Monday - Friday8AM - 9PM
OfficesBloomsbury Square, London WC1B 4EA
Visit our social pages

N223 Unit Title Cyber Security Principles Assessment - Course Rated

July 13, 2020by admin

Assessment Details and Submission Guidelines
Trimester T1, 2020
Unit Code BN223
Unit Title Cyber Security Principles
Assessment
Author
Dr Ghassan Kbar
Assessment Type Group (of 4 students) (Assignment 2)
Assessment Title Assignment 2 – Cyber Security Network Design and Assessment
Unit Learning
Outcomes
covered in this
assessment
Students should be able to demonstrate their achievements in the following unit
learning outcomes:
a. Understand the Common Security Countermeasures
b. Managing security programs, and design a secure Network Topology
Weight 25% of Total Assessment
Total Marks 100
Word limit See instructions section
Due Date 7 June 2020, Week 11
Submission
Guidelines
 All work must be submitted on Moodle by the due date along with a completed
Assignment Cover Page.
 The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font
and 2 cm margins on all four sides of your page with appropriate section headings.
 Reference sources must be cited in the text of the report, and listed appropriately
at the end in a reference list using APA or IEEE referencing style for School of
Business and School of Information Technology and Engineering respectively.
Extension  If an extension of time to submit work is required, a Special Consideration
Application must be submitted directly to the School’s Administration Officer, in
Melbourne on Level 6 or in Sydney on Level 7. You must submit this application
three working days prior to the due date of the assignment. Further information is
available at:
http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-andguidelines/specialconsiderationdeferment
Academic
Misconduct
 Academic Misconduct is a serious offence. Depending on the seriousness of the case,
penalties can vary from a written warning or zero marks to exclusion from the course
or rescinding the degree. Students should make themselves familiar with the full
policy and procedure available at: http://www.mit.edu.au/about-mit/institutepublications/policies-procedures-and-guidelines/AcademicintegrityPolicyAndProcedure.
For further information, please refer to the Academic Integrity Section in your Unit
Description.
BN223 Cyber Security Principles Page 2 of total pages
Prepared by: Dr. Ghassan Kbar Moderated by: Mr Grishma Khadka May, 2020
Assignment Description
Tasks:
There are two parts to this assignment, i.e. part A and part B.
A. Write a review article for the topic described below. Note that final mark of part A would be affected
by the presentation result of part B. This is to assure that students understand the work presented in
part A. 90 marks
B. Presentation (to present a maximum of 6 slides in 5 minutes) 10 marks
Part A description:
Topic – infrastructure can be limited to one location or, widely distributed, including branch locations
and home offices. Access to the infrastructure enables the use of its resources. Infrastructure access
controls include physical and logical network design, border devices, communication mechanisms,
and host security settings. Because no system is perfect, access must be continually monitored; if
suspicious activity is detected, a response must be initiated.
Figure 1 shows the topology of a network that has not been properly segmented.
The network topology consists of a Call center, a Branch, a Warehouse, and a Data center.
BN223 Cyber Security Principles Page 3 of total pages
Prepared by: Dr. Ghassan Kbar Moderated by: Mr Grishma Khadka May, 2020
 The Call center shows two file servers, one application server, and a database server that is
connected together directly and diagonally. The file server on the left is connected to two
laptops and the file server on the right is connected to a telephone. The application server is
connected to two servers on the right and left and to a switch.
 The Branch consists of a file server that is connected to a laptop, telephone, and to a switch
that is further connected to a credit card reader at the top and to a server on the right and to a
database server at the bottom.
 The Warehouse consists of a file server that is connected to a laptop and a telephone at the top,
an application server at the bottom that is further connected to a database server at the bottom.
The database server of the call center, branch, and the warehouse are connected to the two
database servers of the data center.
 The data centers are connected to two application servers directly and diagonally. The
application servers are connected to two database servers at the bottom and to a firewall on the
right that is further connected to a switch. The application servers are connected to the “POS
Application” consisting of a set of two servers that are connected to each of the application
servers. Each server is again connected to the “Identity and Authentication System” consisting
of two application servers on the right and two servers on the left. The two application serves
on the left and right are connected to two servers. The switch at the top is connected to a service
provider that is further connected to acquiring banks.
You need to cover the following topics
A- Why Segment a Network?
Working from the inside out, network segments include the following types:
 Enclave network: A segment of an internal network that requires a higher degree of protection.
 Trusted network (wired or wireless): The internal network that is accessible to authorized
users.
 Semi-trusted network, perimeter network, or DMZ: A network that is designed to be
Internet accessible. Hosts such as web servers and email gateways are generally located in the
DMZ.
 Guest network (wired or wireless): A network that is specifically designed for use by visitors
to connect to the Internet.
 Untrusted network: A network outside your security controls. The Internet is an untrusted
network.
1. Security Consideration when segmenting a network:
a. Apply security measures to secure the access of internal network.
BN223 Cyber Security Principles Page 4 of total pages
Prepared by: Dr. Ghassan Kbar Moderated by: Mr Grishma Khadka May, 2020
b. Apply security measures to secure the access of external network.
c. Apply security measures to secure the access of perimeter network.
d. Apply security measures to secure the access of guest network.
e. Apply security measures to secure the access of data sent over public network.
B- Securing the Network Topology: The network topology in Figure 1 shows an enterprise that
has a call center, a branch office, a warehouse, and a data center. The branch is a retail office
where customers purchase their goods and the enterprise accepts credit cards. Users in the call
center and the warehouse have access to the resources in the Branch office and vice versa. They
also have access to resources in the data center. If any device is compromised, an attacker can
pivot (or move laterally) in the network.
1. List all assets at the branch and call centre, and assess the vulnerability associated with these
assets assuming that database server is based on SQL, and file servers and application servers
are running at Window server platform.
2. You need to redesign this network by adding relevant Firewalls to allow the traffic from the
credit card readers to communicate only with specific servers in the data center. Draw a
diagram to show the location of the proposed firewalls and explain their roles. (Note you need
to consider securing the access at different levels as described in network segmentation above)
a. Firewall can be based on content filtering or other techniques. Explain the role of
Content Filtering and Whitelisting/Blacklisting. Comment on which section (call
centre, branch, and warehouse) this content firewall would be helpful.
3. Explain the role of Border Device Administration and Management that can be used to
enhance the network security.
4. Different role of security team such as Blue, Red, and Purple can have impact of the network
security.
5. Creating a Request for RFP for Penetration Testing
You have been asked to send out a red team penetration testing Request for Proposal (RFP)
document.
a) Explain what is often referred to as a “red team.”
b) Explain the difference between a red team and a blue team.
c) Find three companies to send the RFP to. Explain why you chose them.
d) The selected vendor will potentially have access to your network. Describe the due
diligence criteria that should be included in the vendor selection process. Select one of
the companies from the previous step and find out as much as you can about them (for
example, reputation, history, credentials).
6. Access Control:
a. Explain the role of Border Device Security Access Control Policy
b. Explain the remote access security policy.
c. Develop a relevant User Access Control and Authorization Policy
d. The following example Role-based access controls (RBACs) (also called
“nondiscretionary controls”) are access permissions based on a specific role or
function. Administrators grant access rights and permissions to roles. Users are then
associated with a single role. There is no provision for assigning rights to a user or
group account.
Let’s take a look at the example illustrated in Figure 2
BN223 Cyber Security Principles Page 5 of total pages
Prepared by: Dr. Ghassan Kbar Moderated by: Mr Grishma Khadka May, 2020
In the sample “Omar (Engineer)” is shown at the top right and “Jeannette (Sales)” is shown at
the bottom right. The Access is granted to three Engineering Servers and Applications at the
top left from the Omar. From Jeannette, the Access is granted to the Sales Applications at the
bottom left and the Access is denied to the Engineering Servers and Applications.
i. Explain why Omar can access the Engineering servers and applications but not
Jeannette.
ii. Give examples on how to implement Role-based access controls in Windows and Linux
7. Explain a relevant Monitoring System Access and Use Policy
Reviewing user access permissions can be a time-consuming and resource-intensive process
and is generally reserved for applications or systems that have information classified as
“protected” or “confidential.”
a) Comment if student portal at your school would be subject to an annual user access
permission audit or not and why.
b) Automating review processes contributes to efficiency and accuracy. Research options for
automating the user access review process and make a recommendation.
8. Researching a DDoS Attack:
a. Find a recent news article about DDoS attacks.
b. Explain who were the attackers and what was their motivation.
c. Describe the impact of the attack, and what should the victim organization do to mitigate
future damage.
9. Analyze the network availability at the Datacenter and develop a Business Continuity plan to
handle a possible crisis associated with flood or earthquake.
Reference: Sari Greene, Omar Santos, “Developing Cybersecurity Programs and Policies, Third
Edition”, Pearson IT Certification, July 2018.
Instructions:
Prepare your article as below
BN223 Cyber Security Principles Page 6 of total pages
Prepared by: Dr. Ghassan Kbar Moderated by: Mr Grishma Khadka May, 2020
1. Go to the IEEE website and download the WORD template for the format.
https://www.ieee.org/publications_standards/publications/authors/author_templates.html
2. Another link for the template:
https://www.ieee.org/publications_standards/publications/journmag/ieee_tj_template_17.pdf
3. Read and familiarize yourself with the instructions carefully.
4. Prepare a paper using the IEEE format and the example attached. Follow the template if there are any
confusions. Also, refer to the link below to have ideas how to start (see section 6).
(https://www.ieee.org/publications_standards/publications/authors/author_guide_interactive.pdf)
5. Complete the assignment (minimum 5 and maximum 10 pages) including all the sections below
except references. The number of words will be counted thoroughly and you must keep the
minimum number of words to avoid any penalties.
 Title (maximum 15 words)
 Declaration: stating the names of students and their contribution in the paper
 Abstract (200 – 250 words)
 Introduction (500 – 1000 words)
 Literature Review (500 – 1000 words)
 Main body (1000 – 1500 words)
 Conclusion (200 – 300 words)
 References (minimum 10 references)
6. The article must be a ‘Review’1 article including at least 10 references and not more than 25.
7. Strictly follow the IEEE reference format for in-body citations and the references section.
8. See the files listed in 4 for guidance on how to prepare a review paper. You can also find thorough
instructions from IEEE and the Internet.
9. Contents must include:
 History and background of the topic
 What are the challenges and drawbacks, what solutions and workouts they found
 Possible options (solutions) and future research areas proposed
 Scopes of topic, progress of developments such as requirements, benchmarking, purposes &
objectives, stakeholders, owners, roles and responsibilities where applicable.
 Flowchart
 Include a minimum of two (2) figures to show the overall concept and summarized overview of
the topic from the review of minimum 10 – 15 (but not limited to) papers.
 Include some tables to summarize the result of findings

1 See http://www.editage.com/insights/6-article-types-that-journals-publish-a-guide-for-early-career-researchers
BN223 Cyber Security Principles Page 7 of total pages
Prepared by: Dr. Ghassan Kbar Moderated by: Mr Grishma Khadka May, 2020
 How each organization approaches, initiates, develops procedures and ownerships, and what
results they got, and how it affected their businesses.
 What you conclude in terms of the topic/solutions to implement in an organization. Consider
other aspects to include for a good review paper.
10. Remember to strictly follow the template and the instructions above to avoid penalties.
Part B description:
Prepare 5-6 slides for presentation during the lab class. Read the instruction attached carefully.
BN223 Cyber Security Principles Page 8 of total pages
Prepared by: Dr. Ghassan Kbar Moderated by: Mr Grishma Khadka May, 2020
Marking criteria:
Example of marking criteria is shown in following table. Marks are allocated as follows:
Note: The marking criteria varies for each assignment
Section to be included in
the report
Detailed Description of the Criteria Marks
Conforming to the
template and format
No marks will be given and severe penalties will apply for
any breach of the format and template. Fonts, sizes,
spacing, captions, headings, page size limitation etc. will
also be checked thoroughly. Be thorough and follow fully
when using the template and format instruction to avoid
penalties.
10
Figures and tables
created
They should be created yourself and not copied from
elsewhere. For full marks you should create at least 2
figures and 2 tables. Any other figures or tables taken
from references must be cited correctly in the
assignment.
10
Literature review Severe penalties apply for simple listing and describing. It
should be a logically support analysis that reaches the
review conclusion that should be included at the end of
the section. Check word limit. This section should cover
topics related to Securing the Network Topology and the
use of multiple layers of security.
10
Main sections Main body structures and contents quality including word
limit. Can add multiple sections to address each topic as
required and listed in the topic description above. The
content must address the issue properly by writing your
own conclusion of the topic. This should include the
topics and explanation to consideration listed in part A.
Topics: (1 and 2 for substituting the In-class test)
1. Security Consideration when segmenting a
network
2. Vulnerability assessment
3. Securing the Network Topology using:
 Firewalls
 Penetration test & role of security team
 Access policies
 Monitoring System Access and Use Policy
 DOS Attacks
 Availability and Business Continuity
10
10
30
In body citation Strictly follow the order and instruction by IEEE. Check
when/where to put the citation. See attached files and
search the internet for guidelines
5
References section Check whether they follow the instruction. Otherwise, no
marks will be provided. You need to have a reference to
at least 5 reputed conferences/journals such as IEEE, and
cited them correctly on the assignment section.
5
Presentation Presentation skills and materials quality 10
Total 100
BN223 Cyber Security Principles Page 9 of total pages
Prepared by: Dr. Ghassan Kbar Moderated by: Mr Grishma Khadka May, 2020
Example Marking Rubric for Assignment #: Total Marks 100
Note: The marking criteria varies for each assignment
Marking
Rubric
Criteria/
Grades
High
Distinction
(HD)
[Excellent]
>80%
Distinction
(D) [Very
Good]
70%-80%
Credits
(C) [Good]
60%-70%
Pass (P)
[Satisfactory]
50%-60%
Fail (N)
[Unsatisfactory]
<50%
Criteria 1 Concise and
specific to the
project
Topics are
relevant and
soundly
analysed.
Generally
relevant and
analysed.
Some
relevance and
briefly
presented.
This is not
relevant to the
assignment
topic.
Criteria 2 Demonstrated
excellent
ability to think
critically and
sourced
reference
material
appropriately
Demonstrated
excellent
ability to think
critically but
did not source
reference
material
appropriately
Demonstrated
ability to think
critically and
sourced
reference
material
appropriately
Demonstrated
ability to think
critically and
did not source
reference
material
appropriately
Did not
demonstrate
ability to think
critically and did
not source
reference
material
appropriately
Criteria 3 Demonstrated
excellent
ability to think
critically and
sourced
reference
material
appropriately
Demonstrated
excellent
ability to think
critically but
did not source
reference
material
appropriately
Demonstrated
ability to think
critically and
sourced
reference
material
appropriately
Demonstrated
ability to think
critically and
did not source
reference
material
appropriately
Did not
demonstrate
ability to think
critically and did
not source
reference
material
appropriately
Criteria 4 All elements
are present
and very well
integrated.
Components
present with
good cohesive
Components
present and
mostly well
integrated
Most
components
present
Proposal lacks
structure.
Criteria 5 Logic is clear
and easy to
follow with
strong
arguments
Consistency
logical and
convincing
Mostly
consistent
logical and
convincing
Adequate
cohesion and
conviction
Argument is
confused and
disjointed
Criteria 6 Clear styles
with excellent
source of
references.
Clear
referencing
style
Generally
good
referencing
style
Sometimes
clear
referencing
style
Lacks
consistency
with many
errors

AVANTAGEHeadquarters
Organically grow the holistic world view of disruptive innovation via empowerment.
OUR LOCATIONSWhere to find us?
https://courserated.com/wp-content/uploads/2019/04/img-footer-map.png
GET IN TOUCHAvantage Social links
Taking seamless key performance indicators offline to maximise the long tail.
AVANTAGEHeadquarters
Organically grow the holistic world view of disruptive innovation via empowerment.
OUR LOCATIONSWhere to find us?
https://courserated.com/wp-content/uploads/2019/04/img-footer-map.png
GET IN TOUCHAvantage Social links
Taking seamless key performance indicators offline to maximise the long tail.

Copyright by BoldThemes. All rights reserved.

Copyright by BoldThemes. All rights reserved.