Ethical hacking rules of engagement

Ethical Hacking Assignment

Penetration Test Proposal
Deliverable 1: Rules of Engagement
Rules of Engagement

Overview

Centralia Security Lab has been hired by Haverbrook Investment Group to perform penetration testing on its systems. The penetration test project covers the Rules of Engagement (ROE)s required for Haverbrook Investment in its network characteristics. It contains essential facts, device weakness and requirements for the process to be performed. During the exercise phase, the penetration test has the difficulty of increasing the chance of vulnerability. In order to evaluate the best ROE outlook, we also need to agree on tentative interaction activities for logistics, priorities, goals and resources. Furthermore, the project helps clarify the approaches and tools used to combat privacy breaches and data corruption. The terms of engagement relate to comply with the legislation and laws related to business practices.

Scope

The scope of the penetration test requires the determination of network features and related details. In any penetration testing engagement, one of the most critical aspects is defining the scope: what networks, applications, databases, accounts, people, physical security controls and other assets are “fair game” for the penetration tester(s) to attack. In order to prevent pitfalls, the test will determine vital structures, limitations and goals. In creating the best approach to escape the difficulty of the penetration test, Centralia Security Lab has to accept. The preliminary participation of project preparation and risk control measures are part of the pen test array. The strategy covers legal perspectives to ensure that future risks are reduced. The network device instability and data protection are accomplished by means of intrusion tools in order to search and view sensitive data.

Checklist

The test list contains the Nmap, Hping, SuperScan, Httprint, Xprobe, and GFI LANguard test specifications. For the process of network scans and identification of compromised pieces, the tools are required. The tools are important to handle the project in order to achieve the fingerprinting. GFI LAN guard is a crucial method of finding network flaws to grasp ROE. Iss Scanner is also effective in finding project vulnerabilities. For computer system vulnerability checking, Metasploit Framework is required.

Ethical Considerations

The use of the rules of commitment is the legal concern of the project's execution. It helps you to evaluate the possible risks to the network's vulnerability. In the process of protection against privacy violations and corruption of records, penetration testing can often be dangerous. The strictest and highest secrecy will be used to comply with all results. When we want to reach the network, we don't cross the lines. When workers do not work aggressively on business resources, we will not approach them on corporate channels or during social staff hours. If your network is accessed and we should not interrupt the essential facilities because of confidential and PII connectivity. No data from Haverbrook will be disturbed or compromised and no Haverbrook or client communications will be interfered with.

References:

AppSec. (2019, December 29). What is Penetration Testing: Step-By-Step Process & Methods: Imperva. Retrieved October 28, 2020, from https://www.imperva.com/learn/application-security/penetration-testing/

Rouse, M. (2018, October 31). What is pen test (penetration testing)? - Definition from WhatIs.com. Retrieved October 28, 2020, from https://searchsecurity.techtarget.com/definition/penetration-testing