FIT3031: Information and Network Security Assignment Summer B Semester 2019Submission Guidelines Deadline: Assignment is due on Friday 25th January 2019, 11:55 PM. Submission Files:1. A report in PDF file format. On various text editor software you can use ”Save as PDF”option or use free converters to convert your file to PDF.2. A python file for password management.3. A python file for dictionary attack on SSH.4. An imn file containing the configuration for Core Network Emulator.Notes:1. Do not submit a compression of multiple files. Such submissions may risk losing partial orcomplete assignment marks.2. A handwritten document is not acceptable and will not be marked even if converted andsubmitted electronically. Submission Platform: Electronic submission via Moodle. Filename Format: Name your files for different assignment tasks as follows,1. report SID.pdf2. mypass SID.py3. jtrssh SID.py4. core SID.imnwhere SID is your Student ID.Note: You must strictly follow the provided file name format or penalties will apply. Python Code Version: The python code must be written in version 3. Late Submission Policy: Submit a special consideration form (available on moodle) to formallyrequest a late submission. Late Submission Penalty: A late submitted assignment without prior approval will receive alate penalty of 20% deduction per day (including Saturday and Sunday) or part thereof, after thedue date and time. Plagiarism: It is an academic requirement that your submitted work be original. Zero marks willbe awarded for the whole submission if there is any evidence of copying, collaboration, pastingfrom websites, or copying from textbooks.Note: Plagiarism policy applies to all assessments. IT Use Policy: Your submission must comply with Monash University’s IT Use Policy.Marks This assignment is worth 20% of the total unit marks. The assignment is marked out of 100 nominal marks. For example if you obtain 60 marks for this assignment, it will contribute 60100 × 20 = 12 marks toyour final unit grade.1FIT3031: Information and Network Security Assignment Summer B Semester 20191. [20 Marks] Joe is using the following algorithm to generate RSA keys.import gmpy2 as gmpfrom gmpy2 import mpzdef rsa_keygen (N):’’’To generate RSA key pairof size N bits ’’’UB = 2**( N // 2) - 1LB = 2**(( N // 2) - 1)status = Truep = rand_n (LB , UB)p = gmp . next_prime (p)q = gmp . next_prime (p)e = mpz (65537)n = mpz (p * q)phi_n = mpz ((p - 1) * (q - 1) )if gmp . gcd (e, phi_n ) == 1:d = gmp . invert (e, phi_n )else :status = Falsed = -1return status , n, e, dSince you have done Information and Network Security subject in your undergraduate degree, theCIO of the company you are currently employed at asks you to analyse the security of Joe’salgorithm. To assist you in this task Joe has provided a sample public key generated using hismethod and an encrypted message. You can download these values from moddle under ”MyAssessment” section named ”Download Individual Sample of Public Key and Ciphertext”. If youfind Joe’s algorithm to be secure then you must justify it by explaining the difficulty of recoveringthe plaintext from the ciphertext and the knowledge of public key. If you find Joe’s algorithm tobe vulnerable then you must first explain how you can recover the plaintext from the ciphertextand the provided public key. You must then include the recovered plaintext in your report.If you are able to factor the modulus as well then you must include the factors (p and q) as well asthe private exponent d.Note: The rand n() function generates a random mpz number between lower and upper bounds.You can assume that this function is secure or in other words the security of this function is notthe focus of this task. You can implement rand n() function if you wish to run the given codehowever that is not required to be able to answer this question.2. [20 Marks] Write a simple personal password management application with python. Use theprovided Virtual Machine for Lab exercises to test your code as it comes with pyca libraryinstalled. The application must have the following command line options (you can use argparse): -add followed by a name to add a password under the given name -show followed by a name to show a previously added password under the given name onstandard output (without newline) -update followed by a name to update a previously added password under the given nameThe provided name with -add option must be used as a file name that will contain the encryptedpassword. You must use RSA public key algorithm to encrypt the passwords. Generate aself-signed X.509 certificate using openssl tool where the private key file is password protected.For simplicity hard code the default location to store the certificate and private key files as well asencrypted password files to be ~/.mypass directory (use os.path.expanduser(’~/.mypass/’) tomake the path absolute). You must use OAEP for padding. OAEP requires a hash function forthe padding for which use SHA1 to be compatible with openssl tool.To have a starting point, complete the following code:#!/ usr / bin / env python3from cryptography . hazmat . primitives import serializationfrom cryptography . hazmat . backends import default_backend2FIT3031: Information and Network Security Assignment Summer B Semester 2019from cryptography . hazmat . primitives import hashesfrom cryptography . hazmat . primitives . asymmetric import paddingimport getpassimport argparseimport osdef read_pubkey () :passdef read_prvkey () :passdef do_add ( pubkey , file , pass_to_store ) :passdef do_show ( prvkey , file ):passdef do_update (pubkey , file , pass_to_store ):passdef main () :passif __name__ == ’__main__ ’:main ()Note: You will only receive marks if your code functions correctly. Do not include the code in the report. Instead briefly explain the overall logic of the code aswell as individual functions. The explanation will receive 25% of the task’s marks and theremaining 75% will be awarded to a correctly implemented code. You do not need to submit your generated certificate as the code must work with any X.代做FIT3031作业、代写Python课程设计作业、代做Python编程作业、代写Network Security作业509certificate. Name the file mypass SID.py and submit via moodle. Replace SID with your student ID.Incorrectly named files will incur 5 penalty marks.3. [20 Marks] You need John the Ripper tool for this task which is installed on the preparedVirtual Machine for Lab exercises. For each of the following tasks, write down the steps,commands, and the rationale behind the steps in the report.(a) Use the tool to generate a new password list file using the jtr rules (the password listsupplied with the tool is stored in /usr/share/john/password.lst).(b) Use the generated password list in previous step and write a python program to perform adictionary attack on a SSH server. Do not include the code in the report but rather discussits logic.(c) User must be able to stop the execution.(d) The tool must have the following command line arguments -u to specify the username (required); -p to specify the password list file (required); -host to specify the target host (required); -port to specify the SSH service port number (optional, if not specified must default to22).(e) Discuss how dictionary attack on a local password file differs from an attack over the network(e.g. SSH) in terms of the time and other difficulties (from attacker’s point of view).(f) Describe at least three settings to protect SSH against dictionary attacks.Notes:3FIT3031: Information and Network Security Assignment Summer B Semester 2019 Use the paramiko library for python that provides the SSH protocol capability for pythonprograms. You can test your code to ssh to localhost. You may need to change somedefault settings of the ssh service to accelerate your dictionary attack (make the service lesssecure to test your attack). Discuss any changes you make to the configuration of ssh service(/etc/sshd config). The points discussed in the report receives 25% of the task mark and a correctlyimplemented code the remaining 75%. Name the file jtrssh SID.py and submit via moodle. Replace SID with your student ID. Incorrectly named files will incur 5 penalty marks.4. [40 Marks] For this task you will be using the Core Network Emulator. The required file isavailable on moodle under ”My Assessment” section named ”assignment core config.imn”. Theaforementioned file will be readable by the Core Netwrok Emulator. You must complete thefollowing tasks:(a) VPN tunnel between the branch office gateway and head office gateway of talos.com namedphoenix and griffin respectively. You must use the strongswan service that wraps theIKE and IPSec configuration in one package. This service is available under the Extensionsection of the configuration feature of the layer 3 nodes (i.e. routers, servers, etc.) Yourconfiguration must satisfy the following requirements: The VPN must provide confidentiality and must be in tunnel mode. You must use public key certificates (self-signed) for authentication of IPSec endpoints. You must use Fully Qualified Domain Name (FQDN) for end point identities (the DNSrecords are already defined as phoenix.talos.com and griffin.talos.com) The clients on either side must be able to access the servers on the other side throughthe VPN tunnel (e.g. client1Syd and clio, client1Mel and calliope) You must choose security parameters according to today’s security requirements.(b) Configure the firewall service on griffin using iptables to satisfy the followingrequirements: Allow servers in DMZ to be accessed from any machine anywhere but the access must belimited to the service provided by the server. The internal servers clio (providing web service) and thalia (providing FTP service)must only be accessible from local clients directly and from branch office through VPN. The internal clients and servers must be able to initiate connection to external networkhowever no external machine should be able to initiate a connection to internal clientsand servers. The gateway griffin must respond to ICMP protocol messages if coming from thetrusted sources (local clients, DMZ, internal servers, branch office gateway pheonix) The gateway griffin must be able to communicate with DNS server to resolve domainname queries and must be able to communicate with phoenix for VPN traffic. No other traffic must be allowed and this must be set as the default policy.(c) Configure the firewall service on phoenix using iptables to satisfy the followingrequirements: The internal server calliope (providing web service) must only be accessible from localclients directly and from branch office through VPN. The internal clients and servers must be able to initiate connection to external networkhowever no external machine should be able to initiate a connection to internal clientsand servers. The gateway phoenix must respond to ICMP protocol messages if coming from thetrusted sources (local clients, internal servers, branch office gateway phoenix) The gateway phoenix must be able to communicate with DNS server to resolve domainname queries and must be able to communicate with griffin for VPN traffic. No other traffic must be allowed and this must be set as the default policy.4FIT3031: Information and Network Security Assignment Summer B Semester 2019Briefly explain the security of your configuration and your choices of parameters and rules.Notes: Your configuration will be tested when marked by teaching staff and you will receive marksfor correct functionality according to aforementioned requirements. Make sure that allrequired configuration elements are included in the submission file. Make sure that you use the provided interface by core GUI to add your changes and savewhen finalised. If you close the core GUI interface without saving the changes you will loseall the changes as there is no auto-save setting. You do not need to include any screen shots or explain the configurations line by line. Itsuffices to explain the logic of configuration related to security parameters or best practices. The provided explanation in the report will receive 25% of the task marks and the remaining75% will be awarded to correct configuration. Name the final configuration file core SID.imn and submit via moodle. Replace SID withyour student ID. Incorrectly named files will incur 5 penalty marks.转自:http://ass.3daixie.com/2019012368012000.html
