|
|
--- |
|
|
license: mit |
|
|
language: |
|
|
- en |
|
|
--- |
|
|
|
|
|
# Data and Network Security Virtual Machine Lab Environment |
|
|
|
|
|
This document provides a comprehensive guide for students using the virtual machine (VM) environment designed for the "Data and Network Security" course at UMPSA. This VM contains necessary tools and pre-configured virtual machines to facilitate practical learning of various security concepts and techniques. |
|
|
|
|
|
## Introduction |
|
|
|
|
|
This lab setup is designed to help you gain hands-on experience with data and network security principles. It includes a main Virtual Machine (VM) containing necessary files and a set of pre-configured virtual machines for different operating systems to perform various tasks, including penetration testing, network analysis, and understanding different system vulnerabilities. |
|
|
|
|
|
## Virtual Machine Structure |
|
|
|
|
|
|
|
|
### VirtualBox VMs |
|
|
|
|
|
The main VM is configured to launch VirtualBox, and inside the VirtualBox manager you will find the following pre-configured VMs, which will be used for penetration testing and exploration. |
|
|
* **Pentest Machine:** |
|
|
* **OS:** Kali Linux 2023 |
|
|
* **OS:** Windows Pro Attacker |
|
|
* **Windows Machine:** |
|
|
* **OS:** Windows 7 Pro x64 |
|
|
|
|
|
## Lab Instructions and Assignments |
|
|
|
|
|
The tasks that students need to complete for this module have been designed in a comprehensive manner, encompassing various aspects of computer and network security. All the work must be done inside the main VM environment unless instructed otherwise. |
|
|
|
|
|
**Lecture Name:** Mr. Syahrizal Azmir Bin Md. Sharif |
|
|
|
|
|
### Task 1: Cybersecurity Attack Analysis |
|
|
|
|
|
1. **Attack Data Collection**: |
|
|
* Find around five significant cybersecurity attacks, whether for a month, a year, or several years of data. Provide a credible source for your attack data. |
|
|
* You can find an example inside the task, but it is imperative to find an updated one. |
|
|
2. **Data Processing in Microsoft Excel:** |
|
|
* Using the data gathered, perform calculations and generate graphs using Microsoft Excel. |
|
|
* List total attacks for each category, generate graphs, identify the highest attack, and explain why this attack is most common. |
|
|
* Create a public awareness statement on how to prevent such attacks, providing five actions to users. |
|
|
3. **Analysis of Computer Crimes Act (CCA):** |
|
|
* Explore the Computer Crime Act 1997 from the provided link and identify the number of parts in CCA. |
|
|
* List all the offences covered in CCA and identify under which offence does the highest attack you found fall. |
|
|
* Provide a justification for your answer based on your findings. |
|
|
|
|
|
### Task 2: Cryptography Ciphers |
|
|
|
|
|
1. **Cipher Implementations**: |
|
|
* Encrypt the plaintext "WE LOVE INFORMATION SECURITY" using the following ciphers: |
|
|
* Caesar cipher |
|
|
* Playfair cipher (key: "BALL") |
|
|
* Vigenere cipher (key: "START") |
|
|
* Rail fence cipher (key: 4) |
|
|
* Transposition cipher (key: 31524) |
|
|
* RSA algorithm (p=5, q=11, public key e=7) |
|
|
* Diffie-Hellman protocol with monoalphabetic substitution |
|
|
2. **Documentation:** |
|
|
* Provide the details step by step on how you encrypt and decrypt the provided plaintext. |
|
|
3. **Cryptography Code** |
|
|
* Implement the encryption and decryption process using any programming language. |
|
|
* Include pseudocode, algorithm, and screenshots of the executed code along with the outputs, explaining each step. |
|
|
|
|
|
### Task 3: Malware Analysis |
|
|
|
|
|
1. **Malware Research**: |
|
|
* Investigate the following types of malware: |
|
|
* Adware |
|
|
* Spyware |
|
|
* Scareware |
|
|
* Crapware |
|
|
* Roughware |
|
|
2. **Documentation:** |
|
|
* Describe each malware type. |
|
|
* Explain how you can get it and what it can do to a computer. |
|
|
3. **Table Creation**: |
|
|
* Create a table including a column with the following elements: |
|
|
* Malware |
|
|
* Focus of attack |
|
|
* Threat agent |
|
|
* Symptoms |
|
|
* One real attack case (Name, Date, and Other Related Info) |
|
|
|
|
|
### Task 4: Exploitation and Vulnerability Scanning |
|
|
|
|
|
1. **Metasploit Exploitation**: |
|
|
* Identify and run three exploits on a Windows 7 VM using Metasploit. |
|
|
* Document each step with screenshots and explain the purpose and functionality of each exploit. |
|
|
2. **Web Vulnerability Scanning**: |
|
|
* Explore Kali Linux and find two suitable tools or scripts for performing vulnerability scans on a web server. |
|
|
* Use the XAMPP Web Server within your Windows VM. |
|
|
* Document the process, analyze the results, and make a comparison of your tools, including screenshots. |
|
|
|
|
|
### Task 5: Firewall Implementation |
|
|
|
|
|
1. **Third-Party Firewall Setup**: |
|
|
* Search the internet for and download any third-party firewall. |
|
|
* Install it on your Windows 7 VM, and ensure the built-in Windows Firewall is off. |
|
|
2. **Exploit Testing**: |
|
|
* Run the three exploits from Task 4 again, verify they succeed without firewall intervention. |
|
|
3. **Firewall Configuration**: |
|
|
* Configure the third-party firewall to block the exploits from succeeding. |
|
|
* Provide screenshots of firewall logs confirming that attacks were stopped. |
|
|
|
|
|
### Task 6: Wireless Network Analysis and Access Point Security |
|
|
|
|
|
1. **Wi-Fi Hotspot Setup**: |
|
|
* Create and set up a Wi-Fi hotspot on your computer using a wireless connection. |
|
|
* Connect a phone to this Wi-Fi hotspot. |
|
|
* Provide step-by-step screenshots showing all configuration settings and network connections. |
|
|
2. **Network Analysis with Wireshark**: |
|
|
* Run Wireshark on your computer and capture network traffic from the Wi-Fi hotspot. |
|
|
* Try to log into the e-banking system, UMPSA’s Kalam website, and http://testphp.vulnweb.com/login.php using your phone. |
|
|
* Stop the Wireshark capture and analyze the data. |
|
|
* Document all findings, including any clear text transfer of credentials, from your capture. |
|
|
3. **Access Point Suggestion**: |
|
|
* Recommend a secure wireless access point for a home environment. Justify the choice based on its security features and functionalities. |
|
|
* Provide references for your selected device. |
|
|
|
|
|
## VM Access Information |
|
|
|
|
|
* **Windows 7 Attacker VM Password:** `1q2w3e4r5t` |
|
|
|
|
|
## Important Notes |
|
|
|
|
|
* All lab exercises are to be done individually. |
|
|
* Ensure you thoroughly document each step, including screenshots and explanations, as required. |
|
|
* The lab assignments will be evaluated based on learning outcome of CO2, "Construct and organize attack and defence methods into computer and network environments." |
|
|
* Pay attention to the detailed tasks described above, as each one has specific instructions that need to be followed closely. |
|
|
* Do all of the work on the main VM (Ubuntu) unless instructed otherwise to complete the tasks. |
|
|
* All the reports must be written inside the VM environment using the application installed inside the main VM. |
|
|
|
|
|
## Submission Guidelines |
|
|
|
|
|
* Submit your work in a single PDF file. |
|
|
* Ensure your front page contains your name, matrix ID, lecture name (**Mr. Syahrizal Azmir Bin Md. Sharif**), and submission date. |
|
|
* Each task should be addressed in the order mentioned above, showing all steps from the beginning until the conclusion. |
|
|
* References should be clearly listed at the end of the report. |
|
|
* Submit your work within the time limits provided by your lecturer. |
|
|
* Make sure to fully understand each task by first reading this document carefully, in order to complete all lab assignments successfully. |
|
|
|
|
|
## License |
|
|
|
|
|
This project is licensed under the MIT License. |
