Internet Security Project

Content Type

User Generated

User

rqqljvaf

Subject

Computer Science

Description

Proving a security myth. Pick any of the topic(except phishing) and demonstrate how to do it as well as showing the result.

File attached: Screenshot is direction. pdf file is sample topic.

It cannot be too simple, please chat to confirm the level of complication.

p/s: some of my classmates are performing their project on Kali Linux

Unformatted Attachment Preview

Georgia Gwinnett College School of Science and Technology ITEC 4320: Internet Security Sample Topics for Final Project Phishing. Construct a phishing site that closely mimics an authentic site and demonstrate its harmful effects. Dictionary attacks. Implement dictionary attacks and demonstrate its effect on breaking password authentication when weak passwords are used. Note that we may have some lab assignment on dictionary attacks in the course. In this case you are expected to go beyond what is covered in the assignment should you decide to choose this topic. Cross site scripting. Implement both stored and reflected cross site scripting (XSS). Demonstrate how to use XXS to steal a user’s cookie (and perhaps other sensitive information) and access the user’s account without the user’s credentials (e.g. username and password) when the user has an active session for the account. SQL injection. Implement SQL injection attacks and demonstrate their harmful effects. We will have a lab assignment on SQL injection in the course. Therefore you are expected to go beyond what is covered in the assignment should you decide to choose this topic. Breaking wireless security. Demonstrate how to break the encryption of WEP and perhaps also WPA. Malware. Implement one or more forms of malware (e.g. virus, worm, keylogger, Trojan horse, etc.) and demonstrate their harmful effects. Denial of Service. Implement one or more forms of denial of service attacks and demonstrate their harmful effects. DNS cache poisoning. Demonstrate how an attacker can poison the cache of a vulnerable DNS server by replacing the IP address of a target website with that of the attacker’s computer so that traffic for the target website is diverted to the attacker. ARP cache poisoning. Demonstrate how an attacker can send spoofed ARP messages to two hosts on the same local area network so that the attacker becomes a man‐in‐the‐middle between the two hosts. Buffer overflow. Demonstrate how to take control of a vulnerable remote system (e.g. a server or a browser) by buffer overflow. Breaking biometrics‐based authentication. Demonstrate whether it is possible to impersonate a user by breaking authentication mechanisms based on one or more forms of biometrics (e.g. fingerprint, voice or facial recognition). 1 PROJECT DESCRIPTION A major outcome of the course is the final group project. You are encouraged to work in groups of up to 3 people. The project, titled "Internet Security Myth Buster", involves a study of attacks on the Internet It is a basic fact that in order to build a secure system, one must first understand potential attacks and threats against the system. In this project, you will choose a "myth", which is aboutan attack on the Internet learned from a course, a movie, or a paper, then research on it to find out whether it is really possible, like in the famous TV series "Myth Busters”. During the project, you will build a computing environment mimicking that in the myth, and perform hacking as in the myth. As the final product, you will make an educational video and write an academic paper of your findings about your chosen myth. For example, in the movie "Sneakers", a hacker successfully passes a voice-recognition based security lock by using recorded voice "My voice is my passport. Verify me" which was created from the person's ordinary everyday conversation. One can test this myth by setting up some voice recognition software and have another student create a voice password phrase; then while that student talks, use a voice recorder to record his voice; then using a sound- editing tool, like Audacity, edit the words to create the desired sentence; and finally, use the voice recognition software to find out whether the edited sentence is accepted as the secret pass phrase. Based on the outcome, the myth will be rated as "Confirmed" (always successful), " Plausible” (successful under certain circumstances), or “Busted" (cannot be replicated).