Network Security Assessment for a Large Firm
My role as a consultant entails performing a network security assessment of a large firm by entirely focusing on footprinting and scanning the organization. The methodology I will use in conducting my judgment will be penetration testing. Penetration testing is a simulated cyber-attack procedure used to test whether the system has exploitable vulnerabilities (Gibson & Igonor, 2020). In web application security, penetration testing is commonly utilized to augment web application firewalls (WAF) (Gibson & Igonor, 2020). Even though these tests will be conducted under safe conditions predetermined by the rules of engagement, the increased probability of revealing hidden vulnerabilities makes it one of the most popular security assessment methods.
I would follow the seven phases in executing my penetration testing methodology. Preengagement would be the first phase, where I would consult with pen testers to identify the goal of the penetration test. In this phase, I will define the scope of the test by formulating engagement rules (Abu-Dabaseh & Alshammari, 2018). At this stage, I request the organization to provide me with general information regarding in-scope targets. Information gathering and reconnaissance is the second phase, where I would learn as much as possible concerning the target network under consideration. This would encompass collecting additional details from publicly accessible sources (Abu-Dabaseh & Alshammari, 2018). This stage is essential as it would enable me to identify additional information that may have been overlooked, unknown, or not provided by the organization’s management team.
This step would then be followed by the discovery and scanning stage, where I would scan the system of the large firm for any unknown vulnerabilities (Abu-Dabaseh & Alshammari, 2018). In this stage, information gathered would be used to perform discovery activities to determine issues such as ports and services available for targeted hosts, subdomains, or any available forms of web applications. Next, I would proceed with vulnerability analysis, an essential stage since it entails evaluating identified vulnerabilities and ranking them based on severity and impact. This stage will provide me with the unique opportunity of gaining initial knowledge of the potential security weaknesses that could permit hackers to access the organization’s confidential information.
The fifth phase for network security assessment concerning penetration testing would be exploitation and post-exploitation. Hackers of systems belonging to the organization often exploit specific severe vulnerabilities to escalate access (Shah & Mehtre, 2015). In this phase, I would determine the risk posed by the vulnerability by employing manual techniques and human intuition to validate, attack, and exploit these security breaches. The sixth step would involve writing a report and recommending what the organization can do to remediate these vulnerability challenges. The report would address how I started the testing, how I found the vulnerabilities as well as how I exploited them. It would also include the scope of the security testing, the methodology adopted, and the recommendations for necessary corrections of these breaches. Lastly, I would then remediate and rescan to remove any forms of vulnerabilities within the system of the large organization (Shah & Mehtre, 2015). This step is essential as it confirms the secure status of the network system belonging to the organization.
Therefore, as a consultant hired by a large firm to assess their network security, I settled on penetration testing as the desired methodology. I decided to use penetration testing because it allowed me to test if third-party individuals with malicious objectives would exploit existing vulnerabilities. This methodology followed seven steps, as elaborated in the body above. These steps included the preengagement stage, information gathering, and reconnaissance, discovery and scanning stage, vulnerability analysis, exploitation, post-exploitation, writing a report and recommending, and remediating and rescanning.
Abu-Dabaseh, F., & Alshammari, E. (2018). Automated penetration testing: An overview. In The 4th International Conference on Natural Language Computing, Copenhagen, Denmark (pp. 121-129).
Gibson, D., & Igonor, A. (2020). Managing Risk in Information Systems. Jones & Bartlett Learning.
Shah, S., & Mehtre, B. M. (2015). An overview of vulnerability assessment and penetration testing techniques. Journal of Computer Virology and Hacking Techniques, 11(1), 27-49.
We’ll write everything from scratch
There will be a penalty for late submissions (See Syllabus for Details).
The key to this assignment is to demonstrate your understanding of the topics, not to re-word the text or reference material. Please see Appendix A for the grading rubric on all written assignments.
Please complete the scenario below following these guidelines for your deliverable.
Your assignment must be a minimum of 1 page double spaced, plus a title page and a reference page for a total of 4 pages.
Make sure you are using at least two (2) academic references.
You have been hired as a consultant to perform a network security assessment for a large firm – you will be focusing on Footprinting and Scanning the organization.
1. Describe the methodology and tools you would use to conduct your assessment.
2. Give a rationale for each step in your methodology.
******(Note: You are not limited to following the methodology/tools described in your textbook. If there are additional steps you would take in conducting your assessment, please list them and explain why you are taking them.)
This submission should be created following APA 6th edition guidelines.
The paper is to follow the APA style guide, Sixth Edition (available via bookstores).
Also refer to APA’s online resources
and the APUS web site
Submit your assignment as a MSWord attachment.
You will be required to run your paper through Turnitin.com, ensure that your similarity index is sufficiently low, and submit an originality report with your paper.
Rubric for grading:
Methodology and Tools 50%
Rationale for Each Step 30%
Writing Conventions (Grammar and Mechanics)10%