Final Project
OVERVIEW
In the final project, you will demonstrate an understanding of ethical hacking tools and how to apply those in one of the hacking phases.
Course objectives covered in this project include CO1, CO2, CO3, CO5
Programmatic learning outcomes covered in this project include BSCS 1.1, 1.3, BSCS 2.2, 2.5, and BSCS 3.2
GENERAL PLAN
You will complete a report on a company of your choice, using passive reconnaissance techniques only. Passive reconnaissance is defined by information in the public domain, meaning you cannot touch, hack, or in any way interact with the target system. Passive reconnaissance is comprised of information activities that would never be detected by the target organization, as no traffic is sent to the target network. Passive information is archived or stored information only. You should only report back what you find in the public domain.
This would involve:
Determining the targets IP addresses and sub-domains.
Using WHOIS reports, Google hacking techniques, and other tools.
Identifying organizational structure/hierarchy.
Researching information disclosed in news releases.
Determining contact information of company personnel.
Identifying versions of operating systems and applications used.
Identifying areas of interest in the network (web, email, etc.; servers, if possible.)
Researching potential vulnerabilities to exploit, based on public domain information only.
You will include screenshots in the report to show where the information you are reporting on was found.
Include the following in your project:
Cover Page (Your name, the course name, and the date)
Table of Contents (With automated links)
Introduction of the target organization
Name
Size
Key personnel
External partners
Operating systems/applications
Network identification
Target
URL
IP and/or Range
Notes
DNS server
Email server
File Server
Areas of interest in the network (servers, etc.)
Potential exploits
References
Your paper should be 1000 to 1375 words (4 to 5 pages) in length and you must provide at least five sources as evidence, using APA style for both in-text citations and the references page. Be sure to proofread your paper for proper grammar and punctuation.
Note: This assignment corresponds to or addresses the following Program Learning Outcomes:
Assess and apply cybersecurity principles, tools, and methods to defend information systems against cyber threats.
Cybersecurity Design and Technologies: Protect an organizations critical information infrastructure by applying cybersecurity design best practices and technologies to prevent and mitigate cyber attacks and vulnerabilities.
Network Technologies and Defense: Design, implement, and administer networks in a secure manner by integrating network defense technologies, monitoring tools, and measures.
Your work on this assignment should reflect your ability to:
Reliably describe potential system attacks and the actors that might perform them.
Satisfactorily describe different types of attacks and their characteristics.
Satisfactorily describe why each principle of security is important and how it enables the development of security mechanisms that can implement desired security policies.
Carefully examine the architecture of a particular system and identify significant vulnerabilities, risks, and points at which specific security technologies/methods should be employed.
Satisfactorily describe a basic network architecture given a specific need and set of hosts/clients.
