Projekt
There will be five small projects and five short tests in this course. The projects are mandatory and the tests are voluntary.
Reports:
You should submit the reports electronically in pdf or word format and use the subject "EITN50" in the email that contains the report. Send it to ben.smeets.lu@analys.urkund.se
Grading of the project reports is done from two perspectives. One is "Ambition" and the other is "Presentation". Ambition refers to a combination of several things. One extreme is that you only write the bare essensence without much explanation. That can not give more than a "G" mark. You can improve your score by being more ambitious through either providing good arguments, and/or backup for your claims, have an orginal solution or try even related things. Or you are very precise in your work Combining these is also beneficial. Presentation grades how well the report is written. Sloppy reports are not accepted. If the presentation is minimal say just the description of the answers without much structering you will get a "G" mark. Having a contents with a well structured style will increase your grading. But there is also the aspect of time. You only have two chances to score "VG". The first time you submit the report and the second time you submit the report. You can always improve a "U" mark to a "G" mark until the final deadline currently set to 21/10.
Finally, the reports will be screened using "Urkund" for plagiarism (se:http://www.urkund.se/SE/om_urkund.asp).
Deadlines for the projects will be set as the course proceeds: consult Project assignments
IMPORTANT: Required additions/updates to the (any!) reports should be handed in latest 21/10.
Each group should send an email to Ben stating which people are in the group. A group should be two persons. Ben will return an email with the allocated group number.
Username to login is group number, e.g adsec01, password communicated on first lecture.
Labspace is available according to the schedule in TimeEdit and will use the rooms E:4116, E:4118 at the 4th floor of the E-building. Access via students access cards (requires that you are registered to the course so we can give you access).
There will be 5 shorts tests available via moodle.eit.lth.se. You need to signup in the moodle system to take these tests. If you pass all these tests you qualify for a grade 5 if your total project graded is 4.
Required additions/updates to the reports (thus for all projects) should be handed in latest Oct 21. Submit reports (pdf or word .doc format) to ben.smeets.lu@analys.urkund.se
Project |
Release date |
Planned Content | link to the assignment |
Deadline (at 23.59) |
Last update date |
1 | 3/9 | Data forensics: finding data on a disc image | Project1 | 15/9 | 11/9 |
2 | 10/9 | Forensics in Internet | Project2 | 29/9 | 20/9 |
3 | 17/9 |
IPSec experiments |
Project3 | 6/10 | 26/9 |
4 | 30/9 | Denial Of Service Attack | Project4 | 13/10 | |
5 | 1/10 | Software security | Project5 | 21/10 |
Christopher Jämthagen answers any questions regarding the projects during the following hours. Outside of these hours, he is available by e-mail. Note that the times may change.
Wednesdays: 10.00 -12.00 and 13.00 - 14.00.
Fridays: 09.30 - 11.30
Project 1: Data Forensics
The Project1 assignment that you can download from the following link project1. Below you find some additional information and last minute info.
WARNING: Be carefull when using the dd command on Unix machine when you create a flash drive from an image so that the target to write to is indeed the flash drive device and not your system or other disk. The dd will overwrite what it finds. Below you find more information on creating a bootable pendrive with the DeftLive image.
Last minute info: 2012-09-10: In the first released project 1 there is a typo in the table where "Number of heads" appears twice. The second time it should be "Cylinders per head". Reports that have been submitted before 2012-09-14 will be judged with this typo in consideration. The typo was corrected in the 2012-09-11 version.
Submission Instructions
Report of project 1 can be sent electronically (in pdf, word) or to ben.smeets.lu@analys.urkund.se .
Deadline: Saturday 15/9, h 23.59
Objective
The objective of this project is to get an insight how to analyse data obtained from an image data file. The problem includes learning to reconstruct from scratch the file structure, correct errors, and to extract data.You also meet different tools to extract data.
Things you need
Part 1: Evidence File
Latex Table for your report: latex_table.txt
Part 2: Image files: flash0.E01 (7.3MB) and flash1.E01 (39,7 MB)
For part 2, when you need to boot a live CD (USB), you might have to hit F12 (repeatedly) in the early stages of the boot process to get into the boot menu, where you are able to choose to boot from CD (USB). See the details in the project assignment
- USB (before you download the original pendrive image please read these instructions)
- LiveCD
Information Links
- FAT
- General information (Wikipedia)
- Fat12 description
-
Skinny on Fat
- FATFS
- Fat Whitepaper ( very detailed/not easy to understand)
- DEFT 6 manual or most recent from http://www.deftlinux.net/deft-manual/
Tools
WARNING: These are 32-bit executables that may require XP compatible mode to run properly.
Hex editors:
There are many hex editors that are good enough. Below you find one powerfull (but not free) and a simple one (free). Others will likely do the job as well.There are good hex editors on unix/Linux systems too.
WinHex editor trial version. (use this version as newer ones limited the number of saves)
HxD free hex editor (lacks functions of WinHex but free)
ZIP password recovery
Old program. The newer versions have restrictions.
Advanced ZIP Password Recovery (free/trial version)
Fat disc viewer
Fat disc image viewer (simple but usefull for checking that you got an image that works)
Results
Preliminary results on Project1 reports. Updated 2012-10-18
Project 2: Forensics in your PC and Internet
The Project2 assignment that you can download from the following link project 2.For Project 2 it is sufficient if you have different proxies and it is not necessary to have a Swedish and USA proxy to compare with.
Below you find some additional information and last minute info.
Last minute info:
- 2012-09-17: new version with correct link to disk duplicator.
- 2010-09-20: Corrections on Project2 assignment Q17 and Q22
Submission Instructions
Report of project 2 can be sent electronically (in pdf, word) or to ben.smeets.lu@analys.urkund.se .
Deadline: Saturday 29/9, h 23.59
Objective
The objective of this project is to get you a bit familiar with techniques and tools that can be used to recover information when working in networks and browsing the Internet. You may modify the assignments so they fit another operating system such Mac OS or Linux. In such a case you should explain how the corresponding information is handled in the OS of your choice.
Things you need
NMAP: http://nmap.org/download.html
Wireshark: http://www.wireshark.org/
Information Links
StrongVPN: http://strongvpn.com
Tor: https://www.torproject.org/projects/torbrowser.html.en
Results
Preliinary results of Project 2 reports are here. (Updated 2012-10-22)
IPsec configuration and test
The Project3 assignment that you can download from the following link project 3.
Below you find some additional information and last minute info.
Last minute info:
- 2012-09-24: Ignore Question 14 in Project3.
- 2012-09-26: In the Project 3 description there is a reference to the appendix on how to set up the config file for OpenSSL but there is nothing about it in the appendix. The following line makes it work on windows machines.
set OPENSSL_CONF=c:\[PATH TO YOUR OPENSSL DIRECTORY]\bin\openssl.cfg
Submission Instructions
Report of project 3 can be sent electronically (in pdf, or word) or to ben.smeets.lu@analys.urkund.se .
Deadline: Saturday 6/10, h 23.59
Objective
The objective of this project is to demonstrate how to configure a Roadwarrior scenario where a user uses a PC/laptop to connect with IPsec to a corporate network Gateway. You will learn how you can perform traffic analysis and how IPsec can pass a router with NAT (Network Address Translation). We also show how packet fragmentation can occur when securing a connection with IPsec
The VMware images can be downloaded to your home computer, although they constitute a hefty 16GB download.
In case you ruin the images on your C drive or the might become corrupted you can download fresh copies from http://distarchive.eit.lth.se/ssoa/ . Some files are several GB big so you need a rather good internet connection to fetch these files.
Things you need
Basically all is available on the lab computers but since they are shared by many the images in C:\adsec\SSL-IPSec can be come corrupted.
Information Links
For more info ipsec demos and examples see ipseclab.eit.lth.se
Results
Preliinary results of Project 3 reports are here. (Updated 2012-10-22)
DDOS Attacks
The Project4 assignment can be downloaded using the following link project 4.
Below you find some additional information and last minute info: 2012-10-09 In Project 4 skip the use of PRTG. We have problems to make it work in a good way. Instead use the Windows TaskManager to measure the network use.
Submission Instructions
Report of project 4 can be sent electronically (in pdf, or word) or to ben.smeets.lu@analys.urkund.se .
Deadline: Saturday 13/10, h 23.59
Objective
The objective of this project is to get insight in Denial-of-Service attacks. Three experiments have to be performed. This project is a unique apportunity, however the tools are potentially harmfull. Use this opportunity under responsibility. For the same reason, students that do this project are subject to a specific rule of conduct. See the Project assignment.
Things you need
After reading the project assignment your should read the lab manual that you find here: Lab manual
You should run this project in our lab with the reserved computers. You find all the materia there in the mounted drive S: (where \\homer\lab\adsec should be mounted).
NOTE 1: Because you may need at least 4 computers for the last experiment the number of groups that can work in parallel is limited. Again you can use the lab computers also outside the reserved slots but then only if no other course is just using them.
NOTE 2: If opening the VMWare images hangs, this might be because you are opening the files in a read-only directory. Copy the files to somewhere local, e.g., the Desktop, and try again.
Do not forget to configure your Apache with the correct port number when installing it. Otherwise you have to change in httpd.config file in C:\Program Files\Apache Software Foundation\Apache2.2\conf and restart Apache. Port number 8080 and 1337 are open in the firewall. we recommend you to use 8080 for the Apache web server.
Information Links
- Lab Manual
- Background Reading (Thanks Franz and Johan!)
- TCPView
Results
Preliinary results of Project 4 reports are here. (Updated 2012-10-15)
Software Security
The Project5 assignment can be downloaded using the following link project 5.
Below you find some additional information and last minute info: 2012-10-09 Play around first a bit the TAM tool so you know you can make it produce a different analysis output. After that make the changes you think are needed and as usual document and comment what you see.
Submission Instructions
Report of project 5 can be sent electronically (in pdf, or word) or to ben.smeets.lu@analys.urkund.se .
Deadline: Saturday 21/10, h 23.59
Objective
The objective of this project is to get insight in tools and procedures that can be used to approaches to improve the security of software.
Things you need
The project assignment document also includes the instructions to install the code on the lab computers.
Information Links
- TAM Video tutorial (needs windows machine)
Results
Preliinary results of Project 5 reports here (updated 2012-10-22)