SPR100编程代写、代写c/c++，Python程序代做

日期：2021-10-16 09:49

SPR100 Labs Assignment 2 (5%): Risk, Network Traffic and Encryption Overview: In this assignment you are going to learn how to think about threats, vulnerabilities and controls, demonstrate some simple risk calculations, demonstrate some simple traffic filtering techniques and demonstrate encryption and digital signatures. Objective: 1. Do self-directed learning. 2. Gain a better knowledge of: ? Risks and do some simple risk calculations ? Wireshark and some of its features ? Encryption and digital signatures Activities Part 1: Threats, Vulnerabilities and Controls (1%) Here you will apply your knowledge of risk management by working backwards from a set of ‘controls’ to possible threats. There are many websites and news articles that give you a list of tips on how to safely use your computer and the Internet and most of these articles offer similar guidance to the following: 1. Patch, patch, patch 2. Install protective software 3. Choose strong passwords 4. Backup, backup, backup 5. Control access to your computer (devices) 6. Use email and the Internet safety 7. Use secure connections 8. Protect sensitive data 9. Use desktop firewalls 10. Stay informed Select four (4) items from items 2 to 10 on list above, determine the likely control each item represents, the vulnerability it is likely protecting against, the threat that would take advantage of the vulnerability and then explain how these all fit together. See the table below for an example. Guidance Control Vulnerability Threat Explanation Patch, patch, patch Deter Software: Holes, Bugs or Insufficient Testing Directed Patching ensures the software is most up to date such that it better Page 1 of 4 SPR100 Labs defends software attacks through eliminating/reducing software holes, bugs and poor testing. For ‘Threats’ and ‘Control’ use those given in Week 2 and 3 presentations. Ensure that you give enough information for the vulnerability and explanation so that it is clear to the reader as to what you are meaning. Add your four (4) additional entries to the table above and insert the table in your assignment report under the heading of Threats, Vulnerabilities and Controls. Part 2: Risks Calculations (1%) Now that we have touched on threats, vulnerabilities and controls, we’ll briefly look at calculating risk and do some simple risk calculations based on the method given in class: ALE = Likelihood x Potential Impact If you recall, the data in class was presented in the following manner. Threat Vulnerability Likelihood Potential Impact ALE Rank Technological Obsolescence Server Failure (data loss) 50% $1000 $500 Below is given the threats, vulnerabilities, chance of a threat happening, and the cost if the threat successfully exploits the vulnerability. You need to calculate the risk (in this case the ALE), and rank the vulnerabilities in terms of risk. Information: ? You can expect to have a technical failure of hardware, specifically of a server to happen once every three (3) years. The server loss will mean data loss. The impact if this happens will cost you $1500 due the need to replace the server and restore the data. ? There has also been an increase in software attacks by script kiddies and you know they cause data loss as they just love wiping all the servers. From talking with your friends you have determined that this happens about once every two (2) years. Fortunately, you keep backups and it takes only a day to restore wiped servers at a cost of $500. ? If that is not enough, you know from the press that information extortion is on the rise through Ransomware. Attacks are more common than they were at once every two years. All you need to do is restore all the encrypted servers. ? From talking with security you know that theft of your multilayer switch is probably likely to happened once in ten (10) years. This is a nuisance as it will $3600 as you have to reconfigure your remaining router and it takes time to get a replacement router. Do the calculations based on the data above and enter the data into the table above and insert the table into your assignment report under the heading Risk Calculations. Now rank you risks, with “1” being the highest risk. Page 2 of 4 SPR100 Assignments Part 3: Network Traffic Filtering (2%) One area of concern in IT security is secure connections. In this section of the assignment you’ll be given some self-directed learning and then gain a few skills with Wireshark. Resources: ? Packet Analyzer (Wikipedia) ? Wireshark (Wikipedia) ? Wireshark (Official Website) ? Wireshark online documentation ? Wireshark User Guide PDF Data Packets and IP Addresses Before we can discuss Wireshark in detail you need to understand networks a little more, such as IP addresses and data packets. Discussing networks and how they work is a course unto itself. The purpose here is to give you some information as a starting point. Read the following two (2) links as they will help you better understand the later parts. ? IP Addresses ? Data Packet Introduction to Wireshark In this part we will be introducing you to the packet analyzer Wireshark. Steps: 1. Read the material on Packet Analyzers and Wireshark from Wikipedia (see above) to get an idea of the tool you’ll be using. 2. Open the application Wireshark – so you can see the interface while you read the manual. Wireshark in available on the Windows 10 virtual machine and on all College computers. 3. Read the following sections of the Wireshark manual: 1 Introduction 3 User Interface While you are reading the manual don’t hesitate to explore the Wireshark application. Demonstrating Traffic Filtering (2%) Here you are going to apply some of your knowledge of Wireshark to filter out unnecessary information. This skill will become invaluable in the future when you do a lot of packet sniffing. Steps: 1. Open the application Wireshark 2. Read the following sections of the Wireshark manual: 5 File Input, Output, and Printing 5.1 Introduction 5.2 Open capture files 6 Working with captured Packets 3. Open the pcap that is posted on Blackboard with this assignment. 4. Demonstrate you know how to filter the traffic by showing screen captures of specific types of protocol packets in the opened pcap: a) DNS protocol packets – take as screenshot and name it MSU_DNS.jpg b) HTTP protocol packets where the http host is “www.darkreading.com” – take as screenshot and name it MSU_HTTP.jpg. Page 3 of 4 SPR100 Assignments c) DNS or TCP protocol packets (i.e. protocol packet with either protocol types) – take as screenshot and name it MSU_DNS_TCP.jpg. Make sure that both types of packets are visible in the screen shot d) TCP and TLS protocol packets (i.e. packets that include both protocol types) – take as screenshot and name it MSU_TCP_TLS.jpg 5. Insert the images, each with an appropriate subheading, into your assignment report under the heading Traffic Filtering. Note: ? The Wireshark filter needs to be visible in each screenshot, otherwise it will be automatically considered incorrect. ? A command prompt with name, date and time in the title needs to be visible in each screenshot. Part 4: Encryption and Digital Signatures (1%) Protecting our web traffic is often done behind the scenes through the use of SSL. More often than not our email traffic is insecure. Given this, you are going to learn to send encrypted and digitally signed emails. For this you will need to use GoAnywhere OpenPGP Studio (OPS) from Go Anywhere (you are expected to install this on your Windows 10 VM) and learn how to use it. To demonstrate you have learnt to do use this application, send your instructor two emails from your Seneca email account: ? An email with your Public key ? And email with a message encrypted with the instructor’s Public key (available on the course website) and signed with your Private key. The encrypted message should say “I have completed this part of the assignment” ? The Subject line of your email should be “SPR100: Encrypted Message” Nothing needs to be included in your assignment report. Assignment Write-up Follow the formatting guidelines given on Blackboard for lab reports. Deliverable Submit your assignment through Blackboard. Note: ? Submissions deadlines are given through the assignment submission link. ? Labs submitted late will be penalize 50% per day. ? Late assignments still need to be satisfactorily completed and submitted by the end of Week 12 to meet SPR100’s Promotion Requirements. Page 4 of 4