Topics:· Security Consideration when segmenting a network· Vulnerability assessment· Securing the Network Topology using:· Firewalls· Penetration test & role of security team· Access policies· Monitoring System Access and Use Policy· DOS Attacks· Availability and Business Continuity

 

Prepared by: Dr. Ghassan Kbar Moderated by: Dr Sihui (Sue) Zhou May 2019

Assessment Details and Submission Guidelines

Trimester T1, 2019

Unit Code BN223

Unit Title Cyber Security Principles

Assessment

Author

Dr Ghassan Kbar

Assessment Type Group (of 2 or 3) (Assignment 2)

Assessment Title Assignment 2 – Cyber Security Network Design and Assessment

Unit Learning

Outcomes

covered in this

assessment

Students should be able to demonstrate their achievements in the following unit

learning outcomes:

a. Understand the Common Security Countermeasures

b. Managing security programs, and design a secure Network Topology

Weight 15% of Total Assessment

Total Marks 100

Word limit See instructions

Due Date Friday 31st May 2019 11:55PM

Submission

Guidelines

 All work must be submitted on Moodle by the due date along with a completed

Assignment Cover Page.

 The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font

and 2 cm margins on all four sides of your page with appropriate section headings.

 Reference sources must be cited in the text of the report, and listed appropriately

at the end in a reference list using APA or IEEE referencing style for School of

Business and School of Information Technology and Engineering respectively.

Extension  If an extension of time to submit work is required, a Special Consideration

Application must be submitted directly to the School's Administration Officer, in

Melbourne on Level 6 or in Sydney on Level 7. You must submit this application

three working days prior to the due date of the assignment. Further information is

available at:

http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-andguidelines/specialconsiderationdeferment

Academic

Misconduct

 Academic Misconduct is a serious offence. Depending on the seriousness of the case,

penalties can vary from a written warning or zero marks to exclusion from the course

or rescinding the degree. Students should make themselves familiar with the full

policy and procedure available at: http://www.mit.edu.au/about-mit/institutepublications/policies-procedures-and-guidelines/Plagiarism-AcademicMisconduct-Policy-Procedure. For further information, please refer to the

Academic Integrity Section in your Unit Description.

BN223 Cyber Security Principles Page 2 of total pages

Prepared by: Dr. Ghassan Kbar Moderated by: Dr Sihui (Sue) Zhou May, 2019

Assignment Description

Tasks:

There are two parts to this assignment, i.e. part A and part B.

A. Write a review article for the topic described below. Note that final mark of part A would be affected

by the presentation result of part B. This is to assure that students understand the work presented in

part A. overall mark of part A could be deducted by 50% for poor presentation 90 marks

B. Presentation (to present a maximum of 8 slides in 8 minutes) 10 marks

Part A description:

Topic – infrastructure can be limited to one location or, widely distributed, including branch locations

and home offices. Access to the infrastructure enables the use of its resources. Infrastructure access

controls include physical and logical network design, border devices, communication mechanisms,

and host security settings. Because no system is perfect, access must be continually monitored; if

suspicious activity is detected, a response must be initiated.

Figure 1 shows the topology of a network that has not been properly segmented.

The network topology consists of a Call center, a Branch, a Warehouse, and a Data center.

BN223 Cyber Security Principles Page 3 of total pages

Prepared by: Dr. Ghassan Kbar Moderated by: Dr Sihui (Sue) Zhou May, 2019

 The Call center shows two file servers, one application server, and a database server that is

connected together directly and diagonally. The file server on the left is connected to two

laptops and the file server on the right is connected to a telephone. The application server is

connected to two servers on the right and left and to a switch.

 The Branch consists of a file server that is connected to a laptop, telephone, and to a switch

that is further connected to a credit card reader at the top and to a server on the right and to a

database server at the bottom.

 The Warehouse consists of a file server that is connected to a laptop and a telephone at the top,

an application server at the bottom that is further connected to a database server at the bottom.

The database server of the call center, branch, and the warehouse are connected to the two

database servers of the data center.

 The data centers are connected to two application servers directly and diagonally. The

application servers are connected to two database servers at the bottom and to a firewall on the

right that is further connected to a switch. The application servers are connected to the “POS

Application” consisting of a set of two servers that are connected to each of the application

servers. Each server is again connected to the “Identity and Authentication System” consisting

of two application servers on the right and two servers on the left. The two application serves

on the left and right are connected to two servers. The switch at the top is connected to a service

provider that is further connected to acquiring banks.

You need to cover the following topics

Why Segment a Network?

Working from the inside out, network segments include the following types:

 Enclave network: A segment of an internal network that requires a higher degree of protection.

 Trusted network (wired or wireless): The internal network that is accessible to authorized

users.

 Semi-trusted network, perimeter network, or DMZ: A network that is designed to be

Internet accessible. Hosts such as web servers and email gateways are generally located in the

DMZ.

 Guest network (wired or wireless): A network that is specifically designed for use by visitors

to connect to the Internet.

 Untrusted network: A network outside your security controls. The Internet is an untrusted

network.

1. Security Consideration when segmenting a network:

a. Apply security measures to secure the access of internal network.

BN223 Cyber Security Principles Page 4 of total pages

Prepared by: Dr. Ghassan Kbar Moderated by: Dr Sihui (Sue) Zhou May, 2019

b. Apply security measures to secure the access of external network.

c. Apply security measures to secure the access of perimeter network.

d. Apply security measures to secure the access of guest network.

e. Apply security measures to secure the access of data sent over public network.

Securing the Network Topology: The network topology in Figure 1 shows an enterprise that has a

call center, a branch office, a warehouse, and a data center. The branch is a retail office where

customers purchase their goods and the enterprise accepts credit cards. Users in the call center and the

warehouse have access to the resources in the Branch office and vice versa. They also have access to

resources in the data center. If any device is compromised, an attacker can pivot (or move laterally) in

the network.

2. List all assets at the branch and call centre, and assess the vulnerability associated with these

assets assuming that database server is based on SQL, and file servers and application servers

are running at Window server platform.

3. You need to redesign this network by adding relevant Firewalls to allow the traffic from the

credit card readers to communicate only with specific servers in the data center. Draw a

diagram to show the location of the proposed firewalls and explain their roles. (Note you need

to consider securing the access at different levels as described in network segmentation above)

a. Firewall can be based on content filtering or other techniques. Explain the role of

Content Filtering and Whitelisting/Blacklisting. Comment on which section (call

centre, branch, and warehouse) this content firewall would be helpful.

4. Explain the role of Border Device Administration and Management that can be used to

enhance the network security.

5. Different role of security team such as Blue, Red, and Purple can have impact of the network

security.

Creating a Request for RFP for Penetration Testing

You have been asked to send out a red team penetration testing Request for Proposal (RFP)

document.

a) Explain what is often referred to as a “red team.”

b) Explain the difference between a red team and a blue team.

c) Find three companies to send the RFP to. Explain why you chose them.

d) The selected vendor will potentially have access to your network. Describe the due

diligence criteria that should be included in the vendor selection process. Select one of

the companies from the previous step and find out as much as you can about them (for

example, reputation, history, credentials).

6. Access Control:

a. Explain the role of Border Device Security Access Control Policy

b. Explain the remote access security policy.

c. Develop a relevant User Access Control and Authorization Policy

d. The following example Role-based access controls (RBACs) (also called

“nondiscretionary controls”) are access permissions based on a specific role or

function. Administrators grant access rights and permissions to roles. Users are then

associated with a single role. There is no provision for assigning rights to a user or

group account.

Let’s take a look at the example illustrated in Figure 2

BN223 Cyber Security Principles Page 5 of total pages

Prepared by: Dr. Ghassan Kbar Moderated by: Dr Sihui (Sue) Zhou May, 2019

In the sample “Omar (Engineer)” is shown at the top right and “Jeannette (Sales)” is shown at

the bottom right. The Access is granted to three Engineering Servers and Applications at the

top left from the Omar. From Jeannette, the Access is granted to the Sales Applications at the

bottom left and the Access is denied to the Engineering Servers and Applications.

i. Explain why Omar can access the Engineering servers and applications but not

Jeannette.

ii. Give examples on how to implement Role-based access controls in Windows and Linux

7. Explain a relevant Monitoring System Access and Use Policy

Reviewing user access permissions can be a time-consuming and resource-intensive process

and is generally reserved for applications or systems that have information classified as

“protected” or “confidential.”

a) Comment if student portal at your school would be subject to an annual user access

permission audit or not and why.

b) Automating review processes contributes to efficiency and accuracy. Research options for

automating the user access review process and make a recommendation.

8. Researching a DDoS Attack:

a. Find a recent news article about DDoS attacks.

b. Explain who were the attackers and what was their motivation.

c. Describe the impact of the attack, and what should the victim organization do to mitigate

future damage.

9. Analyze the network availability at the Datacenter and develop a Business Continuity plan to

handle a possible crisis associated with flood or earthquake.

Reference: Sari Greene, Omar Santos, “Developing Cybersecurity Programs and Policies, Third

Edition”, Pearson IT Certification, July 2018.

Instructions:

Prepare your article as below

BN223 Cyber Security Principles Page 6 of total pages

Prepared by: Dr. Ghassan Kbar Moderated by: Dr Sihui (Sue) Zhou May, 2019

1. Go to the IEEE website and download the WORD template for the format.

https://www.ieee.org/publications_standards/publications/authors/author_templates.html

2. Another link for the template:

https://www.ieee.org/publications_standards/publications/journmag/ieee_tj_template_17.pdf

3. Read and familiarize yourself with the instructions carefully.

4. Prepare a paper using the IEEE format and the example attached. Follow the template if there are any

confusions. Also, refer to the link below to have ideas how to start (see section 6).

(https://www.ieee.org/publications_standards/publications/authors/author_guide_interactive.pdf)

5. Complete the assignment (minimum 5 and maximum 8 pages) including all the sections below. The

number of words will be counted thoroughly and you must keep the minimum number of words to

avoid any penalties.

 Title (maximum 15 words)

 Abstract (200 – 250 words)

 Introduction (500 – 1000 words)

 Literature Review (500 – 1000 words)

 Main body (1000 – 1500 words)

 Conclusion (200 – 300 words)

 References (minimum 10 references)

6. The article must be a ‘Review’1 article including at least 10 references and not more than 25.

7. Strictly follow the IEEE reference format for in-body citations and the references section.

8. See the files listed in 4 for guidance on how to prepare a review paper. You can also find thorough

instructions from IEEE and the Internet.

9. Contents must include:

 History and background of the topic

 What are the challenges and drawbacks, what solutions and workouts they found

 Possible options (solutions) and future research areas proposed

 Scopes of topic, progress of developments such as requirements, benchmarking, purposes &

objectives, stakeholders, owners, roles and responsibilities where applicable.

 Flowchart

 Include a minimum of two (2) figures to show the overall concept and summarized overview of

the topic from the review of minimum 10 – 15 (but not limited to) papers.

 Include some tables to summarize the result of findings

 

1 See http://www.editage.com/insights/6-article-types-that-journals-publish-a-guide-for-early-career-researchers

BN223 Cyber Security Principles Page 7 of total pages

Prepared by: Dr. Ghassan Kbar Moderated by: Dr Sihui (Sue) Zhou May, 2019

 How each organization approaches, initiates, develops procedures and ownerships, and what

results they got, and how it affected their businesses.

 What you conclude in terms of the topic/solutions to implement in an organization. Consider

other aspects to include for a good review paper.

10. Remember to strictly follow the template and the instructions above to avoid penalties.

Part B description:

Prepare 5 slides for presentation during the lab class. Read the instruction attached carefully.

BN223 Cyber Security Principles Page 8 of total pages

Prepared by: Dr. Ghassan Kbar Moderated by: Dr Sihui (Sue) Zhou May, 2019

Marking criteria:

Example of marking criteria is shown in following table. Marks are allocated as follows:

Note: The marking criteria varies for each assignment

Section to be included in

the report

Detailed Description of the Criteria Marks

Conforming to the

template and format

No marks will be given and severe penalties will apply for

any breach of the format and template. Fonts, sizes,

spacing, captions, headings, page size limitation etc. will

also be checked thoroughly. Be thorough and follow fully

when using the template and format instruction to avoid

penalties.

10

Figures and tables

created

They should be created yourself and not copied from

elsewhere. For full marks you should create at least 2

figures and 2 tables. Any other figures or tables taken

from references must be cited correctly in the

assignment.

10

Literature review Severe penalties apply for simple listing and describing. It

should be a logically support analysis that reaches the

review conclusion that should be included at the end of

the section. Check word limit. This section should cover

topics related to Securing the Network Topology and the

use of multiple layers of security.

10

Main sections Main body structures and contents quality including word

limit. Can add multiple sections to address each topic as

required and listed in the topic description above. The

content must address the issue properly by writing your

own conclusion of the topic. This should include the

topics and explanation to consideration listed in part A.

Topics:

 Security Consideration when segmenting a

network

 Vulnerability assessment

 Securing the Network Topology using:

 Firewalls

 Penetration test & role of security team

 Access policies

 Monitoring System Access and Use Policy

 DOS Attacks

 Availability and Business Continuity

50

In body citation Strictly follow the order and instruction by IEEE. Check

when/where to put the citation. See attached files and

search the internet for guidelines

5

References section Check whether they follow the instruction. Otherwise, no

marks will be provided. You need to have a reference to

at least 5 reputed conferences/journals such as IEEE, and

cited them correctly on the assignment section.

5

Presentation Presentation skills and materials quality 10

Total 100

BN223 Cyber Security Principles Page 9 of total pages

Prepared by: Dr. Ghassan Kbar Moderated by: Dr Sihui (Sue) Zhou May, 2019

Example Marking Rubric for Assignment #: Total Marks 100

Note: The marking criteria varies for each assignment

Marking

Rubric

Criteria/

Grades

High

Distinction

(HD)

[Excellent]

>80%

Distinction

(D) [Very

Good]

70%-80%

Credits

(C) [Good]

60%-70%

Pass (P)

[Satisfactory]

50%-60%

Fail (N)

[Unsatisfactory]

<>

Criteria 1 Concise and

specific to the

project

Topics are

relevant and

soundly

analysed.

Generally

relevant and

analysed.

Some

relevance and

briefly

presented.

This is not

relevant to the

assignment

topic.

Criteria 2 Demonstrated

excellent

ability to think

critically and

sourced

reference

material

appropriately

Demonstrated

excellent

ability to think

critically but

did not source

reference

material

appropriately

Demonstrated

ability to think

critically and

sourced

reference

material

appropriately

Demonstrated

ability to think

critically and

did not source

reference

material

appropriately

Did not

demonstrate

ability to think

critically and did

not source

reference

material

appropriately

Criteria 3 Demonstrated

excellent

ability to think

critically and

sourced

reference

material

appropriately

Demonstrated

excellent

ability to think

critically but

did not source

reference

material

appropriately

Demonstrated

ability to think

critically and

sourced

reference

material

appropriately

Demonstrated

ability to think

critically and

did not source

reference

material

appropriately

Did not

demonstrate

ability to think

critically and did

not source

reference

material

appropriately

Criteria 4 All elements

are present

and very well

integrated.

Components

present with

good cohesive

Components

present and

mostly well

integrated

Most

components

present

Proposal lacks

structure.

Criteria 5 Logic is clear

and easy to

follow with

strong

arguments

Consistency

logical and

convincing

Mostly

consistent

logical and

convincing

Adequate

cohesion and

conviction

Argument is

confused and

disjointed

Criteria 6 Clear styles

with excellent

source of

references.

Clear

referencing

style

Generally

good

referencing

style

Sometimes

clear

referencing

style

Lacks

consistency

with many

errors