代写INFOSYS 341, Information Security in Business Semester Two 2024代做留学生Matlab编程

INFOSYS 341, Information Security in Business

Semester Two 2024

Lab Assignment#2 (15%)

Cryptography, Protection Mechanism, Network Security and Digital Forensics

Assignment Description

In this assignment, you will be required to demonstrate how to:

 communicate securely using classic and modern ciphers

 bypass password protection mechanism

 monitor and secure a network against threats such as phishing and known vulnerabilities that could be exploited

 facilitate forensic readiness in a company in preparation for a digital forensic investigation of suspected company data exfiltration

 demonstrate conducting a forensic investigation of company data exfiltration incident

The purpose of this assignment is to develop your understanding of cryptography, protection mechanism, network security and digital forensics through hands on activities.

Instructions:

For each of the following scenarios you are required to provide an outline of how you would implement it and provide corroborating documentation of how you conducted the activity.

1. Cryptography

Encryption is a security mechanism that facilitates confidential communication.

 1.1 Demonstrate using classic ciphers how Bob and Mary could securely communicate

o Comment on the security of each cipher

o Attach screenshots of the encryption and the decryption processes

 1.2 Demonstrate using 2 modern ciphers how Bob and Mary could securely communicate

o Comment on the security of each cipher

o Comment on which aspect of CIA was protected in your demonstration

o Attach screenshots of the encryption and decryption processes

 1.3 Briefly outline how Bob and Mary could securely communicate sensitive information in a manner that ensures confidentiality, and authenticity of the messages.

o Attach screenshots of the key pair generation, encryption and decryption processes

2. Protection Mechanism – Passwords

Passwords play a fundamental role in ensuring confidentiality, availability and accessibility of resources. During an investigation of a device suspected to be compromised and used for nefarious purposes some artifacts were discovered in relation to exfiltration of company data. Amongst these artifacts is a password protected PDF file purported to contain staff information that was exfiltrated.

 2.1 Using the wordlist.txt file and staffdetails.pdf file, demonstrate how you would proceed to open the password protected file and confirm its contents.

o Provide corroborating documentation for your findings

o Attach screenshots of the password cracking session

3. Network Security

A suspected phishing attack has been reported within your network. You are tasked with investigating this incident. A network capture file phising.pcap is provided for analysis.

 3.1 Using the phishing.pcap file, briefly outline how you would proceed with this investigation.

 3.2 Demonstrate the outlined steps with corroborating documentation where possible. Summarize your findings stating what you determined to have transpired

o Attach screenshots of the outlined steps and results

After the phishing incident, it was determined that having an up-to-date record of the devices on your network is fundamental to ensuring network security.

 3.3 Using your home local area network, briefly outline how you would proceed with maintaining a record of the devices on your network.

o Attach screenshots of this initial step

 3.4 Demonstrate how you would determine the devices on your network, services running on those devices and any potential vulnerabilities on those devices that require mitigation

 3.5 Provide corroborating documentation for each step that was undertaken

o Attach screenshots for each step undertaken and the results

 3.6 Summarize your findings and comment on the security of your local area network

4. Digital Forensics

M57.biz is a hip web start-up developing a body art catalog. Facts of the case:

A spreadsheet containing confidential information was posted as an attachment in the "technical support" forum of a competitor's website.

The spreadsheet came from CFO Jean's computer. You are given a copy of the spreadsheet, "m57plan.xlsx" and a disk image of Jean’s laptop, files nps-2008-jean.E01 and nps-2008-jean.E02

As the lead investigator of this case:

 4.1 Briefly outline your recommendations for M57.biz to be forensically ready for this investigation

 4.2 Briefly describe how you would proceed with this investigation

 4.3 Demonstrate the steps undertaken during this investigation

o Provide corroborating documentation for each step

 4.5 Summarize your findings and comment on Jean’s involvement in this incident.

o Attach screenshots for each step undertaken.