Part 1- Introduction The report contains the...
COIT20262 Advanced Network Security Proof Reading Services
Question 3 Access Control (12 Marks)
Objective: The main objective of this question is to understand the methods and accessibility of Linux passwords and Control Operations.
The analysis of this question requires the usage of virtnet (used in the workshops) for studying access control and passwords of Linux. This says that you are already familiar with and have set up virtnet. See Workshop instructions and Moodle for setting up information system and making use of Virtnet and access control comments of Linux.
You are required to perform a task that includes:
1. In virtnet, create Topology 1.
2. Create five new users that could use realistic usernames. Set different passwords for different users except two. Or in other words, two users should have the same passwords while others should have completely different passwords. Also, avoid using passwords that are already set for other systems.
3. View the password information that are stored especially for the new users in /etc/passwd and /etc/shadow and understand all the information properly that you have stored in the systems.
4. Create three different groups that are named as teacher, student and Coord (abbrev. Of coordination). Assign the users to different groups as follows:
a. User 1: Student primary group
b. User 2: Student primary group
c. User 3: Teacher primary group
d. User 4: Coord and Teacher primary group
e. User 5: Their own primary group (No teachers, no students, no Coord.)
5. For each of the user, create following directories and files. Unless it is specified, the directories or files can contain any type of content or with any name.
a. Both students including User 1 and 2 have personal, security system and shared directories contained by their home directory. To the shared directories of each student, all teachers should have read only access. In this case, the personal directory can be accessed only by the user.
b. The directory security contains the coordinator (User 4) which is divided into two sub categories including mark8ing and content. Marking has the access only to the user and Content can be read only by the teachers.
c. The remaining teacher (User 3) has personal and security directories. Personal can be access only by the users while security can be editable by both coordinators and teachers.
d. Each of the above mentioned directories should have at least 1 file in it ( the contents and the name of the file does not matter in this case)
e. Each and every user (Including User 5) contained file of their home directory that is known as schedule. This file can be readable and accessible to every user.
f. Both students should have a file in their home directory known as submit.bash as it can be executed easily by the coordinator and the user.
6. Additionally, the above mentioned rules that accesses control rules assumes:
a. On their own files, each and every user has permissions of reading and writing. They are also given full permission for their own directories.
b. No other user can access the directories and files of other users.
c. You can assume the defaults, if the permissions are not covered by the above mentioned rules.
d. You can also assume the most restrictive permission, if there are conflicts in the above.
e. You can use only the basic permissions of Linux. You are not allowed to make use of the advanced permission that includes getfacl and setfacl.
f. By logging in, each user can test the works of access controls. BY checking they can (not) have the access to the specific directories/files.
After completing your Task 1, you have to answer the following questions.
(a). Submit the following files on Moodle [8 marks]:
a./etc/passwd named as passwd.txt when you submit
b./etc/shadow as shadow.txt
c./etc/group as group.txt
d. The output of the following command as files.txt:
sudo sh -c ‘ls -lR /home > /home/network/files.txt’
(b)Explain where and how password information is stored in Linux. You should mention the files, formats of storing passwords (e.g. what is stored, how is the information created) and any specific algorithms used. [2 marks]
(c)Explain why it is difficult for an administrator to know if two users use the same password. [1 mark]
(d)If a malicious user obtains the file(s) where password information is stored, and users selected long random passwords, then explain why it is difficult for them to find users’ actual passwords.[1 mark]
1. The files you have submitted should contain accurate and appropriate information. For passwd, shadow and group, (1 Mark) each for all.
2. For listing all correct formats, files and algorithms (2 Marks) If any item get missed or went wrong, 0.5 mark will be deducted.
3. For correct and clear explanation (1 mark each)
Question 4HTTPS and Certificates (12 Marks)
Objective:The main objective behind this is to study the steps of locating a web server which is already secured, as well as the challenges/disadvantages of digital certificates.
You can make use of Virtnet (used in the workshops) for this question for studying certificates and HTTPS. It states that you are already familiar with Virtnet and have se-up this already. For using and setting Virtnet, you can see workshop instructions and Moodle for information by testing and deploying the website.
1. In virtnet, create Topology 5
2. On the nodes, deploy the MyUni demo website. For providing support to HTTPS, set up the web server that includes getting a certificate that is known as certificate.pem. In the certificate, it is important to make use of your ID and name (e.g. in the email address field). It will help in making it unique across the field.
3. On nodel to the web server, you can capture all the traffic from the web browser that includes HTTPS session. You can also save the files as https.pcap.
4. Analyze and test the connection of HTTPS
Answer the following or under mentioned sub-questions that are based on above analysis and test.
A.Submit your certificate certificate.pem and HTTPS traffic capture https.pcap on Moodle. [6 marks]
B.Explain how the client obtains the certificate of the web server. [1 mark]
C.Explain how the client verifies the certificate of the web server, and what pre-conditions exist such that the verification is possible. [2 marks]
D. At the bottom of your certificate there should be a field called “Signature Algorithm”, followed by a multi-line random looking hex value. This value is the signature. Explain how the signature is generated. Refer to specific algorithms and information that is used in generating the signature. [2 marks]
E. In practice, Certificate Authorities must keep their private keys very secure, usually storing them offline in special hardware devices. Explain an attack a malicious user could be performing if they could compromise the CA private key. Use your MyUni website as an example. [1 mark]
1. If unique/correct certificate is submitted (3marks) and if unique/correct capture containing HTTPS packets is submitted (3 marks )
2. For accurate and clear explanation (1 mark)
3. Explanation of pre-conditions (1 mark)
4. If you give all correct information (2 marks). In this, for minor mistakes, you will be given (1mark) and for multiple mistakes (0 mark) will be given.
Challenge may face by students
For completing the assignment of COIT20262, students may face various challenges like Virtnet, Significance of Topologies, Work task of each user,MyUni website and many more.Students can resolve their problems by taking educational help from experts at OZ Assignments.They are available 24*7 to help you. Achieve good grades at your tests and examinations at affordable price.
Note: Price given for this assessment is valid only for this part. It will not work for other parts.