Question 1
Apple, who is the system administrator of ABC company has discovered an attack on the company server. Apply the use of wireshark and analyse the given network traffic ICT338 2022 ECA Q1.pcap and answer all the questions below. Screenshots of the evidence from the Wireshark application must be provided together with the answers.
Question 1a
Identify the company server IP address and explain with relevant screenshots.
Question 1b
Identify the attack type and suggest ONE (1) technical countermeasure and ONE (1) non-technical countermeasure to the identified attack. Screenshots are not required for this question.
Question 1c
Provide the packet number(s) where the actual attack(s) took place. Explain what is happening for the provided packet with relevant screenshots.
Question 1d
Analyze and assess the impact of the identified attack(s) to the victim host in terms of confidentiality, integrity or/and availability. Explain with relevant screenshots.
Question 2
Two different zero-day malwares have been recently released by malware authors. Using either www.regex101.com or any other regular expression testing tools or websites, apply a regular expression to detect the signature of the malware in the provided signature capture. Provide the regular expression used for each of the malwares and screenshots of the detection process.
Question 2a
Malware P has a signature consisting of four leading numbers, followed by at least one, but not more than eight uppercase alphabet. An exclamation mark follows, after which follows a six character long string consisting of the dollar symbol $, the hash symbol or the asterisk symbol *. The malware signature may optionally end with a “%” symbol. Samples of malware signature include “8725ITXCYWP!#*##$#” and “8853DBZCOO!#$#$##%”.
Question 2b
Malware Q has a signature consisting of five to seven leading lowercase alphabets excluding the alphabets b,f,h,j,r,y,z, followed by an optional number ranging from 1 to 3. After which, there are at least three, but not more than four uppercase alphabets. An exclamation mark optionally follows, after which the signature will end with either an uppercase D, H, X or Z.
Samples of malware signature include “wciqt1FKEH” and “oekvatqELA!H”.
Question 3
To optimize the usage of the company warehouse and to improve flexibility and responsiveness, an electric car manufacturer, Vesla is calling for a proposal for a Warehouse Management System (WMS) for managing inventory of car components.
The desired functionality of the system is described as follow.
The system should be accessible via multiple platforms allowing authorised access anytime and anywhere. WMS should monitor for inventory level of car components and their storage location in the warehouse. When inventory falls below a pre-set level, the system should order components from suppliers.
Components that enter or leave the warehouse are handled by autonomous mobile robots that interface to WMS to automatically update the location and inventory level of the component. Using concepts of smart computing which you have learnt in this module, propose a design which will satisfy all the given requirement. Assess and evaluate the merits of your design taking into potential issues such as security and privacy of data.
Question 3a
Demonstrate your design in a diagram showing all the required components/ devices taking into consideration of the above requirements.
Question 3b
Explain how the various components of your design can work together seamlessly to provide the requirements needed by Vesla.
Question 3c
In one morning, an alert was triggered by WMS to a technician to investigate an abnormal status of one of the autonomous mobile robots. Based on the given diagram showing what he is seeing immediately after receiving the alert, assess potential security issues with the WMS mobile app and critique on how security can be improved.
