Ethical Hacking and Network Defense Unit 1 Assignment
Table of Contents
Goals and Objectives
Production e-commerce Web application server and Cisco network described in Figure 1.1. Located on ASA_Instructor, the e-commerce Web application server is acting as an external point-of-entry into the network:
• Ubuntu Linux 10.04 LTS Server (TargetUbuntu01)
• Apache Web Server running the e-commerce Web application server
• Credit card transaction ...view middle of the document...
• Information Gathering and Analysis – During this phase we will be using different tools to analyze the target network and plan for the actual penetration phase. Network surveys are conducted to analyze open ports, map the network and research is done to find the registry information and obtain IP addresses.
• Vulnerabilities will then be identified on the system. Vulnerabilities are put together via a combination of known exploits and the experience of our testers as well as tools that can identify known exploits against certain systems. Tools used for this step are Nessus Vulnerability Scanner.
• Once vulnerabilities are identifies, penetration attempts are planned out and executed. These are done on target systems on the network. One of the first steps is being able to gain access to the system via password cracking. If and when access is gained, further system vulnerabilities can then be identified.
• After penetration tested is completed the team will clean up any changes or modifications that were made during the exploitation.
Reporting will be done after the penetration tests have been completed and will contain a summary and detailed results of all of the tests conducted. Individual reports will be submitted be each tester and will pertain information that is applicable to their tests. All of the penetration tests will then be combined and listed out with the results of all tests. Vulnerabilities will be specifically pointed out as well as information and recommendations on how best to secure those weaknesses.
Penetration testing will be conducted between 2:00 a.m.–6:00 a.m. EST weekend only (Saturday and Sunday) starting 1 week from the date that this document is signed or an agreed upon date by both parties.
To properly conduct penetration testing there are certain questions that remain unanswered. In order to provide accurate testing, the following questions still remain:
• Penetration testing often involves using social engineering to gain access. As we are unaware of E-commerce’s systems, we need to know if this type of attack is allowed or even available for use due to the time that the attacks need to be initiated.
Authorization is granted to ABC Security Systems to conduct penetration testing as outlined in this document. ABC Systems will adhere to all provisions in this document to the absolute best of its ability. ABC Systems is not responsible for any damages incurred by penetration testing or by any compromises to the target system due to testing conducted as long as it adherer’s to the standards set forth in this document. Any deviations to this document will require written approval and will be attached to this document for reference.
Lab #6 Design and Implement IT Security...