Assignment Title | CSS Portfolio | Submission Date | 02.01.2020 |
Module Title | Computer Systems Security | Module
Don't use plagiarized sources. Get Your Custom Essay on
This is an individual assessment comprised of three parts. Task 1 and Task 2 will carry respectively 30% and 50% of the overall module mark.
Get an essay WRITTEN FOR YOU, Plagiarism free, and by an EXPERT!
Code |
6COM1033 |
Tutor | Gani Nashi | GROUP or INDIVIDUAL Assignment | Individual |
FOR INDIVIDUAL ASSIGNMENTS – STUDENT TO COMPLETE
BOX A
|
THE ASSIGNMENT TASK:
This is an individual assessment comprised of three parts. Task 1 and Task 2 will carry respectively 30% and 50% of the overall module mark. Task 1 will assess your understanding of the process of penetration testing and in particular of information gathering, target profiling and vulnerability identification and assessment. Task 2 will assess your ability to conduct a full-scale penetration test.
All parts are small academic reports and as such the following report structure is expected for each milestone report: 1. Introduction, where you will discuss your plan for solving the problem introduced by the module team 2. Main Body, where you will develop your arguments 3. Conclusions, where you will critically discuss your findings 4. References, aim for an average of 20 references (yes, 20 for each task! Not just task 2) 5. Appendixes
You are expected to demonstrate an insight into the implications of the problem introduced in each task by using clear and concise arguments. The reports should be well written (and word-processed), showing good skills in creativity and design. Sentences should be of an appropriate length and the writing style should be brief but informative.
During the teaching weeks you will have the opportunity to submit draft copies of your portfolio activities. The module team will provide general (not individualised) feedback based on your draft copies and advice regarding your progress (if it is deemed necessary). The deadline for the complete Portfolio is the 02.01.2020.
Task 1 – Standard Operating Procedure for PenTesting Task 1 is weighted at 30% of the overall module mark. Again, you will be awarded a preliminary mark out of 100%, and the weighting will be done as part of the portfolio. It should take you approximately 15 hours to complete to complete this task. It is expected that the report for this task of the portfolio will be in the region of 1000 – 1250 words. You are expected to critique the published penetration testing methodologies and derive to a benchmark you will use for designing and developing your Standard Operating Procedure (SOP), including a decision-making tree (please put this in an appendix), to describe the phases of: intelligence gathering, target profiling, vulnerability identification, target exploitation and post exploitation. An SOP is defined as a set of step-by-step instructions compiled by an organisation to help workers carry out routine operations. The SOP should be appropriate for task 3, which is the penetration test of a single Linux target, offering several network services.
The deadline for DRAFT Task 1 is on the 22.11.2018 by electronic submission via StudyNet. You will then receive general formative feedback, allowing you the opportunity to reflect on your activities and improve your work where necessary. The final copy of Task 1 should be included in the final Portfolio. Although there are no allocated marks for references and bibliography you are expected to use appropriate peer reviewed sources for developing your arguments, and the Harvard referencing style as per the University regulations. If you fail to do so you will receive an overall fail grade for this task regardless of how well you have performed in the other assessment criteria.
Please note that if you fail to design an appropriately structured SOP, you will be penalised. Please note that if you fail to design an appropriately structured decision-making tree, you will be penalised. Both are very well defined notions/structures. Examples will be provided through StudyNet.
Task 2 – Penetration Test Task 2 is weighted at 50% of the overall portfolio mark. It should take you approximately 25 hours to complete. It is expected that the report for this task of the portfolio will be in the region of 1500 words, plus the appendices. You are expected to conduct a penetration test against a target system that will be provided to you. You are required to present your findings in a factual manner to convince decision makers of a large corporation on business strategies. The target system will be accessible via the infrastructure in LB154. The PenTest rig you will have to use for this activity will also be setup in LB154. During the module, you will also receive instructions on how to setup the same PenTest rig in your home computer or laptop. Everyone will get a dedicated target which will be a clone of the same VM. Overall Portfolio Conclusion and Reflection The overall portfolio conclusion, offering your reflection on the undertaken activities and the encountered problems carry 5% of the overall portfolio mark.
There is no DRAFT for this Task. The FINAL deadline for Task 2 and for the WHOLE portfolio is on the 02.01.2020 by electronic submission via StudyNet.
Please note you are not required to provide an activity narrative (a narrative on your intelligence gathering activities). You are required to provide an attack narrative for each attack you will perform. During the narrative, you will have to explain your reasoning behind the attack (supported by your intelligence gathering findings), the exploit(s) that you have chosen to use and the vulnerability(s) you will be attempting to exploit. This will lead you to the vulnerability detail and mitigation discussion for each vulnerability in each attack narrative. |
|||||||||||||||||||||||||||||||||
MODULE LEARNING OUTCOMES ASSESSED BY THIS ASSIGNMENT:
Knowledge and understanding of: 3. computer systems risks, vulnerabilities, threats analysis, and software security,
Skills and Attributes: Students will develop the ability to: 1. apply particular computer security techniques to analysis and testing 2. analyse and solve problems in secure systems design and implementation 3. achieve familiarity with methods of secure systems development and to exercise critical evaluation of information accessed from a wide variety of sources |
|||||||||||||||||||||||||||||||||
SUBMISSION REQUIREMENTS:
All reports (Milestone reports and Final Portfolio report) must be submitted through StudyNet. Please make a note of the following dates on your calendars.
You are expected to unify all of the milestone draft reports into one cohesive portfolio report. The final portfolio report is an academic report and as such the following report structure is expected: 1. Introduction: up to 250 words, where you will discuss your methodology in approaching the assignment. 2. Task 1 (30% of the module) 3. Task 2 (50% of the module) – Includes Overall Conclusions (5%): up to 250 words, where you will comment on the undertaken activities 4. References: one fused reference list. Do not have a separate reference list for each task of the portfolio, 5. Appendixes
You are required to submit the final portfolio report via StudyNet in a PDF format using your student number as the filename. This is imperative as the naming template will be used for corroborating what you claim in your reports with the log files your PenTest activities will generate. If you fail to do so you will receive an overall fail grade for this portfolio regardless of how well you have performed in the other assessment criteria.
|
|||||||||||||||||||||||||||||||||
FEEDBACK FROM THIS ASSIGNMENT
Formative feedback will be given for the portfolio milestone reports through StudyNet and during the scheduled sessions as per the module delivery plan. Individual personalised summative feedback will be given through StudyNet for the final submission. Every week, Review & Reflection questions related to the assessment activities will be posted on StudyNet. These questions will help you to reflect on the activities you will be undertaking as part of the assessed work for the module, self-assess your work as you progress through the module and help you understand the subject better. Feedback is not just the marks and the commentary at the end of the module – it is also the regular advice about your work as you undertake the practical activities. If you fail to undertake the practical activities and you fail to engage with the class and with the instructors, you will disadvantage yourself. |
|||||||||||||||||||||||||||||||||
MARKS AWARDED FOR:
Please see next page. |
1 | This assignment is worth | 80% | of the overall assessment for this module.
|
|||||
2
|
You are expected to spend about | 40 | Hours to complete this assignment to a satisfactory standard | |||||
3 | Date assignment set | 27.09.2019 | Date completed assignment to be handed in | 02.01.2020 | ||||
4 | Target date for return of marked assignment | 01.02.2020 | ||||||
Marking Scheme
Criteria | Fail (< 40) | Pass (40 – 49) | Reasonable (50 – 59) | Good (60 – 69) | Excellent (>70) |
Task 1 | Very little understanding of the different phases of the penetration test. Target VM was not interrogated. Lack of originality. | Reasonably clear definitions of ‘the different phases of a PenTest but underdeveloped arguments. Basic SOP and basic decision making tree. | Clear understanding of the different phases. SOP offers advice an appropriate usage of tools. Complete decision making tree but may contain some errors. | The SOP demonstrates a good understanding of the processes, covering all key issues, offering a very good understanding of the implications. The decision making tree contains no errors. | Excellent understanding and exposition of the penetration test issues that shows insight and draws together various techniques and tools. No errors. SOP and decision making tree can pass professional scrutiny. |
Task 2 | Very limited attack explanation. No vulnerability identification. Very week report structure. Lack of originality. | Reasonably clear explanation of the attacks against the target VM. Five vulnerabilities have been identified but no risk mitigation. Report structure is appropriate. | Clear explanation of the attacks against the target VM. Five vulnerabilities have been identified and some recommendations regarding risk mitigation are given. | Report provides complete analysis of the target VM issues that leads to comprehensive recommendations about possible solutions. No errors | High academic learning ability achieved with excellent understanding of the various target VM vulnerabilities, demonstrating professionalism and methodological thinking in conducting the PenTest. |
INTERNAL MODERATION
This assignment has been internally moderated.
I confirm:
· That the assignment set, meets the requirements of the module and that the brief provides appropriate content for students to successfully complete the assignment.
· That the assessment is at an appropriate level and matches QAA level descriptors and is an appropriate form of assessment within the total range of assessments for this module.
· That the marking scheme is attached and that students can determine how marks are allocated.
· That this assessment can be completed and marked within University timeframes, and provides detailed feedback (more than just a grade) that supports learning. .
|
Moderator name, signature and date:
|
Our Advantages
Plagiarism Free Papers
All our papers are original and written from scratch. We will email you a plagiarism report alongside your completed paper once done.
Free Revisions
All papers are submitted ahead of time. We do this to allow you time to point out any area you would need revision on, and help you for free.
Title-page
A title page preceeds all your paper content. Here, you put all your personal information and this we give out for free.
Bibliography
Without a reference/bibliography page, any academic paper is incomplete and doesnt qualify for grading. We also offer this for free.
Originality & Security
At Homework Sharks, we take confidentiality seriously and all your personal information is stored safely and do not share it with third parties for any reasons whatsoever. Our work is original and we send plagiarism reports alongside every paper.
24/7 Customer Support
Our agents are online 24/7. Feel free to contact us through email or talk to our live agents.
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.
Our Services
We work around the clock to see best customer experience.
Pricing
Our prces are pocket friendly and you can do partial payments. When that is not enough, we have a free enquiry service.
Communication
Admission help & Client-Writer Contact
When you need to elaborate something further to your writer, we provide that button.
Deadlines
Paper Submission
We take deadlines seriously and our papers are submitted ahead of time. We are happy to assist you in case of any adjustments needed.
Reviews
Customer Feedback
Your feedback, good or bad is of great concern to us and we take it very seriously. We are, therefore, constantly adjusting our policies to ensure best customer/writer experience.