这是一篇来自英国的关于道德黑客行为的任务:工具和技术的计算机代写
1. Assessment classifications
| First Class
(>= 70%) |
Strong grasp and implementation of various tools and techniques on ethical hacking as a cybersecurity analyst (you) to carry out pen-testing on GradHat’s internet-facing IT Infrastructure. |
| Upper Second
(60-69%) |
Solid grasp and implementation of various tools and techniques on ethical hacking as a cybersecurity analyst (you) to carry out pen-testing on GradHat’s internet-facing IT Infrastructure. |
| Lower Second
(50-59%) |
Reasonable grasp and implementation of various tools and techniques on ethical hacking as a cybersecurity analyst (you) to carry out pen-testing on GradHat’s internet-facing IT Infrastructure. |
| Third
(40-49%) |
Evidence of appropriate study showing success in progress towards providing attempts of implementation of various tools and techniques on ethical hacking as a cybersecurity analyst (you) to carry out pen-testing on GradHat’s internet-facing IT Infrastructure. |
| Pass
(35-39%) |
The minimum study and preparations of implementation of various tools and techniques on ethical hacking as a cybersecurity analyst (you) to carry out pen-testing on GradHat’s internet-facing IT Infrastructure. |
| Fail
(0-34%) |
No attempts or the provided implementation/report are not readable. |
2. Assignment description
Scenario:
GradHat offers qualifications for international students who would like to pursue their undergraduate level degrees with UK universities. GradHat has a wide range of international partnership agreements with universities and higher education institutions worldwide. These include progression route partnerships and overseas delivery partnerships. GradHat offers partner universities in the UK the opportunity to promote their undergraduate and postgraduate courses with its overseas delivery partners.
As GradHat expands its operation in the UK the higher education provider has become concerned about the cyber-security threats posed at its IT infrastructure in the Demilitarised Zone (DMZ). The concerned board of directors have unanimously agreed to commission a cybersecurity analyst (you) to carry out pen-testing on GradHat’s internet-facing IT Infrastructure.
Part: A
Question 1: [10 Marks]
The security analyst discovers the IT department has not maintained a record of
- Domains and sub-domains (at least 2)
- Mail Servers
- Name Servers
- IP addresses of (a – c)
- Physical location of the Servers
The security analyst is required to find all the information (a- e) above and record and evidence them for future use. Use the web URL https://www.gradhat.uk as the starting point and appropriate foot printing tools to produce an immaculate report.
(Your answers MUST describe the tools and steps you used and MUST include screenshots of the output of the tools)
Question 2: [15 marks]
The security analyst needs to gather more information about the operating systems, services and ports to ensure the security of the infrastructure. Use an appropriate tool(s) to carry out interactive network scans on the IP addresses discovered in part (d) of question 1. Describe your findings in detail.
(Your answers MUST describe the tools and steps you used and MUST include screenshots of the output of the tool(s))
Part: B
Question 1: [8 Marks]
The security analyst overhears an IT member saying “We patched the Open-Relay on the mail server”. The security analyst is now concerned about the implications of an Open-Relay mail server.
- Name three (3) protocols used in mail service server-client model, describe their use?
- Use an online service (https://mxtoolbox.com) to ensure the mail server of (discovered in part A) GradHat is not a rogue Open-relay server.
(Your answers MUST describe the tools and steps you used and MUST include screenshots of the output of the tool)
Question 2: [9 Marks]
Use a packet crafting tool to verify if gradhat.uk server is configured to curb any ICMP echo-reply attack. Security analyst must also provide screenshots of the sniffed packets (You will need to download and install Wireshark on Windows 10 VM), use diagrams to elaborate the ICMP echo-reply attack
(Your answers MUST describe the tools and steps you used and MUST include screenshots of the output of the tool(s))
Question 3: [9 Marks]
The staff members at GradHat have been complaining about the access performance of the web at https://www.gradhat.uk. The staff believes their web is vulnerable and do not want to access it anymore. The security analyst is required to ensure that GradHat’s web is not vulnerable. Use Nessus cradle to carry out pen-testing on https://www.gradhat.uk. Describe how you carried out the scan and attach not more than 3 screenshots of the final report.
(Your answers MUST describe the tools and steps you used and MUST include screenshots of the output of the tool)
Question 4: [9 Marks]
What is a SYN-Flood attack? Why SYN-Flood attack is not possible using UDP? Use appropriate diagrams to describe your answer. Use an appropriate tool in a virtual environment (lab) to demonstrate your knowledge on SYN-Flood attack. Use a diagram to elaborate SYN-Flood attack.
(Your answers MUST describe the tools and steps you used and MUST include screenshots of the output of the tool)
Assignment submission requirements
The file should be submitted to Moodle are:
- An electronic report in doc or PDF format describing your work. The report should be a maximum of 2-3 pages (A4 sheets) at 12pt Arial font (including diagrams, code fragments, figures, and references).
- The report must include:
Front page of the submission should include:
Module Code: COMP08094
Assignment report title: Assignment on Ethical Hacking: Tools & Techniques
Student # (e.g.,2158795252 ):
Include the statement below:
‘I certify that all material in this submission is my own work. I have read and understood the section in the university regulations regarding collusion, cheating and plagiarism. I confirm I have not purchased/commissioned material which is presented as my own, including the use of online services’.
a.Introduction
b.Part A (Q1 and 2)
c.Part B (Q1, 2, 3 and 4)
d.References
5.Submit your answer booklets via Moodle site
6.The coursework is divided into 2 PARTS: A and B (Answer ALL questions in PART A and PART B)
7.Home machines can be used to carry out the tasks.
程序辅导定制C/C++/JAVA/安卓/PYTHON/留学生/PHP/APP开发/MATLAB
本网站支持 Alipay WeChatPay PayPal等支付方式
E-mail: vipdue@outlook.com 微信号:vipnxx
如果您使用手机请先保存二维码,微信识别。如果用电脑,直接掏出手机果断扫描。
