External and internal penetration testing

Assignment Help Operating System
Reference no: EM13830812

As a penetration tester, you are hired as a consultant by a small- to mid-sized business that is interested in calculating its overall security risk today, January 1, 2012. The business specializes in providing private loans to college students. This business uses both an e-Commerce site and point-of-sales devices (credit card swipes) to collect payment. Also, there exist a number of file transfer operations where sensitive and confidential data is transferred to and from several external partnering companies. The typical volume of payment transactions totals is approximately $100 million. You decide that the risk assessments are to take into account the entire network of workstations, VoIP phone sets, servers, routers, switches and other networking gear. During your interview with one of the business's IT staff members, you are told that many external vendors want to sell security networking products and software solutions. The staff member also claimed that their network was too "flat." During the initial onsite visit, you captured the following pertinent data to use in creation of the Penetration Test Plan.

  • Non-stateful packet firewall separates the business's internal network from its DMZ.
  • All departments--including Finance, Marketing, Development, and IT--connect into the same enterprise switch and are therefore on the same LAN. Senior management (CEO, CIO, President, etc.) and the Help Desk are not on that LAN; they are connected via a common Ethernet hub and then to the switched LAN.
  • All of the workstations used by employees are either Windows 98 or Windows XP. None of the workstations have service packs or updates beyond service pack one.
  • Two (2) Web servers containing customer portals for logging in and ordering products exist on the DMZ running Windows 2000 Server SP1, and IIS v5.
  • One (1) internal server containing Active Directory (AD) services to authenticate users, a DB where all data for the company is stored (i.e. HR, financial, product design, customer, transactions). The AD server is using LM instead of NTLM.

Write a six to eight (6-8) page paper in which you:

  1. Explain the tests you would run and the reason(s) for running them (e.g. to support the risk assessment plan).
  2. Determine the expected results from tests and research based on the specific informational details provided. (i.e., IIS v5, Windows Server 2000, AD server not using NTLM)
  3. Analyze the software tools you would use for your investigation and reasons for choosing them.
  4. Describe the legal requirements and ethical issues involved.
  5. Using Visio or its open source alternative, provide a diagram of how you would redesign this business' network. Include a description of your drawing. Note: The graphically depicted solution is not included in the required page length.
  6. Propose your final recommendations and reporting.  Explain what risks exist and ways to either eliminate or reduce the risk.
  7. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

  • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format.
  • Include a cover page containing the title of the assignment. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

  • Perform vulnerability analysis as well as external and internal penetration testing.
  • Demonstrate the ability to describe and perform penetration tests on communication media to include wireless networks, VoIPs, VPNs, Bluetooth and handheld devices.
  • Use technology and information resources to research issues in penetration testing tools and techniques.
  • Write clearly and concisely about Network Penetration Testing topics using proper writing mechanics and technical style conventions.

Reference no: EM13830812

Questions Cloud

Would you recommend accepting the offered contract : Your company manufactures controllers used in the production of commercial air conditioning units. Your current price is $50 per controller. At that price the total quantity demanded is 4,000 spread over a large number of small customers. Would you r..
Analyze essential elements of organizational culture : Analyze essential elements of organizational culture. Evaluate the influence of organizational culture on achieving organizational goals
Difference between a movement along and shiftof demand curve : difference between a movement along and shift of the demand curve
Does this group enough information to make good decision : Freemont insurance sells homeowners insurance. In a recent financial review, managers discovered that company performance was lagging behind projections. Does this group have enough information to make a good decision? Suppose adverse selection is at..
External and internal penetration testing : As a penetration tester, you are hired as a consultant by a small- to mid-sized business that is interested in calculating its overall security risk today, January 1, 2012.
Make the policy you recommended ineffective : Government could address the problem with increasing government spending, cutting taxes, or both. If the government decided to increase spending to address the problem, by how much should spending be increased?  What could happen to make the policy y..
Consider proportional sales tax and progressive sales tax : The simple case of a fixed per-unit tax is indicative of more complicated ones. Consider a proportional sales tax and a progressive sales tax. How do the tax revenues, and quantities produced compare in these various cases? Explain how value can be c..
Written assignment-mobile operating systems : When purchasing your latest cell phone, how much research did you do before you decided to purchase a particular phone? You probably reviewed major features or you may have even gone to great depth. Features are possible with operating systems sof..
Nature versus nurture-cultural bases for gender differences : To synthesize just means to combine various parts or elements together in order to draw conclusions. In a post of between 150 and 250 words, discuss the following prompt: Consider what your textbook says about "nature versus nurture" (Chapter 3) in r..

Reviews

Write a Review

 

Operating System Questions & Answers

  Determine transmission line speed

Imagine you are creating an application at work that transmits data record to another building within the similar city. The data records are 500 bytes in length,

  A portable file system i would like to solve the problem by

i would like to solve the problem by using c ltbrgtplease fellow requirements as well as also deliver it on time.

  Page fault with lru page replacement policy

Computer has 16 pages of virtual address space but only three physical pages frames. Initially physical memory is empty. Program references virtual pages in order 1,2,3,4,5,3,4,1,6,7,8,7,8,9,7,8,9,5,4,5,4,2 Which references a page fault with LRU ..

  Important information about windows operating system

Assume you have learned a great deal of important data about the Windows operating system so far. However, we have not even scratched the surface of the capabilities of Windows XP.

  Discuss five computer forensics tools

Use Library and internet resources to analyze five computer forensics tools. For each tool, list the vendor and its functions.

  Effectiveness of online security

Six months ago a toy corporation started to sell their items on the internet. Over this time period traffic to the website has raised substantially but few consumers have made online purchases.

  Determining race condition in protocol

What is race condition in this protocol?debitcard machine determine current value of card in dollars which is stored in value x.

  1 given the following code and the assembler equivalent to

1. given the following code and the assembler equivalent to the rightfor i999 igt0 i-- xixiyiloopnbspnbsp

  Compare and contrast guided versus wireless media

Imagine that you have been asked to prepare a paper that compares and contrasts guided vs. wireless media for inclusion in your corporation’s knowledge database.

  Discuss main reasons for it project failures

Discuss the main reasons for IT project failures? Are they because of problems with project management life cycle, product development life cycle,

  Testing a motherboard

Assume you wish to test a motherboard used in an installation before you proceed too far into the installation. From the devices listed below, choose the minimum devices

  Requirements model for aims project

Need help in finalizing the requirements model for Airlines Information Management System (AIMS) project. The requirements model require to include use case diagrams for the entire AIM system.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd