Running Head: E-commerce Sales
Unit 1
E-commerce Sales
Penetration Test Plan
Tom Moccia
IT542 Dr. Matthew North
Kaplan University
March 19, 2013
Table of Contents Scope 3 Goals and Objectives 4 Tasks 4 Reporting 7 Schedule 9 Unanswered Questions 10 Authorization Letter 11 References 13
Scope
This Vulnerability and Penetration Test Plan is designed specifically for E-commerce Sales and is designed to determine what steps need to be taken to secure and protect the network against malicious attacks. This Vulnerability and Penetration Test will cover numerous aspects of the E-commerce Sales information
…show more content…
(Infond Securite Informatique, 2010) This information can be acquired through public record information such as accessing public whois information, accessing the American Registry of Internet Numbers and the “dig” command available on many Unix systems (Federal Office of Information Security, n.d.). This public information acquired from publically accessible registries or techniques will provide a solid base for moving forward with the probing tests. After the initial information gathering process more comprehensive tools will be implemented to evaluate security and carry out the penetration test. Some or all of the tools listed will be used in the overall test phase. Nmap: The standard of network scanning tools creates network packets to elicit responses. This tool tricks the target machine to revealing more information than a traditional ping (Northcutt, Shenk, Shackleford, Rosenberg, Siles & Mancini, 2006). Cheops-ng: A versatile tool that will scan hosts and map the network by using a client server interface to segregate users from the scanning tool. NetCraft: Tool to examine the network and determine what hosts are connected (Wirelessdefence.org, 2010). Wireshark: Allows testers to analyze network traffic in a GUI that can be used for reporting as well (Wirelessdefence.org, 2010). Strobe: This utility will scan the ports and report on which ports are
* Check existing security scan reports, from WireShark and NetWitness Investigator, and see if we can identify data leakage, and setup new policies and procedures for monitoring web servers and applications.
While both Wireshark and NetWitness Investigator can be used to capture network traffic, the freeware version of NetWitness Investigator has a limitation of 1G of protocol capture per session. Wireshark does not have a limitation on the size of the capture file, which makes it better suited to protocol capture. Wireshark can be used to analyze capture files, but NetWitness Investigator is a seven-layer protocol analyzer that provides detailed protocol analysis and protocol behavior analysis and is much more user-friendly in terms of understanding protocol behavior and protocol analysis.
First, let’s talk about Wireshark, it is the most common network packet analyzer used worldwide, perhaps one of the best open source (free) packet analyzers today. It lets you capture and interactively browse the traffic running on a computer network, helping you analyze and manage the traffic in your network. Like a measuring device used to examine what is going on in your network cable, like a voltmeter used by an electrician to examine what is going on inside an electric cable. Therefore, gives you the tools to do in depth network analysis, it will try to capture network packets and display them as detailed as possible for analysis. Furthermore, used for troubleshooting network problems, examine security problems, debug protocol
Companies should develop a control that requires that routine vulnerability assessment of their customer facing web sites, network infrastructure, and associated systems (such as database systems). Vulnerability assessment can help identify potential weaknesses to systems and also provide a sort of feedback to the organization’s IT department on their current operational policy and security posture. The cost of performing a routine vulnerability assessment is considerably less than that of an actual data breach.
Our company is looking for security threats inside and outside their network. The best way to see what our network is vulnerable to is to use penetration testing (pen-testing) to find the leaks in and out of our network. Penetration testing is a network security approach that simulates an attack from an intruder trying to get unauthorized access to the infrastructure. With this type of testing the intent is to discover flaws in the security settings of the system before they can be exploited. Information Assurance Research Corporation (IARC) should conduct penetration testing on a regular basis, so we have the ability to locate weaknesses in the hardware and software, check the security controls currently established and determine if the
In this lab, we learned how to find the IP address, Subnet Mask, and the Default Gateway, and we learned how to ping a destination address, and how to understand the output. From performing these commands, I learned how to not only find the information about a device, but how to send a ping, or echo, in order to
Wireshark is an open-source program which enables users to actively capture and interact with the network traffic which is being funnelled through the computer. Commonly, pieces of software which do this are referred to as ‘packet sniffers’ - As the program is recording the packets which pass through the network.
3. Implement effective monitoring of networks through the use of electronic scanning in order to
Restaurants have a tendency to be targets for cyber criminals. These criminals steal and reconfigure the payment card data for their own purposes. At the Heartland Cafe, Tom has a chance to be a target for a cyber attack by being in a high-traffic area. If the customer is compromised, Heartland Cafe will quickly lose public trust and perhaps Tom will lose the business altogether. Extra measures toward risk management should be taken to ensure that the business itself remains safe. Compliance with PCI-DSS protocols, PTS requirements and the franchisor should inform the franchisee of any software that could translate
The penetration tools provided in this document allow us to review our network from a security standpoint. This paper focused predominantly on phase two of a penetration test, the exploitation phase; however, a successful penetration test typically starts with the reconnaissance phase. In this phase, the tester attempts to gain as much information about the target company and its network as possible. He or she will test the physical infrastructure (how do people gain access to the building?) and other organizational aspects of the company to find a weakness and a way to get in. Also during this portion of the test, the penetration tester will use tools such as NMAP, whois.com, and other resources to obtain information regarding the network
We should perform Attack and Penetration tests to identify vulnerabilities in our network which can be accessed by hackers. Attackers sniffing on the network look for weak points in the network, thus knowing the weak points using internal and external attack and penetration tests will make our network more secure.
10. There are four phases of penetration testing, according to NIST. They are planning, discovery, attack, and reporting. In the planning phase, rules are identified, management approval is finalized, and testing goals are set. The discovery phase starts the actual testing. Techniques commonly used in the discovery phase include port scanning, DNS interrogation, whois queries, search of the target organizations web servers, search of the LDAP, packet capture, NetBIOS enumeration, and Banner grabbing. While vulnerability scanners only check that a vulnerability may exist, the attack phase of a penetration test exploits the vulnerability, confirming its existence. The reporting phase occurs simultaneously with the other three phases of the penetration test.
When system administrator sent a ping request using a computer technology called ICMP echo request, the machine received the echo request packet and will send a reply
This report documents the results from the penetration test of the Ernst and Young Credit Union external website (http://10.55.3.101). Full authorisation has been given to conduct the test, which was carried out in a manner that simulates an attack from a malicious user. The objectives were to:
A good place to begin with any examination is with the statistical and metadata information that can be uncovered within the packet capture. Using Wireshark Protocol Hierarchy Statistics, we can see that the traffic consists mainly of DNS datagrams (figure 1).