Case 1: Gathering Information on a Network’s Active Services
After conducting a zone transfer and running security tools on the Alexander Rocco network, you’re asked to write a memo to the IT manager, Bob Jones, explaining which tools you used to determine the services running on his network. Mr. Jones is curious about how you gathered this information. You consult the OSSTMM and read Section C on port scanning and the “Internet Technology Security” section, particularly the material on identifying services, so that you can address his concerns.
a. Based on this information, write a one-page memo to Mr. Jones explaining the steps you took to find this information. Your memo should mention any information you found in the OSSTMM that relates to this stage of your testing.
Case 2: Finding Port-Scanning Tools
Security Consulting Company, which has employed you as a security tester, has asked you to research any new tools that might help you perform your duties. It has been noted that some open-source tools your company is using lack simplicity and clarity or don’t meet the company’s expectations. Your manager, Gloria Petrelli, has asked you to research new or improved products on the market.
a. Based on this information, write a one-page report for Ms. Petrelli describing some port-scanning tools that might be useful to your company. The report should include available commercial tools, such as Retina or Languard, and their costs.
Following two articles from the RSS feed, one that details an information security concern and one that explains a new cybersecurity skill or knowledge. Summarize each article and include a concluding paragraph that explains how you as a cybersecurity professional would use this information.