Project 1 – System Scan Report

Hide Assignment InformationTurnitin®This assignment will be submitted to Turnitin®.Instructions
This week, you will submit your first project, the System Scan Report. Your report should include the following:

Introduction
Target System
Zenmap Scan
OpenVAS Scan
Open Socket Connection
Recommendations
References

If you haven’t already done so last week:

Follow the instructions to setup your Virtual Machine Hacking Lab.
Download the System Scan Report Template and follow the instructions in the document. 

Delete the instructional text from the template before you submit.

How Will My Work Be Evaluated?
1.2.1: Identify the target audience, the context, and the goal of the communication.

Provide a brief introduction explaining the services performed and a summary at the end with the important findings of the scan. Validate your recommendations using industry standard techniques. Include at least two to three references in IEEE format.

1.4.2: Use vocabulary appropriate for the discipline, genre, and intended audience.

Make sure the report to the client contains grammatically correct language without any spelling or typographical errors. Explain industry acronyms when they are introduced since they may be unfamiliar to the client.

10.1.2: Gather project requirements to meet stakeholder needs.

The client has asked for a Zenmap scan, an OpenVAS vulnerability scan, and to use other accepted industry practices for the systems scan. You will need to include screenshots and note the application versions that are listed and displayed in the scan results.

12.2.1: Identify systems for the risk assessment.

During any scan report, it is critical that you list the IP address of the system you are using to connect to the client’s corporate network (for auditing purposes) as well as the IP address of the system(s) that you are scanning. Discuss the scope of engagement and the limitations of your actions to stay within the parameters of the test.

12.2.2: Perform a risk analysis.

Explain to the client the security issues that are present on the Linux system. Discuss critical vulnerabilities that need to be addressed and the measures that may need to be taken to deal with the underlying security issues (additional staff, equipment, billable hours, etc.).

13.1.1: Create documentation appropriate to the stakeholder.

In this section, recommend that you and your contractors perform a full penetration test on the target system. Mention the implications (ransomware, exfiltration, credential harvesting, etc.) that might occur if the security issues are not addressed.

When you are finished, click “add a file” to upload your work, and then click the Submit button.
Hide Rubrics
Rubric Name: Project 1 – System Scan Report
This table lists criteria and criteria group name in the first column. The first row lists level names and includes scores if the rubric uses a numeric scoring method.CriteriaExceeds Performance RequirementsMeets Performance RequirementsApproaches Performance RequirementsDoes Not Meet Performance RequirementsCriterion Score1.2.1: Identify the target audience, the context, and the goal of the communication.10 points
Identifies the target audience, context, and goal of the communication in a clear and appropriate manner.
8.5 points
Identifies the target audience, the context, and the goal of the communication.
7.5 points
Attempts to Identify the target audience, the context, and the goal of the communication, but there are issues with accuracy or appropriateness.
0 points
Does not identify the target audience, the context, and the goal of the communication.
/ 101.4.2: Use vocabulary appropriate for the discipline, genre, and intended audience.10 points
Uses enhanced vocabulary highly appropriate for the discipline, genre, and intended audience.
8.5 points
Uses vocabulary appropriate for the discipline, genre, and intended audience.
7.5 points
Attempts to use vocabulary for the discipline, genre, and intended audience, but there are lapses and gaps.
0 points
Uses inappropriate vocabulary for the discipline, genre, and intended audience.
/ 1010.1.2: Gather project requirements to meet stakeholder needs.20 points
Identifies IT project requirements in a thorough and clear manner to meet all stated stakeholder needs.
17 points
Identifies IT project requirements to meet stated stakeholder needs.
15 points
Attempts to identify project requirements to meet stakeholder needs, but there are gaps and/or lack of clarity.
0 points
Does not identify IT project requirements to meet stated stakeholder needs.
/ 2012.2.1: Identify systems for the risk assessment20 points
Clearly identifies the most critical vulnerabilities with the system and accurately describes the security issues that need to be addressed.
17 points
Identifies most of the vulnerabilities with the system and describes most of the security issues that need to be addressed.
15 points
Identifies some of the vulnerabilities with the system and describes some of the security issues that need to be addressed.
0 points
Does not address the vulnerabilities with the system and does not describe the security issues that need to be addressed.
/ 2012.2.2: Perform a risk analysis.20 points
Performs a thorough risk analysis and clearly identifies the impact and threat of the vulnerability.
17 points
Performs a risk analysis anidentifies the impact and threat of the vulnerability.
15 points
Performs a risk analysis but does not discuss the impact and / or threat.
0 points
Does not perform a risk analysis.
/ 2013.1.1: Create documentation appropriate to the stakeholder.20 points
Creates thorough and accurate IT documentation that exceeds requirements.
17 points
Creates IT documentation that meets requirements.
15 points
Creates IT documentation that lacks detail and/or does not fully meet requirements.
0 points
Does not create appropriate IT documentation.
/ 20Rubric Total ScoreTotal/ 100
Overall Score
Overall Score
Exceeds Performance Requirements90 points minimum

Meets Performance Requirements80 points minimum

Approaches Performance Requirements70 points minimum

Does Not Meet Performance Requirements0 points minimum

Associated Learning Objectives1.2.1: Identify the target audience, the context, and the goal of the communication.Assessment Method:  Score on Criteria – 1.2.1: Identify the target audience, the context, and the goal of the communication.Required Performance:  Meets Performance Requirements1.4.2: Use vocabulary appropriate for the discipline, genre, and intended audience.Assessment Method:  Score on Criteria – 1.4.2: Use vocabulary appropriate for the discipline, genre, and intended audience.Required Performance:  Meets Performance Requirements10.1.2: Gather project requirements to meet stakeholder needs.Assessment Method:  Score on Criteria – 10.1.2: Gather project requirements to meet stakeholder needs.Required Performance:  Meets Performance Requirements12.2.1: Identify systems for the risk assessment.Assessment Method:  Score on Criteria – 12.2.1: Identify systems for the risk assessmentRequired Performance:  Meets Performance Requirements12.2.2: Perform a risk analysis.Assessment Method:  Score on Criteria – 12.2.2: Perform a risk analysis.Required Performance:  Meets Performance Requirements13.1.1: Create documentation appropriate to the stakeholder.Assessment Method:  Score on Criteria – 13.1.1: Create documentation appropriate to the stakeholder.Required Performance:  Meets Performance Requiremen