6CCS3NSE/7CCSMNSE Network Security Coursework Specifications 2021-22 Academic Year Jacopo Cortellazzi Description: The goal of this coursework is to apply the knowledge and the understanding from the classroom in a real network scenario. The overall task is to create a network, run and observe normal traffic, then launch network attacks, and observe the impact on network performance. Finally use network defense mechanisms to protect the network and observe the effectiveness. It contains several levels of tasks, and a total mark of 20. This coursework can be done in a group or individually. The group size depends on the experimental needs and is capped at a maximum of 4. If working in a group, all group members are awarded the same mark that is awarded to the submitted coursework. Once you have formed a group offline, everyone must use the link below to register your group. If you are doing the coursework individually then you should register a group too but your group will have just 1 member (https://keats.kcl.ac.uk/mod/choicegroup/view.php id=5492837) The deadline is 25/04/2022 23:59pm. Late submissions will be marked 0. Weight of the overall assessment : 15% Learning outcomes: Demonstrate knowledge of security properties for networks and the principal approaches to guaranteeing those properties Demonstrate an understanding of network attacks Demonstrate an understanding of network defence Submission: Each submission (individually or in a group) should contain a report of maximally 1000 words. If working in a group, 1 submission only is required per group. Level 1: Build a network and test its connectivity (4 marks) At this level you are supposed to build a network using the module VMs or mininet. Feel free to use http://mininet.org/. Draw a diagram to show the topology of your network. Each computer on the diagram should have its IP address labelled. Test connectivity of the network by using the ping command. o If you have a group of four people with four VM, full connectivity between any two machines should be tested. You should also test the connectivity to the Internet on VM. o If you use mininet, also show the connectivity between each host in your network. Hosts in mininet can also be connected to the Internet but it requires extra configuration so is not compulsory at this level. Level 2: Generate and analyse traffic on your network (4 marks) At this level you are supposed to generate some network traffic on your network, observe the traffic in network sniffer(s) and measure network performance. This step is important as it builds the benchmark for you to compare with later levels. Generate traffic : It is your choice of what kind of traffic you want to generate via standard Internet applications or a tool you research and find to generate Internet traffic You may use Internet applications to generate traffic. You may set up services (SSH,FTP,SMB, etc…) You may use the tool iperf to generate UCP and/or TCP traffic on your network. This makes the volume of the traffic easily controllable. Iperf can be used on VM and mininet. Traffic analysis: Use tcpdump or wireshark to monitor the traffic. Analyse the traffic at protocol level, packet level and flow level using wireshark Network performance analysis: Analyse the performance of the TCP/UDP traffic such as throughput, delay and packet loss. You can get the performance data from iperf output or wireshark statistics. Use statistical and graphical tools to highlight traffic characteristics. Level 3: Network attack(s) (5 marks) At this level the focus is on attacking the network and impact its performances. Suggested steps : Generate normal traffic Generate an attack or multiple attacks such as ICMP flooding, TCP SYN flooding, IP spoofing or any other, when the normal traffic is ongoing o Remember you can use multiple machines/VMs or multiple hosts in mininet o You can use hping3 or any other tool o Feel free to be creative while generating the attack Analyse how network attacks impact the network, via traffic analysis and network performance analysis by comparing the results with that at level 2. Use graphical tools to highlight traffic characteristics and the impact of the chosen attack. E.g. in case of DoS attack analyse the degradation of the network connection, in case of hijacking how the session was stolen. Level 4: Network defence (5 marks) At this level the focus is to defend the victim from the attacks. Suggested steps: Set a firewall or IDS on your network and configure its rules. You can use iptables on the VMs or in mininet. You can also choose to use other tools. Multiple rules can be used for the defence. Generate the normal traffic as you have done at level 2. Generate the attacks as you have done at level 3. Show how the firewall works to mitigate the attacks. Compare and analyse the performance of level 2, 3, and 4 to demonstrate the effectiveness of the Firewall. Level 5: Critical evaluation and reflection (2 marks) Critically evaluate what you have learnt from this coursework technically and socially. If you are in a group, each of you must tell your role in the experiment (attacker/victim) and what you have contributed to the design, development and running of the experiment. Marking Rubrics Marks Level 1 Excellent description or demonstration of a network built in VM or mininet with at least 3 nodes. Network topology clearly drawn in report or shown in video with IP addresses of nodes marked correctly. Connectivity fully tested and shown in report or video. 3-4 A network built in VM or mininet with only 2 nodes. Network topology clearly drawn in report or shown in video with IP addresses of nodes marked correctly. Connectivity fully tested and shown. There could be minor slips in description or demonstration. 2-2.5 A network built in VM or mininet with at least 2 nodes. Network topology drawn in report or shown in video with IP addresses of nodes marked. Connectivity tested and shown. Errors are found in the drawing/testing. 1.5 Some attempt of building the network 0.5-1 No network built 0 Level 2 Excellent description or demonstration of sensible traffic generated on the network built at level 1, using iperf or other tools of choice. Excellent traffic analysis and network performance analysis. 3-4 Good description or demonstration of sensible traffic generated on the network built at level 1, using iperf or other tools of choice. Good traffic analysis traffic analysis and network performance analysis. 2-2.5 Some traffic generated on the network built at level 1, using iperf or other tools of choice. Some traffic analysis and network performance analysis but may contain some errors. 1.5 Some attempt of generating the traffic and analysis 0.5-1 No attempt on generating traffic 0 Level 3 Excellent description or demonstration of multiple network attacks 3.5-5 executed in the network. Excellent analysis on how network attacks impact the network via traffic analysis and network performance analysis compared with level 2. Good description or demonstration of one or multiple network attacks executed in the network. Good analysis on how network attacks impact the network via traffic analysis and network performance analysis compared with level 2. 2.5-3 Some attack(s) generated on the network but may not be completed. Some analysis on how network attacks impact the network via traffic analysis and network performance analysis but not well explained. 1.5-2 Some attempt of generating the attack 0.5-1 No attempt on generating the attack 0 Level 4 Effective firewall rule setup to block the attack. Excellent description or demonstration on how the firewall defends the network. Excellent traffic analysis and performance evaluation through comparison of level 2, 3 and 4. 3.5-5 Good firewall rule setup to block the attack. Good description or demonstration on how the firewall defends the network. Good traffic analysis and performance evaluation through comparison of level 2, 3 and 4. 2.5-3 Some firewall setup to block the attack but may not be effective. Some description or demonstration on how the firewall defends the network. There may be errors in traffic analysis and performance evaluation through comparison of level 2, 3 and 4. 1.5-2 Some attempt of defending the network 0.5-1 No attempt of defending the network 0 Level 5 Critical evaluation and reflection 1.5-2 Some evaluation and reflection but may not critical 0.5-1 No attempt on generating the attack 0
