SEC3014 Advance Network Security Assignment

Advance Network Security

SEC3014
SEC3014 Advance Network Security Assignment

Assignment

Assignment question distribution date: 21st May 24

Assignment report submission date: 12th July 2024, Friday

PLO1- Cognitive Skills

PLO2 – Personal Skills
PLO3 - Ethics and profesionalism

Instructions:

This group assignment carries 100% of your total module assessment marks, with 60% of the total contributed
by an individual component. A group consist of maximum 5 students. (Minimum 4 students). The total word
count of the report should not exceed 5000 words. No marks will be awarded for the entire assignment if any
part of it is found to be copied directly from printed materials or from another group. All submissions should
be made on or before the due date. Any late submissions after the deadline will not be entertained. Zero (0)
mark will be awarded for late submission, unless extenuating circumstances are upheld.

Scenario:

Company A is food manufacturer based in Kuala Lumpur. Its office consists of 3 departments: Sales,
Engineering and Finance. It has a Sales office in Singapore located 350km away from Kuala Lumpur and hosts
50 employees. The following topology illustrates the network architecture and topology of the Kuala Lumpur
office of Company-A and Singapore Company-B.

The Kuala Lumpur office has simple network architecture. Clients’ workstations are connected to an access
switch, then connected to a distributed switch and then to the routers inside interface. The firewall outside
interface connects directly to the internet service provider (ISP) router. The ISP completely manages this router,
and the company-A has no control over it. A third interface on the firewall hosts a demilitarized zone (DMZ)
hosting several servers. These servers include web, email, and FTP applications.

The goal is to protect the internal and DMZ hosts from external threats. As a network security specialist, you
are required to provide a security solution for company-A and company-B. All your configuration using ipv6
and ipv4.

There are some requirements in the above scenario that must be considered in this security design.

1. Client workstations (sales, engineering and finance) must be able to access the web server at the DMZ
over HTTP and HTTPS. The web server should be reachable from the external clients over HTTP and
HTTPS only. (Solution and configuration)
SEC3014 Advance Network Security Assignment
2. Clients should also be able to put and get files via FTP to the same server. The company requires
implementing FTP with user and password is essential for each transaction. (Solution and
configuration.)

3. Engineering and sales workstations must be able to access the Internet (to reach company B) over
HTTP and HTTPS with DNS. No other protocol access is allowed to the Internet. (Solution and
configuration.)

4. Client workstations must be able to check their e-mail on the e-mail server at the DMZ. (Solution and
configuration.)

5. The e-mail server should be able to receive e-mail from external hosts over the simple mail transfer
protocol (SMTP). (Solution.)

6. No client from sales, engineering and finance department is able to access clients in the other
departments. (Solution and configuration.)

7. Layer two securities is a requirement in the company-A LAN. (Solution and configuration.)

8. Bastion host works as an application proxy. You are required to explain the solution in detail.
(Configuration is not required.)

9. Connectivity between company-A in Kuala Lumpur and company-B in Singapore is a requirement.

What is the best solution? Elaborate on the solution. (Configuration is not required).

10. Data transmitted over the network must be kept disguised and only intended recipient can read it.
Hackers are unable to understand the content even they are able to wiretap the communication.
(Solution on the techniques, no configuration is required)

11. The company requires implementing intrusion detection systems (IPS). (No Configuration is required.)

12. Implement VPN (Tunneling) between Singapore and Kuala Lumpur. (Configuration is required.)

13. Implement IpSec encryption between Singapore and Kuala Lumpur. (Solution)

14. Implement AAA (Authentication, Authorization and Accounting) for K.L network (Configuration)

Note: The “solution” in the parenthesis means that you must recommend what should be done in order
to fulfil the company’s requirement. In this case, you do not have to configure any of the device(s) in
the topology. The “configuration” in the parenthesis means that, in addition to the solution that you
provide, you have to implement it by configuring the appropriate device with commands and setups. b
SEC3014 Advance Network Security Assignment

Guidelines for the Report:

i
Document the results of your work in a professional and systematic manner, in the form of a computerized
report. One (1) softcopy and hardcopy of your documentation is to be submitted.
Your completed documentation should meet the following requirements:
1. Table of contents for every detailed chapter/section.
2. Marking Table
3. Gantt Chart
4. Detailed Work Breakdown Structure
5. Introduction
6. Chapters / sections
7. Recommendations
8. Network configurations
9. Documentation of the configured device(s) (Screen shot of device configured e.g., router or firewall)
10. Conclusion
11. Appendices
12. Bibliography or References

In your document the report is to be written in a professional manner, paying due regard to the following
aspects:

 The report is to be written in the 3rd person.

 The report should have a consistent layout and be divided into enumerated sections, sub-sections, sub-sub
sections etc.
 The report should be fully referenced using the University standard.
 Your report must be typed using Microsoft Word with Times New Roman font and size 12. Expected
length is 5,000 words (excluding diagrams, appendixes and references). You need use to include a word
count at the end of the report and it should be in 1.5 spaces.
 Submission of reports that are unprofessional in its outlook (dirty, disorganised, inconsistent look, varying
coloured paper and size) will not fare well when marks are allocated.
 Ensure that the report is printed on standard A4 (210 X 297 mm) sized paper.
 The report should have a one (1”) margin all around the page as illustrated below:

1 inch 1 inch
1 inch

1 inch

The Typed Text

1 inch

1 inch

1 inch 1 inch

 Every report must have a front cover. A transparent plastic sheet can be placed in front of the report to
protect the front cover. The front cover should have the following details:

o Name
o Intake code.
SEC3014 Advance Network Security Assignment
o Subject.
o Project Title.
o Date Assigned (the date the report was handed out).
o Date Completed (the date the report is due to be handed in).

Submission requirements

A softcopy containing an electronic version of the document and video presentation via terms (15 minutes) of
group member. The total word count of the main body of the document (excluding title & contents pages) is to
be in the region of 5000 words.

Marking Table

Please note that during the preparation of your assignment, you must include the following marking table.
Ensure you fill in the details of your team members’ full names and their respective student IDs.

The marking table must be placed on a single page, located as either the second or third page of your final
assignment documentation. Each team member’s name must only appear once. The schedule for the
presentation will be announced in due time.

Assessment Criteria:
 SEC3014 Advance Network Security Assignment

Marking Scheme (based on SLT):

Group Components (40%)

(Problem Solving and Scientific Skills = 40 marks)

Marking 0-4 5-8 9-12 13-16 17-20 Marks

Criteria (Distinction) Awarded
(Fail) (Marginal (Pass) (Credit)
Fail)

Poor research Very brief Research and Well research Very well
and research and investigation and analysis and
investigation of investigation of are done but investigation is investigation of
the problem. the problem. not in depth. done. Good the problem.
Poor Poor evaluation Appropriate evaluation of Outstanding
evaluation of of the evaluation of the evaluation of
the requirement. the requirements the
requirement. requirements with proper requirements
Network with proper reasoning with with proper
Design reasoning with proper project reasoning.
proper project planning and Outstanding
planning and management. project planning
management. and
management
with the
screenshots of
used tools.

(Social Skills, Team Skills and Responsibilities = 20 marks)

Marking 0-4 5-8 9-12 14-16 17-20 Marks

Criteria (Distinction) Awarded
(Fail) (Marginal (Pass) (Credit)
Fail)

Ip address No task Poor task Imbalance task Balance Balance

task distribution distribution distribution distribution of distribution of
distribution among the team among the tasks among tasks among the
members. team the team team members.
Irrelevant members. members. Accurate
technologies Acceptable Accurate technologies
chosen technologies technologies chosen and
chosen but chosen but detail
explanation explanation explanation
 SEC3014 Advance Network Security Assignment
not in depth provided not in provided
depth

Individual Components (60%)

(Social Skills, Team Skills and Responsibilities = 30 marks each)

Marking 0-6 7-14 15-20 21-25 26-30 Marks

Criteria (Distinction) Awarded
(Fail) (Marginal (Pass) (Credit)
Fail)

Practical Poor in basic Not able to Able to apply Able to apply Able to apply
Demonstrati knowledge apply new idea new idea on new idea or new idea or
on (30 or knowledge to knowledge to a knowledge to a knowledge to a
marks) a given problem given problem given problem given problem
with assistance and but unable and able to
from lecturer to propose propose
or student
alternative alternative
applications applications

Technical Poor in basic Not able to Able to apply Able to apply Able to apply
Configuratio knowledge apply new idea new idea on new idea or new idea or
n (30 marks) or knowledge to knowledge to a knowledge to a knowledge to a
a given problem given problem given problem given problem
with assistance and but unable and able to
from lecturer to propose propose
or student
alternative alternative
applications applications

Total Marks