RES701 Blog Action Research

Action Research is research methodology mainly used in education, it dissolve the barrier between the researcher and participants, in other word, the research actively involve in the situation and also conducting the research.. The process of action requires a cycle of steps to improve practice and taking action at the same time.

“Action research is a disciplined process of inquiry conducted by and for those taking the action. The primary reason for engaging in action research is to assist the actor (In IT is developer, actor, software) in improving and or refining his actions.” (Sagor, 2000)

The basic step of action research involves different phase:

  1. Planning phase
  2. Action phase
  3. Analysis phase
  4. Conclusion

First define a specific research question which can be tested. Then we can do some literature review to know more about the topic. After the know enough of the question, we can design how the research performs in a ethical way and set up the research proposal and setup deadline in each step of the research.

Second, in the action phase, it requires a cycle of experiment and data collection.

The purpose of the The data we collect can be qualitative data such as observation or interview. Or quantitative data like rubric data or survey.

Third, we need to organize the data we collected and perform data analysis. The proper way to organize data can be using chart, or graph to find any specific trend. Using static model to summarize or describe a collection

Finally, making the conclusion.  Shar the research with the world by publishing blog, research paper or write up a book. This may lead up another new research question for other researcher and even create a new research area.

In IT field, we found some example adopted the similar method. example are reinforcement learning and software development.

Three are main Approaches in Machine Learning

  • Supervised Learning

Supervised Learning:

Use labeled data to train the model

The machine knew the feature of the object and the label associated with the features

Machine base on the feature to predict the label

Unsupervised Learning

•           Use unlabeled data

•           Machine find some underlying structure to a dataset

•           Aim to form groups depicting a sense of similarity.

To compare the difference between Supervised Learning and Unsupervised Learning, there are several areas we can focus on:

 Method

Supervised Learning: Input variables and output variables will be given.   

Un-Supervised Learning :Only input data will be given

Goal

Supervised learning goal is to determine the function so well that when new input data set given, can predict the output.

The unsupervised learning goal is to model the hidden patterns or underlying structure in the given input data in order to learn about the data.

Reinforcement Learning

It is a reward-based learning which works on the principle of feedback:

Figure above is an example of reinforce learning diagram.

First provide Environment for the agent(machine), then the agent gives out result. We give a negative feedback to the Agent for them to learn from the feedback and able to classify correctly next time.

In software development, normally we start with designing and gathering the requirements for the whole applications, then slice the project into functional portions that progress through the waterfall steps like the figure show below.

RES701 Blog Different Sources of evidence

Computational thinking:

Sources 1

Computational thinking – Wikipedia

Search terms used:     Use google by searching: Computational Thinking

Sources Location:       link from google

URL:     https://www.youtube.com/watch?v=qbnTZCj0ugI

Sources Type:               YouTube video

Author:              Paxton/Patterson

Date:     May 8, 2018

Credibly:           6/10. The Credibly is normal because not too many viewed and the sources in from YouTube

Sources 2

Search terms used:     google scholar: Computational Thinking

Sources location:         link from google scholar

URL:     https://www.microsoft.com/en-us/research/wp-content/uploads/2012/08/Jeannette_Wing.pdf

Type:   Microsoft Research webiste

Author: Jeannette M. Wing

Date: 2012

Credible: 8/10. The Credibly is high because it is from a famous company website ,Microsoft and the Author is a professor in university.

Sources 3

Search terms used: google search to wiki

Sources location: link from wiki

URL: https://www.worldcat.org/title/computational-thinking/oclc/1082364202

Type: book

Author: Peter J Denning; Matti Tedre

Date:    2019

Credible: 9/10, The Credibly is high because it is published by Cambridge and the

               author have written a lot of book in related topic.

Virtualization Technology:  

Sources 1

Search terms used:     search in YouTube

Sources location:         link from YouTube result

URL:     https://www.youtube.com/watch?v=XItj08D5KPk

Type:   video

Author: Techquickie

Date: 2015

Credible: 7/10 because he is a famous YouTuber

Sources 2

Search terms used:     search in google scholar

Sources location:         link from google scholar result

URL:     https://link.springer.com/article/10.1007/s10639-018-9774-7

Type:   book

Author: Ibrahim Osman Adam

Date:    2018

Credible:           9/10 because it is published in book.

Sources 3

Search terms used:     search in google

Sources location:         link from google result

URL:     https://www.sciencedirect.com/topics/computer-science/virtualization-technology

Type:   academic journals

Author:              Rajkumar Buyya

Date:    2013

Credible:           9/10 because it is published in academic journals

Lab 8 Understanding PKI Concepts

ANS1 What is the role of the Root CA and Subordinate CA in PKI?

Public key infrastructure (PKI) is a two key encryption system for communication. All key is issued by a certificate authority (CA) and distributed to the user

Root CA is stand for root certificate authority, who is a trusted party, their role is:

  • Issue digital certificate
  • Certify the ownership of a public key
  • Provide information, public key to the user
  • Provide user back a certificate

They are the first level of this hierarchy which have ultimate authority power of the internet. The number of root CA is small, and we do not want to increase the number of root CA. So, the workload of the root CA is very heavy, there for, we need subordinate to help Root CA to do their job.

Subordinate CA have the trust form root CA and help CA to define and authorize the types of certificate from the user.

Ans2 Outline the steps involved in creating the Subordinate CA private key and certificate.

We can use the Dashboard form server Manager to create a subordinate CA private key and certificate. On the Dashboard screen select Add roles and features to star the setup procedure. There are sever import selection we need to choose, such as:

  1. In the select server roles page, check Active Directory Certificate services.
  2. In select role service page, check both certification authority online responder.

After the setup step, we need to configure the subordinate CA by going to the Configure Active Directory Certificate Services on the destination server link. There are several important we need to consider, such as:

  1. Type of CA (in this case we need to select Subordinate)
  2. Type of private key (create a new on in this case)
  3. Select cryptographic option (could be SHA256 with the key length of 1024)
  4. As a subordinate, a parent CA is required, we need to select the Parent CA in the Certificate Request screen.

Ans3 Can the certificate be used on a public website? Justify your answer.

There two main function for a certificate uses:

  1. Protect communication. e.g. protect a transaction on online shopping
  2. Verify identity. e.g. vouch for identity for a specific user or computer. Usually commonly used within organization network.

For the certificate used on the public website usually required a trusted authority such as Entrust or DigiCert. Because client or public user need to agree on who is a trustworthy party to produce the certificate or to create the connection.

We are more like the first uses on the certificate which require a trustworthy party if the certificate is used on a public website. 

Ans4 Discuss the use of Certificate Revocation Lists

Certificate used in PKI need up-to-date and valid, both CA and user need to know the states of all certificate in the internet is valid or not. So there is a list called Certificate Revocation Lists(CRL) to keep record of the certificates that can no longer be used the list we update in a regular time spaces like an hour or every day.

The reason of certificate on the CRL could be the certificate expiated or relocated. For example, company changes name or address, or compromised the private key.

Ans5 Explain why an organization would use Active Directory Certificate Services 

For the organization require to verify identity or provide access to internal resources, using Active Directory Certificate Services would be their best option.

Organization can use login system, use login name and password, to control access of employees only web application. However, these is so easy be compromised.

Active Directory Certificate Services can issue certificate to company computer or user to make sure the login in request to the company web application is form a trusted user or device.

Lab 7 Password cracking

Ans 1 Discuss how to use Cain & Abel to initiate a brute force attack.

Cain & Abel is a software for cracking password in different system, such as windows, cisco etc. the software contains so many types of method to crack password, one of them is called Brute-force Attack.

To perform brute force attack, user need to install the software on the target computer to perform the attack. From the cracker tab of the software, we can add the target user on the it and select the brute-Force Attack.

Windows will not save the user password directly but will save it in a hash. There are many kinds of hash used in different situation, windows use HTLM hash to save the password.

So, after select the brute force attack, we need to choose “NTLM Hashes”. After the selection, screen will show a window which contain many important information for the attack.

  1. Predefined: Predefined is a list provide for the user to select what type of character to use in the password. Password usually contain lower case character and number, but the software allow user to select different combination. Such as upper case, symbolled etc.
  2. Password length is defined the length of the password we are looking for. Normally people will use a 6-digit number, but it allows user to change the length of the password.
  3. Time left: It show the time for using to crack the password. If include more type of character in Predefined or increase the password length will highly increase the time to crack the password.

After all predefined and password length are confirm press the start the button to start the attack and wait for the result.

 Ans 2 Discuss the problems with using the brute force attack and compare and contrast with another password attack.

The problems of using brut force attack is time consuming. The reason of using so much is that the cracking method is trying all the combination without any prior information of the possible password.

Beside brute force attack, there are another attack can be use such as “Dictionary attack”.

Dictionary attack is using a dictionary of most comment password provided by the user or download for the website of 10,000 top password as a reference to crack the password. Because some people using a 6 digit lower case password as a habits, so it will be very fast to crack the password if it is on the list. 

Ans 3 In relation to your findings in the lab define and justify the minimum requirements for a secure password policy.

From the lab I have change two setting under brute force attack

  1. Predefined: include or exclude symbol in the password
  2. Password length: increase or decrease the length of the password

And found out that include symbol and increase length of the password can significantly increase the time to crack the password. So, the minimum requirements are setting at least two rules for the user to create password:

  1. The length of the password > 8
  2. The password must contain upper case, lower case and symbol

Lab 5 Scanning and Remediating Vulnerabilities with OpenVAS

This lab gives us an overview of how to use software to perform a full system vulnerability check and try to fix this problems.

Ans1 Investigate and discuss one of the SSL vulnerabilities found as a result of the OpenVAS scan that has a severity rating of 4 or higher.

A severity rating of 4 SSL Certificate Signed Using A Weak Signature Algorithm was found in the OpenVAS scan as a vulnerability in the system. This vulnerability is using an insecure signature algorithm, which is SHA-1, to produce an SSL Certificate.

SHA-1 is one of the hash algorithms which map data of different size onto data of a fixed size.  This method works for a long time until 2017, browser developers such as Microsoft and google waring user that SHA-1 not good enough to be a hash function for SSL Certificate. They recommend using SHA-2 instead to sign the SSL certificate.

Ans 2   Investigate and discuss the Common Vulnerabilities and Exposures (CVE) database

Common Vulnerabilities and Exposures is a database of vulnerabilities. On this website, it allows us to search website or product which have Vulnerabilities. For example, website like WordPress or product like printer or router.

If we want to know any vulnerabilities in WordPress, we just need to search it on CVE. The result includes an organize list of reported vulnerabilities include the detail of CVE ID, Type, Date and Score as an overview. To see a partial vulnerability, we can click the link and get more detail information about that.

It is a very useful tool to detect vulnerabilities for specific website or device. As a cyber security specialist, this help us to identified possible vulnerabilities and give us more rescores to prevent any hacking occurs.

Ans3 Outline the steps to use a vulnerability scanner to identify and remediate security issues

1 select software to perform the vulnerability scan, one option is OpenVAS. After that we need to install and setup the software to an operating system.

After we have created the account, we need to login to in OpenVAS by https://127.0.0.1:9392

Before the scan, we need to know more about what the scan is actual for and how to config the scan.

 Go to the configuration tab, we can check the port list to understand the content of the port range selection in different setting. Also, the depth of the scan can be change, there are several provided in the manual and we are also able to check each setting cover what rand of the scan.

To perform the scan, we can go to the main page and select the purple wand icon, which will show a drop-down list and click “Advanced task Wizard”, “Create Task”.

On the New task manual, we need to input the Task name, Scan config and Target Host IP. After input these information, we and click “Create Task to start the scan.

After a while, the scan finished. We can click to the task name to see the scan result. For more detail information such the level and count, we can click the report value.

This show us more detail result backdown by level which help us to realize the problem level.

To see the vulnerability individually, we can click “date” which show us the vulnerability, and severity level. Click on the vulnerability name we can see the summary and the description.

 To solve each vulnerability problems, we can click each vulnerability and it will show us the solution one by one. We just need fellow the instruction step by step to solve the security problems. 

Lab 4: Network Vulnerabilities Part 2

Ans.1 Explain in your own words the DOS attack scenario.

Denial of Service attacks (DOC) is a hacker using hacking software to denies service to other users or delaying the response time of the website, server or database. Hacker try to use up the resources of the network to complete attack. For example, use up the disk space or memory of the server or take up all the available bandwidth.

To perform a DOS attack, the hacker simply flooded the target sever with multiple ping request until is was overload and could not respond to another request by other user. Back in 2000, hacker can send something that the server does not expected can shut down the server or send a big packet to use up all the crash in a machine also able to shut down the server.

Another way to perform DOC is by TCP/IP 3-way handshake. In normal situation, client send a SYN packet to the server to ask for a conversation. When the server receives the SYN packet, it will return a packet called SYN-ACK which is acknowledging the SYN request. Then the client sends back an acknowledging packet of the SYN-ACK and wait for the connection establish.

Under the DOS attack scenario, hacker can mess up the 3-way handshake by not responding the final ACK then the server will wait for the ACK from the hacker and use up the resources. Hacker can send a large among of SYN packet and not response the SYN-ACK packet to fill up the incoming queue which make another user can not have a response from the server.

Hacker can also target to the database to perform the DOS attack by sending unusual query to overload the database. In normal situation, user perform a search through the search bar on the website. the website will make a query to the database and it will return the result back to the server. In DOS attack, hacker can make a query like ‘a e I o u’ to make the database search all the information with the vowel which make the search much longer than the normal one. If the hacker perform this kind of search many time in a shot period, the database will lock up and not able to perform any query anymore.

Ans.2 Explain in your own words how the Hping3 attack causes the denial of service.

Hping3 is a denial of service attack tool by sending TCP SYN signal to the target computer. The TCP handshake consist of three steps,

  1. The client sends a SYN packet to the server,
  2. when the server receives the SYN packet, it will send back a SYN-ACT back to the client.
  3. After the client receives the SYN-ACT packet, the client will the back a ACK packet to complete the TCP handshake to establish the connection.

If the three steps handshake have not finished in a proper way, it could cause a TCP SYN flood on the target computer.

  • These is the useful parameter for the Hping3 attack:
  • -count option for determine the number of send packet
  • -l (interval), for determine how fast the packet send.
  • -S option is specific the software generate the SYN packet
  • -p number is specific the port number
  • -flood is setting the high omission rate to cause flooding
  • The default mood in Hping3 is TCP mode

After the Hping3 attack launched, it will use up the resources of the CPU and internet bandwidth of the target compute and causing stress of the computer and causing serious response problems.

Ans.3 Discuss the benefits of using anti-phishing functionality.

Phishing is a way to obtain sensitive information, such as bank login name and password. Most people have an online bank account and use the account to buy or sell thing online. People who want to get your personal information will send you an email. Saying some excuse to make you click the link on the email to link to another website which look pretty much the real one. However, the website on the link is a not real, it just wants you to input your personal information.

So, anti-phishing software or add-on can prevent you visit phishing website. When you trying to visit these websites, the anti-phishing can recognize it and display an alert screen to warn you and telling you that website may stole your personal information.

SEC602 Lab 6: Encryption and Hashing

Ans1 Discuss the use of MD5 hashes for software downloads.

MD5 is an algorithm used for producing a fixed length character to make sure the data is correct during download. MD5 is not an encryption method but it is very usefully in data transfusing.

In the example of software download, no matter the size of the program, by using a MD5 algorithm you will always get a fix length of text in binary value with 128bit long. The size of the programmer will not change the length of MD5 hash, always 128bit. So, if you need to download a program, the software will provide you a MD5 text. After you complete the download, you can put your program into the MD5 algorithm. The algorithm will give you a MD5 text which will be identical with the one provided by the software company. Which means that your download is correct, your copy of software is the same with the one on the internet. However, you got a different MD5 text, which means there are some problem occurred during you download, you need to download the software again.

Ans2 Discuss the difference between MD5 and SHA-1 hashes.

Both MD5 and SHA-1 are hashes for testing the integrity of the data being transfer. The main different is the length of the hashes, MD5 is 128 Bits in length which is 32 character in Hex and SHA is 160 Bits in length. MD5 have a faster speed than SHA-1. In term of security MD5 is less secure than SHA-1, on cryptanalytic attacks, using MD5 is consider as vulnerable but SHA-1 is not.

Another different between MD5 and SHA-1 is the collision of the hash. Collision is the match of two hash found even the original message is different. To produce a collision in MD5 takes less than a minute, on the other hand, the best time to form a collision in SHA-1 takes 18 hours.

Ans3 Discuss the use of SHA hashes for digital signatures in SSL certificates.

The usage of digital signatures is providing integrity which means that I can sure the document I received is same as the original one. The role of SHA hashes in digital signatures is using to hash the document which the sender wants to send out. After hashed the document, the sender will encrypt the hash by the sender private key. In other words, digital signature is the encrypted hash. Then the sender will send the document with the digital signature to the receiver.

The people who received the document with the digital signature will decrypt the digital signature by the sender public key to get the hash. Now using the same hashing method to hash the document and get the hash. By comparing the hash form the digital signature with the one we performed, if those two matches, then we know that the digital signature is valid.

RES701 Blog 3 Research Paradigms

The basic concept of research paradigms is a basic belief system include ontology and epistemology; both are the foundation of the research.

Ontology means the nature of our beliefs about reality there are three main branches of ontology in research area, they are realism, constructivism and nominalism. Another important component of research paradigm is epistemology, which is refer to how to acquire and validate the knowledge. There are three main approach which are Positivism, interpretivism and anti-positivism. In different area of the research, they have their own way to obtain knowledge and have different understanding of the reality.

For example, people in classical science, they believe there is a true reality. The researcher believes that base of observation they can collect data and perform statistical analysis to make a conclusion. On the other hand, people in social science would use interpretivism for their research. Interpretivism is a not like positivism, believe there are only one reality exists in our life. Research in social science believe that truth and reality are created by people in the society. Which means that the reality is a kind of subjective.

For my understating of the world, I believe that knowledge can be learn by observation. In our society, most people care about their health, so people would like to know the reason why people get sick. In cancer research, some researcher is focusing on the reason or factor which causing cancer. So, the aim of the research is so clear: what cause cancer?

As the people dig deeper of the disease, they can find out some risk factor which can cause disease. Use colorectal cancer as an example, the risk factor is old age, bad eating habit such as high intake of fat, sugar and alcohol, red meat, processed meat and lack of physical exercise. Beside of the lifestyle, genetic factor also plays a role to cause cancer. However, the risk factor is only giving you some idea to prevent the cancer, not saying that if you don’t eat red meat if are free of colorectal cancer.

As we can see that in cancer research, there is not always a clear cause and effect relationship, causing cancer may need to combine so many factors. But during the research process, even we can’t 100% sure a single risk fact, but gain knowledge in an area and knowing more are more of the disease, in some day later we may cure cancer and make people have a better life.

Research in information technology may apply the same idea. I believe that everyone in IT field would better have a clear definition of the problem. The problem could be making a website and construct a database. As the goal is well defined, there are many ways to complete the goal, especially in IT because the technology develops rapidly. The computational power, network speed is changing every day and new idea is required to fulfill people needs. As we and realize what people needs, that is an opportunity for us to demonstrate our knowledge (in IT) and creative thinking to complete the goal.

At the end, you get your project done and you not only get your experience and knowledge, also can make people live easier and better.

Res701 Blog 2 Ontology and Epistemology

Que1. What is ontology? How is it relevant to research?

The means of ontology is the study of what exists, such as: what is real; what are we here for? studding the natural. For example, what is the fundamental part of the world and how they are related to each other.

There are several ontologies existed:

  1. Only one signal reality.
  2. There are multiple realities.
  3. Reality is constantly negotiated, debated or interpreted.

In research, we can know the researcher’s ontological assumption by their research.

For example, if the research focus on individuals behaver by personality test or forcus on people’s traits, the ontology assumption would be approaching us as individuals in society. On the other hand, research focus on groups and relationships, then the ontology assumption would be people that are understood in each other among groups.

Que2.What is epistemology? How is it relevant to research?

Epistemology is a branch of philosophy that studies knowledge or knowing, focus on how we can examine the reality. There are several ways to understand the reality:

  1. Knowledge can be measured by a reliable designs and tools.
  2. Reality need to be interpreted to discover the underlying meaning.
  3. Knowledge should be examined suing whatever tools which are best suited to solve the problem.

In research, researcher select a method in their research to their work. For example, researcher who focus on climate change which knowledge is an objective reality, they will perform a climate survey to collect quantitative data and analysis them with statistical analysis.

In contrast, there are different way to gain knowledge. For example, studying culture could be using different method, rather than perform a survey, researcher can interview the person in the research to gain firsthand knowledge. The experience is the best way to gain knowledge of these kind of research question.

Que3. What is the connection between ontology and epistemology in a research context?

When we combine ontology and epistemology together, we can get a whole view of how we can understand knowledge, which called research paradigm.

SEC602 Lab 3

Aim:

In this lab, we are trying to perform a network footprinting and packet sniffing for discovering  any useful information or of the target network.

Que1. Summarise the information discovered in the Lab about the network topology.

Network topology is layout of the network showing us how the nodes connecting with each other. We can use Zenmap to scan several IP addresses inside the network at the same time. The Nmap result contain several important information for learning about the network (may be a target). For example we know that:

  • Port number with states
  • Port services
  • Remote access capabilities
  • Operating system
  • Security mechanism

On the topology tap of a Zenmap result, we can are able to visualize the topology graph of the network and identify the network host as well.

In the Lab, I have found that the topology of the network is start shape which is shown below. Because in the center we can see a central node and connected to another node in different direction.

Que2. How can packet sniffing be used to detect potential issues on a network?

We can use Wireshark to perform a packet sniffing on the target IP. In the lab we use Nmap to scan TCP port using SYN packet. At the same time, we are using Wireshark to Capture the package. After have a closer look the result form Wireshark, we discover that one of the sources reply a ACK signal which means that the port is ready to establish a connection.

By this method we can identify the vulnerable host of the network and try to increase the security for that host.

Que 3. Analyze the captured packets from Exercise 2 and filter the DNS requests sent from 192.168.27.12 to 192.168.27.1 and view the UDP stream. What can you tell about the DNS request?

Form the packet capture data on Wireshark, filter out the others show DNS and the IP of 192.168.27.12. First, the lower part of the screen shows us using UDP with a large port number and go to the server of port 53. Second the flag query is 0, means that the message is a query. Third on the Queries part, it shows different address from different message, such as “login.live.com” and “win10.ipv6.microsoft.com”. which means the message is asking of IP of these websites.

Design a site like this with WordPress.com
Get started