共计 3491 个字符,预计需要花费 9 分钟才能阅读完成。
COMP 3704 NETWORK SECURITY:
ASSIGNMENT 1 Submission deadline: Friday 1st September, 2023, 5:00pm AETSubmission Procedure: see Wattle page for this course.
This assignment will be worth 30% of the total marks for this course.
1. Overview
The assignment takes the form of a CTF. You are given an ip address from which you canobtain up to 12 flags. You are not told beforehandany information about problems thoughcan expect the vulnerabilities will have been covered in the lectures. Please be careful tofollow the assignment instructions when preparing your report for submission.
2. Objectives
The main objectives of this assignment are for the students to
• Demonstrate that they can explain network security issues
• Demonstrate that they understand threats and vulnerabilities of a network, and canexplain appropriate countermeasuresIn particular this assignment is designed to test your ability toexploit common network
vulnerabilities with very little prior information.
3. Academic Integrity
You are reminded that your assignment submission must be your genuine and original workwith only allowed assistance.Allowed assistance
• You may use any tools, guides, walkthroughs, etc. provided they are general innature (not directly related to this course or assignment).
• You may discuss with your class mates suggested tools and share guides orwalkthroughs for those tools provided they are general in natures. We highlyencourage these to be shared on EdDisallowed assistance (non-exhaustive)Specific information related to this assignment. For example:
• Types of services
• Protocol structures
• Specific exploits
• Port numbers
• Flags
4.Environment Setup
In the assignment you will be provided with access to a cluster of servers with serviceslistening on ports between 1000 and 10000. The present ip of the cluster is 13.236.194.222but this my change (please see the Wattle page for an update if applicable). Your task is toretrieve as many flags as possible (there are 12 in total) from the cluster of servers and writea report detailing how you didit(WARNING: the firewall around the server means pingingthe machine will not work)In addition to the server cluster, a collection of documents and clients is available to you.Note: Marks will only be given for flags if they are accompanied by an adequate descriptionof how it was acquired by using network analysis.It’s likely possible to cause the servers to get into a failed state. If this occurs please notifyThomas Haines, preferable including information on the input which caused the failure.There will be guessing involved in this assignment but the spaces are no larger than a bytewhich should straightforward to brute force. (The one expectation is the ETLS protocol)
6.Additional instructions
Please ensure you have completed retrieving the flags by the 25th of August. No additionaltime will be given if the servers are unreliable after that point.Submission RequirementsYou will need to submit a report (in PDF). There is no hard limit on the report length, butplease try and keep it below 3000 words (figures/screenshots do not count for the wordcount). The marks are spread relatively evenly across the various components of the report.The report component will be assessed for clarity of explanation. Sufficient details should beprovided of the steps taken and the reasoning behind taking those steps. Simply listing thecommands used without an explanation of why they were taking is insufficient.Since the mix of exploration and analysis varies between flags, we will not attempt to assigna fixed weight to each problem.Please ensure you dedicate significant effort to proposing and justifying countermeasures ifyou want a high distinction.Suggested section heading for your report
1. Title page
2. Services discovered and how they were discovered
3. Flags
a. The flag
b. How it was retrieved (detailed enough to be reproducible)
c. What you think the vulnerability is with justification
d. What countermeasures could have been used to secure the system (if
applicable)
4. Summary (Doesn’t have to be long, just some reflections on the experience)