3809ICT Assignment Specification
Due Time: 23:59, 19th June 2021
Weighting: 50% (Report 40%, Reflection/Peer-Review 10%)
This assignment is worth 50% of the total assessment for the course. It is designed for a group of four students. While a group of three is also acceptable, groups of two require strong justifications and are highly discouraged. A group of two or individual attempts may be accepted only in exceptional cases and upon pre- approval by the course convenor. You have already been assigned to a group. To check your group, please go to Learning@Griffith -> My Groups -> 3809ICT Assignment. You will be assessed on this assignment from that group.
The objective of this assignment is to gain knowledge and understanding of penetration testing through research and practical experience. This understanding is to be demonstrated by the submission of a formal technical report of a penetration test.
You are also required to peer-assess your final submission and reflect on your assignment and how each member of your group has contributed to the final submission. This gives you the opportunity to show an ongoing reflection of what you and your team members have learned from this assignment, and also on what you need to enhance your knowledge and skills on security and penetration testing. Each member of the team should be awarded a mark out of 10 for peer assessment. This will be submitted as a separate assignment. Your group is encouraged to keep a working log and keep all your communication history in case there is a dispute on the peer assessment.
Task
The main task is to conduct a penetration test of a network. You will be required to write a report of your penetration test results. The assignment network will contain several host machines, and on the machines, there will be flags (text strings) that you will need to identify. Each flag starts with the characters FLAG. For each of the flags you locate, you should write up the process that you used to access and find the flag.
You are to access the penetration test network through your Kali virtual machine on the Griffith Cyber Range on the second network interface. The test network is 10.20.30.0/24. Targets are hosts with IP addresses in the range 10.20.30.21 – 10.20.30.254. IP addresses below .21 are your group peers, so do not attack.
Submission
Please submit your assignment via the 3809ICT Learning@Griffith website under the Assessment section. A separate link is there for you to upload peer review forms.
The quality of the presentation of a formal technical report is as important as the quality of the technical content of the report in the profession.
Please submit your assignment on the Learning@Griffith website under the Assessment section. The submission involves two documents:
• Each group leader should submit a group report via the “Assignment Report” link. (Please note only the group leader needs to submit this report. Please avoid submissions from other group members.)
• Every student should submit an individual reflection/peer-review document. (Make sure you submit the correct assessment items to the corresponding submission links).
Your assignment will be assessed on:
1. The text of both documents should be in 12-point Times New Roman or 11-
point Arial font or something equivalent, and in single line spacing.
2. Page size is A4 with 2cm in margins on all sides.
3. The body text of your group report should be no more than 10 pages in
length, excluding appendices.
4. The group report is suggested to be organised with cover page, executive
summary within one page, declaration of contributions of each of your group members (within one page), table of contents, body text, and appendices. The presentation and format of your report is worth 2 marks.
5. The body text consists of your overall analysis (open ports, associated services, operating system) of each host and network map of the network (4 marks), description of how each flag was found and obtained (30 marks, 2 marks per flag), and recommendations on how to protect the network against the attacks (4 marks).
6. The peer-review document should include the contributions of your group members from your point of view. You should give each of the group member a grade out of 10. Your self-review is worth 3 marks, and the reviews you get are worth 7 marks.
Academic Integrity
Violation of academic integrity is not acceptable, and the university’s academic integrity policies and procedures apply. If potential academic misconducts were identified, the course convenor would investigate through oral exams on the assignment work to all group members. Serious academic misconducts (e.g., purchasing a report or directly copying from the Internet with no proper reference) will result in a 0 mark in this assessment item.