Review the steps found in business process engineering. Review the lesson presentation and assigned readings. Post the step you think could be altered and explain why. Respond to the following and, if appropriate, include personal experiences as part of your answer:
• Briefly summarize the steps in business process engineering.
• Identify one step that you think can be altered and describe how you would change it.
• Explain your reasoning for the altering this step and how it would affect the end result of the business process.
(Optional) Use the Internet to research the airline industry. Select an airline company. Be sure to identify where its major activities fall within Porter's generic value chain.
Post at least two activities (processes) of the airline under the correct value chain activity below and justify why it belongs in that activity.
• Inbound Logistics (Primary Activity)
• Operations/Manufacturing (Primary Activity)
• Outbound Logistics (Primary Activity)
• Sales & Marketing (Primary Activity)
• Customer Service (Primary Activity)
• Procurement (Support Activity)
• Technology (Support Activity)
• Human Resources (Support Activity)
• Accounting & Finance (Support Activity)
Network Security
Due date:
Week 6, 14th April
ASSESSMENT
Weighting:
80%
1
Length:
N/A
Question 1 (5 marks)
Note: for this question, you need to download a PCAP file located in the course Moodle web site.
Peter is the Network Security Manager for a small spare parts business. The organisation uses an e-sales application to provide a front-end for its e-sales business. Customers are complaining that in the last two or three days the system has become very slow, taking them longer than normal to place their orders. This information has been corroborated by staff complaining that they are not happy with the slow response of the system to complete their daily activities. Peter suspects that the system has been the target of criminal hands and before he starts responding to the attack, he decides to investigate the issue a little further. First, he reviews the firewall logs and notices something abnormal in the type of traffic directed to a number of internal hosts including the organisation’s web server. Curious about this traffic, Peter uses Wireshark to capture a trace of the traffic. [A section of this trace can be accessed from the course Moodle web site].
Based on the above fictional scenario and the provided PCAP:
(a) Identify the anomaly in the traffic this organisation is going through (1/2 Mark). What sort of evidence do you have to make this claim? (1. 0 Marks).
(b) What sort of utility or tool do you think the “attacker” is using to conduct this attack? (1/2 mark)
(c) Provide the IP address of the host used by the perpetrator (1/2 Mark). Based on this information, what can you tell about the profile of this individual? Explain why (1.5 Marks).
(d) What Wireshark filter do you think Peter used to produce the given PCAP? Explain why (1 Mar ...
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Review the steps found in business process engineering. Review the.docx
1. Review the steps found in business process engineering. Review
the lesson presentation and assigned readings. Post the step you
think could be altered and explain why. Respond to the
following and, if appropriate, include personal experiences as
part of your answer:
• Briefly summarize the steps in business process engineering.
• Identify one step that you think can be altered and describe
how you would change it.
• Explain your reasoning for the altering this step and how it
would affect the end result of the business process.
(Optional) Use the Internet to research the airline industry.
Select an airline company. Be sure to identify where its major
activities fall within Porter's generic value chain.
Post at least two activities (processes) of the airline under the
correct value chain activity below and justify why it belongs in
that activity.
• Inbound Logistics (Primary Activity)
• Operations/Manufacturing (Primary Activity)
• Outbound Logistics (Primary Activity)
• Sales & Marketing (Primary Activity)
• Customer Service (Primary Activity)
• Procurement (Support Activity)
• Technology (Support Activity)
• Human Resources (Support Activity)
• Accounting & Finance (Support Activity)
Network Security
Due date:
Week 6, 14th April
ASSESSMENT
Weighting:
2. 80%
1
Length:
N/A
Question 1 (5 marks)
Note: for this question, you need to download a PCAP file
located in the course Moodle web site.
Peter is the Network Security Manager for a small spare parts
business. The organisation uses an e-sales application to
provide a front-end for its e-sales business. Customers are
complaining that in the last two or three days the system has
become very slow, taking them longer than normal to place their
orders. This information has been corroborated by staff
complaining that they are not happy with the slow response of
the system to complete their daily activities. Peter suspects that
the system has been the target of criminal hands and before he
starts responding to the attack, he decides to investigate the
issue a little further. First, he reviews the firewall logs and
notices something abnormal in the type of traffic directed to a
number of internal hosts including the organisation’s web
server. Curious about this traffic, Peter uses Wireshark to
capture a trace of the traffic. [A section of this trace can be
accessed from the course Moodle web site].
Based on the above fictional scenario and the provided PCAP:
(a) Identify the anomaly in the traffic this organisation is going
through (1/2 Mark). What sort of evidence do you have to make
this claim? (1. 0 Marks).
(b) What sort of utility or tool do you think the “attacker” is
using to conduct this attack? (1/2 mark)
(c) Provide the IP address of the host used by the perpetrator
(1/2 Mark). Based on this information, what can you tell about
3. the profile of this individual? Explain why (1.5 Marks).
(d) What Wireshark filter do you think Peter used to produce
the given PCAP? Explain why (1 Mark).
(Note: One to three lines for each answer is sufficient length to
get full marks)
Question 2 (10 marks)
You are the system’s administrator of Reliable Power Supplies
(RPS), a medium sized company that builds UPSs and switched
power supplies for the computing industry. Your task is the
analysis, design and configuration of a Firewall System that
secures the inbound and outbound traffic at RPS. After
conducting the needs analysis you have a clear picture of the
type of firewall system that best suits RPS.
In the internal network, there is a special host
(192.168.1.253/28) running an application that would be
disastrous if it was compromised. Therefore for your design,
you opt for a dual firewall system that you believe is the best
option for this specific case. You also go for a demilitarized
zone (Network Address 10.0.0.0/24) containing the e-mail
(10.0.0.20/24) and Web services (10.0.0.30/24) of the company.
Apart from providing NAT services and Packet Filtering, the
first firewall (part of the dual configuration) acts as a Web and
FTP Proxy server. This first firewall is connected to the Internet
via 200.27.27.10/25 and to the DMZ via 10.0.0.10/24.
The second firewall is used to filter traffic between the internal
network and the DMZ. It is connected via 10.0.0.254/24 to the
DMZ and via 192.168.1.254/28 to the internal network.
The internal network address is 192.168.1.240/28.
The security policy requirements used to configure the firewalls
4. are outlined as follows.
RPS Web server contains public information including a product
catalogue that is accessible to Internet users and it also provides
secure online purchasing functionality using SSL/TLS. The
internal users are also allowed to access all RPS WWW
services; however they are allowed to access Internet WWW and
FTP services only via the proxy located on the first firewall via
port 3028.
As mentioned, the internal network has a special host
(192.168.1.253/28) which has complete access to any host and
any services without using proxy services configured in the first
firewall system. The remaining internal hosts must go via proxy
on first firewall.
The security policy requirements also dictate the e-mail server
to receive from and send messages to hosts on the Internet and
the internal users; however these internal users are to retrieve
their messages via IMAP.
Any other service which is not explicitly outlined in the
security policy should be restricted from RPS network.
Your tasks:
A. Provide a network layout (network diagram) showing all the
components of RPS network including both firewalls, the email
and web servers, the DMZ, and all the internal hosts (Note that
you should draw all the internal hosts. The number of internal
hosts can be found from the internal network address given
above). Ensure you label all hosts (servers, internal computers
and firewalls) with appropriate names and write the IP
addresses for each network interface.
5. Marking (4 Marks):
2.0 Marks for including all components of the network
2.0 Marks for labeling all hosts with names and respective IP
addresses
B. You are required to develop two sets of rules for the dual
firewall. One will process traffic travelling between the
Internet to the DMZ and Intranet. The other will process traffic
travelling between the Intranet and the DMZ. You need to also
explain what each rule does. You should complete the following
four (4) tables, adding rows where necessary.
Table 1 Internet Rules (Firewall 1)
Rule
Protocol
Transport protocol
Source IP
Source Port
Destination IP
Destination Port
Action
1
2
6. 3
Table 2 Internet Rules Explanations (Firewall 1)
Rule Number
Explanation
1
2
3
Table 3 Intranet / DMZ rules (Firewall 2)
Rule
Protocol
Transport protocol
Source IP
Source Port
Destination IP
Destination Port
Action
1
8. 1.5 Marks for meeting the requirements of the Internet rules
1.5 Marks for the descriptions of the Internet rules
1.5 Marks for meeting the requirements of the Intranet/DMZ
rules
1.5 Marks for the descriptions of the Intranet/DMZ rules
Question 3 (10 marks)
DNS and ARP poisoning attacks are similar; however there are
fundamental differences between the two. You are to research
these specific differences contrasting the way the attacks are
conducted and some of the countermeasures available. Ensure
you use at least three in-text academic references to contrast
these attacks (include neither your textbook nor Wikipedia in
these references. Failure to do so may not give you marks).
Remember that you are not to repeat in your research what DNS
and ARP poisoning attacks are. We already know that from our
discussions in class. In writing about the differences between
the two types of attacks, contrast for example the complexity of
the attacks (which one is easy to conduct and why), the impact
(consequences) of the attacks, which one is more common and
the different mechanisms available to counter the attacks. Write
no more than 300 words (about a page including in-text
references).
Marking (10 Marks):
2.5 Marks for contrasting the complexity of the two type of
attacks
2.5 Marks for contrasting the impact (consequences) of the
attacks
2.5 Marks for contrasting the countermeasures
2.5 Marks for the format of the writing (referencing, grammar
9. and structure)
Question 4: [10 marks]
The use of client-side scripting languages like JavaScript has
been crucial in the development of the semantic web. However,
in terms of security, it has also given the opportunity to
computer criminals to conduct a wide range of cross-site
scripting attacks. Historically, the Same Origin Policy has been
one of the many mechanisms introduced to counteract this
problem. With this policy in place, scripts are allowed to run on
webpages only when they originate from the same source or
site. This means that for documents or webpages to be
retrievable, they have to belong to the same origin: same
scheme or application layer protocol, same host or server and
same port of a URL. Despite of its good intention, the SOP is
seen as a nuisance by web developers. The claim is that the SOP
is too restrictive and inflexible affecting the introduction of
creative and innovate applications. In order to alleviate this
problem, the World Wide Web Consortium (W3C) introduced
the Cross-Origin Resource Sharing (CORS) as a mechanism to
relax the SOP policy.
Based on this background information and your personal
research, please address the following issues associated with the
SOP and CORS policies.
a) Using the CQU domain (www.cqu.edu.au) explain and
provide your own illustrative example of how the SOP policy
works
b) Assume that in the CQU server you have an html page
(your_homePage.html) identified by the URL:
www.cqu.edu.au/your_homePage.html
Provide two examples of URLs (web links) found in
10. your_homePage.html for which the retrieval of the documents is
allowed. Similarly, provide two examples of URLs (web links)
in your_homePage.html for which the retrieval of the documents
is denied. Use the following table to provide the URLs and give
the reasons for the outcome of the retrieval of the pages.
Your examples (URLs)
Retrieval Allow/Deny
Explain the reason
Allow
Allow
Deny
Deny
c) In your own words explain the concept behind the CORS
policy
d) Using the two examples given above where the retrieval of
the pages was denied, explain the interaction on how the access
would be enabled using CORS. Make sure that in describing the
interaction the Origin and the Access-Control-Allow-Origin are
used in the HTTP headers.Marking Criteria
a) 2 marks (1 mark correct explanation, 1 mark example)
b) 2 marks (½ mark for each correct table entry and correct
explanation )
c) 2 marks (allocated based on quality and correctness)
d) 4 mark (2 marks for each interaction example)
11. Question 5: (5 marks)
In this hypothetical case study, you should use the Internet to
assist you in developing responses to three questions. Use of
the text only is not sufficient to attract full marks.
SafeBank recently received a series of reports from customers
concerning security breaches in online banking. Customers
reported having money transferred from their accounts, usually
after they have found that their password has changed. A full
security audit revealed that the money transfers and changes to
user passwords all originated from an Eastern European country
on servers within the domain of crazyhackers.com – however –
the question remained: how did the hackers undertake the
attack?
Given that legitimate account numbers and passwords were
used, it was initially assumed that it could be some form of
phishing attack. However, no evidence of such emails was
found. The only commonality between the victims was that
they all used the same ISP.
You are required to answer the following questions. Please
reference all sources – do not copy directly from sources.
A. Based on the information provided, what type of attack has
been performed? Justify your answer.
Hint: In order to capture account numbers and passwords, how
would a hacker “redirect” users to their servers instead of
SafeBank’s?
B. Describe in detail how the attack occurred – you may wish to
12. include one or more diagrams. You will need to make
assumptions about host names, domains and IP addresses –
document these. You need not concern yourself with the
technical details of the capture and reuse of SafeBank’s
customer details (eg. Fake web sites/malware) – you are
documenting how it was possible from a network perspective.
C. What steps would you advise to prevent such attacks? What
limitations does this form of attack have?
Hint: Would this attack only have to be performed
once?Marking Criteria
Part A – 1 Mark (½ mark correct identification, ½ mark
justification)
Part B – 2 Marks (variable on quality, correctness)
Part C – 1 Mark (1 mark correct prevention, 1 mark Limitations)
Page 1 of 6