Assignment 2: Threat Assessment and Network Simulation

Instructions

• Submit via CSE1ICB LMS page → Assignment submission section.
   
• Due Date: Week 8 → Friday, 2 May 2025, 11:59 pm (AEST/AEDT).
   
• Evaluation: 30 marks (= 30% of final grade).
   
• Submission Format:
   
  • Part 1 → PDF or Word file
     
  • Part 2 → Packet Tracer file (.pkt)
     
• Details to Include: Write full name and student number on the first page.
   
• Late Submission Policy:
   
  • Cut-off period: 5 days (no submission allowed afterward).
     
  • 10% penalty per day for late submissions during cut-off days.
     
  • Draft submissions will be marked as zero.
     

Description

The risk assessment methodology forms part of a standard risk management process (Figure 1). It helps organizations to:

• Identify risks
   
• Assess risks
   
• Treat risks effectively
   

A small business wants to strengthen its security posture by analyzing vulnerabilities and threats in its network (Figure 2).

Company Setup

• The network includes three subnets:
   
  • Staff subnet
     
  • Finance subnet
     
  • Human Resource (HR) subnet
     
• Internet-connected hosts:
   
  • Staff Subnet → PC0, PC1, PC2
     
  • Finance Subnet → PC4
     
  • HR Subnet → Server0 (also linked to a local database providing critical services; must remain available for legitimate users)
     

Phases of Risk Assessment

1. Risk Identification
    
2. Risk Analysis
    
3. Risk Evaluation
    

• After these steps, the company will decide on risk treatment: accept, avoid, or mitigate risks.
   

Part 1: Threat (Risk) Assessment

The National Vulnerability Database (NVD) is a U.S. government repository of vulnerability management data. It provides:

• Base score
   
• Exploitability
   
• Impact metrics
   

The company also uses the Nessus vulnerability scanner to detect possible vulnerabilities.

Step 1: Risk (Threats) Identification (10 Marks)

• Perform vulnerability testing.
   
• Identify:
   
  • Threat actors
     
  • Potential threats
     
  • Information assets
     
• Describe possible attack scenarios based on the current setup.
   

Step 2: Risk Analysis

• Search vulnerabilities in the NVD database.
   
• Retrieve exploitability and impact metrics.
   

Deliverable:

• Complete Table 2 with vulnerability data, exploitability, and impact values.
   

Step 3: Risk Evaluation (5 Marks)

• Formula:
  Risk = Likelihood × Impact
   
• Likelihood = Exploitability ÷ 10
   
  • Example: Exploitability = 8.6 → Likelihood = 0.86
     
• Impact = Taken directly from NVD metrics
   

Deliverable:

• Complete Table 3 with calculated risks.
   
• Reflect on:
   
  • Type of risk assessment performed
     
  • Comparison with alternative methods (discussed in lectures)
     

Part 2: Network Simulation Access Control List

To reduce risks of malicious access, create an ACL policy in Packet Tracer to block Internet-connected PCs from accessing Server0 in HR.

Access Control List Rules

1. PC0, PC1, PC2 (Staff) and PC4 (Finance) → cannot ping Server0 (HR)
    
2. All other PCs → can access/ping Server0
    

Deliverables

• Table 4 → Include all required IP addresses. (1.5 marks)
   
• Packet Tracer Simulation →
   
  • Assign IP addresses to PCs & router interfaces
     
  • Configure routing tables
     
  • Apply ACL rules (2.5 marks)
     

Brief summary of assessment requirements

Goal: Perform a full network risk assessment for a small business network (Staff, Finance, HR subnets) and implement an ACL in Packet Tracer to restrict specified hosts from accessing the HR server.

Must-do / Deliverables

• Part 1 (report — PDF/Word):

  • Step 1 — Risk Identification (10 pts): list threat actors, threats, information assets, and attack scenarios for PC0, PC1, PC2 (Staff), PC4 (Finance) and Server0 (HR).

  • Step 2 — Risk Analysis: use Nessus scan results and the NVD database to find each CVE’s exploitability and impact metrics -> complete Table 2.

  • Step 3 — Risk Evaluation (5 pts): compute Likelihood = exploitability / 10, Risk = Likelihood × Impact -> complete Table 3; state what type of risk assessment was performed and compare with the alternative (qualitative vs quantitative).

• Part 2 (Packet Tracer .pkt):

  • Build the network from Figure 2, assign IPs, configure router interfaces and routing.

  • Implement an ACL to block ping from PC0/PC1/PC2 (Staff) and PC4 (Finance) to Server0 (HR) while allowing all other hosts to access Server0.

  • Complete Table 4 with all required IP addresses.

• Administrative: include full name & student number on first page; submit via CSE1ICB LMS by Fri 2 May 2025, 11:59 pm AEST/AEDT. 5-day cut-off; 10% per day penalty during cut-off; drafts = zero.

• Total evaluation: 30 marks (allocation noted above plus marks for completeness, configuration correctness and documentation).

How the academic mentor guided the student

1. Kick-off & requirements clarification

• Mentor action: Reviewed the brief with the student, clarified submission formats, due date and penalties, and confirmed which hosts and subnets are in scope.

• Student task: Noted deliverables (Tables 2–4, report, .pkt file) and prepared a work plan and timeline.

2. Reconnaissance & asset listing (Risk Identification)

• Mentor action: Taught how to map the network (Staff, Finance, HR), identify information assets (Server0, DB, PCs), and list likely threat actors (external hackers, malware, insider, script kiddies).

• Student task: Documented assets and plausible attack scenarios (e.g., Internet-borne malware on PC0 -> lateral movement to Server0; DoS on Server0; credential theft from Finance PC4).

3. Vulnerability scanning & NVD lookups (Risk Analysis)

• Mentor action: Demonstrated running Nessus scans (interpreting results) and using NVD to retrieve exploitability and impact (CVSS) for each finding.

• Student task: Collected CVE IDs from Nessus output, searched NVD entries, extracted exploitability and impact values, and populated Table 2 with citations (CVE IDs + source).

4. Risk quantification (Risk Evaluation)

• Mentor action: Explained conversion: Likelihood = exploitability / 10, and Risk = Likelihood × Impact; coached on rounding, presenting units, and prioritisation.

• Student task: Calculated likelihood and risk scores for each host/vulnerability and filled Table 3. Wrote a short reflection: this is a quantitative assessment (gives numeric prioritisation) and contrasted it with qualitative methods (risk matrices, descriptive likelihood/impact levels).

5. ACL design & Packet Tracer implementation

• Mentor action: Explained ACL logic (deny specific source IPs to target Server0 for ICMP, then permit others), showed example Cisco ACL syntax and placement (apply inbound/outbound on correct interface), and walked through addressing and routing in Packet Tracer.

• Student task: Assigned IP addressing plan for all PCs and router interfaces, implemented ACL (deny icmp from PC0/PC1/PC2/PC4 to Server0; permit ip any any), configured routing and tested connectivity (ping tests). Documented ACL lines and test results and completed Table 4.

6. Validation, documentation & submission prep

• Mentor action: Reviewed the report for clarity, accuracy and academic integrity; checked the Packet Tracer .pkt file; advised on how to display Nessus/NVD sources and to include name/student ID on first page.

• Student task: Finalised Part 1 (Tables 2–3, narrative) and Part 2 (.pkt), exported/packaged files, and prepared for LMS upload.

How the outcome was achieved (concise)

• Data gathering: Nessus scan → list of CVEs → NVD lookups to extract exploitability & impact.

• Quantification: Converted exploitability to likelihood and computed numeric risk per host (Table 3) to prioritise remediation.

• Mitigation (network control): Designed and tested ACL in Packet Tracer to block ICMP from specified Internet-connected PCs to Server0 while leaving access for other hosts.

• Verification: Tested pings and connectivity, reviewed ACL behavior, and documented test logs/screenshots in the report.

• Submission: Compiled the final PDF/Word report (with Tables 2–4, calculations, screenshots) and attached the Packet Tracer .pkt file for upload.

Learning objectives covered

• Apply the risk assessment lifecycle: identification → analysis → evaluation.

• Use real tools and data sources: Nessus (scanner) and NVD/CVSS (metrics).

• Translate CVSS metrics into probabilistic measures (likelihood) and compute numeric risk for prioritisation.

• Design and implement practical network controls (ACLs) in Packet Tracer; configure IPs, routing and verify access control rules.

• Document findings clearly for technical and managerial audiences and follow submission/academic integrity rules.

Get Your Assignment Solution the Right Way

Looking for guidance on how to structure and solve your assignment? You can download the sample solution provided here to understand the format, methodology, and depth of analysis expected.

Important Note: This sample is strictly for reference and learning purposes only. Submitting it as your own work may lead to plagiarism issues and academic penalties.

For students who want a genuine, plagiarism-free, custom-written solution, our team of professional academic writers is here to help. When you order a fresh solution, you’ll get:

• 100% original content tailored to your assignment requirements

• Well-researched answers backed by credible sources

• Proper formatting and citation styles (APA, MLA, Harvard, etc.)

• On-time delivery with round-the-clock support

Take the safe route — learn from the sample, and if you need a unique submission-ready paper, let our experts prepare it for you.

Your choices:

[Download Sample Solution]                                          [Order Fresh Assignment]