SIT382 System Security - WebGoat Challenges - IDS - IPS - Firewall - Honeypot - IT Report Writing Assessment Answer

SIT382 System Security - WebGoat Challenges - IT Report Writing Assessment Answer

Assessment Task:

Part A 

You are required to complete the WebGoat Challenge questions. The tasks to be completed is provided in WebGoat. You need to click on the Challenges menu item and solve all challenges within the WebGoat challenge (CTF) as you can see. This part of the assignment requires you to know different application penetration testing techniques to complete successfully.

 An important note to remember is that you are attacking the WebGoat web server from a client (web browser). This means that the attacker does not have any write access to the server, thus you will not be able to modify the java source files to complete the Challenge questions. Any modification of the WebGoat source code to complete the Challenge questions will result in loss of marks.

Once you have finalised the challenges, it is time for you to launch a different attack to WebGoat page or other local or networked systems. Two options provided here for you to finalise this section, you can take either one of the options:

Option 1: If you select to attack the WebGoat page, your WebScarab with the tampering process works in your computer, then, this will suffice.

Option 2: Alternatively, in some occasions, if your WebGoat does not work in your computer, you are given the option to attack other web system, however, you need to select and choose ONE (1) of the many tools available in the open-sourced domain, including tools which we have not covered but you may find useful, for example, Nmap (http://sectools.org/tag/port-scanners/ ). Once chosen, a detailed description should be attached, including the reason for selecting this tool, the applied scenario, and supporting theory in behind. You will also provide a complete run through the activity by providing screenshots of how the attack was launched and also an evaluation of the data collected from the victim machine, such as the traffic packet data from the Wireshark.

In Part A, you are required to include the following two sections:

Section 1: For the WebGoat challenges -

• Description of the scenarios in each stage, including the comparison and analysis against real-world cases.

• Theoretical description of the possible methods of launching attacks. You may list the possible methods that you may use to test the problems posed by the question of each stage?

• A brief explanation of the method used (a couple of paragraphs) followed by details on how you used that method to test the problem. What are the results of those methods that you actually tested the problems posed by the question of each stage? (Analyse either successful or unsuccessful methods).

• Any script codes and images

Section 2: Launch a different attack (other than the attacks in Section 1) for the remote system -

• A theoretical description of the attack. For example, a spear-phishing attack describes the attack in detail.

• A complete, beginning to end, tutorial-like presentation of the attack, without omitting any variables, including screenshots, this could look like a manual or a journal.

• An evaluation of the data if collected from Wireshark, in any given case, you will be able to find some pattern, like redirection or uncommon data between clients in social network attacks, or the effect of a spoofing mechanism, you should describe in a fairly simplistic way, what has happened.

• Provide a short evaluation and considerations of the attack, this can and should also include defence mechanisms which can be used to defend from such an attack. Please note, this should be done thoroughly and present various mechanisms and description of which you consider to be better and why. For example, for a DoS attack where the attacker has spoofed the IP address, there are mechanisms to trace back the attacker, you should include most of them.

Part B

1. Research Question 1: Can an integrated system with IDS, IPS, Firewall & Honeypot together to improve the real-time system security? Discuss how and provide one real-world example (e.g., in the context of the smart city) with network topology and illustrate the relevant tools/techniques in use. Minimum 5 references are required. (State your own understanding after you have done some research works, cannot use the direct quotation, no more than 600 words)

2. Research Question 2: Describe the IDS and Honeypot development history based on the timeline (e.g., in chronological order in a year)? Minimum 5 references are required. 

3. Research Question 3: Discuss the main differences (minimum 3) between the firewall and IDS? Using the diagram to illustrate the components for the types of IDS vs firewall. Use two or three sentences to discuss the differences based on your understanding?

This IT Assessment has been solved by our IT Assessment Experts at My Uni Paper. Our Assignment Writing Experts are efficient to provide a fresh solution to this question. We are serving more than 10000+ Students in Australia, UK & US by helping them to score HD in their academics. Our experts are well trained to follow all marking rubrics & referencing style.

Be it a used or new solution, the quality of the work submitted by our assignment experts remains unhampered. You may continue to expect the same or even better quality with the used and new assignment solution files respectively. There’s one thing to be noticed that you could choose one between the two and acquire an HD either way. You could choose a new assignment solution file to get yourself an exclusive, plagiarism (with free Turnitin file), expert quality assignment or order an old solution file that was considered worthy of the highest distinction.