KOLEJ KEMAHIRAN TINGGI MARA LEDANG
DIPLOMA IN BIOMEDICAL ELECTRONICS ENGINEERING
SESSION JANUARY – JUNE 2024
DBI40033
COMPUTER NETWORKING
ASSIGNMENT
1. NURUL HANIISAH BINTI AHMAD ( DB22226 )
NAME &
MARIX NO.
2. KHAIRUNABILA BINTI BAHAROM ( DB12219 )
PROGRAM
DKB
CLASS
C4A
DATE
LECTURER AHMAD NOOR ARIFF BIN ZAINAL ABIDIN
MARKS
PREPARED BY
CHECKED BY
ASSIGNMENT
SENARIO 1:
Using web search engines like Google, research the non-profit organizations that are
responsible for establishing international standards for the internet and the
development of internet technologies.
Task:
You can find answers to the questions below by searching the following organizational
acronyms and terms: ISO, ITU, ICANN, IANA, IEEE, EIA, TIA, ISOC, IAB, IETF, W3C,
RFC, and Wi-Fi Alliance.
1. Which two related organizations are responsible for managing the top-level domain
name space and the root Domain Name System (DNS) name servers on the
internet?
2. What organization is responsible for publishing Request for Comments (RFC)?
3. What do RFC 349 and RFC 1700 have in common?
4. What RFC number is ARPAWOCKY? What is it?
5. Who founded the World Wide Web Consortium (W3C)?
6. Name 10 World Wide Web (WWW) standards that the W3C develops and
maintains?
7. What is the IEEE standard for the Wi-Fi Protected Access 2 (WPA2) security
protocol?
8. Is the Wi-Fi Alliance a non-profit standards organization? What is their goal?
9. What is the International Telecommunication Union (ITU) and where is it
headquartered?
10. Name the three ITU sectors.
11. What does the RS in RS-232 stand for and which organization introduced it?
12. What is SpaceWire?
13. What is the mission of the ISOC and where are its headquarters located?
14. What organizations does the IAB oversee?
2
ASSIGNMENT
SENARIO 2:
To defend a network against attacks, an administrator must identify external threats
that pose a danger to the network. Security websites can be used to identify emerging
threats and provide mitigation options for defending a network.
One of the most popular and trusted sites for defending against computer and network
security threats is SysAdmin, Audit, Network, Security (SANS). The SANS site
provides multiple resources, including a list of the top 20 Critical Security Controls for
Effective Cyber Defense and the weekly @Risk: The Consensus Security Alert
newsletter. This newsletter details new network attacks and vulnerabilities.
You will navigate to and explore the SANS site, use the SANS site to identify recent
network security threats, research other websites that identify threats, and research
and present the details about a specific network attack.
Task:
1. Search the internet for SANS. From the SANS home page, click on FREE
Resources. List three available resources.
2. From the Newsletters page, select Archive for the @RISK: The Consensus Security
Alert. Scroll down to Archives Volumes and select a recent weekly newsletter.
Review the Notable Recent Security Issues and Most Popular Malware Files
sections. List two (2) recent vulnerabilities. Browse multiple recent newsletters.
3. Besides the SANS site, identify some other websites that provide recent security
threat information. List two (2) of the recent security threats detailed on these
websites.
4. Research a specific network attack that has occurred and create a presentation
based on your findings. Complete the form below based on your findings.
3
ASSIGNMENT
SENARIO 1 ANSWERS :
1. The Internet Corporation for Assigned Name and Numbers ( ICANN ) and Internet Assigned
Number Authority ( IANA ) are two organizations responsible for managing the top-level
domain name space and the root Domain Name System (DNS ) name server on the Internet
2. The Internet Task Force ( IETF ) is responsible for publishing Request for Comments (RFC).
3. RFC 349 and RFC 1700 are both offer application port, protocol, socket and link.
4. RFC number for ARPAWOCKY is RFC 527 a parody of Lewis Carroll’s nonsense poem ‘’
Jabberwocky ‘’.
5. The World Wide Web Consortium (W3C) was founded by Tim Berners-Lee at Massachusetts
Institute of Technology in October 1994.
6. 1) HTML ( Hypertext Markup Language )
2) RDF ( Resource Description Framework )
3) HTTP ( Hypertext Transfer Protocol )
4) CSS ( Cascading Style Sheets )
5) SVG ( Scalable Vector Graphics )
6) XML ( Extensible Markup Language )
7) WebRTC ( Web Real – Time Communication )
8) WebAuthn ( Web Authentication )
9) WebIDL ( Web Interface Definition Language )
10) Web Audio API
7. The IEEE standard for the Wi-Fi Protected Access 2 ( WPA2 ) security protocol is IEEE
802.11i which is 802.11 standard specifying security mechanisms for wireless networks.
8. The Wi-Fi Alliance is a non-profit organization that owns the Wi-Fi trademark. Manufacturers
may use the trademark to brand products certified for Wi-Fi interoperability. Tizatihe goal of
Wi-Fi Alliance is
4
ASSIGNMENT
-
Fostering highly effective global collaboration among member companies
-
Delivering excellent connectivity experiences through interoperability
-
Embracing technology and driving innovation
-
Promoting the adoption of our technologies worldwide
-
Advocating for fair worldwide spectrum rules
-
Leading, developing, and embracing industry-agreed standard
9. The International Telecommunication Union is the United Nations specialized agency for
information and communication technologies. It is committed to connecting all the world's people –
wherever they live and whatever their mean. ITU, headquartered in Geneva, Switzerland.
10. ITU has three main areas of activity organized in three Sectors :
-
The Radiocommunication Sector (ITU-R)
-
The Telecommunication Standardization Sector (ITU-T)
-
The Telecommunication Development Sector (ITU-D)
11. RS 232 ( the ‘’RS’’ stands for ‘’ recommended standard ) was introduced in 1962 by the EIA’s
Radio Sector as a standard for serial communication between data terminal equipment ( such
as a computer terminal ) and data communication equipment ( later redefined as data circuitterminating equipment ) , typically a modem.
12. SpaceWire is a spacecraft communication network based in part on the IEEE Space Agency
standard of communications.
13. Mission is "to promote the open development, evolution, and use of the Internet for the benefit
of all people throughout the world". It has offices in Reston, Virgina, U.S.
14. The IAB supervises the Internet Engineering Task Force (IETF), which oversees the evolution
of TCP/IP, and the Internet Research Task Force (IRTF), which works on network technology.
5
ASSIGNMENT
SENARIO 2 ANWSER :
1. A ) Webcasts
B ) Free Cybersecurity Events
C ) Focus Areas
2. A ) Analyzed in depth by various sources
B ) Exploits
6
ASSIGNMENT
3. A ) Recent ‘MFA Bombing’ Attacks Targeting Apple Users
B ) A Deep Dive on the Recent Widespread DNS Hijacking Attacks
7
ASSIGNMENT
Complete the following form for the selected network attack.
Name of attack:
Recent ‘MFA Bombing’ Attacks
Targeting Apple Users
Type of attack:
Phishing attacks
Dates of attacks:
March 2023
Apple
Computers / Organizations affected:
How it works and what it did:
Appears to be a bug in Apple’s password reset feature. In this scenario, a
target’s Apple devices are forced to display dozens of system-level prompts
that prevent the devices from being used until the recipient responds “Allow”
or “Don’t Allow” to each prompt. Assuming the user manages not to fatfinger the wrong button on the umpteenth password reset request, the
scammers will then call the victim while spoofing Apple support in the caller
ID, saying the user’s account is under attack and that Apple support needs
to “verify” a one-time code.
The phishers abuse a feature or weakness of a multi-factor authentication
(MFA) system in a way that inundates the target’s device(s) with alerts to
approve a password change or login.
All devices started blowing up, watch, laptop and phone.It was like this
system notification from Apple to approve a reset of the account password
but couldn’t do anything else with phone. Had to go through and decline like
100-plus notifications.
Some people confronted with such a deluge may eventually click Allow to
the incessant password reset prompts, just so they can use their phone
again. Others may inadvertently approve one of these prompts, which will
also appear on a user’s Apple watch if they have one.
But the attackers in this campaign had an ace up their sleeves. After
denying all of the password reset prompts from Apple, they received a call
on their iPhone that said it was from Apple Support (the number displayed
was 1-800-275-2273, Apple’s real customer support line).
Mitigation options:
One caveat with the VOIP number idea: Unless include a real mobile
number, Apple’s iMessage and Facetime applications will be disabled for
that device. Apple’s password reset system will accept and respect email
aliases. Adding a “+” character after the username portion of your email
address — followed by a notation specific to the site you’re signing up
References and info links:
Krebs, B. (2024, March). Recent MFA Bombing Attacks Targeting Apple
Users. Krebs on Security. https://krebsonsecurity.com/2024/03/recent-mfabombing-attacks-targeting-apple-users/
8
ASSIGNMENT
9