or support email: firstname.lastname@example.org.
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.
For years now, Acmehomework.com has stood as a leader in providing its customers with the best online college homework help service in the industry. And all you have to do is provide us with the details of your order. Leave everything else to us. We’ve always got you covered.
Since we launched, Acmehomework.com deserved the best online “college homework help status” thanks to our essay ordering, writing, and delivery process. We deliver nothing but excellence in our results. Our essay writing services include impeccable grammar, zero-plagiarism, proper structure, and conformance to guidelines.
Admission and Business Papers
Our top-quality online college homework help services guarantee that you will be accepted into your desired university. You just need to fill out your admission and business papers, and our team of online homework help workers will handle the rest. We will help you achieve and secure the best positions in your admissions forms.
Editing and Proofreading
At Acmehomework.com, we have a skilled writing and editing team that’s dedicated to creating, editing, and restructuring for all types of papers. Our online college homework help editing and proofreading team will check, paraphrase, and correct any grammar mistakes on your paper before submitting the final document to you.
At Acmehomework.com, we pride ourselves in having writers in almost all fields, even the most technical ones. You never have to worry about your paper being too technical for our certified online college homework help writers to handle. ACME Homework’s team of writers can handle even the most complex writers. We will match your paper to the most competent writer that we believe will handle your paper the best way possible.