Computer Security Project: Attack Surface Modelling and Legacy Code Vulnerabilities
Added on 2023-01-19
13 Pages2389 Words27 Views
|
|
|
University
Semester
ICT287 COMPUTER SECURITY
Student ID
Student Name
Submission Date
1
Semester
ICT287 COMPUTER SECURITY
Student ID
Student Name
Submission Date
1
Table of Contents
Project Description.....................................................................................................................3
Question 1 Attack Surface Modelling........................................................................................3
1. Network Level Attacks...................................................................................................3
2. Description of Network Levels - CVE Items..................................................................5
3. Physical Level Attacks....................................................................................................7
4. Vulnerability Scanner......................................................................................................7
5. Findings and Recommendation.......................................................................................9
Question 2 Legacy Code............................................................................................................9
1. Vulnerability Types and its Impacts.............................................................................10
2. Credit card validation tool.............................................................................................11
3. Three Recommendations...............................................................................................12
References................................................................................................................................13
2
Project Description.....................................................................................................................3
Question 1 Attack Surface Modelling........................................................................................3
1. Network Level Attacks...................................................................................................3
2. Description of Network Levels - CVE Items..................................................................5
3. Physical Level Attacks....................................................................................................7
4. Vulnerability Scanner......................................................................................................7
5. Findings and Recommendation.......................................................................................9
Question 2 Legacy Code............................................................................................................9
1. Vulnerability Types and its Impacts.............................................................................10
2. Credit card validation tool.............................................................................................11
3. Three Recommendations...............................................................................................12
References................................................................................................................................13
2
Project Description
Main objective of this project is to investigate the security of the system for “Planet of
the Grapes” because it is a local wine and spirit merchant and it is operated in three stores
around Perth. The three stores are separate from one another. So, “The Planet of the Grapes”
needs to move the organization into the online arena and it has given the contract to your
computer consulting company to perform a variety of audits on their computer network.
Therefore, we will investigate the risks involved in moving a new business system online and
these risks can not to be ignored. And, also investigate the security of the system and make
recommendations. These will be discussed and analyzed in detail.
Question 1 Attack Surface Modelling
In this question, we are assessing the attack surface of the provided virtual machine. The
main scope of this analysis is to do network and physical attacks and identify and describe the
potential physical attacks for “The Planet of the Grapes” organization. And also, use the
Nessus vulnerability scanner to analyse the network level. In the end, outline the possible
weaknesses and vulnerability in the system and make recommendations on how to improve
the security.
1. Network Level Attacks
To performing a network level attack, it requires the scanning on the available host
connected in the network by using the nmap tool. The nmap tool is used to scan a network
which is used for network discovery and security auditing. It is used to determine what hosts
are available on the network, what services those hosts are offering, what operating systems
are running and what types of packets are in use. It is also used for attempting to provide the
information from the system and reveal the common vulnerability and exploits of the targeted
host. Nmap scanning is illustrated as below (Ali, 2014).
3
Main objective of this project is to investigate the security of the system for “Planet of
the Grapes” because it is a local wine and spirit merchant and it is operated in three stores
around Perth. The three stores are separate from one another. So, “The Planet of the Grapes”
needs to move the organization into the online arena and it has given the contract to your
computer consulting company to perform a variety of audits on their computer network.
Therefore, we will investigate the risks involved in moving a new business system online and
these risks can not to be ignored. And, also investigate the security of the system and make
recommendations. These will be discussed and analyzed in detail.
Question 1 Attack Surface Modelling
In this question, we are assessing the attack surface of the provided virtual machine. The
main scope of this analysis is to do network and physical attacks and identify and describe the
potential physical attacks for “The Planet of the Grapes” organization. And also, use the
Nessus vulnerability scanner to analyse the network level. In the end, outline the possible
weaknesses and vulnerability in the system and make recommendations on how to improve
the security.
1. Network Level Attacks
To performing a network level attack, it requires the scanning on the available host
connected in the network by using the nmap tool. The nmap tool is used to scan a network
which is used for network discovery and security auditing. It is used to determine what hosts
are available on the network, what services those hosts are offering, what operating systems
are running and what types of packets are in use. It is also used for attempting to provide the
information from the system and reveal the common vulnerability and exploits of the targeted
host. Nmap scanning is illustrated as below (Ali, 2014).
3
4
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents