Computer Systems Security - Assignment

THE ASSIGNMENT TASK:

All parts are small academic reports and as such the following report structure is expected for each milestone report:

1. Introduction, where you will discuss your plan for solving the problem introduced by the module team
2. Main Body, where you will develop your arguments
3. Conclusions, where you will critically discuss your findings
4. References, aim for an average of 20 references (yes, 20 for each task!)
5. Appendixes

You are expected to demonstrate an insight into the implications of the problem introduced in each task by using clear and concise arguments. The reports should be well written (and word-processed), showing good skills in creativity and design. Sentences should be of an appropriate length and the writing style should be brief but informative.

During the teaching weeks you will have the opportunity to submit draft copies of your portfolio activities. The module team will provide feedback based on your draft copies and advice regarding your progress (if it is deemed necessary). The deadline for the complete Portfolio is the 19.12.2016.

Task A – “Hacking is not a criminal activity”

Task A is weighted at 25% of the overall portfolio mark. It is expected that this part of the portfolio will be in the region of 1000 words. You are required to expand on the title and develop your arguments to clearly state whether you agree or disagree with the statement in the title: “Hacking is not a criminal activity”. You should explain ‘criminal activity’, define ‘hacking’ and critically argue the statement.

The DRAFT deadline for Task A is on the 17.10.2016 by electronic submission via OnlineNet. You will then receive formative feedback on your work, allowing you the opportunity to reflect on your activities and improve your work where necessary. The final copy of Task A should be included in the final Portfolio. Although there are no allocated marks for references and bibliography you are expected to use appropriate peer reviewed sources for developing your arguments, and the Harvard referencing style as per the University regulations.

Note: please see next page for remaining tasks.

Task B – SOP for PenTesting

Task B is weighted at 25% of the overall portfolio mark. It is expected that this part of the portfolio will be in the region of 1000 words. You are expected to comment on the published penetration testing methodologies and design/develop a Standard Operating Procedure (SOP), including a decision making tree, to describe the phases of: intelligence gathering, target profiling, vulnerability identification, target exploitation and post exploitation. An SOP is defined as a set of step-by-step instructions compiled by an organisation to help workers carry out routine operations.

The DRAFT deadline for Task B is on the 14.11.2016 by electronic submission via OnyNet. You will then receive formative feedback on your work, allowing you the opportunity to reflect on your activities and improve your work where necessary. The final copy of Task B should be included in the final Portfolio. Although there are no allocated marks for references and bibliography you are expected to use appropriate peer reviewed sources for developing your arguments, and the Harvard referencing style as per the University regulations.

Task C – Penetration Test

Task C is weighted at 45% of the overall portfolio mark. It is expected that this part of the portfolio will be in the region of 1000 words. You are expected to conduct a penetration test against a target system that will be provided to you. You are required to present your findings in a PenTest report in a factual manner so as to convince decision makers of a large corporation on business strategies. The target system will be accessible via the Internet. Details regarding the target will be given to you closer to the release day of the Task. During the first weeks of the module you will setup the PenTest rig you will be using for the practical activities. A time booking system will be in place to ensure that all students get appropriate time on a target undertaking this activity.

There is no DRAFT deadline for this Task. The FINAL deadline for Task C and for the WHOLE portfolio is on the 19.12.2016 by electronic submission via OnyNet. Although there are no allocated marks for references and bibliography you are expected to use appropriate peer reviewed sources for developing your arguments, and the Harvard referencing style as per the University regulations.

Overall Portfolio Conclusion and Reflection

The overall portfolio conclusion, offering your reflection on the undertaken activities and the encountered problems carry 5% of the overall portfolio mark.

MODULE LEARNING OUTCOMES ASSESSED BY THIS ASSIGNMENT:

1. a range of current computer security techniques and of how the principles of systems security methods are embodied therein,
2. essential facts, concepts and principles of systems requirements for secure operations and practices,
3. computer systems risks, vulnerabilities, threats analysis, and software security,
4. apply particular computer security techniques to analysis and testing
5. analyse and solve problems in secure systems design and implementation
6. achieve familiarity with methods of secure systems development and to exercise critical evaluation of information accessed from a wide variety of sources

SUBMISSION REQUIREMENTS:

All reports (Milestone reports and Final Portfolio report) must be submitted through OnyNet. Please make a note of the following dates on your calendars.

You are expected to unify all of the milestone draft reports into one cohesive portfolio report. The final portfolio report is an academic report and as such the following report structure is expected:

1. Introduction: up to 250 words, where you will discuss your methodology in approaching the assignment.
2. Task A (25%)
3. Task B (25%)
4. Task C (45%)
5. Overall Conclusions (5%): up to 250 words, where you will reflect on the undertaken activities and encountered problems
6. References: one fused reference list. Do not have a separate reference list for each task of the portfolio,
7. Appendixes

You are required to submit the final portfolio report via OnlineNet in a PDF format using your student number as the filename. This is imperative as the naming template will be used for corroborating what you report in your reports with the log files your PenTest activities will generate.