微信客服:xiaoxionga100
微信客服:ITCS521
RIPTION 2022/2023-虚拟机代写
时间:2024-01-04
DEPARTMENT OF COMPUTER SCIENCE AND TECHNOLOGY
COURSEWORK ASSESSMENT DESCRIPTION 2022/2023
MODULE DETAILS:
Module Number: 661982 Trimester: 1
Module Title: Secure Digital Infrastructure
Lecturer: Dr. Ahmed Moustafa
COURSEWORK DETAILS:
Assessment Number: 1 of 2
Title of Assessment:
Format: Report
Method of Working: Individual
Workload Guidance: Typically, you should
expect to spend between
40
and
80 hours on this assessment
Length of
Submission:
This assessment should be no
more than:
(over length submissions may have
only parts of the work marked as
per University policy)
2000 words
(excluding diagrams, appendices,
references, code)
PUBLICATION:
SUBMISSION:
ONE copy of this
assessment should
be handed in via:
Canvas If Other (state method)
Time and date for
submission: Time 2pm Date
Friday 22nd Dec
2023
If multiple hand–ins
please provide
details:
Will submission be
scanned via
TurnitinUK?
Yes
For Turnitin, these should be one of the allowed types
e.g. Word, RT, PDF, PPT, XLS etc.
Specify any particular requirements in the submission
details on TurnItIn.
Unless specified: students MUST NOT submit ZIP or
other archive formats unless specified.
Students can ONLY submit ONE file and must ensure
they upload the correct file. Normally only the LAST
submission will be considered – the last submission is
late it should incur a late penalty.
The assessment must be submitted no later than the time and date shown above, unless an
extension has been authorized.
Friday 20th Oct 2023 Date of issue:
2
MARKING:
ASSESSMENT:
The assessment is
marked out of:
100 and is worth
60
% of the
module
marks
N.B If multiple hand-ins please indicate the marks and % apportioned to each stage above (i.e.
Stage 1 – 50, Stage 2 – 50). It is these marks that will be presented to the exam board.
ASSESSMENT STRATEGY AND LEARNING OUTCOMES:
The overall assessment strategy is designed to evaluate the student’s achievement of the module
learning outcomes, and is subdivided as follows:
LO/
Competency
Learning Outcome/Competency Method of Assessment
{e.g. report, demo}
1(6),
2(6),
3(6)
The program competency statement
Report
Report
Report
Assessment Criteria Contributes to
Learning Outcome
Mark
An Assessment Criteria Grid is inserted below.
FEEDBACK
Feedback will be
given via: Canvas
Feedback will
be given via: Canvas
Exemption
(staff to explain
why)
Feedback should be provided no later than 4 ‘teaching weeks’ after the submission date.
You are advised to read the NOTES regarding late penalties, over-length assignments, academic
misconduct and quality assurance in your student handbook, which is available on Canvas.
Student Name Marking will be by:
661982 Secure Digital Infrastructure ACW
1
Secure Digital Infrastructure
(661982)
ACW (60% of Module)
Virtual Machine Configuration
661982 Secure Digital Infrastructure ACW
2
Deliverables:
Virtual Machine Practical Report:
(PDF)
Friday 22nd Dec by 2 pm 60%
Assignment
Please read the below sub-sections carefully. The report needs to be submitted on the
module page on Canvas.
661982 Secure Digital Infrastructure ACW
3
Virtual Machine Configuration
A leading Japanese Biotech company has recently acquired some virtual machine resources
to begin deployment of their research data management system and to additionally facilitate
in-house research and development.
You have been given a freshly created Virtual Machine which will need configuring
appropriately. Your role as administrator for this company is to configure these systems and
maintain them.
Task:
1. Secure, with justification, the root user account
2. Setup administrative users for yourself and another one for the module leader
(Ahmd Moustafa)
3. Set-up and correctly configure the SSH server, taking into account all user account
requirements.
4. Create accounts where needed for the following persons:
a. Katsuhide Fujita - Head of R&D
b. Naoko Yamaguchi - Lead Scientist
c. Kai Yoshino- Is an intern (Kun) with the company and is being closely
supervised by Naoko. He will require access to materials which Naoko will
place in a folder in /srv/ for him to access as part of his training.
d. Shota Suzuki – Media Manager, requiring access to
/srv/http to see, and put any promotional material. Shota is not familiar withCLI,
and only requires SFTP access infrequently.
e. Daiki Setoguchi & Makoto Hagiwara - Company research engineers who
need access to dedicated project materials for on-going development.
These also reside in /srv/.
f. Yuya Kondo - Quality Manager responsible for verifying that developed work
conforms to company standards and works appropriately.
5. Store, and secure access to, a research project data directory (under /srv/) for
research engineers to have access to. Research engineers should have full access
to the research projects’ folders; however, the quality managers should not be able
to change the research data, only check the experimentation data for compliance
and whether they follow the quality guidelines. Senior members of the company
such as the Lead Scientist and the Head of R&D should be able to oversee any
company research project/asset. On occasion they will contribute to research
projects developed by Daiki and Makoto.
6. Conduct a comprehensive security assessment and audit of the configured system.
Identify potential security risks, vulnerabilities, and areas of improvement. Propose
and justify strategies for managing and mitigating these risks. Include steps for
responding to security incidents and maintaining an updated security posture.
7. Critical reflection section: reflecting on the process of learning these tools, and of
configuring the VM to this specification. This can include challenges faced (such as
error messages) and how you solved them, as well as personal reflections on the
process as a whole.
661982 Secure Digital Infrastructure ACW
4
As Kai has just started, Naoko does not yet have any materials to send him; however,
she still requires a place to put these when ready.
Kai has been told he should normally use private keys; however, he asks if he can login
with password only from the following host on the local network: (150.237.92.8 );
Everywhere else he has private keys to login.
First Steps
Follow the vSphere access instructions, including VPN access.
Each VM has internet connection for downloading any packages you may need. Each of
your VMs is also in a subnetwork, therefore enabling communication between your
colleagues for testing purposes. Note: Any abuse of this will be dealt with severely.
You should request a reset of your Virtual Machine when you are ready to attempt this
assignment task, as it will require documenting your progression. See the “What if
things go wrong / needs resetting” section below for details on resetting back to the
template.
What if things go wrong / needs resetting?
It is possible for you to misconfigure your machine which will result in your being locked out.
In some cases, even using the vSphere login web console might not be possible. If you have
fully locked yourself out, and a snapshot isn’t available to roll-back to, then you may request
your VM be reset back to the template by opening a Virtual Machine ticket on
support.hull.ac.uk putting “For the attention of Andrew Hancock” at the top.
Please ensure you include your 6-digit ADIR number so your response can be dealt with
promptly.
This WILL wipe your VM back to the original workshop starting point, and will require you to
reinstall many packages which you may be familiar with from workshops.
Also note, it may take time for these to be reset depending on the current workload of ICTD,
therefore consider this a warning against last minute VM configurations close to the
deadline.
661982 Secure Digital Infrastructure ACW
5
Deliverable
A PDF report ( Minimum 4 pages; Maximum 8 pages ) detailing the steps from the initial
machine given to you, towards the goal of configuring to the above specification. You should
provide clear and justified rationale for decisions made.
You should include steps taken to verify that changes implemented are working as intended.
You may utilise additional software which is required to be installed via pacman; however,
these must be justified and fit-for-purpose.
Cover page, table of contents page, appendices, and references sections do not count
towards the page limit.
Note: Your VM will NOT be inspected for being awarded marks. Therefore you should
ensure that your documented progress sufficiently shows the steps taken. It is expected that
when performing configuration steps that these are done optimally and with consideration of
security of the system such as proper root and non-root administrative account use
661982 Secure Digital Infrastructure - CRG
ACW - Virtual Machine Configuration
Learning Outcome/
Competencies
Criterion Pass 2:2 2:1 1st Upper 1st
1- Select and
use
appropriate
development
tools and
practices.
2- Design and
engineer
software/hard
ware-based
systems
3- Analyze
complex
systems and
use Design
Thinking to
develop
effective
Digital
Transformatio
ns.
Virtual Machine
Configuration
based upon
provided
specification
(60%)
VM is minimally
configured.
SSH is configured
minimally to allow
remote access for a
non-root user.
An administrative user
is created.
File/Folder
permissions, if
attempted, are
erroneous.
Report covers major
aspects of configuring
the VM, but may be
missing critical
reflection.
No security
assessment
attempted.
In addition to
previous.
Remote
connections using
private keys may be
erroneous in
places.
Administrative
users are in-place.
Some of the
non-administrator
users are
attempted.
Testing is limited in
scope, and may be
missing in others.
File/Folder
permissions are
attempted, with
some error.
In addition to previous.
VM Configuration is mostly
complete, some errors may
exist, or some constraints
unmet.
Testing of configuration is
mostly correct and
complete.
Critical reflection is
present, and appropriate.
File/Folder permissions are
correct and appropriate.
Security assessment is
completed and presented
but may not fully identify
potential risks.
In addition to previous.
Report is well-written and
structured, showing strong
evidencing of process.
Report critically evaluates
alternative approaches with
respect to the specification.
Testing of each configuration is
thorough, and well-documented.
Critical reflection is thoughtful
and covers thoroughly the
process of undertaking the
assignment.
File/Folder permissions are
correct, appropriate, and
well-justified.
Security assessment is
completed and presented with
potential risks identified.
In addition to previous.
The specification is expertly
broken down into its
requirements and implemented
with careful thought and strong
rationale.
Testing of each configuration is
thorough, and well-documented.
Making use of advanced
approaches.
Security assessment is
completed and presented with
potential risks identified and
mitigation strategies proposed
and detailed.
Security
assessment is
attempted but not
completed.
COURSEWORK ASSESSMENT DESCRIPTION 2022/2023
MODULE DETAILS:
Module Number: 661982 Trimester: 1
Module Title: Secure Digital Infrastructure
Lecturer: Dr. Ahmed Moustafa
COURSEWORK DETAILS:
Assessment Number: 1 of 2
Title of Assessment:
Format: Report
Method of Working: Individual
Workload Guidance: Typically, you should
expect to spend between
40
and
80 hours on this assessment
Length of
Submission:
This assessment should be no
more than:
(over length submissions may have
only parts of the work marked as
per University policy)
2000 words
(excluding diagrams, appendices,
references, code)
PUBLICATION:
SUBMISSION:
ONE copy of this
assessment should
be handed in via:
Canvas If Other (state method)
Time and date for
submission: Time 2pm Date
Friday 22nd Dec
2023
If multiple hand–ins
please provide
details:
Will submission be
scanned via
TurnitinUK?
Yes
For Turnitin, these should be one of the allowed types
e.g. Word, RT, PDF, PPT, XLS etc.
Specify any particular requirements in the submission
details on TurnItIn.
Unless specified: students MUST NOT submit ZIP or
other archive formats unless specified.
Students can ONLY submit ONE file and must ensure
they upload the correct file. Normally only the LAST
submission will be considered – the last submission is
late it should incur a late penalty.
The assessment must be submitted no later than the time and date shown above, unless an
extension has been authorized.
Friday 20th Oct 2023 Date of issue:
2
MARKING:
ASSESSMENT:
The assessment is
marked out of:
100 and is worth
60
% of the
module
marks
N.B If multiple hand-ins please indicate the marks and % apportioned to each stage above (i.e.
Stage 1 – 50, Stage 2 – 50). It is these marks that will be presented to the exam board.
ASSESSMENT STRATEGY AND LEARNING OUTCOMES:
The overall assessment strategy is designed to evaluate the student’s achievement of the module
learning outcomes, and is subdivided as follows:
LO/
Competency
Learning Outcome/Competency Method of Assessment
{e.g. report, demo}
1(6),
2(6),
3(6)
The program competency statement
Report
Report
Report
Assessment Criteria Contributes to
Learning Outcome
Mark
An Assessment Criteria Grid is inserted below.
FEEDBACK
Feedback will be
given via: Canvas
Feedback will
be given via: Canvas
Exemption
(staff to explain
why)
Feedback should be provided no later than 4 ‘teaching weeks’ after the submission date.
You are advised to read the NOTES regarding late penalties, over-length assignments, academic
misconduct and quality assurance in your student handbook, which is available on Canvas.
Student Name Marking will be by:
661982 Secure Digital Infrastructure ACW
1
Secure Digital Infrastructure
(661982)
ACW (60% of Module)
Virtual Machine Configuration
661982 Secure Digital Infrastructure ACW
2
Deliverables:
Virtual Machine Practical Report:
(PDF)
Friday 22nd Dec by 2 pm 60%
Assignment
Please read the below sub-sections carefully. The report needs to be submitted on the
module page on Canvas.
661982 Secure Digital Infrastructure ACW
3
Virtual Machine Configuration
A leading Japanese Biotech company has recently acquired some virtual machine resources
to begin deployment of their research data management system and to additionally facilitate
in-house research and development.
You have been given a freshly created Virtual Machine which will need configuring
appropriately. Your role as administrator for this company is to configure these systems and
maintain them.
Task:
1. Secure, with justification, the root user account
2. Setup administrative users for yourself and another one for the module leader
(Ahmd Moustafa)
3. Set-up and correctly configure the SSH server, taking into account all user account
requirements.
4. Create accounts where needed for the following persons:
a. Katsuhide Fujita - Head of R&D
b. Naoko Yamaguchi - Lead Scientist
c. Kai Yoshino- Is an intern (Kun) with the company and is being closely
supervised by Naoko. He will require access to materials which Naoko will
place in a folder in /srv/ for him to access as part of his training.
d. Shota Suzuki – Media Manager, requiring access to
/srv/http to see, and put any promotional material. Shota is not familiar withCLI,
and only requires SFTP access infrequently.
e. Daiki Setoguchi & Makoto Hagiwara - Company research engineers who
need access to dedicated project materials for on-going development.
These also reside in /srv/.
f. Yuya Kondo - Quality Manager responsible for verifying that developed work
conforms to company standards and works appropriately.
5. Store, and secure access to, a research project data directory (under /srv/) for
research engineers to have access to. Research engineers should have full access
to the research projects’ folders; however, the quality managers should not be able
to change the research data, only check the experimentation data for compliance
and whether they follow the quality guidelines. Senior members of the company
such as the Lead Scientist and the Head of R&D should be able to oversee any
company research project/asset. On occasion they will contribute to research
projects developed by Daiki and Makoto.
6. Conduct a comprehensive security assessment and audit of the configured system.
Identify potential security risks, vulnerabilities, and areas of improvement. Propose
and justify strategies for managing and mitigating these risks. Include steps for
responding to security incidents and maintaining an updated security posture.
7. Critical reflection section: reflecting on the process of learning these tools, and of
configuring the VM to this specification. This can include challenges faced (such as
error messages) and how you solved them, as well as personal reflections on the
process as a whole.
661982 Secure Digital Infrastructure ACW
4
As Kai has just started, Naoko does not yet have any materials to send him; however,
she still requires a place to put these when ready.
Kai has been told he should normally use private keys; however, he asks if he can login
with password only from the following host on the local network: (150.237.92.8 );
Everywhere else he has private keys to login.
First Steps
Follow the vSphere access instructions, including VPN access.
Each VM has internet connection for downloading any packages you may need. Each of
your VMs is also in a subnetwork, therefore enabling communication between your
colleagues for testing purposes. Note: Any abuse of this will be dealt with severely.
You should request a reset of your Virtual Machine when you are ready to attempt this
assignment task, as it will require documenting your progression. See the “What if
things go wrong / needs resetting” section below for details on resetting back to the
template.
What if things go wrong / needs resetting?
It is possible for you to misconfigure your machine which will result in your being locked out.
In some cases, even using the vSphere login web console might not be possible. If you have
fully locked yourself out, and a snapshot isn’t available to roll-back to, then you may request
your VM be reset back to the template by opening a Virtual Machine ticket on
support.hull.ac.uk putting “For the attention of Andrew Hancock” at the top.
Please ensure you include your 6-digit ADIR number so your response can be dealt with
promptly.
This WILL wipe your VM back to the original workshop starting point, and will require you to
reinstall many packages which you may be familiar with from workshops.
Also note, it may take time for these to be reset depending on the current workload of ICTD,
therefore consider this a warning against last minute VM configurations close to the
deadline.
661982 Secure Digital Infrastructure ACW
5
Deliverable
A PDF report ( Minimum 4 pages; Maximum 8 pages ) detailing the steps from the initial
machine given to you, towards the goal of configuring to the above specification. You should
provide clear and justified rationale for decisions made.
You should include steps taken to verify that changes implemented are working as intended.
You may utilise additional software which is required to be installed via pacman; however,
these must be justified and fit-for-purpose.
Cover page, table of contents page, appendices, and references sections do not count
towards the page limit.
Note: Your VM will NOT be inspected for being awarded marks. Therefore you should
ensure that your documented progress sufficiently shows the steps taken. It is expected that
when performing configuration steps that these are done optimally and with consideration of
security of the system such as proper root and non-root administrative account use
661982 Secure Digital Infrastructure - CRG
ACW - Virtual Machine Configuration
Learning Outcome/
Competencies
Criterion Pass 2:2 2:1 1st Upper 1st
1- Select and
use
appropriate
development
tools and
practices.
2- Design and
engineer
software/hard
ware-based
systems
3- Analyze
complex
systems and
use Design
Thinking to
develop
effective
Digital
Transformatio
ns.
Virtual Machine
Configuration
based upon
provided
specification
(60%)
VM is minimally
configured.
SSH is configured
minimally to allow
remote access for a
non-root user.
An administrative user
is created.
File/Folder
permissions, if
attempted, are
erroneous.
Report covers major
aspects of configuring
the VM, but may be
missing critical
reflection.
No security
assessment
attempted.
In addition to
previous.
Remote
connections using
private keys may be
erroneous in
places.
Administrative
users are in-place.
Some of the
non-administrator
users are
attempted.
Testing is limited in
scope, and may be
missing in others.
File/Folder
permissions are
attempted, with
some error.
In addition to previous.
VM Configuration is mostly
complete, some errors may
exist, or some constraints
unmet.
Testing of configuration is
mostly correct and
complete.
Critical reflection is
present, and appropriate.
File/Folder permissions are
correct and appropriate.
Security assessment is
completed and presented
but may not fully identify
potential risks.
In addition to previous.
Report is well-written and
structured, showing strong
evidencing of process.
Report critically evaluates
alternative approaches with
respect to the specification.
Testing of each configuration is
thorough, and well-documented.
Critical reflection is thoughtful
and covers thoroughly the
process of undertaking the
assignment.
File/Folder permissions are
correct, appropriate, and
well-justified.
Security assessment is
completed and presented with
potential risks identified.
In addition to previous.
The specification is expertly
broken down into its
requirements and implemented
with careful thought and strong
rationale.
Testing of each configuration is
thorough, and well-documented.
Making use of advanced
approaches.
Security assessment is
completed and presented with
potential risks identified and
mitigation strategies proposed
and detailed.
Security
assessment is
attempted but not
completed.
