FIT1047 Introduction to computer systems, networks and security – S1 2025
Assignment 4 - Cybersecurity
|
Purpose
|
1. Students will analyse and discuss a recent vulnerability or cybersecurity attack. This demonstrates an understanding of related cybersecurity topics and the ability to research information on cybersecurity incidents.
2. Students will show how a given set of security controls are used in a medium- sized enterprise scenario. This demonstrates an understanding of the different security controls and the ability to assess and explain their use.
The assignment relates to Unit Learning Outcomes 5, 6, and 7.
|
|
Your task
|
Part 1: Your weekly reflection (Weeks 10 - 12)
Part 2: Choose one article from your allocated category, analyse and discuss this recent vulnerability or cybersecurity attack, and also provide a comparative
analysis on another article (or a conference/journal research paper) in the same security category. Provide a video presentation with slides to present your
analysis.
Part 3: Provide another set of video presentation and slides that shows how a given set of security controls are used in a medium-sized enterprise scenario. The instructions below contain concrete questions you should answer.
All files have to be submitted via Moodle.
|
|
Value
|
30% of your total marks for the unit
Parts 2 and 3 are 15% of the total marks for the unit each.
|
|
Word Limit
|
See individual instructions
|
|
Due Date
|
11:55 PM, Monday 9 June 2025
|
|
Submission
|
●
●
●
●
●
●
|
Via Moodle Assignment Submission.
Turnitin will be used for similarity checking of all submissions.
DRAFT upload confirmation email from Turnitin is not a submission. You must click the submit button to accept terms and conditions in Moodle. Note that DRAFT submissions are not assessed.
Once the submission is confirmed, any requests to revert it back to
DRAFT will not be accepted. Also, any incorrect, corrupted, empty or wrong file type submission will not be assessed. Please check carefully before confirming your submission.
This is an individual assignment (group work is not permitted).
In this assessment, you are allowed to useChatGPTfor Parts 2 & 3 and if you use it, it must be appropriately acknowledged. For details, please refer to the instructions.
|
INSTRUCTIONS
Read carefully the entire specification FIRST before you start working on the assignment.
Part 1: Reflections [hurdle requirement, no marks]
Collect your reflections for weeks 10 – 12 from each week’s Ed Lesson and create a single PDF/DOC/DOCX document. You can simply copy/paste your reflections, but please add headings for each week. A template is available on Moodle. Submit your file through the Moodle Assignment 4 Part 1 activity.
Submit your reflection for this part (Part 1) as a PDF/DOC/DOCX file.
PART 2 - Analyse cybersecurity vulnerabilities or incidents [15 marks]
Information on security problems, weaknesses and attacks can be found in many places (blogs, newsletters, experts' pages, etc.). Your task is to first pick one news item from your assigned allocation group of URLs, read the news item, look up and read the referenced sources. Then, choose another item in the same allocation group OR a conference/research paper in the same security category and perform a comparative analysis. Finally give a video presentation with slides on the findings. Incorrect news item selection for analysis will not be assessed.
Group 1 or 6: Students with student number ending with “1” and “6”: Data Breach
1. Yale New Haven Health Data Breach Exposes Information of 5.6 Million Patients
Updated: 28/02/2025
https://www.ctinsider.com/business/article/yale-new-haven-health-data-breach-20292710.php
2. Western Sydney University discloses security breaches, data leak
Updated: 11/04/2025
https://www.bleepingcomputer.com/news/security/western-sydney-university-discloses-security-breaches-data-leak/
3. TalkTalk Investigates 'Customer Data Breach' After Hacker Puts Private Details for Sale Online
Updated: 15/02/2025
https://www.thescottishsun.co.uk/tech/14237885/talktalk-data-breach-hacker-customer-details-for-sale/
Group 2 or 7: Students with student number ending with “2” and “7”: Software Security
4. Google Urges Android Users to Update Devices Amid Zero-Click Vulnerability Exploits
Updated: 08/05/2025
https://www.thescottishsun.co.uk/tech/14755693/google-android-pixel-phone-update-may-2025-attack/
5. Critical Security Vulnerability in Automatic Update System for Asus Mainboards
Updated: 12/05/2025
https://www.heise.de/en/news/Critical-security-vulnerability-in-automatic-update-system-for-Asus- mainboards-10380387.html
6. Commvault Backup Software: Further Vulnerability Attacked
Updated: 07/05/2025
https://www.heise.de/en/news/Commvault-backup-software-Further-vulnerability-attacked-10374500.html
Group 3 or 8: Students with student number ending with “3” and 8”: Network Security
7. ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
Updated: 19/04/2025
https://thehackernews.com/2025/04/asus-confirms-critical-flaw-in-aicloud.html
8. Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Access
Updated: 15/04/2025
https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html
9. Masimo Manufacturing Facilities Hit by Cyberattack
Updated: 08/05/2025
https://www.securityweek.com/masimo-manufacturing-facilities-hit-by-cyberattack/
Group 4 or 9: Students with student number ending with “4” and “9”: Human Behaviour Security
10. Deepfakes, Scams, and the Age of Paranoia
Updated: 13/05/2025
https://www.wired.com/story/paranoia-social-engineering-real-fake
11. Deepfake Scam: Company Loses Around Rs 207 Crore After Employee Connected to a Video Call
Updated: 13/05/2025
https://www.indiatoday.in/technology/news/story/deepfake-scam-company-loses-around-rs-207-crore- after-employee-connected-to-a-video-call-2497996-2024-02-05
12. AI-Powered Romance Scams Rake in Millions as Fraudsters Get More Convincing This
Valentine's Day
Updated: 11/02/2024
https://www.techtimes.com/articles/309339/20250211/ai-powered-romance-scams-rake-millions- fraudsters-get-more-convincing-this-valentines-day.htm
Group 5 or 0: Students with student number ending with “5” and “0”: AI Security
13. Critical Vulnerability in AI Builder Langflow Under Attack
Updated: 06/05/2025
https://www.securityweek.com/critical-vulnerability-in-ai-builder-langflow-under-attack/
14. 2025 API ThreatStats Report: AI Vulnerabilities Surge 1,025%, 99% Connected to APIs
Updated: 31/01/2025
https://www.securitynewspaper.com/2025/01/31/2025-api-threatstats-report-ai-vulnerabilities-surge- 1025-99-connected-to-apis/
15. Understanding AI Vulnerabilities | Harvard Magazine
Updated: 07/03/2025
https://www.harvardmagazine.com/2025/03/artificial-intelligence-vulnerabilities-harvard-yaron-singer
Follow the steps below:
1. Choose one of the 3 news items in your allocated group above, read the text.
2. Look up and read additional three or more articles and information referenced in the news item. If there are less than three articles and information referenced in the news item, search relevant ones from Google.
3. Record a video presentation (using Panopto, Zoom, Teams or any software of your choice) showing the slides and you talking to the slides (length of video: maximum 8 minutes excluding self-introduction)
a. At the start of the video, introduce yourself (you MUST turn on your camera or it will not be assessed) and show your ID (Monash or others) while introducing yourself.
b. The video needs to be in a common video format (e.g., MP4, AVI, WMV and MOV) that can be played by built-in players in either Windows or MacOS, and should be of high enough quality to be clearly understood and viewed. The video should be no more than 500MB in size.
4. In your presentation, first address the followings:
● Provide a short summary of the news item
● Identify which software, hardware or system is affected. The identification should be as precise as possible. Include exact product names, distribution of the product, version numbers, etc.
● Describe how the problem was discovered and how it was initially published. Try to find this information in the referenced articles. The problem might have been found by researchers at a university, by a professional security company, by some hacker, published in a scientific conference/journal, in a newspaper on a blog, etc. Was it the result of targeted research, found by chance, were any tools used, etc?
● Discuss how serious the issue/weakness/attack is, describe what is necessary to exploit the weakness, evaluate what the consequences might be if it is exploited.
5. Choose another news item in the same allocated group OR find a research conference/journal paper of the same category. If you choose the latter, for example, if your allocated group’s category is Network Security, the paper should be related to Network Security.
6. Also, in your presentation, provide a comparative analysis of the two incidents and address the followings:
● Identify at least two similarities and two differences of the two incidents, in terms of causes (e.g. Why did it happen?) and outcomes (e.g. What were the consequences? Who/What were impacted?)
● Discuss what measures you think are necessary/useful on (i) a technical level, (ii) in terms of human behaviour, and (iii) on a policy level, to avoid/mitigate the attack/vulnerability.
7. The presentation slides MUST be PPT or PDF format. The maximum number of slides MUST NOT exceed 16. The last slide of your presentation MUST include at least 3 more references excluding the original two article references as a discussion/comparative analysis. You can easily Google to find more references. You MUST use the APA 7th referencing style. Do not forget to add the references of the original two articles (the two that you have chosen). So altogether, there should be at least 5 references included in your last slide. You may use extra slides if the reference list cannot fit into a single slide.
Submit your work for this part (Part 2) as 2 different files:
1. One file for your presentation slides
2. One file for your presentation video
Part 3 - Security controls in an IT network of a medium sized company with automated production of vacuum cleaners [15 marks]
For this task you take on the role of a security architect (as defined in the NIST NICE workforce framework) You are responsible for a re-design of a company network (using best practices - refer to NSA Network Infrastructure Security Guide), including placing security controls in the right places of the network. As security always costs money, prepare a video presentation with slides that explains to the management of the company why each security control is required at that particular part of the company network.
The company has several departments, but the focus is on three network areas:
● Production with automated machines controlled from PCs connected to the network. Production runs 24/7 and outages would be very expensive for the company. The company is very modern and customers can design their own colour combinations and specifications for their vacuum cleaner. Thus, data needs to frequently (every 6 hours) be transferred to the PCs controlling the machines.
● Outward facing servers including a web server that is used for marketing and online sales and the company’s mail server.
● Administration with PCs and laptops, a server running administration software and databases, wireless printers and Wifi for meeting rooms and general office areas. Employees also travel with their laptops and need to access the administrative network, but not the production area.
Provide ALL 10 security controls mentioned below to be used and a number of entities that need to be connected in the internal network. Depending on the role of the entity, you need to decide how they need to be protected from internal and external adversaries.
Entities to be connected:
● PCs to control production machines
● Production machines themselves
● Employee PCs and laptops for administration
● Server for administration and internal databases
● Wireless printer and scanner for administration use
● Authentication server
● DNS server
● Webserver
● Mailserver
● WiFi access points
● Routers
● Switches
Security controls and appliances (can be used in several places)
● Firewalls (provide port numbers to be open for traffic from the outside of the respective network segment)
● VPN gateway
● VPN clients
● TLS (provide information between which computers TLS is used)
● Authentication server
● Secure seeded storage of passwords
● Disk encryption
● WPA3 encryption
● Air gaps
● Intrusion detection system
In your presentation,
1. Create one or more diagram(s) of your network (using any diagram creation tool such as LucidChart or similar) with all entities.
2. Place security controls on the diagram(s).
3. For each security control, explain what it is used for and why it is needed in this particular scenario.
4. Record a video presentation (using Panopto, Zoom, Teams or any software of your choice) showing the slides and you talking to the slides (length of video: maximum 8 minutes excluding self-introduction)
a. At the start of the video, introduce yourself (you MUST turn on your camera or it will not be assessed) and show your ID (Monash or others) while introducing yourself.
b. The video needs to be in a common video format (e.g., MP4, AVI, WMV and MOV) that can be played by built-in players in either Windows or MacOS, and should be of high enough quality to be clearly understood and viewed. The video should be no more than 500MB in size.
5. The presentation slides MUST be PPT or PDF format. The maximum number of slides MUST NOT exceed 16. The last slide of your presentation MUST include at least 3 references that can support your claim. You can easily Google to find more references. You MUST use the APA 7th referencing style. You may use extra slides if the reference list cannot fit into a single slide.