Cybersecurity Assignment: Web Server Analysis and Scripting (Unit 3)

Verified

Added on 2022/08/18

AI Summary

This cybersecurity assignment comprises two parts. Part 1 involves a group exercise reflecting on a fictitious web server attack scenario, analyzing vulnerabilities such as the failure to decommission an old website, lack of user management, absence of intrusion detection systems, and insufficient backup plans. The analysis discusses how these oversights facilitated unauthorized access and data breaches. Part 2 centers on creating a shell script, 'my_new_whois.sh,' that processes the 'whois_yahoo_mnt.txt' file to extract and sort unique people, inetnums, and netnames based on user input, demonstrating practical information-gathering techniques relevant to penetration testing. The script's functionality includes sorting data alphabetically and numerically, showcasing essential skills for cybersecurity professionals. The assignment also includes a bibliography of relevant sources.

Running head: CYBERSECURITY
Cyber Security
Name of the Student
Name of the University
Author’s Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
CYBERSECURITY
Task 2
Part 1 – Group Exercise
The main reason for not decommissioning the older website was that the new website was
created on the old platform. Since there are no user management, no privileges were assigned
depending on the job roles. Periodically no vulnerability or penetration testing was performed on
the web server that caused the same server that hosted the old website was used for hosting the
new website and thus leaves it vulnerable to different type of attacks. Since the old website was
not decommissioned and the accounts of the old employees was not deleted the employees can
access the webserver using their privilege and thus can perform exploitation for compromising
the security of the current website. During the changes made in the webserver the admin and the
admin staffs was not notified since there was no IDS system used and the hacker had modified
the log file for covering the track of access. The log files was modified for deleting the evidence
along with the temporary files. There was no protection such as intrusion detection or prevention
system installed and this caused the unauthroised user to access the system without getting
detected. There was no backup plan created for backing up data residing in the webserver and
after the attack the IT staff started taking backup of the current files. Since the attacker cannot
distinguish the old and new files he tried to take backup of the whole server. There was no
monitoring tool installed in the web server and thus no automatic notification was generated.
Since the server was installed outsize DMZ zone the outsiders are allowed to access the server
for the admin and root users.

2
CYBERSECURITY
Part 2 – Information Gathering Script
1. Obtaining all names of unique people sorted alphabetically

3
CYBERSECURITY
2. Obtaining all itenum sorted in ascending numerical order

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
CYBERSECURITY

5
CYBERSECURITY
3. Obtaining all unique netnames sorted alphabetically
Bonus Extension
Dynamic creation of files as:
option_YYYY_mm_dd_HH_MM_ss.txt

6
CYBERSECURITY

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
CYBERSECURITY
Bibliography
Couto, F. M., & Lamurias, A. (2018). MER: a shell script and annotation server for minimal
named entity recognition and linking. Journal of cheminformatics, 10(1), 58.
Kothia, A., Swar, B., & Jaafar, F. (2019, July). Knowledge Extraction and Integration for
Information Gathering in Penetration Testing. In 2019 IEEE 19th International
Conference on Software Quality, Reliability and Security Companion (QRS-C) (pp. 330-
335). IEEE.