· Research and critically evaluate security techniques used to perform vulnerability, and discovery tasks.
· Demonstrate critical knowledge of the tools, methods and procedures used in Penetration Testing
· Demonstrate systematic understanding and practical ability to conduct a penetration test.
· Communicate effectively the results of penetration testing.
Detailed Requirements & Marking Criteria This is an individual assessment. You are expected to produce a portfolio that contains two parts filed as a single document. Each part carries a different weighting. Part A is worth of 60% and it contains a practical element where you will be asked to conduct a penetration test on a target machine, in order to test for vulnerabilities that could lead to compromise of that asset. Part B will assess your ability of how provide solution to secure the target system on host level and network level, part B is worth of 40%.
1. A brief overview on the tools to be used during the test and how to use them.
- Provide a logical steps while conducting the pen-testing process (i.e. 1. gathering info, 2. probing, 3. vulnerability classification, etc…)
- Map the tools to be used with your pen-testing steps (i.e. in information gathering phase we have used tool 1, tool 2 and tool 3)
- If you wish, you can adapt a common pen-testing methodology, however you need to map the tools with each step as stated above. Otherwise, provide your own pen-testing methodology and justify it.
2. You are expected to perform a penetration test against a target system that will be provided to you.
3. The goal of the test is to gain enough information about the target system to enable remote access to the system, enumerate what information is available and then gain root access (if possible) in order to insert for example a backdoor to maintain access and/or delete logs to cover tracks.
4. You are expected to identify vulnerabilities and/or misconfiguration on the target host and exploit
them.
5. Once you have identified “vulnerabilities”, you are required to classify them (i.e. type(s) of the vulnerability: misconfiguration, operating system and/or OS services, web, programming language vulnerability, etc…)
6. You are expected to provide details and evidence of successfully exploiting any of the vulnerabilities that has been identified.
7. Provide a clear explanation of each step of your penetration testing process.
8. You will also need to document it by showing evidence i.e. screen dumps of identified vulnerabilities and exploitation techniques.
1. Suggest technique(s) for each identified/exploited vulnerability by which you can improve the target host security.
2. Discuss what security principles (C.I.A3 ) are violated on each identified/exploited vulnerability.
3. How to harden the Apache web server? - Give examples (i.e. commands, configurations, etc...) with screen-captures of your implementation.
4. Suggest an overall security base line for the target host (i.e. password policy, disabling some services, etc…), this should be in form of a security policy.
5. Provide a design for firewall and Intrusion Detection System (IDS) solution for the target host:
- Where you should place your firewall and IDS? - Provide a diagram.
- What type of firewall you would suggest (i.e. host based, packet filtering, etc…) and why?
- What type of IDS you would suggest (i.e. host based or network based) and why?
- Does the IDS provide an appropriate level of protection of potential attacks.
- Justify your argument(s). If yes, what about the firewall?
6. Use Linux iptables to create a simple firewall to perform the following tasks:
• Mitigate/limit Denial of Service (DoS) attacks.
• Block port scanning attempt.
• Block bad flags.
• Filter incoming SSH traffic (accept only traffic from local network).
• Block incoming ping request.
• Use limit (iptables matching extension) to restrict the number of connection (maximum 100 per sec.) on port 80
You must provide examples of the firewall rules/commands.