Details

This Assignment requires you to perform risk identification, assessment and treatment based on the given case study. Also, it is required to implement ethical hacking (which does not do any malicious activity) on your own virtual machine. This is just for demonstration purposes and focusing the risk identification, assessment, and treatment accordingly, and you should implement it on any other computers. The assignment’s specification requires you to use Kali Linux and the related tools to perform the configuration and testing. Case Study: A reputed Hotel chain suffers from very low information security in terms of maturity across many elements of infosec and information assurance, including cyber resilience and application of cybersecurity good practice. Customers expect a high level of protection of their data; however, data breaches can put the reputation of the institute at risk. It is highly recommended that a certain level of filtering is imposed for the network to be secure so as to sustain threats and attacks. Let us assume that the hotel management hires you to develop an information security plan to identify the possible threats to the organization. For example, it is necessary to identify the important services (e.g., website, booking portal, electronic equipment in rooms…) that the hotel chain is managing. The criteria that you need to address based on the given scenario are summarized into two parts:Part A: 1. Assessing the current risk of the entire business 2. Treat the Risk as much as possible Task I: Risk Identification In achieving the above two goals, you will do the followings – 1. Find at least five assets 2. Find at least two threats against each asset 3. Identify vulnerabilities for the assets Task II: Risk Assessment At the end of the risk identification process, you should have i. a prioritized list of assets and ii. a prioritized list of threats facing those assets and iii. Vulnerabilities of assets. At this point, create Threats-Vulnerabilities-Assets (TVA) worksheet. Also, calculate the risk rating of each of the five triplets out of 25. Part B: You are expected to implement one of the attacks that could be happening on any of the assets. For example, if one of the assets is the platform used (e.g., Booking portal), it has a login page, and the patients have to enter their username and password. You can assume that the platform is vulnerable to password-cracking attacks. This assessment requires you to use password crackers to break passwords. A password cracker is software designed to break passwords. Use two types of password crackers (e.g., Brute force Attack, Rule Attack or Dictionary attack) to extract passwords from the Rainbow table. You are required to first set up a rainbow table and apply the password cracker on that.