Assignment

(Security and Support in IT, UG/G)

The assignment report you prepare in response to the questions in this assessment item contributes 20% of the total marks of this unit and is due in Week 12 on Friday at 23:59. You should plan and complete your assignment before the deadline.

Submissions (single MS Word or pdf document) are through Canvas

(http://uclearn.canberra.edu.au/). Please familiarize yourself with Canvas submissions before the deadline. After you upload your assignment report, please DO NOT FORGET to click the submit button; otherwise, your submitted assignment may remain as a draft.

No other forms of submission will be accepted.

Extensions

Students can apply for an extension to the submission due date for an assessment item through extenuating, evidenced circumstances (specific details are found through the Assessment Policy and Procedures. Section 9.12). Extensions must be applied for before the due date. Documentary evidence (e.g. medical certificate) will be expected for an extension to be granted, however this will not guarantee that the application will be successful. The Unit Convener or relevant Discipline Convener will decide whether to grant an extension and the length of the extension.

An Assignment Extension form is available from the Student Forms page.

Late submission of assignments without an approved extension will result in a penalty of 5% reduced marks from the total available, per calendar day late. An assignment submitted over 7 days late will not be accepted.

If a student chooses to submit his/her assignment via the Internet off the campus, it is the responsibility of the student to guarantee the accessibility of the Internet. Not being able to access to the Internet at a location which is outside of the campus is not an excuse for extension.

 

NOTE – 1: There is no expectation on how long your answers or explanations need to be. However, a maximum limit of 6-pages (excluding references), a font-size of 12 with single line spacing applies. Please write clearly and concisely.

 

NOTE – 2: Some of the questions in this assignment document are from topics that have not been discussed yet. You will have a better understanding of these questions when the relevant topics are discussed in the coming weeks. However, you can start working on those questions from the topics that have already been covered in lectures and tutes/labs. This is intended to allow you to work on your assignment report progressively and avoid unnecessary pressure when the due date approaches.

 

NOTE – 3: Please check the URKUND similarity score of your draft report before submitting the final report. Also, cite any sources you have referenced in preparing your responses. You are also encouraged to complete the Academic Integrity Module.

 

NOTE – 4: The textbooks are your primary sources of information. All referred materials including textbook must be included in the list of references and should be cited accordingly. You may use a referencing style of your choice but needs to be consistent.

[Total marks on this paper 20]

1. [3 marks] Suppose you are responsible for the IT infrastructure of an organization, which has about 15 desktop computers. You are advised that automation for uniformity is a good solution. What does it mean by “automation for uniformity”? Why is it a good solution in principle? Will you implement a fully automatic system in this case of yours? Why or why not?

 

1. [2 marks] Please summarise the technologies used in server computers to improve reliability, availability, and performance.

 

3. [2 marks] Please summarise the “Scope of Coverage” of a Helpdesk operation.

 

4. [3 marks] Suppose that you are responsible for the IT department of a university with students around the world. It is infeasible to meet each student in person. The IT department is responsible for all secure communication with the students. Assume that there is a trusted certificate authority which can securely issue certificates to all involved parties. Please explain:

 

• Why the trusted certificate authority is essential to establish a secure communication? What role does it play in the secure communication between the IT department and the students?

 

• From time to time, your department, on behalf of the University, makes public announcements. The announcements are of public nature and can be shared and transmitted by any interested parties, say, prospective students. How would you guarantee the authenticity of your announcements? It is not a solution to publish the announcement on a website for students to compare and decide if the received copies are the same as the web copies.

 

5. [5 marks] An organization has 2 server computers and a number of desktop computers and a few printers. All of them are connected together via an internal network, and the network is connected to the Internet via the border router of the organization. From the outside of the organization, on the Internet, only these 2 server computers are visible. One of them is the email server (IP address: e1.e2.e3.e4), and the other one is the web server (IP address: w1.w2.w3.w4). In other words, only these 2 server computers accept requesting incoming network traffic. All desktop computers are allowed to access the Internet, without any restriction. Therefore, they accept responding incoming network traffic, but not accepting any requesting incoming network traffic.

 

• [3 marks] Please design the network and draw the network diagram. You have the freedom to assume the internal network structure. In the diagram, in addition to the 2 servers, you should also include a few desktop computers and a printer. Please explain the rationale on why you put a computer or a printer in its designated location, 1 example for each location. A subnet (or a segment) is regarded as the same location. (Hint: a firewall or a few firewalls, depending on your design, are needed to regulate the network traffic)

 

• [2 mark] Please write down the firewall rules to fulfil the access requirement of the organization. Please follow the sample firewall rule (below) format to write down your firewall rules.

The textbooks are your reference: Week 1 slides; Stallings: Chapter 9.

 

6. [5 marks] Please write a summary to briefly explain to senior managers, who know very little on computer security but have a general understanding of IT, on what a buffer overflow problem is and what the consequences of a buffer overflow problem could cause [1 mark]. What programming techniques the software development team should adopt to avoid buffer overflow problems in the software it develops [1 mark].

 

Below is from a Nessus report on a computer.

• [1 mark] Pretending that the application is developed by the software development team of this organization, how to fix the problem.
• [1 mark] Accepting the recommendations given by the report, what action you should take? Assuming this computer is one of the many desktop computers, and an automatic system for software updating is in operation. Write down the operational steps, by following the principle of “one, some, and many”.
• [1 mark] Assuming this computer is a server computer, please write a brief report to the senior managers, who know very little on computer security but have a general understanding of IT, explaining why the software Firefox (a web browser) should not be installed on the computer. In your report, you should use trusted information sources to explain to your senior managers on the best practices of operating system security administration.

The textbook is your reference: Limoncelli: Chapter 1; Stallings: Chapter 9, 10, 11, 12.

7. [0 marks – the topics below are only for study purposes in preparation for the Assignment Evaluation Quiz] – you are not required to write any answers in your assignment report for the topics below.

• Password-based authentication
• The use of hashed passwords
• Authentication using Kerberos servers
• Virtual Private Networks
• Classification of malicious software
• Distributed denial of service attacks