Group assignment- max 3 students in.

Prepared by: Dr. Ammar Alazab Moderated by: Dr. Javed Ali Baloch August, 2017 Assessment Details and Submission Guidelines Trimester T2, 2017 Unit Code MN603 Unit Title Wireless Networks and Security Assessment Type Group assignment- max 3 students in a group – (Assignment 2) Assessment Title Wireless Network Security Tools Purpose of the assessment (with ULO Mapping) This Assignment requires student to write a report that covers the wireless architecture and security vulnerabilities. Students evaluate and compare different wireless security tools. Assignment also provides student to critically think about the ethics of a Wi-Fi connection. In addition, students need to propose a solution to prevent untheorized users. At the completion of this unit students should be able to: ï‚· Demonstrate a deep understanding of wireless architecture and security vulnerabilities using examples and appropriate explanations. ï‚· Design, build, protect, and manage WPAN and WLAN which demonstrates in-depth practical knowledge. ï‚· Analyse needs, and appropriately design a secure WLAN. ï‚· Design secure WLAN utilising techniques to mitigate possible attacks for organizations. ï‚· Install, configure and securely maintain WLAN Controllers (WLCs) and Bluetooth devices for an organisation by analysing the needs of the network. ï‚· Demonstrate practical knowledge of wireless communication by configuring and implementing a wireless router. ï‚· Provide appropriate designs, and actively manage and administrate secure enterprise wireless networks. Weight 20% Total Marks 100 Word limit 1200-1500 words Due Date Tuesday 11:55 PM, Week 11 (26 September 2017) Submission Guidelines ï‚· All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page. ï‚· The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings. ï‚· Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using IEEE referencing style. Extension ï‚· If an extension of time to submit work is required, a Special Consideration Application must be submitted directly to the School’s Administration Officer, on academic reception level. You must submit this application within three working days of the assessment due date. Further information is available at: http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/specialconsiderationdeferment Academic Misconduct ï‚· Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at: http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure. For further information, please refer to the Academic Integrity Section in your Unit Description. MN603 Wireless Networks & Security Page 2 of 6 Prepared by: Dr. Ammar Alazab Moderated by: Dr. Javed Ali Baloch August, 2017 Assignment Description In consultation with your tutor, choose two wireless network security tools if group of 2 students and three tools if group of 3 students from the table given in section 1 to prepare a technical research report. Follow the marking guide to prepare your report. In addition, you will need to read the case study given in section 2 and then answer the questions following the case study. Only one report for both the sections should be submitted. As this is a Group Assignment make sure the contribution made by each student is clearly mentioned in the front page of the report. Each student in the group must make sufficient contribution. The report must be properly formatted and have a table of contents. Section 1: Wireless network security tools In this section you will use WLAN Analysis, Exploitation and Stress Testing tool either on Windows or Linux operating system. Marks will be awarded based on degree of sophistication and effectiveness of the techniques to secure and/or manage WLAN. Your task is to complete and write a report on the following: 1. Install/deploy two or three depending on group size Wireless Security Tool of your choice Note: The due deadline by which you should let your tutor know about which tools you are going to work on is week 10 (Tuesday 19th Sept’17) 2. In your report, please ensure that it covers: Full explanation of each tool. Research how to identify Wireless Security Tools. Categorize the tools into one of the following types: WLAN Analysis OR Exploitation OR Stress Testing tools. Further classify if the tool uses technique(s) suited for i.e. WLAN discovery OR penetration testing OR vulnerability assessment 3. At least 2 Wireless Security Tools should be implemented. 4. Lab demonstration: Must explain how each tools works in lab class to your instructor by week 11. For each tool not more than 5 minutes of explanation be given. 5. Report: Prepare a report that covers the mentioned content along with your evaluation and recommendations. The report must contain several screenshots as evidence and a short description for each screenshot that proves that you actually did the work. An introduction for each wireless security tool, along with accepted references should also be provided in the report. 6. The wireless network security tools list is given below for MN603 Assignment 2 in T2 2017. Windows OS Based Tools: WLAN Exploitation- Kali Linux InSSIDer Fern-wifi-cracker Wi-Fi Inspector Wifish finder Connectify Freeradius-wpe WeFi Gerix-wifi-cracker-ng WiFi Analyser Horst Aircrack-ng Pcapgetiv WiFidEnum Pyrit Cain and Abel Reaver Firesheep Weakivgen WiSpy or AirMagnet Wepcrack NetStumbler or Vistumbler Wifihoney NetSurveyor Wifite Cloud Cracker WEPCrack Hotspot Shield Note: If you would like to choose other WLAN tools that are not listed in this table, talk to your tutor and get permission to use it. MN603 Wireless Networks & Security Page 3 of 6 Prepared by: Dr. Ammar Alazab Moderated by: Dr. Javed Ali Baloch August, 2017 Section 2: The ethics of “stealing” a Wi-Fi connection Each member of the group must answer equal number of questions given at the end of this section. The answered question should be placed under Section 2 heading of the report. Only one report for both the sections be submitted. Eric Bangeman – 1/4/2008, 2:12 PM Source: https://arstechnica.com/information-technology/2008/01/the-ethics-of-stealing-a-wifi-connection/ Network security firm Sophos recently published a study on what it terms WiFi “piggybacking,” or logging on to someone’s open 802.11b/g/n network without their knowledge or permission. According to the company’s study, which was carried out on behalf of The Times, 54 percent of the respondents have gone Wi-Fi freeloading, or as Sophos put it, “admitted breaking the law [in the UK].” Amazingly, accessing an unsecured, wide-open Wi-Fi network without permission is illegal in some places, and not just in the UK. An Illinois man was arrested and fined $250 in 2006 for using an open network without permission, while a Michigan man who parked his car in front of a café and snarfed its free Wi-Fi was charged this past May with “Fraudulent access to computers, computer systems, and computer networks.” On top of that, it’s common to read stories about Wi-Fi “stealing” in the mainstream media. It’s time to put an end to this silliness. Using an open Wi-Fi network is no more “stealing” than is listening to the radio or watching TV using the old rabbit ears. If the Wi-Fi waves come to you and can be accessed without hacking, there should be no question that such access is legal and morally OK. If your neighbor runs his sprinkler and accidentally waters your yard, do you owe him money? Have you done something wrong? Have you ripped off the water company? Of course not. So why is it that when it comes to Wi-Fi, peopl
e start talking about theft? The issue is going to come to a head soon because more and more consumer electronics devices are Wi-Fi-enabled, and many of them, including Apple’s iPhone and most Skype phones we’ve used, come ready out of the box to auto-connect to open Wi-Fi networks. Furthermore, as laptop sales continue to grow even beyond desktops, the use of open Wi-Fi is only going to grow along with it. Steal this Wi-Fi connection! When you steal something, there’s typically a victim. With Wi-Fi, Sophos thinks the ISPs are the victims. “Stealing WiFi Internet access may feel like a victimless crime, but it deprives ISPs of revenue,” according to Sophos’ senior technology consultant Graham Cluley. Furthermore, “if you’ve hopped onto your next door neighbors’ wireless broadband connection to illegally download movies and music from the ‘Net, chances are that you are also slowing down their Internet access and impacting on their download limit.” In Sophos’ view, then, both ISPs and everyday subscribers can be victims. In one fell swoop, “stealing WiFi” gets mentioned in the same breath as “illegally” downloading movies and music. The fact is, people join open WiFis for all manner of reasons: to check e-mail, surf the web, look up directions to some place, etc. Those don’t sound like nefarious activities, however, and certainly not activities which are likely to get someone in trouble. Of course if you run an open WAP (wireless access point) and it is heavily used for just e-mail, you could still hit your bandwidth cap (if you even have one), but that has to happen only once for that user to figure out what’s up, and fix the problem. And let’s be honest: it is their problem. No one forced that user to install a WAP or to leave it wide open. We’ll get back to this in a minute. The argument that using open WiFi networks deprives ISPs of significant revenue is also a red herring. Take the case of public WiFi hotspots: official hotspots aren’t that difficult to find in major cities—every public library in Chicago has open WiFi, for instance. Are the public libraries and the countless other free hotspot providers helping defraud ISPs? No, they’re not. There’s no law that using the Internet requires payment of a fee to an ISP, and the myriad public hotspots prove this. MN603 Wireless Networks & Security Page 4 of 6 Prepared by: Dr. Ammar Alazab Moderated by: Dr. Javed Ali Baloch August, 2017 Really, there’s only one time when you could argue that an ISP is being gypped, and that’s when someone is repeatedly using his neighbor’s open WiFi in lieu of paying for his own service. Is this really wrong? Let’s consider some parallel examples. If the man in question were given a key and told that he could enter his neighbor’s house whenever he wanted to use a PC to access the Internet, would this be wrong? Of course not. They key here (pun intended) is the “permission” given by the owner of the home. Our leeching friend would clearly be in the wrong if he were breaking into the house, of course, because he would be sidestepping something clearly set up to keep him out. If he has permission, I suppose one could argue that it’s still not right, but you won’t find a court that will punish such a person, nor will you find too many people thrilled at the idea that someone else can tell them who they can and can’t allow into their homes for what purposes. Some people leave their wireless access points wide open deliberately. A friend of mine and recent seminary graduate lived in a campus-owned apartment building. In addition to being a man of the cloth, Peter is a longtime Linux user and open-source advocate. While living here in Chicago, he got his DSL from Speakeasy and shared the connection with others in his building… and anyone else who needed a quick Internet fix (Speakeasy even encouraged this). He even positioned his router so that anyone in the church across the street could pick up a signal. Obviously, not everyone is like Peter. But despite easy-to-read instructions and a plethora of warnings about the need to secure your WAP, some people just can’t be bothered to enable the most basic security settings. To the person with a laptop and a sudden need to check e-mail or surf the web, it’s not possible to tell who is leaving their access points open deliberately and who just plain doesn’t care. The access point is there and the virtual doors are unlocked, so why not take advantage of it if you’re in need? A couple of caveats: be familiar with the law of the land. As the examples at the beginning of this story show, it’s illegal to access a WAP without permission—even if it’s wide open—in some places. Also, you should never use an open point for anything illegal or even unneighborly. Don’t log onto the first “linksys” WAP you see and fire up a torrent for your favorite, just-released Linux distro. And as always, don’t leave your own 802.11b/g/n router wide open unless you’re comfortable with random surfers using your ‘Net access for their own purposes. Answer the following questions based on the above case study. Q1) Analyse the types of computer security risks in this case study. Explain them in detail in the context of case study Q2) In above case study: “In one fell swoop, “stealing WiFi” gets mentioned in the same breath as “illegally” downloading movies and music.” a. Is it ever ethical to Wi-Fi piggyback? If so, under what conditions? b. What are the ethical issues you can think of in this scenario, when someone steals Wi-Fi connection? Q3) One of the protective solution in the case study is “don’t leave your own 802.11b/g/n router wide open unless you’re comfortable with random surfers using your ‘Net access for their own purposes’.” a. What are the other prevention techniques that can be used from WiFi hacking? Q4) Identify and explain two techniques in the above case study that the hackers use to steal Wi-Fi connection. MN603 Wireless Networks & Security Page 5 of 6 Prepared by: Dr. Ammar Alazab Moderated by: Dr. Javed Ali Baloch August, 2017 Marking criteria: Note: Marks are allocated as indicated on each question, taking the following aspects into account: Section to be included in the report and demonstration Description of the section Marks Install/ deploy/ evaluate Install/deploy/ evaluate two or three depending on group size Wireless Security Tool of your choice. 10 Explanation Detailed explanation of each tool used supported by evidence(s) of your own usage. You can augment your explanation with information from online sources. Explain the use of your selected tools techniques to secure and/or manage WLAN 10 Implementation To obtain full marks, student group needs to implement 2/3 wireless security tools. Include screenshots (as an evidence that you actually implemented the technique) and detailed explanation in the report of the working mechanism (the step by step process) of the identified technique including installation. 10 Lab demonstration/ viva voce Students need to demonstrate their work in Lab 11. Demonstration will include viva voce (oral test) questions as well. 20 Report structure and report presentation The report must contain several screenshots along with explanation of screenshot as evidence of tools implementation. A short introduction for the tool must also be included 10 Section 2: Case Study Q1) Analyse the types of computer security risks in this case study. Explain them in detail from the case study context. Q2) a. Is it ever ethical to Wi-Fi piggyback? If so, under what conditions? b. What are the ethical issues you can think of in this scenario, when someone steals Wi-Fi connection? Q3) What are other prevention techniques that can be used from WiFi hacking? Q4) Identify two techniques that hackers are using to steal Wi-Fi connection in above case. Explain them in detail in context with the case study. 10 15 5 5 Reference style Follow IEEE reference style 5 Total 100 MN603 Wireless Networks & Security Page 6 of 6 Prepared by: Dr. Ammar Alazab Moderated by: Dr. Javed Ali Baloch August, 2017 Marking Rubric for Assignment #2: Total Marks 100 Grade
Mark HD 80%+ D 70%-79% CR 60%-69% P 50%-59% Fail < 50% Excellent Very Good Good Satisfactory Unsatisfactory Install /deploy/ evaluate Logic is clear and easy to follow with strong arguments Consistency logical and convincing Mostly consistent and convincing Adequate cohesion and conviction Argument is confused and disjointed Explanation All elements are present and well integrated. Components present with good cohesion Components present and mostly well integrated Most components present Lacks structure. Implementation All elements are present and very well Implemented. Components present with good cohesive Components present and mostly well integrated Most components present Proposal lacks structure. Lab demonstration/ The presented solution demonstrated an extreme degree of sophistication and effectivity to secure WLAN The presented solution demonstrated a high degree of sophistication and effectivity to secure and/or manage WLAN The presented solution demonstrated an average degree of sophistication and effectivity to secure and/or manage WLAN The presented solution demonstrated a low degree of sophistication and effectivity to secure and/or manage WLAN The presented solution demonstrated a poor degree of sophistication and effectivity to secure and/or manage WLAN. Reference style Clear styles with excellent source of references. Clear referencing/ style Generally good referencing/style Unclear referencing/style Lacks consistency with many errors Report structure and report presentation Proper writing. Professionally presented Properly written, with some minor deficiencies Mostly good, but some structure or presentation problems Acceptable presentation Poor structure, careless presentation

Leave a Reply

Your email address will not be published. Required fields are marked *