Please put all information into a readable paper. Follow the instructions on the paper.
Below is also the rubric for review along the way.
1.2.1: Identify the target audience, the context, and the goal of the communication.
Provide a brief introduction explaining the services performed and a summary at the end with the important findings of the scan. Validate your recommendations using industry standard techniques. Include at least two to three references in IEEE format.
1.4.2: Use vocabulary appropriate for the discipline, genre, and intended audience.
Make sure the report to the client contains grammatically correct language without any spelling or typographical errors. Explain industry acronyms when they are introduced since they may be unfamiliar to the client.
10.1.2: Gather project requirements to meet stakeholder needs.
The client has asked for a Zenmap scan, an OpenVAS vulnerability scan, and to use other accepted industry practices for the systems scan. You will need to include screenshots and note the application versions that are listed and displayed in the scan results.
12.2.1: Identify systems for the risk assessment.
During any scan report, it is critical that you list the IP address of the system you are using to connect to the client’s corporate network (for auditing purposes) as well as the IP address of the system(s) that you are scanning. Discuss the scope of engagement and the limitations of your actions to stay within the parameters of the test.
12.2.2: Perform a risk analysis.
Explain to the client the security issues that are present on the Linux system. Discuss critical vulnerabilities that need to be addressed and the measures that may need to be taken to deal with the underlying security issues (additional staff, equipment, billable hours, etc.).
13.1.1: Create documentation appropriate to the stakeholder.
In this section, recommend that you and your contractors perform a full penetration test on the target system. Mention the implications (ransomware, exfiltration, credential harvesting, etc.) that might occur if the security issues are not addressed.