CMP73001 Cybersecurity Management Assignment 3

Task 1: Penetration testing

Individual: a) What is the purpose of cybersecurity penetration testing and how it can help to mitigate security risks against the company assets?
b) Explain the Reconnaissance phase of penetration testing. Do some research and propose three resources which can be used to collect information in Reconnaissance.
Group: Penetration testing is associated with legal issues which should be taken into consideration before performing the test. You have been asked to perform a penetration testing for MyHealth company and answer the following questions.
(This group question should be answered in a group of two or three students. Each student is responsible to choose one role and answer its question.)
Role 1: Penetration testing involves different phases to test the level of security in a company. Do some research and explain when you are allowed to perform penetration testing against a company. What are the Ethical hazards associated with penetration testing? You should discuss the possible ethical issues that should be taken into consideration in the test.
Role 2: Practical:
List three penetration testing tools useful for vulnerability/port scanning. For this question, you should install an Nmap tool (https://nmap.org/zenmap/ ) on your own laptop/pc and scan the IP address of your computer (127.0.0.1). Analyze the output information that you have received from Nmap. You should add a screenshot of the scan results.
Explain how Wireshark software can be used in penetration testing to capture information about the company’s traffic. For this question, you should install Wireshark on your own laptop / pc (https://www.wireshark.org/download.html). Open a browser in your computer and capture TCP and HTTP traffic. Explain what types of information you have obtained from Wireshark. You should add a screenshot of the output.
Role 3:
Do some research and explain how fuzzing tools can help to test a newly developed application? Explain three types of software vulnerabilities detectable by Fuzzing tools. You should also provide three examples of Fuzzing tools.
MyHealth Company has a website providing online services to its customers. Explain two types of potential attacks against the website. For this question, you should also provide solutions which can be used to mitigate the risks of these threats.
3- Individual: Explain the definition of the following cyber-attacks and explain how they might affect the business operations. Which detection/prevention methods do you recommend to be used in MyHealth Company to mitigate the risks of these security threats?

• Malware
  
• DDoS
  
• Social engineering
  
• Phishing
  
• Man-in-the-Middle
  
• Ransomware