Nism Unit 3
Published:
Reflections
The website analysis exercise was interesting. I am aware of more complex, specialised tools being used for hacking (e.g. Ophcrack for passwords), but I did not know that basic command-line Linux tools also have a role to play. Therefore, I wanted to find out how exactly they fit into modern-day website security. I discovered that these tools are an important part of the “Information Gathering” phase in vulnerability assessments/penetration tests (Gianchandani, 2018). An example provided by the aforementioned author is that these tools can be used to discover subdomains or provide a starting point from which vulnerable servers can be find. This is something I would like to explore in further detail for the project due in Unit 12.
The unit reading also provided me with additional things to consider in the context of network security. It’s useful knowing that there are many frameworks and standards available for penetration testing, such as CESG CHECK, which help in navigating the field as they discuss specific skills and competencies necessary to perform effective tests (Tang, 2014). I aim to use this knowledge by using these standards to guide my team’s research for the assignments. The template given for a vulnerability report will also help guide the team’s structure for the Unit 6 assessment, because even though we are not actually scanning the website, the expected sections still align with what would be seen in a real report.
Team Discussion
During this week, the team had a meeting. As evidenced by the minutes, the meeting went well because we exchanged a lot of ideas and covered a lot of topics in a short space of time. Thereafter, we came up with clear, actionable tasks that helped us progress efficiently on the report. What I enjoyed most about the discussion was seeing what others learned from groupwork in the previous module, and how that differed from what I learned during groupwork in the previous module. Something that also stood out to me was the fact that we planned our work in such a way that everyone could work independently without being blocked by others. This is something I would like to be able to do consciously, because it would benefit me a lot in my career. When time allows, I’d like to investigate this topic further.
Document Links
Minutes from the team meeting (our work done for the team activity was also discussed here)
Website Analysis Exercise
Summary Post
References
Gianchandani, P. (2018) DNS hacking (beginner to advanced). Available from: https://resources.infosecinstitute.com/topic/dns-hacking/ [Accessed 19 February 2022].
Tang, A. (2014) A guide to penetration testing. Network Security 2014(8): 8-11.