计算机代写|COMP08094 Ethical Hacking: Tools & Techniques

(>= 70%)

Scenario:

GradHat offers qualifications for international students who would like to pursue their undergraduate level degrees with UK universities. GradHat has a wide range of international partnership agreements with universities and higher education institutions worldwide. These include progression route partnerships and overseas delivery partnerships. GradHat offers partner universities in the UK the opportunity to promote their undergraduate and postgraduate courses with its overseas delivery partners.

As GradHat expands its operation in the UK the higher education provider has become concerned about the cyber-security threats posed at its IT infrastructure in the Demilitarised Zone (DMZ). The concerned board of directors have unanimously agreed to commission a cybersecurity analyst (you) to carry out pen-testing on GradHat’s internet-facing IT Infrastructure.

Part: A

Question 1:  [10 Marks]

The security analyst discovers the IT department has not maintained a record of

The security analyst is required to find all the information (a- e) above and record and evidence them for future use. Use the web URL https://www.gradhat.uk as the starting point and appropriate foot printing tools to produce an immaculate report.

(Your answers MUST describe the tools and steps you used and MUST include screenshots of the output of the tools)

Question 2:  [15 marks]

The security analyst needs to gather more information about the operating systems, services and ports to ensure the security of the infrastructure. Use an appropriate tool(s) to carry out interactive network scans on the IP addresses discovered in part (d) of question 1. Describe your findings in detail.

(Your answers MUST describe the tools and steps you used and MUST include screenshots of the output of the tool(s))

Part: B

Question 1:  [8 Marks]

The security analyst overhears an IT member saying “We patched the Open-Relay on the mail server”. The security analyst is now concerned about the implications of an Open-Relay mail server.

(Your answers MUST describe the tools and steps you used and MUST include screenshots of the output of the tool)

Question 2:  [9 Marks]

Use a packet crafting tool to verify if gradhat.uk server is configured to curb any ICMP echo-reply attack. Security analyst must also provide screenshots of the sniffed packets (You will need to download and install Wireshark on Windows 10 VM), use diagrams to elaborate the ICMP echo-reply attack

(Your answers MUST describe the tools and steps you used and MUST include screenshots of the output of the tool(s))

Question 3:  [9 Marks]

The staff members at GradHat have been complaining about the access performance of the web at https://www.gradhat.uk. The staff believes their web is vulnerable and do not want to access it anymore. The security analyst is required to ensure that GradHat’s web is not vulnerable. Use Nessus cradle to carry out pen-testing on https://www.gradhat.uk. Describe how you carried out the scan and attach not more than 3 screenshots of the final report.

(Your answers MUST describe the tools and steps you used and MUST include screenshots of the output of the tool)

Question 4:  [9 Marks]

What is a SYN-Flood attack? Why SYN-Flood attack is not possible using UDP? Use appropriate diagrams to describe your answer. Use an appropriate tool in a virtual environment (lab) to demonstrate your knowledge on SYN-Flood attack. Use a diagram to elaborate SYN-Flood attack.

(Your answers MUST describe the tools and steps you used and MUST include screenshots of the output of the tool)

The file should be submitted to Moodle are:

Front page of the submission should include:

Module Code: COMP08094

Assignment report title: Assignment on Ethical Hacking: Tools & Techniques

Student # (e.g.,2158795252 ):

Include the statement below:

‘I certify that all material in this submission is my own work. I have read and understood the section in the university regulations regarding collusion, cheating and plagiarism. I confirm I have not purchased/commissioned material which is presented as my own, including the use of online services’.

a.Introduction

b.Part A (Q1 and 2)

c.Part B (Q1, 2, 3 and 4)

d.References

5.Submit your answer booklets via Moodle site

6.The coursework is divided into 2 PARTS: A and B (Answer ALL questions in PART A and PART B)

7.Home machines can be used to carry out the tasks.