Case Project 3-1: Determining Vulnerabilities for a Database Server
You have interviewed Ms. Erin Roye, an staff member, after conducting your initial security testing of the Alexander Rocco Corporation. She informs you that the company is running Oracle 10g for its personnel database. You decide to research whether Oracle 10g has any known vulnerabilities that you can include in your report to Ms. Roye. You don’t know whether Ms. Roye has installed any patches or software fixes; you simply want to create a report with general information.
Based on this information, write a memo to Ms. Roye describing any CVEs (common vulnerabilities and exposures) or CAN (candidate) documents you found related to Oracle 10g. (Hint: A search at US-CERT, www.us-cert.gov, can save you a lot of time.) If you do find vulnerabilities, your memo should include recommendations and be written in a way that doesn’t generate fear or uncertainty but encourages prudent decision making.
Case Project 3-2: Investigating Possible Vulnerabilities of Microsoft IIS 6.0
Carrell Jackson, the Web developer for Alexander Rocco Corporation, has informed you that Microsoft IIS 6.0 is used for the company’s Web site. He’s proud of the direction the Web site is taking and says it has more than 1000 hits per week. Customers can reserve hotel rooms, schedule tee times for golf courses, and make reservations at any of the facility’s many restaurants. Customers can enter their credit card information and recieve confirmations via e-mail.
Based on this information, write a memo to Mr. Jackson listing any technical cybersecurity alerts or known vulnerabilities of IIS 6.0. If you find vulnerabilities, your memo should include recommendations and be written in a way that doesn’t generate fear or uncertainty but encourages prudent decision making.
· Use letterhead paper (you may have to create your own) and do not mention the class or
the professor or the school in your reports.
· Your report should be no less than one page and no more than four pages of typed
material (not including the headings, any pictures or diagrams, etc.), unless the required
page length is stated in the Case Project.
· Double-spaced and Times New Roman (12-point) font type.
· References are on an extra sheet at the end of the report and must be in APA format.
· Do not make reference to the class, Saint Leo University, the problem numbers, or your
professor in your Case Project submissions.
· Each Case Project assignment is a stand-alone and should be in a separate file.