Course Project: Security Analysis and Redesign of a Network Objectives | Guidelines | Grading Rubrics | Best Practices | Official XYZ Network Diagram | Results of NMAP Scan Objectives Back to Top ABC Invitation Design and XYZ Invitation Printing have decided to merge into one company, A2Z Invitations. ABC is a virtual company with a proprietary website that allows customers to do some preliminary work on invitations and then consult with a designer for the final product. XYZ is a traditional company with a system that allows customers to submit designs and track their orders. It also has a contact management and invoicing system. ABC will be moving its application into the XYZ data center and will be using all of XYZ's back end systems. Both companies have experienced data breaches in the past and do not want to have them in the future. A2Z has hired you to do a security analysis of its new network and to recommend how it can be set up in a secure manner. It has budgeted for a capital expenditure (outside of man hours) of $250,000 for hardware and software and $25,000 every year for additional security measures. Guidelines Back to Top The Statement of Work objectives are: Perform online reconnaissance on XYZ to see what information is available to an attacker. No social engineering of employees is allowed. Use the  Week 1 You Decide  as the data for this section . Perform an analysis of the current XYZ network, using the current network diagram and  nmap report Diagram; NMAP and files  are below. Check the user's password strength. Use the  Week 3 You Decide  as the data for this section. Redesign of network.  Current network below. System hardening procedures for both IIS and Apache (even if they only use IIS). Three complete security policies. Use the  Week 5 writing assignment  as your starter policy for this section. Template for future security policies. Your paper must conform to all requirements listed below. Requirements Papers must be at least 5–10 pages in length, double-spaced. Papers must include at least three references outside of the text. Paper and references must conform to APA style, including: cover page; header with student’s name and page number; and  sections including Introduction, Body, and Conclusion/Summary. Milestones Each You Decide and other write-ups should be used as the raw material for this report. This report is the analysis of that data. Week 1 You Decide Week 3 You Decide Week 5 writing assignment Grading Rubrics Back to Top Category Points Recon Report IP Addresses Mail Servers WHOIS CNAME 20 Current Network Diagram Analysis 20 Quantitative Analysis Ranking of Assets 20 NMAP Analysis 20 Password Cracking Report 20 Redesigned Network Diagram 20 Web Server Hardening Procedure IIS 20 Web Server Hardening Procedure Apache 20 Security Policy Template 20 Three Complete Policies 20 Three Outside References 10 Spelling, Grammar, and APA Formatting 10 Total 220 Best Practices Bac.

1. Course Project: Security Analysis and Redesign of a Network
Objectives
|
Guidelines
|
Grading Rubrics
|
Best Practices
|
Official XYZ Network Diagram
|
Results of NMAP Scan
Objectives
Back to Top
ABC Invitation Design and XYZ Invitation Printing have
decided to merge into one company, A2Z Invitations. ABC is a
virtual company with a proprietary website that allows
customers to do some preliminary work on invitations and then
consult with a designer for the final product. XYZ is a
traditional company with a system that allows customers to
submit designs and track their orders. It also has a contact
management and invoicing system. ABC will be moving its
application into the XYZ data center and will be using all of
XYZ's back end systems.
Both companies have experienced data breaches in the past and
do not want to have them in the future. A2Z has hired you to do
a security analysis of its new network and to recommend how it
can be set up in a secure manner. It has budgeted for a capital
expenditure (outside of man hours) of $250,000 for hardware
and software and $25,000 every year for additional security
measures.
Guidelines

2. Back to Top
The Statement of Work objectives are:
Perform online reconnaissance on XYZ to see what information
is available to an attacker. No social engineering of employees
is allowed. Use the
Week 1 You Decide
as the data for this section
.
Perform an analysis of the current XYZ network, using the
current network diagram and
nmap report Diagram; NMAP and files
are below.
Check the user's password strength. Use the
Week 3 You Decide
as the data for this section.
Redesign of network.
Current network below.
System hardening procedures for both IIS and Apache (even if
they only use IIS).
Three complete security policies. Use the
Week 5 writing assignment
as your starter policy for this section.
Template for future security policies.
Your paper must conform to all requirements listed below.
Requirements
Papers must be at least 5–10 pages in length, double-spaced.
Papers must include at least three references outside of the text.
Paper and references must conform to APA style, including:
cover page;
header with student’s name and page number; and
sections including Introduction, Body, and
Conclusion/Summary.
Milestones

3. Each You Decide and other write-ups should be used as the raw
material for this report. This report is the analysis of that data.
Week 1 You Decide
Week 3 You Decide
Week 5 writing assignment
Grading Rubrics
Back to Top
Category
Points
Recon Report
IP Addresses
Mail Servers
WHOIS
CNAME
20
Current Network Diagram Analysis
20
Quantitative Analysis Ranking of Assets
20
NMAP Analysis
20
Password Cracking Report
20
Redesigned Network Diagram
20
Web Server Hardening Procedure IIS
20
Web Server Hardening Procedure Apache
20
Security Policy Template
20
Three Complete Policies
20
Three Outside References

4. 10
Spelling, Grammar, and APA Formatting
10
Total
220
Best Practices
Back to Top
Official XYZ Network Diagram
Back to Top
Image Description
Results of NMAP Scan
Back to Top
Above is the official network diagram of XYZ (pre-merger with
ABC). All servers are supposed to be Windows 2003. XYZ uses
a private IP internally of 192.168.x.x. Below are the results of
the NMAP scan done as part of the consulting agreement with
infosecwizards.
Starting Nmap 5.00 (
http://nmap.org
) at 2009-MM-DD 23:12 UTC
Interesting ports on XYZDomainController at (192.168.0.1):
Not shown: 997 filtered ports
Port
State
Service
Product
Version
Extra info
135

5. tcp
open
msrpc
139
tcp
open
netbios-ssn
427
tcp
open
svrloc
445
tcp
open
microsoft-ds
Service Info: OS: Microsoft Windows 2003 Server or XP SP2
Interesting ports on XYZInviteDesign at (192.168.0.2):
Not shown: 997 filtered ports
Port
State
Service
Product
Version
Extra info
135
tcp
open

6. msrpc
139
tcp
open
netbios-ssn
427
tcp
open
svrloc
445
tcp
open
microsoft-ds
Service Info: OS: Microsoft Windows 2003 Server or XP SP2
Interesting ports on XYZAcct at (192.168.0.3):
Not shown: 997 filtered ports
Port
State
Service
Product
Version
Extra info
135
tcp
open
msrpc

7. 139
tcp
open
netbios-ssn
427
tcp
open
svrloc
445
tcp
open
microsoft-ds
Service Info: OS: Microsoft Windows 2003 Server or XP SP2
Interesting ports on XYZprinting at (192.168.0.4):
Not shown: 997 filtered ports
Port
State
Service
Product
Version
Extra info
135
tcp
open
msrpc
139

8. tcp
open
netbios-ssn
427
tcp
open
svrloc
Service Info: OS: Microsoft Windows 2003 Server or XP SP2
Interesting ports on XYZwebsrv at (192.168.0.5):
Not shown: 997 filtered ports
Port
State
Service
Product
Version
Extra info
135
tcp
open
msrpc
139
tcp
open
netbios-ssn
427
tcp
open

9. svrloc
1025
tcp
open
NFS-or-IIS
Service Info: OS: Microsoft Windows 2003 Server or XP SP2
(The 1656 ports scanned but not shown below are in state:
closed)
Interesting ports on XYZChat at (192.168.0.6):
Port
State
Service
Product
Version
Extra info
22
tcp
open
ssh
80
tcp
open
Apache
111
tcp
open
rpcbind

10. 6000
tcp
open
X11
32771
tcp
open
sometimes-rpc5
Service info: OS: Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux
2.4.19 rc1-rc7)
Service detection performed. Please report any incorrect results
at
http://nmap.org/submit/
.
Nmap done: 6 IP address (6 hosts up) scanned in 64.27 seconds
Back to Top