(Vulnerability Discovery, Analysis, Risk Assessment and Security Design)
The project will assess the student’s ability to identify and properly assess a risk posed by a security vulnerability to a corporate/home network.
The purpose of this project is to evaluate the student’s ability to:
Conduct a vulnerability scan
Research a hardware or software vulnerability
Discuss how the vulnerability can be exploited
Exploit the vulnerability
Evaluate the risk posed by this vulnerability
Provide a recommended compensating control to mitigate it.
Provide a 4 to 7-page paper discussingthe following:
Summary of the type of vulnerability found and what scanning tool was chosen
a screenshot of the vulnerability finding is required – any sensitive information may be obfuscated or redacted).
Screenshots will be no larger than 1/4 page.
Screenshots and images do not count toward the overall page count, i.e., the paper must be 4 to7 pages, EXCLUDING images.
Note: Public IP addresses should not appear anywhere in this document. Private IP addresses aren’t necessarily sensitive, but you may obfuscate/redact any network address information).
Choose a vulnerability (typically, this will be a critical/high vulnerability resulting from your scan) to research, explain furtherAND demonstrate how it can be exploited. The suggested approach is to use the course labas your target network, or choose another deliberately vulnerable learning framework, e.g.,
Damn Vulnerable Web Application (DVWA)
Broken Web Apps
Once a vulnerable machine is selected,scan the target, exploit the vulnerability and provide evidence (screenshots) of your exploit. The exploit should be through a Metasploit Module OR other open-source/commercial tool OR custom script/code.Compromised credentials is not a sufficient vulnerability to exploit.During the class, you will have completed labs that have you scan and exploit a target. You must choose an exploit that we have not done in class. I suggest doing a web search on “Metasploitable Walkthrough” for additional ideas on Metasploit modules that could be used (if you have selected Metasploitable as your vulnerable target), or research vulnerabilities specific to your vulnerable framework. Note: Your exploit must result in root, admin, or system-level privileges.
Provide a mitigation to how this vulnerability could be controlled or mitigated.
Evaluate the risk to an organization of not protecting against your chosen vulnerability. Consider what would happen if they don’t do anything, as well as whether a specific mitigation to protect against it is a prudent precaution.
The student will evaluate and use security testing software toassessthe security of computer and information assets and data. The purpose of the software is to assess the security level of the home/organization asset by identifying any discovered vulnerabilities.
Thispaper should effectively describe the vulnerability, risks and recommendationin a manner that will allow TECHNICAL readers to understand the vulnerability, risk and mitigation.
The proposal document must be 4 to 7 pages long, conforming to APA standards (double-spaced).
At least two authoritative outside references are required (anonymous authors or web pages are not acceptable). These should be listed on the last page titled “References” – which does not count toward your overall 4 to7-page count.
Appropriate in-text citations are required.
This will be graded on quality of the research topic, technical demonstration/write-up, the content quality, use of citations, grammar and sentence structure, and creativity.
The paper is due during Week 7 of this course.
Format: The paper must follow the template that is provided in Blackboard with clearly labeled headings: Architecture, Vulnerability Scan, Vulnerability Research, etc.
The vulnerability chosen should come from one or more of the following types of attacks (this list is not entirely exhaustive, but should provide you with a guideline for consideration):
Operating System Attacks
Documentation and Formatting
Appropriate APA citations/referenced sources and formats of characters/content.
Architecture/Topology Discussion / Drawing
Briefly describe the set-up of your lab/test environment. A network diagram would be ideal. Identify any network devices, including your physical/virtual machines.
Vulnerability Scanner chosen (e.g., Nessus, Qualys, OpenVAS, Nexpose, etc.) discussed, and evidence of scan results is shown
Accurate Completion of Vulnerability Research
Accurate Completion of Vulnerability Analysis
Exploitation is written so that it could be re-created with supporting evidence. There must be clear evidence that the screenshots are not simply taken from an Internet page. Example: Rename the attack machine hostname to your last name as done in the labs:
Risk assessment is sufficiently discussed
Mitigation and Control Recommendation
A technically sound and logical recommendation is provided and supported
Full Credit: 1,000 words or more
Partial Credit: Less than 1,000 words
Spelling, grammar and Sentence Structure
Ensure your paper is professional and technically written using appropriate terminology as discussed in class
A quality paper will meet or exceed all of the above requirements.
The post Vulnerability Discovery, Analysis, Risk Assessment and Security Design
Assignment status: Solved by our experts