Cyber Security Mini Report for System04103: Penetration Test Results

Verified

Added on 2021/06/14

AI Summary

This report provides an overview of cyber security, emphasizing the crucial role it plays in today's interconnected world. It highlights the importance of penetration testing and vulnerability assessment as effective methods for organizations to secure their information technology environments and achieve their business objectives. The report discusses various cyber-attack methods, including malware, and explains the methodology for conducting penetration tests, including information gathering, vulnerability analysis, and reporting. A case study involving United Health care is presented, detailing the results of a penetration test and recommendations for remediation. The report concludes by emphasizing the ongoing need for organizations to proactively address cyber security threats through regular penetration testing and updated security measures.

Running Head: Cyber security 0
Cyber Security
A Mini Report
System04103
[Pick the date]

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cyber security 1
Executive Summary
Cyber Security plays a very crucial role in present scenario. Today, everything is connected with each
other with the help of the internet. Organizations have to follow steps of security to maintain
complex information technology environment with achieving their business objective and goals. For
this problem penetration test and vulnerability assessment provides a good solution. Organizations
need to do such types of test to secure their information. Penetration test also needed to be
updated regularly.

Cyber security 2
Contents
Executive Summary...............................................................................................................................1
Introduction...........................................................................................................................................3
Cyber-attacks.........................................................................................................................................3
Penetration Test....................................................................................................................................3
Methodology to conduct a penetration test.....................................................................................3
Result of penetration test..................................................................................................................4
Conclusion.............................................................................................................................................4
References.............................................................................................................................................4

Cyber security 3
Introduction
Cyber Security plays a very crucial role in present scenario. Today, everything is connected with each
other with the help of the internet. Organizations have to follow steps of security to maintain
complex information technology environment with achieving their business objective and goals.
Many organizations test, analyse and secure their valuable information not only for legal
requirements but also to reduce the possibility of threats or cyber-attacks. Sensitive information like
banking passwords, organization details are also at risk. Hence, security of these details becomes
important for any individual or organization. In this report it is discussed that what are the steps to
secure the information and how to prevent cyber-attacks.
Cyber-attacks
Financial sectors are very important for every nations and they are very likely to attack by cyber
threats (Wang, C. & Lu, Z., 2018). There are many kind of cyber-attack like phishing attack, SQL
injection attacks, Cross-site scripting, malware attack etc. Among such attacks malware attacks are
very common. A malware is malicious software which is used to steal information without the
consent of the owner. If some systems are in a compromised state then they can be attacked by
malware. If malicious software enters into the system it can steal sensitive data, credentials,
payment information etc. An organization must perform penetration test to avoid such attacks. It
should also have some secure encryption and a verified backup (Yilmaz, E.N. & Gonen, S., 2018).
Penetration Test
A penetration test or pen test is used to know how much secure is the information of an
organization. The penetration testing procedure includes an analysis of the particular organization
for any possible faults and failure that could result from lowly or inadequate system configuration.
Then, it represents identified and mysterious hardware or software faults, and operational flaws in
process of technical security measures (Bertoglio, D.D. & Zorzo,A.F., 2017 ). A potential attacker can
perform this analysis on organization and can expose of security liabilities. This test can be done in
two ways. First method is from the viewpoint of white hat, in which an individual or a team is given
permission by the organization to do a penetration test. Full information is provided to the
penetration test takers (Huang, H.C.et.al., 2017).
Second method is from the black hat perspective, in which an individual or a team do a penetration
test without the permission of the organization. A very little or no information is provided to the
penetration test takers. The basic difference between tester and attacker is the permission of the
organization.
Methodology to conduct a penetration test
The first task is to create penetration testing structure. Then some targeted system are chosen on
which the test is to be done (New York Law Journal, 2018). After that information about those
systems is collected. This is provided either by the organization or it is done with the help of tools
like Nmap and Nessus. The penetration test takers have full authorization of the information. After
this, test sets are created and vulnerability analysis is done. Tools used for this purpose are

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cyber security 4
Metasploit and COREIMPACT. A report is prepared for penetration testing that represents technical
security faults and also provide information and solution to eliminate and lessen those faults. All the
points where the information can be leaked are shown to the organization. Now the remediation of
the analysis is provided. What steps are required to solve these problems?
Result of penetration test
Healthcare industry is also prone to cyber-attacks (The conversation, 2017). To conduct the
penetration test United Health care was selected. First of all Nmap was used to collect the
information about the company. COREIMPACT tool was used to conduct the penetration test and
results were obtained. The operating system of every system was identified. Some systems using
default windows were quickly compromised using well known exploits. Some systems were using
Linux and they were not compromised. Some systems were using proper firewall and they were also
uncompromised. Some systems were using out-dated firewall and they were compromised. Analysis
report was shown to the company and all the safety measures and precautions were against the
compromised ports. It was recommended to do the penetration test on a regular basis.
Conclusion
In the last two decades there has been a significant increase on the usage of web applications,
hacking activities and cyber-attacks. Organizations are finding it very hard to maintain their
information secure. They are trying to find out the loopholes in their systems which can be used by
the attackers. F or this problem penetration test and vulnerability assessment provides a good
solution. Organizations need to do such types of test to secure their information. Penetration test
also needed to be updated regularly.
References
Bertoglio, D.D. & Zorzo,A.F., (2017). Overview and open issues on penetration test. Journal of the
Brazilian Computer Society, 23(2), doi: 10.1186/s13173-017-0051-1
Huang, H.C.et.al., (2017), Web Application Security: Threats, Countermeasures, and Pitfalls.
Computer, 50(6), 81-85, doi: 10.1109/MC.2017.183
New York Law Journal. (2018). Pen Testing: The Good, the Bad and the Agreement. Retrieved from:
https://www.law.com/newyorklawjournal/2018/03/02/pen-testing-the-good-the-bad-and-
the-agreement/?slreturn=20180508081207
The conversation. (2017). Why has healthcare become such a target for cyber-attackers?. Retrieved
from: https://theconversation.com/why-has-healthcare-become-such-a-target-for-cyber-
attackers-80656
Wang, C. & Lu, Z., (2018). Cyber Deception: Overview and the Road Ahead. IEEE Security & Privacy,
16(2), 80-85, doi: 10.1109/MSP.2018.1870866
Yilmaz, E.N. & Gonen, S., (2018). Attack detection/prevention system against cyber-attack in
industrial control systems. Computers & Security, 77, 94-105, doi:
10.1016/j.cose.2018.04.004