代写COMP 3704 NETWORK SECURITY: ASSIGNMENT 1

- 首页 >> CS

COMP 3704 NETWORK SECURITY: ASSIGNMENT 1
Submission deadline: Friday 1st September, 2023, 5:00pm AET
Submission Procedure: see Wattle page for this course.
This assignment will be worth 30% of the total marks for this course.
Overview
The assignment takes the form of a CTF. You are given an ip address from which you can
obtain up to 12 flags. You are not told beforehand any information about problems though
can expect the vulnerabilities will have been covered in the lectures. Please be careful to
follow the assignment instructions when preparing your report for submission.
Objectives
The main objectives of this assignment are for the students to
• Demonstrate that they can explain network security issues
• Demonstrate that they understand threats and vulnerabilities of a network, and can
explain appropriate countermeasures
In particular this assignment is designed to test your ability to exploit common network
vulnerabilities with very little prior information.
Academic Integrity
You are reminded that your assignment submission must be your genuine and original work
with only allowed assistance.
Allowed assistance
• You may use any tools, guides, walkthroughs, etc. provided they are general in
nature (not directly related to this course or assignment).
• You may discuss with your class mates suggested tools and share guides or
walkthroughs for those tools provided they are general in natures. We highly
encourage these to be shared on Ed
Disallowed assistance (non-exhaustive)
Specific information related to this assignment. For example:
• Types of services
• Protocol structures
• Specific exploits
• Port numbers
• Flags
Environment Setup
In the assignment you will be provided with access to a cluster of servers with services
listening on ports between 1000 and 10000. The present ip of the cluster is 13.236.194.222
but this my change (please see the Wattle page for an update if applicable). Your task is to
retrieve as many flags as possible (there are 12 in total) from the cluster of servers and write
a report detailing how you did it. (WARNING: the firewall around the server means pinging
the machine will not work)
In addition to the server cluster, a collection of documents and clients is available to you.
Note: Marks will only be given for flags if they are accompanied by an adequate description
of how it was acquired by using network analysis.
It's likely possible to cause the servers to get into a failed state. If this occurs please notify
Thomas Haines, preferable including information on the input which caused the failure.
There will be guessing involved in this assignment but the spaces are no larger than a byte
which should straightforward to brute force. (The one expectation is the ETLS protocol)
Additional instructions
Please ensure you have completed retrieving the flags by the 25th of August. No additional
time will be given if the servers are unreliable after that point.
Submission Requirements
You will need to submit a report (in PDF). There is no hard limit on the report length, but
please try and keep it below 3000 words (figures/screenshots do not count for the word
count). The marks are spread relatively evenly across the various components of the report.
The report component will be assessed for clarity of explanation. Sufficient details should be
provided of the steps taken and the reasoning behind taking those steps. Simply listing the
commands used without an explanation of why they were taking is insufficient.
Since the mix of exploration and analysis varies between flags, we will not attempt to assign
a fixed weight to each problem.
Please ensure you dedicate significant effort to proposing and justifying countermeasures if
you want a high distinction.
Suggested section heading for your report
1. Title page
2. Services discovered and how they were discovered
3. Flags
a. The flag
b. How it was retrieved (detailed enough to be reproducible)
c. What you think the vulnerability is with justification
d. What countermeasures could have been used to secure the system (if
applicable)
4. Summary (Doesn’t have to be long, just some reflections on the experience)

站长地图