Task 1

Module Description: Evaluating the results of the penetration allows you to provide a report to the client to help them take steps to protect their system or recover from incidents and attacks.

It is important to understand how to use the data collected from the penetration test to produce a thorough, and well written report for the client.

First, learn more about writing penetration test reports.

• Work through the tutorial on The Art of Writing Penetration Test Reportshttp://resources.infosecinstitute.com/writing-penetration-testing-reports/
• Pentest Standard Reporting http://www.pentest-standard.org/index.php/Reporting

Second, compile the findings from the penetration tests in Modules 3 and 4.Analyze the data and organize it so that you can write an effective report.

Task 5: Now it is time to write the report.Your full report will include:

1.A cover sheet – This will include the overall purpose of the test, your plan, footprinting of the company, dates tests were performed, and document classification (who has access and how much).

2.An Executive Summary – one page maximum

3.Summary of vulnerabilities

4.Test Team Details – since you have completed this as an individual, this will be the details about you.

5.List of Tools Used

6.Copy of the original scope of work

7.Main body of the report that includes:(include graphics, graphs where possible to show results)

details of all detected vulnerabilities and any attacks that are obvious

how you detected the vulnerability

clear technical expiations of how the vulnerability could be exploited, and the likelihood of exploitation. (DO NOT copy and paste jobs from vulnerability scanner output. This should be your own words and explanations.)

detailed remediation advice – this should be the exact steps required to fix the issue

8.Risk Ranking/Profile – (see Pentest Standards at http://www.pentest-standard.org/index.php/Reporting

9.Distribute report to the client.Electronic distribution using public key cryptography is recommended but if symmetric encryption is used, a strong key must be used and must be transmitted out of band. DO NOT transmit the report unencrypted.

Task 2 (2 Pages)

CHOOSE ONE OF THE CHAPTERS AND SUMMARIZE FROM THE ARTICLE BELOW;

https://repo.zenk-security.com/Metasploit/Metasploit-The%20Penetration%20Tester%20s%20Guide.pdf

Task 3 ( 2 Discussion reply 100 words ecah)

Discussion 1:

Checkpoint Software, Palo Alto, and Cisco are three of the top security firms in the industry.

Cisco’s revenue is estimated at $50 billion. – Specializing in Email security, Cloud security, Endpoint security, Firewall, Multifactor authentication, and Malware protection.

Palo Alto’s revenue estimate is $3 billion. – Specializing in Endpoint security, Network security, and Cloud security

Checkpoint Software’s revenue is estimated at $2 billion. – Specializing in Cloud security, Endpoint security, Network security, Security Management and Mobile security.

If one of these three security firms offered my enterprise a security solution that guaranteed 100 percent security against hacking or attacking, I would decline their offer. The reason for declining the offer would be because that security firm is not being transparent with me about their services. No security firm should guarantee that there will be no successful attack against an organization’s network. Even if they were extremely confident in their abilities, they were able to cover all bases and have a strong defense in depth structure, they should give room for error such as a 95 to 98 percent guarantee. Or give the percentage of successfully secured systems they have to date, which could be 100 percent. Also, that firm would not be accounting the human element in the attack process. If a hacker is able to use successful social engineering tactics on employees. That will help hackers bypass almost all of their security functions and get onto the internal network because of human error.

Top 30 Cyber Security Companies In 2019 (Small to Enterprise Firms). (2019, November 22). Retrieved from https://www.softwaretestinghelp.com/best-cyber-security-companies/.

Discussion 2:

Cybersecurity is a broad umbrella term that encompasses a number of specific practice areas. There are different types of cyber security.

· Network security prevents and protects against unauthorized intrusion into corporate networks

· Application security makes apps more secure by finding and fixing vulnerabilities in application code

· Information security keeps data secure from unauthorized access or alterations,

· Operational security is a process by which organizations assess and protect public data about themselves that could reveal a bigger picture that ought to stay hidden

In my opinion if a cybersecurity company does all of the above cyber protections for small medium and big organizations its worth discussing.

Microsoft

Microsoft is one of the top leading cybersecurity providers in the world. The reason I choose Microsoft is that I heard in recent interview with Reuters, Microsoft executives said that the company will continue to invest over $1 billion annually on cyber security research and development in the coming years. It also provides the above four security types

Symatec

It is one of the leading producer of anti-virus which is called Norton. Symatec has one of the longest experiences on cyber world and also they just announced that they created Symantec’s Integrated Cyber Defense (ICD) Platform which unifies products, services, and partners to drive down the cost and complexity of cyber security, while protecting enterprises against sophisticated threats. “ICD combines information protection, threat protection, identity management, compliance and other advanced services, powered by shared intelligence and automation across endpoints, networks, applications, and clouds.”

McAfee

I personally use McAfee for my devices because they are armed with the latest tools, strategies, and knowledge to address global security needs. McAfee’s Network Security does do what it promises, and it integrates nicely with other McAfee services my work computer has and it has comprehensive services include everything from incident response and security risk assessments to comprehensive, customized deployments and training. They offer a full range of services that span the entire McAfee portfolio of solutions and ensure you get heightened visibility into your overall security posture.

Reference

https://www.carahsoft.com/vendors/symantec

https://www.trustradius.com/products/mcafee-network-security-platform/reviews