Assignment Title CSS Portfolio Submission Date 08.01.2020
Module Title Computer Systems Security Module
Tutor Gani Nashi GROUP or INDIVIDUAL Assignment Individual
FOR INDIVIDUAL ASSIGNMENTS – STUDENT TO COMPLETE
By completing BOX A below, I certify that the submitted work is entirely mine and that any material derived or quoted from the published or unpublished work of other persons has been duly acknowledged. [ref. UPR AS12, section 7 and UPR AS14 (Appendix III)]. )]. I also certify, that any work with human participants has been carried out under an approved ethics protocol in accordance with UPR RE01.
Please ONLY provide your ID (srn) number as this assignment will be anonymously marked
Student ID Number (SRN)
School of Engineering and Computer of Science
ASSIGNMENT BRIEFING SHEET (2019/20 Academic Year)
THE ASSIGNMENT TASK:
This is an individual assessment comprised of three parts. Task 1 and Task 2 will carry respectively 30% and 50% of the overall module mark. Task 1 will assess your understanding of the process of penetration testing and in particular of information gathering, target profiling and vulnerability identification and assessment. Task 2 will assess your ability to conduct a full-scale penetration test.
All parts are small academic reports and as such the following report structure is expected for each milestone report:
You are expected to demonstrate an insight into the implications of the problem introduced in each task by using clear and concise arguments. The reports should be well written (and word-processed), showing good skills in creativity and design. Sentences should be of an appropriate length and the writing style should be brief but informative.
During the teaching weeks you will have the opportunity to submit draft copies of your portfolio activities. The module team will provide general (not individualised) feedback based on your draft copies and advice regarding your progress (if it is deemed necessary). The deadline for the complete Portfolio is the 08.01.2020.
Task 1 – Standard Operating Procedure for PenTesting
Task 1 is weighted at 30% of the overall module mark. Again, you will be awarded a preliminary mark out of 100%, and the weighting will be done as part of the portfolio. It should take you approximately 15 hours to complete to complete this task. It is expected that the report for this task of the portfolio will be in the region of 1000 – 1250 words. You are expected to critique the published penetration testing methodologies and derive to a benchmark you will use for designing and developing your Standard Operating Procedure (SOP), including a decision-making tree (please put this in an appendix), to describe the phases of: intelligence gathering, target profiling, vulnerability identification, target exploitation and post exploitation. An SOP is defined as a set of step-by-step instructions compiled by an organisation to help workers carry out routine operations. The SOP should be appropriate for task 3, which is the penetration test of a single Linux target, offering several network services.
The deadline for DRAFT Task 1 is on the 22.11.2018 by electronic submission via StudyNet. You will then receive general formative feedback, allowing you the opportunity to reflect on your activities and improve your work where necessary. The final copy of Task 1 should be included in the final Portfolio. Although there are no allocated marks for references and bibliography you are expected to use appropriate peer reviewed sources for developing your arguments, and the Harvard referencing style as per the University regulations. If you fail to do so you will receive an overall fail grade for this task regardless of how well you have performed in the other assessment criteria.
Task 1, Assessment Criteria Mark Available Mark out of 100%
PenTest Methodology Discussion 6 20
SOP for PenTesting 12 40
Decision Making Tree 12 40
Total 30 100
Please note that if you fail to design an appropriately structured SOP, you will be penalised. Please note that if you fail to design an appropriately structured decision-making tree, you will be penalised. Both are very well defined notions/structures. Examples will be provided through StudyNet.
Task 2 – Penetration Test
Task 2 is weighted at 50% of the overall portfolio mark. It should take you approximately 25 hours to complete. It is expected that the report for this task of the portfolio will be in the region of 1500 words, plus the appendices. You are expected to conduct a penetration test against a target system that will be provided to you. You are required to present your findings in a factual manner to convince decision makers of a large corporation on business strategies. The target system will be accessible via the infrastructure in LB154. The PenTest rig you will have to use for this activity will also be setup in LB154. During the module, you will also receive instructions on how to setup the same PenTest rig in your home computer or laptop. Everyone will get a dedicated target which will be a clone of the same VM.
Overall Portfolio Conclusion and Reflection
The overall portfolio conclusion, offering your reflection on the undertaken activities and the encountered problems carry 5% of the overall portfolio mark.
There is no DRAFT for this Task. The FINAL deadline for Task 2 and for the WHOLE portfolio is on the 08.01.2020 by electronic submission via StudyNet.
Task 2, Assessment Criteria Mark Available Mark out of 100%
Attack Narrative 15 30
Vulnerability Detail & Mitigation 20 40
Report Structure 10 20
Portfolio Conclusion and Reflection 5 10
Total 50 100
Please note you are not required to provide an activity narrative (a narrative on your intelligence gathering activities). You are required to provide an attack narrative for each attack you will perform. During the narrative, you will have to explain your reasoning behind the attack (supported by your intelligence gathering findings), the exploit(s) that you have chosen to use and the vulnerability(s) you will be attempting to exploit. This will lead you to the vulnerability detail and mitigation discussion for each vulnerability in each attack narrative.
MODULE LEARNING OUTCOMES ASSESSED BY THIS ASSIGNMENT:
Knowledge and understanding of:
Skills and Attributes:
Students will develop the ability to:
All reports (Milestone reports and Final Portfolio report) must be submitted through StudyNet. Please make a note of the following dates on your calendars.
Milestone for Task 1 22.11.2019
Portfolio Deadline (including Task 2) 08.01.2020
You are expected to unify all of the milestone draft reports into one cohesive portfolio report. The final portfolio report is an academic report and as such the following report structure is expected:
You are required to submit the final portfolio report via StudyNet in a PDF format using your student number as the filename. This is imperative as the naming template will be used for corroborating what you claim in your reports with the log files your PenTest activities will generate. If you fail to do so you will receive an overall fail grade for this portfolio regardless of how well you have performed in the other assessment criteria.
FEEDBACK FROM THIS ASSIGNMENT
Formative feedback will be given for the portfolio milestone reports through StudyNet and during the scheduled sessions as per the module delivery plan. Individual personalised summative feedback will be given through StudyNet for the final submission. Every week, Review & Reflection questions related to the assessment activities will be posted on StudyNet. These questions will help you to reflect on the activities you will be undertaking as part of the assessed work for the module, self-assess your work as you progress through the module and help you understand the subject better. Feedback is not just the marks and the commentary at the end of the module – it is also the regular advice about your work as you undertake the practical activities. If you fail to undertake the practical activities and you fail to engage with the class and with the instructors, you will disadvantage yourself.
MARKS AWARDED FOR:
Please see next page.
DEADLINES AND ASSIGNMENT WEIGHTINGS
1 This assignment is worth 80% of the overall assessment for this module.
You are expected to spend about 40 Hours to complete this assignment to a satisfactory standard
3 Date assignment set 27.09.2019 Date completed assignment to be handed in 08.01.2020
4 Target date for return of marked assignment 01.02.2020
Criteria Fail (< 40) Pass (40 – 49) Reasonable (50 – 59) Good (60 – 69) Excellent (>70)
Task 1 Very little understanding of the different phases of the penetration test. Target VM was not interrogated. Lack of originality. Reasonably clear definitions of ‘the different phases of a PenTest but underdeveloped arguments. Basic SOP and basic decision making tree. Clear understanding of the different phases. SOP offers advice an appropriate usage of tools. Complete decision making tree but may contain some errors. The SOP demonstrates a good understanding of the processes, covering all key issues, offering a very good understanding of the implications. The decision making tree contains no errors. Excellent understanding and exposition of the penetration test issues that shows insight and draws together various techniques and tools. No errors. SOP and decision making tree can pass professional scrutiny.
Task 2 Very limited attack explanation. No vulnerability identification. Very week report structure. Lack of originality. Reasonably clear explanation of the attacks against the target VM. Five vulnerabilities have been identified but no risk mitigation. Report structure is appropriate. Clear explanation of the attacks against the target VM. Five vulnerabilities have been identified and some recommendations regarding risk mitigation are given. Report provides complete analysis of the target VM issues that leads to comprehensive recommendations about possible solutions. No errors High academic learning ability achieved with excellent understanding of the various target VM vulnerabilities, demonstrating professionalism and methodological thinking in conducting the PenTest.
This assignment has been internally moderated.
• That the assignment set, meets the requirements of the module and that the brief provides appropriate content for students to successfully complete the assignment.
• That the assessment is at an appropriate level and matches QAA level descriptors and is an appropriate form of assessment within the total range of assessments for this module.
• That the marking scheme is attached and that students can determine how marks are allocated.
• That this assessment can be completed and marked within University timeframes, and provides detailed feedback (more than just a grade) that supports learning.
Moderator name, signature and date:
Professional homework help features
Our ExperienceHowever the complexity of your assignment, we have the right professionals to carry out your specific task. ACME homework is a company that does homework help writing services for students who need homework help. We only hire super-skilled academic experts to write your projects. Our years of experience allows us to provide students with homework writing, editing & proofreading services.
Free revision policy$10
Free bibliography & reference$8
Free title page$8
How our professional homework help writing services work
You first have to fill in an order form. In case you need any clarifications regarding the form, feel free to reach out for further guidance. To fill in the form, include basic informaion regarding your order that is topic, subject, number of pages required as well as any other relevant information that will be of help.Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.Completing the order and download