---
license: mit
language:
- en
---

# Data and Network Security Virtual Machine Lab Environment

This document provides a comprehensive guide for students using the virtual machine (VM) environment designed for the "Data and Network Security" course at UMPSA. This VM contains necessary tools and pre-configured virtual machines to facilitate practical learning of various security concepts and techniques.

## Introduction

This lab setup is designed to help you gain hands-on experience with data and network security principles. It includes a main Virtual Machine (VM) containing necessary files and a set of pre-configured virtual machines for different operating systems to perform various tasks, including penetration testing, network analysis, and understanding different system vulnerabilities.

## Virtual Machine Structure


### VirtualBox VMs

The main VM is configured to launch VirtualBox, and inside the VirtualBox manager you will find the following pre-configured VMs, which will be used for penetration testing and exploration.
*   **Pentest Machine:**
    *   **OS:** Kali Linux 2023
    *   **OS:** Windows Pro Attacker
*   **Windows Machine:**
    *   **OS:** Windows 7 Pro x64

## Lab Instructions and Assignments

The tasks that students need to complete for this module have been designed in a comprehensive manner, encompassing various aspects of computer and network security. All the work must be done inside the main VM environment unless instructed otherwise.

**Lecture Name:** Mr. Syahrizal Azmir Bin Md. Sharif

### Task 1: Cybersecurity Attack Analysis

1.  **Attack Data Collection**:
    *   Find around five significant cybersecurity attacks, whether for a month, a year, or several years of data. Provide a credible source for your attack data.
    *   You can find an example inside the task, but it is imperative to find an updated one.
2.  **Data Processing in Microsoft Excel:**
    *   Using the data gathered, perform calculations and generate graphs using Microsoft Excel.
    *   List total attacks for each category, generate graphs, identify the highest attack, and explain why this attack is most common.
    *   Create a public awareness statement on how to prevent such attacks, providing five actions to users.
3.  **Analysis of Computer Crimes Act (CCA):**
    *   Explore the Computer Crime Act 1997 from the provided link and identify the number of parts in CCA.
    *   List all the offences covered in CCA and identify under which offence does the highest attack you found fall.
    *   Provide a justification for your answer based on your findings.

### Task 2: Cryptography Ciphers

1.  **Cipher Implementations**:
    *   Encrypt the plaintext "WE LOVE INFORMATION SECURITY" using the following ciphers:
        *   Caesar cipher
        *   Playfair cipher (key: "BALL")
        *   Vigenere cipher (key: "START")
        *   Rail fence cipher (key: 4)
        *   Transposition cipher (key: 31524)
        *   RSA algorithm (p=5, q=11, public key e=7)
        *   Diffie-Hellman protocol with monoalphabetic substitution
2.  **Documentation:**
    * Provide the details step by step on how you encrypt and decrypt the provided plaintext.
 3. **Cryptography Code**
    *  Implement the encryption and decryption process using any programming language.
    * Include pseudocode, algorithm, and screenshots of the executed code along with the outputs, explaining each step.

### Task 3: Malware Analysis

1.  **Malware Research**:
    *   Investigate the following types of malware:
        *   Adware
        *   Spyware
        *   Scareware
        *   Crapware
        *   Roughware
2.  **Documentation:**
    *   Describe each malware type.
    *   Explain how you can get it and what it can do to a computer.
3.  **Table Creation**:
    *   Create a table including a column with the following elements:
        *   Malware
        *   Focus of attack
        *   Threat agent
        *   Symptoms
        *   One real attack case (Name, Date, and Other Related Info)

### Task 4: Exploitation and Vulnerability Scanning

1.  **Metasploit Exploitation**:
    *   Identify and run three exploits on a Windows 7 VM using Metasploit.
    *   Document each step with screenshots and explain the purpose and functionality of each exploit.
2.  **Web Vulnerability Scanning**:
    *   Explore Kali Linux and find two suitable tools or scripts for performing vulnerability scans on a web server.
    *   Use the XAMPP Web Server within your Windows VM.
    *   Document the process, analyze the results, and make a comparison of your tools, including screenshots.

### Task 5: Firewall Implementation

1.  **Third-Party Firewall Setup**:
    *   Search the internet for and download any third-party firewall.
    *   Install it on your Windows 7 VM, and ensure the built-in Windows Firewall is off.
2.  **Exploit Testing**:
    *   Run the three exploits from Task 4 again, verify they succeed without firewall intervention.
3.  **Firewall Configuration**:
    *   Configure the third-party firewall to block the exploits from succeeding.
    *   Provide screenshots of firewall logs confirming that attacks were stopped.

### Task 6: Wireless Network Analysis and Access Point Security

1.  **Wi-Fi Hotspot Setup**:
    *   Create and set up a Wi-Fi hotspot on your computer using a wireless connection.
    *   Connect a phone to this Wi-Fi hotspot.
    *   Provide step-by-step screenshots showing all configuration settings and network connections.
2.  **Network Analysis with Wireshark**:
    *   Run Wireshark on your computer and capture network traffic from the Wi-Fi hotspot.
    *   Try to log into the e-banking system, UMPSA’s Kalam website, and http://testphp.vulnweb.com/login.php using your phone.
    *   Stop the Wireshark capture and analyze the data.
    *   Document all findings, including any clear text transfer of credentials, from your capture.
3.  **Access Point Suggestion**:
    *   Recommend a secure wireless access point for a home environment. Justify the choice based on its security features and functionalities.
    *   Provide references for your selected device.

## VM Access Information

*   **Windows 7 Attacker VM Password:** `1q2w3e4r5t`

## Important Notes

*   All lab exercises are to be done individually.
*   Ensure you thoroughly document each step, including screenshots and explanations, as required.
*   The lab assignments will be evaluated based on learning outcome of CO2, "Construct and organize attack and defence methods into computer and network environments."
*   Pay attention to the detailed tasks described above, as each one has specific instructions that need to be followed closely.
*   Do all of the work on the main VM (Ubuntu) unless instructed otherwise to complete the tasks.
*   All the reports must be written inside the VM environment using the application installed inside the main VM.

## Submission Guidelines

*   Submit your work in a single PDF file.
*   Ensure your front page contains your name, matrix ID, lecture name (**Mr. Syahrizal Azmir Bin Md. Sharif**), and submission date.
*   Each task should be addressed in the order mentioned above, showing all steps from the beginning until the conclusion.
*   References should be clearly listed at the end of the report.
*   Submit your work within the time limits provided by your lecturer.
*   Make sure to fully understand each task by first reading this document carefully, in order to complete all lab assignments successfully.

## License

This project is licensed under the MIT License.