IS3230 Week 5 Assignment 1

IS3230 Week 5 Assignment 1 – Scope of Work for Penetration Test The Fitness Club has unfortunately already been the victim of hacking that took place on their web server. They are unsure if this was due to a former disgruntled employee or if this was from a different party altogether. Malcolm Testing Solutions has been tasked with creating a penetration test plan in order to prevent future hacking attacks of attack on the Fitness Club’s network. The main objective of the assessment is to provide feedback to The Fitness Club with respect to its ability to preserve the confidentiality, Integrity, and availability of the information maintained by and used by its origination. Malcolm Testing Solutions will test the use of security controls used to secure sensitive data. This project will include 1 consultant for a time period of 2 days onsite at a single customer location in order to provide internal penetration testing services. Malcolm Testing Solutions will provide tools, knowledge, and expertise in order to execute an internal penetration test on customer designated devices. Malcolm Testing Solutions will attempt to compromise access controls on internal systems by employing the following methodology:
Enumeration – Once Malcolm Testing Solutions has arrived for The Fitness Club’s assessment they will connect to the network via the data port provided by the customer. Once they are connected, Malcolm Testing Solutions will run a variety of information gathering tools in order to enumerate computers and devices that are connected to the network.
Vulnerability Mapping and Penetration – Any computers or devices that are found will be scanned for vulnerabilities using a wide variety of tools and techniques. The tools and techniques used will be consistent with current industry trends regarding exploitation of vulnerabilities. Malcolm Testing Solutions will attempt to find the a weak link within the network that can be exploited to penetrate the network up to