This assessment is a lab that you must complete and an executive briefing report you need to write for the chief information security officer (CISO) at the organization where you work. Be sure you read the instructions for the entire assessment carefully to make sure you address all requirements fully.
Complete the Using Ethical Hacking Techniques to Exploit a Vulnerable Workstation lab. As you go through the lab, be sure to:Perform all screen captures as the lab instructs and paste them into a Word document. (COMPLETED)In the same Word document, explain the concepts and procedures associated with port scanning, enumeration, and wireless vulnerabilities by addressing the following:
Describe each stage of ethical hacking.
Explain the differences between Zenmap, Nessus, and Metasploit.
When would you use each of these tools?
Identify the vulnerability you discovered during the scan of the Linux system during the lab.
Explain how the vulnerability would affect an organization.
Describe what you must do before performing any vulnerability test.Now apply what you learned in the lab to the following scenario.
Introduction
Human threats such as theft, terrorism, and malicious insider attacks are considered significant threats to Acme Corporation, a multinational company located in Las Vegas, Nevada.Scenario and Your Role.You need to write a briefing report to the CISO to apprise him of the situation and recommend a course of action.Requirements
Continue working in the same document; simply start your briefing report on a new page with an appropriate heading.Write a briefing report in which you:Describe the procedures and tools used to discover the port scanning threats and the systems affected. Hint: You will need to make assumptions about the procedures and tools that would most likely be used.
Describe the procedures and tools used to discover the session hijacking threats and the systems affected. Hint: You will need to make assumptions about the procedures and tools that would most likely be used.
Evaluate procedures and tools for mitigating these threats, including:
Secure Socket Layer (SSL).
Transport Layer Security (TLS).
Advanced Encryption Standard (AES) 256.
Recommend a course of action (are the solutions implemented by the team sufficient, or should the company implement AES 256?).Support your work with references to at least three recent, relevant professional articles or websites. Keep in mind that this is a briefing report. Be as concise as possible while providing enough detail that the CISO feels that he understands the situation.