Assignment 2: Security Risk Assessment
Due Week 6 and worth 90 points
In 2006, a small business was created in the financial sector. The main purpose of the business was to provide customers with a close to real-time analysis of their stock portfolios. After months of doing business, several IT Administrators began to notice subtle changes in the corporate network. Shortly after that, the CEO began calling high-level meetings, especially with marketing and finance, to determine why the company’s profits for the last five months (July to December) began to take a downward spiral. This was occurring when industry-wide profit margins were easily expected to be higher and on the rise. The CEO could not understand why his company’s profits were instead decreasing, and hoped to get some insight from the meeting he had called. At this point, the CEO focused on finding the part of his business process that was failing and correcting any issues. During his meeting with Finance and Marketing, the only information presented to the CEO was that all operations and processes remained unchanged for the past year and (from charts shown below) that the number of new customers registering through their customer portal had dropped drastically for the last five months.
Around the same time these meetings were occurring, one network administrator at the company noticed anomalous traffic on port 80 of the Web Server on the DMZ. The edge router’s logs showed that the traffic started six months ago and ended five months later. Additionally, he noticed five months ago that traffic from the Web servers to the internal application servers decreased each day, although the inbound requests on port 80 remained about the same. Finally, he noticed, that for the last four months, his Web server logs contained many http “Post” statements. followed by the Website address of one the company’s main competitors. All of the post statements seemed to appear in the logs after new users would click “submit” to register. As a result, the network administrator escalated the issue.
Write a four to five (4-5) page paper in which you:
- Determine your next steps chronologically in investigating this issue.
- Describe the parties you would involve and the extent of their involvement.
- Explain your hypothesis of what has occurred.
- Analyze the software tools you would use for your investigation.
- Explain and justify the timelines and sequences of your actions.
- Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
- Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
- Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
- Demonstrate the ability to describe and perform penetration tests on communication media to include wireless networks, VoIPs, VPNs, Bluetooth and handheld devices.
- Discuss the techniques and apply the tools to perform penetration tests.
- Discuss and design a Demilitarized Zone (DMZ).
- Use technology and information resources to research issues in penetration testing tools and techniques.
- Write clearly and concisely about Network Penetration Testing topics using proper writing mechanics and technical style conventions.