This is an individual assessment comprised of three parts. Task 1 and Task 2 will carry respectively 30% and 50% of the overall module mark.

School of Engineering and Computer Science
ASSIGNMENT BRIEFING SHEET (2019/20 Academic Year)

 

Assignment Title CSS Portfolio Submission Date 02.01.2020
       
Module Title Computer Systems Security Module

Don't use plagiarized sources. Get Your Custom Essay on
This is an individual assessment comprised of three parts. Task 1 and Task 2 will carry respectively 30% and 50% of the overall module mark.
Get an essay WRITTEN FOR YOU, Plagiarism free, and by an EXPERT!
Order Essay

Code

6COM1033

 

Tutor Gani Nashi GROUP or INDIVIDUAL Assignment  Individual

 

FOR INDIVIDUAL ASSIGNMENTS – STUDENT TO COMPLETE

 

By completing BOX A below, I certify that the submitted work is entirely mine and that any material derived or quoted from the published or unpublished work of other persons has been duly acknowledged. [ref. UPR AS12, section 7 and UPR AS14 (Appendix III)]. )].  I also certify, that any work with human participants has been carried out under an approved ethics protocol in accordance with UPR RE01.

Please ONLY provide your ID (srn) number as this assignment will be anonymously marked

 

BOX A

Student ID Number (SRN)
     

 

 

           

School of Engineering and Computer of Science
ASSIGNMENT BRIEFING SHEET (2019/20 Academic Year)

 

THE ASSIGNMENT TASK:

This is an individual assessment comprised of three parts. Task 1 and Task 2 will carry respectively 30% and 50% of the overall module mark. Task 1 will assess your understanding of the process of penetration testing and in particular of information gathering, target profiling and vulnerability identification and assessment. Task 2 will assess your ability to conduct a full-scale penetration test.

 

All parts are small academic reports and as such the following report structure is expected for each milestone report:

1.             Introduction, where you will discuss your plan for solving the problem introduced by the module team

2.             Main Body, where you will develop your arguments

3.             Conclusions, where you will critically discuss your findings

4.             References, aim for an average of 20 references (yes, 20 for each task! Not just task 2)

5.             Appendixes

 

You are expected to demonstrate an insight into the implications of the problem introduced in each task by using clear and concise arguments. The reports should be well written (and word-processed), showing good skills in creativity and design. Sentences should be of an appropriate length and the writing style should be brief but informative.

 

During the teaching weeks you will have the opportunity to submit draft copies of your portfolio activities. The module team will provide general (not individualised) feedback based on your draft copies and advice regarding your progress (if it is deemed necessary). The deadline for the complete Portfolio is the 02.01.2020.

 

Task 1 – Standard Operating Procedure for PenTesting

Task 1 is weighted at 30% of the overall module mark. Again, you will be awarded a preliminary mark out of 100%, and the weighting will be done as part of the portfolio. It should take you approximately 15 hours to complete to complete this task. It is expected that the report for this task of the portfolio will be in the region of 1000 – 1250 words. You are expected to critique the published penetration testing methodologies and derive to a benchmark you will use for designing and developing your Standard Operating Procedure (SOP), including a decision-making tree (please put this in an appendix), to describe the phases of: intelligence gathering, target profiling, vulnerability identification, target exploitation and post exploitation. An SOP is defined as a set of step-by-step instructions compiled by an organisation to help workers carry out routine operations. The SOP should be appropriate for task 3, which is the penetration test of a single Linux target, offering several network services.

 

The deadline for DRAFT Task 1 is on the 22.11.2018 by electronic submission via StudyNet. You will then receive general formative feedback, allowing you the opportunity to reflect on your activities and improve your work where necessary. The final copy of Task 1 should be included in the final Portfolio. Although there are no allocated marks for references and bibliography you are expected to use appropriate peer reviewed sources for developing your arguments, and the Harvard referencing style as per the University regulations. If you fail to do so you will receive an overall fail grade for this task regardless of how well you have performed in the other assessment criteria.

 

Task 2, Assessment Criteria Mark Available Mark out of 100%
PenTest Methodology Discussion 6 20
SOP for PenTesting 12 40
Decision Making Tree 12 40
Total 30 100

Please note that if you fail to design an appropriately structured SOP, you will be penalised. Please note that if you fail to design an appropriately structured decision-making tree, you will be penalised. Both are very well defined notions/structures. Examples will be provided through StudyNet.

 

Task 2 – Penetration Test

Task 2 is weighted at 50% of the overall portfolio mark. It should take you approximately 25 hours to complete. It is expected that the report for this task of the portfolio will be in the region of 1500 words, plus the appendices. You are expected to conduct a penetration test against a target system that will be provided to you. You are required to present your findings in a factual manner to convince decision makers of a large corporation on business strategies. The target system will be accessible via the infrastructure in LB154. The PenTest rig you will have to use for this activity will also be setup in LB154. During the module, you will also receive instructions on how to setup the same PenTest rig in your home computer or laptop. Everyone will get a dedicated target which will be a clone of the same VM.

Overall Portfolio Conclusion and Reflection

The overall portfolio conclusion, offering your reflection on the undertaken activities and the encountered problems carry 5% of the overall portfolio mark.

 

There is no DRAFT for this Task. The FINAL deadline for Task 2 and for the WHOLE portfolio is on the 02.01.2020 by electronic submission via StudyNet.

 

Task 2, Assessment Criteria Mark Available Mark out of 100%
Attack Narrative 15 30
Vulnerability Detail & Mitigation 20 40
Report Structure 10 20
Portfolio Conclusion and Reflection 5 10
Total 50 100

Please note you are not required to provide an activity narrative (a narrative on your intelligence gathering activities). You are required to provide an attack narrative for each attack you will perform. During the narrative, you will have to explain your reasoning behind the attack (supported by your intelligence gathering findings), the exploit(s) that you have chosen to use and the vulnerability(s) you will be attempting to exploit. This will lead you to the vulnerability detail and mitigation discussion for each vulnerability in each attack narrative.

MODULE LEARNING OUTCOMES ASSESSED BY THIS ASSIGNMENT:

Knowledge and understanding of:

3.             computer systems risks, vulnerabilities, threats analysis, and software security,

 

Skills and Attributes:

Students will develop the ability to:

1.             apply particular computer security techniques to analysis and testing

2.             analyse and solve problems in secure systems design and implementation

3.             achieve familiarity with methods of secure systems development and to exercise critical evaluation of information accessed from a wide variety of sources

SUBMISSION REQUIREMENTS:

 

All reports (Milestone reports and Final Portfolio report) must be submitted through StudyNet. Please make a note of the following dates on your calendars.

 

Element Date
Milestone for Task 1 22.11.2019
Portfolio Deadline (including Task 2) 02.01.2020
   

 

You are expected to unify all of the milestone draft reports into one cohesive portfolio report. The final portfolio report is an academic report and as such the following report structure is expected:

1.             Introduction: up to 250 words, where you will discuss your methodology in approaching the assignment.

2.             Task 1 (30% of the module)

3.             Task 2 (50% of the module) – Includes Overall Conclusions (5%): up to 250 words, where you will comment on the undertaken activities

4.             References: one fused reference list. Do not have a separate reference list for each task of the portfolio,

5.             Appendixes

 

You are required to submit the final portfolio report via StudyNet in a PDF format using your student number as the filename. This is imperative as the naming template will be used for corroborating what you claim in your reports with the log files your PenTest activities will generate. If you fail to do so you will receive an overall fail grade for this portfolio regardless of how well you have performed in the other assessment criteria.

 

FEEDBACK FROM THIS ASSIGNMENT

Formative feedback will be given for the portfolio milestone reports through StudyNet and during the scheduled sessions as per the module delivery plan. Individual personalised summative feedback will be given through StudyNet for the final submission. Every week, Review & Reflection questions related to the assessment activities will be posted on StudyNet. These questions will help you to reflect on the activities you will be undertaking as part of the assessed work for the module, self-assess your work as you progress through the module and help you understand the subject better. Feedback is not just the marks and the commentary at the end of the module – it is also the regular advice about your work as you undertake the practical activities. If you fail to undertake the practical activities and you fail to engage with the class and with the instructors, you will disadvantage yourself.

MARKS AWARDED FOR:

 

Please see next page.

 

DEADLINES AND ASSIGNMENT WEIGHTINGS

1 This assignment is worth 80% of the overall assessment for this module.

 

       
2

 

You are expected to spend about 40 Hours to complete this assignment to a satisfactory standard
       
3 Date assignment set 27.09.2019 Date completed assignment to be handed in 02.01.2020
         
4 Target date for return of marked assignment 01.02.2020    

 

 

 

 

Marking Scheme

Criteria Fail (< 40) Pass (40 – 49) Reasonable (50 – 59) Good (60 – 69) Excellent (>70)
Task 1 Very little understanding of the different phases of the penetration test. Target VM was not interrogated. Lack of originality. Reasonably clear definitions of ‘the different phases of a PenTest but underdeveloped arguments. Basic SOP and basic decision making tree. Clear understanding of the different phases. SOP offers advice an appropriate usage of tools. Complete decision making tree but may contain some errors. The SOP demonstrates a good   understanding of the processes, covering all key issues, offering a very good understanding of the implications. The decision making tree contains no errors. Excellent understanding and exposition of the penetration test issues that shows insight and draws together various techniques and tools. No errors. SOP and decision making tree can pass professional scrutiny.
Task 2 Very limited attack explanation. No vulnerability identification. Very week report structure. Lack of originality. Reasonably clear explanation of the attacks against the target VM. Five vulnerabilities have been identified but no risk mitigation. Report structure is appropriate. Clear explanation of the attacks against the target VM. Five vulnerabilities have been identified and some recommendations regarding risk mitigation are given. Report provides complete analysis of the target VM issues that leads to comprehensive recommendations about possible solutions. No errors High academic learning ability achieved with excellent understanding of the various target VM vulnerabilities, demonstrating professionalism and methodological thinking in conducting the PenTest.
           

 

 

 

INTERNAL MODERATION

This assignment has been internally moderated.

 

I confirm:

 

·         That the assignment set, meets the requirements of the module and that the brief provides appropriate content for students to successfully complete the assignment.

 

·         That the assessment is at an appropriate level and matches QAA level descriptors and is an appropriate form of assessment within the total range of assessments for this module.

 

·         That the marking scheme is attached and that students can determine how marks are allocated.

 

·         That this assessment can be completed and marked within University timeframes, and provides detailed feedback (more than just a grade) that supports learning.

.

 

Moderator name, signature and date:

 

 

 

 

 

 

Homework Sharks
Order NOW For A 10% Discount!
Pages (550 words)
Approximate price: -

Our Advantages

Plagiarism Free Papers

All our papers are original and written from scratch. We will email you a plagiarism report alongside your completed paper once done.

Free Revisions

All papers are submitted ahead of time. We do this to allow you time to point out any area you would need revision on, and help you for free.

Title-page

A title page preceeds all your paper content. Here, you put all your personal information and this we give out for free.

Bibliography

Without a reference/bibliography page, any academic paper is incomplete and doesnt qualify for grading. We also offer this for free.

Originality & Security

At Homework Sharks, we take confidentiality seriously and all your personal information is stored safely and do not share it with third parties for any reasons whatsoever. Our work is original and we send plagiarism reports alongside every paper.

24/7 Customer Support

Our agents are online 24/7. Feel free to contact us through email or talk to our live agents.

Try it now!

Calculate the price of your order

We'll send you the first draft for approval by at
Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

We work around the clock to see best customer experience.

Pricing

Flexible Pricing

Our prces are pocket friendly and you can do partial payments. When that is not enough, we have a free enquiry service.

Communication

Admission help & Client-Writer Contact

When you need to elaborate something further to your writer, we provide that button.

Deadlines

Paper Submission

We take deadlines seriously and our papers are submitted ahead of time. We are happy to assist you in case of any adjustments needed.

Reviews

Customer Feedback

Your feedback, good or bad is of great concern to us and we take it very seriously. We are, therefore, constantly adjusting our policies to ensure best customer/writer experience.

× Contact Live Agents
Verified by MonsterInsights