Vulnerability Analyses & Finding Weaknesses in Defenses – IT Computer Science Assignment Help

Assignment Task

Task 

Assignmen Helpful Guidelines

Objective: Do an offensive security assessment.

Example – In this case we will consider the scenario of a house and the vulnerability assessment done by a potential burglar before executing a theft for monetary gains. From an assignment standpoint – the house is equivalent to the target “organization”, burglar is equivalent to “hacker” or the “hacker group”, and theft is equivalent to the “exploit”. Resulting monetary gains are equivalent to the affected (or stolen) “assets”. 
The description of the target (this is equivalent to the context briefing) – A three (3) level house on VeryRich Street, owned by an antique dealer, who lives by himself. It is the last house on the block and is secured from 3 sides. An armed security guard is watching the front gate 24 x 7. CCTV cameras are monitoring the site.

Goal: Example; Steal valuables, without raising an alarm (stealth).

Vulnerability Analysis (finding weaknesses in defenses): Examples (a to d, below)
a) Fences (probing for weakness).
b) Security guards (process gaps such as – is the background check done, or is the post unmanned when the guard takes a break?)
c) CCTV cameras (malfunctioning or powered-off).
d) Support staff entry procedures.

1. Type of Assets – Antiques/money.
2. Approach points – Mapping the attack surface. Possible logical, physical entry points. For example; authorized / unauthorized entry (in the example).
3. Goal (Motivation) – Money 
4. List the impacts of your chosen security breach on the organization (i.e; financial costs, brand distortion, impact on employees) – Lack of trust in the dealer/ reputation. Monetary loss. Societal loss.
5. Identify a hacker or hacking group that could possibly be associated with this form of attack – Possible culprits.
6. Describe an example of where a similar approach has been used in a similar context. – Example of such an exploit/stealth elsewhere in the world.
Execution Plan – How will a vulnerability or a combination of vulnerabilities result in a successful compromise? 

A purely hypothetical and a simplified execution scenario below (containing the stages of attack):

1. Passive Reconnaissance: Observe the house and gather information.

2. Active Reconnaissance: Access the facility/house by posing as a support staff and mapping the entry/exit points. Identify the type and location of the safe/vault room. Result: Vaults are not electronic and it is possible to override the vaults manually by a trained locksmith. The CCTV cameras are Wifi enabled.

3. One of the burglars from the attack team (equivalent to cyber-attack group), posing as computer technician (social engineering), enters the premises and connects a Wifi device to the CCTV monitoring system (breach the perimeter). This in turn allows him to control the CCTVs remotely (command and control).

4. The attack team members befriend the security guard and gain information about the merchandise movement from warehouse to the dealer’s house. (social engineering)

5. The computer technician overrides the CCTV monitoring system and start relaying a false feed (technical exploit), while another team member distracts the security guard (social engineering). 

6. 2 Team members from the attack team, posing as delivery drivers from the antique warehouse, enter the dealer’s home in a delivery van that looks exactly like the one used by the dealer’s trusted contractors (social engineering, spoofing, Stroop effect). One of the crew personnel is a trained locksmith and uses his skills to manually override locks. 

7. The stolen merchandise is loaded and the truck leaves the premises (exploit successful). The CCTV is unable to capture any of this because it has been overridden by the computer technician (maintain stealth).

Execution Plan: Clearly specify all the steps (technical or non-technical) executed to exploit the vulnerability. All the assumptions, must be specified. All the resources – personnel, hardware, software. (Must read and address all the points in the assignment description on LMS).

This IT Computer Science Assignment has been solved by our IT Computer Science Expert at TV Assignment Help. Our Assignment Writing Experts are efficient to provide a fresh solution to this question. We are serving more than 10000+ Students in Australia, UK & US by helping them to score HD in their academics. Our Experts are well trained to follow all marking rubrics & referencing Style. Be it a used or new solution, the quality of the work submitted by our assignment experts remains unhampered. 

You may continue to expect the same or even better quality with the used and new assignment solution files respectively. There’s one thing to be noticed that you could choose one between the two and acquire an HD either way. You could choose a new assignment solution file to get yourself an exclusive, plagiarism (with free Turn tin file), expert quality assignment or order an old solution file that was considered worthy of the highest distinction.