Task 3 says to “A. Create a multimedia presentation (e.g., PowerPoint, Keynote) (suggested length of 12 slides) in which you do the following:
• 1. Summarize your findings of a footprinting analysis you performed on your chosen organization.
• 2. Discuss how the information gathered during your footprinting analysis could be used to initiate an attack against the organization.
• 3. Discuss social engineering techniques that could be utilized to gather information regarding the organization’s computer systems.
• a. Present appropriate countermeasures that should be used to combat such social engineering techniques.
• 4. Prescribe a series of countermeasures and remedies that could be utilized to counter this type of footprinting attack.
• 5. Present common web server vulnerabilities that the organization is most susceptible to.
• 6. Present common threats against web applications that pose the greatest risk to the organization’s web applications.
• 7. Illustrate how SQL injection could be used to obtain or destroy information from a web application’s database.
• 8. Discuss how SQL injection techniques could pose a potential threat to the organization’s web applications.
Note: The slides in your presentation should include only the main points you wish to make, with more extensive information included in the presenter notes section of the presentation.
Answer the questions in the order they are asked and make sure you answer each and every question. Pull information from your readings. The following is provided for you to use guidance or as bullet points in your slides:
– Types of information you found during your footprinting along with a few screen captures (5-6 slides)
– Attack methods you identified from the information gathered – Social engineering, DoS, SQL Injection, Cross-Site Scripting, Buffer Overflow, Remote Code Execution etc.
– Social engineering Techniques – Impersonation, in person methods, over the phone, email phishing, phone number spoofing, exploiting human nature
– Countermeasures to combat social engineering – train and educate employees, conduct Pen testing, search internet for corporate info to remove, develop document handing procedures, utilize strong authentication
– Countermeasure for Footprinting – Develop defense in depth security plan to include social engineering methods, footprinting tactics, application security, network security, hardware configuration, pen testing, router configuration to deny data requests, close inactive ports and disable un used protocols, remove unnecessary info from web pages, deploy security devices to filter and reject footprint traffic
– Org Web Server Vulnerabilities – Misconfigurations in OSs or networks, Bugs in OSs and Web application, Gaps created by server default settings, Unpatched security problems in applications, Gaps in security policies, procedures, or maintenance.
– Common Threats to Web Application – MiM attacks, session hijacking, buffer overflow, cross site scripting, cookie manipulation, privilege escalation, malicious program infection
– “Illustrate how SQL injection could destroy information: go to your book and use the “illustration” that shows the actual character that would be used to perform an SQL injection. DO NOT ATTEMPT A SQL INJECTION!!!! This is an academic discussion only.