FIT1047 – Introduction to computer systems, networks and security Assignment 2 – Semester 1 2020 Submission guidelines This is an individual assignment; group work is not permitted. Deadline: Week-12,...

FIT1047 – Introduction to computer
systems, networks and security
Assignment 2 – Semester 1 2020

Submission guidelines
This is an individual assignment; group work is not permitted.
Deadline: Week-12, Friday 4:00 PM
Submission format: PDF (one file containing both parts 1 and 2), uploaded electronically
via Moodle. Submission name of the file. E.g. LastName_FirstName_Student_ID.pdf
Late submission:

• By submitting a special consideration form, available from http:
www.monash.edu.au/
exams/special-consideration.html

• Or, without special consideration, you lose 5% of your mark per day that you submit
late (including weekends). Submissions will not be accepted more than 5 days late.

This means that if you got x marks, only 0.95n × x will be counted where n is the
number of days you submit late.
Marks: This assignment will be marked out of 90 points, and count for 12% of your total
unit marks.
Plagiarism: It is an academic requirement that the work you submit be original.
Zero marks will be awarded for the whole assignment if there is any evidence of copying
(including from online sources without proper attribution), collaboration, and pasting from
websites or textbooks.
Monash University’s Academic Integrity Policy applies to all assessment:
https:
www.monash.edu/students/academic/policies/academic-integrity
Further notes: Your report needs to be your individual work (no group work is per- mitted).
You should structure the report in accordance with the items in the task description.
However, there is no need to follow a strict template for technical reports, but it should be well
structured, readable, and use adequate language. All information from external sources must
e properly referenced (see resources on Moodle about referencing). References do not count for
the word count.

You should stick to the word count. Write at least as many words as required, but not more
than the maximum. A maximum of 20 percent above the maximum word count is acceptable.
Additional text will be ignored in the marking. You should first think about the main
statements you want to make and then write a concise text.

When you are asked to use internet resources to answer a question, this does not mean copy-
pasting text from websites. Write answers in your own words such that your understanding
of the answer is evident. Acknowledge any sources by citing them.
http:
www.monash.edu.au/exams/special-consideration.html
http:
www.monash.edu.au/exams/special-consideration.html
https:
www.monash.edu/students/academic/policies/academic-integrity

1 WLAN Network Design and Security

For this task, you will perform a WLAN site survey. Your task is to produce a map of (part of)
a building that gives an overview of the wireless networks that are available, as well as an
analysis of the network.

What you will need: a Wi-Fi-enabled laptop (some smartphones also work, see below), and a
place to scan. You can perform a survey of your home, of an office space, of parts of the
Monash campus, or inside a shopping Centre. If you don’t own a suitable device that you
could use for this activity, please try to bo
ow one from a friend, or contact us to figure out
an alternative.
This activity has two sub-tasks - Survey & Cybersecurity
SUB-TASK-1
1.1 Survey (30 marks)
Create a map of the place you want to survey. A simple floorplan will be sufficient, it doesn’t
have to be perfectly to scale (see below for an example). Your survey should cover an area of
at least 60 square meters (e.g. 6x10 meters, or 4x15, or two storeys of 6x5 each). Be creative
– the survey can include hallways or outside areas. Be sure to take the analysis in part 1.2 into
account, by designing your survey to include walls, doors etc. it will be easier to write
something interesting in part 1.2.
Furthermore, your survey must include at least three Wi-Fi access points. These can be your
own, but can also include neighbors’ APs. If you are scanning in a commercial area or on
campus, you should be able to see enough APs. If you want, you can create an additional AP
with a phone (using “Personal hotspot” or “Tethering” features).
For the survey, use a WLAN sniffing tool (see below) at- least eight different locations on your
map. For each location, record the technical characteristics of all visible APs. Depending on
the scanning tool you use, you can record features such as the network name, MAC address,
signal strength, security, XXXXXXXXXXversion(s) supported, band (2.4 or 5 GHz) and channel(s) used.
Add the data gathered from the survey into the map of the covered area. On the map you
should indicate the location of the access points and the locations where you took
measurements. For the access points, use the actual location if you know it, or an approximation
ased on the observed signal strength (e.g. if it’s your neighbor’s access point and you don’t
know exactly where it is).For each measurement point, you can either add the characteristics
directly into the map, or create a separate table with the details. You can submit several maps
if you choose to enter data directly into the maps, or a single map if you use additional tables.
Create the map yourself, do not use the mapping features available in some commercial
(i.e., paid) WLAN sniffing tools.
1.2 Report (25 marks)

Write a report (word limit 600) on your observations analyzing the data collected in the previous
step. The report does not have to follow any particular structure (i.e. simply answering the
following questions is enough, you don’t need an executive summary, table of contents etc.). Your
analysis should investigate the following aspects:

• Channel occupancy: Are different access points competing on the same channels? Are
they configured to use overlapping channels? (5 marks)

• Interference from walls, doors etc.: How do different materials affect signal strength
and noise? Can you notice a difference in attenuation for different APs?
(5 marks)
• Coverage: Do the access points sufficiently cover the desired area? Could the placement
or configuration be improved? (5 marks)

• Two other aspects of your own choice. Here are a few suggestions:

– measure the attenuation caused by your own body

– measure the download and upload speeds in different locations

– determine the overlap that has been implemented to enable roaming

– describe how you interpolated the locations of access points from the signal
strengths

– explain signal-to-noise ratio either using measured noise or by assuming that noise is
slightly below the weakest signal your scanning software can detect.

Describe your findings and explain them with some technical detail (i.e., not only say
what you found, but also how you performed the analysis or why you think the network
is behaving that way). (10 marks)


1.3 Tools

• You can use e.g. Acrylic Wifi (https:
www.acrylicwifi.com/en/) for Windows
• NetSpot (http:
www.netspotapp.com) for Mac OS and Windows, &
• LinSSID or wavemon for Linux.
• If you have an Android smartphone, apps like Wifi Analyzer can also be used.
• On iOS, WiFi scanning apps do not provide enough detail, so iPhones won’t be suitable
for this task.
• Microsoft Visio
• Open source Wireshark packet capture tool for analysis.
• For drawing the site maps, any drawing tool should work, for example LucidChart,
or even presentation tools such as PowerPoint, Keynote or Google Slides.
• Scans of hand-drawn maps are acceptable if they are neat and easily readable.
1.4 Example floorplan
http:
www.acrylicwifi.com/en/)

This is just to give you an idea of the level of detail required in the map. In addition to the
map, your survey would have to include tables that contain details and measurements for the
indicated locations.





















Dimensions: 10 m (width) × 6 m (height)
Red circles: access points
Blue circles: locations of measurements
SUB-TASK-2
Cyber Security

Information on security problems, weaknesses and attacks can be found in many places (blogs,
newsletters, experts’ pages, etc.). Your task is to pick one item from the following list, read the
news item, look up and read the referenced sources, and finally write a report on the findings.

• https:
onlinedegrees.sandiego.edu/top-cyber-security-threats/
• https:
www.cshub.com/attacks/articles/incident-of-the-week-passwords-and-biometrics-info-
for-one-million-users-exposed-in-biostar-2-data-
each
• https:
www.consume
eports.org/televisions/samsung-roku-smart-tvs-vulnerable-to-hacking-
consumer-reports-finds/
• https:
www.rambus.com/iot/smart-home/
• https:
arstechnica.com/information-technology/2018/08
esearchers-find-way-to-spy-on-
emote-screens-through-the-webcam-mic/
• https:
www.trendmicro.com/vinfo/au/security/news/internet-of-things/threats-and-risks-to-
complex-iot-environments
• https:
www.fo
es.com/sites/quora/2019/04/02/what-are-the-biggest-cybersecurity-threats-
in-2019/#aa836a04b309
• https:
ca
ontrack.com.au
log/challenges-security-iot-home-automation/
• https:
esources.infosecinstitute.com
isk-associated-cookies/
https:
onlinedegrees.sandiego.edu/top-cyber-security-threats
https:
www.cshub.com/attacks/articles/incident-of-the-week-passwords-and-biometrics-info-for-one-million-users-exposed-in-biostar-2-data-
each
https:
www.cshub.com/attacks/articles/incident-of-the-week-passwords-and-biometrics-info-for-one-million-users-exposed-in-biostar-2-data-
each
https:
www.consume
eports.org/televisions/samsung-roku-smart-tvs-vulnerable-to-hacking-consumer-reports-finds
https:
www.consume
eports.org/televisions/samsung-roku-smart-tvs-vulnerable-to-hacking-consumer-reports-finds
https:
www.rambus.com/iot/smart-home
https:
arstechnica.com/information-technology/2018/08
esearchers-find-way-to-spy-on-remote-screens-through-the-webcam-mic
https:
arstechnica.com/information-technology/2018/08
esearchers-find-way-to-spy-on-remote-screens-through-the-webcam-mic
https:
www.trendmicro.com/vinfo/au/security/news/internet-of-things/threats-and-risks-to-complex-iot-environments
https:
www.trendmicro.com/vinfo/au/security/news/internet-of-things/threats-and-risks-to-complex-iot-environments
https:
www.fo
es.com/sites/quora/2019/04/02/what-are-the-biggest-cybersecurity-threats-in-2019/#aa836a04b309
https:
www.fo
es.com/sites/quora/2019/04/02/what-are-the-biggest-cybersecurity-threats-in-2019/#aa836a04b309
https:
ca
ontrack.com.au
log/challenges-security-iot-home-automation
https:
esources.infosecinstitute.com
isk-associated-cookies
• https:
www.alienvault.com
logs/security-essentials/security-issues-of-wifi-how-it-works
• https:
securelist.com/ddos-report-q2-2019/91934/
• https:
heimdalsecurity.com
log/smart-home-vulnerable-hacking/
• https:
techcrunch.com/2019/01/02/chromecast-bug-hackers-havoc/
• https:
www.paloaltonetworks.com/cyberpedia/what-is-security-operating-platform
• https:
thehackernews.com/2019/04/wpa3-hack-wifi-password.html
• https:
www.cso.com.au/article/575407/internet-things-iot-threats-countermeasures/
• https:
thehackernews.com/2018/06/wpa3-wifi-security-standard.html
• https:
arstechnica.com/information-technology/2019/04/serious-flaws-leave-wpa3-
vulnerable-to-hacks-that-steal-wi-fi-passwords/

1. Choose one or more of the related news items above, read the article(s) and any other
outside related links/topics to further strengthen your research study.

2. Look up and read the articles and information referenced in the news item.

3. Write a short summary of the news/article item in your own words (max 200 words).

4. Identify which software, hardware, system, or network(s) is affected with its
issue (max 50 words).
The identification should be as precise as possible. You can include exact product names,
distribution of the product, version numbers, etc.

5. Describe how the problem was discovered and how it was initially published. Try
to find this information in the referenced articles or any related article. The problem
might have been found by researchers at a university, by a