You are hired as part of a team of external Penetration Testers to work for a company with a large enterprise network, case study help

May 30th, 2016
FratBro23
Category:
Other
Price: $25 USD

Question description

You are hired as part of a team of external Penetration Testers to work for a company with a large enterprise network. The organization that hired your team is in the retail industry and processes over 100,000 credit card transactions everyday across 100 store locations. This organization has a very large network infrastructure that connects their retail stores, business offices, and company headquarters. The Chief Information Security Officer (CISO) would like your team to focus on their most critical systems and devices.

Prior to executing the penetration test, the CISO would like to meet with the team as they are nervous about the test potentially bringing their network down. They would like to minimize impacts to their production environment and ensure that their backup systems and devices are not targeted at the same time. They want you to focus on the following: DNS servers, mail servers, web servers, database servers, firewalls, and routers.

Your Team Lead would like you to develop a Test Plan for the penetration test. The Test Plan should be developed using the following outline:

Sections:

1.0 Introduction

2.0 Overview of technical approach to conducting the test (high level methodology)

3.0 Detailed penetration testing (hacking) process

Note: Section 3 should include 1) attacks you will use, 2) tools, 3) timeline (you only have one week), 4) reporting methods if major issues occur or if you identify incidents in their environment. You may make these as sub-sections if you'd like (e.g., 3.1 Attacks Used, 3.2 Tools Used, etc.)

4.0 Summary

Note: This section should be short, a paragraph or two.

Submission details:

  1. Your submission should be 4 to 6 pages long (not including the title page and the reference page)
  2. All sections are represented (Sections 1.0 - 4.0).
  3. Utilized correct grammar and spelling.
  4. In APA format with proper citations and references.
  5. 1" margins.
  6. In Times New Roman or Arial font, font size 12.
  7. Include and cite references as needed.

Penetration Test Plan: 

You are facing a client who is nervous about you basically "hacking" their system, this is the scenario, and while you cannot dictate exactly what will happen once the testing actually begins you should be able to formulate a good plan of action. 

All you are doing here is providing your plan of action, indicating what you believe are possible good tests to complete based off of your current knowledge.  Of course as you progress with the actual testing it is possible you could remove or add to your steps.

In the real world no one is going to just give access to their network, they will want to know what you plan and to know what your backup plans are if things go wrong.

This case study is just to provide you an opportunity to explain what you would do in a situation similar to this  one, where a client is asking you to provide guidance and potentially solutions.  You are not predicting what will happen, so much as providing courses of action.


Tutor Answer

(Top Tutor) Daniel C.
(997)
School: Cornell University
PREMIUM TUTOR

complete

Running Head: PENETRATION TESTS

1

Penetration Testing
Name
Institutional Affiliation

PENETRATION TESTING

2

1.0 Introduction
Penetration test is very important in organizations because it prevents a company from
being hacked by external threats. The test mimics an external attacker thus being able detect all
the weaknesses of the company’s security systems. This test makes sure the usual external
dangers are looked at and curbed before they cause harm to the company’s security. The
penetration test looks at the white box or the black box, thus defending the company’s network
systems against all external threats (Lunne, 2009). The penetration test determines whether the
system is vulnerable to attacks and protects them. Penetration tests have the following goals,
first, to define feasibility of a precise set of spasm vectors. Secondly, it identifies high risk
susceptibilities from a blend of low risk susceptibilities exploited in a specific sequence. Thirdly,
it identifies weaknesses that may be hard to be identified by the normal security systems. Also, it
assesses the extent of latent business and operative effects of successful spasms (Arkin, 2012).
2.0 Overview of technical approach to conducting the test
Penetration tests are performed using automated or manual technologies to comprise end
points, servers, wireless networks, web applications, network application and mobile devices
among other points of exposure. Once weaknesses have been exploited the systems are changed
to attack other internet sour...

Studypool has helped 1,244,100 students

8 Reviews


Summary
Quality
Communication
On Time
Value
ddg82
Dec 4th, 2016
" Thanks, good work "
kenmwao2
Nov 22nd, 2016
" Solid work, thanks. "
tinytim47
Nov 21st, 2016
" Wow this is really good.... didn't expect it. Sweet!!!! "
jestin7
Nov 12th, 2016
" This tutor is great! "
lilmoe415
Oct 29th, 2016
" Thank you, Thank you, for top quality work, this is your guy!! "
dontuwannaknow
Oct 7th, 2016
" Excellent work as always thanks so much "
thargrow
Sep 28th, 2016
" Very Satisfied. "
SjSurvivor143
Sep 23rd, 2016
" Thanks for the help. "
Ask your homework questions. Receive quality answers!

Type your question here (or upload an image)

1822 tutors are online

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors