Free Essay

Lab 9

In:

Submitted By jnielsen9610
Words 1514
Pages 7
Attack & Penetration Test Plan

By: Jeff Nielsen
David Campbell
Brad Schnur

Security Services Letter of Authority
THIS LETTER OF AUTHORITY is made the 12 day of January, 2000. between WHEREAS:
The Confident has requested xx to perform a specialised security service. During the service, consultants will be investigating commercially sensitive accesses and information. Due to the nature of these services xxx is required to obtain positive proof of identity from the customer, as well as proof of authority to proceed. This Letter of Authority is to cover the ongoing confidential protection of such information and authority to proceed with the security service.
It is understood that whilst every reasonable precaution is taken, due to the frailties of networks and their reaction to unknown variables, xxx cannot be held responsible for losses due to network variables such as server crashes. xxx will not commence any service unless a complete backup of the network is completed prior to any operation or testing is attempted to ensure immediate recovery in the event of losses, however unlikely. We further recommend that all patches be applied in the appropriate manner to the operating system.
The Confident proposes to give access to and disclose to xxxxx Confidential Information required to perform the security services. This Confidential Information may either be disclosed by the Confident or discovered by xxxx during the course of the security service. The Confidential Information may include, but is not limited to; certain trade secret information, data, network information, telephone system information, customer information and/or materials relating to their business. This Confidential Information is given to xxxx in confidence on the condition that the Confidential Information will not be disclosed or copied to any third person, firm or company unless authorised in writing by the confiding party (the Confident).
NOW THEREFORE, the parties hereto agree as follows:
1. xxxxx will retain the Confidential Information in the strictest confidence and will neither directly nor indirectly use it or disclose it to any person, firm or corporation without the written consent of the Confident.
2. xxxxx will exercise all due and diligent care and take all reasonable precautions to prevent any unauthorised disclosure or copying of the Confidential Information.
3. Each party will advise its employees who may, with the authority of the Confident, be given access to the Confidential Information, of the confidential nature and will ensure that to the best of their ability, those employees take reasonable care with the said Confidential Information in order to preserve the confidentiality of it, both during the subsistence of this Agreement and thereafter.
4. xxxxx will return to the other immediately upon demand all written or machine readable materials embodying such Confidential Information and all copies thereof, except such Confidential Information stored on valuable media, which shall be destroyed or erased and such destruction or erasure certified to the Confident within seven (7) days of the date thereof.
5. To notify the Confident if xxxxx is under any impression of any possible risk to the network and to fully explain why and what their concern is. This includes ceasing any testing as soon as anything of this nature becomes apparent.
6. That xxxxx will take all necessary steps to ensure that, as far as is possible, all services are trouble free and will not present any threat, cause damage, or harm the network in any way.
IN WITNESS WHEREOF the parties hereunto signed to indicate their acceptance of this Letter of Authority as here set out.
SIGNED for and on behalf of SIGNED for and on behalf of xxxx customer

(Signature) (Signature)
………………………………… …………………………………………
(Title) (Title)

Table of Contents

List of Questions for the Client 1. Who are its real users? Are they Internal or external users? If both, are they authenticated differently? 2. What should be considered ‘CONFIDENTIAL’ data/ assets in the system? 3. What is the purpose of the application? 4. What are the different environments in which the application is deployed? Is the code given for review in the same manner as the one deployed in production? 5. How important is this application to the enterprise? 6. Is the application integrated with other applications in the company? Is the data coming from somewhere and/or going somewhere? 7. What are the entry points and exit points in this application? 8. Are audit trails and logs pertaining to the application maintained somewhere? 9. Are there ay security Measures in place? 10. What is the architecture of the application? 11. What is the duration of the test?

Test Plan Scope

Goals and Objectives
Identify if a remote attacker could penetrate web-based application server defenses.
Determine the impact of a security breach on: o The integrity of the company’s order systems. o The confidentiality of the company’s customer information. o The internal infrastructure and availability of web-based application server information systems.
Test Plan Tasks
Fist thing that we did was try to gain fingerprint the system, by using netcat tool to look up information about the system. Also we are going to use social networking tools to gain even more information about the system.
Next we are going to scan the system to see what is out there. Scanning a network determines what's in there, scanning network gives you the feel of how your target's network is laid out, if there are multiple subnets, which hosts are alive, check ports, see if system is alive, discover available hosts & get info about the discovered hosts.
Next we can pass an injection attack. To do this we are going to attack the SQL database by trying to pass a fake username into the server like username’ or fake_column IS NULL. We will also look for a PHP vulnerability because PHP is the most popular web application framework. We can add the absolute URL equivalent into a script.
The next step we will try to use the cross site scripting tool. We are going to do this by crafting a post that calls on JavaScript from an outside server. Next if that works then we are going to try a cross site request forgery. This is done by trying to use a logged-in user’s credentials to entice other users to give up their credentials by sending them requests that if accessed sends all there information back to us and we can use their higher credentials to access deeper into the system.
The first thing is to do is run digg on their web site and see what the domain is and then run who is on the email address that you can find on their web site.
Then after you find the ip address then run a ping test to see if it is up. Then run a trace route to the ip address and see what hops it takes just to see where it is going then run who is on a few of the hops so you know what it is running threw and see if there is any potentially unwanted hops.
The next thing to do is scope out the building. This is done by either using a school id to get a tour of the building to for a project or see if the place is hiring and then put in an application then see if you can get a tour to get a feel for the company this is a way to physically get in to the building and preform a recon.
Look for easy access to a computer, look and see where the cameras are, how things are set up weather it is open or closed space, this will allow you get a feel for the situation and better familiarize yourself with your surroundings.
Next step ask where the bathroom is and once in go to a stall and then take our your phone and see if there are any open WIFI around before that root your phone to be able to run some fun apps to see if you can gain access to their system use extreme caution every phone have a unique mac address so run mac spoofed if possible to change you mac of your phone so that it cannot be traced.
If you have the opportunity try to plug a flash drive in to a system and have it auto run an application that will allow you to gain access to their network from the inside if that works then you own there system.
Then you drop a bug that hides itself well and then just sit back and gather information that you need to complete your assignment.
Which do you like better and or add some more to the paper

Test Plan Reporting
Need input here
Test Plan Schedule
We have been giving a range of time on the weekends between 2am and 6am to attack the system. In this time frame we will exploit as much as possible and take down as much as possible within the scope of we can and cannot attack.

http://amit-akv.blogspot.com/2009/12/how-to-hack-web-server.html

Similar Documents

Premium Essay

Lab 9

...Lab #9 - Assessment Worksheet Questions OSPF - Network Design - OSPFv2 for IPv4 and OSPF v3 for IPv6 Course Name & Number: __________________________________________ Student Name: _________________________________________ Instructor Name: ________________________________________________ Lab Due Date: _________________________________________________ Explain your migration plan for implementing OSPFv2 within the Complex Company’s network: The migration plan consists of six sites, A B C D E & F. Each site has 40 subnets and 300 hosts that need connectivity. The routing protocol we will be using is OSPFv2, the breakdown is below: * Site A will be connecting with Site F and the Area is 101 * Site B will be connecting with Site C and the Area is 102 * Site D will be connecting with Site E and the Area is 105 * Area 0 is the backbone of this network Each site will be connected to the other for redundancy purposes, the schema for this is as follows: * We will be using a Class B network * The IP Address for Site A is 172.32.0.0/23 * The IP Address for Site B is 172.32.2.0/23 * The IP Address for Site C is 172.32.4.0/23 * The IP Address for Site D is 172.32.8.0/23 * The IP Address for Site E is 172.32.10.0/23 * The IP Address for Site F is 172.32.12.0/23 The IP addressing Scheme used for the 15 other connections in Area 0 are as follows: * The IP address block assigned to link 1, which connects RTR-A...

Words: 1289 - Pages: 6

Premium Essay

Lab 9

...IS4560 Lab 9 1. When you are notified that a user’s workstation or system is acting strangely and log files indicate system compromise, what is the first thing you should do to the workstation or system and why? Inform the IT help desk to have the user cease all activity on the workstation and to wait for you to arrive at the physical desktop location. The workstation must first be physically disconnected from the network leaving it physically isolated but now powered off. It should be left in its steady-state. This isolates the contaminated workstation from the organization’s network and Internet, as well as preventing the contamination from spreading. Logs, memory forensics, footprints, and other malicious activity must be kept in its steady-state untouched. Forensic images of the logs should be performed along with a memory forensics scan. Anti-virus and anti-malicious software removal tools can be enabled from a CD-drive 2. When an anti-virus application identifies a virus and quarantines this file, does this mean the computer is eradicated of the virus and any malicious software? No, many times virus and trojans can leave residuals or wreak havoc on other processes. It is important to note that the quarantined file is never off the computer until cleaned out or deleted – it’s like putting the unknown file in a holding tank until you can assess what it is and how to eradicate. 3. Where would you check for processes and services enabled in the background of your Student...

Words: 712 - Pages: 3

Free Essay

Lab 9

...1. What is the primary place to store log files on a local Linux system and what are recommended procedures for that location? Almost all logfiles are located under /var/log directory It is very important that the information that comes from syslog not be compromised. Making the files in /var/log readable and writable by only a limited number of users is a good start. 2. Why remote logging to a central server is considered a best practice? To identify a baseline system state with the use of the logs & to keep the information from prying eyes. 3. What is the syntax and file you would edit with the necessary entries to send syslogs from your Linux system to a logging server at 172.130.1.254? su –c ’ vi/etc/rsyslog.conf ‘, then remove the # from in front of $ModLoadimudp and $UDPServerRun514 if it hasn’t already been done. Then add a line below remote host with the following syntax *.*@@172.130.1.254:541 4. Why is the “Tripwire” application considered a file integrity checker? File Integrity Monitoring is available as a standalone solution or as part of Tripwire’s Security Configuration Management suite, where you have continual assurance of the integrity of security configurations and complete visibility and control of all change for your continuous monitoring, change audit and compliance demands. 5. Could rkhunter be considered a file integrity checker? Why or why not? Rootkit Hunter is considered a file integrity checker because it...

Words: 608 - Pages: 3

Free Essay

Steve

...FOR INDOOR SITES.Select the RBS product name as RBS6201V2W, Check box Support system control, leave Climate system as standard, Fill in Cabinet product data information found on cabinet tag and for Sector options select RBB11_1A for Radio building block and Ex2 for Line rate, click Next.FOR OUTDOOR SITES.Select the RBS product name as RBS6102W, Check box Support system control, leave Climate system as standard, Fill in Cabinet product data information found on cabinet tag. Note: Cabinet product data information must match with the information found on the tag. Not writing the same could raise HW Missmatch alarm on the node.While configuring DUW PCS, select RBB11_1A for Radio building block, for Line rate select Ex2. and click Next.Later, While configuring DUW AWS, select RBB22_4B for Radio building block, for Line rate select Ex2.and click Next.(new screenshots for DUW PCS and DUW AWS are needed here ) | Select No. of PDU 3, check Configure power supply, select No. of PSU 4, and check Configure battery backup, select Battery type TYPE01, click Next.Configure DUW PCS according to the required configuration and Click Next.Example:DUW: Unit Number 1, Port Number 1, Hub Position B1EXTNODE: Unit Number 2, Port Number 1, Hub Position A5 (for DUW AWS)EXTNODE: Unit Number 3, Port Number 1, Hub Position A6 (for DUG)EXTNODE: Unit Number 4, Port Number 1, Hub Position A7 (for DUL)(new screenshots for DUW PCS and DUW AWS are needed here ) | Leave Ethernet link IP addresses...

Words: 310 - Pages: 2

Free Essay

Homework Psychology

...Homework Assignment Student: Guilherme Henrique Domingos de Franco LAB Section: 044 Access ID number: 004520890 Assignment 3a – Describe how the two-point discrimination experiment was conducted and the results What materials were used? One caliper, one ruler and notes sheet. How many participants (number of students who responded to the caliper touches)? 6 students. Explain what the experimenter did. The classroom was divided into 6 groups of 4 students in each group. Student number 1: responsible for feeling the sting of the caliper. Student number 2: responsible for sticking the student number 1. Student number 3: responsible for write down the results. Student number 4: moral support. Experiment: the student number 1 extended his arm to receive the nudge without seeing how many points the student number 2 was using. The student number 2 chooses the distances between the points and if he would poke finger or forearm randomly so that the student number 1 would not be influenced by the order of the distances. The student number 3 wrote if the student number 1 felt one point or two. State the percentage of participants who felt two points at each of the six distances on the finger. 0.0 cm - 0% 0.5 cm - 80% 1.0 cm - 100% 1.5 cm - 100% 3.0 cm - 100% 5.0 cm - 100% State the percentage of participants who felt two points at each of the six distances on the forearm. 0.0 cm - 0% 0.5 cm - 20% 1.0 cm - 20% 1.5 cm - 60% 3.0...

Words: 559 - Pages: 3

Premium Essay

Is4550 Lab 9

...Risk-Threat-Vulnerability IT Security Policy Definition Unauthorized access from Public Internet Acceptable Us Policy User Destroys Data in application and deletes all files Asset Identification and Classification Policy Hacker penetrates you IT infrastructure and gains access to your internal network Vulnerability Assessment and Management Policy Intra-office employee romance gone bad Security Awareness Training Policy Fire destroys primary data center Threat Assessment and Management policy communication circuit outages Asset Protection Policy Workstation OS has a known software vulnerability Vulnerability Assessment and Management Policy Unauthorized access to organization owned Workstations Asset Management Policy Loss of production data Security Awareness Training Policy Denial of service attack on organization e-mail server Vulnerability Assessment and Management Policy Remote communications from home office Asset Protection Policy LAN server OS has a known software vulnerability Vulnerability Assessment and Management Policy User downloads an unknown e-mail attachment Security Awareness Training Policy Workstation browser has software vulnerability Vulnerability Assessment and Management Policy Service provider has a major network outage Asset Protection Policy Weak ingress/egress traffic filtering degrades performance Vulnerability Assessment and Management Policy User inserts CDs and USB hard drives with personal photos...

Words: 616 - Pages: 3

Premium Essay

Memento Assignment

...Memento assignment The structure What we see beneath is how the parts that is coloured in the movie is played. The dots are where the scenes start and stop, and the green numbers above the arrows is scenes. We start at the end of the movie at dot number 2 and then we see scene number 1 which ends at dot number 1. Afterwards we see the first black/white part of the movie. The black/white parts are played in chronological order. After we have seen the first black/white part we jump to dot number three and watch scene number 2 which ends at dot number two. After seeing scene number two we watch the second black/white part. Then we jump to dot number 4 and so on. The real chronological order would be to first see all the black/white scenes in the movie in the order we see in the movie. Afterwards we would see scene 7, then scene 6 and so on until we have seen the last scene, the scene the movie started with. Because of this structure of the movie you need to follow closely or you need to know before you watch the movie how it works or else it can be very confusing. It also demands from the viewer that he/she notices the little things that happens for example when we see Sammy Jenkins at the institution and when someone walks by and suddenly it is Lenny sitting in the chair. As a viewer you also need to know when we deal with flashbacks and when we just jumped one scene back. Through the story we kind of experience how it feels to suffer from short-term memory loss like Lenny...

Words: 587 - Pages: 3

Premium Essay

Is3920 Lab 9

...Order Code RL33199 Data Security Breaches: Context and Incident Summaries Updated May 7, 2007 Rita Tehan Information Research Specialist Knowledge Services Group Data Security Breaches: Context and Incident Summaries Summary Personal data security breaches are being reported with increasing regularity. Within the past few years, numerous examples of data such as Social Security, bank account, credit card, and driver’s license numbers, as well as medical and student records have been compromised. A major reason for the increased awareness of these security breaches is a California law that requires notice of security breaches to the affected individuals. This law, implemented in July 2003, was the first of its kind in the nation. State data security breach notification laws require companies and other entities that have lost data to notify affected consumers. As of January 2007, 35 states have enacted legislation requiring companies or state agencies to disclose security breaches involving personal information. Congress is considering legislation to address personal data security breaches, following a series of high-profile data security breaches at major financial services firms, data brokers (including ChoicePoint and LexisNexis), and universities. In the past three years, multiple measures have been introduced, but to date, none have been enacted. This report will be updated regularly. Contents Introduction . . . . . . . . . . . . . . . . . . . ....

Words: 18803 - Pages: 76

Free Essay

Numerology Through Symbols of Faith

...Symbols of faith final paper Biblical Numerology Backstage | The world is composed of complicated mathematics. We often speak of its ability to expose and explain a number of beliefs and scientific happenings. Truth is, it has found itself to be both the ‘chicken and the egg’ to most arguments. Numerical significance can be both a proof, demonstration of an idea, or it can be the reason for the thought, concept, or philosophy. By definition, scholars believe that numerology is the placing of meaning on numbers in the Scriptures. Numerology is by no means restricted to Christianity, even though we choose to make it our focus for the purpose of this paper. Numerology attempts to explain the reason why God used numbers as he did, and what he was potentially trying to tell us. Thorough analysis and interpretation efforts have taken place along the years, in other to find meaning behind this scientific, most often philosophical, symbol use. “The Pythagoreans made number games philosophically respectable, and the great authority of Plato raised mathematics into theological realms. But at the lowest level, numbers remained magical.” The fall of the Roman Empire, caused a challenging transition for many, especially in terms of religion. From Paganism to Christianity, many had to look for a meaning, and be convinced, or understand, regardless of doubts that a new religion was to emerge. The early years of Christianity revolved around strong thinkers who were...

Words: 2225 - Pages: 9

Free Essay

Is3230 Unit 9 Lab 9

...1. If you are using corporate e-mail for external communications that contain confidential information, what other security countermeasures can you employ to maximize the confidentiality of e-mail transmissions through the Internet? Encrypt email, email policy, security software, content checking tool, anti-spam tool, and secure firewall configurations. 2. Explain the role of a Certificate Authority and its obligations in authenticating the person or organization and issuing digital certificates. Certificate Authority or Certification Authority (CA) is an entity, which is core to many PKI (Public Key Infrastructure) schemes, whose purpose is to issue digital certificates to use by other parties. It exemplifies a trusted third party. 3. What would a successful Subversion Attack of a CA result in? An attacker can create a certificate for any domain. This certificate will appear to be signed by a trusted CA. Thus, you will see that the site's cert is trusted and you will never get any notification to the contrary. Normally, a trusted CA will issue and sign a certificate and then if the browser trusts the signing CA, you will see a padlock in the GUI and you will often times see a message that lets you know that the certificate of the web site is trusted. If the CA is not trusted, you are shown a message that the certificate is not signed by a trusted party and you are given the option to leave or continue. This is PKI in a nutshell. The entire system relies on trust of...

Words: 804 - Pages: 4

Premium Essay

Managing Risk Lab 9

...Managing Risk in Information Systems Lab 9 Assessment Questions 1. How does documented back-up and recovery procedures help achieve RTO? a. By having effective backup and recovery procedures you should have the necessary resources to restore systems from backups and a repeatable process that is known to succeed in achieving RTO. By documenting and implementing backup and recovery procedures, the process for recovery is much more efficient, helping with the time portion of RTO. 2. True or False. To achieve an RTO of 0, you need 100% redundant, hot-stand-by infrastructure (i.e., IT system, application, and data, etc.). b. True 3. What is most important when considering data back-up? c. Registry, directories, and imperative operating data as well as licensing. 4. What is most important when considering data recovery? d. Most current, working recovery and in a timely manner (fast). 5. What are the risks of using your external e-mail box as a back-up and data storage solution? e. First, you are at the mercy of the provider. If it is a large recovery you may not be able to have internet access to download it. File corruption could be an issue as well as back up size allowable for email. 6. Identify the Total Amount of Time Required to Recover and Install the Lab #9 Assessment Worksheets on Your Student VM Hard Drive and open the file in Microsoft Word to verify integrity. {Insert your timed RTO using your computer...

Words: 711 - Pages: 3

Premium Essay

Managing Risk Lab #9

...What is most important when considering data recovery?       d. Most current, working recovery and in a timely manner (fast).   5. What are the risks of using your external e-mail box as a back-up and data storage solution?       e. First, you are at the mercy of the provider. If it is a large recovery you may not be able to have internet access to download it. File corruption could be an issue as well as back up size allowable for email.   6. Identify the Total Amount of Time Required to Recover and Install the Lab #9 Assessment Worksheets on Your Student VM Hard Drive and open the file in Microsoft Word to verify integrity. {Insert your timed RTO using your computer clock – following your documented instructions and steps}.       f. N/A. Was not asked to do this portion of the lab and cannot finish this question.   7. Did you achieve your RTO? What steps and procedures can you implement to help drive RTO even lower?       g. I am assuming from the lab, steps that would be with better equipment, a Hot-Site and lots of money.   8. What are some recommendations for lowering the RTO for retrieval and access to the back-up data...

Words: 323 - Pages: 2

Free Essay

Game Vending Machine

...Use Case Description for Acme Video Game Vending Machine System Created by: Quang Tran Date: Oct 11, 2014 Use Case Name: Rent a Game Scenario: Customers rent and return games. Triggering Event: Customers use their Debit/Credit card for games rental, which is charged by Acme’s Bank. Brief Description: Customers enter requirement information and swipe a valid card for games rental. Actors: Customers, Acme’s Bank, and Central computer system of Acme headquarters. Related Use Cases: None. Stakeholders: Security department. Preconditions: System is in stand by mode and ready to perform. Postconditions: System is in performance mode (1 or 2 minutes) before turn to stand by mode. Flow of Events: Actor System 1. Customers choose games through vending machine 2. Customers enter information and pay by a valid card. 3. Acme’s Bank check and charge for rental 4. Acme’s computer system organizes and save customers’ information. 5. Customers return games at vending machine. 6. Customer received a receipt and additional charge via e-mail. 1. Acme’s bank is received customers’ information from vending machine. 2. Acme’s computer system is received customers’ information from vending machine. 3. Vending machine dispended games after customers’ information are approved. 4. Machine received returned games from customers. 5. Information sent to Acme’s bank and Acme’s central computer system. 6. A receipt e-mail to customers for a final charge. Exception...

Words: 260 - Pages: 2

Premium Essay

Cda Tab B

...outdoor activity) RC II-6     Self Concept RC II-7     Emotional Skills/Regulation RC II-8     Social Skills RC II-9     Mathematics Age Group: Preschool 4-5yrs | | | | | RC II | Description: | Intended Goals: | Materials: | Teaching Process: | 1     Science/Sensory | | | | | 2     Language and Literacy | | | | | 3     Creative Arts | | | | | 4     Fine Motor (choose an indoor activity) | Making a necklace: Threading beads on a precut piece of yarn. | Threading at least 10 beads on precut piece of yarn. | Precut yarnSeveral colorful big beads for 3-5yr already in small containers per child | Pre-made necklace for example.Show & tell work. Hold yarn and place bead on yarn.Then continue activity with children. | 5     Gross motor (choose an outdoor activity) | Playing Sam Says, which is the same as Simon says. | To follow directions of what Ms. Sam is saying to do and to listen careful because I will try to trick them. | Open space and Myself. | First, space the children out to give each arm room. 2ndly, I will explain the game and show example. Ex: Ms. Sam says touch your ear and I touch my ear. Then I say Ms. Sam rub her head and I rub my head and I say stop but I keep rubbing my head because I didn’t say Ms. Sam… | 6     Self Concept | | | | | 7     Emotional Skills/Regulation | | | | | 8     Social Skills | | | | | 9     Mathematics | | | | |...

Words: 263 - Pages: 2

Premium Essay

Nt 1330 Lab 9

...NT1330 LAB 9 1. Reader is the permission level assigned by default 2. No the Microsoft .Net Framework 1.1 would not be installed 3. Yes Microsoft .Net Framework is listed because you would of had to install it Screen shot- My workstation does not work with the server I had to copy from my classmate so I cannot take a screen shot. Although this would of worked because I followed all steps up to the turning on the workstation number. 4. Yes you would see the .Net Framework being installed upon logon. 5. Yes the .Net Framework would be installed - Again no screenshot could be taken but it would work following up to the steps I have completed. 6. The software restrictions from the policy blocks it from opening 7. Yes you would just have to move that file to another file location 8. You would be able to open Internet Explorer 9. Remove help menu and remove pictures icon from start menu 10. GPOB is shown because it is the parent OU This should say GPOB but I didn't make the 10C OU a child OU to the 10B. I also couldn't delete it but I know the process of this if I hadn't of done that. 11. No because this is the Admin account 12. No It is not available. It was removed. 13. 10BUser2 has the help and support menu because of the security filter we set. The GPOB only applies to the 10BUser1 which 10BUser2 is not a member of. 14. Leave the permissions for authenticated users in place and deny the Apply Group Policy permission to the 10BGroup1 group...

Words: 277 - Pages: 2