In-course Assignment Specification

Module Code and Title: 5CC512 Ethical Hacking

Assignment No. and Title: Securing Enterprise Network
Assessment Tutor:
Peggy Zhu
Weighting Towards Module Grade: 70%
Date Set:

Hand-In Deadline Date:

22nd February 2016

9pm on 7th April 2016

Penalty for Late Submission

Recognising that deadlines are an integral part of professional workplace practice, the University
expects students to meet all agreed deadlines for submission of assessments. Work submitted
after the deadline will be given a Nil response (NR), i.e. a 0 grade. However, the University
acknowledges that there may be circumstances which prevent students from meeting deadlines.
There are now 3 distinct processes in place to deal with diering student circumstances:
Assessed Extended Deadline (AED) Students with disabilities or long term health issues are
entitled to a Support Plan.
Exceptional Extenuating Circumstances (EEC) The EEC policy applies to situations where
serious, unforeseen circumstances prevent the student from completing the assignment on time or
to the normal standard.
http://www.derby.ac.uk/eec

Late Submission Requests for late submission will be made to the relevant Subject Manager in
the School (or Head of Joint Honours for joint honours students) who can authorise an extension
of up to a maximum of one week.
http://www.derby.ac.uk/media/derbyacuk/contentassets/documents/academicregulations/Assessment-regulations-forundergraduate-programmes.pdf

Level of Collaboration
This is an individual assignment. No collaboration with other students or any one else is
allowed.
Learning Outcomes covered in this Assignment:
1. Understand the link between organisational policies and hierarchies and their

implementation

Task
Company BNC is a Corporate Training and Consulting company. Its main office is located in
Birmingham. It has a branch in Newcastle. The companys network topology is shown below
(Figure 1). Currently all hosts on the main office get their IP address dynamically through the
DHCP server implemented on BM_R2 router. NAT has been implemented on BM_R2 router to
translate internal private addresses to public addresses for Internet access. DHCP and NAT have
also been implemented on NE_R router for similar purpose. A GRE tunnel has been configured
between BM_R2 and NE_R router. The OSPF routing protocol has been implemented to enable
communication with the rest of the network in the main office. A static route has been used to
connect the main office and the branch office. Currently there are no wireless access points in both
main office and branch office. In a month time, the company is going to add wireless access points
on both main office and branch office to provide mobility. Wireless access points will connect to a
radius server in the main office to provide authentication and authorisation. Currently there is no
security protection on the network except the access control list implemented on BM_R2 router to
deny telnet, SSH and FTP traffic sourced from the Internet. Your task as network consultant to the
company is to evaluate the existing network and propose a security solution for the companys
network.

Figure 1 Company Network Topology

You are required to research that best way to secure the company network (including wireless
system) against common attacks such as sniffer attack, man in the middle attack, denial-of-service
attack, identity spoofing and data modification attack etc. You need to identify at least six common
attacks and provide solutions. You can meet with the companys CIO in week 7 to discuss the types
of attack you are going to defend against and ask questions. You are expected to deliver a report
approximately 2500 words. The references section is not included in the word count. No specific
template has been provided for your paper, but the presentation of your report will be considered as
part of the marking criteria.
Your report document must include the following sections:
1. An introduction which lays out the objectives of this report.
2. Evaluate existing network and identify the potential threats to the network. A detailed
description of potential attacks to the network.

3. An evaluation of the solutions to the various attacks. Where there is more than one solution
to a given attack method you need to discuss the strengths and weaknesses of each of the
different approaches. A final recommendation should be clearly identified.
4. Propose a security solution to protect the network.
You are expected to read widely in order to research relevant information for this report. You must
provide accurate citing and referencing for your paper using the Harvard system. Failure to provide
both references and citations will result in an automatic failure of this assignment.

Submission
Your assignment MUST be submitted electronically via Course Resources by the due date.
Full information on doing this can be found at http://www.derby.ac.uk/esub. Note. Failure to submit
be the due date and time will result in a grade of 0 being given for this assessment. There are NO
exceptions to this rule, even if the assignment is just a few minutes late unless you are covered by a
support plan, have an EEC in place or have been given approval for late submission. So you are
strongly recommended to allow enough time for your assignment to be uploaded and submitted.

Assessment Criteria
The following is an indicative marking scheme and seeks to outline some broad concepts and principles by which the assignment will be
marked.