Progress Report on Vulnerability assessment for Hip Hop Socks
Purpose
This is a progress report on the research done by the Information Security Department on possible vulnerabilities that could be exploited in Hip Hop's-main computer system through the use of a vulnerability assessment.
Summary
On September 5,1 2014, Mr. Joe Biggie, Chief Executive Officer of Hip Hop Socks authorized a vulnerability test to be completed on several retail store. This would be done to test if there are any exploitable vulnerabilities in the computers main store network. We have completed the first and second of our six tasks for the project. The Information Security Department of Hip Hop will perform the test by first acquiring a baseline of all of the systems that need to be tested by the White Box Testing. Our study is currently on schedule, and we expect to submit a full report/recommendations list by (FILL IN YOUR DUE DATE, 2014, as previously indicated in our proposal dated (fill in right date) 2014.
Introduction
On December 31, 2014, Mr. Joe Biggie, Chief Executive Officer of Hip Hop socks approved our proposal to participate in a vulnerability test on several
A couple of paragraphs here about the problem
Mr. Biggie approved our proposal to perform this assessment and the need to present our recommendations on any possible vulnerability.
YadaYada
Results of Research
In this progress report, we presented our completed work on Tasks 1-2. Then we shall discuss our future work on tasks 3-6.
Completed Work
Task 1. To acquire a baseline of all of the systems that needs to be tested by the White Box Testing to be performed by the Information Security Department Hip Hop socks.
This was an important task to accomplish before performing task two because it gave our department and idea on where to begin our testing. Valuable time was saved because we were not working on something that could not be there. During our baseline systems test, there were several different key machines/systems that we recognized to be top priority.
These top priority systems were:
Task 2: Perform the White box test on the previously known systems.
This task out of the six tasks was the most important to complete accurately. It is a test to see if there is any potential vulnerability that can become exploited by hackers to steal important confidential information. This test would determine if an individual with previous knowledge of our system, aka an insider threat, or an individual who acquired knowledge on our system could try to actually compromise our network.
The main programs that were run to check for possible vulnerabilities are as follows:
• Khali Linux
• BackTrack
• Metasploit
• Nessus
• Nmap
After running all the following programs some initial data is starting to present itself. Some of the information being presented is both good and possibly bad but would require more in depth research to see the exact problems that could occur if the vulnerability were left open to the public.
Future Work
We are currently working with XYZ the outside contractor, to complete a Black Box test. We will then begin Task 4, to analyze all of the found vulnerabilities that could potentially be exposed from both tests.
Task 3: Perform the Black Box Test.
Task 4: Analyze the research and progress that both the White Box and Black Box test found.
Task 5: Research methods to solve any potential vulnerabilities found in the systems.
Task 6: Create a recommendation report for any of the potential vulnerabilities found.
Updated Schedule
Please do an updated schedule and include it
Conclusions (sample concluding remarks) Make sure yours are representative of your work and what you will have ready in the final report.
We have successfully completed Tasks 1-2 and begun workingwithxyz to perform the rest of the tasks. We are on schedule to complete tasks 3-4 by the deadline. We have acquired an understating of what needs to be scanned and how an individual with previous knowledge of the system would go about achieving this. Along with the scans we have also been actively testing all of the systems just as any insider threat would try to do to break into a work system.