Case Project 10-1: Determining Vulnerabilities of Web Servers After conducting p
ID: 3915671 • Letter: C
Question
Case Project 10-1: Determining Vulnerabilities of Web Servers
After conducting preliminary security testing on the Alexander Rocco Corporation network, you have identified that the company has seven Web servers. One is a Windows 2003 Server system running IIS 6.0. Curt Cavanaugh, the Webmaster and network administrator, says the Web server is used only by sales personnel as a front-end to update inventory data on an Oracle database server. He says this procedure needs to be done remotely, and it’s convenient for sales personnel to use a Web browser when out of the office.
a. Based on this information, write a one-page report on any possible vulnerabilities in the current configuration of the company’s Web server. Use the tools and techniques you have learned to search for possible vulnerabilities of IIS 6.0. Your report should include any recommendations that might increase Web security.
Explanation / Answer
Answer)
The vulnerabilities are as follows:
1) Software bug
2) Loss of device would result in loosing essential and confidential information
3) Malicious applications being installed
4) Untrustworthy employee
5) Rooting
Penetration testing is the best to analyze the vulnerability. This is useful for analysis and reporting.
Apologies for not providing the reference as it is against the rules and regulations of Chegg.
Hit like/ upvote if you find the answer useful. Your response is important to us and is much needed.
Hope this answer helps. Happy to help. :)