CO4509 – Computer Security
Assignment 2
Martin Bateman
[email protected]
April 17, 2018
Due date: 25th May 2018 11:59pm
Weighting: 50%
Size: 12 pages, 3000 words
Assignment Description
WidgetsInc has contracted Benny Vandergast Inc to develop their new webbased store. Benny Vandergast Inc has provided a VMware virtual machine for
testing. WidgetsInc have decided to give you the job of evaluating the security
of the system provided by Benny Vandergast Inc.
You should perform a security evaluation on the provided virtual machine
image. You have not been supplied with either the IP address of the system or
any usernames and passwords, you have have to discover these as part of your
investigation.
Requirements
Your report should include:
• A description of how you investigated the security of the system.
{ include fully cited information on tools and techniques you used.
• A description of the results obtained.
• A proposal on how to secure the system.
{ you should address each of the security issues you find.
Learning Outcomes
2. Propose and justify suitable security for a networked computer system.
1
3. Use a range of security-related tools.
4. Critically evaluate tools and techniques for system security.
6. Research and report on a security-related topic, using appropriate
literature.
Submission
The assignment work should be submitted as a Word document (.docx) or
Portable Document Format (.pdf) to the appropriate assignment submission
slot on Blackboard1 before 11:59pm on the 25th May 2018.
Late work
Late work must be submitted to eLearn in the required assignment slot.
Penalties for late submission
Except where an extension of the hand-in deadline date has been approved
(using extenuating circumstances forms), lateness penalties will be applied in
accordance with University policy as shown in Table 12.
(Working) Days Late
Penalty
up to 5
maximum mark 50%
more than 5
0%
Table 1: Late submission penalty
Extenuating circumstances
If you believe that there are circumstances that justify an extension of the
hand-in deadline for assignment work, you are required to use the Extenuating Circumstances forms. Extensions (to a maximum of 10 working days) are
granted when there are serious and exceptional factors outside your control.
Everyday occurrences such as colds and hay fever do not normally qualify for
extensions. Where possible, requests for extensions should be made before the
hand-in date.
The School considers extenuating circumstances to be conditions that significantly impact on your work. Typically these will cover more than one module.
1http://portal.uclan.ac.uk/
2http://www.uclan.ac.uk/aqasu/academic regulations.php
2
Requests for consideration of extenuating circumstances in respect of assignment work submission, should be made using the MyUCLan3. You are advised
to speak to your Academic Advisor prior to submitting. Whilst extenuating
circumstances are being considered, you are advised to inform relevant staff
members, and continue with the assignment.
Feedback
Feedback will be given to the class within 15 working days of the assignment
hand-in date. This may be done in the first 15 minutes of a lecture. This will be
followed by individual written feedback tying to the Learning Outcomes listed
in the assignment brief, together with any additional helpful feedback such as
areas of strength and areas for improvement.
Plagiarism
The University operates an electronic plagiarism detection service where your
work may be uploaded, stored and cross-referenced against other material. You
should be aware that the software searches the World Wide Web, an extensive
databases of reference material and work submitted by members of the same
class to identify duplication.
For detailed information on the procedures relating to plagiarism, please see
the current version of the University Academic Regulations4.
Reassessment and Revision
Reassessment in written examinations and coursework is at the discretion of
the Course Assessment Board and is dealt with strictly in accordance with
University policy and procedures. Revision classes for referrals will take place
during ’reassessment revision, appeals and guidance week’ as marked on the
academic calendar.
The mark for the reassessed component is subject to a maximum of 50%.
3http://myuclan.uclan.ac.uk/
4http://www.uclan.ac.uk/aqasu/academic regulations.php
3
Assessment criteria
Fail (10)
Brief description.
Brief description.
Brief description doesn’t re
ally secure the system.
Very poor. For example not
referenced, doesn’t address
the question or very poor
spelling and grammar mak
ing it hard to understand.
Pass (50)
Investigation is superficial.
Some security issues have
been identified via the use of
automatic tools. Only inves
tigates one area of the sys
tem e.g. just web shop, OS
or the running services.
Poor or obvious implications
for each vulnerability found.
Or only some implications
are addressed or the impli
cations don’t match up with
the severity of the problem.
Poor or obvious way of
securing the system, e.g.
overall recommendation of
just firewall/patching rather
than the way of dealing with
each problem.
Some items are referenced.
Poor grammar, spelling.
Merit (60)
Investigation includes mul
tiple aspects (OS, services,
application etc). Or goes in
depth into a single aspect of
the system.
Limited description of the
issue and the implications .
Either all aspect covered but
to a superficial level or only
goes into detail of a few of
the issues found.
Limited description of how
to secure the issues found.
Referenced. Good spelling,
grammar. Layout is consis
tent and make sense.
Distinction (70)
Good coverage across three
or more aspects (OS, ser
vices, application etc). Or
goes in depth into a two as
pects.
Good description of the is
sue and its implications. All
issues addresses.
Good description of how
to secure the issues found.
Each identified issues is ad
dressed.
Good quality documenta
tion. All items referenced,
figures are labelled.
80 (80)
Excellent coverage across all
aspects of the system. Pass
words have been recovered
rather than overwritten.
Excellent description of the
issue and its implications.
Accurate and concise de
scription of each issue. Each
issue includes a description
of how to exploit the prob
lem.
Excellent description of
how to secure the problems
found.
Excellent. Publishable qual
ity.
Investigation (30)
Implications (30)
Securing (30)
Documentation(10)
4
The post CO4509 – Computer Security Assignment 2
