Tasks Part 1 - Packet Captures In this assessment you are required to select a network...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
Tasks Part 1 - Packet Captures In this assessment you are required to select a network protocol, and design and conduct experiments to demonstrate: i. The behaviour of the protocol during normal conditions, i.e., the network is not under attack; and The behaviour of the protocol that is symptomatic of unusual conditions, i.e., the network is currently being attacked. For the purpose of this demonstration you may select any network protocol, whether examined in the unit or not. Make sure that you understand normal and abnormal behaviour of the protocol, however. For example, malware being downloaded over HTTP is not in itself unusual behaviour - HTTP will malicious and non-malicious files without any change in behaviour. The behaviour of your chosen protocol, both during normal conditions and during attack, must be captured and saved in Wireshark PCAP/PCAPNG files (select File Save As in Wireshark). You can submit your captures either in a single PCAP file or multiple PCAP files, however you must clearly identify which files/packet numbers are relevant in your report. You are responsible for ensuring that any traffic you generate is appropriately isolated and does not impact real networks, as noted in the warning on the front page of this task. Before selecting a protocol and attack for the purposes of this task, you should first review the requirements of the report below and the rubric to ensure you select an appropriate protocol for the grade that you are targeting. In particular, the highest grading for several rubric criteria require that you demonstrate an attack that is not covered by the unit, i.e., the unit materials do not include step-by-step instructions for performing the attack you have selected. Part 2 - Written Report Prepare a written report on the protocol and behaviour you have demonstrated addressing the following points (you must use the headings indicated): 1. Introduction ( <0.5 page): . 3. Briefly discuss why understanding the difference between normal and abnormal behaviour of network protocols is an important skill for cybersecurity practitioners. Introduce the protocol you will be demonstrating and what it is used for in computer networks. 2. Normal Behaviour ( <1 page): Introduce the attack you will be demonstrating and the potential damage the attack could cause to a vulnerable network. . Provide step-by-step instructions for your experiment to generate the normal behaviour of your selected protocol. These instructions must be clear enough for someone to repeat the experiment without requiring further research. Example aspects you should cover include explaining any platforms, software, and techniques used, any configuration steps required, and the commands/GUI steps necessary to actually run the experiment (you may wish to use screenshots to clarify where necessary). Referring the network protocol traffic you captured during this experiment, explain the normal behaviour of the protocol that is relevant to the attack you will conduct in Part 3 i.e., for those aspects that will be affected by the security attack, include screenshots from your packet captures showing the relevant packets and the content of those packets (the middle panel in Wireshark) and refer to what is shown in these screenshots to explain the normal behaviour of the protocol. Abnormal Behaviour ( <1 page): . Provide step-by-step instructions for your experiment to generate the abnormal behaviour of your selected protocol (refer to Normal Behaviour for the expectations of this task). Explain how the security attack has modified the behaviour of the protocol and why this behaviour should be considered abnormal. Refer to the network protocol traffic you captured as you did for normal behaviour (i.e., screenshots and explanations). Citations and Referencing When completing any work it is necessary to acknowledge the work of others that you have relied upon. For written assessment, we achieve this through the use of citations and references. Failing to correctly identify the work of others is known as plagiarism and is considered an issue of Academic Integrity. If your submission to this task has involved the work of others, you must include citations and references where appropriate. Deakin provides a web site that explains how to use citations and references, and includes explanations of various referencing styles: https://www.deakin.edu.au/students/studying/study-support/referencing You may select any style for your citations/references, however you must be consistent in applying that style in this task (you can use other styles in other tasks if you wish). Relevance depends on the protocol and the attack selected. For example, if you were to examine TCP and a TCP SYN flood attack, you would only need to explain/illustrate TCP's connection establishment mechanism. www Tasks Part 1 - Packet Captures In this assessment you are required to select a network protocol, and design and conduct experiments to demonstrate: i. The behaviour of the protocol during normal conditions, i.e., the network is not under attack; and The behaviour of the protocol that is symptomatic of unusual conditions, i.e., the network is currently being attacked. For the purpose of this demonstration you may select any network protocol, whether examined in the unit or not. Make sure that you understand normal and abnormal behaviour of the protocol, however. For example, malware being downloaded over HTTP is not in itself unusual behaviour - HTTP will malicious and non-malicious files without any change in behaviour. The behaviour of your chosen protocol, both during normal conditions and during attack, must be captured and saved in Wireshark PCAP/PCAPNG files (select File Save As in Wireshark). You can submit your captures either in a single PCAP file or multiple PCAP files, however you must clearly identify which files/packet numbers are relevant in your report. You are responsible for ensuring that any traffic you generate is appropriately isolated and does not impact real networks, as noted in the warning on the front page of this task. Before selecting a protocol and attack for the purposes of this task, you should first review the requirements of the report below and the rubric to ensure you select an appropriate protocol for the grade that you are targeting. In particular, the highest grading for several rubric criteria require that you demonstrate an attack that is not covered by the unit, i.e., the unit materials do not include step-by-step instructions for performing the attack you have selected. Part 2 - Written Report Prepare a written report on the protocol and behaviour you have demonstrated addressing the following points (you must use the headings indicated): 1. Introduction ( <0.5 page): . 3. Briefly discuss why understanding the difference between normal and abnormal behaviour of network protocols is an important skill for cybersecurity practitioners. Introduce the protocol you will be demonstrating and what it is used for in computer networks. 2. Normal Behaviour ( <1 page): Introduce the attack you will be demonstrating and the potential damage the attack could cause to a vulnerable network. . Provide step-by-step instructions for your experiment to generate the normal behaviour of your selected protocol. These instructions must be clear enough for someone to repeat the experiment without requiring further research. Example aspects you should cover include explaining any platforms, software, and techniques used, any configuration steps required, and the commands/GUI steps necessary to actually run the experiment (you may wish to use screenshots to clarify where necessary). Referring the network protocol traffic you captured during this experiment, explain the normal behaviour of the protocol that is relevant to the attack you will conduct in Part 3 i.e., for those aspects that will be affected by the security attack, include screenshots from your packet captures showing the relevant packets and the content of those packets (the middle panel in Wireshark) and refer to what is shown in these screenshots to explain the normal behaviour of the protocol. Abnormal Behaviour ( <1 page): . Provide step-by-step instructions for your experiment to generate the abnormal behaviour of your selected protocol (refer to Normal Behaviour for the expectations of this task). Explain how the security attack has modified the behaviour of the protocol and why this behaviour should be considered abnormal. Refer to the network protocol traffic you captured as you did for normal behaviour (i.e., screenshots and explanations). Citations and Referencing When completing any work it is necessary to acknowledge the work of others that you have relied upon. For written assessment, we achieve this through the use of citations and references. Failing to correctly identify the work of others is known as plagiarism and is considered an issue of Academic Integrity. If your submission to this task has involved the work of others, you must include citations and references where appropriate. Deakin provides a web site that explains how to use citations and references, and includes explanations of various referencing styles: https://www.deakin.edu.au/students/studying/study-support/referencing You may select any style for your citations/references, however you must be consistent in applying that style in this task (you can use other styles in other tasks if you wish). Relevance depends on the protocol and the attack selected. For example, if you were to examine TCP and a TCP SYN flood attack, you would only need to explain/illustrate TCP's connection establishment mechanism. www
Expert Answer:
Related Book For
Income Tax Fundamentals 2013
ISBN: 9781285586618
31st Edition
Authors: Gerald E. Whittenburg, Martha Altus Buller, Steven L Gill
Posted Date:
Students also viewed these computer network questions
-
Case Study: Quick Fix Dental Practice Technology requirements Application must be built using Visual Studio 2019 or Visual Studio 2017, professional or enterprise. The community edition is not...
-
Let r and s be solutions to the quadratic equation x 2 b x + c = 0. For n N, define d0 = 0 d1 = r s dn = b dn1 c dn2 (n 2) Prove that dn = r n s n for all n N. [4 marks] (b) Recall that a commutative...
-
Over the last five years, corporation A has been consistently profitable. Its earnings before taxes were as follows: Year 1 2 3 4 5 Earnings $1,300 $3,100 $4,000 $5,300 $4,500 If the corporate tax...
-
A ball is thrown straight upward and rises to a maximum height of 16 m above its launch point. At what height above its launch point has the speed of the ball decreased to one-half of its initial...
-
Which is true about long-term care expenses? A. At age 65 and older, premiums paid for qualified longterm care insurance are fully deductible. B. Unreimbursed medical expenses are subject to 7.5...
-
Two parallel-plate capacitors 1 and 2 are identical except that capacitor 1 has charge \(+q\) on one plate and \(-q\) on the other, and capacitor 2 has charge \(+2 q\) on one plate and \(-2 q\) on...
-
The production of a new product required Venetian Manufacturing Co. to lease additional plant facilities. Based on studies, the following data have been made available: Estimated annual sales24,000...
-
nx 1. A wave given by equation y = 1mm sin -5nt is produced in a string 100m long of mass 1 kg. 30 2. 3. What is the tension (in N) in string? x is in m & t in sec. You are trying to construct a...
-
Scale up was carried out using constant power consumption per unit volume. The impeller diameter of the small reactor (Dsmall) is 80 mm. Calculate the impeller speed of the small reactor ( Nsmall)...
-
Suppose that the three television networks agreed that each would set aside two prime-time hours each week for quality cultural programming and also established a procedure for noncompetitive...
-
Consider two companies that your group members work in. Briefly discuss the competitive priorities of each company. Briefly discuss how they manage their operations to support these competitive...
-
Lisa owns 2 rental properties. Building A gave rental income of $25,000 and Building B $15,000. She incurred an allowable expense of $20,000 on Building A and on Building B $15,500. How much CCA can...
-
explain the difference between an external memo of law and an internal memo of law.?
-
D fcx,y) = 50x+1009- 2x2 3y _xy Evaluate fc7,20 fc7.29=
-
Rich Cole Control Devices, Inc., produces custom- built relay devices for auto makers. The most recent project undertaken by Cole requires 14 different activities. Cole's man- agers would like to...
-
You are interested in investing and are considering a portfolio comprised of the following two stocks. Their estimated returns under varying market conditions are provided: (note: it is difficult to...
-
Frank, age 35, and Joyce, age 34, are married and file a joint income tax return for 2012. Their salaries for the year total $83,000 and they have taxable interest income of $4,000. They have no...
-
Larry Gaines, age 42, sells his personal residence on November 12, 2012, for $144,000. He lived in the house for 7 years. The expenses of the sale are $10,500, and he has made capital improvements of...
-
Laura is a single taxpayer living in New Jersey with adjusted gross income for the 2012 tax year of $35,550. Laura's employer withheld $3,300 in state income tax from her salary. In April of 2012,...
-
Hannah Gilpin is the controller of Blakemore Auto Glass, a division of Eastern Glass and Window. Her division has been under pressure to improve its divisional operating income. Currently, divisions...
-
Describe the five-step decision-making process.
-
Key success factors. Dalworth Construction Company provides construction services for major projects. Managers at the company believe that construction is a people-management business, and they list...
Study smarter with the SolutionInn App