Assignment: Attack-and-Penetration Test Plan
In this assignment, you will have an opportunity to prepare a proposal for a penetration test. During this module, you discussed several aspects of penetration testing. This assignment will give you the opportunity to demonstrate some of the items you learned throughout the module.
Scenario:
You are the owner and operator of a small information security consulting firm. You have received a request from one of your clients, Infusion Web Marketing, that you provide a written proposal for performing a penetration test on the company's production web servers and corporate network.
You need to prepare a 3- to 5-page Microsoft Word document written proposal for a penetration test on the firm. The penetration test proposal will include a listing of the specific tasks, deliverables, and reports that will be delivered as part of the penetration-testing process.
Company Environment:
Scope The e-commerce web application server acts as an external point of entry into the network. Here the following occurs:
• Ubuntu Linux 10.04 LTS Server (TargetUbuntu01)
• Apache Web Server runs the e-commerce web application server.
• Credit card transaction processing occurs on all web servers.
Intrusive or nonintrusive Intrusive. The test will include penetrating specific security checkpoints.
Compromise or no compromise No compromise. The test can compromise with written client authorization only.
Tasks:
Using information from the scenario above, provide a 3- to 5-page written attack-and-penetration test plan. The plan should include the following sections in a Microsoft Word document:
• A cover page and a table of contents
• A project summary
• Goals and objectives
• Tasks
• Reports
o List what penetration-testing reports will be provided to the company
o Explain what type of information will be included in each report
o Describe each report's significance and what the results mean
• A schedule
o Some penetration-testing activities can be disruptive to network operations. Therefore, this section should explain when these types of activities should or can be scheduled
• A summary
• A reference page, a bibliography page, or both
Note: Utilize at least three scholarly or professional sources (beyond your textbook) in your paper. Your paper should be written in a clear, concise, and organized manner; demonstrate ethical scholarship in accurate representation and attribution of sources (i.e., in APA format); and display accurate spelling, grammar, and punctuation.