See attachments
CYB 240 Project One Milestone Template CYB 240 Project One Milestone Template To complete this template, replace the phrases in brackets with the relevant information. Firewall OpenVAS Report Vulnerability One Identification: [Insert identification.] Description: [Insert description.] Mitigation: [Insert mitigation.] Vulnerability Two Identification: [Insert identification.] Description: [Insert description.] Mitigation: [Insert mitigation.] Windows Server OpenVAS Report Vulnerability One Identification: [Insert identification.] Description: [Insert description.] Mitigation: [Insert mitigation.] Vulnerability Two Identification: [Insert identification.] Description: [Insert description.] Mitigation: [Insert mitigation.] Ubuntu Server OpenVAS Report Vulnerability One Identification: [Insert identification.] Description: [Insert description.] Mitigation: [Insert mitigation.] Vulnerability Two Identification: [Insert identification.] Description: [Insert description.] Mitigation: [Insert mitigation.] CYB 240 Project One Milestone Guidelines and Rubric Vulnerability Mitigation Report CYB 240 Project One Milestone Guidelines and Rubric Vulnerability Mitigation Report Overview Working within a team to identify vulnerabilities is a daily occurrence for a cybersecurity analyst. Being able to analyze vulnerability reports and help the security team mitigate the vulnerabilities is essential. Making system-wide updates and changes can be both good and bad. It is good to fix issues, but you have to make sure you don’t break anything in the process. The purpose of this assignment is to walk you through how to read and interpret vulnerability analysis scan (OpenVAS) reports and how to identify vulnerabilities from them. The vulnerabilities that you identify for this assignment will be used in Project One, which will be submitted in Module Six. The scenario below is the same one you will use in your project as well. Scenario You are a cybersecurity analyst working for an IT company that is having issues with its computer systems. The company has supplied you with OpenVAS reports that detail several issues with security. You will use the reports to identify the vulnerabilities that you will analyze for your project. The system you will be working with is three tiered with a database back-end server and a web server front end. The system contains both Windows and Linux components. Prompt Review the three OpenVAS reports generated from the Project One lab environment. They can be accessed by selecting the menu icon above your list of labs, as shown in the screenshot below. Note that you will not need to complete any work in the lab environment for this assignment. There is no Milestone One lab to complete. 1 Use the template provided for this milestone. An example has also been provided to give you additional details for this activity. The template and the example are linked in the Project One Milestone task in Module Four of your course. You must address the critical elements listed below. I. Vulnerability Mitigation Report A. Firewall OpenVAS Report i. Select two vulnerabilities from the report for identification, including the CVSS number and the name of each vulnerability. ii. Provide a description of each identified vulnerability, including its risks and CVE number(s) if applicable. iii. Provide mitigation techniques for each vulnerability identified. B. Windows Server OpenVAS Report i. Select two vulnerabilities from the report for identification, including the CVSS number and the name of each vulnerability. ii. Provide a description of each identified vulnerability, including its risks and CVE number(s) if applicable. 2 iii. Provide mitigation techniques for each vulnerability identified. C. Ubuntu Server OpenVAS Report i. Select two vulnerabilities from the report for identification, including the CVSS number and the name of each vulnerability. ii. Provide a description of each identified vulnerability, including its risks and CVE number(s) if applicable. iii. Provide mitigation techniques for each vulnerability identified. Project One Milestone Rubric Guidelines for Submission: Submit your completed template. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx. Critical Elements Proficient (100%) Needs Improvement (55%) Not Evident (0%) Value Firewall OpenVAS Report: Identification Selects two vulnerabilities from the report for identification, including the CVSS number and the name of each vulnerability Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 10 Firewall OpenVAS Report: Description Provides a description of each identified vulnerability, including its risks and CVE number(s) if applicable Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 10 Firewall OpenVAS Report: Mitigation Provides mitigation techniques for each vulnerability identified Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 10 Windows Server OpenVAS Report: Identification Selects two vulnerabilities from the report for identification, including the CVSS number and the name of each vulnerability Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 10 Windows Server OpenVAS Report: Description Provides a description of each identified vulnerability, including its risks and CVE number(s) if applicable Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 10 Windows Server OpenVAS Report: Mitigation Provides mitigation techniques for each vulnerability identified Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 10 Ubuntu Server OpenVAS Report: Identification Selects two vulnerabilities from the report for identification, including the CVSS number and the name of each vulnerability Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 10 3 Critical Elements Proficient (100%) Needs Improvement (55%) Not Evident (0%) Value Ubuntu Server OpenVAS Report: Description Provides a description of each identified vulnerability, including its risks and CVE number(s) if applicable Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 10 Ubuntu Server OpenVAS Report: Mitigation Provides mitigation techniques for each vulnerability identified Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 10 Articulation of Response Submission has no major errors related to citations, grammar, spelling, or organization Submission has some errors related to citations, grammar, spelling, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to citations, grammar, spelling, or organization that prevent understanding of ideas 10 Total 100% 4 CYB 240 Project One Milestone Guidelines and Rubric Vulnerability Mitigation Report Overview Scenario Prompt Project One Milestone Rubric CYB 240 Project One Milestone Vulnerability Mitigation Report Example Overview For your milestone assignment, you will be creating a vulnerability mitigation report. That report will contain the three areas below. Read their descriptions for information on where you can find the details to complete your milestone activity. Identification: Identification comes from the OpenVAS report. Include the CVSS number of severity, as well as the name of the vulnerability. Description: The description comes from the Summary and Impact sections of the OpenVAS report. Make sure to discuss risks; also include the CVE number if applicable. Mitigation: The mitigation techniques come from the Solution section of the OpenVAS report. The CVE and other references noted may also contain mitigation information you might want to include. Example Review this example. Do not use this example for your milestone or project. Identification: CVSS: 10.0 Apache Web Server End Of Life Detection (Windows). Description: The Apache web server is out of date, and it is recommended not to be used until updated. The risk of not updating this server is leaving the network open to known vulnerabilities on the old server. Mitigation: Update the Apache web server version and verify that the new version has been installed.