Essay Available:
100% (1)
page:
5 pages/≈1375 words
Sources:
10
Style:
APA
Subject:
IT & Computer Science
Type:
Coursework
Language:
English (U.S.)
Document:
MS Word
Date:
Total cost:
$ 36.45
Topic:

Project 2: Discovery

Coursework Instructions:
Project 2: Discovery Hide Assignment Information Turnitin™ Turnitin™ enabledThis assignment will be submitted to Turnitin™. Instructions Complete the relevant section in the Penetration Testing Report. It is highly recommended you reuse the same document you used in the previous project. Again, the section to complete is aligned to the Penetration Testing phase hands-on work you completed in this project. Attachments Penetration Testing Report Template.docx (51.97 KB) Hide Rubrics Rubric Name: Project 2: Discovery Competency Exceeds Performance Requirements Meets Performance Requirements Does Not Meet Performance Requirements 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment. 1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation. 2.2: Consider and analyze information in context to the issue or problem. 7.2: Includes the process of identifying, quantifying, and prioritizing the vulnerabilities in a system. Vulnerability from the perspective of disaster management includes assessing the threats from potential hazards to the population & to infrastructure. Overall Score Feedback Associated Learning Objectives Learning Objective 7.2.1: Demonstrate ability to identify threats/risks and vulnerabilities taking into account the frequency, probability, speed of development, severity and reputational impact to achieve a holistic view of risk across the entity. Assessment Method: Score on Criteria - 7.2: Includes the process of identifying, quantifying, and prioritizing the vulnerabilities in a system. Vulnerability from the perspective of disaster management includes assessing the threats from potential hazards to the population & to infrastructure. Required Performance: Meets Performance Requirements Learning Objective 7.2.2: Demonstrate ability to classify risks according to relevant criteria including, but not limited to: risks under the entity's control, risks beyond the entity's control, risks with prior warnings, and risks with no prior warnings. Assessment Method: Score on Criteria - 7.2: Includes the process of identifying, quantifying, and prioritizing the vulnerabilities in a system. Vulnerability from the perspective of disaster management includes assessing the threats from potential hazards to the population & to infrastructure. Required Performance: Meets Performance Requirements Learning Objective 7.2.3: Demonstrate ability to identify the organization's risk exposures from both internal and external sources. Assessment Method: Score on Criteria - 7.2: Includes the process of identifying, quantifying, and prioritizing the vulnerabilities in a system. Vulnerability from the perspective of disaster management includes assessing the threats from potential hazards to the population & to infrastructure. Required Performance: Meets Performance Requirements Learning Objective 7.2.4: Explain the proper use of penetration testing and vulnerability scanning for vulnerability assessments. Assessment Method: Score on Criteria - 7.2: Includes the process of identifying, quantifying, and prioritizing the vulnerabilities in a system. Vulnerability from the perspective of disaster management includes assessing the threats from potential hazards to the population & to infrastructure. Required Performance: Meets Performance Requirements Learning Objective 7.2.5: Explain the impact of penetration testing and vulnerability scanning on OT systems and know when to use such techniques. Assessment Method: Score on Criteria - 7.2: Includes the process of identifying, quantifying, and prioritizing the vulnerabilities in a system. Vulnerability from the perspective of disaster management includes assessing the threats from potential hazards to the population & to infrastructure. Required Performance: Meets Performance Requirements Learning Objective 7.2.6: Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems. Assessment Method: Score on Criteria - 7.2: Includes the process of identifying, quantifying, and prioritizing the vulnerabilities in a system. Vulnerability from the perspective of disaster management includes assessing the threats from potential hazards to the population & to infrastructure. Required Performance: Meets Performance Requirements Learning Objective 7.2.7: Knowledge of penetration testing principles, tools, and techniques (e.g., metasploit, neosploit). Assessment Method: Score on Criteria - 7.2: Includes the process of identifying, quantifying, and prioritizing the vulnerabilities in a system. Vulnerability from the perspective of disaster management includes assessing the threats from potential hazards to the population & to infrastructure. Required Performance: Meets Performance Requirements Learning Objective 7.2.8: Knowledge of system and application security threats and vulnerabilities. Assessment Method: Score on Criteria - 7.2: Includes the process of identifying, quantifying, and prioritizing the vulnerabilities in a system. Vulnerability from the perspective of disaster management includes assessing the threats from potential hazards to the population & to infrastructure. Required Performance: Meets Performance Requirements Learning Objective 7.2.9: Knowledge of penetration testing principles, tools, and techniques (e.g., metasploit, neosploit). Assessment Method: Score on Criteria - 7.2: Includes the process of identifying, quantifying, and prioritizing the vulnerabilities in a system. Vulnerability from the perspective of disaster management includes assessing the threats from potential hazards to the population & to infrastructure. Required Performance: Meets Performance Requirements Learning Objective 7.2.10: Skill in utilizing exploitation tools (e.g., Foundstone, fuzzers, packet sniffers, debug) to identify system/software vulnerabilities (e.g., penetration and testing). Assessment Method: Score on Criteria - 7.2: Includes the process of identifying, quantifying, and prioritizing the vulnerabilities in a system. Vulnerability from the perspective of disaster management includes assessing the threats from potential hazards to the population & to infrastructure. Required Performance: Meets Performance Requirements Learning Objective 7.2.11: Skill in utilizing network analysis tools to identify software communications vulnerabilities. Assessment Method: Score on Criteria - 7.2: Includes the process of identifying, quantifying, and prioritizing the vulnerabilities in a system. Vulnerability from the perspective of disaster management includes assessing the threats from potential hazards to the population & to infrastructure. Required Performance: Meets Performance Requirements Learning Objective 7.2.12: Ability to identify systemic security issues based on the analysis of vulnerability and configuration data. Assessment Method: Score on Criteria - 7.2: Includes the process of identifying, quantifying, and prioritizing the vulnerabilities in a system. Vulnerability from the perspective of disaster management includes assessing the threats from potential hazards to the population & to infrastructure. Required Performance: Meets Performance Requirements Submit Assignment Files to submit (0) file(s) to submit After uploading, you must click Submit to complete the submission.
Coursework Sample Content Preview:
lefttop FIC BANK FICBANK SYSTEM Penetration Testing Plan & Report Version 1.0 April 2024 Table of Contents TOC \o "1-3" \h \z \u 1.Executive Summary PAGEREF _Toc160094718 \h 42.Rules of Engagement PAGEREF _Toc160094719 \h 42.1.Introduction PAGEREF _Toc160094720 \h 42.1.1.Penetration Testing PAGEREF _Toc160094721 \h 42.1.2.Vulnerability Testing PAGEREF _Toc160094722 \h 52.1.3.Post-Testing Actions PAGEREF _Toc160094723 \h 53.Penetration Testing Methodologies PAGEREF _Toc160094724 \h 63.1.Phase 1: Reconnaissance and Enumeration PAGEREF _Toc160094725 \h 63.1.1.Publicly Available Information PAGEREF _Toc160094726 \h 63.1.2.Service Banner and Fingerprinting Information PAGEREF _Toc160094727 \h 63.1.3.Live Hosts PAGEREF _Toc160094728 \h 63.1.4.Traceroute PAGEREF _Toc160094729 \h 73.1.5.Nmap PAGEREF _Toc160094730 \h 73.2.Phase 2: Vulnerability Discovery PAGEREF _Toc160094731 \h 73.2.1.Live Hosts PAGEREF _Toc160094732 \h 73.2.2.Open Ports and Services PAGEREF _Toc160094733 \h 83.2.3.Nikto PAGEREF _Toc160094734 \h 83.2.4.Nessus PAGEREF _Toc160094735 \h 83.3.Phase 3: Exploitation PAGEREF _Toc160094736 \h 83.3.1.Findings PAGEREF _Toc160094737 \h 93.4.Phase 4: Recommendations PAGEREF _Toc160094738 \h 94.Appendices of Evidence PAGEREF _Toc160094739 \h 104.1.Appendix A – Reconnaissance and Enumeration Phase PAGEREF _Toc160094740 \h 104.2.Appendix B – Vulnerability Discovery Phase PAGEREF _Toc160094741 \h 104.3.Appendix C – Exploitation Phase PAGEREF _Toc160094742 \h 104.4.Appendix C – Post-Exploitation Cleanup Phase PAGEREF _Toc160094743 \h 10 Penetration Testing Plan & Report (PTR) Prepared By Organization that Prepared this Document 63417-59000 Organization Name University of Maryland Global Campus Penetration Testing Team Street Address 3501 University Blvd East Suite/Room/Building City, State, Zip Adelphi, MD 20783 Prepared For Organization that Prepared this Document Organization Name FICBANK Street Address 2386 Highway 76 Suite/Room/Building City, State, Zip Denver, Colorado 80201 Document Revision History Version Date Pages Description Author 1.0 18/4/2024 All Project 1 Richard Nuwor 1 Executive Summary FICBANK offers a software as a service (SaaS) cloud service offering to the federal agency Department of University and has retained University of Maryland Global Campus Penetration Testing Team (UMGC PTT) to perform a penetration test (pen test) of FICBANK systems in accordance with all federal laws, regulations, and statues to include the National Institute of Standards in Technology (NIST). The FICBANK pen test is a representation of the security posture as of the end of date of penetration testing (pen testing), prior to any mitigation. This Penetration Test Report (PTR) provides the results of the activities performed and serves as a permanent record of the pen testing activities. The testing including automated and manual activities using the pen testing tool Kali Linux, native operating system tool command prompt, and manual testing. 2 Rules of Engagement During the pen test, the UMGC PTT will attempt to identify exploitable weaknesses of FICBANK system including but not limited to application flaws, improper configurations, and end-user behavior to evaluate the company’s security policy compliance, employee’s security awareness, and the organization’s ability to identify and respond to security incidents. Findings will be validated, documented, and given an appropriate impact rating when can be found in the Table under the Findings section of this report. The primary goal of this penetration test includes: List 3-5 goals of penetration testing * Vulnerability Identification * Risk Assessment * Incident Response 1 Introduction Under the Federal Information Security Management Act of 2002 (FISMA), the Office of Management and Budget (OMB) directed NIST to develop specific guidance for federal agencies and those providing services on behalf of federal agencies, to test and assess the security of their information systems. Network vulnerability assessment and penetration testing of information systems are for all information systems within the federal government. This testing is in accordance with the guidance found in the NIST Special Publication (SP) 800-115, Technical Guide to Information Security Testing and Assessment, which provides specific guidance for conducting these tests and assessments, including guidance for developing Rules of Engagement (ROE). This ROE establishes guidelines for the UMGC PTT to conduct vulnerability assessments and penetration testing of system and network components throughout the FICBANK enterprise. Within this document and unless otherwise specified, the terms “test” and “testing” refer to both network vulnerability assessment and penetration testing used to evaluate FICBANK systems. This docu...
Updated on
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now:
Order

👀 Other Visitors are Viewing These APA Essay Samples:

© Essayzoo.org 2025
We are an established and reputable company, with over 10 years in the essay business.
Terms of Service | Privacy Policy | Essays for Sale | Essay Rewriter | APA Generator Tool | Topic Generator | Text Summarizer | Thesis Statement Generator
Sign In
Not register? Register Now!