Assignment 1: Vulnerability Scanning and Penetration Testing
• What are the differences between vulnerability scanning and penetration testing? Are they both necessary? Why or why not?
• If you could only use one of these, which would you recommend? Why?
Write a one-page paper to summarize your thoughts.
Assignment 2: Complete Case Study 13-7 on page 605 of the Ciampa text
Predish Real Estate and Auction (PREA) buys and sells high-end residential and commercial real estate across a multistate region. One of the tools that PREA offers is a sophisticated online website that allows potential buyers to take virtual tours of properties. However, PREA's site was recently compromised by attackers who defaced the site with malicious messages, causing several customers to threaten to withdraw their listings. PREA's senior management has demanded a top-to-bottom review of their security by an independent third party. LPCS has been hired to perform the review, and they have contracted with you to work on this project.
1. The first task is to perform a vulnerability assessment of PREA. Create a PowerPoint presentation for the president and his staff about the steps in a vulnerability assessment. List in detail the actions under each step and what PREA should expect in the assessment. Your presentation should contain at least 10 slides.
2. One of the activities recommended by LPCS is to perform a penetration test. However, the IT staff is very resistant to the idea and has tried to convince PREA's senior management that it is too risky and that a vulnerability scan would serve the same purpose. PREA has asked you for your opinion of performing a penetration test or a vulnerability scan. Create a memo that outlines the differences and what your recommendation would be
Assignment 3: Complete Case Study 14-8 on page 650 of the Ciampa text
Miles Comfort Coaches (MCC) is a regional charter bus service. Recently an IT employee was caught using the MCC network servers to store pirated software, yet because there were no incident response procedures in place, he was able to erase the software and destroy the evidence. MCC has approached LPSC to provide external forensics response services. However, several employees who are aware of the forensic analysis performed on the employee's computer have now raised concern about MCC scanning their computers. MCC has asked LPSC to help educate all employees about computer forensics.
1. Create a PowerPoint presentation that provides an explanation of computer forensics, why it is important, and the basic forensics procedures that should be used. The presentation should be 10 slides in length.
2. Comfort Coaches has asked that you draft a memo to all employees regarding the steps to take when they suspect that an incident has occurred that may require digital evidence to be secured. Write a one-page memo to Comfort Coaches' employees about these steps.