Chat with us, powered by LiveChat Term Paper: Penetration Testing - Uni Pal

Term
Paper: Penetration Testing

Due
Week 10 and worth 120 points

As
a penetration tester, you are hired as a consultant by a small- to mid-sized
business that is interested in calculating its overall security risk today,
January 1, 2012. The business specializes in providing private loans to college
students. This business uses both an e-Commerce site and point-of-sales devices
(credit card swipes) to collect payment. Also, there exist a number of file
transfer operations where sensitive and confidential data is transferred to and
from several external partnering companies. The typical volume of payment
transactions totals is approximately $100 million. You decide that the risk
assessments are to take into account the entire network of workstations, VoIP
phone sets, servers, routers, switches and other networking gear. During your
interview with one of the business’s IT staff members, you are told that many
external vendors want to sell security networking products and software
solutions. The staff member also claimed that their network was too “flat.”
During the initial onsite visit, you captured the following pertinent data to
use in creation of the Penetration Test Plan.

  • Non-stateful
    packet firewall separates the business’s internal network from its DMZ.
  • All departments–including
    Finance, Marketing, Development, and IT–connect into the same enterprise
    switch and are therefore on the same LAN. Senior management (CEO, CIO,
    President, etc.) and the Help Desk are not on that LAN; they are connected
    via a common Ethernet hub and then to the switched LAN.
  • All of
    the workstations used by employees are either Windows 98 or Windows XP.
    None of the workstations have service packs or updates beyond service pack
    one.
  • Two (2)
    Web servers containing customer portals for logging in and ordering
    products exist on the DMZ running Windows 2000 Server SP1, and IIS v5.
  • One (1)
    internal server containing Active Directory (AD) services to authenticate
    users, a DB where all data for the company is stored (i.e. HR, financial,
    product design, customer, transactions). The AD server is using LM instead
    of NTLM.

Write
a six to eight (6-8) page paper in which you:

  1. Explain
    the tests you would run and the reason(s) for running them (e.g. to support
    the risk assessment plan).
  2. Determine
    the expected results from tests and research based on the specific
    informational details provided. (i.e., IIS v5, Windows Server 2000, AD
    server not using NTLM)
  3. Analyze
    the software tools you would use for your investigation and reasons for
    choosing them.
  4. Describe
    the legal requirements and ethical issues involved.
  5. Using
    Visio or its open source alternative, provide a diagram of how you would
    redesign this business’ network. Include a description of your drawing. Note: The graphically depicted
    solution is not included in the required page length.
  6. Propose
    your final recommendations and reporting.
    Explain what risks exist and ways to either eliminate or reduce the
    risk.
  7. Use at
    least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality
    resources.

Your
assignment must follow these formatting requirements:

  • Be
    typed, double spaced, using Times New Roman font (size 12), with one-inch
    margins on all sides; citations and references must follow APA or
    school-specific format. Check with your professor for any additional
    instructions.
  • Include
    a cover page containing the title of the assignment, the student’s name,
    the professor’s name, the course title, and the date. The cover page and
    the reference page are not included in the required assignment page
    length.

Points:
120

Term
Paper: Penetration Testing

Criteria

Unacceptable

Below 60% F

Meets Minimum Expectations

60-69% D

Fair

70-79% C

Proficient

80-89% B

Exemplary

90-100% A

1. Explain the tests you would run and the reason(s) for
running them (e.g. to support the risk assessment plan).

Weight 10%

Did not submit or incompletely explained the tests you
would run and the reason(s) for running them (e.g. to support the risk
assessment plan).

Insufficiently explained the tests you would run and the
reason(s) for running them (e.g. to support the risk assessment plan).

Partially explained the tests you would run
and the reason(s) for running them (e.g. to support the risk assessment plan).

Satisfactorily explained the tests you would run and the
reason(s) for running them (e.g. to support the risk assessment plan).

Thoroughly explained the tests you would run and the
reason(s) for running them (e.g. to support the risk assessment plan).

2. Determine the expected results from tests and research
based on the specific informational details provided.
Weight: 10%

Did not submit or incompletely determined the expected
results from tests and research based on the specific informational details
provided.

Insufficiently determined the expected results from tests
and research based on the specific informational details provided.

Partially determined the expected results
from tests and research based on the specific informational details provided.

Satisfactorily determined the expected results from tests
and research based on the specific informational details provided.

Thoroughly determined the expected results from tests and
research based on the specific informational details provided.

3. Analyze the software tools you would use for your
investigation and reasons for choosing them.

Weight: 15%

Did not submit or incompletely analyzed the software
tools you would use for your investigation and reasons for choosing them.

Insufficiently analyzed the software tools you would use
for your investigation and reasons for choosing them.

Partially analyzed the software tools you
would use for your investigation and reasons for choosing them.

Satisfactorily analyzed the software tools you would use
for your investigation and reasons for choosing them.

Thoroughly analyzed the software tools you would use for
your investigation and reasons for choosing them.

4. Describe the legal requirements and ethical issues
involved.

Weight: 15%

Did not submit or incompletely described the legal
requirements; did not submit or incompletely described ethical issues
involved.

Insufficiently described the legal requirements;
insufficiently described ethical issues involved.

Partially described the legal requirements;
partially described ethical issues involved.

Satisfactorily described the legal requirements;
satisfactorily described ethical issues involved.

Thoroughly described the legal requirements; thoroughly
described ethical issues involved.

5. Using Visio or its open source alternative, provide a
diagram of how you would redesign this business’ network. Include a
description of your drawing.

Weight: 20%

Did not submit or incompletely provided a diagram of how
you would redesign this business’ network using Visio or its open source
alternative. Did not submit or incompletely included a description of your
drawing.

Insufficiently provided a diagram of how you would
redesign this business’ network using Visio or its open source alternative.
Insufficiently included a description of your drawing.

Partially provided a diagram of how you would
redesign this business’ network using Visio or its open source alternative.
Partially included a description of your drawing.

Satisfactorily provided a diagram of how you would
redesign this business’ network using Visio or its open source alternative.
Satisfactorily included a description of your drawing.

Thoroughly provided a diagram of how you would redesign
this business’ network using Visio or its open source alternative. Thoroughly
included a description of your drawing.

6. Propose your final recommendations and reporting. Explain what risks exist and ways to either
eliminate or reduce the risk.

Weight: 15%

Did not submit or incompletely proposed your final
recommendations and reporting. Did not
submit or incompletely explained what risks exist and ways to either
eliminate or reduce the risk.

Insufficiently proposed your final recommendations and
reporting. Insufficiently explained
what risks exist and ways to either eliminate or reduce the risk.

Partially proposed your final recommendations
and reporting. Partially explained
what risks exist and ways to either eliminate or reduce the risk.

Satisfactorily proposed your final recommendations and
reporting. Satisfactorily explained
what risks exist and ways to either eliminate or reduce the risk.

Thoroughly proposed your final recommendations and
reporting. Thoroughly explained what
risks exist and ways to either eliminate or reduce the risk.

7. 3 references

Weight: 5%

No references provided

Does not meet the required number of references; all
references poor quality choices.

Does not meet the required number of references; some
references poor quality choices.

Meets number of required references; all references high
quality choices.

Exceeds number of required references; all references
high quality choices.

8. Clarity, writing mechanics, and formatting
requirements

Weight: 10%

More than 8 errors present

7-8 errors present

5-6 errors present

3-4 errors present

0-2 errors present

error: Content is protected !!