COIT20262 Advanced Network Security Report 2 Sample
Instructions
Attempt all questions.
This is an individual assignment, and it is expected students answer the questions themselves.
Discussion of approaches to solving questions is allowed (and encouraged), however each student should develop and write-up their own answers. See CQUniversity resources on
Referencing and Plagiarism. Guidelines for this assignment include:
• Do not exchange files (reports, captures, diagrams) with other students.
• Complete tasks with virtnet yourself – do not use results from another student.
• Draw your own diagrams. Do not use diagrams from other sources (Internet, textbooks) or from other students.
• Write your own explanations. In some cases, students may arrive at the same numerical answer, however their explanation of the answer should always be their own.
• Do not copy text from websites or textbooks. During research you should read and understand what others have written, and then write in your own words.
• Perform the tasks using the correct values listed in the question and using the correct file names.
Question 1. HTTPS and Certificates [10]
For this question you must use virtnet (as used in the Tutorials) to study HTTPS and certificates. This assumes you have already setup and are familiar with virtnet. See Moodle and workshop instructions for information on setting up and using virtnet, deploying the website, and testing the website.
Your task is to setup a web server that supports HTTPS. The tasks and sub-questions are grouped into multiple phases.
Phase 1: Setup
1. Ensure your MyUni grading system, including new student user and domain of are setup. See the instructions in Assignment 1. You can continue to use the setup from
Assignment 1.
Phase 2: Certificate Creation
1. Using [StudentID]-keypair.pem from Assignment 1, create a
Certificate Signing Request called [StudentID]-csr.pem. The CSR must contain thesefield values:
o State: state of your campus
o Locality: city of your campus
o Organisation Name: your full name
o Common Name: www.[StudentID].edu
o Email address: your @cqumail address
o Other field values must be selected appropriately.
2. Now you will change role to be a CA. A different public/private key pair has been created for your CA as [StudentID]-ca-keypair.pem. As the CA you must:
3. Setup the files/directories for a demoCA
4. Create a self-signed certificate for the CA called [StudentID]-ca-cert.pem.
5. Using the CSR from step 1 issue a certificate for www.[StudentID].edu called [StudentID]-cert.pem.
Phase 3: HTTPs Configuration
1. Configure Apache web server on node3 to use HTTPS where the domain name
www.[StudentID].edu
2. Load the CA certificate into the client on node1.
Phase 4: Testing
1. Start capturing on node2 using tcpdump.
2. On node1, use lynx to visit https://www.[StudentID].edu/grades/ and login to view some grades.
3. Demonstrate to your tutor that your secure website is operating correctly. [4 marks]
3. Exit lynx.
4. Stop the capturing and save the file as [StudentID]-https.pcap. When capturing, make sure you capture a full HTTPS session, and avoiding capturing multiple sessions.
For on-campus students: Step 3 of above should be demonstrated in your allocated Week 9, 10, 11 or Week 12 tutorial class. Your local tutor will be informed you when your demonstration is passed.
For distance students: Unit Coordinator will organise a time for you to demonstrate step 3.
Phase 5: Analysis
(a) Demonstration of secure web site [4 marks]
(b) Submit the following packet capture [StudentID]-https.pcap on Moodle [0.5 marks]
(c) Draw a message sequence diagram that illustrates the TLS/SSL packets belonging to the first HTTPS session in the file. Refer to the instructions in assignment 1 for drawing a message sequence diagram, as well as these additional requirements:
• Only draw the TLS/SSL packets; do not draw the 3-way handshake, TCP ACKs or connection close. Hint: identify which packets belong to the first TCP connection and then filter with “ssl” in Wireshark. Depending on your Wireshark version, the protocol may show as “TLSv1.2”.
• A single TCP packet may contain one or more SSL messages (in Wireshark look inside the packet for each “Record Layer” entry to find the SSL message names). Make sure you draw each SSL message. If a TCP packet contains multiple SSL messages, then draw multiple arrows, one for each SSL message, and clearly label each with SSL message name.
• Clearly mark which packets/messages are encrypted. [2.5 marks]
(d) Explain how an attacker may exploit users accessing https://www.[StudentID].edu/grades/ if they obtained [StudentID]-ca- keypair.pem.You must describe the attack in full, including the steps the attacker would take and how the users' or data would be compromised. [3 marks]
Question 2. Attack Detection from Real Intrusion Dataset [7 marks]
For this question you need to implement three meta-classifiers to identify attack and normal behaviour from the UNSW-NB15 intrusion dataset. You are required to read the data from training set (175,341records) and test set (82,332 records).
You are required to implement it by using the publicly available machine learning software WEKA.
For this task you will need two files available on Moodle:
• training.arff and test.arff.
You need to perform the following steps:
• Import training data.
• For each classifier:
- Select an appropriate classifier
- Specify test option
- Supply test data set
- Evaluate the classifier.
You need to repeat for at least 3 classifiers, and eventually select the results from the best 2 classifiers.
You need to include in your report the following:
(a) Screenshot of the performance details for 3 classifiers [1.5 marks]
(b) Compare the results of the selected best 2 classifiers, evaluating with the metrics:Accuracy, precision, recall, F1-Score and false positive rate. [2 marks]
Reflection:
(c)Which classifier gave the best performance? Is there any way to improve the performance further? (1.5 marks)
(d) In the UNSW-NB15 dataset, there are nine types of network attacks available.
Among these nine attacks which two attacks are highly detected by the classifiers?
Please give a short explanation of these two attacks. [2 marks]
Question 3. Firewalls and iptables [8]
You are tasked with designing a network upgrade for an educational institute which has a single router, referred to as the gateway router, connecting its internal network to the Internet. The institute has the public address range 100.50.0.0/17 and the gateway router has address 100.50.170.1 on its external interface (referred to as interface ifext). The internal network consists of four subnets:
A DMZ, which is attached to interface ifdmz of the gateway router and uses address range 100.50.171.0/25.
• A small network, referred to as shared, with interface ifint of the gateway router connected to three other routers, referred to as staff_router, student_router, and research_router. This network has no hosts attached (only four routers) and uses network address 10.5.0.0/18.
• A staff subnet, which is for use by staff members only, that is attached to the staff_router router and uses network address 10.5.1.0/23.
• A student subnet, which is for use by students only, that is attached to the student_router router and uses network address 10.5.2.0/23.
• A research subnet, which is for use by research staff, that is attached to the research_router router and uses network address 10.5.3.0/23.
There are three servers in the DMZ that all can accept requests from the Internet: a web server supporting HTTP and HTTPS, a SMTP email server and a SSH server.
Members of the staff, student and research subnets can access the web server; members of the staff subnet only can access the email server but using IMAP; members of the staff and research subnet can access the SSH server when they are outside of the network.
The network upgrade has two main components:
• A wireless LAN to allow all subnets access to the internal network from within the office, outside and in the workshop. Customers of the business may also be granted guest access to the wireless LAN. The wireless LAN will most likely need more than 20 APs and have 150 to 200 clients.
• A VPN to allow staff and research subnet members to access the internal network from home or other locations.
(a) Draw a diagram that illustrates the wired network, wireless network, and VPN.
Although there may be many devices in the staff, student, and research subnets, for simplicity you must draw one to three devices in these subnets. Label all computers and router interfaces with IP addresses. Also, clearly indicate which portions of the network have data encrypted due to either WiFi encryption or the VPN (for example, mark those paths that have encryption in red or some other clear label). [3 marks].
(b) Design a set of firewall rules for the institute. For each rule, give a short justification for that rule. [3 marks]
(c) Implement the firewall rules in virtnet on node2 in topology 5 using iptables. If there are any rules from your design that you cannot implement in the limited virtnet environment with iptables, then explain why you cannot. Include the iptables rules in your report. [2 marks]
Question 4. Wireless security [10]
Read the research article on Wi-Fi Security Analysis (2021) from the below link:
https://dl.acm.org/doi/10.1145/3447993.3448620 or https://www-users.cse.umn.edu/~fengqian/paper/wifisec_mobicom21.pdf
You need to perform the following tasks:
(a) Write an interesting, engaging, and informative summary of the provided article. You must use your own words and you should highlight aspects of the article you think are particularly interesting. It is important that you simplify it into common, easily understood language. Your summary MUST NOT exceed 400 words. [3 marks]
(b) Find an Internet (online) resource (e.g., research article or link) that provides additional information and/or a different perspective on the central theme of the article you summarised in (a). Like you did in (a), summarise the resource, in your own words and the summary should focus on highlighting how the resource you selected expands upon and adds to the original prescribed resource. You must also provide a full Harvard reference to the resource. This includes a URL and access date. [4 marks]
(c) Reflect on the concepts and topics discussed in the prescribed article and the resource you found and summarised and how you think they could potentially impact us in future. [3 marks].
Solution
Question 1. HTTPS and Certificates
HTTPS is the shorter format of Hyper Text Transfer Protocol Secure. HTTPS appears in the Uniform Resource Locator when the SSL certification barricades the website. University Assignment Help, The overall details of the credential and the website proprietor's corporate standing can be considered by clicking on the specific safety symbol on the browser streak.
Part a: Setup
The ala data of the student's Id and the user's details are added with the help of the MyUni system (Aas et al. 2019). Follow the basic information of Assignment 1.
The setup is being processed in that way.
Part b: Certificate Creation
Certificate creation follows an essential process where one must send a signing request to the Certificate Authority.
1. Run the necessary Command to can make a certificate signing request (CSR) file: openssl.exe req-new-key certaname. Key-out certname. CSR.
2. The promotion time is needed information like the common name, Tableau Server name, etc.
The use of HTTPS with the specific Domain name requires an SSL certificate, which has to be installed on the website.
Figure 1: Kali Linux cmd server
(Source: Created on Kali Linux)
Figure 2: Creating CSR
(Source: Created on Kali Linux)
In this figure, a key pair file is used to construct a “Certificate Signing Request (CSR)”. Specific field values seen in the CSR include email address, organization name, common name, state, and locale. The CSR is created with the name “[StudentID]-csr.pem” with the intention of getting a certificate for the student website.
Figure 3: Details of Certificate
(Source: Created on Kali Linux)
The HTTPS on Apache is followed in several steps.
- Discover the Apache format file and unlock it with the text editor. The name of the Apache Configuration File has to depend on the system outlet.
- Demonstrate the Apache SSL structure file and save it. Open the Apache SSL layout file.
- Restart the Apache Web Server in the Linux OS System.
The testing process of the HTTPS certificate is done in basic simple steps. These are 1. First of all, check the Uniform Resource Locator of the specified website starting with HTTPS, where the SSL certificate has been created.2. Tab on the Padlock icon on the valuable address bar to can check all the specific details and information which is related to the Certificate.
The SSL is known as the Secure Sockets Layer. The SSL is a basic protocol that has the ability to can create an encipher link between the Web browser and Web Server (Gerhardt et al. 2023). Any data that can be swapped between a website and a specific visitor will be protected. Holding an SSL certificate for the WordPress website is a must for running an Ecommerce Store.
Question 2. Attack Detection from Real Intrusion Dataset
Part a: Screenshot of the 3 Classifiers
Training.arff
Classifier 1
Figure 4: Run Information of Rules Classifier 1
Figure 5: Rules Classifier in Test Model
Figure 6: Summary of Rules Classifier
Figure 7: Accuracy of Rules Classifier
Figure 8: Confusion Matrix of Rules Classifier
Classifier 2
Figure 9: Run Information of Bayes Classifier 2
Figure 10: Classification Model in Bayes Classifier
Figure 11: Evaluation Test and Summary of Rules Classifier
Figure 12: Accuracy of the Rules Classifier
Figure 13: Confusion Matrix in Rules Classifier
Classifier 3
Figure 14: Run Information of Trees Classifier 3
Figure 15: Classification Model in Trees Classifier
Figure 16: Summary of Trees Classifier
Figure 17: Accuracy of the Trees Classifier
Figure 18: Confusion Matrix of Trees classifier Test.arff
Classifier 1
Figure 19: Run Information Test of Rules Classifier 1
Figure 20: Test Model in Rules Classifier
Figure 21: Summary Test of Rules Classifier
Figure 22: Accuracy of the Rules Classifier
Figure 23: Confusion Matrix of Rules Classifier
Classifier 2
Figure 24: Run Information of Bayes Classifier 2
Figure 25: Test model of Bayes Classifier
Figure 26: Build Model in Test.arff Bayes Classifier
Figure 27: Accuracy of Bayes Classifier
Figure 28: Confusion Matrix of Bayes Classifier
Classifier 3
Figure 29: Run Information of the Trees classifier 3
Figure 30: Classification Model in Trees
Figure 31: Summary of the Tress Classifier
Figure 32: Accuracy of the Trees Classifier
Figure 33: Confusion Matrix of Trees Classifier
Part b: Comparison between Test.arff and Train.arff
Test.arff
The run information of Classification 1 is needed a shorter type scheme and very long attributes, but Classification 2 is specified a different scheme. The accuracy of classification 1 is presented in a more elaborate way but in the case of classification 2, there is a little much short about the accuracy. The F1 score and the false positive rate are better in Classification 2 than the Classification 1 (Ahmad et al. 2022).
Train.arff
The run information of the Classification 1 is very detailed in the primary part but the portion of Classification 2 is not specified in a proper way. The accuracy is less in classification 1 in the Train.arff but classification 2 is more accurate from the matrix perspective. The F1 score in the machine learning process is more specified in Classification 2 than in Classification 1 in the Train.arff (Alduailij et al. 2022).
Part c: Best Classifier
Based on the specific comparison between classification1 and Classification 2, Classification 2 is better than Classification 1 because the scheme is more evaluated in Classification 2. The accuracy in Classification 1 is little much less appropriate than in Classification 1. The F1 score and the false positive rate are always better in Classification 2 than in Classification 1 of the bother test.arff and train.arff (Ceragioli et al. 2022).
Part d: Attacks in the UNSW-NB15 Dataset
The UNSW-NB15 is a process of the network Instruction sheets. It basically contains nine types of different attacks. The whole dataset contains ideal network packets. The number of possible records in the training set is primarily 175,341. Records. Of these nine attacks, the normal and the Generic are the most powerful. Because the training set and testing are best in these two category.
Question 3. Firewalls and Iptables
Part a: Illustrates the wired network, VPN, and wireless network
Wireless networks utilize radio swells to transfer data into machines, similar to laptops, smartphones, and tablets, or entry points, that have attached to the “Wired Network”. “Wired Networks” utilize cables, similar to Ethernet, to secure machines, similar to routers, buttons, and wait people, to individually different or to the internet. The “Virtual Private Network” has an encrypted association up the Internet from the device to the web. The encrypted association supports guarantees that exposed data has been safely transferred. This precludes unauthorized somebody from eavesdropping on the gridlock or permits the user to execute a career remotely.
Figure 34: Diagram of wired Network
(Source: Created on Draw.io)
The network diagram in the example would show a wired network, a wireless network, and a VPN. One to three devices each would be used to represent the staff, student, and research subnets. The IP addresses of each machine and router interface would be noted. The areas of the network where data is encrypted, either by WIFI encryption or the VPN, would be prominently marked on the diagram as encrypted using red or similar easily recognizable label.
Part b: Firewall Rules
The firewall rules have the entry authority mechanism utilized by a firewall to protect the network from the contaminated application or unauthorized entrance. Fire3wall rules determine the variety of gridlock the firewall takes or that have rejected. The exhibition of the firewall rules creates the firewall entrance procedure. The firewall has network security that maintains getaway unauthorized users or hackers. Virtual software support saving files from viruses. Firewall support to maintain intruders by obstructing them from accessing the system in the rather residence. The firewall has a technique planned to control undesirable data from reaching and leaving the personal network. The learner will utilize either hardware or software to execute the firewall or an assortment of the two. In the company environment, or association can have an intranet that they save utilizing the network.
Part c: Implement the Firewall Rules in Virtnet on Node2 in Topology 5 Using Iptables
The Rules of the tables are primarily:
? Flare the concluding app or log in with the use of the sash command: $ sash user @server- name.
? List all of the IPv4 rules: $ sudo iptables -S.
? Find the valuable list of all IPv6tables -S.
? List all the special section table rules: $ sudo ip6tables -L -v -n | more.
? Lat List all the rules for the specified INPUT tables.
To add some new rule as the special section of the existing rule, merely use the index numeral of that current rule (Ruzomberka et al. 2023).
Figure 35: Network of educational institute
(Source: Created on Cisco)
The gateway router that connects the internal network to the Internet makes up the network architecture of the educational institution. The gateway router's external interface has the address 100.50.170.1, and the institute's public address range is “100.50.0.0/17”. A shared network with four routers, a DMZ subnet linked to the gateway router, a staff subnet is 10.5.1.0/23, a student subnet (10.5.2.0/23), and a research staff subnet (10.5.3.0/23) connected to their respective routers are all included in the internal network.
Figure 36: Server Configuration
(Source: Created on Cisco)
A web server that supports “HTTP” and “HTTPS”, an “SMTP” email server, and an SSH server would be included in the server setup for the educational institution's DMZ using Cisco Packet Tracer. On the gateway router, access control lists (ACLs) would be set up to permit access from the staff, student, and research subnets to the web server, staff members exclusively to the IMAP email server, and staff and research members to the SSH server from outside the network.
Figure 37: DHCP Server
(Source: Created on Cisco)
Question 4. Wireless security
Part a: Summary
Advanced network security is the set of valuable technologies that have the ability to can protect the whole usability and also the goodness of the company’s framework by the process of containing the entry or the accumulation within the web of the wide range of variety of possible threats. The Hypertext Protocol Secure is a specific kind of combination of the HTTP with the Secure Socket Layer (SSL) or the Transport Layer Security which is the longer format of TLS. The TLS is an authentication and also security system that is widely connected in Web browsers and Web servers. The second portion is made on the Instruction detection system.
An instruction on the Detection of suspicious activities generates the alert when the detected system has been proceeding. Connected to the specific process of a security operation Center, the longer format of the SOC or incident responder has the capability to investigate the obstacles and also take proper actions to remediate the threat. The real instruction Database includes the classification matrix and classification them in a proper manner. The process is described on the VMware Kali Linux. The tables which are in the third section allow the specific system administrator to define the actual table and draw the diagram which can illustrate the wired network and also the firewall rules mentioned here.
Part b: Summaries of the Internet Resource
Wireless Network Security is the stage for patterns or instruments utilized to watch WLAN infrastructure or the gridlock crosses them. Extensively communicating, wireless security of articulates that endpoints have or exist allowed on the Wi-Fi network via network entrance or security policies. Resource Allocation has given time, distance, and Commonness environment in the scope established on the technique that categorized CDMA, TDMA, SDMA, and FDMA.
Part c: Concept of the Fireless Security
This essential security significant to details on the internet has confidentiality, integrity, or availability. Ideas connecting to who utilized the statement have authentication, permission, or nonrepudiation. Wireless security has the precluding of unauthorized entrance and impairment to computer data utilizing wireless networks that process Wi-Fi networks. The duration can again guide to confidentiality, integrity, and availability of the web.
Maintyaing Journals
Firewalss (Week 6):
https://www.tutorialspoint.com/internet_technologies/firewall_security.htm
Authentication (week 7)
https://www.geeksforgeeks.org/authentication-in-computer-network/
Access control (week 8)
https://www.geeksforgeeks.org/access-control-in-computer-network/
Wireless Security (week 10)
https://www.techopedia.com/definition/29915/wireless-network-security
Reference List
Aas, J., Barnes, R., Case, B., Durumeric, Z., Eckersley, P., Flores-López, A., Halderman, J.A., Hoffman-Andrews, J., Kasten, J., Rescorla, E. and Schoen, S., 2019,
November. Let's Encrypt: an automated certificate authority to encrypt the entire web. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (pp. 2473-2487).
Ahmad, R., Wazirali, R. and Abu-Ain, T., 2022. Machine learning for wireless sensor networks security: An overview of challenges and issues. Sensors, 22(13), p.4730.
Alduailij, M., Khan, Q.W., Tahir, M., Sardaraz, M., Alduailij, M. and Malik, F., 2022. Machine-Learning-Based DDoS Attack Detection Using Mutual Information and Random Forest Feature Importance Method. Symmetry, 14(6), p.1095.
Ceragioli, L., Degano, P. and Galletta, L., 2022. Can my firewall system enforce this policy?. Computers & Security, 117, p.102683.
Gerhardt, D., Ponticello, A., Dabrowski, A. and Krombholz, K., 2023, August. Investigating Verification Behavior and Perceptions of Visual Digital Certificates. In Proceedings of the 32nd USENIX Security Symposium.
Ruzomberka, E., Love, D.J., Brinton, C.G., Gupta, A., Wang, C.C. and Poor, H.V., 2023. Challenges and opportunities for beyond-5G wireless security. arXiv preprint arXiv:2303.00727.