Team protocols ‘ Complete Section 1 of your Project Portfolio. To do this you are required to: ‘5’? . Identity and describe protocols and roles and responsibilities which apply to teams when working virtually. «- Identity and describe communication tools and technology used for virtual collaboration. . Determine and report on areas to improve in relation to team protocols for working collaboratively in a virtual environment. Make Sure you have answered all questions in Section 1.

This practical task requires you to perform a detailed analysis of system passwords as part of an ethical hacking engagement. You will first crack then analyse a sample password file from a client, then advise them on the weaknesses discovered. You will also provide recommendations for ways to improve their password hygiene and access control in general.

Your task is as follows:

• Crack the password file supplied using any suitable tool, and report the contents
• Analyse the contents of the password file using commonly accepted password hygiene and system security standards
• Make recommendations for improving user access control supported by literature

Describe the similarities and differences between viruses and worms. Worms often use a buffer overflow attack to replicate. Describe what a buffer overflow attack is and how it can be mitigated.

What is information security policy? Why it is critical to the success of the information security program, What are some of the challenges in shaping policy?

• Distinguish the differences between standards, policies, procedures, and guidelines.
• What factors should be considered in determining if a policy is considered static or dynamic?

Prepare a 350- to 1,050-word paper that fully discusses the topic questions

Option #1: Attack and Penetration Test Plan, Prepare a written proposal for the penetration test plan that describes your firm’s approach to performing the penetration test and what specific tasks, deliverables, and reports you will complete as part of your services.

Scenario: You are the owner and operator of a small information security consulting firm. You have received a request from one of your clients, Infusion Web Marketing, to provide a written proposal for performing a penetration test on the company’s production Web servers and corporate network.

Environment:

Scope

Production e-commerce Web application server, thee-commerce Web application server is acting as an external point-of-entry into the network:

• Ubuntu Linux 10.04 LTS Server (TargetUbuntu01)
• Apache Web Server running the e-commerce Web application server
• Credit card transaction processing occurs on all web servers.

Intrusive or Non-Intrusive

Intrusive. The test will include penetrating past specific security checkpoints.

Compromise or No Compromise

No compromise. The test can compromise with written client authorization only.

Scheduling

Between 2:00 a.m-6:00 a.m. MST weekend only (Saturday or Sunday)

Deliverables:

Based on the scenario above, provide a written attack and penetration testing plan. The plan should include these sections:

• Table of Contents
• Project Summary
• Goals and Objectives
• Tasks
• Reporting
• Schedule.

Your penetration testing plan should be two to three pages in length and should discuss and cite at least three credible or academic references other than the course materials. The Library is an excellent place to search for credible academic sources. Document and citation formatting should be in conformity with Guide to Writing and APA Requirements.

Helpful Resources:

The SANS Institute provides several resources that you might find helpful for this assignment: http://www.sans.org/reading-room/whitepapers/testing

The National Institute for Standards and Technologies (NIST) also provides guidance on the topic of security and penetration testing: http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf