Assignment Help - homework help

Implement secure private networks for iot and byod.


Assignment task: Security Investigation -Home IoT System

Learning Outcome 1: Propose and implement effective 'defence-in-depth' solutions to mitigate the key technical internet security vulnerabilities that organisations face.

Learning Outcome 2: Design and implement secure private networks for IoT and BYOD.

Learning Outcome 3: Discuss and debate a wide range of current research and technological advances in network security.

Task and Mark distribution:

Introduction:

You are given access to an IoT environment, representing a home owned by early adopters in the current move to "smart homes". The devices are all from a single manufacturer and you are required to evaluate the security aspects of the system before marketing and sale of the devices.

You will be given access to a testbed network in order to perform a practical security audit as well as associated documentation for review.

Task Breakdown:

Your work should include:

1. A security evaluation report on the test-bed system. This is a "white-box" analysis, so you should execute it as a security review rather than penetration test. You can examine any of the files and materials you are given, but any security vulnerability should be demonstrated with a prof-of-concept (PoC) attack that would work without the information gained through white-box testing. Make sure you consider more than just direct attacks on the devices. Also consider what information is exposed about the consumer.

2. A report to the manufacturer on your findings that includes a short review of each problem, along with a brief overview of how it could be solved. For each issue, you should have a more detailed description of the steps you took to discover it, showing enough detail for it to be repeated by the developers.

Scope

  • You will be given a collection of docker build scripts and Makefiles.
  • Although you have access to the non-live versions of the systems, their Dockerfiles, Makefiles and so on, this does not count as a vulnerability. This is just the mechanism by which you gain access to the virtualised IoT environment.

o You can, however, examine all of these files to see if there might be vulnerabilities or security flaws you can demonstrate in the running system.

o This is the equivalent of having the source code for the IoT systems and being able to review the code, making this a "white box" test.

The system

The system is comprised of:

  • An MQTT server that coordinates internal messaging and provides a web front-end for the user
  • A Database server that stores local information, settings and so on
  • A number of devices within the system.

o a temperature sensor

o a heating system

o a light sensor

All of the services are containerised in order to minimise platform dependency. For the purposes of this coursework you can assume that the underlying platform is secure unless the container itself is compromised. You will be given a separate container for each of the services and they will function in "virtual mode" while not on actual hardware.

You are also provided with a document describing the design of the infrastructure outside of the containers. You must include this in your assessment, but rather than look for vulnerabilities in the Task and Mark distribution:

Introduction

You are given access to an IoT environment, representing a home owned by early adopters in the current move to "smart homes". The devices are all from a single manufacturer and you are required to evaluate the security aspects of the system before marketing and sale of the devices.

You will be given access to a testbed network in order to perform a practical security audit as well as associated documentation for review.

Task Breakdown

Your work should include:

1. A security evaluation report on the test-bed system. This is a "white-box" analysis, so you should execute it as a security review rather than penetration test. You can examine any of the files and materials you are given, but any security vulnerability should be demonstrated with a prof-of-concept (PoC) attack that would work without the information gained through white-box testing. Make sure you consider more than just direct attacks on the devices. Also consider what information is exposed about the consumer.

2. A report to the manufacturer on your findings that includes a short review of each problem, along with a brief overview of how it could be solved. For each issue, you should have a more detailed description of the steps you took to discover it, showing enough detail for it to be repeated by the developers.

Scope

  • You will be given a collection of docker build scripts and Makefiles.
  • Although you have access to the non-live versions of the systems, their Dockerfiles, Makefiles and so on, this does not count as a vulnerability. This is just the mechanism by which you gain access to the virtualised IoT environment.

o You can, however, examine all of these files to see if there might be vulnerabilities or security flaws you can demonstrate in the running system.

o This is the equivalent of having the source code for the IoT systems and being able to review the code, making this a "white box" test.

The system

The system is comprised of:

  • An MQTT server that coordinates internal messaging and provides a web front-end for the user
  • A Database server that stores local information, settings and so on
  • A number of devices within the system.

o a temperature sensor

o a heating system

o a light sensor

All of the services are containerised in order to minimise platform dependency. For the purposes of this coursework you can assume that the underlying platform is secure unless the container itself is compromised. You will be given a separate container for each of the services and they will function in "virtual mode" while not on actual hardware.

You are also provided with a document describing the design of the infrastructure outside of the containers. You must include this in your assessment, but rather than look for vulnerabilities in the implementation for this part, you must assess the design decisions presented.

Are you a student from a reputed colleges or universities and are always struggling with your complex and tricky assignments and homework? Then approach our Security Investigation Assignment Help service right now!

Tags: Security Investigation Assignment Help, Security Investigation Homework Help, Security Investigation Coursework, Security Investigation Solved Assignments 

Attachment:- Security of Emerging Connected Systems.rar

Request for Solution File

Ask an Expert for Answer!!
Computer Network Security: Implement secure private networks for iot and byod.
Reference No:- TGS03054081

Expected delivery within 24 Hours