Is3230 Unit 10 Assignment 1
Unit 10 Assignment 1
Tony Stark
ITT Technical Institute
Access Control
IS3230
Katie Lech
February 26, 2015
Unit 10 Assignment 1
In this scenario, the fitness club was hacked from an unknown source. The fitness club has contracted Malcom Testing Solutions to do penetration tests and find any vulnerabilities along with make some security changes to prevent this issue from happening again. The security policies need to be changed as far as account management.
For starters, the security policies for account management need to be updated. The user’s password needs to changed every 90 days. Any employee that has remote access should have a token key on a USB drive that provides the user’s credentials. When an employee retires, quits, or gets fired, they accounts should be locked until IT administrators can go through the account. …show more content…
Penetration testing should be done to test the network for vulnerabilities. There are several types of penetration testing. “An automated port based scan is generally one of the first steps in a traditional penetration test because it helps obtain a basic overview of what may be available on the target network or host. Port based scanners check to determine whether a port on a remote host is able to receive a connection. Generally, this will involve the protocols which utilize IP (such as TCP, UDP, ICMP, etc.), However, ports on other network protocols could be present as well dependent on the environment (for example, it’s quite common in large mainframe environments for SNA to be in use). Typically, a port can have one of two possible states: open – the port is able to receive data and closed – the port is not able to receive data. A service based vulnerability scanner is one which utilizes specific protocols to communicate with open ports on a remote host, to determine
Tony Stark
ITT Technical Institute
Access Control
IS3230
Katie Lech
February 26, 2015
Unit 10 Assignment 1
In this scenario, the fitness club was hacked from an unknown source. The fitness club has contracted Malcom Testing Solutions to do penetration tests and find any vulnerabilities along with make some security changes to prevent this issue from happening again. The security policies need to be changed as far as account management.
For starters, the security policies for account management need to be updated. The user’s password needs to changed every 90 days. Any employee that has remote access should have a token key on a USB drive that provides the user’s credentials. When an employee retires, quits, or gets fired, they accounts should be locked until IT administrators can go through the account. …show more content…
Penetration testing should be done to test the network for vulnerabilities. There are several types of penetration testing. “An automated port based scan is generally one of the first steps in a traditional penetration test because it helps obtain a basic overview of what may be available on the target network or host. Port based scanners check to determine whether a port on a remote host is able to receive a connection. Generally, this will involve the protocols which utilize IP (such as TCP, UDP, ICMP, etc.), However, ports on other network protocols could be present as well dependent on the environment (for example, it’s quite common in large mainframe environments for SNA to be in use). Typically, a port can have one of two possible states: open – the port is able to receive data and closed – the port is not able to receive data. A service based vulnerability scanner is one which utilizes specific protocols to communicate with open ports on a remote host, to determine