SEC520/assignments/assignment 1

From CDOT Wiki
Jump to: navigation, search

General Details

Objective: Create a Penetration Test report for a selected OS. Report is to be created as a Google Doc.

Weight: 10% of the overall grade

E-mail Google Doc Link Due Date: Week 7 (Friday@11:59 p.m.)

Completed Assignment Due Date: Week 8 (i.e. after reading week) on Friday at 11:59 p.m.)

Initial Requirements (Due Date: Week 7, Friday@11:59 p.m.)

Select Vulnerable OS to Perform Penetration Test

  1. Select a vulnerable operating system to perform penetration testing. This could be any OS (platform) as long as it can be represented as a VM on one of your team-member's hard disk pack or notebook/netbook computer.

  2. The vulerable OS should be setup as follows:
    • Same setup (as in lab #1 for disabling firewalls and starting vulnerable services
    • Setting up several regular user accounts
    • Providing information of the type and version of operating system
    • Reason (justificaiton) for selection of particular OS for penetration testing

  3. Note: This vulerable OS must be contained as a VM since screen captures will be required to show OS information (to be contained in your report).

Submitting Preliminary Report (Due Date: Week 7, Friday@11:59 p.m.)

You are allowed to work in groups to perform SEC520 Assignment #1:
The minimum group members can be 1 person, the maximum group members can be 3 persons.

Initial Report Requirements

  1. One member of the group is to setup and create a Google Word Document that will be used to complete this assignment.
    The name of the document will be called: sec520_assignment1.

  2. Limit access to this Google Doc to the following users:
    • All group member Google Account accounts (view and edit)
    • Instructor's email: (view only) # Note: failure to provide instruct view permissions will result in loss of marks!

  3. Include the following information in your group assignment group document:
    1. The full names of the assignment group member(s).
    2. The name, (platform/distribution) and version of OS to be tested.
    3. Explanation (justification) of why particular OS was selected for testing.
    4. A plan for assignment completion including a list of tasks to achieve the the person responsible for that assigned task.

  4. E-mail your instructor (, subject line: SEC520 - Assignment1) a hypertext link to your group's assignment Google Document.

    NOTE: Your instructor will provide feedback regarding this initial phase of the assignment. It is recommended to view the feedback to make certain your group is on the "right track".

Report Requirements (Due Date: Week 8, Friday@11:59 p.m.)

You are required to create a report discussing the features and effectiveness of your open-source vulnerability software. Material created for the "Initial Rquirements" submission can be included in an appedix section of the report. You can perform netsearches on examples of Penetration Testing Reports (although real ones can consist of 60-70 pages! You are NOT required to produce a report of that size, but it should accomphish your objective.)

Required Contents

  • Report Title (Appropriate title, date, group member(s) names, instructor's name).

  • Overview One or two paragraphs providing a background or purpose of the report. This section should also provide an explanation for the choice of OS for testing, and a brief "reputation" of the OS according to the Internet (with sources). This section should also provide very general observations from the penetration testing of this OS.

  • Reconnassaince Description of reconnaissance phase (with sources to material in appendix).

  • Scanning & Enumeration Description of the scanning and enumeration phase with references to results in the Appendix. Make certain to provide a comprehensive collection of scanning information in the Appendix.

  • Vulnerablility Testing Listing and full description of the vulnerability testing phase (with reference to materials in Appendix for support).
  • Conclusion Breif summary outlining main points of the penetration testing of the OS. Description of results of lessons learned from the penetration test. Recommendations for the imaginary employer or client in order to protect against penetration of the OS.

  • Appendix containing supporting materials of the penetration test.

Assignment Submission

The Initial Requirements phase involves one group member to link a link to the group's Google Document to their SEC520 professor.

Upon completion of the assignment, one group member is required to send an e-mail to their completed assignment (include Google Document link again).

Assignment Due Dates

  • Initial Requirements: End of week 7 (Friday @ 11:59 p.m.)
  • Report Requirements: End of week 8 (Friday @ 11:59 p.m.)

Note: The reading week is not counted as a week number...

Marking Guidelines

  • Initial Requirement:
    • Google Doc Link (e-mail)
    • Group Members (responsibilities)
    • Vulnerability Testing Application

  • Report Requirement:
    • Title Page
    • Overview/Justification
    • Reconnainse
    • Scanning & Enumeration
    • Vulernability Testing
    • Conclusion
    • Appendix: Supporting Documents

  • Additional Criteria:
    • Report Format / Appearance
    • Correct Page Breaks (to send Google Doc to printer)
    • Spelling & Grammar
    • Content
    • Relevance
    • Originality
    • Analysis