Homework answers / question archive / PROJECT-02: Security Root Causes Analysis and Prevention Techniques of Vulnerabilities in MongoDB with Singularity Linux Containers Project Outline: This is the second phase of “Project-01: Vulnerability Assessment of MongoDB in Linux Containers” (see zip “Project-01”)

PROJECT-02: Security Root Causes Analysis and Prevention Techniques of Vulnerabilities in MongoDB with Singularity Linux Containers Project Outline: This is the second phase of “Project-01: Vulnerability Assessment of MongoDB in Linux Containers” (see zip “Project-01”)

Computer Science

Share With

---

PROJECT-02: Security Root Causes Analysis and Prevention Techniques of Vulnerabilities in MongoDB with Singularity Linux Containers

Project Outline:

This is the second phase of “Project-01: Vulnerability Assessment of MongoDB in Linux Containers” (see zip “Project-01”). In the Project-02, you must find security root causes for at least 15 vulnerabilities found in Project-01 and thereafter you have to propose a prevention technique for each vulnerability. Before selecting vulnerabilities to find root causes, based on your own criteria, you may need to first, prioritize them such as “Low”, “Medium”, and “High” according to their severity level. Finally, if you could implement few of the proposed prevention techniques, you would get some extra credit (In detail steps are required).  

***When creating virtual box, please use virtual name as “Thao” when command is display showing name***

 

•             Step-01. Prioritize, vulnerabilities found in all the categories (Application, Image Containers, Host, and Network) in Project-01 (Hope you have already categorized all the vulnerabilities in Project-01, when you do the vulnerability assessment using various different tools). 

•             Step-02. Select at least 15 vulnerabilities from prioritized list to cover all the above categories (The vulnerability categorization is totally up to you).

•             Step-03. Plan, how to find root causes of each prioritized vulnerability.

•             Step-04. Find the root cause of each prioritized vulnerability in the current system.

•             Step-05. Propose a prevention technique as a security mechanism for each root cause of each prioritized vulnerability in the current system.

•             Step-06. Optional: If possible, implement the proposed security mechanism/technique in previous Step-05 into the current system, to avoid the particular vulnerability.

•             Step-07. Optional: After implementing proposed security mechanisms/technique in previous Step-06, Re-run all the experiments executed in Project-01 and make sure the updated system is free from those particular vulnerabilities.

•             Step-08. Write a Comprehensive report.

 

 Example:

A.            Vulnerability                   : MongoDB does not listens on a port different to default one

B.            Vulnerability Category   : MongoDB Application

C.            Severity (Priority)           : Low

D.            Root Cause                       : The MongoDB server is currently listening on default port 27017

E.            Prevention Technique(s) : Change the MongoDB server listening port to different one

F.            Implementation               : Changed the MongoDB server listening port from 27017 to 35000

G.           Security verification        : Re-run the MongoAudit basic scan and see the results

 

NOTE-01: Do not just limit to one or two tools, add more tools to the testbed and try to generate more results (Vulnerabilities). Thereafter, find the root causes for those vulnerabilities. One good idea is to make tables to represent your results.

NOTE-02: Do not just work on more than 5 simple vulnerabilities with very low severity. I am expecting you to work on at least 5 vulnerabilities in each severity level such as 5 from “Low”, 5 from “Medium”, and 5 from “High”. If you have not found at least five in each category, in order to find that much you may try to introduce more new tools.

NOTE-03: With proper citations you may use some online resource and materials to find root causes of vulnerabilities. Highly encourage to refer, peer reviewed papers published in IEEE, ACM, Elsevier, Springerlink, and other well-known journals.  

 

 

Report Outline:

Make a comprehensive report including the followings:

1. First page must include, Title, Group number, and Member’s names.

2. Second page, Table of Content.

3. Problem statement. (What you did?)

4. Organization/Flow. (How did you do? – Include Methods)

5. Results. (Include tables and graphs)

6. Conclusions/Findings.

7. References.

 

 

 

 

References:

[1]. https://www.gb-advisors.com/vulnerability-prioritization/

[2]. https://www.dummies.com/programming/networking/how-to-prioritize-your-systems-security-vulnerabilities/

[3]. https://arch.simplicable.com/arch/new/10-root-causes-of-security-vulnerabilites

[4]. https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7861655