COIT20246 ICT Services Management Weekly Tutorials

Week 05 Tutorial Activities

Internet Applications

Aim to complete Tasks 1 to 4 during the tutorial, and have all tasks completed before your next tutorial.

Task 1. Complete the Knowledge Test [10 min]

Complete the Knowledge Test for this week within the first 10 minutes of class.

Task 2. Create Web Pages in OpenWRT [30 min]

Your OpenWRT Linux server already has an example web page accessible via:

The files served by the web server are in the directory:

Make the following changes:

a) Copy the index.html file to a new HTML file named by your student ID, e.g., 12345678.html. b) Add a link in index.html to the new HTML file.

c) Edit the new file to include your details (e.g., name, ID), to display the date/time when a button is clicked, and to use a new CSS file

d) Create and edit the CSS file to change the color of some text.

The result will be three files in (the file names will include your student ID and the CSS can be named anything). An example of the web page is below.

Help with HTML, CSS and JS:

• CSS font color:

• External CSS file:

• Date and time button:

You can either create/edit the files on your computer and use FileZilla to copy to OpenWRT, or you can edit the files directly in OpenWRT. To edit in OpenWRT, consider the following commands:

Change into the /srv/www directory, list the files, copy a file and edit a file with the nano text editor:

cd /srv/www

cp index.html 1234568.html

nano 12345678.html

In nano, use Ctrl-O to save and Ctrl-X to exit. Include all of your files in your journal.

In your journal:

• Upload the files created/edited, e.g., index.html, 12345678.html, and mystyle.css (the file names will include your student ID and the CSS can be named anything).

• Screenshot of the web browser after the “Show date and time” button is pressed. The screenshot should clearly show your name.

Task 3. Capture HTTP Packets [20 min]

On the OpenWRT Linux server, start a packet capture with tcpdump as follows:

Change into your home directory:

Start the packet capture, ignoring any SSH (port 22) packets (name the .pcap file based on your student ID): tcpdump -i eth0 -n -w http-12345678.pcap ‘not tcp port 22’

Now in Windows, open a new browser window in private/incognito mode, then do the following:

a) Click on the link to visit your new HTML page

b) Click on the button to show date/time

c) Click on the button to show date/time again

Return to OpenWRT and stop the capture by pressing Ctrl-C. You should see a summary such as “X packets captured … 0 packets dropped by the kernel”.

Use PowerShell to view the ARP Table for your primary physical interface (network adapter) on your computer. Communicate with other devices on your LAN (e.g. ping other computers, access websites) and then monitor how the ARP Table changes. Which devices are “Reachable” by your computer?

In your journal:

• HTTP packet capture file (.pcap)

• Screenshot (or copy-and-paste) of the ARP Table

Task 4. Analyze HTTP Packet Capture [40 min]

Open the HTTP packet capture file in Wireshark and analyze the packets.

First, focus on the HTTP packets only by filtering for http:

a) For each HTTP request/response, provide a short explanation of: what triggered the request, what was requested and what was the response. For example: “The user clicked on the link … which caused the browser to send a HTTP Request for /page.html. The server did not have that page so responded with … “.

b) For the first HTTP request/response, list the five (5) address values that identify the host, transport protocol and application.

c) When you clicked on the button to show the date and time, did your browser send a request to the web server? Why or why not?

d) One of the HTTP request/responses was for your newly created web page (e.g., 12345678.html). Draw a packet diagram for the request, and include the following information:

– Size, in Bytes, of each header and of the entire HTTP request

– Addresses included in each header and/or HTTP request

e) For the HTTP request from part (d), what is the value of the referrer? What does it identify? How can web servers use this information?

f) For the HTTP request from part (d), what information did the server learn about the web browser (e.g., name, version)?

Now remove the “http” filter so that all captured packets are shown.

g) What version of HTTP is used and what transport protocol is used?

h) A connection-oriented service involves setting up a connection before any data transfer, as well as acknowledgements that are used to provide reliability. Identify the packets involved in connection setup (e.g., the packet numbers). How long did it take between the start of connection setup and the data transfer starting?

i) Identify the acknowledgements. When is an acknowledgement

typically sent? In your journal:

• Answers to questions a) to i) above. Make sure you refer to specific values from your capture (e.g. packet numbers, times).

• Packet diagram of a HTTP request for part d), including PNG export and .draw io file.

Task 5. View Your Cookies [20 min, Homework]

Use the developer tools in your web browser to view your cookies when you visit a particular website that you regularly visit. What information do the cookies store about you and/or your browser? As cookies can reveal personal information, you do not have to include the exact values in your journal (and be careful if

displaying cookies to others, such as your tutor, in class). Rather explain the type of information the cookies store.

In your journal:

• Explanation of the type of information found in your cookies.

Week 06 Tutorial Activities

Wireless Networks

Aim to have all tasks completed before your next tutorial. Task 3 may be completed at home (if you have access to your home Wi-Fi AP/router).

Task 1. Complete the Knowledge Test [10 min]

Complete the Knowledge Test for this week within the first 10 minutes of class.

Task 2. View Wi-Fi Details [20 min]

Explore the Wi-Fi details of your own device. If you have a laptop (or PC with Wi-Fi) try to use PowerShell with the WifiTools module (see lecture slides for commands). Otherwise, use your mobile phone to see nearby Access Points. Try to collect the following information about 2 or 3 different APs: SSID, BSSID, frequency band, channel, data rate you can connect with. While not required, the WiFi Analyzer app on Android shows useful information.

In your journal:

• List information found about at least one AP.

Task 3. Use Wi-Fi Access Point [30 min]

Access the web management interface of a wireless AP or router, e.g., your home wireless router. Explore the settings. If you do not have access, then try an emulator: TP-Link has web emulators for many devices , e.g. under Home -> Routers -> Wireless Routers, try Archer C6 or TL-WR841N. What are the important settings that you should consider when designing a Wi-Fi network?

In your journal:

• Select the important settings and discuss what you would consider changing them to and why.

• Screenshot/photo of AP settings.

Task 4. Self-Evaluation of Teamwork [15 min]

As part of your project you are working in a team. Consider your teamwork so far, and write up answers to the following questions in your journal. Hint: while this must be included in your personal journal, you should return to these questions later in the project as they will be useful in writing your reflection in Project Final.

In your journal:

• What problems were encountered in the project so far? (people, communications, resources, etc.)

• When working in a team, being a good team member is important. How would your project team describe you: as someone who is (a) not attentive to project results, (b) not responsible, (c) lacking commitment, (d) fearful of disagreement, (e) being untrustworthy? Why or why not?

Task 5. Continue Your Project [25 min]

Use this tutorial to continue working on your project. Show your tutor your current progress. Seek feedback from your tutor on any issues.

Week 07 Tutorial Activities

Cloud Computing

Aim to complete Tasks 1 to 6 during the tutorial and have all tasks completed before your next tutorial

You are NOT using your personal or CQU Microsoft Azure accounts for this tutorial. Instead, after you create an account in Microsoft Learn on Demand, temporary Azure accounts will be provided to you for each task.

Task 1. Complete the Knowledge Test

Complete the Knowledge Test for this week within the first 10 minutes of class.

Task 2. Login to Microsoft Learn on Demand

Go to and select Register with Training Key, using the key provided on Moodle. Register with your @cqumail.com address to create a Skillable account. Log out, and then log in again but this time selecting “Sign In” and “Skillable Account”. From now on you sign in with your Skillable account (you no longer need to register with a training key).

Once logged in, enter the class COIT20246 which takes you to Microsoft Azure Fundamentals activities. See “Microsoft Learn On Demand – Getting Started for Students” for details.

Task 3. Create an Azure Resource

Complete Module 01: Create an Azure resource. Follow the instructions in Microsoft Learn On Demand. In your journal:

• List the resources that were created and give a short explanation of what each resource is for.

We’re having trouble locating your account?

If prompted to use “Work or school account” or “Personal account”, then select “Work or school account”. Remember the accounts inside Microsoft Learn are not your own accounts: they are temporary Azure accounts created by the lab system.

Task 4. Create an Azure Virtual Machine and Allow Web Access

Complete Module 02: Create a Virtual machine. Follow the instructions in Microsoft Learn On Demand. Before you end this module, complete the following:

1. Try to access your website – you should get a connection timed out error.

2. Via Azure Portal, add a Network Security Group rule to allow HTTP access.

3. Try again to access your website – it should work this time.

4. Login to the Ubuntu VM with SSH and change the web page to include your name. 5. Access the website again (refresh) – you should see your name.

A 16-minute demo video of all these steps is at:

Screenshots and commands of selected steps below.

In Azure Portal, select View all resources, find the Network Security Group (NSG) and you see the Inbound Security Rules. By default the NSG allows SSH (22) access.

We want to also allow HTTP (80) access.

Click on Inbound security rules then Add, then select HTTP as the Service and Add.

You should see the new rule added:

Once added, access your website again – it should now be accessible.

To edit the webpage, from the Cloud Shell, run the following to login:

ssh -l azureuser IP ADDRESS

where IPADDRESS is the Public IP address of your Ubuntu VM.

Host Key Verification Failed error?

If you receive a “Host Key Verification Failed” error, then try to add the -o StrictHostKeyChecking=no option to the send of the ssh command as follows:

ssh -l azureuser IPADDRESS -o StrictHostKeyChecking=no

Once logged in, to edit the web page run:

Then add your name to the HTML. Save with Ctrl-O and exit with Ctrl-X. Now access the website again and you should see your name.

In your journal:

• Copy the az commands used to create the VM and install Nginx (copy the commands into your journal, so you could copy-and-paste them in the future; do not use a screenshot).

• Record the public IP address of your VM.

• Include a screenshot of your web browser successfully accessing your website (the web page must include your name)

• There are two network security rules that allow access to your VM. For each rule, give the port number and explain what that rule allows (e.g., what applications or protocols).

Task 5. Create a Storage Blob in Azure

Complete Module 04: Create a storage blob. Follow the instructions in Microsoft Learn On Demand.

Upload multiple images to your storage account, so that some are private (no anonymous access) and some are anonymous read access. You may use multiple containers. Select images which are free to use and appropriate to show to the entire class (screenshots of Moodle or CQU websites are good examples; do not include personal information in the images).

Anonymous access blocked?

When changing the access level to Public, you may see a warning that Anonymous access is blocked, and you cannot change to Public. If that occurs, see the additional instructions at the end of this tutorial handout that shows how to fix this.

In your journal:

• Include a screenshot that shows one of the images and the full URL to access the image.

• Include a screenshot of your Azure Portal resources that show the container(s).

Task 6. Create a Resource Lock

Complete Module 05: Create a resource lock. Follow the instructions in Microsoft Learn On Demand. In your journal:

• Explain the difference between a read-only lock and a delete lock.

Task 7. Compare Cloud vs On-premise Costs

Find and report the specifications and cost of similar computers in the following forms:

– Consumer desktop PC

– Server

– Cloud virtual machine, e.g., Azure VM

You must use the Azure calculator (see link and video on Moodle).

While the specifications of the three computers do not need to be identical, try to find ones which are comparable (e.g., similar or same amount of RAM, similar class CPU). For example, do not compare a 4 GB desktop Celeron computer with a 64 GB dual CPU server. You do not need to include peripherals such as monitors, keyboards and mice.

Consider the upfront cost and running costs over a 1-year and 3-year period. Discuss the trade-offs between the three different options, including advantages and disadvantages.

In your journal:

• Include the specifications and costs.

• Discuss the trade-offs.

Task 5 Additional Instructions – Allow Anonymous Access

These instructions are only needed if you could not change the access level to Public. If Task 5 was successful, then you can ignore these instructions.

In Task 5 (Module 4 Create a Storage Blob), Step 3 requires you to change the access level to Public. However, you may see a warning that Anonymous access is blocked, and you cannot change to Public.

In this case go back to the Storage Account and under Settings category on the left menu select Configuration:

Change Allow Blob anonymous access to Enabled and Save:

Note it may take a few minutes for this change to take effect.

Now return to your container and change the access level:

You should now be able to access your blob via the website.

Week 08 Tutorial Activities

Attacks and Vulnerabilities

Aim to complete Tasks 1 to 4 during the tutorial, and have all tasks completed before your next tutorial.

Task 1. Complete the Knowledge Test [10 min]

Complete the Knowledge Test for this week within the first 10 minutes of class.

Task 2. CIA Protections [20 min]

For your Project, create a list of the important assets in the network, especially data and equipment. Then use the CIA Triad to identify what you want to protect and why.

For example, for a scenario that has security camera monitoring, you may identify the “security cameras” as an important asset, in which case you may say:

• Asset 1: security cameras

o Protection: availability

o Reason: if the cameras are down, then no recordings will be available if a crime is committed

Or for a scenario that has customer data, you may identify the names and personal details of customers stored on a local server as important:

• Asset 2: customer personal details

o Protection: confidentiality

o Reason: a customer should not be able to see the personal details of other

customers

Try to identify multiple assets, and consider the different CIA protections on each, e.g. is the integrity protection important for Asset 2?

There is no set number of assets to consider. Feel free to discuss with other students in your class. The assets you list will be helpful for your tutorial and project next week.

In your journal:

• List the assets, and for each asset, give the protection and reason.

Task 3. Threat Sources and Motivation [20 min]

For your Project, create a list of the most likely types of adversarial threat sources (attackers), and their motivation.

For example, for a scenario that has wireless internet, you may identify threat sources as:

• Threat Source 1: Neighbour

o Motivation: wants to get free Internet access

• Threat Source 2: Competitor company

o Motivation: …

In your journal:

• List the threat sources, and for each threat source, give the motivation.

Task 4. Explore Vulnerabilities [30 min]

Using NIST NVD, explore CVEs over the past 12 months, and select three different CVEs, one with Critical security, one with High severity and one with Medium severity. You either randomly explore several CVEs from the full listing search for CVEs

. Try to find CVEs from companies or software/hardware that you are familiar with, and for vulnerabilities that you can understand (at least partially). That is, you may need to read 5-10 CVEs before you select your chosen three CVEs to report on.

For the three selected CVEs, identify the following: CVE ID; CVE Description; Date; CVSS Version 3 Score; impact on Confidentiality, Integrity and Availability; at least one CWE (ID and Name); company; description of the product affected (name and what it is for); simple explanation of the vulnerability; detection and/or mitigation techniques.

Most of the above information can be found from the CVE entry on NVD, except the following:

o For the impact on CIA, click on the Base Score; it will take you to a page which is the CVSS Calculate for the CVE, and you will find the CIA impact under Impact Metrics.

o For the company name, product description and detection/mitigation, you may follow the links to the vendor advisory and read more details.

o For the simple explanation, you should write in your own words, based on reading: the CVE, the CWE and the vendor advisory. (Hint: the CWE description is often the easiest to read).

In your journal:

• Include the details for the critical, high and medium CVE.

Task 5. Vulnerability Disclosures [20 min]

CVEs are normally created when reported to MITRE by product vendors (e.g., the company that makes the software or hardware). The vendors may learn of the vulnerability in different ways, however a common approach is that security researchers discover the vulnerability and report it directly to the vendor. Consider the time from when a security researcher reports the vulnerability to the vendor (done privately), until when the vendor reports the vulnerability to MITRE (creating a CVE and making it public). Why might a vendor take time before making the vulnerability public? What is a reasonable time? If the vendor does not make the vulnerability public within a reasonable time, should the security researcher make it public without the vendor’s permission? Consider these and other issues regarding disclosure of vulnerabilities, preferably discussing them in class. Also read about responsible/coordinated vulnerability disclosure and bug bounty programs, e.g.

In your journal:

• Write up your own viewpoint that discusses the issues with vulnerability disclosure.

Week 09 Tutorial Activities

Cyber Security Management

Aim to complete Tasks 1 to 3 during the tutorial, and get started on Task 4. These tasks contribute to your project, so you may work in your project groups, but all students need to make contributions to their individual journals.

Task 1. Complete the Knowledge Test [10 min]

Complete the Knowledge Test for this week within the first 10 minutes of class.

Task 2. Select Security Objectives [20 min]

Considering your Project, select four (4) different sub-categories of objectives from the NIST CyberSecurity Framework. Select two (2) each from Protect and Detect functions, where both must be from different categories. That is:

• Function: Protect; Category: A; Sub-category: 1

• Function: Protect; Category: B; Sub-category: 2

• Function: Detect; Category: C; Sub-category: 3

• Function: Detect; Category: D; Sub-category: 4

For each objective selected, give a brief reason why it is important for your Project, and what attack/vulnerability it may mitigate.

In your journal:

• For each of the selected sub-categories, give the function, category and sub-category, and then explain why it is important and explain an attack/vulnerability it may mitigate.

Task 3. Create Asset Inventory [20 min]

Re-visit the task from last week where you listed important assets for your Project. Expand on the assets to cover all asset types and specific assets. Use a table for each asset type (e.g., one table for Data assets, another table for Hardware assets). Include identifying information for the assets (you may make up fake values if unknown, e.g., MACs, serials). For the Data assets, include a classification based on value or access (or both), and identify the important protections, e.g., CIA (you identified some protections in the task from last week).

In your journal:

• Tables of assets for the six (6) asset types, ensuring the Data assets also are classified.

Task 4. Conduct a Risk Analysis [50 min]

Conduct a risk analysis for your Project, using the risk assessment template spreadsheet. There is no need to include this in your journal, as it will be in your project submission.

Week 10 Tutorial Activities

Cyber Security Controls

Aim to complete Tasks 1 to 4 during the tutorial and get started on Task 5. Task 6 is optional.

Task 1. Complete the Knowledge Test [10 min]

Complete the Knowledge Test for this week within the first 10 minutes of class.

Task 2. Encrypt a File [20 min]

Encrypt a file (e.g., using 7-Zip – see the lecture demonstration), send it to another student and ask them to decrypt it.

In your journal:

• Screenshot of the settings used to encrypt the file.

• Discuss how you shared the secret key, the limitations of that approach, and recommendations for more secure ways to share a secret key.

Task 3. View Password Information Stored in Linux [20 min]

In your OpenWRT Linux VM, add a new user and then view the information stored about the password in /etc/shadow. (See the lecture demonstration for how to add a new user and view the password information).

In your journal:

• Screenshot or copy-and-paste of the /etc/shadow file entries that show your new user and password information.

• Explanation of the password information stored in /etc/shadow, and why the actual password is not stored.

Task 4. Essential Eight Mitigation Strategies [30 min]

Select four (4) of the Essential Eight that are most relevant for your Project (ensuring the selected strategies are from at least two (2) different groups; the groups are: Prevent Malware Delivery and Execution, Limit the Extent of Cyber Security Incidents, and Recover Data and System Availability). For each strategy selected, give a specific example of how you would apply that strategy in your Project scenario. For example, refer to specific assets in your Project and what you would do to implement the strategy.

In your journal:

• For each of the selected strategies, a description of how it is applied for your Project. • Reasons why you selected these strategies (and not the other of the Essential Eight).

Task 5. Explore and Select NIST Controls [20 min]

Download the NIST SP 800-53 Control Catalog from Moodle (the spreadsheet includes extra filters so you can filter by family). Select at least six (6) different base controls from at least (3) different families of controls that are relevant for your Project. (The families are the two letter categories, e.g., AC is a family, AT is a family; the base controls are numbered, e.g., AC-1 is a base control, AT-2 is a base control; you can ignore the control enhancements, e.g. AT-2(1)). For each base control selected, explain why it is important and give a specific example of how you would implement that in your Project scenario.

In your journal:

• For each of the selected controls, an explanation of its relevance and description of how it is applied for your Project.

Task 6. Setup Key-Based Authentication [30 min, Optional]

This task is optional – you will not lose marks if you do not attempt this. Only attempt if you have completed all other tasks.

You can select from either of the two tasks (you don’t have to do both, although you may):

A. Key-based SSH login for OpenWRT Linux VM using PuTTY (see lecture demonstration) b. Key-based SSH login for GitHub.com. For this, you need Git for Windows install and will use Git Bash. Instructions are provided By GitHub for Generate new SSH key, Add a new SSH key, You’re your SSH connection.