Preview

IS4560 Lab 1 Assessment

Satisfactory Essays
Open Document
Open Document
292 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
IS4560 Lab 1 Assessment
1. Reconnaissance, scanning, gaining access, maintaining access, and covering tracks.
2. Reconnaissance would be the only legal way to obtain information about a target, footprinting would be rolled into this step.
3. In today’s world, Google is the major tool used in this initial step.
4. Baiting and phishing are the biggest exploits involved with social engineering.
5. Enumeration is involved with the scanning step, it entails compiling a list of vulnerabilities and weaknesses of the target.
6. To avoid being detected, a hacker will have to erase all records of their activity. But must be careful not to erase normal system records that show the hacker wasn’t there.
7. You can regain access to a system by planting a backdoor, this would entail creating an account with elevated privileges. But the hacker must be careful not to create an account, that wouldn’t fit into the naming schema.
8. You should stop immediately, moving forward with an unauthorized tool could lead to legal action.
9. NIST 800-42 Guideline on Network Security Testing.
10. Planning, Discovery, Attack and Reporting.
11. To simulate an internal attack from a user with internal network access.
12. If it is not specifically outlined in the pen test document, you should not proceed or risk legal action.
13. To truly test the IT security team, if they know the attack is coming they can prepare for the attack.
14. A web application penetration test focuses only on the security of the web application itself. A Network Penetration test checks the security of the network system by analyzing the holes and flaws within both the hardware and the software.
15. From the hacker perspective, a pen test would involve gain, either monetary or otherwise. From the IT practitioner standpoint, a pen test would be used for testing, and system vulnerability discovery.

You May Also Find These Documents Helpful

  • Satisfactory Essays

    5. Why is it important to put the swap file on a separate partition from the root (/)partition?…

    • 368 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    7) How does Nessus differ from ZeNmap GUI and which tool would you use for network discovery and inventory versus identifying software vulnerabilities?…

    • 486 Words
    • 3 Pages
    Satisfactory Essays
  • Satisfactory Essays

    NT2580 Lab 2

    • 385 Words
    • 2 Pages

    3. Which application is used for Step #2 in the hacking process to perform a vulnerability assessment scan?…

    • 385 Words
    • 2 Pages
    Satisfactory Essays
  • Powerful Essays

    IS3110 U5L1

    • 912 Words
    • 4 Pages

    2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure? Nmaps sole purpose is just that, network probing and recon.…

    • 912 Words
    • 4 Pages
    Powerful Essays
  • Satisfactory Essays

    How can social engineering be used to gather information or data about the organizations’ IT Infrastructure?…

    • 283 Words
    • 2 Pages
    Satisfactory Essays
  • Better Essays

    VUT2 Task 1 Memo CheckList

    • 1884 Words
    • 7 Pages

    password sniffer, data extractor, ransom hijacker, and so much more) on the user’s computer (keeping in…

    • 1884 Words
    • 7 Pages
    Better Essays
  • Satisfactory Essays

    IS3110 - lab 6

    • 511 Words
    • 3 Pages

    3. Given the scenario for your IT risk mitigation plan, what influence did your scenario have on prioritizing your identified risks, threats, and vulnerabilities?…

    • 511 Words
    • 3 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Lab 1

    • 567 Words
    • 3 Pages

    3. What applications and tools can be used to perform this initial reconnaissance and probing step?…

    • 567 Words
    • 3 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Nt1310 Final Exam

    • 393 Words
    • 2 Pages

    Computer Hacking in 1960’s up to 1970’s – an individual working with computers who were technically gifted and skilled it was defined by computer ethicist Duncan Langford (1995).…

    • 393 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    IS3120 Week 5 Lab

    • 914 Words
    • 3 Pages

    Prior to implementation we’ll need to see what kind of network the campus would need. The requirements of the campus call for an infrastructure network, as ad-hoc is merely computer to computer, but the requirements call for wireless access to the campuses internal network and provide access to the internet. Next to that we’ll need to identify what speed/capabilities the network will need to provide. Seeing how the campus has thousands of students as well as the admin and faculty, there is probably a need for strong wireless capabilities and so I recommend a 802.11g. You also need to identify security issues and ensure they’re implemented before putting the network online; this is to ensure there is no weakness in the network from the start.…

    • 914 Words
    • 3 Pages
    Good Essays
  • Good Essays

    There are several steps that need to take place while planning and executing a penetration test. The first is the planning and preparation stage. During this stage, penetration testers and management personnel should hold a meeting to determine the exact scope, goals, and method of the penetration test. Failure to do this will only result in a list of exploitable vulnerabilities without any type of prioritization or guidelines for the organization. Since these tests can cause networks to crash or connectivity to slow tremendously, it is very important the penetration testers know what kinds of tests are and are not acceptable to management. Legal documents should also be drafted during this time to protect the penetration testers. Since the testing involves acts that would normally be illegal and could compromise confidential information, these documents can outline how the information will be handled, returned and/or destroyed. A liability waiver should also be included to protect the testers from and ramifications of any system damage during the test.…

    • 591 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    14. A web application penetration only focuses on the web application itself and a network test focuses on the network.…

    • 263 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Computer Crimes

    • 679 Words
    • 3 Pages

    a thrill to figure out how to break into a computer. Most people never have any…

    • 679 Words
    • 3 Pages
    Good Essays
  • Better Essays

    Hacking is often portrayed to be many things it is not. Thanks to popular portrayal of hacker as young immoral computer expert associated withnearly and possible illegal and immoral activity that can be conducted through a computer, We see hacker outlaws of cyber space, out to steal passwords, or get access to your bank account and steal money. They are portrayed as the equivalent to thieves who break into houses and rob banks or in the mildest case; peeping toms try to get a look into your private life. Own computer or that of a friend’s to help him or help out?…

    • 3042 Words
    • 13 Pages
    Better Essays
  • Good Essays

    - Theft – refers to when the attacker also steals the information from the user or system and use it for personal…

    • 910 Words
    • 4 Pages
    Good Essays

Related Topics