Projects

Ethics Study 1

Goal

The goal of this assignment is to learn about the Morris Internet worm, how it worked, and the greater impact the attack had on the Internet.

Description

Due: February 5, 2019, At the beginning of class.

Grade: 100 points

The Morris worm was one of the first self-propagating attacks to hit the Internet and started a deeper conversation about network security. While the attack was simple and caused relatively little damage compared to more recent attacks, it highlights a change in perspective from considering network entities as trusted to potentially malicious.

For this assignment, read the assigned text here and complete the provided worksheet here.

Submission Instructions

Students must turn in an electronic copy of the completed worksheet on Blackboard. It is recommended that students bring a printed copy to class as well and come prepared to discuss your answers with the rest of the class.

Ethics Study 2

Goal

The goal of this assignment is to learn about the Equifax data breach and how Apache Struts was used to compromise their systems.

Description

Due: March 12, 2019, At the beginning of class.

Grade: 100 points

The Equifax data breach was one of the biggest losses of personal financial data in the 21st century. The aftermath of the attack revealed that, like many attacks before, this particular attack was caused by unpatched vulnerabilities and could have been prevented. This study highlights why best practices in computer security can be extremely important.

For this assignment, read the assigned text at the following links:

After reading, complete the provided worksheet here.

Submission Instructions

Students must turn in an electronic copy of the completed worksheet on Blackboard. It is recommended that students bring a printed copy to class as well and come prepared to discuss your answers with the rest of the class.

Project Topics

Goal

The goal of this assignment is to identify three possible topics for the semester project and to select one for the term project.

Description

Due: March 12, 2019, At the beginning of class.

Grade: 10 points

Each student (or pair of students if the project is to be a joint effort) will submit a write-up of three potential project topics. The chosen topic must not be one that is covered in class. Students may choose from the following three options:

  • Identify a vulnerable application that is used in practice and develop an exploit that can be demonstrated for the class in a virtual environment. Students may consider vulnerabilities posted on CVE List or other source of public vulnerabilities.
  • Develop a tutorial for using a security tool that was not covered in class.
  • Develop an in-class lab exercise for future offerings of the course.
For each topic, please write a sentence or two answering the following questions:
  • What is the proposed vulnerability/tool/topic?
  • Where would the vulnerability/tool/topic be applicable in the real world?
  • Generally, how do you plan to reach your goal?

After the topic ideas are submitted, I will help each group select one of the submitted ideas for their course project, or will help them find an appropriate topic if none of the selected options meet the requirements above.

Submission Instructions

Students must turn in an electronic copy of their topic idea write-ups on Blackboard. No printed submission is necessary.

Course Project

Goal

The goal of this assignment is to perform an independent study of a topic outside of class and present the results in a culminating write-up and presentation.

Description

Due: April 23, 2019, in class. Final write-up due at the final exam.

Grade: 30 points (presentation) 60 points (write-up)

Each student (or pair of students if the project is to be a joint effort) will develop a demo, write-up, and 10-minute presentation documenting their chosen topic, motivating its real-world impact, and demonstrating its exploitation or use. For each topic, the final write up should be composed of the following pieces:

  • An introduction of the topic
  • A background section covering the vulnerable application(s) or motivation for the importance of the topic
  • A step-by-step description of their demonstrated attack or tutorial
  • A section describing the real-world appearance of the vulnerability or demonstrated tool as well as what precautions could be taken to mitigate any related attacks.

The write-up should be formatted with one inch margins on all sides, 10 pt. font, 5 pages, with at least 15 different sources cited. I will grade both the presentation and write-up on clarity of communication, completeness of topic examination, and correctness.

Submission Instructions

Students must turn in a slide deck and demo files on Blackboard on April 23 and and electronic write-up on Blackboard before the final exam.

Ethics Study 3

Goal

The goal of this assignment is to learn about Firesheep and the collection of authentication tokens on open networks.

Description

Due: March 26, 2019, At the beginning of class.

Grade: 100 points

While the Morris worm demonstrated that network endpoints may be malicious, for many years after the intermediate network connections were treated as relatively secure. The development of Firesheep for collecting authentication cookies highlighted the need for encryption on all web traffic, and started an overall shift in industry stances on encryption from an inefficient addition to a required component of any website.

For this assignment, read the assigned text at the following links:

After reading, complete the provided worksheet here.

Submission Instructions

Students must turn in an electronic copy of the completed worksheet on Blackboard. It is recommended that students bring a printed copy to class as well and come prepared to discuss your answers with the rest of the class.

Ethics Study 4

Goal

The goal of this assignment is to learn about WannaCry and other variants of ransomware.

Description

Due: April 09, 2019, At the beginning of class.

Grade: 100 points

Ransomware represents a vastly different approach to cybercrime than has ever been encountered in the past, with entire service economies developing around the payment of ransoms in anonymous currency. WannaCry in particular was a devastating example of this type of malware, and had severe collateral impact on a variety of different Internet-connected infrastructure.

For this assignment, read the assigned text here and complete the provided worksheet here.

Submission Instructions

Students must turn in an electronic copy of the completed worksheet on Blackboard. It is recommended that students bring a printed copy to class as well and come prepared to discuss your answers with the rest of the class.

Ethics Study 5

Goal

The goal of this assignment is to learn about the Target data breach and the importance of physical security.

Description

Due: April 23, 2019, At the beginning of class.

Grade: 100 points

While many of the attacks studied in this course and executed daily take place remotely, the Target data breach demonstrated the importance of security systems that may not be directly accessible from the Internet. It also demonstrates the power of social engineering in exploiting the human element of an IT system.

For this assignment, read the assigned text here and complete the provided worksheet here.

Submission Instructions

Students must turn in an electronic copy of the completed worksheet on Blackboard. It is recommended that students bring a printed copy to class as well and come prepared to discuss your answers with the rest of the class.