IFQ507 Network Systems
IFQ507 Network Systems
Assignment 3: Project (applied)
Word limit:12 A4 pages excluding cover page, table of contents, references (if any), and appendix.
Weighting:30%
Due date:11.59pm AEST Friday 8 December2023 (Week 8)
After you have read this information, head over to theAssignment 3 Q&Adiscussion board to ask any questions and see what your peers are saying about this assignment.
Assignment overview
This is a team assignment where you will work with your peers to investigate an interruption to the company's website. You will be taking on the role of a network administrator to investigate the situation, analyse the potential cause, suggest solutions, and outline the limitations of the solution. As a team, you will produce a detailed report on your findings.
This assignment supportsunit learning outcomes 1, 2, 3 and 4.
Assignment details
This assignment is based on the following scenario. Read through it carefully and make any notes you may need before you begin this assignment.
Scenario
You are a network administrator working for XYZ company and your manager has received reports that the companys website is not working. Users attempting to access the website report that they receive a page cannot be displayed error in their browser. Your manager asks you to investigate the situation, analyse the potential cause or causes of the website service disruption, suggest solutions, and outline the limitations of the solution. They have also asked that you provide a detailed report of your findings.
You have begun to look into the situation and confirm the interrupted service issue by visiting the website from your browserthe error message is displayed. Following this, you decide to perform some basic troubleshooting. You attempt to visit the website using the IP address 192.168.170.8 directly with no success.
Based on this preliminary investigation, you suspect that there may be a problem with the Web Server and you determine that the server has been subject to some form of attack. You investigate further so that you understand what happened and can suggest appropriate solutions.
Note: The IP address 192.168.170.8 is not a real website address.
Tasks
Once you have read the scenario, complete the following four tasks:
Task 1Task 2Task 3Task 4Task 1: Security analysis and mitigationStep 1:Extract a sample of the network traffic from the web server. To do this,downloadthe capture fileHYPERLINK "https://canvas.qutonline.edu.au/courses/1327/files/350107?wrap=1" t "_blank"Capture_Project_A_B (PCAPNG 3 KB)Download Capture_Project_A_B (PCAPNG 3 KB).
Note: The capture file provided is only a very small sample, but it is representative of the total traffic captured from the server. For this task, you can assume the rest of the capture shows the same trends with patterns that are similar and consistent with those in the provided scenario capture file.
Step 2: Examinethe data and conduct an analysis to help youanswerthe following:
What would you expect to see in a web server capture under normal operation? Provide a detailed and technical explanation of the TCP protocol.
Examine the data in the scenario capture file. Analyse the data, compare this with normal expected behaviour, and determine what has taken place. Record your observations and make connections between the specific data items included in the file and your description of the events that likely occurred.
Consider the security goals of the organisation that may have been compromised, the vulnerabilities that have contributed to the incident, and the threats that acted on them.
What type of attack has occurred (active or passive)? Justify your claim i.e. refer to the data in the file to provide supporting evidence. What are the possible technical and organisational consequences of this incident for XYZ company?
Step 3: Conductindependent research toidentifymitigation strategies that could be applied in this scenario.Provideat least one security strategy from each classification (preventative, detective and corrective), and discuss the strengths and limitations associated with it. If you decide that a certain class of strategy is not applicable, you will need to explain why.
Step 4: Completeyour investigation and begin your report. You can find your report structure after reading the task section of this assignment page.
Report structure
Your report should be no more than 12 A4 pages, excluding the cover page, table of contents, reference page (if any references), and appendix page. You can use the following report structure to set up your report:
Cover page:Includes project title and a full list of authors (names and student IDs).
Declaration of contributions page:Each member will need to write a declaration of contributions, see Task 4 for more information.
Executive summaryTable of contentsSection 1: Task 1Security analysis and mitigation:
Introduction (background information)
Investigation and analysisSummary of findingsRecommendationsReferences (if any).
Section 1: Task 2Network performance evaluation:
Round trip delay over time (to include an analysis and plot)
Minimum round trip delay (to include an analysis and plot)
Average round trip delay (to include an analysis and plot)
Maximum round trip delay (to include an analysis and plot).
Section 1: Task 3ReflectionsThroughout the report, you are free to use a reasonable number of screenshots and figures to assist you in justifying your explanations.
Note: The reference list is not included in the word count.
Task 2: Network performance evaluation
Step 1: Downloadthe pure-text ns-3 trace fileAssignment-1 (TR 42 KB)Download Assignment-1 (TR 42 KB). This file is a result of an ns-3 simulation study of a network of four nodes: n0, n1, n2, and n3.
Step 2: Choosea source node (n0) and a sink node (n3), thencalculatethe following performance metrics:
Round trip delay over timeMinimum round trip delayAverage round trip delayMaximum round trip delay
Note: For computational efficiency, you must use Linux utility 'grep' or 'awk' (or both) for your calculation. You are required to document the steps of your Linux commands and calculation. You should present the performance over time using a plot.
More information on the network
The internal representation of the network and network nodes is shown in the following diagram.
INCLUDEPICTURE "/Users/dimitriosvasiliadis/Library/Group Containers/UBF8T346G9.ms/WebArchiveCopyPasteTempFiles/com.microsoft.Word/preview" * MERGEFORMATINET Network model (2020) courtesy of Professor Glen Tian
Node n0 is a source node. Nodes n2 and n3 are sink nodes. Node n1 is a router.
The network traffic flows are as follows:
n0 => n2 TCP segments (payload size = 50 bytes)
n0 => n3 TCP segments (payload size = 50 bytes)
The IP addresses for the four nodes in the network are configured as follows:
n0: 192.168.1.1
n1: 192.168.1.2 and 192.168.2.1 and 192.168.3.1
n2: 192.168.2.2
n3: 192.168.3.2
Task 3: ReflectionsYour report will need to include a separate section of reflections. In this section, each student will write a paragraph of their reflections on what they have achieved so far from this unit and from this assignment. This gives you an opportunity to reflect on what you have learned and also what you think you need to improve. Your reflections are expected to be specific to yourself (not general to others).
Task 4: Declaration of contributions
Your report should include a 'declaration of contributions' page. In the declaration, each of your team members is required to declare their individual contributions to the project.
