LD7010 Ethical Hacking for Cyber Security Assignment 2020-21 London Campus

COURSEWORK ASSESSMENT SPECIFICATION

Module Title: Ethical Hacking for Cyber Security
Module Number: LD7010
Module Tutor Usman Butt
Name(s):
Academic Year: 2020/21
% Weighting (to 100%
overall module):
Coursework Title: Ethical Hacking as a proactive and adversarial approach to secure
systems (Main Assignment)
Average Study Up to 100 study hours
Time Required
by Student:

Dates and Mechanisms for Assessment Submission and Feedback

Date of Handout to Students:

Week commencing 01st Feb 2021

Mechanism for Handout to Students:

Via eLP, discussed during Lecture

Date and Time of Submission by Student:

17th May 2021 (no later than 4pm)

Mechanism for Submission of Work by student:

Electronic submission via Turnitin

Date by which Work, Feedback and Marks will be returned to students:

Within 20 working days after submission of this assignment

Mechanism for return of assignment work, feedback and marks to students:

Formal feedback will be provided via Blackboard module site following completion of
all reviews and internal moderation of results.
Assessment Overview
For this module, summative assessment worth 100% of the total mark will be via this
single individual assignment; to support evidencing achievement of all learning
outcomes for the module, a written critical analysis report forms the basis of the
module assessment. It is an individual assessment and should therefore be all your
own work. Students should not collude or plagiarise work. Appropriate action will be
taken, according to Northumbria University regulations, if collusion or plagiarism is
suspected. Please see the section on academic integrity for clarification.

The purpose of this assignment is to perform and document a penetration testing

phase as part of a practical ‘offensive security’ approach against a known network
topology with distinguished characteristics and services. Furthermore, the report
incorporates state-of-the-art research to demonstrate in-depth theoretical knowledge
of a network security auditing paradigm regarding application and network layer
attacks. You will learn how to defend a system and provide a better set of services in
terms of security and availability and to further understand how planning and
executing a set of steps and methods can seriously affect the security of a network.

Module Learning Outcomes

This assignment covers Learning Outcomes 1-4 in full. On completion of the module,
you should be able to demonstrate how you have achieved the following.

1. Assess computer systems, information systems and networks to identify their

vulnerabilities and weaknesses.
2. Evaluate and understand the principles of ethical hacking and appreciate where
and in what situations these principles should be applied
3. Critically evaluate the core concepts, knowledge and practice of computer
security have developed through research
4. Appreciate the legal and ethical issues associated with ethical hacking and be
able to apply them appropriately.

Important Information on possible Ethical and Legal Implications

Due to the nature of this module, you MUST ensure that ALL the attacks performed
during the coursework are carefully contained within a controlled laboratory
environment. The expected approach is to utilise virtual technology (e.g. VMware,
Hyper-V and VirtualBox) to build your own lab.
Performing attacks on the virtual machines within the dedicated University laboratory
is permitted, but it is very important to note that attacking the rest of the university
network is NOT allowed. A full monitoring process will be in place and offenders
could be prosecuted. Ask your module tutor to clarify any doubts shall you have
further inquiries. Overall, make sure you comply with UK-legislation and all
associated professional and ethical behaviour.
The purpose of this assignment is NOT to teach you how to break computer system
but rather to understand how the countermeasures are applied to protect your
potentially vulnerable infrastructure.

Page 1 of 8
Requirements
For the practical part of this assignment, you will have to build three Virtual Machines
(VM):
 A Linux Server
 You could use CentOS or Ubuntu Server
 Minimum configuration required
 DNS
 An additional service of your own choice (e.g. DHCP, FTP, SMTP, SNMP etc)
 A Client
 Could be either Windows (Visa, 7, 8, 10 etc) or Linux (Fedora, Ubuntu etc)
 You could create multiple copies of the client’s VM if you require more clients
to demonstrate an attack
 Attacker machine
 Kali Linux (the most recent version is highly recommended)

Assignment Tasks and Deliverables
The main submission is a single individual report consisting of two parts as follows:

Part A
In this first part of the assignment, you are required to:
 Provide a summary of the configuration steps on the server and client. Include
screenshots to evident functionality at the client-side. Discuss the rationale
behind service selection and configuration. (10%)
 Demonstrate a minimum of 2 attacks against each of the two services
configured. Any further and complex attacks will attract more marks. Log all the
important and offensive events against your target including attacks detected,
services’ logs nature, origin of the attack and damage caused. Support your
demonstration with screenshots. (35%)
 Critically reflect on countermeasures and prevention mechanisms applied to
mitigate against your attacks. (15%)

Part B
In the second part of the report, you are required to write a short position paper to
critically analyse and reflect on recent state-of-the-art attacks and hacking
techniques, followed by a discussion on possible countermeasures. (weights 40%)
Your paper should consider the following guidance and contain the following
subtitles as a minimum:
 Title page and Abstract
 Introduction
 The nature of the brief/commission and the topic should be briefly outlined
and defined alongside details of how the paper is organised.
 Scope: how did you select the attacks/techniques in this paper? E.g. most
recent attacks, wireless attacks, VoIP attacks, DNS attacks etc
 Main body
 Critical discussion, reflection and analysis
 Conclusions
 A brief summary of the key findings established from your research.

Page 2 of 8
 References.
 A full list of references used within the paper should be provided. The Harvard
Style of referencing should be applied throughout the assignment.

Format and Submission Requirements

Please adhere to the following requirements:
 Submission will be via Turnitin on Blackboard; please see the front cover for the
submission date. Please note, you can submit your report formatively to check
for originality i.e. to help check for potential academic misconduct in the form of
plagiarism. You can do this multiple times. However, you must ensure the last
attempt is your final summative assessed paper and is correctly submitted
ahead of the deadline indicated on the cover page.
 The report should be written in a formal reporting style and without use of
personal pronouns (for example, no use of ‘I, me, my, our, we, they, he, she’).
If you find it difficult, you may want to research the use of the passive voice; help
is also available via skills resources online (see above).
 Word count for Part A is 2000 words (+/- 10%) excluding references
 Word count for Part B is 2000 words (+/- 10%) excluding references
 Only Microsoft Word or PDF file formats will be accepted.
 Layout should make reasonable use of margins, clear headings, single line
spacing and font size should be 11pt (i.e. your report should be professionally
presented).
 Include page numbers, the module code and your student ID.
 All content including references and appendices (if used) should be contained in
a single document.
 Referencing should be in the Harvard style (see Cite Them Right available at
http://www.citethemrightonline.com). Note; you will need your University user ID
and password to access this resource.

This is an INDIVIDUAL assessment and should be entirely your own work. Where
you have used someone else’s words (quotations), they should be correctly quoted
and referenced in accordance to the Harvard System. Help regarding referencing
can be found at:
https://cragside.northumbria.ac.uk/Everyone/skillsplus/database_uploads/55389538.pdf?

Assessment Criteria Section Possible Actual

marks Marks

Part A (60%)

Page 3 of 8
Configuration 10
Balanced summary of the configuration steps with screenshots to evident
functionality.
Clear rationale behind service selection and configuration

Attacks Demonstration 35
A minimum of 2 comprehensive attacks against each of the two services
configured.
A log of all the important and offensive events including attacks detected,
services’ logs nature, origin of the attack and damage caused.
Supported by screenshots
Countermeasures 15
Critical reflection on prevention mechanisms applied to mitigate against
attacks

Part B (40%)

Title page and Abstract 5

Introduction 5
 An introduction using appropriate information and problem
statement
 The nature of the brief/commission and the topic should be briefly
outlined and defined alongside details of how the paper is organised
 Scope: how did you select the attacks/techniques in this paper? E.g.
most recent attacks, wireless attacks, VoIP attacks, DNS attacks etc

Main body 20
 Critical discussion, reflection and analysis
 Clear evidence of excellent critical thinking and problem-
solving approach.
 Excellent presentation in terms of communication and content.

Conclusion 5
 A brief summary of the key findings established from your
research.

References 5
Marks deducted in case of poorly structured reports, layout, word count
(15 marks)
Total 100

Page 4 of 8
Grading Guidance

Mark Assessment Criteria

70%+ Excellent work providing evidence to a very high level of the knowledge,
understanding and skills appropriate to level 7. The module learning
outcomes have been met, many at high level.
Marks at the high end of this range indicate outstanding work where all
learning outcomes are met at a high level. Excellent in all or most of: use
of primary sources of literature from a range of perspectives;
development of analysis and structure of argument; critical evaluation and
creative use of theory, research methods and findings; presentation of
information to the intended audience.
60-69% Commendable work providing evidence to a high level of the knowledge,
understanding and skills appropriate to level 7. The module learning
outcomes have been met, many are more than satisfied.
Good in all or most of: use of up-to-date material from a variety of
sources; development of analysis and structure of argument; critical
evaluation of relevant theory, research methods and findings to the
problem in question; presentation of information to the intended audience.
55-59% Satisfactory work providing evidence of the knowledge, understanding
and skills appropriate to level 7.
Satisfactory in all or most of: use of relevant material from a variety of
sources; development of analysis and structure of argument; evaluation
of theory; application of relevant theory, research methods and findings to
the problem in question; presentation of information to the intended
audience.
50-54% Adequate work providing evidence of the knowledge, understanding and
skills appropriate to level 7 but only at a bare pass level. All of the
learning outcomes are met (or nearly met and balanced by strengths
elsewhere).
Adequate in all of (or most of, with balancing strength elsewhere): use of
relevant material; development of analysis and structure of argument;
evaluation of theory; application of relevant theory, research methods and
findings to the problem in question; presentation of information to the
intended audience.
40-49% Work is not acceptable in providing evidence of the knowledge,
understanding and skills appropriate to level 7. However, the majority of
the learning outcomes are met and others are nearly satisfied:
Adequate in most but not all of the following aspects: use of relevant
material; development of analysis and structure of argument; evaluation
of theory; application of relevant theory, research methods and findings to
the problem in question; presentation of information to the intended
audience.

Page 5 of 8
1-39% Work is not acceptable and provides little evidence of the knowledge,
understanding and skills appropriate to level 7. Few of the learning
outcomes are met.
Inadequate in some of the following aspects or seriously inadequate in at
least one: use of relevant material; development of analysis and structure
of argument; evaluation of theory; application of relevant theory, research
methods and findings to the problem in question; presentation of
information to the intended audience.
0% Work showing no evidence of the knowledge, understanding and skills
appropriate to level 7. None of the learning outcomes are met.
OR
Work not submitted.
OR
Work giving evidence of serious academic misconduct

Academic Integrity Statement: You must adhere to the university regulations on

academic conduct. Formal inquiry proceedings will be instigated if there is any
suspicion of plagiarism or any other form of misconduct in your work. Refer to the
University’s Assessment Regulations for Northumbria Awards if you are unclear as
to the meaning of these terms. The latest copy is available on the University website.
https://northumbria-cdn.azureedge.net/-/media/corporate-website/new-sitecore-
gallery/services/academic-registry/documents/qte/assessment/guidance-for-students/pl,-
d-,005-v004-academic-misconduct-policy.pdf?
la=en&modified=20200117152110&hash=5631FCFB09A073D1BEE7BD157FAB19313A102
68A#:~:text=1%20Academic%20Integrity,-1.1%20Every%20student&text=1.2%20In%20all
%20assessed%20work,advantage%20in%20any%20other%20way.
(last accessed on 25th August 2020)

Formative Feedback

There will be an opportunity for formative feedback during the semester. You are
advised to start working on this assignment as early as possible so that you can
seek clarification from the module tutor regarding any questions you might have
during the semester. Note that tutors will not predict your grade, and you should not
take the lack of comment on any aspect of your work as indicating that it is correct.
You should make every effort to take advantage of formative feedback as tutors will
not comment on draft work at other times. Remember that you will get more useful
feedback from us by asking specific questions than just presenting us with your
documentation and asking, ‘Is this right?’

Penalties for Exceeding Word Limits:

Page 6 of 8
The following penalties will be applied after any reductions in mark due to late
submission have been made, Penalties will be applied as defined in the University
Policy on Word Limits Policy.
https://northumbria-cdn.azureedge.net/-/media/corporate-website/new-sitecore-
gallery/services/academic-registry/documents/qte/assessment/guidance-for-students/pl013-
v002-word-limits-policy.pdf?modified=20200803200335.
(last accessed on 25th August 2020)

The actual word count is to be declared on the front of the assessment submission.

Late Submission Policy:

For coursework submitted up to 1 working day (24 hours) after the published hand-in
deadline without approval, 10% of the total marks available for the assessment
(i.e.100%) shall be deducted from the assessment mark. Penalties will be applied as
defined in the University Policy on the Late submission work.
https://northumbria-cdn.azureedge.net/-/media/corporate-website/new-sitecore-
gallery/services/academic-registry/documents/qte/assessment/guidance-for-students/pl,-
d-,008-v004-late-submission-of-work-and-extension-requests-policy.pdf?
modified=20200803152930
(last accessed on 25th August 2020)

Page 7 of 8
For clarity: a late piece of work that would have scored 65%, 55% or 45% had it
been handed in on time will be awarded 55%, 45% or 35% respectively as 10% of
the total available marks will have been deducted.

Failure to submit: The University requires all students to submit assessed

coursework by the deadline stated in the assessment brief.  Where coursework is
submitted without approval after the published hand-in deadline, penalties will be
applied as defined in the University Policy on the Late Submission of Work.
https://northumbria-cdn.azureedge.net/-/media/corporate-website/new-sitecore-
gallery/services/academic-registry/documents/qte/assessment/guidance-for-students/pl,-
d-,008-v004-late-submission-of-work-and-extension-requests-policy.pdf?
modified=20200803152930
(last accessed on 25th August 2020)

Page 8 of 8