As a penetration tester, you are hired as a consultant by a small- to mid-sized

Question

As a penetration tester, you are hired as a consultant by a small- to mid-sized business that is interested in calculating its overall security risk today, January 1, 2012. The business specializes in providing private loans to college students. This business uses both an e-Commerce site and point-of-sales devices (credit card swipes) to collect payment. Also, there exist a number of file transfer operations where sensitive and confidential data is transferred to and from several external partnering companies. The typical volume of payment transactions totals is approximately $100 million. You decide that the risk assessments are to take into account the entire network of workstations, VoIP phone sets, servers, routers, switches and other networking gear. During your interview with one of the business’s IT staff members, you are told that many external vendors want to sell security networking products and software solutions. The staff member also claimed that their network was too “flat.” During the initial onsite visit, you captured the following pertinent data to use in creation of the Penetration Test Plan.

Non-stateful packet firewall separates the business’s internal network from its DMZ.

All departments--including Finance, Marketing, Development, and IT--connect into the same enterprise switch and are therefore on the same LAN. Senior management (CEO, CIO, President, etc.) and the Help Desk are not on that LAN; they are connected via a common Ethernet hub and then to the switched LAN.

All of the workstations used by employees are either Windows 98 or Windows XP. None of the workstations have service packs or updates beyond service pack one.

Two (2) Web servers containing customer portals for logging in and ordering products exist on the DMZ running Windows 2000 Server SP1, and IIS v5.

One (1) internal server containing Active Directory (AD) services to authenticate users, a DB where all data for the company is stored (i.e. HR, financial, product design, customer, transactions). The AD server is using LM instead of NTLM.

Explain the tests you would run and the reason(s) for running them (e.g. to support the risk assessment plan)?

Explanation / Answer

Security Analysis and Protocol Analysis".

Discuss three (3) security concerns of corporations in the U.S. Next, analyze the overall manner in which you would use security analysis to identify levels of concern and propose one (1) strategy to mitigate the concerns in question. Provide a rationale to support your response. Specify one (1) way in which you would use Three-Way Handshake to build a TCP connection between two (2) computers. Next, analyze the roles in which the various fields of the “TCP header” play in building and maintaining the connection. Include one (1) example of such role to support your respons

DMZ and Logs": Compare and contrast the key advantages and disadvantages of placing the following system types on a DMZ: Directory services (i.e. Microsoft AD), Web server, FTP server, File server, printer, and Domain Controller. It is commonly known that logs have become increasingly important in the IT industry--so much so that several security companies have found ways to make them more meaningful through correlation methods across different log producing platforms (i.e., Security Information Event Management [SIEM]). Determine the fundamental advantages of a company having a SIEM solution over merely having a method to store logs efficiently. Next, discuss the limitations, concerns, and future trends of having a SIEM solution within a company.

Penetration Test Methods and Legal Consideration of Penetration Testing":

Compare and contrast announced penetration testing and unannounced penetration testing. Speculate on whether or not there are instances where unannounced testing is preferred over announced testing. Justify your response. Suggest three (3) penetration testing methods that you would use for a small day care business. Provide a rationale to support your response. Note: The day care is located in the heart of downtown, currently uses a Website, databases, file servers, printers, both wireless (802.11x) and Ethernet access to the Internet, and card readers for physical entry for its employees.

Vulnerability Assessments and Penetration Testing Approaches":

Imagine that you work for a financial organization of which the management feels that one of their competitors was always two steps ahead of them in competitive strategies. Recommend the type of vulnerability assessment analysis that you would perform for this organization. In your recommendation, include the main assessment steps. Provide a rationale for your response. Compare and contrast five (5) differences between conducting an internal versus external penetration test. Suggest the techniques that a penetration tester would use in order to prevent the system administrators or security professionals from knowing the system was illegally accessed.

Wireless Penetration and Securing Wireless" :

Specify the main steps involved in cracking WEP encryption. Discuss the implications of relying on such a legacy protocol today and how essential it is for the IT industry to keep current with technology. Compare the key added challenges of securing wirelessly-connected devices versus securing LAN-connected devices. Next, discuss the so-called “cloaking” as it pertains to Wi-Fi networks. Analyze the reasoning behind enabling or disabling this feature

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.