Instructions
This assessment is a lab that you must complete and an executive briefing report you need to write for the chief information security officer (CISO) at the organization where you work. Be sure you read the instructions for the entire assessment carefully to make sure you address all requirements fully.
Complete the Using Ethical Hacking Techniques to Exploit a Vulnerable Workstation lab. As you go through the lab, be sure to:
Perform all screen captures as the lab instructs and paste them into a Word document. (COMPLETED)
In the same Word document, explain the concepts and procedures associated with port scanning, enumeration, and wireless vulnerabilities by addressing the following:
Describe each stage of ethical hacking.
Explain the differences between Zenmap, Nessus, and Metasploit.
When would you use each of these tools?
Identify the vulnerability you discovered during the scan of the Linux system during the lab.
Explain how the vulnerability would affect an organization.
Describe what you must do before performing any vulnerability test.
Now apply what you learned in the lab to the following scenario.
Introduction
Human threats such as theft, terrorism, and malicious insider attacks are considered significant threats to Acme Corporation, a multinational company located in Las Vegas, Nevada.
Scenario and Your Role
You are the head of the international information technology security team for Acme Corporation. Your team has recently discovered host-to-host threats using footprinting techniques such as port scanning and session hijacking.
Your team decided to use host-to-host security protocols such as Secure Socket Layer (SSL) and Transport Layer Security (TLS) to mitigate the host-to-host threats.
However, the cybersecurity blue team recommends the implementation of a symmetric algorithm such as Advanced Encryption Standard (AES) 256 to protect data in Acme Corporation.
You need to write a briefing report to the CISO to apprise him of the situation and recommend a course of action.
Requirements
Continue working in the same document; simply start your briefing report on a new page with an appropriate heading.
Write a briefing report in which you:
Describe the procedures and tools used to discover the port scanning threats and the systems affected. Hint: You will need to make assumptions about the procedures and tools that would most likely be used.
Describe the procedures and tools used to discover the session hijacking threats and the systems affected. Hint: You will need to make assumptions about the procedures and tools that would most likely be used.
Evaluate procedures and tools for mitigating these threats, including:
Secure Socket Layer (SSL).
Transport Layer Security (TLS).
Advanced Encryption Standard (AES) 256.
Recommend a course of action (are the solutions implemented by the team sufficient, or should the company implement AES 256?).
Support your work with references to at least three recent, relevant professional articles or websites. Keep in mind that this is a briefing report. Be as concise as possible while providing enough detail that the CISO feels that he understands the situation.