Prepared by: Dr. Ghassan Kbar XXXXXXXXXXModerated by: Dr Sihui (Sue) Zhou May 2019 Assessment Details and Submission Guidelines Trimester T1, 2019 Unit Code BN223 Unit Title Cyber Security Principles...

Prepared by: Dr. Ghassan Kbar XXXXXXXXXXModerated by: Dr Sihui (Sue) Zhou May 2019


Assessment Details and Submission Guidelines
Trimester T1, 2019
Unit Code BN223
Unit Title Cyber Security Principles
Assessment
Author
Dr Ghassan Kbar
Assessment Type Group (of 2 or 3) (Assignment 2)
Assessment Title Assignment 2 – Cyber Security Network Design and Assessment
Unit Learning
Outcomes
covered in this
assessment
Students should be able to demonstrate their achievements in the following unit
learning outcomes:
a. Understand the Common Security Countermeasures
. Managing security programs, and design a secure Network Topology
Weight 15% of Total Assessment
Total Marks 100
Word limit See instructions
Due Date Friday 31st May XXXXXXXXXX:55PM

Submission
Guidelines
 All work must be submitted on Moodle by the due date along with a completed
Assignment Cover Page.
 The assignment must be in MS Word format, 1.5 spacing, 11-pt Cali
i (Body) font
and 2 cm margins on all four sides of your page with appropriate section headings.
 Reference sources must be cited in the text of the report, and listed appropriately
at the end in a reference list using APA or IEEE referencing style for School of
Business and School of Information Technology and Engineering respectively.
Extension  If an extension of time to submit work is required, a Special Consideration
Application must be submitted directly to the School's Administration Officer, in
Melbourne on Level 6 or in Sydney on Level 7. You must submit this application
three working days prior to the due date of the assignment. Further information is
available at:
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-
guidelines/specialconsiderationdeferment
Academic
Misconduct

 Academic Misconduct is a serious offence. Depending on the seriousness of the case,
penalties can vary from a written warning or zero marks to exclusion from the course
or rescinding the degree. Students should make themselves familiar with the full
policy and procedure available at: http:
www.mit.edu.au/about-mit/institute-
publications/policies-procedures-and-guidelines/Plagiarism-Academic-
Misconduct-Policy-Procedure. For further information, please refer to the
Academic Integrity Section in your Unit Description.

http:
www.mit.edu.au/about
http:
www.mit.edu.au/about
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure
BN223 Cyber Security Principles Page 2 of total pages


Prepared by: Dr. Ghassan Kbar XXXXXXXXXXModerated by: Dr Sihui (Sue) Zhou May, 2019
Assignment Description

Tasks:
There are two parts to this assignment, i.e. part A and part B.
A. Write a review article for the topic described below. Note that final mark of part A would be affected
y the presentation result of part B. This is to assure that students understand the work presented in
part A. overall mark of part A could be deducted by 50% for poor presentation 90 marks
B. Presentation (to present a maximum of 8 slides in 8 minutes) 10 marks
Part A description:
Topic - infrastructure can be limited to one location or, widely distributed, including
anch locations
and home offices. Access to the infrastructure enables the use of its resources. Infrastructure access
controls include physical and logical network design, border devices, communication mechanisms,
and host security settings. Because no system is perfect, access must be continually monitored; if
suspicious activity is detected, a response must be initiated.
Figure 1 shows the topology of a network that has not been properly segmented.

The network topology consists of a Call center, a Branch, a Warehouse, and a Data center.
BN223 Cyber Security Principles Page 3 of total pages


Prepared by: Dr. Ghassan Kbar XXXXXXXXXXModerated by: Dr Sihui (Sue) Zhou May, 2019
 The Call center shows two file servers, one application server, and a database server that is
connected together directly and diagonally. The file server on the left is connected to two
laptops and the file server on the right is connected to a telephone. The application server is
connected to two servers on the right and left and to a switch.
 The Branch consists of a file server that is connected to a laptop, telephone, and to a switch
that is further connected to a credit card reader at the top and to a server on the right and to a
database server at the bottom.
 The Warehouse consists of a file server that is connected to a laptop and a telephone at the top,
an application server at the bottom that is further connected to a database server at the bottom.
The database server of the call center,
anch, and the warehouse are connected to the two
database servers of the data center.
 The data centers are connected to two application servers directly and diagonally. The
application servers are connected to two database servers at the bottom and to a firewall on the
ight that is further connected to a switch. The application servers are connected to the "POS
Application" consisting of a set of two servers that are connected to each of the application
servers. Each server is again connected to the "Identity and Authentication System" consisting
of two application servers on the right and two servers on the left. The two application serves
on the left and right are connected to two servers. The switch at the top is connected to a service
provider that is further connected to acquiring banks.
You need to cover the following topics
Why Segment a Network?
Working from the inside out, network segments include the following types:
 Enclave network: A segment of an internal network that requires a higher degree of protection.
 Trusted network (wired or wireless): The internal network that is accessible to authorized
users.
 Semi-trusted network, perimeter network, or DMZ: A network that is designed to be
Internet accessible. Hosts such as web servers and email gateways are generally located in the
DMZ.
 Guest network (wired or wireless): A network that is specifically designed for use by visitors
to connect to the Internet.
 Untrusted network: A network outside your security controls. The Internet is an untrusted
network.
1. Security Consideration when segmenting a network:
a. Apply security measures to secure the access of internal network.
BN223 Cyber Security Principles Page 4 of total pages


Prepared by: Dr. Ghassan Kbar XXXXXXXXXXModerated by: Dr Sihui (Sue) Zhou May, 2019
. Apply security measures to secure the access of external network.
c. Apply security measures to secure the access of perimeter network.
d. Apply security measures to secure the access of guest network.
e. Apply security measures to secure the access of data sent over public network.
Securing the Network Topology: The network topology in Figure 1 shows an enterprise that has a
call center, a
anch office, a warehouse, and a data center. The
anch is a retail office where
customers purchase their goods and the enterprise accepts credit cards. Users in the call center and the
warehouse have access to the resources in the Branch office and vice versa. They also have access to
esources in the data center. If any device is compromised, an attacker can pivot (or move laterally) in
the network.
2. List all assets at the
anch and call centre, and assess the vulnerability associated with these
assets assuming that database server is based on SQL, and file servers and application servers
are running at Window server platform.
3. You need to redesign this network by adding relevant Firewalls to allow the traffic from the
credit card readers to communicate only with specific servers in the data center. Draw a
diagram to show the location of the proposed firewalls and explain their roles. (Note you need
to consider securing the access at different levels as described in network segmentation above)
a. Firewall can be based on content filtering or other techniques. Explain the role of
Content Filtering and Whitelisting/Blacklisting. Comment on which section (call
centre,
anch, and warehouse) this content firewall would be helpful.
4. Explain the role of Border Device Administration and Management that can be used to
enhance the network security.
5. Different role of security team such as Blue, Red, and Purple can have impact of the network
security.
Creating a Request for RFP for Penetration Testing
You have been asked to send out a red team penetration testing Request for Proposal (RFP)
document.
a) Explain what is often refe
ed to as a “red team.”
) Explain the difference between a red team and a blue team.
c) Find three companies to send the RFP to. Explain why you chose them.
d) The selected vendor will potentially have access to your network. Describe the due
diligence criteria that should be included in the vendor selection process. Select one of
the companies from the previous step and find out as much as you can about them (for
example, reputation, history, credentials).
6. Access Control:
a. Explain the role of Border Device Security Access Control Policy
. Explain the remote access security policy.
c. Develop a relevant User Access Control and Authorization Policy
d. The following example Role-based access controls (RBACs) (also called
“nondiscretionary controls”) are access permissions based on a specific role or
function. Administrators grant access rights and permissions to roles. Users are then
associated with a single role. There is no provision for assigning rights to a user or
group account.
Let’s take a look at the example illustrated in Figure 2
https:
www.safaribooksonline.com/li
ary/view/developing-cybersecurity-programs/ XXXXXXXXXX/ch09.xhtml#ch09fig02
BN223 Cyber Security Principles Page 5 of total pages


Prepared by: Dr. Ghassan Kbar