Assignment2SystemInvestigation33

Computer SecurityAssignment Due date: 31st May 2020 11:59pm Size: 12 pages, 3000 wordsAssignment DescriptionWidgetsInc has contracted Benny Vandergast Inc to develop their new web- based store. Benny Vandergast Inc has provided a VMware virtual machine for testing. WidgetsInc have decided to give you the job of evaluating the security of the system provided by Benny Vandergast Inc.You should perform a security evaluation on the provided virtual machine image. You have not been supplied with either the IP address of the system or any usernames and passwords, you have have to discover these as part of your investigation.RequirementsYour report should include:• A description of how you investigated the security of the system.– include fully cited information on tools and techniques you used.• A description of the results obtained.• A proposal on how to secure the system.– you should address each of the security issues you find.Learning Outcomes2. Propose and justify suitable security for a networked computer system.3. Use a range of security-related tools.4. Critically evaluate tools and techniques for system security.6. Research and report on a security-related topic, using appropriate literature.SubmissionThe assignment work should be submitted as a Word document or Portable Document Format to the correct assignment slot on Blackboard1 before 11:59pm on the 31st May 2020.Late workLate work must be submitted to Blackboard in the required assignment slot.Penalties for late submissionExcept where an extension of the hand-in deadline date has been agreed (using extenuating circumstances forms), lateness penalties will be applied in accor- dance with University policy as shown in Table 12. (Working) Days Late Penalty up to 5 maximum mark 50% more than 5 0% Table 1: Late submission penaltyExtenuating circumstances If you believe that you have circumstances that justify an extension of the hand-in deadline for your assignment work, you should use the Extenuating Circumstances procedure. Extensions (to a maximum of 10 working days) can be granted when there are serious and exceptional factors outside of your control. Everyday occurrences such as colds and hay fever do not normally qualify forextensions. Where possible, requests for extensions should be made before the submission date.The University considers extenuating circumstances to be conditions that significantly impact on your work. Normally these will cover more than one module. Requests for consideration of extenuating circumstances in respect of assignment work submission, should be made using the MyUCLan3. You shoud speak to your Academic Advisor prior to submitting. Whilst extenuating circumstances are being considered, you should inform relevant module leader, and continue with the assignment.PlagiarismThe University uses an electronic plagiarism detection system where your work could be uploaded, stored and cross-referenced against other material. You should know that the software searches the WWW, an extensive collection of reference material and work submitted by members of the same cohort to iden- tify duplicates.For detailed information on the procedures relating to plagiarism, please see the current version of the University Academic Regulations4.Reassessment and RevisionReassessment in written examinations and coursework is at the discretion of the Course Assessment Board and is dealt with strictly in accordance with University policy and procedures. Revision classes for referrals will take place during ’reassessment revision, appeals and guidance week’ as marked on the academic calendar.The mark for the reassessed component is subject to a maximum of 50%.   Assessment criteria Fail (10) Pass (50) Merit (60) Distinction (70) 80 (80) Investigation (30) Brief description. Investigation is superftcial. Some security issues have been identifted via the use of automatic tools. Only inves- tigates one area of the sys- tem e.g. just web shop,  OS  or the running services. Investigation includes mul- tiple aspects (OS, services, application etc). Or goes in depth into a single aspect of the system. Good coverage across three or more aspects (OS, ser- vices, application etc). Or goes in depth into a two as- pects. Excellent coverage across all aspects of the system. Pass- words have been recovered rather than overwritten. Implications (30) Brief description. Poor or obvious implications for each vulnerability found. Or only some implications are addressed or the impli- cations don’t match up with the severity of the problem. Limited description of the is- sue and the implications . Either all aspect covered but to a superftcial level or only goes into detail of a few of the issues found. Good description of the is- sue and its implications. All issues addresses. Excellent description of the issue and its implications. Accurate and concise de- scription of each issue. Each issue includes a description of how to exploit the prob- lem. Securing (30) Brief description doesn’t re- ally secure the system. Poor or obvious way of securing the system, e.g. overall recommendation of just ftrewall/patching rather than the way of dealing with each problem. Limited description of how to secure the issues found. Good description of how to secure the issues found. Each identifted issues is ad- dressed. Excellent description of how to secure the problems found. Documentation(10) Very poor. For example not referenced, doesn’t address the question or very poor spelling and grammar mak- ing it hard to understand. Some items are referenced. Poor grammar, spelling. Referenced. Good spelling, grammar. Layout is consis- tent and make sense. Good quality documenta- tion. All items referenced, ftgures are labelled. Excellent. Publishable qual- ity.