[Solution]Vulnerability Discovery, Analysis, Risk Assessment and Security Design

(Vulnerability Discovery, Analysis, Risk Assessment and Security Design) The project will assess the student’s ability to identify and properly assess a risk posed by a…

(Vulnerability Discovery, Analysis, Risk Assessment and Security Design)
The project will assess the student’s ability to identify and properly assess a risk posed by a security vulnerability to a corporate/home network.
The purpose of this project is to evaluate the student’s ability to:

Conduct a vulnerability scan
Research a hardware or software vulnerability
Discuss how the vulnerability can be exploited
Exploit the vulnerability
Evaluate the risk posed by this vulnerability
Provide a recommended compensating control to mitigate it.

Project Deliverable 

Provide a 4 to 7-page paper discussingthe following:

Summary of the type of vulnerability found and what scanning tool was chosen

a screenshot of the vulnerability finding is required – any sensitive information may be obfuscated or redacted).
Screenshots will be no larger than 1/4 page.

Screenshots and images do not count toward the overall page count, i.e., the paper must be 4 to7 pages, EXCLUDING images.

Note: Public IP addresses should not appear anywhere in this document. Private IP addresses aren’t necessarily sensitive, but you may obfuscate/redact any network address information).

Choose a vulnerability (typically, this will be a critical/high vulnerability resulting from your scan) to research, explain furtherAND demonstrate how it can be exploited. The suggested approach is to use the course labas your target network, or choose another deliberately vulnerable learning framework, e.g.,

Metasploitable
Damn Vulnerable Web Application (DVWA)

Broken Web Apps

Mutillidae, etc.

Once a vulnerable machine is selected,scan the target, exploit the vulnerability and provide evidence (screenshots) of your exploit. The exploit should be through a Metasploit Module OR other open-source/commercial tool OR custom script/code.Compromised credentials is not a sufficient vulnerability to exploit.During the class, you will have completed labs that have you scan and exploit a target.  You must choose an exploit that we have not done in class.  I suggest doing a web search on “Metasploitable Walkthrough” for additional ideas on Metasploit modules that could be used (if you have selected Metasploitable as your vulnerable target), or research vulnerabilities specific to your vulnerable framework.  Note: Your exploit must result in root, admin, or system-level privileges.
Provide a mitigation to how this vulnerability could be controlled or mitigated.
Evaluate the risk to an organization of not protecting against your chosen vulnerability. Consider what would happen if they don’t do anything, as well as whether a specific mitigation to protect against it is a prudent precaution.

The student will evaluate and use security testing software toassessthe security of computer and information assets and data. The purpose of the software is to assess the security level of the home/organization asset by identifying any discovered vulnerabilities.
Thispaper should effectively describe the vulnerability, risks and recommendationin a manner that will allow TECHNICAL readers to understand the vulnerability, risk and mitigation.

Guidelines

The proposal document must be 4 to 7 pages long, conforming to APA standards (double-spaced).
At least two authoritative outside references are required (anonymous authors or web pages are not acceptable). These should be listed on the last page titled “References” – which does not count toward your overall 4 to7-page count.
Appropriate in-text citations are required.
This will be graded on quality of the research topic, technical demonstration/write-up, the content quality, use of citations, grammar and sentence structure, and creativity.
The paper is due during Week 7 of this course.
Format: The paper must follow the template that is provided in Blackboard with clearly labeled headings: Architecture, Vulnerability Scan, Vulnerability Research, etc.

The vulnerability chosen should come from one or more of the following types of attacks (this list is not entirely exhaustive, but should provide you with a guideline for consideration):

Authentication Bypass
Directory Traversal
Session Management
SQL injection
Database Attacks
Operating System Attacks
Software Exploit

 
 
 
Grading Rubric

Final Deliverable

Category
Weight %
Description

Documentation and Formatting
5%
Appropriate APA citations/referenced sources and formats of characters/content.

Architecture/Topology Discussion / Drawing
5%
Briefly describe the set-up of your lab/test environment.  A network diagram would be ideal.  Identify any network devices, including your physical/virtual machines.

Vulnerability Scan
20%
Vulnerability Scanner chosen (e.g., Nessus, Qualys, OpenVAS, Nexpose, etc.) discussed, and evidence of scan results is shown

Vulnerability Research
10%
Accurate Completion of Vulnerability Research

Vulnerability Analysis
10%
Accurate Completion of Vulnerability Analysis

Vulnerability Exploitation
20%
Exploitation is written so that it could be re-created with supporting evidence.  There must be clear evidence that the screenshots are not simply taken from an Internet page.  Example: Rename the attack machine hostname to your last name as done in the labs:

Risk Assessment
5%
Risk assessment is sufficiently discussed

Mitigation and Control Recommendation
10%
A technically sound and logical recommendation is provided and supported

Word Count
10%
Full Credit: 1,000 words or more
Partial Credit: Less than 1,000 words

Spelling, grammar and Sentence Structure
5%
Ensure your paper is professional and technically written using appropriate terminology as discussed in class

Total
100%
A quality paper will meet or exceed all of the above requirements.

 

The post Vulnerability Discovery, Analysis, Risk Assessment and Security Design

Assignment status: Solved by our experts

>>>Click here to get this paper written at the best price. 100% Custom, 0% plagiarism.<<<

Leave a Reply

Your email address will not be published. Required fields are marked *