Create README.md

README.md

@@ -1,3 +1,141 @@
----
-license: mit
----
+---
+license: mit
+language:
+- en
+---
+
+# Data and Network Security Virtual Machine Lab Environment
+
+This document provides a comprehensive guide for students using the virtual machine (VM) environment designed for the "Data and Network Security" course at UMPSA. This VM contains necessary tools and pre-configured virtual machines to facilitate practical learning of various security concepts and techniques.
+
+## Introduction
+
+This lab setup is designed to help you gain hands-on experience with data and network security principles. It includes a main Virtual Machine (VM) containing necessary files and a set of pre-configured virtual machines for different operating systems to perform various tasks, including penetration testing, network analysis, and understanding different system vulnerabilities.
+
+## Virtual Machine Structure
+
+### VirtualBox VMs
+
+The main VM is configured to launch VirtualBox, and inside the VirtualBox manager you will find the following pre-configured VMs, which will be used for penetration testing and exploration.
+*   **Pentest Machine:**
+    *   **OS:** Kali Linux 2023
+    *   **OS:** Windows Pro Attacker
+*   **Windows Machine:**
+    *   **OS:** Windows 7 Pro x64
+
+## Lab Instructions and Assignments
+
+The tasks that students need to complete for this module have been designed in a comprehensive manner, encompassing various aspects of computer and network security. All the work must be done inside the main VM environment unless instructed otherwise.
+
+### Task 1: Cybersecurity Attack Analysis
+
+1.  **Attack Data Collection**:
+    *   Find around five significant cybersecurity attacks, whether for a month, a year, or several years of data. Provide a credible source for your attack data.
+    *   You can find an example inside the task, but it is imperative to find an updated one.
+2.  **Data Processing in Microsoft Excel:**
+    *   Using the data gathered, perform calculations and generate graphs using Microsoft Excel.
+    *   List total attacks for each category, generate graphs, identify the highest attack, and explain why this attack is most common.
+    *   Create a public awareness statement on how to prevent such attacks, providing five actions to users.
+3.  **Analysis of Computer Crimes Act (CCA):**
+    *   Explore the Computer Crime Act 1997 from the provided link and identify the number of parts in CCA.
+    *   List all the offences covered in CCA and identify under which offence does the highest attack you found fall.
+    *   Provide a justification for your answer based on your findings.
+
+### Task 2: Cryptography Ciphers
+
+1.  **Cipher Implementations**:
+    *   Encrypt the plaintext "WE LOVE INFORMATION SECURITY" using the following ciphers:
+        *   Caesar cipher
+        *   Playfair cipher (key: "BALL")
+        *   Vigenere cipher (key: "START")
+        *   Rail fence cipher (key: 4)
+        *   Transposition cipher (key: 31524)
+        *   RSA algorithm (p=5, q=11, public key e=7)
+        *   Diffie-Hellman protocol with monoalphabetic substitution
+2.  **Documentation:**
+    * Provide the details step by step on how you encrypt and decrypt the provided plaintext.
+ 3. **Cryptography Code**
+    *  Implement the encryption and decryption process using any programming language.
+    * Include pseudocode, algorithm, and screenshots of the executed code along with the outputs, explaining each step.
+
+### Task 3: Malware Analysis
+
+1.  **Malware Research**:
+    *   Investigate the following types of malware:
+        *   Adware
+        *   Spyware
+        *   Scareware
+        *   Crapware
+        *   Roughware
+2.  **Documentation:**
+    *   Describe each malware type.
+    *   Explain how you can get it and what it can do to a computer.
+3.  **Table Creation**:
+    *   Create a table including a column with the following elements:
+        *   Malware
+        *   Focus of attack
+        *   Threat agent
+        *   Symptoms
+        *   One real attack case (Name, Date, and Other Related Info)
+
+### Task 4: Exploitation and Vulnerability Scanning
+
+1.  **Metasploit Exploitation**:
+    *   Identify and run three exploits on a Windows 7 VM using Metasploit.
+    *   Document each step with screenshots and explain the purpose and functionality of each exploit.
+2.  **Web Vulnerability Scanning**:
+    *   Explore Kali Linux and find two suitable tools or scripts for performing vulnerability scans on a web server.
+    *   Use the XAMPP Web Server within your Windows VM.
+    *   Document the process, analyze the results, and make a comparison of your tools, including screenshots.
+
+### Task 5: Firewall Implementation
+
+1.  **Third-Party Firewall Setup**:
+    *   Search the internet for and download any third-party firewall.
+    *   Install it on your Windows 7 VM, and ensure the built-in Windows Firewall is off.
+2.  **Exploit Testing**:
+    *   Run the three exploits from Task 4 again, verify they succeed without firewall intervention.
+3.  **Firewall Configuration**:
+    *   Configure the third-party firewall to block the exploits from succeeding.
+    *   Provide screenshots of firewall logs confirming that attacks were stopped.
+
+### Task 6: Wireless Network Analysis and Access Point Security
+
+1.  **Wi-Fi Hotspot Setup**:
+    *   Create and set up a Wi-Fi hotspot on your computer using a wireless connection.
+    *   Connect a phone to this Wi-Fi hotspot.
+    *   Provide step-by-step screenshots showing all configuration settings and network connections.
+2.  **Network Analysis with Wireshark**:
+    *   Run Wireshark on your computer and capture network traffic from the Wi-Fi hotspot.
+    *   Try to log into the e-banking system, UMPSA’s Kalam website, and http://testphp.vulnweb.com/login.php using your phone.
+    *   Stop the Wireshark capture and analyze the data.
+    *   Document all findings, including any clear text transfer of credentials, from your capture.
+3.  **Access Point Suggestion**:
+    *   Recommend a secure wireless access point for a home environment. Justify the choice based on its security features and functionalities.
+    *   Provide references for your selected device.
+
+## VM Access Information
+
+*   **Windows 7 Attacker VM Password:** `1q2w3e4r5t`
+
+## Important Notes
+
+*   All lab exercises are to be done individually.
+*   Ensure you thoroughly document each step, including screenshots and explanations, as required.
+*   The lab assignments will be evaluated based on learning outcome of CO2, "Construct and organize attack and defence methods into computer and network environments."
+*   Pay attention to the detailed tasks described above, as each one has specific instructions that need to be followed closely.
+*   Do all of the work on the main VM (Ubuntu) unless instructed otherwise to complete the tasks.
+*   All the reports must be written inside the VM environment using the application installed inside the main VM.
+
+## Submission Guidelines
+
+*   Submit your work in a single PDF file.
+*   Ensure your front page contains your name, matrix ID, lecture name, and submission date.
+*   Each task should be addressed in the order mentioned above, showing all steps from the beginning until the conclusion.
+*   References should be clearly listed at the end of the report.
+*   Submit your work within the time limits provided by your lecturer.
+*   Make sure to fully understand each task by first reading this document carefully, in order to complete all lab assignments successfully.
+
+## License
+
+This project is licensed under the MIT License.