SEC370 COURSE – WEB SECURITY PROJECT

profilephdtutor1
 (Not rated)
 (Not rated)
Chat

Objective

 

ABC Invitation Design and XYZ Invitation Printing have decided to merge into one company, A2Z Invitations. ABC is a virtual company with a proprietary website that allows customers to do some preliminary work on invitations and then consult with a designer for the final product. XYZ is a traditional company with a system that allows customers to submit designs and track their orders. It also has a contact management and invoicing system. ABC will be moving its application into the XYZ data center and will be using all of XYZ\’s back end systems.

Both companies have experienced data breaches in the past and do not want to have them in the future. A2Z has hired you to do a security analysis of its new network and to recommend how it can be set up in a secure manner. It has budgeted for a capital expenditure (outside of man hours) of $250,000 for hardware and software and $25,000 every year for additional security measures.

  

Guidelines

 

The Statement of Work objectives are:

  • Perform online reconnaissance on XYZ to see what information is available to an attacker. No social engineering of employees is allowed. Use the Week 1 You Decide as the data for this section.
  • Perform an analysis of the current XYZ network, using the current network diagram and nmap report Diagram; NMAP and files are below.
  • Check the user\’s password strength. Use the Week 3 You Decideas the data for this section.
  • Redesign of network. Current network below.
  • System hardening procedures for both IIS and Apache (even if they only use IIS).
  • Three complete security policies. Use the Week 5 writing assignmentas your starter policy for this section.
  • Template for future security policies.
  • Your paper must conform to all requirements listed below.

Requirements

  • Papers must be at least 5–10 pages in length, double-spaced.
  • Papers must include at least three references outside of the text.
  • Paper and references must conform to APA style, including:
    • cover page;
    • header with student’s name and page number; and
    • sections including Introduction, Body, and Conclusion/Summary.

 

 

 

 

 

Milestones

Each You Decide and other write-ups should be used as the raw material for this report. This report is the analysis of that data.

  • Week 1 You Decide

Welcome to InfosecWizards.com. We are a group of infosec professionals dedicated to consulting with our clients on their security needs. This is the first training exercise of the orientation that you need in order to become full consultants. You must pass each of the exercises before you can be brought on full time.

Your Assignment

The scenario below relates responses to our typical customer engagement kickoff interview. Your job is to pick a target company (such as Microsoft, IBM, Google, or one of your choice) and find out the following information about that company using Google, that company\’s website, Whois, or nslookup:

  • Where the company is located
  • Who works there
  • What IP address is its network Internet connection
  • What its mailserver IP is
  • What its URL is
  • How many other sites link to it

 

  • Week 3 You Decide

Welcome to InfosecWizards.com. We are a group of infosec professionals dedicated to consulting with our clients on their security needs. This is the second training exercise of your orientation before you become full consultants. You must pass each of the exercises before you can be brought on full time.

Your Role/Assignment

Your job is to run an NMAP scan of a target website and crack the password hashes obtained from the servers. The scan is done to show what is really on the network. Cracking the passwords shows how many users have weak passwords.

WARNING: THESE TOOLS SHOULD ONLY BE USED AGAINST THE BELOW TARGET SITE. ANY USE OUTSIDE OF THIS EXERCISE FOR THIS CLASS IS PROHIBITED. ALSO, CONTACT THE INSTRUCTOR IF THIS DOES NOT WORK. THE HELP DESK WILL NOT BE ABLE TO ASSIST.

  • Go to http://nmap-online.com/ and generate a report for your PC
  • Go to http://www.md5decrypter.co.uk and decrypt the following
    • f4dcc3b5aa765d61d8327deb882cf99 – MD5
    • 200ceb26807d6bf99fd6f4f0d1ca54d4 – MD5
    • 391d878fd5822858f49ddc3e891ad4b9 – NTLM
    • a2345375a47a92754e2505132aca194b – NTLM

 

 

 

  • Week 5 writing assignment

 

Type a three- to five-page (800–1,200-word) security policy write-up for the antivirus, spyware, and adware policies for a medium-sized organization. Be sure to suggest security tools and set up a schedule for maintaining a company that is free of infestations of malware.

    • 8 years ago
    SEC370 COURSE – WEB SECURITY PROJECT
    NOT RATED

    Purchase the answer to view it

    blurred-text
    • attachment
      complete_report_-_google_inc.doc